From ea7a5969c8240d834e6e7a0e2a61ac137a5b1af8 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Tue, 27 May 2025 10:39:47 +0800 Subject: [PATCH] =?UTF-8?q?Revert=20"chore:=20update=20TemplateMan=20?= =?UTF-8?q?=F0=9F=A4=96"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit c31d574176f2b9e6f8d4fe573a24e7192f808e84. --- cloud/alibaba/ack/ack-cluster-api-public.yaml | 3 +- .../ack/ack-cluster-auditing-disable.yaml | 3 +- .../ack-cluster-cloud-monitor-disable.yaml | 3 +- .../ack/ack-cluster-health-disable.yaml | 3 +- .../ack-cluster-network-policies-disable.yaml | 3 +- .../ack-cluster-network-policies-missing.yaml | 3 +- .../ack/kubernetes-dashboard-enabled.yaml | 3 +- .../multi-region-logging-disabled.yaml | 3 +- .../public-actiontrail-bucket.yaml | 3 +- cloud/alibaba/alibaba-cloud-code-env.yaml | 3 +- cloud/alibaba/ecs/os-patches-outdated.yaml | 3 +- .../unattached-disk-encryption-disabled.yaml | 3 +- ...tached-vminstance-encryption-disabled.yaml | 3 +- .../alibaba/ecs/unrestricted-rdp-access.yaml | 3 +- .../alibaba/ecs/unrestricted-ssh-access.yaml | 3 +- cloud/alibaba/oss/access-logoss-disabled.yaml | 3 +- cloud/alibaba/oss/improper-bucket-sse.yaml | 3 +- .../oss/limit-networkaccess-disabled.yaml | 3 +- .../alibaba/oss/oos-bucket-public-access.yaml | 3 +- .../oss/secure-transfeross-disabled.yaml | 3 +- cloud/alibaba/oss/sse-cmk-disabled.yaml | 3 +- cloud/alibaba/oss/sse-smk-disabled.yaml | 3 +- .../ram/custom-ram-policy-admin-priv.yaml | 3 +- .../ram/max-password-retry-disabled.yaml | 3 +- .../ram/mfa-console-password-disabled.yaml | 2 +- ...ssword-policy-expiration-unconfigured.yaml | 3 +- .../password-policy-length-unconfigured.yaml | 3 +- ...assword-policy-lowercase-unconfigured.yaml | 3 +- .../ram/password-policy-num-unconfigured.yaml | 3 +- .../ram/password-policy-reuse-enabled.yaml | 3 +- .../password-policy-symbol-unconfigured.yaml | 3 +- ...assword-policy-uppercase-unconfigured.yaml | 3 +- .../rds/encryption-intransit-disabled.yaml | 3 +- .../alibaba/rds/log-connections-disabled.yaml | 3 +- .../rds/log-disconnections-disabled.yaml | 3 +- cloud/alibaba/rds/log-duration-disabled.yaml | 3 +- cloud/alibaba/rds/mssql-audit-disabled.yaml | 3 +- cloud/alibaba/rds/mysql-audit-disabled.yaml | 3 +- .../rds/postgresql-audit-disabled.yaml | 3 +- cloud/alibaba/rds/rds-audit-disabled.yaml | 3 +- .../rds/transparent-encryption-disabled.yaml | 3 +- .../scheduled-vulnscan-disabled.yaml | 3 +- .../security-notification-disabled.yaml | 3 +- .../security-plan-disabled.yaml | 3 +- cloud/alibaba/vpc/vpc-flow-disabled.yaml | 3 +- .../stack-notification-disabled.yaml | 3 +- .../stack-policy-not-inuse.yaml | 3 +- .../stack-termination-disabled.yaml | 3 +- .../cloudfront-compress-object.yaml | 3 +- .../cloudfront-custom-certificates.yaml | 3 +- .../cloudfront-geo-restriction.yaml | 3 +- .../cloudfront-insecure-protocol.yaml | 3 +- .../cloudfront/cloudfront-integrated-waf.yaml | 5 +- .../cloudfront-logging-disabled.yaml | 3 +- .../cloudfront/cloudfront-origin-shield.yaml | 3 +- .../cloudfront-security-policy.yaml | 3 +- .../cloudfront-traffic-unencrypted.yaml | 3 +- .../cloudfront/cloudfront-viewer-policy.yaml | 3 +- cloud/aws/dms/dms-multi-az.yaml | 3 +- cloud/aws/dms/dms-public-access.yaml | 3 +- cloud/aws/dms/dms-version-upgrade.yaml | 3 +- cloud/aws/ebs/ebs-encryption-disabled.yaml | 3 +- cloud/aws/efs/efs-encryption-disabled.yaml | 3 +- cloud/aws/eks/eks-aws-managed-iam-policy.yaml | 3 +- cloud/aws/eks/eks-cluster-logging.yaml | 3 +- cloud/aws/eks/eks-endpoint-access.yaml | 3 +- .../eks-iam-managed-policy-networking.yaml | 3 +- .../eks-kubernetes-secrets-encryption.yaml | 3 +- .../aws/eks/eks-logging-kubes-api-calls.yaml | 3 +- cloud/aws/eks/eks-long-running-pods.yaml | 3 +- .../eks/eks-managed-policy-ecr-access.yaml | 3 +- .../aws/eks/eks-node-group-remote-access.yaml | 3 +- .../cache-automatic-backups-disabled.yaml | 3 +- .../cache-event-notification-disabled.yaml | 3 +- .../cache-redis-encryption-disabled.yaml | 3 +- .../cache-redis-multiaz-disabled.yaml | 3 +- .../elb/elb-delete-protection-disabled.yaml | 3 +- ...irehose-server-destination-encryption.yaml | 3 +- .../firehose-server-side-encryption.yaml | 3 +- cloud/aws/guardduty/guardduty-findings.yaml | 3 +- .../malware-protection-disabled.yaml | 3 +- .../aws/guardduty/s3-protection-disabled.yaml | 3 +- .../rds/rds-auto-minor-upgrade-disabled.yaml | 3 +- .../rds/rds-automated-backup-disabled.yaml | 3 +- cloud/aws/rds/rds-backtrack-disabled.yaml | 3 +- .../rds/rds-cluster-protection-disabled.yaml | 3 +- cloud/aws/rds/rds-copy-snap.yaml | 3 +- cloud/aws/rds/rds-insights-disabled.yaml | 3 +- .../rds-instance-autoscaling-disabled.yaml | 3 +- cloud/aws/rds/rds-log-export-disabled.yaml | 3 +- cloud/aws/rds/rds-multi-az.yaml | 3 +- cloud/aws/rds/rds-public-access.yaml | 3 +- .../route53/route53-dns-query-disabled.yaml | 3 +- .../route53-dnssec-signing-disabled.yaml | 3 +- .../secret-rotation-interval.yaml | 3 +- .../secrets-rotation-disabled.yaml | 3 +- .../aws/sns/sns-public-subscribe-access.yaml | 2 - cloud/aws/sqs/sqs-deadletter-disabled.yaml | 3 +- cloud/aws/sqs/sqs-encryption-disabled.yaml | 3 +- cloud/aws/sqs/sqs-queue-exposed.yaml | 3 +- .../azure-custom-admin-role-unrestricted.yaml | 3 +- .../azure-custom-owner-role-unrestricted.yaml | 3 +- ...ure-iam-role-resource-lock-unassigned.yaml | 3 +- ...zure-mfa-not-enabled-privileged-users.yaml | 3 +- .../azure-db-mysql-delete-unalerted.yaml | 3 +- .../azure-delete-lb-alert-unconfigured.yaml | 3 +- .../azure-key-vault-delete-unalerted.yaml | 3 +- .../azure-keyvault-update-unalerted.yaml | 3 +- .../azure-lb-create-update-missing.yaml | 3 +- .../azure-mysql-db-update-unalerted.yaml | 3 +- .../azure-nsg-create-update-unalerted.yaml | 3 +- .../azure-nsg-delete-unalerted.yaml | 3 +- .../azure-nsg-rule-delete-unalerted.yaml | 3 +- .../azure-nsg-rule-update-unalerted.yaml | 3 +- ...olicy-assignment-create-alert-missing.yaml | 3 +- ...re-policy-assignment-delete-unalerted.yaml | 3 +- .../azure-postgresql-db-delete-unalerted.yaml | 3 +- .../azure-postgresql-db-update-unalerted.yaml | 3 +- .../azure-public-ip-delete-unalerted.yaml | 3 +- .../azure-public-ip-update-unalerted.yaml | 3 +- ...zure-security-policy-update-unalerted.yaml | 3 +- ...re-security-solution-delete-unalerted.yaml | 3 +- ...e-security-solutions-update-unalerted.yaml | 3 +- .../azure-sql-database-rename-unalerted.yaml | 3 +- .../azure-sql-db-update-unalerted.yaml | 3 +- .../azure-sql-delete-db-unalerted.yaml | 3 +- .../azure-sql-fw-rule-unalerted.yaml | 3 +- ...zure-storage-account-delete-unalerted.yaml | 3 +- ...zure-storage-account-update-unalerted.yaml | 3 +- .../azure-vm-create-update-unalerted.yaml | 3 +- .../azure-vm-deallocate-unalerted.yaml | 3 +- .../azure-vm-delete-unalerted.yaml | 3 +- .../azure-vm-poweroff-unalerted.yaml | 3 +- .../azure-openai-cmk-not-enabled.yaml | 3 +- ...zure-openai-managed-identity-not-used.yaml | 3 +- ...openai-private-endpoints-unconfigured.yaml | 3 +- .../azure-openai-public-access-disabled.yaml | 3 +- .../azure/aks/azure-aks-api-unrestricted.yaml | 3 +- .../aks/azure-aks-api-version-not-latest.yaml | 3 +- .../aks/azure-aks-cni-not-configured.yaml | 3 +- .../aks/azure-aks-entra-id-unintegrated.yaml | 3 +- ...azure-aks-kubernetes-version-outdated.yaml | 3 +- ...azure-aks-managed-identity-unassigned.yaml | 3 +- .../azure-aks-network-contrib-unassigned.yaml | 3 +- .../aks/azure-aks-not-user-assigned.yaml | 3 +- .../aks/azure-aks-rbac-unconfigured.yaml | 3 +- cloud/azure/aks/azure-aks-use-private-kv.yaml | 3 +- .../azure-apim-http2-not-enabled.yaml | 3 +- .../azure-apim-https-enforcement-missing.yaml | 3 +- .../azure-apim-nv-plaintext-exposure.yaml | 3 +- .../azure-apim-public-access-disabled.yaml | 3 +- ...ure-apim-resource-logs-not-configured.yaml | 3 +- ...system-assigned-identity-unconfigured.yaml | 3 +- .../azure-apim-tls-config-weak.yaml | 3 +- .../azure-apim-user-assigned-id-not-used.yaml | 3 +- .../azure-appservice-always-on-disabled.yaml | 3 +- .../azure-appservice-auth-disabled.yaml | 3 +- .../azure-appservice-backup-not-enabled.yaml | 3 +- ...e-appservice-backup-retention-missing.yaml | 3 +- ...azure-appservice-client-cert-disabled.yaml | 3 +- .../azure-appservice-entra-id-missing.yaml | 3 +- ...re-appservice-ftp-deployment-disabled.yaml | 3 +- ...zure-appservice-ftps-only-not-enabled.yaml | 3 +- .../azure-appservice-http2-not-enabled.yaml | 3 +- ...re-appservice-https-only-not-enforced.yaml | 3 +- ...azure-appservice-insights-not-enabled.yaml | 3 +- ...e-appservice-remote-debugging-enabled.yaml | 3 +- ...appservice-tls-latest-version-missing.yaml | 3 +- .../azure-cosmosdb-auto-failover-missing.yaml | 3 +- ...b-default-network-access-unrestricted.yaml | 3 +- ...azure-functionapp-access-keys-missing.yaml | 3 +- .../azure-functionapp-admin-privileges.yaml | 3 +- ...azure-functionapp-appinsights-missing.yaml | 3 +- .../azure-functionapp-public-exposure.yaml | 3 +- ...e-functionapp-system-assigned-missing.yaml | 3 +- ...-functionapp-user-assigned-id-missing.yaml | 3 +- ...-functionapp-vnet-integration-missing.yaml | 3 +- .../keyvault/azure-app-tier-cmk-untagged.yaml | 3 +- .../azure-database-tier-cmk-absent.yaml | 3 +- .../azure-keyvault-audit-not-enabled.yaml | 3 +- ...zure-keyvault-cert-keytype-unapproved.yaml | 3 +- ...re-keyvault-cert-transparency-missing.yaml | 3 +- ...lt-certificate-insufficient-autorenew.yaml | 3 +- .../azure-keyvault-network-unrestricted.yaml | 3 +- ...-keyvault-recoverability-unconfigured.yaml | 3 +- ...zure-keyvault-ssl-autorenewal-missing.yaml | 3 +- ...zure-keyvault-trusted-ms-unrestricted.yaml | 3 +- .../azure-keyvault-resource-lock-check.yaml | 3 +- .../monitor/azure-diag-logs-not-enabled.yaml | 3 +- .../azure-log-profile-all-activities.yaml | 3 +- .../azure/network/azure-network-watcher.yaml | 2 +- .../azure-nic-ip-forwarding-check.yaml | 5 +- .../network/azure-nsg-cifs-unrestricted.yaml | 5 +- .../network/azure-nsg-dns-unrestricted.yaml | 5 +- .../network/azure-nsg-ftp-unrestricted.yaml | 5 +- .../network/azure-nsg-http-unrestricted.yaml | 5 +- .../network/azure-nsg-https-unrestricted.yaml | 5 +- .../network/azure-nsg-icmp-unrestricted.yaml | 5 +- .../azure-nsg-mongodb-unrestricted.yaml | 5 +- .../network/azure-nsg-mssql-unrestricted.yaml | 5 +- .../network/azure-nsg-mysql-unrestricted.yaml | 5 +- .../azure-nsg-netbios-unrestricted.yaml | 5 +- .../azure-nsg-oracle-db-unrestricted.yaml | 5 +- .../azure-nsg-postgresql-unrestricted.yaml | 5 +- .../network/azure-nsg-rdp-unrestricted.yaml | 5 +- .../network/azure-nsg-rpc-unrestricted.yaml | 5 +- .../network/azure-nsg-smtp-unrestricted.yaml | 5 +- .../network/azure-nsg-ssh-unrestricted.yaml | 5 +- .../azure-nsg-telnet-unrestricted.yaml | 5 +- .../network/azure-nsg-udp-unrestricted.yaml | 5 +- .../azure-nsg-unrestricted-port-range.yaml | 5 +- .../network/azure-vnet-ddos-protection.yaml | 5 +- ...ostgres-allow-azure-services-disabled.yaml | 3 +- ...stgres-connection-throttling-disabled.yaml | 3 +- ...e-postgres-double-encryption-disabled.yaml | 3 +- ...ure-postgres-log-checkpoints-disabled.yaml | 3 +- ...ure-postgres-log-connections-disabled.yaml | 3 +- ...-postgres-log-disconnections-disabled.yaml | 3 +- .../azure-postgres-log-duration-disabled.yaml | 3 +- .../azure-postgresql-geo-backup-disabled.yaml | 3 +- .../azure-postgresql-ssl-enforcement.yaml | 3 +- ...-postgresql-storage-autogrow-disabled.yaml | 3 +- .../azure-redis-nonssl-port-disabled.yaml | 3 +- .../azure-redis-tls-version-outdated.yaml | 3 +- ...rch-service-managed-identity-disabled.yaml | 3 +- ...ure-servicebus-public-access-disabled.yaml | 3 +- ...azure-servicebus-tls-version-outdated.yaml | 3 +- .../sql/azure-sql-auditing-disabled.yaml | 3 +- .../sql/azure-sql-failover-not-enabled.yaml | 3 +- .../sql/azure-sql-mi-tde-cmk-not-enabled.yaml | 3 +- .../azure-sql-mi-tls-version-outdated.yaml | 3 +- .../azure/sql/azure-sql-tde-cmk-not-used.yaml | 3 +- .../azure/sql/azure-sql-tde-not-enabled.yaml | 3 +- .../sql/azure-sql-va-emails-unconfigured.yaml | 3 +- .../azure-blob-anonymous-access-disabled.yaml | 3 +- .../azure-blob-immutable-not-enabled.yaml | 3 +- .../azure-blob-lifecycle-not-enabled.yaml | 3 +- .../azure-blob-service-logging-disabled.yaml | 3 +- .../azure-blob-soft-delete-disabled.yaml | 3 +- .../azure-storage-blob-public-access.yaml | 3 +- .../azure-storage-byok-not-used.yaml | 3 +- .../azure-storage-cmk-not-used.yaml | 3 +- ...age-cross-tenant-replication-disabled.yaml | 3 +- .../azure-storage-encryption-missing.yaml | 3 +- .../azure-storage-min-tls-version.yaml | 3 +- .../azure-storage-network-unrestricted.yaml | 3 +- .../azure-storage-overly-permissive-sap.yaml | 3 +- ...storage-private-endpoint-unconfigured.yaml | 3 +- .../azure-storage-public-access.yaml | 3 +- .../azure-storage-queue-logging-disabled.yaml | 3 +- .../azure-storage-secure-transfer.yaml | 3 +- .../azure-storage-static-website-review.yaml | 3 +- .../azure-storage-table-logging-disabled.yaml | 3 +- ...azure-storage-trusted-access-disabled.yaml | 3 +- ...e-policy-not-allowed-types-unassigned.yaml | 3 +- .../azure-synapse-sqlpool-tde-disabled.yaml | 3 +- .../azure-vm-tags-schema-noncompliant.yaml | 3 +- .../azure-app-tier-vm-disk-unencrypted.yaml | 3 +- ...re-disk-encryption-unattached-volumes.yaml | 3 +- .../virtualmachines/azure-lb-unused.yaml | 3 +- ...re-vm-accelerated-networking-disabled.yaml | 3 +- ...vm-accelerated-networking-not-enabled.yaml | 3 +- ...azure-vm-boot-diagnostics-not-enabled.yaml | 3 +- .../azure-vm-boot-disk-unencrypted.yaml | 3 +- ...zure-vm-byok-disk-volumes-not-enabled.yaml | 3 +- .../azure-vm-endpoint-protection-missing.yaml | 3 +- .../azure-vm-entra-id-unenabled.yaml | 3 +- .../azure-vm-guest-diagnostics-unenabled.yaml | 3 +- .../azure-vm-jit-access-not-enabled.yaml | 3 +- .../azure-vm-managed-identity-unassigned.yaml | 3 +- ...-vm-performance-diagnostics-unenabled.yaml | 3 +- .../azure-vm-ssh-auth-type.yaml | 3 +- .../azure-vm-standard-ssd-required.yaml | 3 +- .../azure-vm-trusted-launch-disabled.yaml | 3 +- .../azure-vm-unapproved-image.yaml | 3 +- .../azure-vm-unmanaged-disk-volumes.yaml | 3 +- .../azure-vm-web-tier-disk-unencrypted.yaml | 3 +- .../azure-vmss-auto-os-upgrade-missing.yaml | 3 +- .../azure-vmss-auto-repairs-disabled.yaml | 3 +- .../azure-vmss-empty-unattached.yaml | 3 +- .../azure-vmss-health-monitoring-missing.yaml | 3 +- ...azure-vmss-load-balancer-unassociated.yaml | 3 +- .../azure-vmss-public-ip-disabled.yaml | 3 +- ...azure-vmss-termination-notif-disabled.yaml | 3 +- .../azure-vmss-zone-redundancy-missing.yaml | 3 +- .../gcloud-api-key-restrictions-missing.yaml | 3 +- .../gcp/api/gcloud-api-key-unrestricted.yaml | 3 +- .../gcloud-api-keys-inactive-services.yaml | 3 +- ...gcloud-critical-service-apis-disabled.yaml | 3 +- .../gcloud-security-center-api-disabled.yaml | 3 +- .../gcp/api/gcloud-vm-os-config-disabled.yaml | 3 +- .../gcloud-artifact-registry-public.yaml | 3 +- .../gcloud-vuln-scan-missing.yaml | 3 +- .../gcloud-bigquery-cmek-not-enabled.yaml | 3 +- .../gcloud-bigquery-cmk-not-enabled.yaml | 3 +- .../gcloud-bigquery-public-datasets.yaml | 3 +- ...gcloud-backend-bucket-missing-storage.yaml | 3 +- cloud/gcp/cdn/gcloud-cdn-backend-bucket.yaml | 3 +- .../gcloud-cdn-origin-auth-unconfigured.yaml | 3 +- cloud/gcp/cdn/gcloud-cdn-ssl-enforcement.yaml | 3 +- cloud/gcp/cdn/gcloud-cdn-tls-unenforced.yaml | 3 +- .../gcloud-certificate-validity-exceeded.yaml | 3 +- .../gcloud-disk-image-public-access.yaml | 3 +- ...d-instance-group-autohealing-disabled.yaml | 3 +- .../compute/gcloud-mig-no-load-balancer.yaml | 3 +- cloud/gcp/compute/gcloud-mig-single-zone.yaml | 3 +- .../gcp/compute/gcloud-oslogin-disabled.yaml | 3 +- ...gcloud-persistent-disks-suspended-vms.yaml | 3 +- .../gcloud-vm-automatic-restart-disabled.yaml | 3 +- ...ud-vm-confidential-computing-disabled.yaml | 3 +- ...m-default-service-account-full-access.yaml | 3 +- .../gcloud-vm-default-service-account.yaml | 3 +- ...cloud-vm-deletion-protection-disabled.yaml | 3 +- .../gcloud-vm-disk-autodelete-enabled.yaml | 3 +- .../gcloud-vm-disk-cmk-not-enabled.yaml | 3 +- .../compute/gcloud-vm-disk-csek-disabled.yaml | 3 +- .../gcloud-vm-disk-csek-not-enabled.yaml | 3 +- .../gcloud-vm-ip-forwarding-enabled.yaml | 3 +- .../gcloud-vm-maintenance-terminate.yaml | 3 +- .../gcloud-vm-oslogin-2fa-disabled.yaml | 3 +- .../gcloud-vm-preemptible-enabled.yaml | 3 +- .../gcloud-vm-project-ssh-keys-enabled.yaml | 3 +- .../compute/gcloud-vm-public-ip-enabled.yaml | 3 +- .../gcloud-vm-serial-console-enabled.yaml | 3 +- .../compute/gcloud-vm-shielded-disabled.yaml | 3 +- .../gcp/dataproc/gcloud-dataproc-no-cmk.yaml | 3 +- .../gcloud-dataproc-public-access.yaml | 3 +- .../gcp/dns/gcloud-dns-dangling-records.yaml | 3 +- .../gcp/dns/gcloud-dns-dnssec-unenabled.yaml | 3 +- .../dns/gcloud-dnssec-keysigning-rsasha1.yaml | 3 +- .../gcloud-dnssec-zonesigning-rsasha1.yaml | 3 +- ...ilestore-deletion-protection-disabled.yaml | 3 +- .../gcloud-filestore-no-backups.yaml | 3 +- .../filestore/gcloud-filestore-no-cmek.yaml | 3 +- .../gcloud-filestore-no-vpc-controls.yaml | 3 +- .../gcloud-filestore-unrestricted-access.yaml | 3 +- ...ud-func-auto-runtime-updates-disabled.yaml | 3 +- .../function/gcloud-func-cmek-not-used.yaml | 3 +- .../gcloud-func-inactive-svc-acc.yaml | 3 +- .../gcloud-func-min-instances-unset.yaml | 3 +- .../function/gcloud-func-missing-labels.yaml | 3 +- .../function/gcloud-func-no-vpc-access.yaml | 3 +- .../function/gcloud-func-public-access.yaml | 3 +- .../gcloud-func-pubsub-dlt-missing.yaml | 3 +- .../gcloud-func-secrets-unmanaged.yaml | 3 +- .../gcloud-func-unrestricted-outbound.yaml | 3 +- .../gcp-cloud-func-gen1-deprecated.yaml | 3 +- .../function/gcp-func-default-svc-acc.yaml | 3 +- .../gke/gcloud-gke-auto-repair-disabled.yaml | 3 +- .../gke/gcloud-gke-auto-upgrade-disabled.yaml | 3 +- .../gcp/gke/gcloud-gke-backups-disabled.yaml | 3 +- ...oud-gke-binary-authorization-disabled.yaml | 3 +- ...gcloud-gke-client-certificate-enabled.yaml | 3 +- ...cloud-gke-confidential-nodes-disabled.yaml | 3 +- .../gcloud-gke-cos-containerd-disabled.yaml | 3 +- .../gcloud-gke-cost-allocation-disabled.yaml | 3 +- .../gcloud-gke-default-service-account.yaml | 3 +- ...oud-gke-integrity-monitoring-disabled.yaml | 3 +- ...oud-gke-intranode-visibility-disabled.yaml | 3 +- cloud/gcp/gke/gcloud-gke-labels-missing.yaml | 3 +- .../gcp/gke/gcloud-gke-logging-disabled.yaml | 3 +- .../gcloud-gke-metadata-server-disabled.yaml | 3 +- .../gke/gcloud-gke-monitoring-disabled.yaml | 3 +- .../gcloud-gke-notifications-disabled.yaml | 3 +- .../gcloud-gke-private-nodes-disabled.yaml | 3 +- .../gcloud-gke-public-endpoint-enabled.yaml | 3 +- .../gcloud-gke-release-channel-disabled.yaml | 3 +- .../gcp/gke/gcloud-gke-sandbox-disabled.yaml | 3 +- ...cloud-gke-secrets-encryption-disabled.yaml | 3 +- .../gke/gcloud-gke-secure-boot-disabled.yaml | 3 +- .../gcloud-gke-security-posture-disabled.yaml | 3 +- .../gcloud-gke-shielded-nodes-disabled.yaml | 3 +- ...d-gke-transparent-encryption-disabled.yaml | 3 +- .../gke/gcloud-gke-vpc-native-disabled.yaml | 3 +- ...d-gke-vulnerability-scanning-disabled.yaml | 3 +- ...gcloud-gke-workload-identity-disabled.yaml | 3 +- .../gcloud-access-approval-not-enabled.yaml | 3 +- cloud/gcp/iam/gcloud-api-keys-present.yaml | 3 +- cloud/gcp/iam/gcloud-iam-admin-roles.yaml | 3 +- cloud/gcp/iam/gcloud-iam-primitive-roles.yaml | 3 +- .../gcp/iam/gcloud-iam-separation-duties.yaml | 3 +- ...cloud-iam-service-roles-project-level.yaml | 3 +- .../gcloud-iam-unrestricted-decryption.yaml | 3 +- ...oud-service-account-admin-restriction.yaml | 3 +- .../iam/gcloud-service-account-user-keys.yaml | 3 +- cloud/gcp/kms/gcloud-kms-public-access.yaml | 3 +- .../gcloud-alb-ssl-google-managed.yaml | 3 +- .../gcloud-approved-external-lb.yaml | 3 +- .../gcloud-https-lb-logging-disabled.yaml | 3 +- .../gcloud-lb-backend-unsecured.yaml | 3 +- .../gcloud-ssl-policy-insecure-ciphers.yaml | 3 +- ...loud-enable-data-access-audit-logging.yaml | 3 +- .../gcloud-global-logging-not-enabled.yaml | 3 +- ...oud-log-retention-period-insufficient.yaml | 3 +- .../gcloud-logging-sink-not-configured.yaml | 3 +- ...etwork-changes-monitoring-not-enabled.yaml | 3 +- .../nat/gcloud-iam-least-privilege-nat.yaml | 3 +- .../gcp/nat/gcloud-nat-logging-disabled.yaml | 3 +- .../gcloud-nat-private-subnet-disabled.yaml | 3 +- .../gcloud-nat-static-ip-unconfigured.yaml | 3 +- .../nat/gcloud-nat-subnet-unrestricted.yaml | 3 +- .../pubsub/gcloud-pubsub-cmek-disabled.yaml | 3 +- .../gcloud-pubsub-crossproject-access.yaml | 3 +- .../gcloud-pubsub-deadletter-disabled.yaml | 3 +- .../gcloud-pubsub-publicly-accessible.yaml | 3 +- .../gcloud-org-allowed-apis.yaml | 3 +- .../gcloud-org-allowed-external-ips.yaml | 3 +- .../gcloud-org-auto-iam-grants.yaml | 3 +- .../gcloud-org-default-network.yaml | 3 +- .../gcloud-org-detailed-audit-logging.yaml | 3 +- .../gcloud-org-guest-attributes.yaml | 3 +- .../gcloud-org-ip-forwarding.yaml | 3 +- .../gcloud-org-load-balancer-types.yaml | 3 +- .../resourcemanager/gcloud-org-os-login.yaml | 3 +- .../gcloud-org-resource-locations.yaml | 3 +- .../gcloud-org-service-account-creation.yaml | 3 +- ...loud-org-service-account-key-creation.yaml | 3 +- ...gcloud-org-service-account-key-upload.yaml | 3 +- .../gcloud-org-shared-vpc-subnets.yaml | 3 +- .../gcloud-org-sql-authorized-networks.yaml | 3 +- .../gcloud-org-sql-default-encryption.yaml | 3 +- .../gcloud-org-sql-public-ip.yaml | 3 +- .../gcloud-org-trusted-images.yaml | 3 +- .../gcloud-org-uniform-bucket-access.yaml | 3 +- .../gcloud-org-vpc-peering.yaml | 3 +- .../gcloud-org-vpn-peer-ips.yaml | 3 +- .../gcloud-org-workload-identity.yaml | 3 +- ...loud-run-services-user-labels-missing.yaml | 3 +- .../gcloud-mysql-local-infile-enabled.yaml | 3 +- cloud/gcp/sql/gcloud-mysql-pitr-disabled.yaml | 3 +- .../gcloud-mysql-slowquerylog-disabled.yaml | 3 +- ...g-error-verbosity-flag-not-configured.yaml | 3 +- .../gcloud-pg-log-executor-stats-enabled.yaml | 3 +- ...pg-log-min-duration-statement-enabled.yaml | 3 +- ...n-error-statement-flag-not-configured.yaml | 3 +- ...-log-min-messages-flag-not-configured.yaml | 3 +- .../gcloud-pg-log-parser-stats-enabled.yaml | 3 +- .../gcloud-pg-log-planner-stats-enabled.yaml | 3 +- ...-pg-log-statement-flag-not-configured.yaml | 3 +- ...gcloud-pg-log-statement-stats-enabled.yaml | 3 +- ...d-postgresql-log-checkpoints-disabled.yaml | 3 +- ...stgresql-log-disconnections-unenabled.yaml | 3 +- ...loud-postgresql-log-hostname-disabled.yaml | 3 +- ...loud-postgresql-logtempfiles-disabled.yaml | 3 +- .../sql/gcloud-sql-auto-storage-disabled.yaml | 3 +- ...sql-auto-storage-limit-not-configured.yaml | 3 +- .../gcp/sql/gcloud-sql-backups-disabled.yaml | 3 +- cloud/gcp/sql/gcloud-sql-cmk-not-enabled.yaml | 3 +- ...l-contained-db-authentication-enabled.yaml | 3 +- ...l-cross-db-ownership-chaining-enabled.yaml | 3 +- ...oud-sql-database-public-ip-configured.yaml | 3 +- .../gcloud-sql-external-scripts-enabled.yaml | 3 +- cloud/gcp/sql/gcloud-sql-ha-not-enabled.yaml | 3 +- .../gcloud-sql-log-checkpoints-disabled.yaml | 3 +- .../gcloud-sql-log-connections-disabled.yaml | 3 +- .../gcloud-sql-log-lock-waits-disabled.yaml | 3 +- .../sql/gcloud-sql-pgaudit-not-enabled.yaml | 3 +- ...oud-sql-publicly-accessible-instances.yaml | 3 +- .../sql/gcloud-sql-remote-access-enabled.yaml | 3 +- ...cloud-sql-skip-show-database-disabled.yaml | 3 +- .../gcp/sql/gcloud-sql-ssl-not-enforced.yaml | 3 +- ...-sql-ssl-tls-connections-not-enforced.yaml | 3 +- .../sql/gcloud-sql-trace-3625-enabled.yaml | 3 +- cloud/gcp/sql/gcloud-sql-user-options.yaml | 3 +- .../gcloud-bucket-lock-not-configured.yaml | 3 +- ...oud-bucket-policies-admin-permissions.yaml | 3 +- ...oud-bucket-website-config-not-defined.yaml | 3 +- ...ud-data-access-audit-logs-not-enabled.yaml | 3 +- ...ud-insufficient-data-retention-period.yaml | 3 +- ...loud-lifecycle-management-not-enabled.yaml | 3 +- ...oud-object-encryption-cmk-not-enabled.yaml | 3 +- .../gcloud-object-versioning-not-enabled.yaml | 3 +- ...-public-access-prevention-not-enabled.yaml | 3 +- ...d-publicly-accessible-storage-buckets.yaml | 3 +- .../gcloud-secure-cors-configuration.yaml | 3 +- .../gcloud-storage-logs-not-enabled.yaml | 3 +- ...iform-bucket-level-access-not-enabled.yaml | 3 +- ...d-vpc-service-controls-not-configured.yaml | 3 +- .../gcloud-vertexai-auto-upgrades.yaml | 3 +- .../vertexai/gcloud-vertexai-default-vpc.yaml | 3 +- .../vertexai/gcloud-vertexai-external-ip.yaml | 3 +- .../gcloud-vertexai-idle-shutdown.yaml | 3 +- .../vertexai/gcloud-vertexai-integrity.yaml | 3 +- .../vertexai/gcloud-vertexai-monitoring.yaml | 3 +- .../vertexai/gcloud-vertexai-root-access.yaml | 3 +- .../vertexai/gcloud-vertexai-secure-boot.yaml | 3 +- cloud/gcp/vertexai/gcloud-vertexai-vtpm.yaml | 3 +- .../gcp/vpc/gcloud-check-legacy-networks.yaml | 3 +- cloud/gcp/vpc/gcloud-default-vpc-in-use.yaml | 3 +- .../vpc/gcloud-dns-logging-not-enabled.yaml | 3 +- .../gcp/vpc/gcloud-enable-vpc-flow-logs.yaml | 3 +- ...xclude-metadata-from-firewall-logging.yaml | 3 +- ...oud-firewall-rule-logging-not-enabled.yaml | 3 +- .../vpc/gcloud-unrestricted-dns-access.yaml | 3 +- .../vpc/gcloud-unrestricted-ftp-access.yaml | 3 +- .../vpc/gcloud-unrestricted-icmp-access.yaml | 3 +- ...d-unrestricted-inbound-uncommon-ports.yaml | 3 +- .../vpc/gcloud-unrestricted-mysql-access.yaml | 3 +- .../gcloud-unrestricted-oracle-db-access.yaml | 3 +- .../gcloud-unrestricted-outbound-access.yaml | 3 +- ...gcloud-unrestricted-postgresql-access.yaml | 3 +- .../vpc/gcloud-unrestricted-rdp-access.yaml | 3 +- .../vpc/gcloud-unrestricted-rpc-access.yaml | 3 +- .../vpc/gcloud-unrestricted-smtp-access.yaml | 3 +- .../gcloud-unrestricted-sqlserver-access.yaml | 3 +- .../vpc/gcloud-unrestricted-ssh-access.yaml | 3 +- .../vpc/gcloud-vpc-firewall-port-ranges.yaml | 3 +- .../gcloud-vpc-private-service-connect.yaml | 3 +- .../vpc/gcloud-vpc-unattached-static-ips.yaml | 3 +- .../cves/2025/CVE-2025-1974-k8s.yaml | 3 +- .../deployments/k8s-cpu-limits-not-set.yaml | 3 +- .../deployments/k8s-cpu-requests-not-set.yaml | 3 +- .../k8s-default-namespace-used.yaml | 3 +- .../deployments/k8s-host-ports-check.yaml | 3 +- .../k8s-image-pull-policy-always.yaml | 3 +- .../deployments/k8s-image-tag-not-fixed.yaml | 3 +- .../k8s-liveness-probe-not-configured.yaml | 3 +- .../k8s-memory-limits-not-set.yaml | 3 +- .../k8s-memory-requests-not-set.yaml | 3 +- .../k8s-minimize-added-capabilities.yaml | 3 +- .../deployments/k8s-privileged-container.yaml | 3 +- .../k8s-readiness-probe-not-set.yaml | 3 +- .../k8s-root-container-admission.yaml | 3 +- .../deployments/k8s-seccomp-profile-set.yaml | 3 +- .../k8s-netpol-egress-rules.yaml | 3 +- .../k8s-netpol-namespace.yaml | 3 +- .../k8s-network-ingress-rules.yaml | 3 +- .../k8s-allow-privilege-escalation-set.yaml | 3 +- .../pods/k8s-containers-share-host-ipc.yaml | 3 +- .../k8s-host-network-namespace-shared.yaml | 3 +- .../pods/k8s-host-pid-namespace-sharing.yaml | 3 +- cloud/kubernetes/pods/k8s-readonly-fs.yaml | 3 +- .../kubernetes/pods/k8s-readonly-rootfs.yaml | 3 +- cloud/kubernetes/pods/k8s-root-user-id.yaml | 3 +- code/cves/2017/CVE-2017-1000353.yaml | 7 +-- code/cves/2019/CVE-2019-14287.yaml | 4 +- code/cves/2020/CVE-2020-13935.yaml | 31 +++------- code/cves/2023/CVE-2023-49105.yaml | 8 +-- code/cves/2023/CVE-2023-6246.yaml | 10 +-- code/cves/2024/CVE-2024-12356.yaml | 13 +--- code/cves/2024/CVE-2024-22120.yaml | 7 +-- code/cves/2024/CVE-2024-4340.yaml | 4 +- code/cves/2024/CVE-2024-45409.yaml | 14 ++--- code/cves/2024/CVE-2024-55556.yaml | 2 +- code/cves/2024/CVE-2024-56331.yaml | 9 ++- code/cves/2025/CVE-2025-25291.yaml | 6 +- code/cves/2025/CVE-2025-32433.yaml | 7 ++- .../automatic-windows-updates-disabled.yaml | 2 +- .../insecure-powershell-execution-policy.yaml | 4 +- .../audit/minimum-password-age-zero.yaml | 2 +- .../audit/plaintext-passwords-in-memory.yaml | 2 +- ...ershell-script-block-logging-disabled.yaml | 4 +- .../audit/remote-assistance-enabled.yaml | 2 +- .../audit/remote-desktop-default-port.yaml | 2 +- ...defender-realtime-protection-disabled.yaml | 2 +- dast/cves/2022/CVE-2022-22965.yaml | 2 +- dast/cves/2022/CVE-2022-42889.yaml | 5 -- dast/cves/2024/CVE-2024-2961.yaml | 3 +- .../cmdi/python-code-injection.yaml | 2 - .../injection/csv-injection.yaml | 2 - .../injection/xinclude-injection.yaml | 2 - .../redirect/open-redirect-bypass.yaml | 2 +- .../vulnerabilities/sqli/time-based-sqli.yaml | 2 - dast/vulnerabilities/ssrf/blind-ssrf.yaml | 2 +- dast/vulnerabilities/ssrf/response-ssrf.yaml | 2 +- .../ssti/freemarker-sandbox-bypass-ssti.yaml | 1 - dast/vulnerabilities/ssti/oob/blade-oob.yaml | 1 - dast/vulnerabilities/ssti/oob/bottle-oob.yaml | 1 - .../ssti/oob/chameleon-oob.yaml | 1 - .../vulnerabilities/ssti/oob/codepen-oob.yaml | 1 - dast/vulnerabilities/ssti/oob/dotjs-oob.yaml | 1 - .../ssti/oob/ejs-underscore-oob.yaml | 2 +- .../ssti/oob/erb-erubi-erubis-oob.yaml | 1 - .../ssti/oob/freemarker-oob.yaml | 1 - dast/vulnerabilities/ssti/oob/groovy-oob.yaml | 1 - dast/vulnerabilities/ssti/oob/jinja2-oob.yaml | 1 - .../vulnerabilities/ssti/oob/jinjava-oob.yaml | 2 +- dast/vulnerabilities/ssti/oob/latte-oob.yaml | 1 - dast/vulnerabilities/ssti/oob/mako-oob.yaml | 1 - dast/vulnerabilities/ssti/oob/pebble-oob.yaml | 2 +- dast/vulnerabilities/ssti/oob/pugjs-oob.yaml | 2 +- .../ssti/oob/spring-expression-oob.yaml | 2 +- .../ssti/oob/thymeleaf-oob.yaml | 2 +- .../vulnerabilities/ssti/oob/tornado-oob.yaml | 1 - .../ssti/oob/velocityjs-oob.yaml | 1 - dast/vulnerabilities/ssti/twig-ssti.yaml | 2 +- .../xss/csp-bypass/adnxs-ib-csp-bypass.yaml | 2 +- .../csp-bypass/adnxs-secure-csp-bypass.yaml | 2 +- .../csp-bypass/adobe-campaign-csp-bypass.yaml | 2 +- .../xss/csp-bypass/adroll-csp-bypass.yaml | 2 +- .../csp-bypass/afterpay-help-csp-bypass.yaml | 2 +- .../csp-bypass/akamai-content-csp-bypass.yaml | 2 +- .../xss/csp-bypass/alibaba-ug-csp-bypass.yaml | 2 +- .../csp-bypass/aliexpress-acs-csp-bypass.yaml | 2 +- .../xss/csp-bypass/amap-wb-csp-bypass.yaml | 2 +- .../csp-bypass/amazon-aax-eu-csp-bypass.yaml | 2 +- .../csp-bypass/amazon-media-csp-bypass.yaml | 2 +- .../csp-bypass/amazon-romania-csp-bypass.yaml | 2 +- .../amazon-s3-elysium-csp-bypass.yaml | 2 +- .../ancestrycdn-angular-csp-bypass.yaml | 2 +- .../csp-bypass/angularjs-code-csp-bypass.yaml | 2 +- .../xss/csp-bypass/app-link-csp-bypass.yaml | 2 +- .../apple-developer-csp-bypass.yaml | 2 +- .../csp-bypass/arkoselabs-cdn-csp-bypass.yaml | 2 +- .../arkoselabs-client-api-csp-bypass.yaml | 2 +- .../csp-bypass/ayco-portal-csp-bypass.yaml | 2 +- .../xss/csp-bypass/azure-inno-csp-bypass.yaml | 2 +- .../csp-bypass/baidu-map-api-csp-bypass.yaml | 2 +- .../csp-bypass/baidu-passport-csp-bypass.yaml | 2 +- .../csp-bypass/battlenet-eu-csp-bypass.yaml | 2 +- .../bazaarvoice-api-csp-bypass.yaml | 2 +- .../xss/csp-bypass/bdimg-apps-csp-bypass.yaml | 2 +- .../csp-bypass/bebezoo-1688-csp-bypass.yaml | 2 +- .../xss/csp-bypass/bild-don-csp-bypass.yaml | 2 +- .../xss/csp-bypass/bing-api-csp-bypass.yaml | 2 +- .../xss/csp-bypass/bing-csp-bypass.yaml | 2 +- .../csp-bypass/blogger-api-csp-bypass.yaml | 2 +- .../csp-bypass/buzzfeed-mango-csp-bypass.yaml | 2 +- .../csp-bypass/bytedance-sso-csp-bypass.yaml | 2 +- .../csp-bypass/carbonads-srv-csp-bypass.yaml | 2 +- .../csp-bypass/chartbeat-api-csp-bypass.yaml | 2 +- .../clearbit-reveal-csp-bypass.yaml | 2 +- .../csp-bypass/cloudflare-cdn-csp-bypass.yaml | 2 +- .../cloudflare-challenges-csp-bypass.yaml | 2 +- .../cloudflare-info-csp-bypass.yaml | 2 +- .../xss/csp-bypass/cloudfront-csp-bypass.yaml | 2 +- .../coinbase-commerce-csp-bypass.yaml | 2 +- .../coinbase-investor-csp-bypass.yaml | 2 +- .../csp-bypass/crisp-client-csp-bypass.yaml | 2 +- .../xss/csp-bypass/criteo-cas-csp-bypass.yaml | 2 +- .../csp-bypass/criteo-dynamic-csp-bypass.yaml | 2 +- .../xss/csp-bypass/criteo-gum-csp-bypass.yaml | 2 +- .../xss/csp-bypass/cxense-api-csp-bypass.yaml | 2 +- .../dailymotion-api-csp-bypass.yaml | 2 +- .../xss/csp-bypass/dblp-csp-bypass.yaml | 2 +- .../xss/csp-bypass/demdex-dpm-csp-bypass.yaml | 2 +- .../digitalocean-anchor-csp-bypass.yaml | 2 +- .../csp-bypass/disqus-links-csp-bypass.yaml | 2 +- .../doubleclick-pubads-csp-bypass.yaml | 2 +- .../doubleclick-securepubads-csp-bypass.yaml | 2 +- .../csp-bypass/duckduckgo-api-csp-bypass.yaml | 2 +- .../csp-bypass/elastic-info-csp-bypass.yaml | 2 +- .../ethicalads-server-csp-bypass.yaml | 2 +- .../csp-bypass/facebook-api-csp-bypass.yaml | 2 +- .../csp-bypass/facebook-graph-csp-bypass.yaml | 2 +- .../fastly-storemapper-csp-bypass.yaml | 2 +- .../firebaseio-rentokil-csp-bypass.yaml | 2 +- .../xss/csp-bypass/flickr-api-csp-bypass.yaml | 2 +- .../csp-bypass/forismatic-api-csp-bypass.yaml | 2 +- .../csp-bypass/fqtag-query-csp-bypass.yaml | 2 +- .../xss/csp-bypass/fqtag-s-csp-bypass.yaml | 2 +- .../xss/csp-bypass/fwmrm-csp-bypass.yaml | 2 +- .../csp-bypass/getdrip-api-csp-bypass.yaml | 2 +- .../xss/csp-bypass/github-api-csp-bypass.yaml | 2 +- .../csp-bypass/github-gist-csp-bypass.yaml | 2 +- .../csp-bypass/gitlab-page-csp-bypass.yaml | 2 +- .../xss/csp-bypass/go-dev-csp-bypass.yaml | 2 +- .../google-accounts-csp-bypass.yaml | 2 +- .../csp-bypass/google-ajax-csp-bypass.yaml | 2 +- .../google-analytics-csp-bypass.yaml | 2 +- .../csp-bypass/google-apis-csp-bypass.yaml | 2 +- .../google-clients1-csp-bypass.yaml | 2 +- .../google-complete-csp-bypass.yaml | 2 +- .../xss/csp-bypass/google-cse-csp-bypass.yaml | 2 +- .../google-maps-api-ssl-csp-bypass.yaml | 2 +- .../google-maps-apis-csp-bypass.yaml | 2 +- .../csp-bypass/google-maps-csp-bypass.yaml | 2 +- .../csp-bypass/google-maps-de-csp-bypass.yaml | 2 +- .../csp-bypass/google-maps-lv-csp-bypass.yaml | 2 +- .../csp-bypass/google-maps-ru-csp-bypass.yaml | 2 +- .../google-recaptcha-csp-bypass.yaml | 2 +- .../google-tagmanager-csp-bypass.yaml | 2 +- .../google-translate-csp-bypass.yaml | 2 +- .../googleadservices-partner-csp-bypass.yaml | 2 +- .../googleapis-blogger-csp-bypass.yaml | 2 +- .../googleapis-customsearch-csp-bypass.yaml | 2 +- .../googleapis-storage-csp-bypass.yaml | 2 +- .../googleapis-translate-csp-bypass.yaml | 2 +- .../googletagmanager-csp-bypass.yaml | 2 +- .../gravatar-secure-csp-bypass.yaml | 2 +- .../csp-bypass/grubhub-assets-csp-bypass.yaml | 2 +- .../gstatic-angular-csp-bypass.yaml | 2 +- .../gstatic-recaptcha-csp-bypass.yaml | 2 +- .../csp-bypass/gstatic-ssl-csp-bypass.yaml | 2 +- .../hatenaapis-bookmark-csp-bypass.yaml | 2 +- .../xss/csp-bypass/hcaptcha-csp-bypass.yaml | 2 +- .../csp-bypass/hcaptcha-js-csp-bypass.yaml | 2 +- .../xss/csp-bypass/here-api-csp-bypass.yaml | 2 +- .../xss/csp-bypass/hsforms-csp-bypass.yaml | 2 +- .../csp-bypass/hubspot-forms-csp-bypass.yaml | 2 +- .../xss/csp-bypass/ibm-api-csp-bypass.yaml | 2 +- .../csp-bypass/ieee-oamssoqae-csp-bypass.yaml | 2 +- .../csp-bypass/im-apps-sync-csp-bypass.yaml | 2 +- .../xss/csp-bypass/indeed-tr-csp-bypass.yaml | 2 +- .../xss/csp-bypass/indeed-uk-csp-bypass.yaml | 2 +- .../csp-bypass/ip-api-edns-csp-bypass.yaml | 2 +- .../xss/csp-bypass/ipify-api-csp-bypass.yaml | 2 +- .../xss/csp-bypass/ipinfo-csp-bypass.yaml | 2 +- .../xss/csp-bypass/itunes-csp-bypass.yaml | 2 +- .../xss/csp-bypass/jd-api-csp-bypass.yaml | 2 +- .../xss/csp-bypass/jsdelivr-csp-bypass.yaml | 2 +- .../xss/csp-bypass/lijit-ap-csp-bypass.yaml | 2 +- .../livechatinc-api-csp-bypass.yaml | 2 +- .../liveperson-lptag-csp-bypass.yaml | 2 +- .../lpsnmedia-accdn-csp-bypass.yaml | 2 +- .../csp-bypass/mailru-connect-csp-bypass.yaml | 2 +- .../csp-bypass/marketo-app-csp-bypass.yaml | 2 +- .../csp-bypass/mathtag-pixel-csp-bypass.yaml | 2 +- .../csp-bypass/matomo-demo-csp-bypass.yaml | 2 +- .../xss/csp-bypass/meetup-api-csp-bypass.yaml | 2 +- .../xss/csp-bypass/meteoprog-csp-bypass.yaml | 2 +- .../xss/csp-bypass/mi-huodong-csp-bypass.yaml | 2 +- .../csp-bypass/microsoft-api-csp-bypass.yaml | 2 +- .../microsofttranslator-api-csp-bypass.yaml | 2 +- .../csp-bypass/mixpanel-api-csp-bypass.yaml | 2 +- .../csp-bypass/moatads-geo-csp-bypass.yaml | 2 +- .../naver-global-apis-csp-bypass.yaml | 2 +- .../xss/csp-bypass/naver-like-csp-bypass.yaml | 2 +- .../xss/csp-bypass/olark-api-csp-bypass.yaml | 2 +- .../onetrust-geolocation-csp-bypass.yaml | 2 +- .../csp-bypass/openai-tcr9i-csp-bypass.yaml | 2 +- .../opendatasoft-docs-csp-bypass.yaml | 2 +- .../openexchangerates-csp-bypass.yaml | 2 +- .../openstreetmap-nominatim-csp-bypass.yaml | 2 +- .../ovoenergy-js-smb-csp-bypass.yaml | 2 +- .../parastorage-static-csp-bypass.yaml | 2 +- .../xss/csp-bypass/paypal-api-csp-bypass.yaml | 2 +- .../xss/csp-bypass/pbs-urs-csp-bypass.yaml | 2 +- .../csp-bypass/pinterest-api-csp-bypass.yaml | 2 +- .../pinterest-widgets-csp-bypass.yaml | 2 +- .../pixplug-visitor-csp-bypass.yaml | 2 +- .../xss/csp-bypass/qq-csp-bypass.yaml | 2 +- .../quantserve-pixel-csp-bypass.yaml | 2 +- .../quantserve-secure-csp-bypass.yaml | 2 +- .../quantserve-segapi-csp-bypass.yaml | 2 +- .../csp-bypass/recaptcha-net-csp-bypass.yaml | 2 +- .../xss/csp-bypass/reddit-api-csp-bypass.yaml | 2 +- .../xss/csp-bypass/ring-csp-bypass.yaml | 2 +- .../xss/csp-bypass/roblox-api-csp-bypass.yaml | 2 +- .../csp-bypass/samsung-shop-csp-bypass.yaml | 2 +- .../servicenow-kbcprod-csp-bypass.yaml | 2 +- .../csp-bypass/shopify-cdn-csp-bypass.yaml | 2 +- .../shopify-thehive-csp-bypass.yaml | 2 +- .../skimresources-r-csp-bypass.yaml | 2 +- .../csp-bypass/skype-config-csp-bypass.yaml | 2 +- .../xss/csp-bypass/snyk-go-csp-bypass.yaml | 2 +- .../xss/csp-bypass/soundcloud-csp-bypass.yaml | 2 +- .../xss/csp-bypass/st-angular-csp-bypass.yaml | 2 +- .../stackexchange-api-csp-bypass.yaml | 2 +- .../csp-bypass/swiftype-api-csp-bypass.yaml | 2 +- .../csp-bypass/syncfusion-cdn-csp-bypass.yaml | 2 +- .../csp-bypass/taobao-suggest-csp-bypass.yaml | 2 +- .../tealiumiq-visitor-service-csp-bypass.yaml | 2 +- .../tiktok-analytics-csp-bypass.yaml | 2 +- .../xss/csp-bypass/tumblr-api-csp-bypass.yaml | 2 +- .../csp-bypass/twitter-api-csp-bypass.yaml | 2 +- .../xss/csp-bypass/ulogin-csp-bypass.yaml | 2 +- .../csp-bypass/unpkg-angular-csp-bypass.yaml | 2 +- .../unpkg-hyperscript-csp-bypass.yaml | 2 +- .../usersnap-widget-csp-bypass.yaml | 2 +- .../csp-bypass/vercel-storage-csp-bypass.yaml | 2 +- .../xss/csp-bypass/vimeo-csp-bypass.yaml | 2 +- .../virtualearth-dev-csp-bypass.yaml | 2 +- .../xss/csp-bypass/vk-api-csp-bypass.yaml | 2 +- .../csp-bypass/wikipedia-api-csp-bypass.yaml | 2 +- .../csp-bypass/wistia-fast-csp-bypass.yaml | 2 +- .../csp-bypass/wordpress-api-csp-bypass.yaml | 2 +- .../xss/csp-bypass/wordpress-csp-bypass.yaml | 2 +- .../wordpress-public-api-csp-bypass.yaml | 2 +- .../xss/csp-bypass/x-api-csp-bypass.yaml | 2 +- .../csp-bypass/yahoo-ads-yap-csp-bypass.yaml | 2 +- .../csp-bypass/yahoo-search-csp-bypass.yaml | 2 +- .../xss/csp-bypass/yandex-mc-csp-bypass.yaml | 2 +- .../csp-bypass/yandex-social-csp-bypass.yaml | 2 +- .../xss/csp-bypass/yandex-st-csp-bypass.yaml | 2 +- .../yandex-translate-csp-bypass.yaml | 2 +- .../yandexcloud-smartcaptcha-csp-bypass.yaml | 2 +- .../csp-bypass/yastat-angular-csp-bypass.yaml | 2 +- .../yastatic-angular-csp-bypass.yaml | 2 +- .../xss/csp-bypass/youku-acs-csp-bypass.yaml | 2 +- .../csp-bypass/youtube-api-csp-bypass.yaml | 2 +- .../youtube-suggestqueries-csp-bypass.yaml | 2 +- .../xss/csp-bypass/ytimg-s-csp-bypass.yaml | 2 +- .../yuedust-angular-csp-bypass.yaml | 2 +- ...iohmonstrosdeduelo-blogger-csp-bypass.yaml | 2 +- .../zendesk-support-csp-bypass.yaml | 2 +- .../zendesk-thiscanbeanything-csp-bypass.yaml | 2 +- .../xss/csp-bypass/zhike-help-csp-bypass.yaml | 2 +- .../csp-bypass/zhuanjia-sogou-csp-bypass.yaml | 2 +- .../xss/csp-bypass/zoom-st3-csp-bypass.yaml | 2 +- dast/vulnerabilities/xss/reflected-xss.yaml | 2 +- dast/vulnerabilities/xxe/generic-xxe.yaml | 2 +- file/audit/iis/iis-directory-browsing.yaml | 2 +- file/audit/iis/iis-logging-disabled.yaml | 2 +- .../file-mongodb-http-interface-enabled.yaml | 2 +- .../file-missing-nginx-xss-protection.yaml | 2 +- file/logs/aspnet-framework-exceptions.yaml | 17 +++--- file/logs/nodejs-framework-exceptions.yaml | 19 +++--- .../hash/anthem-deeppanda-malware-hash.yaml | 2 +- file/malware/hash/applejeus-malware-hash.yaml | 2 +- file/malware/hash/avburner-malware-hash.yaml | 2 +- file/malware/hash/backwash-malware-hash.yaml | 2 +- .../hash/blackenergy-driver-amdide-hash.yaml | 2 +- .../hash/blackenergy-driver-malware-hash.yaml | 2 +- .../blackenergy-killdisk-malware-hash.yaml | 2 +- .../hash/blackenergy-ssh-malware-hash.yaml | 2 +- .../hash/blackenergy-vbs-malware-hash.yaml | 2 +- file/malware/hash/bluelight-malware-hash.yaml | 2 +- .../hash/bluetermite-emdivi-malware-hash.yaml | 2 +- .../hash/bluetermite-emdivi-sfx-hash.yaml | 2 +- .../hash/charmingcypress-malware-hash.yaml | 2 +- .../hash/cheshirecat-malware-hash.yaml | 2 +- file/malware/hash/cloudduke-malware-hash.yaml | 2 +- file/malware/hash/codoso-gh0st-malware.yaml | 2 +- file/malware/hash/codoso-malware-hash.yaml | 2 +- .../malware/hash/codoso-pgv-malware-hash.yaml | 2 +- .../hash/codoso-plugx-malware-hash.yaml | 2 +- file/malware/hash/disgomoji-malware-hash.yaml | 2 +- file/malware/hash/dubnium-malware-hash.yaml | 2 +- .../hash/dubnium-sshopenssl-malware-hash.yaml | 2 +- file/malware/hash/emissary-malware-hash.yaml | 2 +- .../malware/hash/evilbamboo-malware-hash.yaml | 2 +- file/malware/hash/fakem-malware-hash.yaml | 2 +- file/malware/hash/flipflop-malware-hash.yaml | 2 +- file/malware/hash/furtim-malware-hash.yaml | 2 +- file/malware/hash/gimmick-malware-hash.yaml | 2 +- file/malware/hash/godzilla-webshell-hash.yaml | 2 +- file/malware/hash/greenbug-malware-hash.yaml | 2 +- file/malware/hash/ico-malware-hash.yaml | 2 +- .../hash/industroyer-malware-hash.yaml | 2 +- .../hash/ironPanda-htran-malware-hash.yaml | 2 +- .../ironpanda-dnstunclient-malware-hash.yaml | 2 +- file/malware/hash/ironpanda-malware-hash.yaml | 2 +- file/malware/hash/locky-ransomware-hash.yaml | 2 +- .../minidionis-readerview-malware-hash.yaml | 2 +- .../hash/minidionis-vbs-malware-hash.yaml | 2 +- .../malware/hash/naikon-apt-malware-hash.yaml | 2 +- file/malware/hash/neuron2-malware-hash.yaml | 2 +- file/malware/hash/oilrig-malware-hash.yaml | 2 +- .../hash/passcv-ntscan-malware-hash.yaml | 2 +- .../hash/passcv-sabre-malware-hash.yaml | 2 +- .../hash/passcv-signingcert-malware-hash.yaml | 2 +- file/malware/hash/petya-ransomware-hash.yaml | 2 +- .../poseidongroup-maldoc-malware-hash.yaml | 2 +- .../hash/poseidongroup-malware-hash.yaml | 2 +- file/malware/hash/powerstar-malware-hash.yaml | 2 +- .../malware/hash/purplewave-malware-hash.yaml | 2 +- .../malware/hash/red-leaves-malware-hash.yaml | 2 +- file/malware/hash/regeorg-webshell-hash.yaml | 2 +- file/malware/hash/revil-ransomware-hash.yaml | 6 +- file/malware/hash/rokrat-malware-hash.yaml | 2 +- file/malware/hash/sauron-malware-hash.yaml | 2 +- file/malware/hash/seaduke-malware-hash.yaml | 2 +- file/malware/hash/sfx1-malware-hash.yaml | 2 +- .../hash/sfxrar-acrotray-malware-hash.yaml | 2 +- file/malware/hash/sharpext-malware-hash.yaml | 2 +- .../hash/sofacy-Winexe-malware-hash.yaml | 2 +- .../hash/sofacy-bundestag-malware-hash.yaml | 2 +- .../hash/sofacy-fybis-malware-hash.yaml | 2 +- file/malware/hash/tidepool-malware-hash.yaml | 2 +- file/malware/hash/turla-malware-hash.yaml | 2 +- file/malware/hash/unit78020-malware-hash.yaml | 2 +- file/malware/hash/upstyle-malware-hash.yaml | 2 +- .../hash/wildneutron-malware-hash.yaml | 2 +- headless/cookie-consent-detection.yaml | 15 ++--- headless/cves/2018/CVE-2018-25031.yaml | 6 +- .../cves/2022/CVE-2022-29455-headless.yaml | 6 +- headless/cves/2024/CVE-2024-29882.yaml | 6 +- headless/cves/2024/CVE-2024-38526.yaml | 6 +- headless/cves/2025/CVE-2025-24752.yaml | 14 +---- headless/cves/2025/CVE-2025-25062.yaml | 3 +- .../cves/2025/CVE-2025-29927-HEADLESS.yaml | 2 +- headless/prototype-pollution-check.yaml | 3 +- http/cnvd/2020/CNVD-2020-63964.yaml | 8 +-- http/cnvd/2021/CNVD-2021-14536.yaml | 6 +- http/cnvd/2021/CNVD-2021-15822.yaml | 7 +-- http/cnvd/2021/CNVD-2021-28277.yaml | 7 +-- http/cnvd/2021/CNVD-2021-33202.yaml | 10 ++- http/cnvd/2021/CNVD-2021-64035.yaml | 2 +- http/cnvd/2022/CNVD-2022-42853.yaml | 11 ++-- http/cnvd/2022/CNVD-2022-43245.yaml | 4 +- http/cnvd/2023/CNVD-2023-03903.yaml | 4 +- http/cnvd/2023/CNVD-2023-72138.yaml | 3 +- http/cnvd/2024/CNVD-2024-15077.yaml | 4 +- .../self-hosted/grafana-login-check.yaml | 11 +--- http/cves/2000/CVE-2000-0114.yaml | 4 +- http/cves/2000/CVE-2000-0760.yaml | 31 ++-------- http/cves/2001/CVE-2001-0537.yaml | 2 +- http/cves/2004/CVE-2004-0519.yaml | 4 +- http/cves/2005/CVE-2005-3344.yaml | 4 +- http/cves/2005/CVE-2005-3634.yaml | 8 ++- http/cves/2006/CVE-2006-1681.yaml | 10 +-- http/cves/2006/CVE-2006-2842.yaml | 4 +- http/cves/2007/CVE-2007-2449.yaml | 31 ++-------- http/cves/2007/CVE-2007-3010.yaml | 14 ++--- http/cves/2007/CVE-2007-4504.yaml | 4 +- http/cves/2007/CVE-2007-5728.yaml | 3 +- http/cves/2008/CVE-2008-1061.yaml | 4 +- http/cves/2008/CVE-2008-1547.yaml | 10 +-- http/cves/2008/CVE-2008-2398.yaml | 6 +- http/cves/2008/CVE-2008-5587.yaml | 7 ++- http/cves/2008/CVE-2008-6172.yaml | 5 +- http/cves/2008/CVE-2008-6222.yaml | 4 +- http/cves/2008/CVE-2008-6465.yaml | 6 +- http/cves/2008/CVE-2008-6668.yaml | 4 +- http/cves/2008/CVE-2008-7269.yaml | 9 +-- http/cves/2009/CVE-2009-0347.yaml | 4 +- http/cves/2009/CVE-2009-0932.yaml | 4 +- http/cves/2009/CVE-2009-1151.yaml | 14 ++--- http/cves/2009/CVE-2009-1558.yaml | 4 +- http/cves/2009/CVE-2009-1872.yaml | 5 +- http/cves/2009/CVE-2009-2015.yaml | 5 +- http/cves/2009/CVE-2009-2100.yaml | 5 +- http/cves/2009/CVE-2009-3053.yaml | 4 +- http/cves/2009/CVE-2009-3318.yaml | 5 +- http/cves/2009/CVE-2009-4202.yaml | 4 +- http/cves/2009/CVE-2009-5020.yaml | 5 +- http/cves/2009/CVE-2009-5114.yaml | 4 +- http/cves/2010/CVE-2010-0157.yaml | 5 +- http/cves/2010/CVE-2010-0219.yaml | 4 +- http/cves/2010/CVE-2010-0759.yaml | 4 +- http/cves/2010/CVE-2010-0942.yaml | 4 +- http/cves/2010/CVE-2010-0943.yaml | 5 +- http/cves/2010/CVE-2010-0944.yaml | 4 +- http/cves/2010/CVE-2010-0972.yaml | 4 +- http/cves/2010/CVE-2010-0985.yaml | 4 +- http/cves/2010/CVE-2010-1056.yaml | 4 +- http/cves/2010/CVE-2010-1219.yaml | 5 +- http/cves/2010/CVE-2010-1304.yaml | 4 +- http/cves/2010/CVE-2010-1305.yaml | 4 +- http/cves/2010/CVE-2010-1306.yaml | 5 +- http/cves/2010/CVE-2010-1308.yaml | 5 +- http/cves/2010/CVE-2010-1313.yaml | 5 +- http/cves/2010/CVE-2010-1315.yaml | 4 +- http/cves/2010/CVE-2010-1352.yaml | 5 +- http/cves/2010/CVE-2010-1353.yaml | 4 +- http/cves/2010/CVE-2010-1354.yaml | 4 +- http/cves/2010/CVE-2010-1429.yaml | 11 ++-- http/cves/2010/CVE-2010-1469.yaml | 4 +- http/cves/2010/CVE-2010-1470.yaml | 4 +- http/cves/2010/CVE-2010-1471.yaml | 5 +- http/cves/2010/CVE-2010-1473.yaml | 5 +- http/cves/2010/CVE-2010-1475.yaml | 4 +- http/cves/2010/CVE-2010-1491.yaml | 4 +- http/cves/2010/CVE-2010-1494.yaml | 4 +- http/cves/2010/CVE-2010-1531.yaml | 4 +- http/cves/2010/CVE-2010-1532.yaml | 5 +- http/cves/2010/CVE-2010-1535.yaml | 5 +- http/cves/2010/CVE-2010-1540.yaml | 6 +- http/cves/2010/CVE-2010-1586.yaml | 6 +- http/cves/2010/CVE-2010-1601.yaml | 4 +- http/cves/2010/CVE-2010-1602.yaml | 4 +- http/cves/2010/CVE-2010-1603.yaml | 5 +- http/cves/2010/CVE-2010-1607.yaml | 5 +- http/cves/2010/CVE-2010-1653.yaml | 4 +- http/cves/2010/CVE-2010-1657.yaml | 4 +- http/cves/2010/CVE-2010-1658.yaml | 4 +- http/cves/2010/CVE-2010-1714.yaml | 4 +- http/cves/2010/CVE-2010-1715.yaml | 4 +- http/cves/2010/CVE-2010-1719.yaml | 4 +- http/cves/2010/CVE-2010-1858.yaml | 4 +- http/cves/2010/CVE-2010-1878.yaml | 4 +- http/cves/2010/CVE-2010-1952.yaml | 4 +- http/cves/2010/CVE-2010-1954.yaml | 5 +- http/cves/2010/CVE-2010-1955.yaml | 5 +- http/cves/2010/CVE-2010-1956.yaml | 4 +- http/cves/2010/CVE-2010-1977.yaml | 5 +- http/cves/2010/CVE-2010-1980.yaml | 4 +- http/cves/2010/CVE-2010-1981.yaml | 4 +- http/cves/2010/CVE-2010-1982.yaml | 5 +- http/cves/2010/CVE-2010-1983.yaml | 4 +- http/cves/2010/CVE-2010-2034.yaml | 5 +- http/cves/2010/CVE-2010-2036.yaml | 5 +- http/cves/2010/CVE-2010-2037.yaml | 5 +- http/cves/2010/CVE-2010-2045.yaml | 5 +- http/cves/2010/CVE-2010-2050.yaml | 4 +- http/cves/2010/CVE-2010-2122.yaml | 4 +- http/cves/2010/CVE-2010-2128.yaml | 4 +- http/cves/2010/CVE-2010-2307.yaml | 4 +- http/cves/2010/CVE-2010-2507.yaml | 4 +- http/cves/2010/CVE-2010-2680.yaml | 4 +- http/cves/2010/CVE-2010-2682.yaml | 4 +- http/cves/2010/CVE-2010-2857.yaml | 4 +- http/cves/2010/CVE-2010-2861.yaml | 1 + http/cves/2010/CVE-2010-2920.yaml | 4 +- http/cves/2010/CVE-2010-3203.yaml | 4 +- http/cves/2010/CVE-2010-4231.yaml | 4 +- http/cves/2010/CVE-2010-4239.yaml | 4 +- http/cves/2010/CVE-2010-4282.yaml | 12 ++-- http/cves/2010/CVE-2010-4617.yaml | 4 +- http/cves/2010/CVE-2010-4719.yaml | 4 +- http/cves/2010/CVE-2010-5028.yaml | 4 +- http/cves/2010/CVE-2010-5278.yaml | 4 +- http/cves/2010/CVE-2010-5286.yaml | 5 +- http/cves/2011/CVE-2011-0049.yaml | 4 +- http/cves/2011/CVE-2011-2744.yaml | 4 +- http/cves/2011/CVE-2011-2780.yaml | 4 +- http/cves/2011/CVE-2011-3315.yaml | 5 +- http/cves/2011/CVE-2011-4336.yaml | 5 +- http/cves/2011/CVE-2011-4624.yaml | 4 +- http/cves/2011/CVE-2011-4640.yaml | 4 +- http/cves/2011/CVE-2011-4804.yaml | 5 +- http/cves/2011/CVE-2011-4926.yaml | 4 +- http/cves/2011/CVE-2011-5106.yaml | 4 +- http/cves/2011/CVE-2011-5107.yaml | 5 +- http/cves/2011/CVE-2011-5179.yaml | 6 +- http/cves/2011/CVE-2011-5181.yaml | 4 +- http/cves/2011/CVE-2011-5252.yaml | 2 - http/cves/2011/CVE-2011-5265.yaml | 5 +- http/cves/2012/CVE-2012-0392.yaml | 4 +- http/cves/2012/CVE-2012-0394.yaml | 7 ++- http/cves/2012/CVE-2012-0896.yaml | 4 +- http/cves/2012/CVE-2012-0991.yaml | 8 +-- http/cves/2012/CVE-2012-0996.yaml | 5 +- http/cves/2012/CVE-2012-1226.yaml | 2 +- http/cves/2012/CVE-2012-1823.yaml | 9 +-- http/cves/2012/CVE-2012-4032.yaml | 8 ++- http/cves/2012/CVE-2012-4242.yaml | 5 +- http/cves/2012/CVE-2012-4547.yaml | 4 +- http/cves/2012/CVE-2012-4768.yaml | 4 +- http/cves/2012/CVE-2012-4878.yaml | 4 +- http/cves/2012/CVE-2012-4940.yaml | 5 +- http/cves/2012/CVE-2012-4982.yaml | 4 +- http/cves/2012/CVE-2012-6499.yaml | 6 +- http/cves/2013/CVE-2013-1965.yaml | 4 +- http/cves/2013/CVE-2013-2248.yaml | 4 +- http/cves/2013/CVE-2013-2251.yaml | 14 ++--- http/cves/2013/CVE-2013-2287.yaml | 5 +- http/cves/2013/CVE-2013-2621.yaml | 6 +- http/cves/2013/CVE-2013-4625.yaml | 4 +- http/cves/2013/CVE-2013-5979.yaml | 6 +- http/cves/2013/CVE-2013-7091.yaml | 6 +- http/cves/2013/CVE-2013-7240.yaml | 4 +- http/cves/2013/CVE-2013-7285.yaml | 10 +-- http/cves/2014/CVE-2014-2321.yaml | 4 +- http/cves/2014/CVE-2014-2323.yaml | 11 +--- http/cves/2014/CVE-2014-2383.yaml | 5 +- http/cves/2014/CVE-2014-2962.yaml | 4 +- http/cves/2014/CVE-2014-3120.yaml | 10 +-- http/cves/2014/CVE-2014-3704.yaml | 4 +- http/cves/2014/CVE-2014-3744.yaml | 4 +- http/cves/2014/CVE-2014-4210.yaml | 1 + http/cves/2014/CVE-2014-4535.yaml | 5 +- http/cves/2014/CVE-2014-4536.yaml | 4 +- http/cves/2014/CVE-2014-4539.yaml | 5 +- http/cves/2014/CVE-2014-4550.yaml | 6 +- http/cves/2014/CVE-2014-4558.yaml | 5 +- http/cves/2014/CVE-2014-4577.yaml | 14 ++--- http/cves/2014/CVE-2014-4592.yaml | 5 +- http/cves/2014/CVE-2014-4941.yaml | 9 +-- http/cves/2014/CVE-2014-4942.yaml | 4 +- http/cves/2014/CVE-2014-5111.yaml | 5 +- http/cves/2014/CVE-2014-5181.yaml | 14 ++--- http/cves/2014/CVE-2014-5187.yaml | 16 +++-- http/cves/2014/CVE-2014-5368.yaml | 4 +- http/cves/2014/CVE-2014-6271.yaml | 2 +- http/cves/2014/CVE-2014-6287.yaml | 13 ++-- http/cves/2014/CVE-2014-6308.yaml | 4 +- http/cves/2014/CVE-2014-8676.yaml | 4 +- http/cves/2014/CVE-2014-8682.yaml | 14 ++--- http/cves/2014/CVE-2014-8799.yaml | 4 +- http/cves/2014/CVE-2014-9094.yaml | 4 +- http/cves/2014/CVE-2014-9180.yaml | 1 + http/cves/2014/CVE-2014-9444.yaml | 5 +- http/cves/2014/CVE-2014-9608.yaml | 5 +- http/cves/2014/CVE-2014-9618.yaml | 4 +- http/cves/2015/CVE-2015-0554.yaml | 4 +- http/cves/2015/CVE-2015-1000005.yaml | 4 +- http/cves/2015/CVE-2015-1000010.yaml | 5 +- http/cves/2015/CVE-2015-1503.yaml | 4 +- http/cves/2015/CVE-2015-1579.yaml | 4 +- http/cves/2015/CVE-2015-1635.yaml | 9 +-- http/cves/2015/CVE-2015-1880.yaml | 8 +-- http/cves/2015/CVE-2015-2067.yaml | 4 +- http/cves/2015/CVE-2015-2068.yaml | 9 +-- http/cves/2015/CVE-2015-2080.yaml | 6 +- http/cves/2015/CVE-2015-2166.yaml | 4 +- http/cves/2015/CVE-2015-2755.yaml | 4 +- http/cves/2015/CVE-2015-2794.yaml | 8 ++- http/cves/2015/CVE-2015-2807.yaml | 4 +- http/cves/2015/CVE-2015-2996.yaml | 6 +- http/cves/2015/CVE-2015-3035.yaml | 12 ++-- http/cves/2015/CVE-2015-3648.yaml | 7 +-- http/cves/2015/CVE-2015-3897.yaml | 4 +- http/cves/2015/CVE-2015-4050.yaml | 20 +----- http/cves/2015/CVE-2015-4062.yaml | 4 +- http/cves/2015/CVE-2015-4127.yaml | 4 +- http/cves/2015/CVE-2015-4414.yaml | 4 +- http/cves/2015/CVE-2015-4455.yaml | 5 +- http/cves/2015/CVE-2015-4632.yaml | 4 +- http/cves/2015/CVE-2015-4668.yaml | 4 +- http/cves/2015/CVE-2015-4694.yaml | 4 +- http/cves/2015/CVE-2015-5354.yaml | 4 +- http/cves/2015/CVE-2015-5461.yaml | 4 +- http/cves/2015/CVE-2015-5471.yaml | 4 +- http/cves/2015/CVE-2015-5531.yaml | 4 +- http/cves/2015/CVE-2015-5688.yaml | 4 +- http/cves/2015/CVE-2015-6477.yaml | 4 +- http/cves/2015/CVE-2015-6544.yaml | 13 +--- http/cves/2015/CVE-2015-6920.yaml | 5 +- http/cves/2015/CVE-2015-7245.yaml | 4 +- http/cves/2015/CVE-2015-7297.yaml | 4 +- http/cves/2015/CVE-2015-7377.yaml | 4 +- http/cves/2015/CVE-2015-7450.yaml | 12 ++-- http/cves/2015/CVE-2015-7780.yaml | 4 +- http/cves/2015/CVE-2015-7823.yaml | 5 +- http/cves/2015/CVE-2015-8349.yaml | 5 +- http/cves/2015/CVE-2015-8399.yaml | 3 +- http/cves/2015/CVE-2015-8562.yaml | 3 +- http/cves/2015/CVE-2015-9312.yaml | 4 +- http/cves/2015/CVE-2015-9323.yaml | 4 +- http/cves/2015/CVE-2015-9414.yaml | 4 +- http/cves/2015/CVE-2015-9480.yaml | 5 +- http/cves/2016/CVE-2016-0957.yaml | 4 +- http/cves/2016/CVE-2016-1000129.yaml | 4 +- http/cves/2016/CVE-2016-1000130.yaml | 6 +- http/cves/2016/CVE-2016-1000131.yaml | 5 +- http/cves/2016/CVE-2016-1000133.yaml | 5 +- http/cves/2016/CVE-2016-1000134.yaml | 5 +- http/cves/2016/CVE-2016-1000135.yaml | 5 +- http/cves/2016/CVE-2016-1000136.yaml | 5 +- http/cves/2016/CVE-2016-1000138.yaml | 4 +- http/cves/2016/CVE-2016-1000139.yaml | 4 +- http/cves/2016/CVE-2016-1000140.yaml | 4 +- http/cves/2016/CVE-2016-1000141.yaml | 5 +- http/cves/2016/CVE-2016-1000142.yaml | 4 +- http/cves/2016/CVE-2016-1000153.yaml | 4 +- http/cves/2016/CVE-2016-1000154.yaml | 5 +- http/cves/2016/CVE-2016-10033.yaml | 7 +-- http/cves/2016/CVE-2016-10108.yaml | 2 +- http/cves/2016/CVE-2016-10134.yaml | 3 +- http/cves/2016/CVE-2016-10367.yaml | 4 +- http/cves/2016/CVE-2016-10368.yaml | 4 +- http/cves/2016/CVE-2016-10960.yaml | 4 +- http/cves/2016/CVE-2016-10973.yaml | 5 +- http/cves/2016/CVE-2016-10976.yaml | 8 +-- http/cves/2016/CVE-2016-10993.yaml | 12 ++-- http/cves/2016/CVE-2016-1555.yaml | 6 +- http/cves/2016/CVE-2016-2389.yaml | 6 +- http/cves/2016/CVE-2016-3088.yaml | 11 ++-- http/cves/2016/CVE-2016-3978.yaml | 9 ++- http/cves/2016/CVE-2016-4437.yaml | 15 +++-- http/cves/2016/CVE-2016-4975.yaml | 18 +----- http/cves/2016/CVE-2016-5674.yaml | 8 ++- http/cves/2016/CVE-2016-6195.yaml | 11 ++-- http/cves/2016/CVE-2016-6277.yaml | 6 +- http/cves/2016/CVE-2016-6601.yaml | 4 +- http/cves/2016/CVE-2016-7552.yaml | 4 +- http/cves/2016/CVE-2016-7834.yaml | 4 +- http/cves/2016/CVE-2016-7981.yaml | 4 +- http/cves/2016/CVE-2016-9299.yaml | 2 +- http/cves/2017/CVE-2017-0929.yaml | 4 +- http/cves/2017/CVE-2017-1000028.yaml | 6 +- http/cves/2017/CVE-2017-1000029.yaml | 12 +--- http/cves/2017/CVE-2017-1000163.yaml | 4 +- http/cves/2017/CVE-2017-1000486.yaml | 6 +- http/cves/2017/CVE-2017-10075.yaml | 4 +- http/cves/2017/CVE-2017-10974.yaml | 4 +- http/cves/2017/CVE-2017-11165.yaml | 4 +- http/cves/2017/CVE-2017-11512.yaml | 8 ++- http/cves/2017/CVE-2017-11586.yaml | 7 +-- http/cves/2017/CVE-2017-11610.yaml | 8 ++- http/cves/2017/CVE-2017-12138.yaml | 1 - http/cves/2017/CVE-2017-12149.yaml | 4 +- http/cves/2017/CVE-2017-12544.yaml | 4 +- http/cves/2017/CVE-2017-12583.yaml | 6 +- http/cves/2017/CVE-2017-12611.yaml | 4 +- http/cves/2017/CVE-2017-12615.yaml | 18 ++---- http/cves/2017/CVE-2017-12617.yaml | 20 +++--- http/cves/2017/CVE-2017-12629.yaml | 5 -- http/cves/2017/CVE-2017-12635.yaml | 5 +- http/cves/2017/CVE-2017-12637.yaml | 2 +- http/cves/2017/CVE-2017-12794.yaml | 10 +-- http/cves/2017/CVE-2017-14135.yaml | 8 ++- http/cves/2017/CVE-2017-14186.yaml | 8 +-- http/cves/2017/CVE-2017-14535.yaml | 4 +- http/cves/2017/CVE-2017-14537.yaml | 5 +- http/cves/2017/CVE-2017-14622.yaml | 4 +- http/cves/2017/CVE-2017-14651.yaml | 2 +- http/cves/2017/CVE-2017-14849.yaml | 4 +- http/cves/2017/CVE-2017-15647.yaml | 6 +- http/cves/2017/CVE-2017-15715.yaml | 14 ----- http/cves/2017/CVE-2017-15944.yaml | 6 +- http/cves/2017/CVE-2017-16877.yaml | 9 +-- http/cves/2017/CVE-2017-16894.yaml | 7 ++- http/cves/2017/CVE-2017-17043.yaml | 4 +- http/cves/2017/CVE-2017-17059.yaml | 5 +- http/cves/2017/CVE-2017-17562.yaml | 6 +- http/cves/2017/CVE-2017-17731.yaml | 13 ++-- http/cves/2017/CVE-2017-18487.yaml | 7 +-- http/cves/2017/CVE-2017-18490.yaml | 7 +-- http/cves/2017/CVE-2017-18491.yaml | 2 +- http/cves/2017/CVE-2017-18492.yaml | 7 +-- http/cves/2017/CVE-2017-18493.yaml | 7 +-- http/cves/2017/CVE-2017-18494.yaml | 7 +-- http/cves/2017/CVE-2017-18496.yaml | 2 +- http/cves/2017/CVE-2017-18500.yaml | 7 +-- http/cves/2017/CVE-2017-18501.yaml | 7 +-- http/cves/2017/CVE-2017-18502.yaml | 7 +-- http/cves/2017/CVE-2017-18505.yaml | 2 +- http/cves/2017/CVE-2017-18516.yaml | 7 +-- http/cves/2017/CVE-2017-18517.yaml | 2 +- http/cves/2017/CVE-2017-18518.yaml | 7 +-- http/cves/2017/CVE-2017-18527.yaml | 7 +-- http/cves/2017/CVE-2017-18528.yaml | 7 +-- http/cves/2017/CVE-2017-18529.yaml | 7 +-- http/cves/2017/CVE-2017-18530.yaml | 7 +-- http/cves/2017/CVE-2017-18532.yaml | 7 +-- http/cves/2017/CVE-2017-18536.yaml | 5 +- http/cves/2017/CVE-2017-18537.yaml | 2 +- http/cves/2017/CVE-2017-18542.yaml | 7 +-- http/cves/2017/CVE-2017-18556.yaml | 7 +-- http/cves/2017/CVE-2017-18557.yaml | 2 +- http/cves/2017/CVE-2017-18558.yaml | 7 +-- http/cves/2017/CVE-2017-18562.yaml | 2 +- http/cves/2017/CVE-2017-18564.yaml | 7 +-- http/cves/2017/CVE-2017-18565.yaml | 7 +-- http/cves/2017/CVE-2017-18566.yaml | 2 +- http/cves/2017/CVE-2017-18590.yaml | 11 ++-- http/cves/2017/CVE-2017-18598.yaml | 4 +- http/cves/2017/CVE-2017-18638.yaml | 7 +-- http/cves/2017/CVE-2017-3131.yaml | 10 +-- http/cves/2017/CVE-2017-3132.yaml | 10 +-- http/cves/2017/CVE-2017-3133.yaml | 19 ++---- http/cves/2017/CVE-2017-3506.yaml | 8 +-- http/cves/2017/CVE-2017-4011.yaml | 4 +- http/cves/2017/CVE-2017-5521.yaml | 6 +- http/cves/2017/CVE-2017-5631.yaml | 4 +- http/cves/2017/CVE-2017-5638.yaml | 3 +- http/cves/2017/CVE-2017-5689.yaml | 11 ++-- http/cves/2017/CVE-2017-5871.yaml | 14 +---- http/cves/2017/CVE-2017-5982.yaml | 4 +- http/cves/2017/CVE-2017-6090.yaml | 4 +- http/cves/2017/CVE-2017-7615.yaml | 14 ++--- http/cves/2017/CVE-2017-7855.yaml | 6 +- http/cves/2017/CVE-2017-7921.yaml | 4 +- http/cves/2017/CVE-2017-7925.yaml | 2 +- http/cves/2017/CVE-2017-8229.yaml | 5 +- http/cves/2017/CVE-2017-8917.yaml | 7 ++- http/cves/2017/CVE-2017-9140.yaml | 4 +- http/cves/2017/CVE-2017-9288.yaml | 4 +- http/cves/2017/CVE-2017-9506.yaml | 8 ++- http/cves/2017/CVE-2017-9791.yaml | 6 +- http/cves/2017/CVE-2017-9805.yaml | 8 +-- http/cves/2017/CVE-2017-9822.yaml | 6 +- http/cves/2017/CVE-2017-9833.yaml | 1 - http/cves/2017/CVE-2017-9841.yaml | 6 +- http/cves/2018/CVE-2018-0127.yaml | 6 +- http/cves/2018/CVE-2018-0296.yaml | 6 +- http/cves/2018/CVE-2018-1000129.yaml | 4 +- http/cves/2018/CVE-2018-1000533.yaml | 10 +-- http/cves/2018/CVE-2018-1000600.yaml | 3 - http/cves/2018/CVE-2018-1000671.yaml | 4 +- http/cves/2018/CVE-2018-1000856.yaml | 5 +- http/cves/2018/CVE-2018-1000861.yaml | 11 ++-- http/cves/2018/CVE-2018-10093.yaml | 6 +- http/cves/2018/CVE-2018-10201.yaml | 4 +- http/cves/2018/CVE-2018-10230.yaml | 11 +--- http/cves/2018/CVE-2018-10383.yaml | 15 ++--- http/cves/2018/CVE-2018-10562.yaml | 6 +- http/cves/2018/CVE-2018-10735.yaml | 12 ++-- http/cves/2018/CVE-2018-10736.yaml | 13 ++-- http/cves/2018/CVE-2018-10737.yaml | 8 +-- http/cves/2018/CVE-2018-10738.yaml | 13 ++-- http/cves/2018/CVE-2018-10822.yaml | 4 +- http/cves/2018/CVE-2018-10956.yaml | 4 +- http/cves/2018/CVE-2018-11222.yaml | 8 +-- http/cves/2018/CVE-2018-11227.yaml | 13 ++-- http/cves/2018/CVE-2018-11231.yaml | 5 +- http/cves/2018/CVE-2018-11409.yaml | 16 ++--- http/cves/2018/CVE-2018-11473.yaml | 6 +- http/cves/2018/CVE-2018-11709.yaml | 3 - http/cves/2018/CVE-2018-11759.yaml | 8 ++- http/cves/2018/CVE-2018-11776.yaml | 6 +- http/cves/2018/CVE-2018-11784.yaml | 10 +-- http/cves/2018/CVE-2018-12054.yaml | 4 +- http/cves/2018/CVE-2018-12095.yaml | 4 +- http/cves/2018/CVE-2018-12296.yaml | 5 +- http/cves/2018/CVE-2018-12300.yaml | 6 +- http/cves/2018/CVE-2018-12613.yaml | 8 +-- http/cves/2018/CVE-2018-12634.yaml | 4 +- http/cves/2018/CVE-2018-12675.yaml | 4 +- http/cves/2018/CVE-2018-1271.yaml | 4 +- http/cves/2018/CVE-2018-12909.yaml | 4 +- http/cves/2018/CVE-2018-1335.yaml | 4 +- http/cves/2018/CVE-2018-13379.yaml | 14 ++--- http/cves/2018/CVE-2018-13380.yaml | 12 ++-- http/cves/2018/CVE-2018-13980.yaml | 4 +- http/cves/2018/CVE-2018-14013.yaml | 6 +- http/cves/2018/CVE-2018-14474.yaml | 4 +- http/cves/2018/CVE-2018-14574.yaml | 10 +-- http/cves/2018/CVE-2018-14728.yaml | 4 +- http/cves/2018/CVE-2018-14912.yaml | 4 +- http/cves/2018/CVE-2018-14916.yaml | 10 ++- http/cves/2018/CVE-2018-14918.yaml | 8 ++- http/cves/2018/CVE-2018-14931.yaml | 5 +- http/cves/2018/CVE-2018-15517.yaml | 4 +- http/cves/2018/CVE-2018-15535.yaml | 4 +- http/cves/2018/CVE-2018-15745.yaml | 4 +- http/cves/2018/CVE-2018-15917.yaml | 13 ++-- http/cves/2018/CVE-2018-15961.yaml | 7 ++- http/cves/2018/CVE-2018-16059.yaml | 4 +- http/cves/2018/CVE-2018-16133.yaml | 4 +- http/cves/2018/CVE-2018-16139.yaml | 4 +- http/cves/2018/CVE-2018-16167.yaml | 4 +- http/cves/2018/CVE-2018-16283.yaml | 4 +- http/cves/2018/CVE-2018-16288.yaml | 4 +- http/cves/2018/CVE-2018-16299.yaml | 4 +- http/cves/2018/CVE-2018-16668.yaml | 4 +- http/cves/2018/CVE-2018-16716.yaml | 5 +- http/cves/2018/CVE-2018-16761.yaml | 2 +- http/cves/2018/CVE-2018-16836.yaml | 4 +- http/cves/2018/CVE-2018-16979.yaml | 6 +- http/cves/2018/CVE-2018-17153.yaml | 2 +- http/cves/2018/CVE-2018-17246.yaml | 6 +- http/cves/2018/CVE-2018-17254.yaml | 4 +- http/cves/2018/CVE-2018-17283.yaml | 26 +++----- http/cves/2018/CVE-2018-17422.yaml | 9 +-- http/cves/2018/CVE-2018-17431.yaml | 4 +- http/cves/2018/CVE-2018-18069.yaml | 4 +- http/cves/2018/CVE-2018-18264.yaml | 8 ++- http/cves/2018/CVE-2018-18323.yaml | 4 +- http/cves/2018/CVE-2018-18570.yaml | 5 +- http/cves/2018/CVE-2018-18608.yaml | 13 ++-- http/cves/2018/CVE-2018-18777.yaml | 4 +- http/cves/2018/CVE-2018-18778.yaml | 4 +- http/cves/2018/CVE-2018-18809.yaml | 8 ++- http/cves/2018/CVE-2018-18925.yaml | 13 ++-- http/cves/2018/CVE-2018-19276.yaml | 10 ++- http/cves/2018/CVE-2018-19287.yaml | 9 +-- http/cves/2018/CVE-2018-19326.yaml | 4 +- http/cves/2018/CVE-2018-19365.yaml | 5 +- http/cves/2018/CVE-2018-19386.yaml | 4 +- http/cves/2018/CVE-2018-19410.yaml | 17 ++---- http/cves/2018/CVE-2018-19439.yaml | 4 +- http/cves/2018/CVE-2018-19458.yaml | 4 +- http/cves/2018/CVE-2018-19751.yaml | 5 +- http/cves/2018/CVE-2018-19914.yaml | 4 +- http/cves/2018/CVE-2018-19915.yaml | 4 +- http/cves/2018/CVE-2018-20010.yaml | 5 +- http/cves/2018/CVE-2018-20011.yaml | 5 +- http/cves/2018/CVE-2018-20062.yaml | 14 ++--- http/cves/2018/CVE-2018-20462.yaml | 4 +- http/cves/2018/CVE-2018-20463.yaml | 4 +- http/cves/2018/CVE-2018-20470.yaml | 5 +- http/cves/2018/CVE-2018-20526.yaml | 8 ++- http/cves/2018/CVE-2018-20824.yaml | 8 +-- http/cves/2018/CVE-2018-20985.yaml | 4 +- http/cves/2018/CVE-2018-2791.yaml | 6 +- http/cves/2018/CVE-2018-3167.yaml | 4 +- http/cves/2018/CVE-2018-3238.yaml | 6 +- http/cves/2018/CVE-2018-3760.yaml | 6 +- http/cves/2018/CVE-2018-5230.yaml | 6 +- http/cves/2018/CVE-2018-5233.yaml | 4 +- http/cves/2018/CVE-2018-5316.yaml | 4 +- http/cves/2018/CVE-2018-5715.yaml | 11 ++-- http/cves/2018/CVE-2018-6008.yaml | 4 +- http/cves/2018/CVE-2018-6184.yaml | 6 +- http/cves/2018/CVE-2018-6200.yaml | 10 +-- http/cves/2018/CVE-2018-6530.yaml | 4 +- http/cves/2018/CVE-2018-6605.yaml | 4 +- http/cves/2018/CVE-2018-6910.yaml | 9 +-- http/cves/2018/CVE-2018-7192.yaml | 21 ++----- http/cves/2018/CVE-2018-7193.yaml | 15 ++--- http/cves/2018/CVE-2018-7196.yaml | 15 ++--- http/cves/2018/CVE-2018-7251.yaml | 4 +- http/cves/2018/CVE-2018-7282.yaml | 9 +-- http/cves/2018/CVE-2018-7314.yaml | 6 +- http/cves/2018/CVE-2018-7422.yaml | 4 +- http/cves/2018/CVE-2018-7467.yaml | 4 +- http/cves/2018/CVE-2018-7490.yaml | 2 - http/cves/2018/CVE-2018-7600.yaml | 6 +- http/cves/2018/CVE-2018-7653.yaml | 8 ++- http/cves/2018/CVE-2018-7662.yaml | 4 +- http/cves/2018/CVE-2018-7700.yaml | 9 +-- http/cves/2018/CVE-2018-7719.yaml | 4 +- http/cves/2018/CVE-2018-8006.yaml | 3 - http/cves/2018/CVE-2018-8033.yaml | 6 +- http/cves/2018/CVE-2018-8719.yaml | 4 +- http/cves/2018/CVE-2018-8770.yaml | 4 +- http/cves/2018/CVE-2018-8823.yaml | 4 +- http/cves/2018/CVE-2018-9118.yaml | 4 +- http/cves/2018/CVE-2018-9161.yaml | 5 +- http/cves/2018/CVE-2018-9845.yaml | 4 +- http/cves/2018/CVE-2018-9995.yaml | 4 +- http/cves/2019/CVE-2019-0192.yaml | 26 ++------ http/cves/2019/CVE-2019-0193.yaml | 5 -- http/cves/2019/CVE-2019-0221.yaml | 10 +-- http/cves/2019/CVE-2019-0230.yaml | 4 +- http/cves/2019/CVE-2019-0232.yaml | 21 +++---- http/cves/2019/CVE-2019-1003000.yaml | 14 ++--- http/cves/2019/CVE-2019-10068.yaml | 6 +- http/cves/2019/CVE-2019-10092.yaml | 18 +----- http/cves/2019/CVE-2019-10098.yaml | 14 ----- http/cves/2019/CVE-2019-1010290.yaml | 5 +- http/cves/2019/CVE-2019-10405.yaml | 12 ++-- http/cves/2019/CVE-2019-10475.yaml | 4 +- http/cves/2019/CVE-2019-10692.yaml | 2 - http/cves/2019/CVE-2019-10717.yaml | 8 ++- http/cves/2019/CVE-2019-10758.yaml | 14 ++--- http/cves/2019/CVE-2019-11013.yaml | 4 +- http/cves/2019/CVE-2019-11370.yaml | 9 +-- http/cves/2019/CVE-2019-11510.yaml | 6 +- http/cves/2019/CVE-2019-11580.yaml | 8 ++- http/cves/2019/CVE-2019-11581.yaml | 11 ++-- http/cves/2019/CVE-2019-12276.yaml | 4 +- http/cves/2019/CVE-2019-12314.yaml | 4 +- http/cves/2019/CVE-2019-12461.yaml | 4 +- http/cves/2019/CVE-2019-12581.yaml | 2 +- http/cves/2019/CVE-2019-12593.yaml | 11 ++-- http/cves/2019/CVE-2019-12725.yaml | 4 +- http/cves/2019/CVE-2019-12962.yaml | 8 ++- http/cves/2019/CVE-2019-12985.yaml | 4 +- http/cves/2019/CVE-2019-12986.yaml | 8 ++- http/cves/2019/CVE-2019-12987.yaml | 4 +- http/cves/2019/CVE-2019-12988.yaml | 8 ++- http/cves/2019/CVE-2019-12990.yaml | 4 +- http/cves/2019/CVE-2019-13101.yaml | 8 +-- http/cves/2019/CVE-2019-13396.yaml | 4 +- http/cves/2019/CVE-2019-13462.yaml | 5 +- http/cves/2019/CVE-2019-14205.yaml | 4 +- http/cves/2019/CVE-2019-14251.yaml | 8 +-- http/cves/2019/CVE-2019-14312.yaml | 4 +- http/cves/2019/CVE-2019-14322.yaml | 6 +- http/cves/2019/CVE-2019-14470.yaml | 4 +- http/cves/2019/CVE-2019-14530.yaml | 12 ++-- http/cves/2019/CVE-2019-14750.yaml | 1 + http/cves/2019/CVE-2019-14789.yaml | 5 +- http/cves/2019/CVE-2019-14974.yaml | 7 +-- http/cves/2019/CVE-2019-15043.yaml | 3 +- http/cves/2019/CVE-2019-15107.yaml | 4 +- http/cves/2019/CVE-2019-15501.yaml | 9 +-- http/cves/2019/CVE-2019-15642.yaml | 8 ++- http/cves/2019/CVE-2019-15713.yaml | 4 +- http/cves/2019/CVE-2019-15811.yaml | 4 +- http/cves/2019/CVE-2019-15829.yaml | 2 +- http/cves/2019/CVE-2019-15858.yaml | 4 +- http/cves/2019/CVE-2019-16057.yaml | 8 ++- http/cves/2019/CVE-2019-16097.yaml | 6 +- http/cves/2019/CVE-2019-16123.yaml | 4 +- http/cves/2019/CVE-2019-16278.yaml | 6 +- http/cves/2019/CVE-2019-16313.yaml | 4 +- http/cves/2019/CVE-2019-16469.yaml | 1 + http/cves/2019/CVE-2019-1653.yaml | 6 +- http/cves/2019/CVE-2019-16759.yaml | 7 +-- http/cves/2019/CVE-2019-16920.yaml | 4 +- http/cves/2019/CVE-2019-16931.yaml | 4 +- http/cves/2019/CVE-2019-16932.yaml | 4 +- http/cves/2019/CVE-2019-16996.yaml | 4 +- http/cves/2019/CVE-2019-16997.yaml | 4 +- http/cves/2019/CVE-2019-17270.yaml | 4 +- http/cves/2019/CVE-2019-17382.yaml | 11 ++-- http/cves/2019/CVE-2019-17418.yaml | 4 +- http/cves/2019/CVE-2019-17444.yaml | 8 +-- http/cves/2019/CVE-2019-17503.yaml | 5 +- http/cves/2019/CVE-2019-17506.yaml | 4 +- http/cves/2019/CVE-2019-17558.yaml | 9 +-- http/cves/2019/CVE-2019-17574.yaml | 6 +- http/cves/2019/CVE-2019-17662.yaml | 12 ++-- http/cves/2019/CVE-2019-1821.yaml | 10 +-- http/cves/2019/CVE-2019-18371.yaml | 4 +- http/cves/2019/CVE-2019-18393.yaml | 6 +- http/cves/2019/CVE-2019-18394.yaml | 8 +-- http/cves/2019/CVE-2019-18665.yaml | 4 +- http/cves/2019/CVE-2019-18818.yaml | 16 +---- http/cves/2019/CVE-2019-18922.yaml | 4 +- http/cves/2019/CVE-2019-18957.yaml | 4 +- http/cves/2019/CVE-2019-1898.yaml | 6 +- http/cves/2019/CVE-2019-19134.yaml | 4 +- http/cves/2019/CVE-2019-19411.yaml | 10 ++- http/cves/2019/CVE-2019-1943.yaml | 8 +-- http/cves/2019/CVE-2019-19824.yaml | 4 +- http/cves/2019/CVE-2019-19908.yaml | 4 +- http/cves/2019/CVE-2019-19985.yaml | 3 - http/cves/2019/CVE-2019-20224.yaml | 8 +-- http/cves/2019/CVE-2019-20504.yaml | 5 +- http/cves/2019/CVE-2019-20933.yaml | 8 +-- http/cves/2019/CVE-2019-2578.yaml | 6 +- http/cves/2019/CVE-2019-2579.yaml | 6 +- http/cves/2019/CVE-2019-2588.yaml | 4 +- http/cves/2019/CVE-2019-2616.yaml | 6 +- http/cves/2019/CVE-2019-2725.yaml | 4 +- http/cves/2019/CVE-2019-3396.yaml | 3 +- http/cves/2019/CVE-2019-3401.yaml | 4 +- http/cves/2019/CVE-2019-3402.yaml | 8 +-- http/cves/2019/CVE-2019-3403.yaml | 4 +- http/cves/2019/CVE-2019-3799.yaml | 4 +- http/cves/2019/CVE-2019-3911.yaml | 8 +-- http/cves/2019/CVE-2019-3912.yaml | 7 ++- http/cves/2019/CVE-2019-5127.yaml | 6 +- http/cves/2019/CVE-2019-5128.yaml | 5 +- http/cves/2019/CVE-2019-5129.yaml | 13 ++-- http/cves/2019/CVE-2019-5418.yaml | 18 +----- http/cves/2019/CVE-2019-5434.yaml | 3 +- http/cves/2019/CVE-2019-6340.yaml | 6 +- http/cves/2019/CVE-2019-6715.yaml | 4 +- http/cves/2019/CVE-2019-6793.yaml | 18 +----- http/cves/2019/CVE-2019-6799.yaml | 9 ++- http/cves/2019/CVE-2019-6802.yaml | 8 ++- http/cves/2019/CVE-2019-7139.yaml | 6 +- http/cves/2019/CVE-2019-7192.yaml | 7 ++- http/cves/2019/CVE-2019-7219.yaml | 4 +- http/cves/2019/CVE-2019-7254.yaml | 4 +- http/cves/2019/CVE-2019-7255.yaml | 4 +- http/cves/2019/CVE-2019-7256.yaml | 4 +- http/cves/2019/CVE-2019-7481.yaml | 4 +- http/cves/2019/CVE-2019-7543.yaml | 4 +- http/cves/2019/CVE-2019-7609.yaml | 4 +- http/cves/2019/CVE-2019-8086.yaml | 8 ++- http/cves/2019/CVE-2019-8390.yaml | 2 +- http/cves/2019/CVE-2019-8442.yaml | 4 +- http/cves/2019/CVE-2019-8446.yaml | 8 ++- http/cves/2019/CVE-2019-8449.yaml | 8 +-- http/cves/2019/CVE-2019-8451.yaml | 4 +- http/cves/2019/CVE-2019-8937.yaml | 6 +- http/cves/2019/CVE-2019-8943.yaml | 5 +- http/cves/2019/CVE-2019-8982.yaml | 4 +- http/cves/2019/CVE-2019-9618.yaml | 4 +- http/cves/2019/CVE-2019-9632.yaml | 11 +--- http/cves/2019/CVE-2019-9670.yaml | 2 - http/cves/2019/CVE-2019-9733.yaml | 6 +- http/cves/2019/CVE-2019-9912.yaml | 17 ++---- http/cves/2019/CVE-2019-9922.yaml | 6 +- http/cves/2019/CVE-2019-9978.yaml | 6 +- http/cves/2020/CVE-2020-0618.yaml | 1 - http/cves/2020/CVE-2020-10148.yaml | 6 +- http/cves/2020/CVE-2020-10189.yaml | 24 +++----- http/cves/2020/CVE-2020-10199.yaml | 4 +- http/cves/2020/CVE-2020-10220.yaml | 8 ++- http/cves/2020/CVE-2020-10546.yaml | 4 +- http/cves/2020/CVE-2020-10547.yaml | 4 +- http/cves/2020/CVE-2020-10548.yaml | 4 +- http/cves/2020/CVE-2020-10549.yaml | 4 +- http/cves/2020/CVE-2020-10770.yaml | 7 +-- http/cves/2020/CVE-2020-10973.yaml | 10 ++- http/cves/2020/CVE-2020-11034.yaml | 2 - http/cves/2020/CVE-2020-11110.yaml | 7 ++- http/cves/2020/CVE-2020-11441.yaml | 23 ++----- http/cves/2020/CVE-2020-11455.yaml | 10 +-- http/cves/2020/CVE-2020-11529.yaml | 4 +- http/cves/2020/CVE-2020-11530.yaml | 4 +- http/cves/2020/CVE-2020-11546.yaml | 4 +- http/cves/2020/CVE-2020-11547.yaml | 6 +- http/cves/2020/CVE-2020-11710.yaml | 8 +-- http/cves/2020/CVE-2020-11798.yaml | 10 ++- http/cves/2020/CVE-2020-11853.yaml | 4 +- http/cves/2020/CVE-2020-11854.yaml | 4 +- http/cves/2020/CVE-2020-11930.yaml | 6 +- http/cves/2020/CVE-2020-11978.yaml | 10 +-- http/cves/2020/CVE-2020-11991.yaml | 12 ++-- http/cves/2020/CVE-2020-12054.yaml | 4 +- http/cves/2020/CVE-2020-12116.yaml | 16 ++--- http/cves/2020/CVE-2020-12124.yaml | 5 +- http/cves/2020/CVE-2020-12127.yaml | 8 ++- http/cves/2020/CVE-2020-12256.yaml | 4 +- http/cves/2020/CVE-2020-12259.yaml | 4 +- http/cves/2020/CVE-2020-12478.yaml | 8 +-- http/cves/2020/CVE-2020-12720.yaml | 10 +-- http/cves/2020/CVE-2020-13117.yaml | 4 +- http/cves/2020/CVE-2020-13121.yaml | 5 +- http/cves/2020/CVE-2020-13158.yaml | 4 +- http/cves/2020/CVE-2020-13379.yaml | 7 ++- http/cves/2020/CVE-2020-13405.yaml | 6 +- http/cves/2020/CVE-2020-13483.yaml | 12 ++-- http/cves/2020/CVE-2020-13638.yaml | 4 +- http/cves/2020/CVE-2020-13700.yaml | 4 +- http/cves/2020/CVE-2020-13820.yaml | 8 ++- http/cves/2020/CVE-2020-13851.yaml | 6 +- http/cves/2020/CVE-2020-13927.yaml | 12 ++-- http/cves/2020/CVE-2020-13937.yaml | 10 ++- http/cves/2020/CVE-2020-13942.yaml | 6 +- http/cves/2020/CVE-2020-13945.yaml | 4 +- http/cves/2020/CVE-2020-14144.yaml | 13 ++-- http/cves/2020/CVE-2020-14179.yaml | 4 +- http/cves/2020/CVE-2020-14181.yaml | 8 ++- http/cves/2020/CVE-2020-14408.yaml | 6 +- http/cves/2020/CVE-2020-14413.yaml | 5 +- http/cves/2020/CVE-2020-14750.yaml | 18 +++--- http/cves/2020/CVE-2020-14882.yaml | 4 +- http/cves/2020/CVE-2020-14883.yaml | 3 +- http/cves/2020/CVE-2020-15050.yaml | 8 +-- http/cves/2020/CVE-2020-15129.yaml | 8 +-- http/cves/2020/CVE-2020-15148.yaml | 17 ++---- http/cves/2020/CVE-2020-15227.yaml | 14 +++-- http/cves/2020/CVE-2020-15415.yaml | 11 +--- http/cves/2020/CVE-2020-15500.yaml | 3 - http/cves/2020/CVE-2020-15867.yaml | 14 ++--- http/cves/2020/CVE-2020-15895.yaml | 8 ++- http/cves/2020/CVE-2020-15906.yaml | 11 ++-- http/cves/2020/CVE-2020-17362.yaml | 5 +- http/cves/2020/CVE-2020-17453.yaml | 6 +- http/cves/2020/CVE-2020-17456.yaml | 8 +-- http/cves/2020/CVE-2020-17463.yaml | 4 +- http/cves/2020/CVE-2020-17496.yaml | 8 +-- http/cves/2020/CVE-2020-17505.yaml | 4 +- http/cves/2020/CVE-2020-17506.yaml | 4 +- http/cves/2020/CVE-2020-17519.yaml | 4 +- http/cves/2020/CVE-2020-17526.yaml | 10 +-- http/cves/2020/CVE-2020-19282.yaml | 5 +- http/cves/2020/CVE-2020-19283.yaml | 5 +- http/cves/2020/CVE-2020-19295.yaml | 4 +- http/cves/2020/CVE-2020-19360.yaml | 4 +- http/cves/2020/CVE-2020-1943.yaml | 2 - http/cves/2020/CVE-2020-19515.yaml | 6 +- http/cves/2020/CVE-2020-1956.yaml | 6 +- http/cves/2020/CVE-2020-19625.yaml | 4 +- http/cves/2020/CVE-2020-20285.yaml | 9 +-- http/cves/2020/CVE-2020-20300.yaml | 7 ++- http/cves/2020/CVE-2020-2036.yaml | 8 +-- http/cves/2020/CVE-2020-2096.yaml | 4 +- http/cves/2020/CVE-2020-2103.yaml | 7 +-- http/cves/2020/CVE-2020-21224.yaml | 1 - http/cves/2020/CVE-2020-2140.yaml | 4 +- http/cves/2020/CVE-2020-22208.yaml | 6 +- http/cves/2020/CVE-2020-22209.yaml | 5 +- http/cves/2020/CVE-2020-22210.yaml | 6 +- http/cves/2020/CVE-2020-22211.yaml | 6 +- http/cves/2020/CVE-2020-23517.yaml | 12 ++-- http/cves/2020/CVE-2020-23575.yaml | 7 +-- http/cves/2020/CVE-2020-23697.yaml | 13 ++-- http/cves/2020/CVE-2020-24223.yaml | 4 +- http/cves/2020/CVE-2020-24312.yaml | 11 ++-- http/cves/2020/CVE-2020-24391.yaml | 16 ++--- http/cves/2020/CVE-2020-24589.yaml | 7 +-- http/cves/2020/CVE-2020-24701.yaml | 8 ++- http/cves/2020/CVE-2020-24881.yaml | 15 +---- http/cves/2020/CVE-2020-24902.yaml | 8 ++- http/cves/2020/CVE-2020-24903.yaml | 8 ++- http/cves/2020/CVE-2020-24912.yaml | 4 +- http/cves/2020/CVE-2020-24949.yaml | 5 +- http/cves/2020/CVE-2020-25213.yaml | 11 ++-- http/cves/2020/CVE-2020-25223.yaml | 4 +- http/cves/2020/CVE-2020-25495.yaml | 4 +- http/cves/2020/CVE-2020-25506.yaml | 4 +- http/cves/2020/CVE-2020-2551.yaml | 4 +- http/cves/2020/CVE-2020-26153.yaml | 4 +- http/cves/2020/CVE-2020-26214.yaml | 8 +-- http/cves/2020/CVE-2020-26413.yaml | 14 ++--- http/cves/2020/CVE-2020-26876.yaml | 4 +- http/cves/2020/CVE-2020-26948.yaml | 4 +- http/cves/2020/CVE-2020-2733.yaml | 8 ++- http/cves/2020/CVE-2020-27361.yaml | 8 +-- http/cves/2020/CVE-2020-27467.yaml | 9 +-- http/cves/2020/CVE-2020-27481.yaml | 5 +- http/cves/2020/CVE-2020-27735.yaml | 2 - http/cves/2020/CVE-2020-27838.yaml | 9 ++- http/cves/2020/CVE-2020-27866.yaml | 4 +- http/cves/2020/CVE-2020-27982.yaml | 8 +-- http/cves/2020/CVE-2020-27986.yaml | 5 -- http/cves/2020/CVE-2020-28185.yaml | 8 ++- http/cves/2020/CVE-2020-28188.yaml | 4 +- http/cves/2020/CVE-2020-28208.yaml | 4 +- http/cves/2020/CVE-2020-28351.yaml | 7 ++- http/cves/2020/CVE-2020-28429.yaml | 9 +-- http/cves/2020/CVE-2020-28871.yaml | 4 +- http/cves/2020/CVE-2020-28976.yaml | 4 +- http/cves/2020/CVE-2020-29227.yaml | 4 +- http/cves/2020/CVE-2020-29395.yaml | 5 +- http/cves/2020/CVE-2020-29453.yaml | 8 ++- http/cves/2020/CVE-2020-29583.yaml | 8 ++- http/cves/2020/CVE-2020-29597.yaml | 4 +- http/cves/2020/CVE-2020-3452.yaml | 10 +-- http/cves/2020/CVE-2020-35476.yaml | 6 +- http/cves/2020/CVE-2020-35598.yaml | 4 +- http/cves/2020/CVE-2020-35713.yaml | 4 +- http/cves/2020/CVE-2020-35736.yaml | 4 +- http/cves/2020/CVE-2020-35749.yaml | 4 +- http/cves/2020/CVE-2020-35774.yaml | 4 +- http/cves/2020/CVE-2020-3580.yaml | 4 +- http/cves/2020/CVE-2020-35846.yaml | 6 +- http/cves/2020/CVE-2020-35847.yaml | 6 +- http/cves/2020/CVE-2020-35848.yaml | 2 +- http/cves/2020/CVE-2020-35951.yaml | 6 +- http/cves/2020/CVE-2020-35984.yaml | 2 +- http/cves/2020/CVE-2020-35985.yaml | 6 +- http/cves/2020/CVE-2020-35986.yaml | 6 +- http/cves/2020/CVE-2020-35987.yaml | 2 +- http/cves/2020/CVE-2020-36289.yaml | 4 +- http/cves/2020/CVE-2020-36365.yaml | 8 ++- http/cves/2020/CVE-2020-36510.yaml | 5 +- http/cves/2020/CVE-2020-4463.yaml | 6 +- http/cves/2020/CVE-2020-5192.yaml | 4 +- http/cves/2020/CVE-2020-5284.yaml | 15 ++--- http/cves/2020/CVE-2020-5405.yaml | 4 +- http/cves/2020/CVE-2020-5410.yaml | 4 +- http/cves/2020/CVE-2020-5775.yaml | 5 +- http/cves/2020/CVE-2020-5776.yaml | 8 ++- http/cves/2020/CVE-2020-5777.yaml | 8 ++- http/cves/2020/CVE-2020-5902.yaml | 8 +-- http/cves/2020/CVE-2020-6171.yaml | 5 +- http/cves/2020/CVE-2020-6207.yaml | 4 +- http/cves/2020/CVE-2020-6287.yaml | 6 +- http/cves/2020/CVE-2020-6308.yaml | 4 +- http/cves/2020/CVE-2020-6637.yaml | 4 +- http/cves/2020/CVE-2020-6950.yaml | 8 ++- http/cves/2020/CVE-2020-7209.yaml | 4 +- http/cves/2020/CVE-2020-7318.yaml | 8 +-- http/cves/2020/CVE-2020-7796.yaml | 2 - http/cves/2020/CVE-2020-7943.yaml | 4 +- http/cves/2020/CVE-2020-7961.yaml | 14 ++--- http/cves/2020/CVE-2020-7980.yaml | 4 +- http/cves/2020/CVE-2020-8115.yaml | 7 +-- http/cves/2020/CVE-2020-8163.yaml | 19 +----- http/cves/2020/CVE-2020-8193.yaml | 6 +- http/cves/2020/CVE-2020-8194.yaml | 4 +- http/cves/2020/CVE-2020-8209.yaml | 13 +--- http/cves/2020/CVE-2020-8497.yaml | 13 ++-- http/cves/2020/CVE-2020-8512.yaml | 8 ++- http/cves/2020/CVE-2020-8515.yaml | 4 +- http/cves/2020/CVE-2020-8615.yaml | 10 ++- http/cves/2020/CVE-2020-8641.yaml | 4 +- http/cves/2020/CVE-2020-8654.yaml | 4 +- http/cves/2020/CVE-2020-8772.yaml | 4 +- http/cves/2020/CVE-2020-8813.yaml | 4 +- http/cves/2020/CVE-2020-8982.yaml | 4 +- http/cves/2020/CVE-2020-9047.yaml | 10 +-- http/cves/2020/CVE-2020-9054.yaml | 1 - http/cves/2020/CVE-2020-9315.yaml | 1 - http/cves/2020/CVE-2020-9344.yaml | 8 ++- http/cves/2020/CVE-2020-9376.yaml | 4 +- http/cves/2020/CVE-2020-9402.yaml | 14 +---- http/cves/2020/CVE-2020-9425.yaml | 4 +- http/cves/2020/CVE-2020-9483.yaml | 4 +- http/cves/2020/CVE-2020-9484.yaml | 14 ++--- http/cves/2020/CVE-2020-9496.yaml | 8 +-- http/cves/2020/CVE-2020-9757.yaml | 11 ++-- http/cves/2021/CVE-2021-1472.yaml | 16 ++--- http/cves/2021/CVE-2021-1498.yaml | 6 +- http/cves/2021/CVE-2021-20031.yaml | 10 +-- http/cves/2021/CVE-2021-20091.yaml | 8 +-- http/cves/2021/CVE-2021-20092.yaml | 4 +- http/cves/2021/CVE-2021-20123.yaml | 4 +- http/cves/2021/CVE-2021-20124.yaml | 9 +-- http/cves/2021/CVE-2021-20150.yaml | 4 +- http/cves/2021/CVE-2021-20158.yaml | 4 +- http/cves/2021/CVE-2021-20167.yaml | 4 +- http/cves/2021/CVE-2021-20323.yaml | 10 +-- http/cves/2021/CVE-2021-20837.yaml | 13 ++-- http/cves/2021/CVE-2021-21087.yaml | 5 +- http/cves/2021/CVE-2021-21287.yaml | 2 - http/cves/2021/CVE-2021-21311.yaml | 14 +++-- http/cves/2021/CVE-2021-21345.yaml | 18 +++--- http/cves/2021/CVE-2021-21351.yaml | 18 +++--- http/cves/2021/CVE-2021-21389.yaml | 8 +-- http/cves/2021/CVE-2021-21402.yaml | 4 +- http/cves/2021/CVE-2021-21745.yaml | 5 +- http/cves/2021/CVE-2021-21799.yaml | 11 ++-- http/cves/2021/CVE-2021-21800.yaml | 11 ++-- http/cves/2021/CVE-2021-21801.yaml | 14 ++--- http/cves/2021/CVE-2021-21802.yaml | 14 ++--- http/cves/2021/CVE-2021-21803.yaml | 9 +-- http/cves/2021/CVE-2021-21805.yaml | 11 ++-- http/cves/2021/CVE-2021-21816.yaml | 5 +- http/cves/2021/CVE-2021-21881.yaml | 5 +- http/cves/2021/CVE-2021-21972.yaml | 7 +-- http/cves/2021/CVE-2021-21973.yaml | 3 - http/cves/2021/CVE-2021-21975.yaml | 3 - http/cves/2021/CVE-2021-21978.yaml | 4 +- http/cves/2021/CVE-2021-21985.yaml | 3 - http/cves/2021/CVE-2021-22005.yaml | 7 +-- http/cves/2021/CVE-2021-22054.yaml | 8 ++- http/cves/2021/CVE-2021-22205.yaml | 14 ++--- http/cves/2021/CVE-2021-22214.yaml | 20 +++--- http/cves/2021/CVE-2021-22502.yaml | 4 +- http/cves/2021/CVE-2021-22707.yaml | 8 ++- http/cves/2021/CVE-2021-22873.yaml | 7 +-- http/cves/2021/CVE-2021-22911.yaml | 4 +- http/cves/2021/CVE-2021-22986.yaml | 12 ++-- http/cves/2021/CVE-2021-24145.yaml | 4 +- http/cves/2021/CVE-2021-24165.yaml | 9 +-- http/cves/2021/CVE-2021-24169.yaml | 8 +-- http/cves/2021/CVE-2021-24176.yaml | 4 +- http/cves/2021/CVE-2021-24214.yaml | 4 +- http/cves/2021/CVE-2021-24215.yaml | 8 +-- http/cves/2021/CVE-2021-24226.yaml | 5 +- http/cves/2021/CVE-2021-24227.yaml | 4 +- http/cves/2021/CVE-2021-24235.yaml | 4 +- http/cves/2021/CVE-2021-24237.yaml | 4 +- http/cves/2021/CVE-2021-24274.yaml | 5 +- http/cves/2021/CVE-2021-24275.yaml | 2 +- http/cves/2021/CVE-2021-24276.yaml | 6 +- http/cves/2021/CVE-2021-24278.yaml | 2 - http/cves/2021/CVE-2021-24285.yaml | 4 +- http/cves/2021/CVE-2021-24286.yaml | 4 +- http/cves/2021/CVE-2021-24291.yaml | 2 +- http/cves/2021/CVE-2021-24298.yaml | 4 +- http/cves/2021/CVE-2021-24320.yaml | 4 +- http/cves/2021/CVE-2021-24340.yaml | 6 +- http/cves/2021/CVE-2021-24364.yaml | 4 +- http/cves/2021/CVE-2021-24370.yaml | 8 +-- http/cves/2021/CVE-2021-24387.yaml | 3 - http/cves/2021/CVE-2021-24389.yaml | 5 +- http/cves/2021/CVE-2021-24406.yaml | 8 +-- http/cves/2021/CVE-2021-24407.yaml | 5 +- http/cves/2021/CVE-2021-24409.yaml | 7 +-- http/cves/2021/CVE-2021-24435.yaml | 4 +- http/cves/2021/CVE-2021-24436.yaml | 4 +- http/cves/2021/CVE-2021-24442.yaml | 2 +- http/cves/2021/CVE-2021-24452.yaml | 6 +- http/cves/2021/CVE-2021-24472.yaml | 7 +-- http/cves/2021/CVE-2021-24498.yaml | 5 +- http/cves/2021/CVE-2021-24554.yaml | 4 +- http/cves/2021/CVE-2021-24627.yaml | 7 +-- http/cves/2021/CVE-2021-24666.yaml | 5 +- http/cves/2021/CVE-2021-24731.yaml | 5 +- http/cves/2021/CVE-2021-24762.yaml | 5 +- http/cves/2021/CVE-2021-24791.yaml | 5 +- http/cves/2021/CVE-2021-24838.yaml | 5 +- http/cves/2021/CVE-2021-24849.yaml | 7 +-- http/cves/2021/CVE-2021-24875.yaml | 5 +- http/cves/2021/CVE-2021-24891.yaml | 5 +- http/cves/2021/CVE-2021-24910.yaml | 4 +- http/cves/2021/CVE-2021-24915.yaml | 7 +-- http/cves/2021/CVE-2021-24917.yaml | 7 +-- http/cves/2021/CVE-2021-24926.yaml | 5 +- http/cves/2021/CVE-2021-24934.yaml | 4 +- http/cves/2021/CVE-2021-24940.yaml | 4 +- http/cves/2021/CVE-2021-24943.yaml | 7 +-- http/cves/2021/CVE-2021-24970.yaml | 5 +- http/cves/2021/CVE-2021-24979.yaml | 2 +- http/cves/2021/CVE-2021-25003.yaml | 6 +- http/cves/2021/CVE-2021-25016.yaml | 7 +-- http/cves/2021/CVE-2021-25065.yaml | 7 +-- http/cves/2021/CVE-2021-25067.yaml | 4 +- http/cves/2021/CVE-2021-25074.yaml | 5 +- http/cves/2021/CVE-2021-25078.yaml | 5 +- http/cves/2021/CVE-2021-25079.yaml | 5 +- http/cves/2021/CVE-2021-25094.yaml | 12 +--- http/cves/2021/CVE-2021-25099.yaml | 3 - http/cves/2021/CVE-2021-25104.yaml | 4 +- http/cves/2021/CVE-2021-25111.yaml | 5 +- http/cves/2021/CVE-2021-25112.yaml | 5 +- http/cves/2021/CVE-2021-25114.yaml | 6 +- http/cves/2021/CVE-2021-25118.yaml | 5 +- http/cves/2021/CVE-2021-25120.yaml | 4 +- http/cves/2021/CVE-2021-25161.yaml | 8 +-- http/cves/2021/CVE-2021-25281.yaml | 4 +- http/cves/2021/CVE-2021-25296.yaml | 9 ++- http/cves/2021/CVE-2021-25297.yaml | 3 +- http/cves/2021/CVE-2021-25298.yaml | 9 ++- http/cves/2021/CVE-2021-25299.yaml | 3 +- http/cves/2021/CVE-2021-25646.yaml | 3 - http/cves/2021/CVE-2021-25864.yaml | 9 +-- http/cves/2021/CVE-2021-25899.yaml | 4 +- http/cves/2021/CVE-2021-26084.yaml | 8 ++- http/cves/2021/CVE-2021-26085.yaml | 8 ++- http/cves/2021/CVE-2021-26086.yaml | 8 ++- http/cves/2021/CVE-2021-26292.yaml | 4 +- http/cves/2021/CVE-2021-26294.yaml | 8 ++- http/cves/2021/CVE-2021-26295.yaml | 9 ++- http/cves/2021/CVE-2021-26598.yaml | 3 +- http/cves/2021/CVE-2021-26702.yaml | 4 +- http/cves/2021/CVE-2021-26723.yaml | 4 +- http/cves/2021/CVE-2021-26812.yaml | 3 - http/cves/2021/CVE-2021-26855.yaml | 10 +-- http/cves/2021/CVE-2021-27124.yaml | 4 +- http/cves/2021/CVE-2021-27132.yaml | 4 +- http/cves/2021/CVE-2021-27309.yaml | 5 +- http/cves/2021/CVE-2021-27310.yaml | 4 +- http/cves/2021/CVE-2021-27315.yaml | 4 +- http/cves/2021/CVE-2021-27319.yaml | 4 +- http/cves/2021/CVE-2021-27330.yaml | 10 +-- http/cves/2021/CVE-2021-27358.yaml | 7 ++- http/cves/2021/CVE-2021-27519.yaml | 7 ++- http/cves/2021/CVE-2021-27520.yaml | 1 + http/cves/2021/CVE-2021-27670.yaml | 8 ++- http/cves/2021/CVE-2021-27748.yaml | 8 +-- http/cves/2021/CVE-2021-27850.yaml | 1 - http/cves/2021/CVE-2021-27905.yaml | 5 -- http/cves/2021/CVE-2021-27909.yaml | 6 +- http/cves/2021/CVE-2021-27931.yaml | 5 +- http/cves/2021/CVE-2021-28150.yaml | 4 +- http/cves/2021/CVE-2021-28151.yaml | 4 +- http/cves/2021/CVE-2021-28164.yaml | 13 +--- http/cves/2021/CVE-2021-28169.yaml | 13 +--- http/cves/2021/CVE-2021-28377.yaml | 6 +- http/cves/2021/CVE-2021-28918.yaml | 4 +- http/cves/2021/CVE-2021-29006.yaml | 8 ++- http/cves/2021/CVE-2021-29156.yaml | 8 ++- http/cves/2021/CVE-2021-29200.yaml | 6 +- http/cves/2021/CVE-2021-29203.yaml | 4 +- http/cves/2021/CVE-2021-29441.yaml | 6 -- http/cves/2021/CVE-2021-29442.yaml | 6 -- http/cves/2021/CVE-2021-29484.yaml | 1 - http/cves/2021/CVE-2021-29490.yaml | 9 +-- http/cves/2021/CVE-2021-29505.yaml | 14 ++--- http/cves/2021/CVE-2021-29625.yaml | 10 +-- http/cves/2021/CVE-2021-3002.yaml | 4 +- http/cves/2021/CVE-2021-30049.yaml | 11 ++-- http/cves/2021/CVE-2021-30128.yaml | 9 ++- http/cves/2021/CVE-2021-30134.yaml | 4 +- http/cves/2021/CVE-2021-30151.yaml | 4 +- http/cves/2021/CVE-2021-3017.yaml | 8 +-- http/cves/2021/CVE-2021-30175.yaml | 4 +- http/cves/2021/CVE-2021-3019.yaml | 4 +- http/cves/2021/CVE-2021-30213.yaml | 4 +- http/cves/2021/CVE-2021-30461.yaml | 8 ++- http/cves/2021/CVE-2021-3110.yaml | 12 +--- http/cves/2021/CVE-2021-31195.yaml | 16 ++--- http/cves/2021/CVE-2021-31250.yaml | 4 +- http/cves/2021/CVE-2021-3129.yaml | 4 +- http/cves/2021/CVE-2021-31316.yaml | 19 ++---- http/cves/2021/CVE-2021-31324.yaml | 13 ++-- http/cves/2021/CVE-2021-31537.yaml | 4 +- http/cves/2021/CVE-2021-31581.yaml | 10 +-- http/cves/2021/CVE-2021-31589.yaml | 10 +-- http/cves/2021/CVE-2021-31602.yaml | 14 +++-- http/cves/2021/CVE-2021-31682.yaml | 4 +- http/cves/2021/CVE-2021-31755.yaml | 4 +- http/cves/2021/CVE-2021-31856.yaml | 4 +- http/cves/2021/CVE-2021-31862.yaml | 10 ++- http/cves/2021/CVE-2021-32030.yaml | 4 +- http/cves/2021/CVE-2021-32172.yaml | 4 +- http/cves/2021/CVE-2021-3223.yaml | 12 ++-- http/cves/2021/CVE-2021-32305.yaml | 4 +- http/cves/2021/CVE-2021-32618.yaml | 10 +-- http/cves/2021/CVE-2021-32682.yaml | 3 - http/cves/2021/CVE-2021-32789.yaml | 4 +- http/cves/2021/CVE-2021-32819.yaml | 8 +-- http/cves/2021/CVE-2021-32820.yaml | 6 +- http/cves/2021/CVE-2021-3293.yaml | 1 - http/cves/2021/CVE-2021-3297.yaml | 4 +- http/cves/2021/CVE-2021-33357.yaml | 6 +- http/cves/2021/CVE-2021-33690.yaml | 8 ++- http/cves/2021/CVE-2021-3374.yaml | 4 +- http/cves/2021/CVE-2021-3377.yaml | 4 +- http/cves/2021/CVE-2021-33807.yaml | 1 - http/cves/2021/CVE-2021-33851.yaml | 4 +- http/cves/2021/CVE-2021-33904.yaml | 4 +- http/cves/2021/CVE-2021-34370.yaml | 4 +- http/cves/2021/CVE-2021-34429.yaml | 13 +--- http/cves/2021/CVE-2021-34473.yaml | 14 ++--- http/cves/2021/CVE-2021-34630.yaml | 5 +- http/cves/2021/CVE-2021-34643.yaml | 4 +- http/cves/2021/CVE-2021-35250.yaml | 9 +-- http/cves/2021/CVE-2021-35265.yaml | 8 ++- http/cves/2021/CVE-2021-35323.yaml | 8 ++- http/cves/2021/CVE-2021-35380.yaml | 4 +- http/cves/2021/CVE-2021-35395.yaml | 4 +- http/cves/2021/CVE-2021-35464.yaml | 8 +-- http/cves/2021/CVE-2021-35488.yaml | 4 +- http/cves/2021/CVE-2021-35587.yaml | 5 +- http/cves/2021/CVE-2021-36260.yaml | 6 +- http/cves/2021/CVE-2021-36356.yaml | 4 +- http/cves/2021/CVE-2021-36450.yaml | 8 ++- http/cves/2021/CVE-2021-36580.yaml | 8 ++- http/cves/2021/CVE-2021-36646.yaml | 5 +- http/cves/2021/CVE-2021-36749.yaml | 3 - http/cves/2021/CVE-2021-36873.yaml | 8 +-- http/cves/2021/CVE-2021-37304.yaml | 11 ++-- http/cves/2021/CVE-2021-37305.yaml | 11 ++-- http/cves/2021/CVE-2021-37416.yaml | 8 +-- http/cves/2021/CVE-2021-37573.yaml | 4 +- http/cves/2021/CVE-2021-37580.yaml | 7 +-- http/cves/2021/CVE-2021-37589.yaml | 2 +- http/cves/2021/CVE-2021-37704.yaml | 8 +-- http/cves/2021/CVE-2021-37833.yaml | 2 +- http/cves/2021/CVE-2021-38146.yaml | 6 +- http/cves/2021/CVE-2021-38147.yaml | 6 +- http/cves/2021/CVE-2021-38156.yaml | 11 +--- http/cves/2021/CVE-2021-38540.yaml | 8 +-- http/cves/2021/CVE-2021-38702.yaml | 4 +- http/cves/2021/CVE-2021-38704.yaml | 4 +- http/cves/2021/CVE-2021-39141.yaml | 8 +-- http/cves/2021/CVE-2021-39144.yaml | 10 +-- http/cves/2021/CVE-2021-39146.yaml | 8 +-- http/cves/2021/CVE-2021-39165.yaml | 14 ++--- http/cves/2021/CVE-2021-39211.yaml | 6 +- http/cves/2021/CVE-2021-39226.yaml | 15 ++--- http/cves/2021/CVE-2021-39312.yaml | 4 +- http/cves/2021/CVE-2021-39322.yaml | 4 +- http/cves/2021/CVE-2021-39327.yaml | 6 +- http/cves/2021/CVE-2021-39350.yaml | 4 +- http/cves/2021/CVE-2021-39501.yaml | 9 +-- http/cves/2021/CVE-2021-40149.yaml | 10 +-- http/cves/2021/CVE-2021-40150.yaml | 4 +- http/cves/2021/CVE-2021-40272.yaml | 12 +--- http/cves/2021/CVE-2021-40323.yaml | 4 +- http/cves/2021/CVE-2021-40438.yaml | 10 +-- http/cves/2021/CVE-2021-40542.yaml | 9 +-- http/cves/2021/CVE-2021-40651.yaml | 8 ++- http/cves/2021/CVE-2021-40661.yaml | 4 +- http/cves/2021/CVE-2021-40822.yaml | 12 ++-- http/cves/2021/CVE-2021-40856.yaml | 4 +- http/cves/2021/CVE-2021-40870.yaml | 14 +---- http/cves/2021/CVE-2021-40875.yaml | 11 ++-- http/cves/2021/CVE-2021-40960.yaml | 4 +- http/cves/2021/CVE-2021-40968.yaml | 8 ++- http/cves/2021/CVE-2021-40969.yaml | 8 ++- http/cves/2021/CVE-2021-40970.yaml | 8 ++- http/cves/2021/CVE-2021-40971.yaml | 4 +- http/cves/2021/CVE-2021-40972.yaml | 4 +- http/cves/2021/CVE-2021-40973.yaml | 8 ++- http/cves/2021/CVE-2021-40978.yaml | 4 +- http/cves/2021/CVE-2021-41174.yaml | 3 +- http/cves/2021/CVE-2021-41192.yaml | 18 +++--- http/cves/2021/CVE-2021-41266.yaml | 10 +-- http/cves/2021/CVE-2021-41277.yaml | 21 ++++--- http/cves/2021/CVE-2021-41282.yaml | 4 +- http/cves/2021/CVE-2021-41291.yaml | 4 +- http/cves/2021/CVE-2021-41293.yaml | 4 +- http/cves/2021/CVE-2021-41349.yaml | 14 ++--- http/cves/2021/CVE-2021-41381.yaml | 4 +- http/cves/2021/CVE-2021-41432.yaml | 7 ++- http/cves/2021/CVE-2021-41460.yaml | 2 +- http/cves/2021/CVE-2021-41467.yaml | 4 +- http/cves/2021/CVE-2021-41569.yaml | 5 +- http/cves/2021/CVE-2021-41648.yaml | 4 +- http/cves/2021/CVE-2021-41649.yaml | 4 +- http/cves/2021/CVE-2021-41653.yaml | 4 +- http/cves/2021/CVE-2021-41749.yaml | 9 +-- http/cves/2021/CVE-2021-41773.yaml | 21 ++----- http/cves/2021/CVE-2021-4191.yaml | 11 +--- http/cves/2021/CVE-2021-41951.yaml | 3 - http/cves/2021/CVE-2021-42013.yaml | 18 +----- http/cves/2021/CVE-2021-42063.yaml | 6 +- http/cves/2021/CVE-2021-42192.yaml | 4 +- http/cves/2021/CVE-2021-42237.yaml | 14 ++--- http/cves/2021/CVE-2021-42258.yaml | 4 +- http/cves/2021/CVE-2021-42551.yaml | 4 +- http/cves/2021/CVE-2021-42565.yaml | 4 +- http/cves/2021/CVE-2021-42567.yaml | 4 +- http/cves/2021/CVE-2021-42627.yaml | 4 +- http/cves/2021/CVE-2021-42663.yaml | 4 +- http/cves/2021/CVE-2021-42887.yaml | 4 +- http/cves/2021/CVE-2021-43062.yaml | 4 +- http/cves/2021/CVE-2021-43287.yaml | 7 ++- http/cves/2021/CVE-2021-43421.yaml | 8 +-- http/cves/2021/CVE-2021-43495.yaml | 5 +- http/cves/2021/CVE-2021-43496.yaml | 4 +- http/cves/2021/CVE-2021-43574.yaml | 5 +- http/cves/2021/CVE-2021-43725.yaml | 8 ++- http/cves/2021/CVE-2021-43734.yaml | 8 +-- http/cves/2021/CVE-2021-43778.yaml | 10 +-- http/cves/2021/CVE-2021-43798.yaml | 7 ++- http/cves/2021/CVE-2021-43810.yaml | 10 +-- http/cves/2021/CVE-2021-43831.yaml | 17 ++---- http/cves/2021/CVE-2021-44138.yaml | 5 +- http/cves/2021/CVE-2021-44139.yaml | 8 ++- http/cves/2021/CVE-2021-44152.yaml | 3 +- http/cves/2021/CVE-2021-44228.yaml | 10 +-- http/cves/2021/CVE-2021-44260.yaml | 7 +-- http/cves/2021/CVE-2021-4436.yaml | 5 +- http/cves/2021/CVE-2021-44451.yaml | 7 +-- http/cves/2021/CVE-2021-44515.yaml | 15 ++--- http/cves/2021/CVE-2021-44528.yaml | 18 +----- http/cves/2021/CVE-2021-44529.yaml | 14 ++--- http/cves/2021/CVE-2021-45043.yaml | 4 +- http/cves/2021/CVE-2021-45046.yaml | 5 +- http/cves/2021/CVE-2021-45232.yaml | 4 +- http/cves/2021/CVE-2021-45380.yaml | 9 +-- http/cves/2021/CVE-2021-45422.yaml | 7 ++- http/cves/2021/CVE-2021-45428.yaml | 11 ++-- http/cves/2021/CVE-2021-45793.yaml | 48 +++++++-------- http/cves/2021/CVE-2021-45811.yaml | 15 ++--- http/cves/2021/CVE-2021-45967.yaml | 4 +- http/cves/2021/CVE-2021-45968.yaml | 4 +- http/cves/2021/CVE-2021-46005.yaml | 4 +- http/cves/2021/CVE-2021-46069.yaml | 4 +- http/cves/2021/CVE-2021-46071.yaml | 4 +- http/cves/2021/CVE-2021-46072.yaml | 4 +- http/cves/2021/CVE-2021-46073.yaml | 4 +- http/cves/2021/CVE-2021-46107.yaml | 12 ++-- http/cves/2021/CVE-2021-46379.yaml | 4 +- http/cves/2021/CVE-2021-46381.yaml | 8 +-- http/cves/2021/CVE-2021-46387.yaml | 4 +- http/cves/2021/CVE-2021-46417.yaml | 4 +- http/cves/2021/CVE-2021-46418.yaml | 16 ++--- http/cves/2021/CVE-2021-46419.yaml | 7 ++- http/cves/2021/CVE-2021-46422.yaml | 11 ++-- http/cves/2021/CVE-2021-46424.yaml | 4 +- http/cves/2021/CVE-2021-46704.yaml | 2 +- http/cves/2022/CVE-2022-0087.yaml | 5 +- http/cves/2022/CVE-2022-0140.yaml | 4 +- http/cves/2022/CVE-2022-0147.yaml | 4 +- http/cves/2022/CVE-2022-0148.yaml | 4 +- http/cves/2022/CVE-2022-0149.yaml | 4 +- http/cves/2022/CVE-2022-0165.yaml | 4 +- http/cves/2022/CVE-2022-0169.yaml | 7 +-- http/cves/2022/CVE-2022-0201.yaml | 5 +- http/cves/2022/CVE-2022-0206.yaml | 5 +- http/cves/2022/CVE-2022-0218.yaml | 10 +-- http/cves/2022/CVE-2022-0228.yaml | 8 +-- http/cves/2022/CVE-2022-0234.yaml | 4 +- http/cves/2022/CVE-2022-0250.yaml | 5 +- http/cves/2022/CVE-2022-0271.yaml | 9 +-- http/cves/2022/CVE-2022-0281.yaml | 2 +- http/cves/2022/CVE-2022-0288.yaml | 5 +- http/cves/2022/CVE-2022-0342.yaml | 8 ++- http/cves/2022/CVE-2022-0349.yaml | 2 - http/cves/2022/CVE-2022-0378.yaml | 2 +- http/cves/2022/CVE-2022-0381.yaml | 4 +- http/cves/2022/CVE-2022-0412.yaml | 7 +-- http/cves/2022/CVE-2022-0415.yaml | 9 +-- http/cves/2022/CVE-2022-0424.yaml | 2 +- http/cves/2022/CVE-2022-0432.yaml | 4 +- http/cves/2022/CVE-2022-0437.yaml | 6 +- http/cves/2022/CVE-2022-0441.yaml | 7 --- http/cves/2022/CVE-2022-0479.yaml | 17 ++---- http/cves/2022/CVE-2022-0533.yaml | 7 +-- http/cves/2022/CVE-2022-0535.yaml | 4 +- http/cves/2022/CVE-2022-0540.yaml | 4 +- http/cves/2022/CVE-2022-0591.yaml | 7 +-- http/cves/2022/CVE-2022-0592.yaml | 9 +-- http/cves/2022/CVE-2022-0594.yaml | 4 +- http/cves/2022/CVE-2022-0595.yaml | 5 +- http/cves/2022/CVE-2022-0597.yaml | 6 +- http/cves/2022/CVE-2022-0651.yaml | 2 +- http/cves/2022/CVE-2022-0653.yaml | 4 +- http/cves/2022/CVE-2022-0660.yaml | 2 +- http/cves/2022/CVE-2022-0666.yaml | 6 +- http/cves/2022/CVE-2022-0678.yaml | 6 +- http/cves/2022/CVE-2022-0679.yaml | 4 +- http/cves/2022/CVE-2022-0693.yaml | 4 +- http/cves/2022/CVE-2022-0735.yaml | 10 +-- http/cves/2022/CVE-2022-0769.yaml | 4 +- http/cves/2022/CVE-2022-0773.yaml | 6 +- http/cves/2022/CVE-2022-0781.yaml | 4 +- http/cves/2022/CVE-2022-0784.yaml | 4 +- http/cves/2022/CVE-2022-0785.yaml | 4 +- http/cves/2022/CVE-2022-0786.yaml | 2 - http/cves/2022/CVE-2022-0788.yaml | 8 +-- http/cves/2022/CVE-2022-0814.yaml | 7 +-- http/cves/2022/CVE-2022-0824.yaml | 4 +- http/cves/2022/CVE-2022-0826.yaml | 4 +- http/cves/2022/CVE-2022-0864.yaml | 5 +- http/cves/2022/CVE-2022-0867.yaml | 4 +- http/cves/2022/CVE-2022-0869.yaml | 4 +- http/cves/2022/CVE-2022-0870.yaml | 9 +-- http/cves/2022/CVE-2022-0885.yaml | 6 +- http/cves/2022/CVE-2022-0899.yaml | 5 +- http/cves/2022/CVE-2022-0928.yaml | 6 +- http/cves/2022/CVE-2022-0948.yaml | 4 +- http/cves/2022/CVE-2022-0949.yaml | 4 +- http/cves/2022/CVE-2022-0954.yaml | 6 +- http/cves/2022/CVE-2022-0963.yaml | 6 +- http/cves/2022/CVE-2022-0968.yaml | 6 +- http/cves/2022/CVE-2022-1007.yaml | 4 +- http/cves/2022/CVE-2022-1020.yaml | 7 +-- http/cves/2022/CVE-2022-1040.yaml | 8 ++- http/cves/2022/CVE-2022-1054.yaml | 5 +- http/cves/2022/CVE-2022-1058.yaml | 17 ++---- http/cves/2022/CVE-2022-1119.yaml | 4 +- http/cves/2022/CVE-2022-1162.yaml | 18 +++--- http/cves/2022/CVE-2022-1168.yaml | 4 +- http/cves/2022/CVE-2022-1170.yaml | 7 +-- http/cves/2022/CVE-2022-1329.yaml | 7 +-- http/cves/2022/CVE-2022-1386.yaml | 4 +- http/cves/2022/CVE-2022-1388.yaml | 10 ++- http/cves/2022/CVE-2022-1390.yaml | 4 +- http/cves/2022/CVE-2022-1391.yaml | 4 +- http/cves/2022/CVE-2022-1392.yaml | 4 +- http/cves/2022/CVE-2022-1439.yaml | 6 +- http/cves/2022/CVE-2022-1442.yaml | 4 +- http/cves/2022/CVE-2022-1574.yaml | 4 +- http/cves/2022/CVE-2022-1580.yaml | 4 +- http/cves/2022/CVE-2022-1595.yaml | 6 +- http/cves/2022/CVE-2022-1597.yaml | 4 +- http/cves/2022/CVE-2022-1598.yaml | 4 +- http/cves/2022/CVE-2022-1609.yaml | 4 +- http/cves/2022/CVE-2022-1711.yaml | 21 ++----- http/cves/2022/CVE-2022-1713.yaml | 11 ++-- http/cves/2022/CVE-2022-1724.yaml | 4 +- http/cves/2022/CVE-2022-1756.yaml | 2 +- http/cves/2022/CVE-2022-1768.yaml | 10 +-- http/cves/2022/CVE-2022-1815.yaml | 14 ++--- http/cves/2022/CVE-2022-1904.yaml | 4 +- http/cves/2022/CVE-2022-1933.yaml | 4 +- http/cves/2022/CVE-2022-1937.yaml | 5 +- http/cves/2022/CVE-2022-1946.yaml | 4 +- http/cves/2022/CVE-2022-1950.yaml | 10 +-- http/cves/2022/CVE-2022-1952.yaml | 4 +- http/cves/2022/CVE-2022-2130.yaml | 6 +- http/cves/2022/CVE-2022-21371.yaml | 4 +- http/cves/2022/CVE-2022-21500.yaml | 10 ++- http/cves/2022/CVE-2022-21587.yaml | 8 +-- http/cves/2022/CVE-2022-21661.yaml | 1 - http/cves/2022/CVE-2022-2168.yaml | 18 ++---- http/cves/2022/CVE-2022-21705.yaml | 1 - http/cves/2022/CVE-2022-2174.yaml | 6 +- http/cves/2022/CVE-2022-2185.yaml | 10 +-- http/cves/2022/CVE-2022-2187.yaml | 4 +- http/cves/2022/CVE-2022-2219.yaml | 5 +- http/cves/2022/CVE-2022-22242.yaml | 8 ++- http/cves/2022/CVE-2022-22536.yaml | 6 +- http/cves/2022/CVE-2022-22733.yaml | 6 +- http/cves/2022/CVE-2022-22897.yaml | 4 +- http/cves/2022/CVE-2022-2290.yaml | 8 ++- http/cves/2022/CVE-2022-22954.yaml | 7 +-- http/cves/2022/CVE-2022-22963.yaml | 4 +- http/cves/2022/CVE-2022-22965.yaml | 4 +- http/cves/2022/CVE-2022-22972.yaml | 5 +- http/cves/2022/CVE-2022-23102.yaml | 8 ++- http/cves/2022/CVE-2022-23131.yaml | 14 ++--- http/cves/2022/CVE-2022-23134.yaml | 15 +++-- http/cves/2022/CVE-2022-23347.yaml | 8 ++- http/cves/2022/CVE-2022-23348.yaml | 4 +- http/cves/2022/CVE-2022-23544.yaml | 7 ++- http/cves/2022/CVE-2022-2376.yaml | 4 +- http/cves/2022/CVE-2022-23779.yaml | 18 ++---- http/cves/2022/CVE-2022-2379.yaml | 4 +- http/cves/2022/CVE-2022-23808.yaml | 8 +-- http/cves/2022/CVE-2022-23854.yaml | 10 +-- http/cves/2022/CVE-2022-23881.yaml | 4 +- http/cves/2022/CVE-2022-23898.yaml | 4 +- http/cves/2022/CVE-2022-23944.yaml | 3 - http/cves/2022/CVE-2022-24112.yaml | 8 ++- http/cves/2022/CVE-2022-24124.yaml | 8 ++- http/cves/2022/CVE-2022-24129.yaml | 4 +- http/cves/2022/CVE-2022-2414.yaml | 5 +- http/cves/2022/CVE-2022-24181.yaml | 9 +-- http/cves/2022/CVE-2022-24223.yaml | 6 +- http/cves/2022/CVE-2022-24260.yaml | 8 ++- http/cves/2022/CVE-2022-24265.yaml | 4 +- http/cves/2022/CVE-2022-24288.yaml | 10 +-- http/cves/2022/CVE-2022-24384.yaml | 2 +- http/cves/2022/CVE-2022-2462.yaml | 4 +- http/cves/2022/CVE-2022-24627.yaml | 9 +-- http/cves/2022/CVE-2022-24637.yaml | 7 ++- http/cves/2022/CVE-2022-2467.yaml | 12 ++-- http/cves/2022/CVE-2022-24681.yaml | 4 +- http/cves/2022/CVE-2022-24716.yaml | 5 +- http/cves/2022/CVE-2022-24816.yaml | 12 ++-- http/cves/2022/CVE-2022-24819.yaml | 11 ++-- http/cves/2022/CVE-2022-24856.yaml | 10 +-- http/cves/2022/CVE-2022-2486.yaml | 18 +++--- http/cves/2022/CVE-2022-2487.yaml | 4 +- http/cves/2022/CVE-2022-2488.yaml | 4 +- http/cves/2022/CVE-2022-24899.yaml | 11 ++-- http/cves/2022/CVE-2022-24900.yaml | 12 ++-- http/cves/2022/CVE-2022-24990.yaml | 4 +- http/cves/2022/CVE-2022-25125.yaml | 8 ++- http/cves/2022/CVE-2022-25148.yaml | 6 +- http/cves/2022/CVE-2022-25149.yaml | 2 +- http/cves/2022/CVE-2022-25216.yaml | 5 +- http/cves/2022/CVE-2022-25226.yaml | 12 ++-- http/cves/2022/CVE-2022-2535.yaml | 8 +-- http/cves/2022/CVE-2022-25356.yaml | 8 ++- http/cves/2022/CVE-2022-25481.yaml | 10 ++- http/cves/2022/CVE-2022-25487.yaml | 6 +- http/cves/2022/CVE-2022-25488.yaml | 2 - http/cves/2022/CVE-2022-25489.yaml | 6 +- http/cves/2022/CVE-2022-25497.yaml | 5 +- http/cves/2022/CVE-2022-2551.yaml | 4 +- http/cves/2022/CVE-2022-2552.yaml | 7 +-- http/cves/2022/CVE-2022-25568.yaml | 8 ++- http/cves/2022/CVE-2022-2599.yaml | 5 +- http/cves/2022/CVE-2022-26134.yaml | 4 +- http/cves/2022/CVE-2022-26138.yaml | 8 ++- http/cves/2022/CVE-2022-26148.yaml | 10 +-- http/cves/2022/CVE-2022-26233.yaml | 4 +- http/cves/2022/CVE-2022-26263.yaml | 4 +- http/cves/2022/CVE-2022-2627.yaml | 11 ++-- http/cves/2022/CVE-2022-26271.yaml | 6 +- http/cves/2022/CVE-2022-2633.yaml | 8 +-- http/cves/2022/CVE-2022-26564.yaml | 2 +- http/cves/2022/CVE-2022-26585.yaml | 14 ++--- http/cves/2022/CVE-2022-26960.yaml | 7 +-- http/cves/2022/CVE-2022-27043.yaml | 4 +- http/cves/2022/CVE-2022-2733.yaml | 11 ++-- http/cves/2022/CVE-2022-2756.yaml | 10 ++- http/cves/2022/CVE-2022-27593.yaml | 13 ++-- http/cves/2022/CVE-2022-27849.yaml | 10 +-- http/cves/2022/CVE-2022-27984.yaml | 4 +- http/cves/2022/CVE-2022-27985.yaml | 4 +- http/cves/2022/CVE-2022-28032.yaml | 2 - http/cves/2022/CVE-2022-28033.yaml | 11 ++-- http/cves/2022/CVE-2022-28219.yaml | 8 ++- http/cves/2022/CVE-2022-28290.yaml | 4 +- http/cves/2022/CVE-2022-28363.yaml | 6 +- http/cves/2022/CVE-2022-28365.yaml | 6 +- http/cves/2022/CVE-2022-28508.yaml | 19 +----- http/cves/2022/CVE-2022-2863.yaml | 4 +- http/cves/2022/CVE-2022-28923.yaml | 8 ++- http/cves/2022/CVE-2022-28955.yaml | 8 ++- http/cves/2022/CVE-2022-29004.yaml | 4 +- http/cves/2022/CVE-2022-29007.yaml | 4 +- http/cves/2022/CVE-2022-29009.yaml | 4 +- http/cves/2022/CVE-2022-29013.yaml | 9 ++- http/cves/2022/CVE-2022-29014.yaml | 4 +- http/cves/2022/CVE-2022-29153.yaml | 5 +- http/cves/2022/CVE-2022-29272.yaml | 9 +-- http/cves/2022/CVE-2022-29298.yaml | 4 +- http/cves/2022/CVE-2022-29299.yaml | 14 +---- http/cves/2022/CVE-2022-29303.yaml | 4 +- http/cves/2022/CVE-2022-29349.yaml | 4 +- http/cves/2022/CVE-2022-29383.yaml | 4 +- http/cves/2022/CVE-2022-29455.yaml | 3 - http/cves/2022/CVE-2022-29464.yaml | 6 +- http/cves/2022/CVE-2022-29548.yaml | 10 +-- http/cves/2022/CVE-2022-29775.yaml | 4 +- http/cves/2022/CVE-2022-30073.yaml | 5 +- http/cves/2022/CVE-2022-30489.yaml | 7 ++- http/cves/2022/CVE-2022-30512.yaml | 4 +- http/cves/2022/CVE-2022-30513.yaml | 4 +- http/cves/2022/CVE-2022-3062.yaml | 5 +- http/cves/2022/CVE-2022-30776.yaml | 4 +- http/cves/2022/CVE-2022-30777.yaml | 5 +- http/cves/2022/CVE-2022-31126.yaml | 12 ++-- http/cves/2022/CVE-2022-31137.yaml | 17 +++--- http/cves/2022/CVE-2022-31161.yaml | 2 +- http/cves/2022/CVE-2022-31260.yaml | 14 ++--- http/cves/2022/CVE-2022-31268.yaml | 7 ++- http/cves/2022/CVE-2022-31269.yaml | 7 ++- http/cves/2022/CVE-2022-31299.yaml | 4 +- http/cves/2022/CVE-2022-31373.yaml | 8 ++- http/cves/2022/CVE-2022-3142.yaml | 2 +- http/cves/2022/CVE-2022-31470.yaml | 19 +++--- http/cves/2022/CVE-2022-31474.yaml | 4 +- http/cves/2022/CVE-2022-31499.yaml | 7 ++- http/cves/2022/CVE-2022-31656.yaml | 6 +- http/cves/2022/CVE-2022-31798.yaml | 5 +- http/cves/2022/CVE-2022-31814.yaml | 6 +- http/cves/2022/CVE-2022-31845.yaml | 1 + http/cves/2022/CVE-2022-31846.yaml | 5 +- http/cves/2022/CVE-2022-31847.yaml | 4 +- http/cves/2022/CVE-2022-31974.yaml | 4 +- http/cves/2022/CVE-2022-31976.yaml | 4 +- http/cves/2022/CVE-2022-31978.yaml | 4 +- http/cves/2022/CVE-2022-31984.yaml | 4 +- http/cves/2022/CVE-2022-32007.yaml | 5 +- http/cves/2022/CVE-2022-32015.yaml | 5 +- http/cves/2022/CVE-2022-32018.yaml | 5 +- http/cves/2022/CVE-2022-32022.yaml | 4 +- http/cves/2022/CVE-2022-32024.yaml | 10 +-- http/cves/2022/CVE-2022-32025.yaml | 9 +-- http/cves/2022/CVE-2022-32026.yaml | 9 +-- http/cves/2022/CVE-2022-32028.yaml | 9 +-- http/cves/2022/CVE-2022-32094.yaml | 4 +- http/cves/2022/CVE-2022-32195.yaml | 8 ++- http/cves/2022/CVE-2022-32409.yaml | 4 +- http/cves/2022/CVE-2022-3242.yaml | 2 +- http/cves/2022/CVE-2022-32429.yaml | 6 +- http/cves/2022/CVE-2022-32770.yaml | 8 +-- http/cves/2022/CVE-2022-32771.yaml | 12 ++-- http/cves/2022/CVE-2022-32772.yaml | 12 ++-- http/cves/2022/CVE-2022-33119.yaml | 4 +- http/cves/2022/CVE-2022-33174.yaml | 4 +- http/cves/2022/CVE-2022-33891.yaml | 7 ++- http/cves/2022/CVE-2022-33901.yaml | 10 +-- http/cves/2022/CVE-2022-34045.yaml | 1 + http/cves/2022/CVE-2022-34046.yaml | 7 ++- http/cves/2022/CVE-2022-34047.yaml | 3 +- http/cves/2022/CVE-2022-34048.yaml | 1 + http/cves/2022/CVE-2022-34049.yaml | 7 ++- http/cves/2022/CVE-2022-34094.yaml | 4 +- http/cves/2022/CVE-2022-34267.yaml | 10 ++- http/cves/2022/CVE-2022-34328.yaml | 3 +- http/cves/2022/CVE-2022-34534.yaml | 4 +- http/cves/2022/CVE-2022-34576.yaml | 1 + http/cves/2022/CVE-2022-34590.yaml | 8 ++- http/cves/2022/CVE-2022-34753.yaml | 8 ++- http/cves/2022/CVE-2022-3506.yaml | 4 +- http/cves/2022/CVE-2022-35151.yaml | 4 +- http/cves/2022/CVE-2022-35405.yaml | 4 +- http/cves/2022/CVE-2022-35413.yaml | 8 ++- http/cves/2022/CVE-2022-35416.yaml | 6 +- http/cves/2022/CVE-2022-35493.yaml | 8 ++- http/cves/2022/CVE-2022-35507.yaml | 7 +-- http/cves/2022/CVE-2022-35653.yaml | 14 ++--- http/cves/2022/CVE-2022-35914.yaml | 8 +-- http/cves/2022/CVE-2022-36446.yaml | 4 +- http/cves/2022/CVE-2022-36537.yaml | 7 +-- http/cves/2022/CVE-2022-36553.yaml | 8 +-- http/cves/2022/CVE-2022-36642.yaml | 4 +- http/cves/2022/CVE-2022-36804.yaml | 12 ++-- http/cves/2022/CVE-2022-36883.yaml | 8 ++- http/cves/2022/CVE-2022-37042.yaml | 4 +- http/cves/2022/CVE-2022-37153.yaml | 4 +- http/cves/2022/CVE-2022-37190.yaml | 4 +- http/cves/2022/CVE-2022-37191.yaml | 4 +- http/cves/2022/CVE-2022-3766.yaml | 8 +-- http/cves/2022/CVE-2022-38131.yaml | 14 ++--- http/cves/2022/CVE-2022-38295.yaml | 4 +- http/cves/2022/CVE-2022-38296.yaml | 4 +- http/cves/2022/CVE-2022-38322.yaml | 1 - http/cves/2022/CVE-2022-38463.yaml | 4 +- http/cves/2022/CVE-2022-38467.yaml | 4 +- http/cves/2022/CVE-2022-38553.yaml | 4 +- http/cves/2022/CVE-2022-38637.yaml | 8 ++- http/cves/2022/CVE-2022-3869.yaml | 17 +----- http/cves/2022/CVE-2022-38794.yaml | 4 +- http/cves/2022/CVE-2022-38817.yaml | 4 +- http/cves/2022/CVE-2022-38870.yaml | 8 ++- http/cves/2022/CVE-2022-39048.yaml | 8 +-- http/cves/2022/CVE-2022-39195.yaml | 4 +- http/cves/2022/CVE-2022-3980.yaml | 9 +-- http/cves/2022/CVE-2022-3982.yaml | 5 +- http/cves/2022/CVE-2022-39952.yaml | 4 +- http/cves/2022/CVE-2022-39960.yaml | 8 ++- http/cves/2022/CVE-2022-39986.yaml | 6 +- http/cves/2022/CVE-2022-40022.yaml | 3 +- http/cves/2022/CVE-2022-40032.yaml | 4 +- http/cves/2022/CVE-2022-40047.yaml | 2 +- http/cves/2022/CVE-2022-40083.yaml | 4 +- http/cves/2022/CVE-2022-40127.yaml | 12 ++-- http/cves/2022/CVE-2022-40359.yaml | 4 +- http/cves/2022/CVE-2022-40443.yaml | 9 +-- http/cves/2022/CVE-2022-4049.yaml | 7 +-- http/cves/2022/CVE-2022-4050.yaml | 4 +- http/cves/2022/CVE-2022-4057.yaml | 7 +-- http/cves/2022/CVE-2022-4059.yaml | 2 +- http/cves/2022/CVE-2022-40624.yaml | 15 ++--- http/cves/2022/CVE-2022-4063.yaml | 4 +- http/cves/2022/CVE-2022-40734.yaml | 4 +- http/cves/2022/CVE-2022-40843.yaml | 8 +-- http/cves/2022/CVE-2022-40879.yaml | 4 +- http/cves/2022/CVE-2022-40881.yaml | 14 ++--- http/cves/2022/CVE-2022-4117.yaml | 4 +- http/cves/2022/CVE-2022-41412.yaml | 8 +-- http/cves/2022/CVE-2022-41441.yaml | 8 ++- http/cves/2022/CVE-2022-41800.yaml | 7 ++- http/cves/2022/CVE-2022-41840.yaml | 15 +++-- http/cves/2022/CVE-2022-42094.yaml | 4 +- http/cves/2022/CVE-2022-42118.yaml | 21 ++----- http/cves/2022/CVE-2022-42233.yaml | 9 ++- http/cves/2022/CVE-2022-4260.yaml | 4 +- http/cves/2022/CVE-2022-42746.yaml | 4 +- http/cves/2022/CVE-2022-42747.yaml | 9 +-- http/cves/2022/CVE-2022-42748.yaml | 8 ++- http/cves/2022/CVE-2022-42749.yaml | 8 ++- http/cves/2022/CVE-2022-4295.yaml | 2 +- http/cves/2022/CVE-2022-4301.yaml | 4 +- http/cves/2022/CVE-2022-43014.yaml | 4 +- http/cves/2022/CVE-2022-43015.yaml | 8 ++- http/cves/2022/CVE-2022-43016.yaml | 8 ++- http/cves/2022/CVE-2022-43017.yaml | 4 +- http/cves/2022/CVE-2022-43018.yaml | 8 ++- http/cves/2022/CVE-2022-4305.yaml | 7 +-- http/cves/2022/CVE-2022-4306.yaml | 4 +- http/cves/2022/CVE-2022-43140.yaml | 9 ++- http/cves/2022/CVE-2022-43164.yaml | 6 +- http/cves/2022/CVE-2022-43165.yaml | 2 +- http/cves/2022/CVE-2022-43166.yaml | 6 +- http/cves/2022/CVE-2022-43167.yaml | 6 +- http/cves/2022/CVE-2022-43169.yaml | 2 +- http/cves/2022/CVE-2022-43170.yaml | 6 +- http/cves/2022/CVE-2022-43185.yaml | 8 +-- http/cves/2022/CVE-2022-4320.yaml | 7 +-- http/cves/2022/CVE-2022-4321.yaml | 6 +- http/cves/2022/CVE-2022-4325.yaml | 6 +- http/cves/2022/CVE-2022-4375.yaml | 3 +- http/cves/2022/CVE-2022-43769.yaml | 2 +- http/cves/2022/CVE-2022-44290.yaml | 4 +- http/cves/2022/CVE-2022-44291.yaml | 4 +- http/cves/2022/CVE-2022-44356.yaml | 14 ++--- http/cves/2022/CVE-2022-4447.yaml | 4 +- http/cves/2022/CVE-2022-44877.yaml | 8 +-- http/cves/2022/CVE-2022-44944.yaml | 2 +- http/cves/2022/CVE-2022-44946.yaml | 6 +- http/cves/2022/CVE-2022-44947.yaml | 6 +- http/cves/2022/CVE-2022-44948.yaml | 6 +- http/cves/2022/CVE-2022-44949.yaml | 6 +- http/cves/2022/CVE-2022-44950.yaml | 2 +- http/cves/2022/CVE-2022-44951.yaml | 6 +- http/cves/2022/CVE-2022-44952.yaml | 6 +- http/cves/2022/CVE-2022-45038.yaml | 4 +- http/cves/2022/CVE-2022-45269.yaml | 14 ++--- http/cves/2022/CVE-2022-45354.yaml | 15 ++--- http/cves/2022/CVE-2022-45362.yaml | 10 +-- http/cves/2022/CVE-2022-45365.yaml | 2 +- http/cves/2022/CVE-2022-45805.yaml | 4 +- http/cves/2022/CVE-2022-45808.yaml | 17 ++---- http/cves/2022/CVE-2022-45917.yaml | 4 +- http/cves/2022/CVE-2022-45933.yaml | 3 +- http/cves/2022/CVE-2022-46073.yaml | 4 +- http/cves/2022/CVE-2022-46169.yaml | 7 ++- http/cves/2022/CVE-2022-46381.yaml | 4 +- http/cves/2022/CVE-2022-46888.yaml | 2 +- http/cves/2022/CVE-2022-46934.yaml | 8 +-- http/cves/2022/CVE-2022-47002.yaml | 4 +- http/cves/2022/CVE-2022-47003.yaml | 9 ++- http/cves/2022/CVE-2022-47501.yaml | 10 +-- http/cves/2022/CVE-2022-47615.yaml | 9 +-- http/cves/2022/CVE-2022-47945.yaml | 4 +- http/cves/2022/CVE-2022-47966.yaml | 8 ++- http/cves/2022/CVE-2022-47986.yaml | 3 +- http/cves/2022/CVE-2022-48012.yaml | 4 +- http/cves/2022/CVE-2022-48164.yaml | 11 ++-- http/cves/2022/CVE-2022-48165.yaml | 6 +- http/cves/2022/CVE-2022-48166.yaml | 17 ++---- http/cves/2022/CVE-2022-48197.yaml | 4 +- http/cves/2022/CVE-2022-4897.yaml | 5 +- http/cves/2023/CVE-2023-0099.yaml | 4 +- http/cves/2023/CVE-2023-0126.yaml | 10 +-- http/cves/2023/CVE-2023-0159.yaml | 2 +- http/cves/2023/CVE-2023-0236.yaml | 11 ++-- http/cves/2023/CVE-2023-0261.yaml | 5 +- http/cves/2023/CVE-2023-0297.yaml | 7 +-- http/cves/2023/CVE-2023-0334.yaml | 2 +- http/cves/2023/CVE-2023-0448.yaml | 7 +-- http/cves/2023/CVE-2023-0514.yaml | 5 +- http/cves/2023/CVE-2023-0552.yaml | 5 +- http/cves/2023/CVE-2023-0562.yaml | 10 +-- http/cves/2023/CVE-2023-0563.yaml | 10 +-- http/cves/2023/CVE-2023-0630.yaml | 4 +- http/cves/2023/CVE-2023-0669.yaml | 14 ++--- http/cves/2023/CVE-2023-0676.yaml | 17 ++---- http/cves/2023/CVE-2023-0678.yaml | 10 ++- http/cves/2023/CVE-2023-0777.yaml | 8 ++- http/cves/2023/CVE-2023-0900.yaml | 7 +-- http/cves/2023/CVE-2023-0942.yaml | 4 +- http/cves/2023/CVE-2023-0947.yaml | 6 +- http/cves/2023/CVE-2023-0948.yaml | 5 +- http/cves/2023/CVE-2023-0968.yaml | 4 +- http/cves/2023/CVE-2023-1119.yaml | 3 +- http/cves/2023/CVE-2023-1263.yaml | 6 +- http/cves/2023/CVE-2023-1315.yaml | 28 +++------ http/cves/2023/CVE-2023-1317.yaml | 15 ++--- http/cves/2023/CVE-2023-1318.yaml | 17 ++---- http/cves/2023/CVE-2023-1362.yaml | 5 +- http/cves/2023/CVE-2023-1389.yaml | 11 ++-- http/cves/2023/CVE-2023-1408.yaml | 7 +-- http/cves/2023/CVE-2023-1434.yaml | 8 +-- http/cves/2023/CVE-2023-1454.yaml | 10 +-- http/cves/2023/CVE-2023-1496.yaml | 9 ++- http/cves/2023/CVE-2023-1546.yaml | 5 +- http/cves/2023/CVE-2023-1671.yaml | 8 ++- http/cves/2023/CVE-2023-1698.yaml | 4 +- http/cves/2023/CVE-2023-1719.yaml | 6 +- http/cves/2023/CVE-2023-1780.yaml | 7 +-- http/cves/2023/CVE-2023-1835.yaml | 9 +-- http/cves/2023/CVE-2023-1880.yaml | 9 +-- http/cves/2023/CVE-2023-1892.yaml | 9 +-- http/cves/2023/CVE-2023-20073.yaml | 14 +++-- http/cves/2023/CVE-2023-20198.yaml | 2 +- http/cves/2023/CVE-2023-2059.yaml | 14 ++--- http/cves/2023/CVE-2023-20864.yaml | 4 +- http/cves/2023/CVE-2023-20887.yaml | 8 +-- http/cves/2023/CVE-2023-20888.yaml | 7 ++- http/cves/2023/CVE-2023-20889.yaml | 7 ++- http/cves/2023/CVE-2023-2122.yaml | 5 +- http/cves/2023/CVE-2023-2178.yaml | 5 +- http/cves/2023/CVE-2023-22047.yaml | 6 +- http/cves/2023/CVE-2023-22232.yaml | 15 ++--- http/cves/2023/CVE-2023-2227.yaml | 8 +-- http/cves/2023/CVE-2023-22432.yaml | 6 +- http/cves/2023/CVE-2023-22463.yaml | 8 ++- http/cves/2023/CVE-2023-22478.yaml | 4 +- http/cves/2023/CVE-2023-22480.yaml | 19 +++--- http/cves/2023/CVE-2023-22515.yaml | 8 ++- http/cves/2023/CVE-2023-22518.yaml | 8 ++- http/cves/2023/CVE-2023-2252.yaml | 5 +- http/cves/2023/CVE-2023-22527.yaml | 8 ++- http/cves/2023/CVE-2023-2256.yaml | 12 ++-- http/cves/2023/CVE-2023-22620.yaml | 8 +-- http/cves/2023/CVE-2023-22621.yaml | 18 ++---- http/cves/2023/CVE-2023-2272.yaml | 5 +- http/cves/2023/CVE-2023-22893.yaml | 14 +---- http/cves/2023/CVE-2023-22897.yaml | 12 ++-- http/cves/2023/CVE-2023-22952.yaml | 17 ++---- http/cves/2023/CVE-2023-2309.yaml | 4 +- http/cves/2023/CVE-2023-23161.yaml | 4 +- http/cves/2023/CVE-2023-23333.yaml | 4 +- http/cves/2023/CVE-2023-23488.yaml | 2 +- http/cves/2023/CVE-2023-23489.yaml | 4 +- http/cves/2023/CVE-2023-23491.yaml | 7 +-- http/cves/2023/CVE-2023-23492.yaml | 4 +- http/cves/2023/CVE-2023-2356.yaml | 5 +- http/cves/2023/CVE-2023-23752.yaml | 5 +- http/cves/2023/CVE-2023-24243.yaml | 7 +-- http/cves/2023/CVE-2023-24278.yaml | 7 +-- http/cves/2023/CVE-2023-24322.yaml | 12 ++-- http/cves/2023/CVE-2023-24367.yaml | 6 +- http/cves/2023/CVE-2023-24488.yaml | 8 ++- http/cves/2023/CVE-2023-24489.yaml | 4 +- http/cves/2023/CVE-2023-24657.yaml | 10 ++- http/cves/2023/CVE-2023-24733.yaml | 2 +- http/cves/2023/CVE-2023-24735.yaml | 2 +- http/cves/2023/CVE-2023-24737.yaml | 6 +- http/cves/2023/CVE-2023-2479.yaml | 4 +- http/cves/2023/CVE-2023-25135.yaml | 10 ++- http/cves/2023/CVE-2023-25157.yaml | 6 +- http/cves/2023/CVE-2023-2518.yaml | 4 +- http/cves/2023/CVE-2023-25194.yaml | 8 ++- http/cves/2023/CVE-2023-25346.yaml | 4 +- http/cves/2023/CVE-2023-25573.yaml | 9 +-- http/cves/2023/CVE-2023-25717.yaml | 10 +-- http/cves/2023/CVE-2023-26035.yaml | 19 +++--- http/cves/2023/CVE-2023-26067.yaml | 8 ++- http/cves/2023/CVE-2023-2624.yaml | 11 ++-- http/cves/2023/CVE-2023-26255.yaml | 4 +- http/cves/2023/CVE-2023-26256.yaml | 8 ++- http/cves/2023/CVE-2023-26347.yaml | 6 +- http/cves/2023/CVE-2023-26360.yaml | 9 ++- http/cves/2023/CVE-2023-26469.yaml | 12 ++-- http/cves/2023/CVE-2023-2648.yaml | 12 ++-- http/cves/2023/CVE-2023-26842.yaml | 4 +- http/cves/2023/CVE-2023-26843.yaml | 4 +- http/cves/2023/CVE-2023-27008.yaml | 9 +-- http/cves/2023/CVE-2023-27032.yaml | 4 +- http/cves/2023/CVE-2023-27034.yaml | 5 +- http/cves/2023/CVE-2023-27159.yaml | 7 ++- http/cves/2023/CVE-2023-27292.yaml | 4 +- http/cves/2023/CVE-2023-2732.yaml | 9 ++- http/cves/2023/CVE-2023-27350.yaml | 8 +-- http/cves/2023/CVE-2023-27372.yaml | 9 ++- http/cves/2023/CVE-2023-2745.yaml | 18 +----- http/cves/2023/CVE-2023-27482.yaml | 5 +- http/cves/2023/CVE-2023-27524.yaml | 14 ++--- http/cves/2023/CVE-2023-27584.yaml | 14 ++--- http/cves/2023/CVE-2023-27639.yaml | 4 +- http/cves/2023/CVE-2023-27640.yaml | 4 +- http/cves/2023/CVE-2023-27641.yaml | 3 +- http/cves/2023/CVE-2023-2766.yaml | 4 +- http/cves/2023/CVE-2023-2779.yaml | 7 +-- http/cves/2023/CVE-2023-27847.yaml | 3 +- http/cves/2023/CVE-2023-27922.yaml | 2 +- http/cves/2023/CVE-2023-2796.yaml | 10 +-- http/cves/2023/CVE-2023-28121.yaml | 6 +- http/cves/2023/CVE-2023-2813.yaml | 4 +- http/cves/2023/CVE-2023-2822.yaml | 4 +- http/cves/2023/CVE-2023-2825.yaml | 20 +++--- http/cves/2023/CVE-2023-28343.yaml | 12 ++-- http/cves/2023/CVE-2023-28432.yaml | 10 +-- http/cves/2023/CVE-2023-28662.yaml | 5 +- http/cves/2023/CVE-2023-28665.yaml | 5 +- http/cves/2023/CVE-2023-29084.yaml | 7 +-- http/cves/2023/CVE-2023-29204.yaml | 6 +- http/cves/2023/CVE-2023-29298.yaml | 2 + http/cves/2023/CVE-2023-29300.yaml | 8 ++- http/cves/2023/CVE-2023-29357.yaml | 6 +- http/cves/2023/CVE-2023-29439.yaml | 12 ++-- http/cves/2023/CVE-2023-2948.yaml | 15 ++--- http/cves/2023/CVE-2023-29489.yaml | 1 + http/cves/2023/CVE-2023-2949.yaml | 13 ++-- http/cves/2023/CVE-2023-29506.yaml | 7 +-- http/cves/2023/CVE-2023-29919.yaml | 6 +- http/cves/2023/CVE-2023-29922.yaml | 9 ++- http/cves/2023/CVE-2023-29923.yaml | 7 +-- http/cves/2023/CVE-2023-30019.yaml | 5 +- http/cves/2023/CVE-2023-30150.yaml | 8 ++- http/cves/2023/CVE-2023-30210.yaml | 4 +- http/cves/2023/CVE-2023-30212.yaml | 4 +- http/cves/2023/CVE-2023-30256.yaml | 4 +- http/cves/2023/CVE-2023-30258.yaml | 4 +- http/cves/2023/CVE-2023-30534.yaml | 9 +-- http/cves/2023/CVE-2023-3077.yaml | 5 +- http/cves/2023/CVE-2023-30868.yaml | 10 +-- http/cves/2023/CVE-2023-30943.yaml | 14 ++--- http/cves/2023/CVE-2023-31059.yaml | 8 ++- http/cves/2023/CVE-2023-31446.yaml | 8 ++- http/cves/2023/CVE-2023-31465.yaml | 6 +- http/cves/2023/CVE-2023-31478.yaml | 10 +-- http/cves/2023/CVE-2023-3188.yaml | 11 ++-- http/cves/2023/CVE-2023-32068.yaml | 12 ++-- http/cves/2023/CVE-2023-32077.yaml | 4 +- http/cves/2023/CVE-2023-32117.yaml | 8 +-- http/cves/2023/CVE-2023-3219.yaml | 9 ++- http/cves/2023/CVE-2023-32235.yaml | 10 +-- http/cves/2023/CVE-2023-32243.yaml | 4 +- http/cves/2023/CVE-2023-32315.yaml | 11 ++-- http/cves/2023/CVE-2023-33338.yaml | 4 +- http/cves/2023/CVE-2023-33405.yaml | 4 +- http/cves/2023/CVE-2023-33439.yaml | 4 +- http/cves/2023/CVE-2023-33440.yaml | 4 +- http/cves/2023/CVE-2023-33510.yaml | 9 ++- http/cves/2023/CVE-2023-33568.yaml | 6 +- http/cves/2023/CVE-2023-33629.yaml | 8 ++- http/cves/2023/CVE-2023-3368.yaml | 8 +-- http/cves/2023/CVE-2023-3380.yaml | 18 +++--- http/cves/2023/CVE-2023-33831.yaml | 9 +-- http/cves/2023/CVE-2023-34020.yaml | 16 ++--- http/cves/2023/CVE-2023-34105.yaml | 17 +++--- http/cves/2023/CVE-2023-34124.yaml | 8 +-- http/cves/2023/CVE-2023-34192.yaml | 3 +- http/cves/2023/CVE-2023-34259.yaml | 6 +- http/cves/2023/CVE-2023-34362.yaml | 6 +- http/cves/2023/CVE-2023-34537.yaml | 7 +-- http/cves/2023/CVE-2023-34598.yaml | 8 ++- http/cves/2023/CVE-2023-34599.yaml | 8 ++- http/cves/2023/CVE-2023-3460.yaml | 20 ++---- http/cves/2023/CVE-2023-34659.yaml | 15 ++--- http/cves/2023/CVE-2023-34751.yaml | 4 +- http/cves/2023/CVE-2023-34752.yaml | 8 ++- http/cves/2023/CVE-2023-34753.yaml | 8 ++- http/cves/2023/CVE-2023-34754.yaml | 8 +-- http/cves/2023/CVE-2023-34755.yaml | 8 ++- http/cves/2023/CVE-2023-34756.yaml | 4 +- http/cves/2023/CVE-2023-3479.yaml | 6 +- http/cves/2023/CVE-2023-34843.yaml | 8 ++- http/cves/2023/CVE-2023-34960.yaml | 4 +- http/cves/2023/CVE-2023-34993.yaml | 7 ++- http/cves/2023/CVE-2023-35078.yaml | 4 +- http/cves/2023/CVE-2023-35082.yaml | 4 +- http/cves/2023/CVE-2023-35155.yaml | 19 +++--- http/cves/2023/CVE-2023-35156.yaml | 6 +- http/cves/2023/CVE-2023-35158.yaml | 1 + http/cves/2023/CVE-2023-35159.yaml | 17 ++---- http/cves/2023/CVE-2023-35160.yaml | 6 +- http/cves/2023/CVE-2023-35161.yaml | 17 ++---- http/cves/2023/CVE-2023-35162.yaml | 11 ++-- http/cves/2023/CVE-2023-3521.yaml | 9 +-- http/cves/2023/CVE-2023-3578.yaml | 28 +++------ http/cves/2023/CVE-2023-35813.yaml | 4 +- http/cves/2023/CVE-2023-35843.yaml | 2 +- http/cves/2023/CVE-2023-35844.yaml | 8 ++- http/cves/2023/CVE-2023-35885.yaml | 5 +- http/cves/2023/CVE-2023-36144.yaml | 4 +- http/cves/2023/CVE-2023-36284.yaml | 6 +- http/cves/2023/CVE-2023-36287.yaml | 4 +- http/cves/2023/CVE-2023-36289.yaml | 4 +- http/cves/2023/CVE-2023-36306.yaml | 4 +- http/cves/2023/CVE-2023-36346.yaml | 4 +- http/cves/2023/CVE-2023-36844.yaml | 14 ++--- http/cves/2023/CVE-2023-36845.yaml | 10 +-- http/cves/2023/CVE-2023-36934.yaml | 10 +-- http/cves/2023/CVE-2023-37265.yaml | 4 +- http/cves/2023/CVE-2023-37266.yaml | 10 +-- http/cves/2023/CVE-2023-37270.yaml | 15 ++--- http/cves/2023/CVE-2023-37462.yaml | 3 +- http/cves/2023/CVE-2023-37580.yaml | 4 +- http/cves/2023/CVE-2023-37599.yaml | 2 +- http/cves/2023/CVE-2023-37645.yaml | 6 +- http/cves/2023/CVE-2023-3765.yaml | 4 +- http/cves/2023/CVE-2023-37679.yaml | 8 ++- http/cves/2023/CVE-2023-37728.yaml | 2 +- http/cves/2023/CVE-2023-37979.yaml | 9 +-- http/cves/2023/CVE-2023-38035.yaml | 8 +-- http/cves/2023/CVE-2023-38040.yaml | 12 ++-- http/cves/2023/CVE-2023-38192.yaml | 10 +-- http/cves/2023/CVE-2023-38194.yaml | 11 ++-- http/cves/2023/CVE-2023-38203.yaml | 6 +- http/cves/2023/CVE-2023-38205.yaml | 2 + http/cves/2023/CVE-2023-3836.yaml | 18 +++--- http/cves/2023/CVE-2023-38433.yaml | 4 +- http/cves/2023/CVE-2023-3844.yaml | 10 +-- http/cves/2023/CVE-2023-3845.yaml | 10 +-- http/cves/2023/CVE-2023-3847.yaml | 10 +-- http/cves/2023/CVE-2023-3849.yaml | 10 +-- http/cves/2023/CVE-2023-38501.yaml | 4 +- http/cves/2023/CVE-2023-38646.yaml | 11 ++-- http/cves/2023/CVE-2023-38964.yaml | 4 +- http/cves/2023/CVE-2023-38992.yaml | 20 ++---- http/cves/2023/CVE-2023-39002.yaml | 4 +- http/cves/2023/CVE-2023-39007.yaml | 9 +-- http/cves/2023/CVE-2023-39024.yaml | 3 +- http/cves/2023/CVE-2023-39026.yaml | 14 ++--- http/cves/2023/CVE-2023-39108.yaml | 8 ++- http/cves/2023/CVE-2023-39109.yaml | 8 ++- http/cves/2023/CVE-2023-39110.yaml | 8 ++- http/cves/2023/CVE-2023-39141.yaml | 8 ++- http/cves/2023/CVE-2023-39143.yaml | 6 +- http/cves/2023/CVE-2023-3936.yaml | 5 +- http/cves/2023/CVE-2023-39361.yaml | 5 +- http/cves/2023/CVE-2023-39560.yaml | 7 +-- http/cves/2023/CVE-2023-39598.yaml | 4 +- http/cves/2023/CVE-2023-39600.yaml | 7 ++- http/cves/2023/CVE-2023-39650.yaml | 3 +- http/cves/2023/CVE-2023-39676.yaml | 8 ++- http/cves/2023/CVE-2023-39677.yaml | 4 +- http/cves/2023/CVE-2023-39700.yaml | 6 +- http/cves/2023/CVE-2023-39796.yaml | 4 +- http/cves/2023/CVE-2023-3990.yaml | 15 +++-- http/cves/2023/CVE-2023-40208.yaml | 12 ++-- http/cves/2023/CVE-2023-40355.yaml | 2 +- http/cves/2023/CVE-2023-40504.yaml | 15 +++-- http/cves/2023/CVE-2023-40748.yaml | 8 +-- http/cves/2023/CVE-2023-40749.yaml | 3 +- http/cves/2023/CVE-2023-40750.yaml | 9 +-- http/cves/2023/CVE-2023-40751.yaml | 9 +-- http/cves/2023/CVE-2023-40752.yaml | 4 +- http/cves/2023/CVE-2023-40753.yaml | 9 +-- http/cves/2023/CVE-2023-40755.yaml | 9 +-- http/cves/2023/CVE-2023-40779.yaml | 8 ++- http/cves/2023/CVE-2023-40931.yaml | 16 ++--- http/cves/2023/CVE-2023-41109.yaml | 8 +-- http/cves/2023/CVE-2023-4111.yaml | 8 +-- http/cves/2023/CVE-2023-4112.yaml | 12 ++-- http/cves/2023/CVE-2023-4113.yaml | 8 +-- http/cves/2023/CVE-2023-4115.yaml | 8 +-- http/cves/2023/CVE-2023-4116.yaml | 4 +- http/cves/2023/CVE-2023-41265.yaml | 11 ++-- http/cves/2023/CVE-2023-41266.yaml | 14 ++--- http/cves/2023/CVE-2023-4148.yaml | 2 +- http/cves/2023/CVE-2023-4151.yaml | 18 ++---- http/cves/2023/CVE-2023-41597.yaml | 2 +- http/cves/2023/CVE-2023-41599.yaml | 12 ++-- http/cves/2023/CVE-2023-41621.yaml | 2 +- http/cves/2023/CVE-2023-41642.yaml | 4 +- http/cves/2023/CVE-2023-4169.yaml | 10 +-- http/cves/2023/CVE-2023-4173.yaml | 6 +- http/cves/2023/CVE-2023-4174.yaml | 5 +- http/cves/2023/CVE-2023-41763.yaml | 4 +- http/cves/2023/CVE-2023-41892.yaml | 15 ++--- http/cves/2023/CVE-2023-4220.yaml | 5 +- http/cves/2023/CVE-2023-42343.yaml | 10 ++- http/cves/2023/CVE-2023-42344.yaml | 11 +--- http/cves/2023/CVE-2023-42442.yaml | 9 +-- http/cves/2023/CVE-2023-42793.yaml | 13 ++-- http/cves/2023/CVE-2023-4284.yaml | 18 +++--- http/cves/2023/CVE-2023-43177.yaml | 15 ++--- http/cves/2023/CVE-2023-43187.yaml | 9 +-- http/cves/2023/CVE-2023-43208.yaml | 12 ++-- http/cves/2023/CVE-2023-43261.yaml | 3 +- http/cves/2023/CVE-2023-43323.yaml | 22 +++---- http/cves/2023/CVE-2023-43325.yaml | 8 +-- http/cves/2023/CVE-2023-43326.yaml | 8 +-- http/cves/2023/CVE-2023-43373.yaml | 18 ++---- http/cves/2023/CVE-2023-43374.yaml | 4 +- http/cves/2023/CVE-2023-43472.yaml | 8 +-- http/cves/2023/CVE-2023-43654.yaml | 13 ++-- http/cves/2023/CVE-2023-43662.yaml | 5 +- http/cves/2023/CVE-2023-43795.yaml | 3 +- http/cves/2023/CVE-2023-44012.yaml | 5 +- http/cves/2023/CVE-2023-44352.yaml | 5 +- http/cves/2023/CVE-2023-44353.yaml | 1 + http/cves/2023/CVE-2023-44393.yaml | 13 +--- http/cves/2023/CVE-2023-4450.yaml | 13 ++-- http/cves/2023/CVE-2023-4451.yaml | 7 ++- http/cves/2023/CVE-2023-44812.yaml | 8 +-- http/cves/2023/CVE-2023-44813.yaml | 10 ++- http/cves/2023/CVE-2023-4490.yaml | 17 ++---- http/cves/2023/CVE-2023-45136.yaml | 16 ++--- http/cves/2023/CVE-2023-4521.yaml | 5 +- http/cves/2023/CVE-2023-45375.yaml | 4 +- http/cves/2023/CVE-2023-4542.yaml | 4 +- http/cves/2023/CVE-2023-4547.yaml | 10 +-- http/cves/2023/CVE-2023-45542.yaml | 12 ++-- http/cves/2023/CVE-2023-45671.yaml | 4 +- http/cves/2023/CVE-2023-4568.yaml | 3 +- http/cves/2023/CVE-2023-45826.yaml | 3 +- http/cves/2023/CVE-2023-45852.yaml | 8 ++- http/cves/2023/CVE-2023-45855.yaml | 6 +- http/cves/2023/CVE-2023-45878.yaml | 12 ++-- http/cves/2023/CVE-2023-4596.yaml | 10 +-- http/cves/2023/CVE-2023-4634.yaml | 2 +- http/cves/2023/CVE-2023-46347.yaml | 9 +-- http/cves/2023/CVE-2023-46359.yaml | 3 +- http/cves/2023/CVE-2023-46455.yaml | 11 ++-- http/cves/2023/CVE-2023-46574.yaml | 8 ++- http/cves/2023/CVE-2023-46732.yaml | 8 +-- http/cves/2023/CVE-2023-46747.yaml | 12 ++-- http/cves/2023/CVE-2023-46805.yaml | 12 ++-- http/cves/2023/CVE-2023-46818.yaml | 13 +--- http/cves/2023/CVE-2023-47105.yaml | 2 +- http/cves/2023/CVE-2023-47115.yaml | 7 +-- http/cves/2023/CVE-2023-47117.yaml | 6 +- http/cves/2023/CVE-2023-47211.yaml | 14 +++-- http/cves/2023/CVE-2023-47218.yaml | 9 +-- http/cves/2023/CVE-2023-47246.yaml | 4 +- http/cves/2023/CVE-2023-47248.yaml | 4 +- http/cves/2023/CVE-2023-47253.yaml | 5 +- http/cves/2023/CVE-2023-47643.yaml | 4 +- http/cves/2023/CVE-2023-47684.yaml | 13 ++-- http/cves/2023/CVE-2023-48023.yaml | 17 ++---- http/cves/2023/CVE-2023-48084.yaml | 10 ++- http/cves/2023/CVE-2023-48241.yaml | 14 ++--- http/cves/2023/CVE-2023-48728.yaml | 10 +-- http/cves/2023/CVE-2023-48777.yaml | 15 ++--- http/cves/2023/CVE-2023-49070.yaml | 10 +-- http/cves/2023/CVE-2023-49103.yaml | 14 +++-- http/cves/2023/CVE-2023-49489.yaml | 3 +- http/cves/2023/CVE-2023-49494.yaml | 15 +---- http/cves/2023/CVE-2023-4966.yaml | 14 +++-- http/cves/2023/CVE-2023-4973.yaml | 18 +++--- http/cves/2023/CVE-2023-4974.yaml | 14 +++-- http/cves/2023/CVE-2023-49785.yaml | 10 +-- http/cves/2023/CVE-2023-5003.yaml | 5 +- http/cves/2023/CVE-2023-50094.yaml | 13 ++-- http/cves/2023/CVE-2023-50290.yaml | 10 +-- http/cves/2023/CVE-2023-50719.yaml | 8 +-- http/cves/2023/CVE-2023-50720.yaml | 8 +-- http/cves/2023/CVE-2023-5074.yaml | 4 +- http/cves/2023/CVE-2023-5089.yaml | 8 +-- http/cves/2023/CVE-2023-50917.yaml | 7 ++- http/cves/2023/CVE-2023-50968.yaml | 6 +- http/cves/2023/CVE-2023-51409.yaml | 14 ++--- http/cves/2023/CVE-2023-51449.yaml | 28 ++++----- http/cves/2023/CVE-2023-51467.yaml | 10 +-- http/cves/2023/CVE-2023-52085.yaml | 18 +++--- http/cves/2023/CVE-2023-5222.yaml | 16 +++-- http/cves/2023/CVE-2023-52251.yaml | 3 +- http/cves/2023/CVE-2023-5244.yaml | 6 +- http/cves/2023/CVE-2023-5360.yaml | 2 +- http/cves/2023/CVE-2023-5375.yaml | 7 +-- http/cves/2023/CVE-2023-5556.yaml | 6 +- http/cves/2023/CVE-2023-5558.yaml | 17 ++---- http/cves/2023/CVE-2023-5561.yaml | 10 ++- http/cves/2023/CVE-2023-5830.yaml | 14 +++-- http/cves/2023/CVE-2023-5863.yaml | 10 +-- http/cves/2023/CVE-2023-5914.yaml | 13 ++-- http/cves/2023/CVE-2023-5974.yaml | 12 ++-- http/cves/2023/CVE-2023-5991.yaml | 2 +- http/cves/2023/CVE-2023-6018.yaml | 6 +- http/cves/2023/CVE-2023-6020.yaml | 10 +-- http/cves/2023/CVE-2023-6021.yaml | 13 ++-- http/cves/2023/CVE-2023-6023.yaml | 12 ++-- http/cves/2023/CVE-2023-6038.yaml | 8 ++- http/cves/2023/CVE-2023-6063.yaml | 6 +- http/cves/2023/CVE-2023-6114.yaml | 5 +- http/cves/2023/CVE-2023-6275.yaml | 4 +- http/cves/2023/CVE-2023-6329.yaml | 8 +-- http/cves/2023/CVE-2023-6360.yaml | 11 ++-- http/cves/2023/CVE-2023-6379.yaml | 5 +- http/cves/2023/CVE-2023-6380.yaml | 4 +- http/cves/2023/CVE-2023-6389.yaml | 7 +-- http/cves/2023/CVE-2023-6421.yaml | 4 +- http/cves/2023/CVE-2023-6444.yaml | 5 +- http/cves/2023/CVE-2023-6505.yaml | 3 +- http/cves/2023/CVE-2023-6553.yaml | 6 +- http/cves/2023/CVE-2023-6567.yaml | 9 +-- http/cves/2023/CVE-2023-6568.yaml | 13 ++-- http/cves/2023/CVE-2023-6623.yaml | 7 +-- http/cves/2023/CVE-2023-6634.yaml | 9 +-- http/cves/2023/CVE-2023-6697.yaml | 11 +--- http/cves/2023/CVE-2023-6786.yaml | 8 +-- http/cves/2023/CVE-2023-6831.yaml | 6 +- http/cves/2023/CVE-2023-6875.yaml | 6 +- http/cves/2023/CVE-2023-6977.yaml | 7 +-- http/cves/2023/CVE-2023-6989.yaml | 7 +-- http/cves/2023/CVE-2023-7028.yaml | 10 +-- http/cves/2023/CVE-2023-7246.yaml | 12 +--- http/cves/2024/CVE-2024-0012.yaml | 10 ++- http/cves/2024/CVE-2024-0195.yaml | 14 +++-- http/cves/2024/CVE-2024-0200.yaml | 2 +- http/cves/2024/CVE-2024-0204.yaml | 13 ++-- http/cves/2024/CVE-2024-0235.yaml | 12 ++-- http/cves/2024/CVE-2024-0250.yaml | 2 +- http/cves/2024/CVE-2024-0305.yaml | 18 +++--- http/cves/2024/CVE-2024-0352.yaml | 12 ++-- http/cves/2024/CVE-2024-0713.yaml | 1 - http/cves/2024/CVE-2024-0881.yaml | 11 +--- http/cves/2024/CVE-2024-0939.yaml | 20 +++--- http/cves/2024/CVE-2024-0986.yaml | 2 +- http/cves/2024/CVE-2024-1021.yaml | 10 +-- http/cves/2024/CVE-2024-10400.yaml | 11 +--- http/cves/2024/CVE-2024-10486.yaml | 5 +- http/cves/2024/CVE-2024-10516.yaml | 19 +++--- http/cves/2024/CVE-2024-1061.yaml | 16 ++--- http/cves/2024/CVE-2024-1071.yaml | 22 ++----- http/cves/2024/CVE-2024-10783.yaml | 5 +- http/cves/2024/CVE-2024-10812.yaml | 3 +- http/cves/2024/CVE-2024-10908.yaml | 5 +- http/cves/2024/CVE-2024-10914.yaml | 17 +++--- http/cves/2024/CVE-2024-10924.yaml | 17 +++--- http/cves/2024/CVE-2024-11044.yaml | 11 +--- http/cves/2024/CVE-2024-11303.yaml | 6 +- http/cves/2024/CVE-2024-11305.yaml | 2 +- http/cves/2024/CVE-2024-11320.yaml | 14 ++--- http/cves/2024/CVE-2024-11396.yaml | 7 ++- http/cves/2024/CVE-2024-11680.yaml | 12 ++-- http/cves/2024/CVE-2024-11728.yaml | 4 +- http/cves/2024/CVE-2024-11740.yaml | 4 +- http/cves/2024/CVE-2024-1183.yaml | 12 +--- http/cves/2024/CVE-2024-11921.yaml | 4 +- http/cves/2024/CVE-2024-1208.yaml | 6 +- http/cves/2024/CVE-2024-1209.yaml | 2 +- http/cves/2024/CVE-2024-1210.yaml | 4 +- http/cves/2024/CVE-2024-12209.yaml | 13 ++-- http/cves/2024/CVE-2024-12760.yaml | 1 - http/cves/2024/CVE-2024-12824.yaml | 7 ++- http/cves/2024/CVE-2024-12849.yaml | 6 +- http/cves/2024/CVE-2024-12987.yaml | 21 +++---- http/cves/2024/CVE-2024-13126.yaml | 4 +- http/cves/2024/CVE-2024-13159.yaml | 9 +-- http/cves/2024/CVE-2024-13161.yaml | 9 +-- http/cves/2024/CVE-2024-13322.yaml | 7 --- http/cves/2024/CVE-2024-13496.yaml | 18 ++---- http/cves/2024/CVE-2024-13624.yaml | 5 +- http/cves/2024/CVE-2024-13726.yaml | 4 +- http/cves/2024/CVE-2024-1380.yaml | 4 +- http/cves/2024/CVE-2024-13853.yaml | 13 ++-- http/cves/2024/CVE-2024-13888.yaml | 4 +- http/cves/2024/CVE-2024-1483.yaml | 6 +- http/cves/2024/CVE-2024-1512.yaml | 10 +-- http/cves/2024/CVE-2024-1561.yaml | 18 ++---- http/cves/2024/CVE-2024-1698.yaml | 15 ++--- http/cves/2024/CVE-2024-1709.yaml | 15 ++--- http/cves/2024/CVE-2024-1728.yaml | 16 ++--- http/cves/2024/CVE-2024-20419.yaml | 7 ++- http/cves/2024/CVE-2024-20767.yaml | 23 +++---- http/cves/2024/CVE-2024-21136.yaml | 7 +-- http/cves/2024/CVE-2024-21485.yaml | 17 +++--- http/cves/2024/CVE-2024-21633.yaml | 11 ++-- http/cves/2024/CVE-2024-21641.yaml | 9 +-- http/cves/2024/CVE-2024-21644.yaml | 13 ++-- http/cves/2024/CVE-2024-21645.yaml | 12 ++-- http/cves/2024/CVE-2024-21650.yaml | 20 +++--- http/cves/2024/CVE-2024-21683.yaml | 5 +- http/cves/2024/CVE-2024-21887.yaml | 3 +- http/cves/2024/CVE-2024-21893.yaml | 3 +- http/cves/2024/CVE-2024-22024.yaml | 14 +---- http/cves/2024/CVE-2024-22207.yaml | 14 ++--- http/cves/2024/CVE-2024-22319.yaml | 7 +-- http/cves/2024/CVE-2024-22320.yaml | 7 +-- http/cves/2024/CVE-2024-22476.yaml | 7 +-- http/cves/2024/CVE-2024-22927.yaml | 9 +-- http/cves/2024/CVE-2024-23163.yaml | 7 +-- http/cves/2024/CVE-2024-23167.yaml | 5 +- http/cves/2024/CVE-2024-2330.yaml | 15 ++--- http/cves/2024/CVE-2024-23334.yaml | 12 ++-- http/cves/2024/CVE-2024-2340.yaml | 9 +-- http/cves/2024/CVE-2024-23917.yaml | 11 ++-- http/cves/2024/CVE-2024-24112.yaml | 5 +- http/cves/2024/CVE-2024-24116.yaml | 10 ++- http/cves/2024/CVE-2024-24131.yaml | 8 ++- http/cves/2024/CVE-2024-24565.yaml | 5 +- http/cves/2024/CVE-2024-2473.yaml | 19 ++---- http/cves/2024/CVE-2024-24759.yaml | 5 +- http/cves/2024/CVE-2024-24763.yaml | 9 +-- http/cves/2024/CVE-2024-24809.yaml | 8 +-- http/cves/2024/CVE-2024-24919.yaml | 10 +-- http/cves/2024/CVE-2024-25669.yaml | 4 +- http/cves/2024/CVE-2024-25735.yaml | 14 ++--- http/cves/2024/CVE-2024-25852.yaml | 5 +- http/cves/2024/CVE-2024-2621.yaml | 7 +-- http/cves/2024/CVE-2024-26331.yaml | 9 +-- http/cves/2024/CVE-2024-27115.yaml | 7 +-- http/cves/2024/CVE-2024-27198.yaml | 9 +-- http/cves/2024/CVE-2024-27199.yaml | 8 +-- http/cves/2024/CVE-2024-27292.yaml | 6 +- http/cves/2024/CVE-2024-27348.yaml | 13 ++-- http/cves/2024/CVE-2024-27497.yaml | 8 +-- http/cves/2024/CVE-2024-27564.yaml | 19 ++---- http/cves/2024/CVE-2024-27956.yaml | 8 +-- http/cves/2024/CVE-2024-28397.yaml | 25 ++------ http/cves/2024/CVE-2024-2876.yaml | 9 --- http/cves/2024/CVE-2024-2879.yaml | 18 +++--- http/cves/2024/CVE-2024-28987.yaml | 10 +-- http/cves/2024/CVE-2024-28995.yaml | 16 ++--- http/cves/2024/CVE-2024-29059.yaml | 10 +-- http/cves/2024/CVE-2024-29269.yaml | 21 +++---- http/cves/2024/CVE-2024-29272.yaml | 11 ++-- http/cves/2024/CVE-2024-2928.yaml | 7 +-- http/cves/2024/CVE-2024-29824.yaml | 13 +--- http/cves/2024/CVE-2024-29868.yaml | 11 +--- http/cves/2024/CVE-2024-29889.yaml | 13 +--- http/cves/2024/CVE-2024-29895.yaml | 17 ++---- http/cves/2024/CVE-2024-29972.yaml | 2 +- http/cves/2024/CVE-2024-29973.yaml | 10 ++- http/cves/2024/CVE-2024-30188.yaml | 3 +- http/cves/2024/CVE-2024-30269.yaml | 2 +- http/cves/2024/CVE-2024-3032.yaml | 4 +- http/cves/2024/CVE-2024-30568.yaml | 15 ++--- http/cves/2024/CVE-2024-30569.yaml | 7 +-- http/cves/2024/CVE-2024-30570.yaml | 13 ++-- http/cves/2024/CVE-2024-3097.yaml | 6 +- http/cves/2024/CVE-2024-3136.yaml | 19 ++---- http/cves/2024/CVE-2024-31621.yaml | 9 +-- http/cves/2024/CVE-2024-31750.yaml | 9 +-- http/cves/2024/CVE-2024-31850.yaml | 10 +-- http/cves/2024/CVE-2024-31851.yaml | 4 +- http/cves/2024/CVE-2024-31982.yaml | 18 +++--- http/cves/2024/CVE-2024-32113.yaml | 10 +-- http/cves/2024/CVE-2024-32231.yaml | 9 +-- http/cves/2024/CVE-2024-32238.yaml | 5 +- http/cves/2024/CVE-2024-3234.yaml | 2 +- http/cves/2024/CVE-2024-32399.yaml | 15 ++--- http/cves/2024/CVE-2024-32640.yaml | 4 +- http/cves/2024/CVE-2024-32709.yaml | 15 ++--- http/cves/2024/CVE-2024-3273.yaml | 16 ++--- http/cves/2024/CVE-2024-32735.yaml | 6 +- http/cves/2024/CVE-2024-32736.yaml | 7 +-- http/cves/2024/CVE-2024-32737.yaml | 6 +- http/cves/2024/CVE-2024-32738.yaml | 6 +- http/cves/2024/CVE-2024-32739.yaml | 7 +-- http/cves/2024/CVE-2024-3274.yaml | 7 +-- http/cves/2024/CVE-2024-32870.yaml | 19 ++---- http/cves/2024/CVE-2024-32964.yaml | 9 ++- http/cves/2024/CVE-2024-33113.yaml | 4 +- http/cves/2024/CVE-2024-33288.yaml | 6 +- http/cves/2024/CVE-2024-33575.yaml | 2 +- http/cves/2024/CVE-2024-33605.yaml | 8 +-- http/cves/2024/CVE-2024-33610.yaml | 8 +-- http/cves/2024/CVE-2024-33724.yaml | 4 +- http/cves/2024/CVE-2024-3400.yaml | 1 + http/cves/2024/CVE-2024-34102.yaml | 17 +----- http/cves/2024/CVE-2024-34257.yaml | 6 +- http/cves/2024/CVE-2024-34351.yaml | 61 +++++++++---------- http/cves/2024/CVE-2024-34470.yaml | 13 ++-- http/cves/2024/CVE-2024-34982.yaml | 17 ++---- http/cves/2024/CVE-2024-35219.yaml | 3 +- http/cves/2024/CVE-2024-3552.yaml | 20 ++---- http/cves/2024/CVE-2024-35584.yaml | 6 +- http/cves/2024/CVE-2024-36104.yaml | 10 +-- http/cves/2024/CVE-2024-36117.yaml | 8 +-- http/cves/2024/CVE-2024-36401.yaml | 23 ++----- http/cves/2024/CVE-2024-36404.yaml | 7 +-- http/cves/2024/CVE-2024-36412.yaml | 18 ++---- http/cves/2024/CVE-2024-36527.yaml | 36 +++++------ http/cves/2024/CVE-2024-3656.yaml | 4 +- http/cves/2024/CVE-2024-36683.yaml | 17 +++--- http/cves/2024/CVE-2024-3673.yaml | 15 ++--- http/cves/2024/CVE-2024-36837.yaml | 13 +--- http/cves/2024/CVE-2024-36991.yaml | 3 +- http/cves/2024/CVE-2024-37032.yaml | 9 +-- http/cves/2024/CVE-2024-37152.yaml | 17 +----- http/cves/2024/CVE-2024-37393.yaml | 16 +---- http/cves/2024/CVE-2024-3753.yaml | 15 ++--- http/cves/2024/CVE-2024-37843.yaml | 19 +++--- http/cves/2024/CVE-2024-37881.yaml | 4 +- http/cves/2024/CVE-2024-3822.yaml | 16 ++--- http/cves/2024/CVE-2024-38288.yaml | 8 +-- http/cves/2024/CVE-2024-38289.yaml | 12 +--- http/cves/2024/CVE-2024-38353.yaml | 7 +-- http/cves/2024/CVE-2024-38472.yaml | 6 +- http/cves/2024/CVE-2024-38473.yaml | 17 +++--- http/cves/2024/CVE-2024-38475.yaml | 30 ++------- http/cves/2024/CVE-2024-3848.yaml | 8 +-- http/cves/2024/CVE-2024-3850.yaml | 13 ++-- http/cves/2024/CVE-2024-38816.yaml | 8 +-- http/cves/2024/CVE-2024-38856.yaml | 10 +-- http/cves/2024/CVE-2024-3922.yaml | 18 ++---- http/cves/2024/CVE-2024-39250.yaml | 16 ++--- http/cves/2024/CVE-2024-39713.yaml | 7 +-- http/cves/2024/CVE-2024-39887.yaml | 8 +-- http/cves/2024/CVE-2024-39903.yaml | 11 +--- http/cves/2024/CVE-2024-39907.yaml | 13 ++-- http/cves/2024/CVE-2024-39914.yaml | 10 ++- http/cves/2024/CVE-2024-40348.yaml | 5 +- http/cves/2024/CVE-2024-4040.yaml | 9 +-- http/cves/2024/CVE-2024-40422.yaml | 10 +-- http/cves/2024/CVE-2024-41107.yaml | 9 +-- http/cves/2024/CVE-2024-41667.yaml | 8 +-- http/cves/2024/CVE-2024-41713.yaml | 26 +++----- http/cves/2024/CVE-2024-41810.yaml | 18 ++---- http/cves/2024/CVE-2024-41955.yaml | 4 +- http/cves/2024/CVE-2024-4257.yaml | 2 +- http/cves/2024/CVE-2024-42640.yaml | 3 +- http/cves/2024/CVE-2024-4295.yaml | 12 ++-- http/cves/2024/CVE-2024-43160.yaml | 5 +- http/cves/2024/CVE-2024-43360.yaml | 16 +---- http/cves/2024/CVE-2024-43425.yaml | 29 +++------ http/cves/2024/CVE-2024-4348.yaml | 9 ++- http/cves/2024/CVE-2024-4358.yaml | 14 +---- http/cves/2024/CVE-2024-43917.yaml | 14 ++--- http/cves/2024/CVE-2024-43919.yaml | 8 +-- http/cves/2024/CVE-2024-4399.yaml | 6 +- http/cves/2024/CVE-2024-44000.yaml | 5 +- http/cves/2024/CVE-2024-4434.yaml | 23 +++---- http/cves/2024/CVE-2024-44349.yaml | 6 +- http/cves/2024/CVE-2024-4439.yaml | 4 +- http/cves/2024/CVE-2024-4443.yaml | 17 ++---- http/cves/2024/CVE-2024-44762.yaml | 7 +-- http/cves/2024/CVE-2024-44849.yaml | 8 +-- http/cves/2024/CVE-2024-45195.yaml | 15 ++--- http/cves/2024/CVE-2024-45216.yaml | 50 +++++++-------- http/cves/2024/CVE-2024-45241.yaml | 5 +- http/cves/2024/CVE-2024-45293.yaml | 14 ++--- http/cves/2024/CVE-2024-45309.yaml | 15 ++--- http/cves/2024/CVE-2024-45388.yaml | 12 +--- http/cves/2024/CVE-2024-45440.yaml | 9 +-- http/cves/2024/CVE-2024-45488.yaml | 2 +- http/cves/2024/CVE-2024-45507.yaml | 9 +-- http/cves/2024/CVE-2024-45591.yaml | 3 +- http/cves/2024/CVE-2024-45622.yaml | 5 +- http/cves/2024/CVE-2024-4577.yaml | 7 +-- http/cves/2024/CVE-2024-46310.yaml | 11 +--- http/cves/2024/CVE-2024-46507.yaml | 3 +- http/cves/2024/CVE-2024-46627.yaml | 6 +- http/cves/2024/CVE-2024-46938.yaml | 13 ++-- http/cves/2024/CVE-2024-46986.yaml | 14 ++--- http/cves/2024/CVE-2024-47062.yaml | 7 +-- http/cves/2024/CVE-2024-48248.yaml | 19 +----- http/cves/2024/CVE-2024-48307.yaml | 13 ++-- http/cves/2024/CVE-2024-4836.yaml | 10 +-- http/cves/2024/CVE-2024-48360.yaml | 14 ++--- http/cves/2024/CVE-2024-4841.yaml | 9 ++- http/cves/2024/CVE-2024-48455.yaml | 14 ++--- http/cves/2024/CVE-2024-48766.yaml | 16 ++--- http/cves/2024/CVE-2024-4879.yaml | 1 - http/cves/2024/CVE-2024-4885.yaml | 16 ++--- http/cves/2024/CVE-2024-48914.yaml | 4 +- http/cves/2024/CVE-2024-49380.yaml | 20 +++--- http/cves/2024/CVE-2024-4940.yaml | 8 +-- http/cves/2024/CVE-2024-4956.yaml | 9 +-- http/cves/2024/CVE-2024-50340.yaml | 7 ++- http/cves/2024/CVE-2024-50498.yaml | 3 +- http/cves/2024/CVE-2024-50603.yaml | 14 ++--- http/cves/2024/CVE-2024-5082.yaml | 6 +- http/cves/2024/CVE-2024-5084.yaml | 17 +++--- http/cves/2024/CVE-2024-50967.yaml | 14 ++--- http/cves/2024/CVE-2024-51378.yaml | 19 +++--- http/cves/2024/CVE-2024-51482.yaml | 15 +---- http/cves/2024/CVE-2024-51483.yaml | 4 +- http/cves/2024/CVE-2024-51567.yaml | 6 +- http/cves/2024/CVE-2024-51739.yaml | 26 +++----- http/cves/2024/CVE-2024-5217.yaml | 1 - http/cves/2024/CVE-2024-52433.yaml | 2 +- http/cves/2024/CVE-2024-5276.yaml | 5 +- http/cves/2024/CVE-2024-52763.yaml | 7 +-- http/cves/2024/CVE-2024-5315.yaml | 16 +++-- http/cves/2024/CVE-2024-5334.yaml | 56 ++++++++--------- http/cves/2024/CVE-2024-53991.yaml | 3 +- http/cves/2024/CVE-2024-5421.yaml | 2 +- http/cves/2024/CVE-2024-54330.yaml | 10 +-- http/cves/2024/CVE-2024-54385.yaml | 2 +- http/cves/2024/CVE-2024-54763.yaml | 7 +-- http/cves/2024/CVE-2024-54764.yaml | 7 +-- http/cves/2024/CVE-2024-5488.yaml | 12 ++-- http/cves/2024/CVE-2024-55218.yaml | 7 +-- http/cves/2024/CVE-2024-5522.yaml | 28 +++------ http/cves/2024/CVE-2024-55415.yaml | 22 ++----- http/cves/2024/CVE-2024-55416.yaml | 17 ++---- http/cves/2024/CVE-2024-55457.yaml | 11 +--- http/cves/2024/CVE-2024-55550.yaml | 24 ++------ http/cves/2024/CVE-2024-55591.yaml | 8 +-- http/cves/2024/CVE-2024-56145.yaml | 8 +-- http/cves/2024/CVE-2024-56512.yaml | 2 +- http/cves/2024/CVE-2024-57045.yaml | 7 ++- http/cves/2024/CVE-2024-57046.yaml | 9 +-- http/cves/2024/CVE-2024-57049.yaml | 5 +- http/cves/2024/CVE-2024-57050.yaml | 5 +- http/cves/2024/CVE-2024-57514.yaml | 2 +- http/cves/2024/CVE-2024-5765.yaml | 3 +- http/cves/2024/CVE-2024-57727.yaml | 11 ++-- http/cves/2024/CVE-2024-5827.yaml | 6 +- http/cves/2024/CVE-2024-5910.yaml | 7 +-- http/cves/2024/CVE-2024-5932.yaml | 11 ++-- http/cves/2024/CVE-2024-5936.yaml | 2 +- http/cves/2024/CVE-2024-5947.yaml | 19 ++---- http/cves/2024/CVE-2024-5975.yaml | 10 ++- http/cves/2024/CVE-2024-6028.yaml | 8 +-- http/cves/2024/CVE-2024-6049.yaml | 7 ++- http/cves/2024/CVE-2024-6095.yaml | 6 +- http/cves/2024/CVE-2024-6159.yaml | 2 +- http/cves/2024/CVE-2024-6188.yaml | 10 +-- http/cves/2024/CVE-2024-6205.yaml | 13 ++-- http/cves/2024/CVE-2024-6289.yaml | 9 ++- http/cves/2024/CVE-2024-6366.yaml | 8 +-- http/cves/2024/CVE-2024-6396.yaml | 15 ++--- http/cves/2024/CVE-2024-6460.yaml | 4 +- http/cves/2024/CVE-2024-6517.yaml | 14 ++--- http/cves/2024/CVE-2024-6586.yaml | 12 +--- http/cves/2024/CVE-2024-6587.yaml | 13 ---- http/cves/2024/CVE-2024-6646.yaml | 9 ++- http/cves/2024/CVE-2024-6651.yaml | 19 +++--- http/cves/2024/CVE-2024-6670.yaml | 15 ++--- http/cves/2024/CVE-2024-6746.yaml | 13 ++-- http/cves/2024/CVE-2024-6781.yaml | 10 ++- http/cves/2024/CVE-2024-6782.yaml | 10 ++- http/cves/2024/CVE-2024-6842.yaml | 14 ++--- http/cves/2024/CVE-2024-6845.yaml | 21 ++----- http/cves/2024/CVE-2024-6846.yaml | 14 ++--- http/cves/2024/CVE-2024-6886.yaml | 22 +------ http/cves/2024/CVE-2024-6892.yaml | 2 +- http/cves/2024/CVE-2024-6893.yaml | 11 +--- http/cves/2024/CVE-2024-6911.yaml | 18 +++--- http/cves/2024/CVE-2024-6922.yaml | 9 +-- http/cves/2024/CVE-2024-6924.yaml | 18 +----- http/cves/2024/CVE-2024-6926.yaml | 12 ++-- http/cves/2024/CVE-2024-6928.yaml | 17 ++---- http/cves/2024/CVE-2024-7008.yaml | 2 +- http/cves/2024/CVE-2024-7029.yaml | 8 +-- http/cves/2024/CVE-2024-7188.yaml | 4 +- http/cves/2024/CVE-2024-7313.yaml | 4 +- http/cves/2024/CVE-2024-7314.yaml | 9 +-- http/cves/2024/CVE-2024-7332.yaml | 13 ++-- http/cves/2024/CVE-2024-7339.yaml | 9 +-- http/cves/2024/CVE-2024-7340.yaml | 7 +-- http/cves/2024/CVE-2024-7354.yaml | 18 ++---- http/cves/2024/CVE-2024-7591.yaml | 10 +-- http/cves/2024/CVE-2024-7593.yaml | 7 +-- http/cves/2024/CVE-2024-7714.yaml | 20 +++--- http/cves/2024/CVE-2024-7786.yaml | 22 +++---- http/cves/2024/CVE-2024-7854.yaml | 15 ++--- http/cves/2024/CVE-2024-7928.yaml | 11 +--- http/cves/2024/CVE-2024-7954.yaml | 7 +-- http/cves/2024/CVE-2024-8021.yaml | 13 +--- http/cves/2024/CVE-2024-8181.yaml | 16 ++--- http/cves/2024/CVE-2024-8484.yaml | 5 +- http/cves/2024/CVE-2024-8503.yaml | 2 +- http/cves/2024/CVE-2024-8522.yaml | 24 +++----- http/cves/2024/CVE-2024-8529.yaml | 21 ++----- http/cves/2024/CVE-2024-8673.yaml | 5 +- http/cves/2024/CVE-2024-8698.yaml | 20 +++--- http/cves/2024/CVE-2024-8752.yaml | 15 +---- http/cves/2024/CVE-2024-8856.yaml | 5 +- http/cves/2024/CVE-2024-8859.yaml | 1 - http/cves/2024/CVE-2024-8877.yaml | 22 ++----- http/cves/2024/CVE-2024-8883.yaml | 3 +- http/cves/2024/CVE-2024-8963.yaml | 18 ++---- http/cves/2024/CVE-2024-9014.yaml | 8 +-- http/cves/2024/CVE-2024-9047.yaml | 12 ++-- http/cves/2024/CVE-2024-9061.yaml | 6 +- http/cves/2024/CVE-2024-9186.yaml | 12 ++-- http/cves/2024/CVE-2024-9193.yaml | 11 +--- http/cves/2024/CVE-2024-9234.yaml | 4 +- http/cves/2024/CVE-2024-9463.yaml | 19 +++--- http/cves/2024/CVE-2024-9465.yaml | 18 +++--- http/cves/2024/CVE-2024-9474.yaml | 13 ++-- http/cves/2024/CVE-2024-9487.yaml | 20 ++---- http/cves/2024/CVE-2024-9593.yaml | 16 +++-- http/cves/2024/CVE-2024-9617.yaml | 3 +- http/cves/2024/CVE-2024-9796.yaml | 14 ++--- http/cves/2024/CVE-2024-9935.yaml | 4 +- http/cves/2024/CVE-2024-9989.yaml | 7 ++- http/cves/2025/CVE-2025-0108.yaml | 6 +- http/cves/2025/CVE-2025-0868.yaml | 6 +- http/cves/2025/CVE-2025-1025.yaml | 8 +-- http/cves/2025/CVE-2025-1035.yaml | 2 +- http/cves/2025/CVE-2025-1097.yaml | 4 +- http/cves/2025/CVE-2025-1098.yaml | 7 +-- http/cves/2025/CVE-2025-1323.yaml | 18 +++--- http/cves/2025/CVE-2025-1661.yaml | 9 +-- http/cves/2025/CVE-2025-1743.yaml | 17 +++--- http/cves/2025/CVE-2025-1974.yaml | 5 +- http/cves/2025/CVE-2025-2011.yaml | 4 +- http/cves/2025/CVE-2025-2075.yaml | 8 +-- http/cves/2025/CVE-2025-2127.yaml | 7 +-- http/cves/2025/CVE-2025-2264.yaml | 11 ++-- http/cves/2025/CVE-2025-22952.yaml | 4 +- http/cves/2025/CVE-2025-24016.yaml | 14 ++--- http/cves/2025/CVE-2025-24514.yaml | 6 +- http/cves/2025/CVE-2025-24799.yaml | 2 +- http/cves/2025/CVE-2025-24813.yaml | 9 +-- http/cves/2025/CVE-2025-24893.yaml | 11 +--- http/cves/2025/CVE-2025-24963.yaml | 2 - http/cves/2025/CVE-2025-2539.yaml | 7 ++- http/cves/2025/CVE-2025-2563.yaml | 17 ++---- http/cves/2025/CVE-2025-2609.yaml | 7 ++- http/cves/2025/CVE-2025-2610.yaml | 5 +- http/cves/2025/CVE-2025-26319.yaml | 9 +-- http/cves/2025/CVE-2025-2636.yaml | 10 +-- http/cves/2025/CVE-2025-26793.yaml | 5 +- http/cves/2025/CVE-2025-27112.yaml | 9 +-- http/cves/2025/CVE-2025-27218.yaml | 5 +- http/cves/2025/CVE-2025-2775.yaml | 5 +- http/cves/2025/CVE-2025-2776.yaml | 8 +-- http/cves/2025/CVE-2025-2777.yaml | 5 +- http/cves/2025/CVE-2025-27892.yaml | 16 +---- http/cves/2025/CVE-2025-28228.yaml | 6 +- http/cves/2025/CVE-2025-28367.yaml | 4 -- http/cves/2025/CVE-2025-2907.yaml | 12 +--- http/cves/2025/CVE-2025-29085.yaml | 5 +- http/cves/2025/CVE-2025-29306.yaml | 4 +- http/cves/2025/CVE-2025-29927.yaml | 22 +++---- http/cves/2025/CVE-2025-30208.yaml | 12 ++-- http/cves/2025/CVE-2025-30406.yaml | 13 +--- http/cves/2025/CVE-2025-30567.yaml | 2 +- http/cves/2025/CVE-2025-3102.yaml | 2 +- http/cves/2025/CVE-2025-31125.yaml | 54 ++++++++-------- http/cves/2025/CVE-2025-31161.yaml | 16 +++-- http/cves/2025/CVE-2025-31324.yaml | 15 ++--- http/cves/2025/CVE-2025-31489.yaml | 5 +- http/cves/2025/CVE-2025-32432.yaml | 21 ++----- http/cves/2025/CVE-2025-3248.yaml | 12 +--- http/cves/2025/CVE-2025-34026.yaml | 11 +--- http/cves/2025/CVE-2025-34027.yaml | 11 +--- http/cves/2025/CVE-2025-34028.yaml | 10 +-- http/cves/2025/CVE-2025-4123.yaml | 17 ++---- http/cves/2025/CVE-2025-4388.yaml | 5 +- http/cves/2025/CVE-2025-4396.yaml | 4 +- http/cves/2025/CVE-2025-4427.yaml | 4 +- http/cves/2025/CVE-2025-47204.yaml | 10 --- http/cves/2025/CVE-2025-47916.yaml | 3 +- .../abb/cs141-default-login.yaml | 6 +- .../default-logins/aem/aem-default-login.yaml | 9 +-- .../default-logins/aem/aem-felix-console.yaml | 10 ++- .../apache/apache-apollo-default-login.yaml | 8 +-- .../apache-hertzbeat-default-login.yaml | 3 +- .../apache/cloudstack-default-login.yaml | 6 +- .../dolphinscheduler-default-login.yaml | 6 +- .../apache/doris-default-login.yaml | 4 +- .../apache/karaf-default-login.yaml | 4 +- .../apache/kylin-default-login.yaml | 5 +- .../apache/ranger-default-login.yaml | 6 +- .../apache/tomcat-default-login.yaml | 16 +---- .../apollo/apollo-default-login.yaml | 11 +--- .../asus/asus-rtn16-default-login.yaml | 4 +- .../azkaban/azkaban-default-login.yaml | 8 +-- .../barco-clickshare-default-login.yaml | 2 +- .../batflat/batflat-default-login.yaml | 4 +- .../bloofoxcms-default-login.yaml | 2 +- .../camaleon/camaleon-default-login.yaml | 14 ++--- .../cobbler/hue-default-credential.yaml | 9 +-- .../couchdb/couchdb-default-login.yaml | 9 +-- .../crushftp/crushftp-anonymous-login.yaml | 10 +-- .../crushftp/crushftp-default-login.yaml | 10 +-- .../dataease/dataease-default-login.yaml | 5 +- .../datagerry/datagerry-default-login.yaml | 5 +- .../datahub-metadata-default-login.yaml | 8 +-- .../dataiku/dataiku-default-login.yaml | 6 +- .../deluge/deluge-default-login.yaml | 2 +- .../devdojo-voyager-default-login.yaml | 2 +- .../elasticsearch-default-login.yaml | 3 +- .../emqx/emqx-default-login.yaml | 2 +- .../esafenet-cdg-default-login.yaml | 4 +- .../eurotel/etl3100-default-login.yaml | 4 +- .../franklin-fueling-default-login.yaml | 2 +- .../fuji-xerox/fuji-xerox-default-login.yaml | 2 +- .../geoserver/geoserver-default-login.yaml | 10 +-- .../gitblit/gitblit-default-login.yaml | 8 +-- .../gitlab/gitlab-weak-login.yaml | 13 +--- .../grafana/grafana-default-login.yaml | 10 +-- .../huawei-HG532e-default-router-login.yaml | 5 +- .../hybris/hybris-default-login.yaml | 10 ++- .../default-logins/ibm/imm-default-login.yaml | 8 +-- .../idemia-biometrics-default-login.yaml | 6 +- .../ispconfig-hcp-default-login.yaml | 4 +- .../jboss/jboss-jbpm-default-login.yaml | 7 +-- .../jeedom/jeedom-default-login.yaml | 4 +- .../jellyfin/jellyfin-default-login.yaml | 12 +--- .../jupyterhub/jupyterhub-default-login.yaml | 8 +-- .../kanboard-default-login.yaml | 7 +-- .../klog-server-default-login.yaml | 2 +- .../leostream/leostream-default-login.yaml | 6 +- .../loytec/loytec-default-password.yaml | 3 +- .../magnolia-default-login.yaml | 12 +--- .../mantisbt/mantisbt-anonymous-login.yaml | 11 +--- .../mantisbt/mantisbt-default-credential.yaml | 15 +---- .../minio/minio-default-login.yaml | 16 +---- .../mobotix/mobotix-default-login.yaml | 6 +- .../nacos/nacos-default-login.yaml | 7 +-- .../nagios/nagiosxi-default-login.yaml | 11 +--- .../netflow/netflow-default-login.yaml | 5 +- .../nginx-proxy-manager-default-login.yaml | 2 +- .../node-red/nodered-default-login.yaml | 5 +- .../nsicg/nsicg-default-login.yaml | 6 +- .../o2oa/o2oa-default-login.yaml | 4 +- .../octobercms/octobercms-default-login.yaml | 4 +- .../openemr/openemr-default-login.yaml | 20 ++---- .../openmediavault-default-login.yaml | 6 +- .../oracle/peoplesoft-default-login.yaml | 6 +- .../others/aruba-instant-default-login.yaml | 2 +- .../inspur-clusterengine-default-login.yaml | 2 +- .../others/opencats-default-login.yaml | 6 +- .../pentaho/pentaho-default-login.yaml | 6 +- .../phpmyadmin/phpmyadmin-default-login.yaml | 16 +---- .../powerjob-default-login.yaml | 10 +-- .../prtg/prtg-default-login.yaml | 12 +--- .../pyload/pyload-default-login.yaml | 15 +---- .../rainloop/rainloop-default-login.yaml | 3 - .../default-logins/rconfig-default-login.yaml | 4 +- .../riello/netman-default-login.yaml | 16 +---- .../ruijie/ruijie-nbr-default-login.yaml | 2 +- .../rundeck/rundeck-default-login.yaml | 8 +-- .../samsung-printer-default-login.yaml | 6 +- .../sato/sato-default-login.yaml | 2 +- .../seeddms/seeddms-default-login.yaml | 6 +- .../siemens-simatic-default-login.yaml | 2 +- .../softether-vpn-default-login.yaml | 4 +- .../sonarqube/sonarqube-default-login.yaml | 10 +-- .../soplanning/soplanning-default-login.yaml | 4 +- .../splunk/splunk-default-login.yaml | 10 +-- .../stackstorm/stackstorm-default-login.yaml | 4 +- .../steve/steve-default-login.yaml | 9 ++- .../structurizr-default-login.yaml | 4 +- .../timekeeper/timekeeper-default-login.yaml | 6 +- .../tiny-file-manager-default-login.yaml | 7 +-- .../tooljet/tooljet-default-login.yaml | 12 +--- .../unify/unify-hipath-default-login.yaml | 2 +- .../versa/versa-flexvnf-default-login.yaml | 8 +-- .../wago/wago-webbased-default-login.yaml | 4 +- http/default-logins/wazuh-default-login.yaml | 6 +- .../webmethod-integration-default-login.yaml | 7 +-- http/default-logins/webmin-default-login.yaml | 6 +- .../xnat/xnat-default-login.yaml | 6 +- .../default-logins/xui/xui-default-login.yaml | 9 ++- .../xxljob/xxljob-default-login.yaml | 10 ++- .../zebra/zebra-printer-default-login.yaml | 2 +- .../zoho/app-manager-default-login.yaml | 5 +- .../3cx-phone-management-panel.yaml | 12 ++-- .../3cx-phone-webclient-management-panel.yaml | 10 +-- http/exposed-panels/acemanager-login.yaml | 4 +- http/exposed-panels/acti-panel.yaml | 12 +--- http/exposed-panels/activemq-panel.yaml | 7 +-- http/exposed-panels/acunetix-login.yaml | 6 +- http/exposed-panels/adapt-panel.yaml | 2 +- http/exposed-panels/adfinity-panel.yaml | 28 ++++----- http/exposed-panels/adguard-panel.yaml | 4 +- http/exposed-panels/adhoc-transfer-panel.yaml | 5 +- http/exposed-panels/adminer-panel-detect.yaml | 8 +-- http/exposed-panels/adminer-panel.yaml | 9 ++- .../adobe/adobe-component-login.yaml | 1 + .../adobe/adobe-connect-central-login.yaml | 12 +--- .../adobe/adobe-experience-manager-login.yaml | 3 +- .../adobe/aem-crx-package-manager.yaml | 4 +- .../exposed-panels/adobe/aem-sling-login.yaml | 4 +- .../exposed-panels/aerohive-netconfig-ui.yaml | 8 +-- http/exposed-panels/aethra-panel.yaml | 2 +- .../afterlogic-webmail-login.yaml | 4 +- .../aircube-dashboard-panel.yaml | 12 +--- http/exposed-panels/aircube-login.yaml | 12 +--- http/exposed-panels/airflow-panel.yaml | 8 +-- http/exposed-panels/airos-panel.yaml | 5 +- http/exposed-panels/akuiteo-panel.yaml | 27 ++++---- .../allied-telesis-exposure.yaml | 4 +- http/exposed-panels/amcrest-login.yaml | 7 ++- .../exposed-panels/amp-application-panel.yaml | 4 +- http/exposed-panels/ampache-panel.yaml | 15 +---- .../ansible-semaphore-panel.yaml | 7 +-- .../ansible-tower-exposure.yaml | 8 ++- .../apache-jmeter-dashboard.yaml | 4 +- .../apache/apache-apisix-panel.yaml | 4 +- .../apache/apache-apollo-panel.yaml | 4 +- .../apache/apache-mesos-panel.yaml | 5 +- .../apache/public-tomcat-manager.yaml | 10 +-- http/exposed-panels/appspace-panel.yaml | 4 +- http/exposed-panels/appsuite-panel.yaml | 4 +- http/exposed-panels/appwrite-panel.yaml | 2 +- http/exposed-panels/aptus-panel.yaml | 8 +-- .../arangodb-web-Interface.yaml | 4 +- .../arcgis/arcgis-services.yaml | 4 +- .../archibus-webcentral-panel.yaml | 2 +- http/exposed-panels/arcserve-panel.yaml | 4 +- http/exposed-panels/argocd-login.yaml | 12 +--- http/exposed-panels/arris-modem-detect.yaml | 4 +- http/exposed-panels/aspcms-backend-panel.yaml | 4 +- http/exposed-panels/aspect-control-panel.yaml | 7 +-- http/exposed-panels/asus-router-panel.yaml | 6 +- http/exposed-panels/atlantis-detect.yaml | 6 +- .../atlassian-bamboo-panel.yaml | 17 +----- .../exposed-panels/atlassian-crowd-panel.yaml | 2 +- http/exposed-panels/atvise-login.yaml | 10 ++- http/exposed-panels/audiobookshelf-panel.yaml | 6 +- http/exposed-panels/audiocodes-detect.yaml | 5 +- http/exposed-panels/authelia-panel.yaml | 4 +- http/exposed-panels/authentik-panel.yaml | 4 +- http/exposed-panels/avantfax-panel.yaml | 4 +- http/exposed-panels/aviatrix-panel.yaml | 12 +--- http/exposed-panels/avigilon-panel.yaml | 4 +- http/exposed-panels/axigen-webadmin.yaml | 12 +--- http/exposed-panels/axigen-webmail.yaml | 12 +--- .../axway-api-manager-panel.yaml | 2 +- .../axway-securetransport-panel.yaml | 9 +-- .../axway-securetransport-webclient.yaml | 7 ++- http/exposed-panels/axxon-client-panel.yaml | 4 +- http/exposed-panels/azkaban-web-client.yaml | 8 +-- .../backpack/backpack-admin-panel.yaml | 10 ++- http/exposed-panels/bedita-panel.yaml | 4 +- .../exposed-panels/beego-admin-dashboard.yaml | 4 +- http/exposed-panels/beszel-panel.yaml | 2 +- http/exposed-panels/beyondtrust-panel.yaml | 5 +- .../beyondtrust-priv-panel.yaml | 3 +- http/exposed-panels/bigfix-login.yaml | 9 ++- http/exposed-panels/bigip-rest-panel.yaml | 6 +- http/exposed-panels/biotime-panel.yaml | 8 +-- .../bitdefender-gravityzone.yaml | 4 +- http/exposed-panels/bitrix-panel.yaml | 10 +-- .../exposed-panels/bitwarden-vault-panel.yaml | 4 +- http/exposed-panels/black-duck-panel.yaml | 6 +- .../bloofoxcms-login-panel.yaml | 4 +- http/exposed-panels/blue-yonder-panel.yaml | 28 ++++----- .../bmc/bmc-controlm-mft-panel.yaml | 30 ++++----- http/exposed-panels/bonobo-server-panel.yaml | 5 +- http/exposed-panels/bookstack-panel.yaml | 4 +- http/exposed-panels/buildbot-panel.yaml | 4 +- .../busybox-repository-browser.yaml | 2 +- http/exposed-panels/c2/caldera-c2.yaml | 7 +-- http/exposed-panels/cacti-panel.yaml | 3 +- http/exposed-panels/camaleon-panel.yaml | 13 +--- .../canon/canon-iradv-c3325.yaml | 2 +- http/exposed-panels/cas-login.yaml | 6 +- http/exposed-panels/casaos-panel.yaml | 11 +--- http/exposed-panels/casdoor-login.yaml | 4 +- http/exposed-panels/centreon-panel.yaml | 4 +- http/exposed-panels/cgit-panel.yaml | 4 +- .../exposed-panels/changedetection-panel.yaml | 4 +- .../checkmk/checkmarx-panel.yaml | 2 +- .../exposed-panels/checkmk/checkmk-login.yaml | 8 +-- .../checkpoint/ssl-network-extender.yaml | 8 ++- http/exposed-panels/cisco-unity-panel.yaml | 3 +- http/exposed-panels/cisco-webui-login.yaml | 2 +- .../cisco/cisco-ace-device-manager.yaml | 5 +- http/exposed-panels/cisco/cisco-edge-340.yaml | 4 +- .../cisco/cisco-expressway-panel.yaml | 3 +- .../cisco/cisco-ios-xe-panel.yaml | 2 +- .../cisco/cisco-onprem-panel.yaml | 8 ++- .../cisco/cisco-telepresence.yaml | 6 +- .../cisco/cisco-ucs-kvm-login.yaml | 4 +- .../clearpass-policy-manager.yaml | 4 +- http/exposed-panels/cloudlog-panel.yaml | 2 +- http/exposed-panels/cloudpanel-login.yaml | 3 +- http/exposed-panels/cobbler-webgui.yaml | 4 +- .../exposed-panels/cockpit-project-panel.yaml | 30 ++++----- .../codemeter-webadmin-panel.yaml | 2 - .../coldfusion-administrator-login.yaml | 3 +- http/exposed-panels/concourse-ci-panel.yaml | 8 +-- .../concrete5/concrete5-install.yaml | 3 +- http/exposed-panels/connect-box-login.yaml | 4 +- http/exposed-panels/connectwise-panel.yaml | 6 +- http/exposed-panels/contao-login-panel.yaml | 3 +- http/exposed-panels/cortex-xsoar-login.yaml | 4 +- http/exposed-panels/couchdb-exposure.yaml | 1 - http/exposed-panels/couchdb-fauxton.yaml | 1 - http/exposed-panels/cpanel-api-codes.yaml | 3 +- http/exposed-panels/craftcms-admin-panel.yaml | 5 +- http/exposed-panels/craftercms-panel.yaml | 2 - http/exposed-panels/crush-ftp-login.yaml | 11 +--- http/exposed-panels/cwp-webpanel.yaml | 10 +-- http/exposed-panels/cyberchef-panel.yaml | 6 +- .../cyberoam-ssl-vpn-panel.yaml | 8 ++- http/exposed-panels/cyberpanel-panel.yaml | 4 +- http/exposed-panels/dahua-web-panel.yaml | 7 +-- http/exposed-panels/danswer-panel.yaml | 3 +- .../darktrace-threat-visualizer.yaml | 4 +- http/exposed-panels/dashy-panel.yaml | 2 +- http/exposed-panels/dataease-panel.yaml | 4 +- http/exposed-panels/datagerry-panel.yaml | 4 +- http/exposed-panels/dataiku-panel.yaml | 6 +- http/exposed-panels/daybyday-panel.yaml | 4 +- http/exposed-panels/deepmail-panel.yaml | 2 +- http/exposed-panels/defectdojo-panel.yaml | 7 +-- http/exposed-panels/dell-idrac.yaml | 5 +- .../dell-openmanager-login.yaml | 5 +- http/exposed-panels/deluge-webui-panel.yaml | 4 +- http/exposed-panels/dialogic-xms-console.yaml | 4 +- http/exposed-panels/dify-panel.yaml | 3 +- .../directadmin-login-panel.yaml | 4 +- http/exposed-panels/directum-login.yaml | 4 +- http/exposed-panels/discuz-panel.yaml | 7 +-- http/exposed-panels/django-admin-panel.yaml | 12 +--- .../docebo-elearning-panel.yaml | 4 +- http/exposed-panels/dockge-panel.yaml | 6 +- http/exposed-panels/dokuwiki-panel.yaml | 9 +-- http/exposed-panels/doris-panel.yaml | 5 +- http/exposed-panels/dotclear-panel.yaml | 4 +- http/exposed-panels/dradis-pro-panel.yaml | 8 +-- .../drawio-flowchartmaker-panel.yaml | 6 +- .../druid-console-exposure.yaml | 3 - http/exposed-panels/druid-panel.yaml | 3 - .../dzzoffice/dzzoffice-install.yaml | 5 +- .../dzzoffice/dzzoffice-panel.yaml | 7 +-- http/exposed-panels/eMerge-panel.yaml | 4 +- http/exposed-panels/eclipse-birt-panel.yaml | 9 ++- http/exposed-panels/ekare-insight-panel.yaml | 1 - http/exposed-panels/emqx-panel.yaml | 4 +- http/exposed-panels/ems-webclient-panel.yaml | 6 +- .../endpoint-protector-panel.yaml | 6 +- http/exposed-panels/episerver-panel.yaml | 7 +-- http/exposed-panels/esphome-panel.yaml | 10 +-- http/exposed-panels/esxi-system.yaml | 1 + http/exposed-panels/eventum-panel.yaml | 2 +- .../exposed-panels/evlink/evse-web-panel.yaml | 8 ++- .../exposed-panels/exagrid-manager-panel.yaml | 4 +- http/exposed-panels/extron-cms-panel.yaml | 2 + http/exposed-panels/ez-publish-panel.yaml | 7 +-- .../f-secure-policy-manager.yaml | 4 +- http/exposed-panels/falcosidekick-panel.yaml | 2 +- http/exposed-panels/faraday-login.yaml | 7 +-- .../filebrowser-login-panel.yaml | 2 +- http/exposed-panels/filegator-panel.yaml | 2 +- http/exposed-panels/fiori-launchpad.yaml | 4 +- .../fireware-xtm-user-authentication.yaml | 4 +- http/exposed-panels/footprints-panel.yaml | 8 +-- http/exposed-panels/forti/fortiadc-panel.yaml | 4 +- .../fortinet/fortiap-panel.yaml | 4 +- .../fortinet/fortiauthenticator-detect.yaml | 2 +- .../fortinet/forticlientems-panel.yaml | 3 +- .../fortinet/fortimail-panel.yaml | 5 +- .../fortinet/fortinet-fortiddos-panel.yaml | 4 +- .../fortinet/fortinet-fortinac-panel.yaml | 4 +- .../fortinet/fortinet-panel.yaml | 10 +-- .../fortinet/fortios-management-panel.yaml | 4 +- .../fortinet/fortios-panel.yaml | 4 +- .../fortinet/fortisiem-panel.yaml | 7 +-- .../fortinet/fortitester-login-panel.yaml | 4 +- .../fortinet/fortiweb-panel.yaml | 4 +- .../fortinet/fortiwlm-panel.yaml | 1 + http/exposed-panels/fortiswitch-panel.yaml | 28 ++++----- http/exposed-panels/fossbilling-panel.yaml | 4 +- .../exposed-panels/frappe-helpdesk-panel.yaml | 2 +- http/exposed-panels/frappe-panel.yaml | 2 +- http/exposed-panels/freeipa-panel.yaml | 4 +- .../freepbx-administration-panel.yaml | 4 +- http/exposed-panels/freshrss-panel.yaml | 6 +- http/exposed-panels/friendica-panel.yaml | 4 +- .../froxlor-management-panel.yaml | 8 +-- http/exposed-panels/ftm-manager-panel.yaml | 5 +- .../fusionauth-admin-panel.yaml | 10 +-- http/exposed-panels/gargoyle-router.yaml | 8 +-- .../exposed-panels/geoserver-login-panel.yaml | 2 +- http/exposed-panels/gespage-panel.yaml | 4 +- http/exposed-panels/ghe-encrypt-saml.yaml | 2 +- http/exposed-panels/ghost-panel.yaml | 3 +- .../gira-homeserver-homepage.yaml | 6 +- http/exposed-panels/gitblit-panel.yaml | 1 + http/exposed-panels/gitea-login.yaml | 9 +-- .../github-enterprise-detect.yaml | 2 +- http/exposed-panels/gitlab-detect.yaml | 10 +-- http/exposed-panels/gitlab-saml.yaml | 2 - .../gladinet-centrestack-panel.yaml | 30 ++++----- http/exposed-panels/glpi-panel.yaml | 3 +- http/exposed-panels/gnu-mailman.yaml | 1 + http/exposed-panels/goanywhere-mft-login.yaml | 17 +----- http/exposed-panels/gocd-login.yaml | 1 + http/exposed-panels/gocron-panel.yaml | 6 +- http/exposed-panels/gogs-panel.yaml | 8 +-- http/exposed-panels/gophish-login.yaml | 8 +-- http/exposed-panels/gotify-panel.yaml | 4 +- .../gradle/gradle-cache-node-detect.yaml | 2 +- .../gradle/gradle-develocity-panel.yaml | 3 +- http/exposed-panels/grafana-detect.yaml | 5 +- http/exposed-panels/graphite-browser.yaml | 8 +-- http/exposed-panels/graylog-panel.yaml | 6 +- http/exposed-panels/greenbone-panel.yaml | 8 +-- http/exposed-panels/h2console-panel.yaml | 6 +- http/exposed-panels/hangfire-dashboard.yaml | 4 +- http/exposed-panels/harbor-panel.yaml | 2 +- .../hashicorp-consul-webgui.yaml | 1 + http/exposed-panels/hestia-panel.yaml | 3 +- http/exposed-panels/highmail-admin-panel.yaml | 8 ++- .../hivemanager-login-panel.yaml | 5 +- http/exposed-panels/home-assistant-panel.yaml | 10 +-- http/exposed-panels/homematic-panel.yaml | 4 +- .../hospital-management-panel.yaml | 4 +- http/exposed-panels/hp-service-manager.yaml | 4 +- http/exposed-panels/huawei-hg532e-panel.yaml | 5 +- http/exposed-panels/huginn-panel.yaml | 2 +- http/exposed-panels/huly-panel.yaml | 2 +- .../hybris-administration-console.yaml | 4 +- http/exposed-panels/hydra-dashboard.yaml | 4 +- http/exposed-panels/hyperplanning-panel.yaml | 26 ++++---- .../ibm/ibm-advanced-system-management.yaml | 2 +- .../ibm/ibm-api-connect-panel.yaml | 2 +- http/exposed-panels/ibm/ibm-maximo-login.yaml | 2 +- http/exposed-panels/ibm/ibm-note-login.yaml | 6 +- http/exposed-panels/ibm/ibm-odm-panel.yaml | 12 +--- .../ibm/ibm-security-access-manager.yaml | 4 +- .../ibm/ibm-websphere-admin-panel.yaml | 2 +- .../ibm/ibm-websphere-panel.yaml | 1 + http/exposed-panels/icewarp-panel-detect.yaml | 4 +- http/exposed-panels/icinga-web-login.yaml | 3 +- .../ictprotege-login-panel.yaml | 4 +- .../identity-services-engine.yaml | 4 +- http/exposed-panels/ilch-admin-panel.yaml | 4 +- .../incapptic-connect-panel.yaml | 2 +- http/exposed-panels/influxdb-panel.yaml | 2 +- http/exposed-panels/infoblox-nios-panel.yaml | 4 +- http/exposed-panels/intelbras-login.yaml | 15 ++--- http/exposed-panels/intelbras-panel.yaml | 7 ++- .../exposed-panels/intellian-aptus-panel.yaml | 4 +- http/exposed-panels/irisnext-panel.yaml | 2 +- http/exposed-panels/isams-panel.yaml | 5 +- http/exposed-panels/issabel-login.yaml | 4 +- http/exposed-panels/itop-panel.yaml | 8 --- .../ivanti-connect-secure-panel.yaml | 1 + http/exposed-panels/ivanti-csa-panel.yaml | 28 ++++----- .../ivanti-traffic-manager-panel.yaml | 28 ++++----- http/exposed-panels/jamf-login.yaml | 12 +--- http/exposed-panels/jamf-panel.yaml | 12 +--- http/exposed-panels/jamf-setup-assistant.yaml | 12 +--- http/exposed-panels/jaspersoft-panel.yaml | 4 +- .../jboss/jboss-jbpm-admin.yaml | 4 +- http/exposed-panels/jboss/jboss-juddi.yaml | 4 +- .../jboss/jboss-soa-platform.yaml | 6 +- http/exposed-panels/jcms-panel.yaml | 4 +- http/exposed-panels/jedox-web-panel.yaml | 8 ++- http/exposed-panels/jeedom-panel.yaml | 4 +- http/exposed-panels/jenkins-api-panel.yaml | 7 +-- http/exposed-panels/jenkins-login.yaml | 7 +-- http/exposed-panels/jfrog-login.yaml | 8 +-- http/exposed-panels/joget/joget-panel.yaml | 5 +- http/exposed-panels/jorani-panel.yaml | 9 +-- http/exposed-panels/jsherp-boot-panel.yaml | 7 +-- http/exposed-panels/jumpserver-panel.yaml | 12 ++-- http/exposed-panels/jupyter-notebook.yaml | 17 +----- http/exposed-panels/kafka-center-login.yaml | 4 +- .../kafka-consumer-monitor.yaml | 6 +- http/exposed-panels/kafka-monitoring.yaml | 3 - http/exposed-panels/kafka-topics-ui.yaml | 2 - http/exposed-panels/kanboard-login.yaml | 6 +- http/exposed-panels/kavita-panel-detect.yaml | 12 ++-- http/exposed-panels/kerio-connect-client.yaml | 8 +-- http/exposed-panels/keycloak-admin-panel.yaml | 3 +- http/exposed-panels/kiali-panel.yaml | 4 +- http/exposed-panels/kibana-panel.yaml | 4 +- http/exposed-panels/kiteworks-pcn-panel.yaml | 2 +- http/exposed-panels/kiwitcms-login.yaml | 4 +- http/exposed-panels/kkfileview-panel.yaml | 13 +--- http/exposed-panels/klog-server-panel.yaml | 2 +- http/exposed-panels/koel-panel.yaml | 4 +- http/exposed-panels/kopano-webapp-panel.yaml | 4 +- .../kubernetes-enterprise-manager.yaml | 5 +- http/exposed-panels/kubernetes-mirantis.yaml | 10 ++- http/exposed-panels/kubernetes-web-view.yaml | 4 +- http/exposed-panels/kubeview-dashboard.yaml | 2 +- http/exposed-panels/label-studio-panel.yaml | 5 +- http/exposed-panels/labkey-server-login.yaml | 3 +- http/exposed-panels/lancom-router-panel.yaml | 7 +-- http/exposed-panels/lansweeper-login.yaml | 4 +- .../ldap-account-manager-panel.yaml | 8 +-- http/exposed-panels/lenovo-fp-panel.yaml | 4 +- http/exposed-panels/leostream-panel.yaml | 6 +- http/exposed-panels/librenms-login.yaml | 5 +- http/exposed-panels/librephotos-panel.yaml | 6 +- http/exposed-panels/liferay-portal.yaml | 10 +-- http/exposed-panels/linkerd-panel.yaml | 4 +- .../livehelperchat-admin-panel.yaml | 8 ++- .../exposed-panels/livezilla-login-panel.yaml | 2 +- http/exposed-panels/lorex-panel.yaml | 32 +++++----- http/exposed-panels/mach-proweb-login.yaml | 8 +-- http/exposed-panels/machform-admin-panel.yaml | 6 +- http/exposed-panels/magento-admin-panel.yaml | 5 +- .../magento-downloader-panel.yaml | 5 +- http/exposed-panels/magnolia-panel.yaml | 12 +--- http/exposed-panels/malwared-byob.yaml | 3 +- http/exposed-panels/mantisbt-panel.yaml | 10 +-- http/exposed-panels/matomo-panel.yaml | 8 +-- http/exposed-panels/mbilling-panel.yaml | 2 +- http/exposed-panels/memos-panel.yaml | 4 +- http/exposed-panels/meshcentral-login.yaml | 4 +- http/exposed-panels/metabase-panel.yaml | 4 +- http/exposed-panels/metasploit-panel.yaml | 4 +- .../exposed-panels/metasploit-setup-page.yaml | 7 +-- http/exposed-panels/metersphere-login.yaml | 2 +- http/exposed-panels/metube-panel.yaml | 28 ++++----- http/exposed-panels/mfiles-web-detect.yaml | 4 +- .../microfocus-admin-server.yaml | 4 +- .../exposed-panels/microfocus-filr-panel.yaml | 4 +- .../exposed-panels/microfocus-vibe-panel.yaml | 4 +- .../microsoft-exchange-panel.yaml | 9 +-- .../mikrotik/mikrotik-routeros-old.yaml | 4 +- http/exposed-panels/minio-browser.yaml | 3 +- http/exposed-panels/minio-console.yaml | 9 +-- http/exposed-panels/misp-panel.yaml | 4 +- http/exposed-panels/mitel-micollab-panel.yaml | 3 +- http/exposed-panels/mitel-panel-detect.yaml | 4 +- .../mobile-management-panel.yaml | 6 +- http/exposed-panels/mobileiron-sentry.yaml | 6 +- http/exposed-panels/modoboa-panel.yaml | 2 +- http/exposed-panels/mongodb-ops-manager.yaml | 6 +- http/exposed-panels/monitorr-panel.yaml | 2 +- http/exposed-panels/monstra-admin-panel.yaml | 9 +-- .../moodle-workplace-panel.yaml | 13 +--- http/exposed-panels/movable-type-login.yaml | 12 ++-- .../ms-exchange-web-service.yaml | 9 +-- http/exposed-panels/mylittleadmin-panel.yaml | 7 +-- http/exposed-panels/mylittlebackup-panel.yaml | 7 +-- http/exposed-panels/n8n-panel.yaml | 3 +- http/exposed-panels/nagios-xi-panel.yaml | 3 +- .../nagios/nagios-logserver-panel.yaml | 2 +- http/exposed-panels/nagvis-panel.yaml | 4 +- http/exposed-panels/ncentral-panel.yaml | 8 +-- http/exposed-panels/nconf-panel.yaml | 8 +-- http/exposed-panels/neo4j-browser.yaml | 4 +- http/exposed-panels/nessus-panel.yaml | 4 +- http/exposed-panels/netalertx-panel.yaml | 4 +- .../netdata-dashboard-detected.yaml | 12 ++-- http/exposed-panels/netdata-panel.yaml | 15 ++--- http/exposed-panels/netflix-conductor-ui.yaml | 4 +- .../netflow-analyzer-panel.yaml | 5 +- .../netris-dashboard-panel.yaml | 2 +- http/exposed-panels/netscaler-gateway.yaml | 2 - http/exposed-panels/nginx-proxy-manager.yaml | 8 +-- http/exposed-panels/nocodb-panel.yaml | 7 +-- http/exposed-panels/novnc-login-panel.yaml | 6 +- http/exposed-panels/nport-web-console.yaml | 8 +-- http/exposed-panels/nuxeo-platform-panel.yaml | 6 +- http/exposed-panels/nzbget-panel.yaml | 4 +- http/exposed-panels/ocomon-panel.yaml | 4 +- http/exposed-panels/ocs-inventory-login.yaml | 9 ++- http/exposed-panels/octoprint-login.yaml | 9 --- .../exposed-panels/odoo-database-manager.yaml | 1 + http/exposed-panels/odoo-panel.yaml | 1 + http/exposed-panels/office-webapps-panel.yaml | 4 +- http/exposed-panels/ollama-llm-panel.yaml | 10 +-- http/exposed-panels/omniampx-panel.yaml | 7 +-- http/exposed-panels/onedev-panel.yaml | 2 +- .../onlyoffice-login-panel.yaml | 5 +- .../open-stack-dashboard-login.yaml | 5 +- http/exposed-panels/openam-panel.yaml | 4 +- http/exposed-panels/opencart-panel.yaml | 9 +-- http/exposed-panels/opencats-panel.yaml | 4 +- http/exposed-panels/openedge-panel.yaml | 5 +- http/exposed-panels/openemr-detect.yaml | 12 ++-- http/exposed-panels/openfire-admin-panel.yaml | 5 +- http/exposed-panels/opengear-panel.yaml | 9 +-- http/exposed-panels/openobserve-panel.yaml | 2 +- http/exposed-panels/opensis-panel.yaml | 4 +- .../opentext-contentserver-panel.yaml | 2 +- http/exposed-panels/openvas-panel.yaml | 3 +- http/exposed-panels/openvpn-admin.yaml | 3 +- http/exposed-panels/openvpn-connect.yaml | 12 +--- .../openvpn-router-management.yaml | 1 + http/exposed-panels/openwrt-login.yaml | 4 +- .../openwrt/openwrt-luci-panel.yaml | 4 +- http/exposed-panels/openx-panel.yaml | 4 +- .../oracle-access-management.yaml | 2 + .../oracle-application-server-panel.yaml | 2 +- .../oracle-business-control.yaml | 1 + .../oracle-business-intelligence.yaml | 4 +- .../oracle-ebusiness-panel.yaml | 8 +-- .../oracle-integrated-manager.yaml | 6 +- .../oracle-people-enterprise.yaml | 4 +- .../oracle-peoplesoft-panel.yaml | 7 +-- http/exposed-panels/orchid-vms-panel.yaml | 4 +- http/exposed-panels/osasi-panel.yaml | 2 +- http/exposed-panels/osnexus-panel.yaml | 6 +- http/exposed-panels/osticket-panel.yaml | 3 +- .../osticket/osticket-install.yaml | 3 +- .../outsystems-servicecenter-panel.yaml | 1 - .../paloalto-expedition-panel.yaml | 5 +- http/exposed-panels/pandora-fms-console.yaml | 8 +-- http/exposed-panels/papercut-ng-panel.yaml | 4 +- .../parallels/parallels-hsphere-detect.yaml | 3 +- http/exposed-panels/parse-dashboard.yaml | 4 +- http/exposed-panels/passbolt-panel.yaml | 4 +- .../payroll-management-system-panel.yaml | 8 +-- http/exposed-panels/pega-web-panel.yaml | 10 ++- http/exposed-panels/pentaho-panel.yaml | 6 +- http/exposed-panels/persis-panel.yaml | 6 +- http/exposed-panels/pfsense-login.yaml | 8 ++- http/exposed-panels/phabricator-login.yaml | 4 +- http/exposed-panels/photoprism-panel.yaml | 28 ++++----- http/exposed-panels/php-mailer.yaml | 8 +-- http/exposed-panels/phpcollab-panel.yaml | 4 +- http/exposed-panels/phpldapadmin-panel.yaml | 10 +-- http/exposed-panels/phpminiadmin-panel.yaml | 7 +-- http/exposed-panels/phpmyadmin-panel.yaml | 13 ++-- http/exposed-panels/phppgadmin-panel.yaml | 3 +- http/exposed-panels/pichome-panel.yaml | 7 +-- http/exposed-panels/piwigo-panel.yaml | 11 ++-- http/exposed-panels/planet-estream-panel.yaml | 4 +- http/exposed-panels/plesk-obsidian-login.yaml | 1 + http/exposed-panels/plesk-onyx-login.yaml | 10 +-- .../polarion-siemens-panel.yaml | 5 +- http/exposed-panels/portainer-panel.yaml | 4 +- http/exposed-panels/posteio-admin-panel.yaml | 10 +-- http/exposed-panels/powerjob-panel.yaml | 11 +--- http/exposed-panels/pritunl-panel.yaml | 8 +-- http/exposed-panels/privategpt-detect.yaml | 2 +- http/exposed-panels/privx-panel.yaml | 8 +-- http/exposed-panels/processwire-login.yaml | 9 +-- http/exposed-panels/procore-panel.yaml | 20 +++--- .../exposed-panels/project-insight-login.yaml | 4 +- http/exposed-panels/projectsend-login.yaml | 15 ++--- http/exposed-panels/pronote-panel.yaml | 26 ++++---- .../proofpoint-protection-server-panel.yaml | 2 +- http/exposed-panels/proxmox-panel.yaml | 2 +- http/exposed-panels/pulsar-admin-console.yaml | 3 +- http/exposed-panels/pulsar-adminui-panel.yaml | 1 + http/exposed-panels/pure-storage-login.yaml | 4 +- http/exposed-panels/pyload-panel.yaml | 5 +- http/exposed-panels/qBittorrent-panel.yaml | 4 +- http/exposed-panels/qdpm-login-panel.yaml | 2 +- http/exposed-panels/qlik-sense-server.yaml | 6 +- .../qlikview-accesspoint-panel.yaml | 6 +- http/exposed-panels/qmail-admin-login.yaml | 4 +- .../qnap/qnap-photostation-panel.yaml | 3 +- http/exposed-panels/qnap/qnap-qts-panel.yaml | 6 +- http/exposed-panels/qualcomm-voip-router.yaml | 4 +- http/exposed-panels/qualitor-itsm-panel.yaml | 5 -- http/exposed-panels/rabbitmq-dashboard.yaml | 6 +- http/exposed-panels/rancher-dashboard.yaml | 4 +- http/exposed-panels/rancher-panel.yaml | 2 +- http/exposed-panels/raspberrymatic-panel.yaml | 5 +- http/exposed-panels/rdweb-panel.yaml | 4 +- http/exposed-panels/redash-panel.yaml | 8 +-- .../redhat/redhat-satellite-panel.yaml | 5 +- .../redis-enterprise-panel.yaml | 4 +- http/exposed-panels/redmine-panel.yaml | 13 +--- http/exposed-panels/remedy-axis-login.yaml | 5 +- http/exposed-panels/remkon-manager-panel.yaml | 8 +-- http/exposed-panels/reolink-panel.yaml | 2 +- .../exposed-panels/repetier-server-panel.yaml | 4 +- .../exposed-panels/reportico-admin-panel.yaml | 4 +- http/exposed-panels/reposilite-panel.yaml | 2 +- http/exposed-panels/retool-login.yaml | 6 +- .../riello-netman204-panel.yaml | 21 ++----- http/exposed-panels/rocketchat-panel.yaml | 6 +- .../rocketmq-console-exposure.yaml | 1 + http/exposed-panels/room-alert-detect.yaml | 6 +- http/exposed-panels/roxy-fileman.yaml | 4 +- .../ruckus-unleashed-panel.yaml | 8 ++- .../ruckus-wireless-admin-login.yaml | 4 +- http/exposed-panels/ruijie/rg-uac-panel.yaml | 4 +- http/exposed-panels/rundeck-login.yaml | 10 +-- http/exposed-panels/sage-panel.yaml | 4 +- .../saltstack-config-panel.yaml | 6 +- .../samsung-printer-detect.yaml | 4 +- .../sap-netweaver-cet-detect.yaml | 9 +-- .../sap-successfactors-detect.yaml | 4 +- http/exposed-panels/sas-login-panel.yaml | 2 +- .../sauter-moduwebvision-panel.yaml | 2 +- .../scriptcase/scriptcase-panel.yaml | 4 +- .../scriptcase/scriptcase-prod-login.yaml | 4 +- http/exposed-panels/seafile-panel.yaml | 8 +-- http/exposed-panels/seagate-nas-login.yaml | 4 +- http/exposed-panels/securepoint-utm.yaml | 8 +-- http/exposed-panels/security-onion-panel.yaml | 4 +- http/exposed-panels/seeddms-panel.yaml | 4 +- http/exposed-panels/selenium-grid.yaml | 6 +- http/exposed-panels/sentry-panel.yaml | 4 +- .../servicedesk-login-panel.yaml | 4 +- http/exposed-panels/servicenow-panel.yaml | 3 +- http/exposed-panels/shardingsphere-panel.yaml | 2 +- http/exposed-panels/sharefile-panel.yaml | 4 +- http/exposed-panels/shell-box.yaml | 2 +- http/exposed-panels/shoutcast-server.yaml | 8 +-- http/exposed-panels/sidekiq-dashboard.yaml | 2 +- http/exposed-panels/sitecore-login.yaml | 12 +--- http/exposed-panels/softether-vpn-panel.yaml | 4 +- .../solarview-compact-panel.yaml | 3 +- http/exposed-panels/solarwinds-arm-panel.yaml | 6 +- .../solarwinds-servuftp-detect.yaml | 7 +-- http/exposed-panels/solr-panel-exposure.yaml | 8 +-- http/exposed-panels/sonarqube-login.yaml | 5 -- .../sonic-wall-application.yaml | 4 +- http/exposed-panels/sonic-wall-login.yaml | 4 +- .../sonicwall-analyzer-login.yaml | 4 +- .../sophos-fw-version-detect.yaml | 4 +- http/exposed-panels/sophos-mobile-panel.yaml | 3 +- http/exposed-panels/sophos-web-appliance.yaml | 2 +- .../exposed-panels/spacelogic-cbus-panel.yaml | 4 +- http/exposed-panels/spark-panel.yaml | 1 + http/exposed-panels/speedtest-panel.yaml | 6 +- .../splunk-enterprise-panel.yaml | 10 +-- http/exposed-panels/spotweb-login-panel.yaml | 4 +- http/exposed-panels/sql-monitor.yaml | 4 +- http/exposed-panels/sqlbuddy-panel.yaml | 6 +- http/exposed-panels/squidex-panel.yaml | 7 +-- http/exposed-panels/squirrelmail-login.yaml | 1 + http/exposed-panels/steve-login-panel.yaml | 9 ++- http/exposed-panels/strapi-documentation.yaml | 12 ---- http/exposed-panels/strapi-panel.yaml | 13 +--- http/exposed-panels/structurizr-panel.yaml | 2 +- http/exposed-panels/subrion-login.yaml | 4 -- http/exposed-panels/sugarcrm-panel.yaml | 13 ++-- http/exposed-panels/supermicro-bmc-panel.yaml | 7 +-- http/exposed-panels/superset-login.yaml | 3 +- .../exposed-panels/suprema-biostar-panel.yaml | 6 +- .../symantec/symantec-dlp-login.yaml | 4 +- .../symantec/symantec-epm-login.yaml | 4 +- http/exposed-panels/syncserver-panel.yaml | 4 +- http/exposed-panels/syncthru-web-service.yaml | 4 +- http/exposed-panels/sysaid-panel.yaml | 6 +- .../tableau-service-manager.yaml | 4 +- http/exposed-panels/tautulli-panel.yaml | 4 +- http/exposed-panels/teamcity-login-panel.yaml | 3 +- http/exposed-panels/teampass-panel.yaml | 4 +- http/exposed-panels/telerik-server-login.yaml | 12 +--- .../telesquare/tlr-2005ksh-login.yaml | 4 +- http/exposed-panels/teltonika-login.yaml | 6 +- http/exposed-panels/temenos-t24-login.yaml | 8 +-- .../tenda-11n-wireless-router-login.yaml | 7 +-- http/exposed-panels/tenemos-t24-panel.yaml | 2 +- .../terraform-enterprise-panel.yaml | 8 ++- .../thinfinity-virtualui-panel.yaml | 4 +- http/exposed-panels/thruk-panel.yaml | 7 ++- http/exposed-panels/tibco-mft-panel.yaml | 2 +- http/exposed-panels/tibco-spotfire-panel.yaml | 4 +- http/exposed-panels/tigase-xmpp-server.yaml | 4 +- http/exposed-panels/tiny-rss-panel.yaml | 10 +-- .../exposed-panels/tomcat/tomcat-exposed.yaml | 18 ++---- http/exposed-panels/tooljet-panel.yaml | 12 +--- http/exposed-panels/totemomail-panel.yaml | 12 ++-- .../tplink/tplink-r470t-panel.yaml | 4 +- http/exposed-panels/traccar-panel.yaml | 2 +- http/exposed-panels/trellix-panel.yaml | 2 +- .../trendnet/trendnet-tew827dru-login.yaml | 4 +- http/exposed-panels/truenas-scale-panel.yaml | 4 +- .../tufin-securetrack-login.yaml | 8 ++- http/exposed-panels/turnkey-lamp-panel.yaml | 2 +- http/exposed-panels/typo3-login.yaml | 13 +--- .../uipath-orchestrator-panel.yaml | 4 +- http/exposed-panels/umbraco-login.yaml | 15 ++--- .../unauth/tautulli-unauth.yaml | 6 +- http/exposed-panels/unibox-panel.yaml | 5 +- http/exposed-panels/unifi-panel.yaml | 8 +-- http/exposed-panels/untangle-admin-login.yaml | 11 +--- http/exposed-panels/uptime-kuma-panel.yaml | 6 +- http/exposed-panels/urbackup-panel.yaml | 3 +- http/exposed-panels/vault-panel.yaml | 2 +- http/exposed-panels/vaultwarden-panel.yaml | 2 +- http/exposed-panels/veeam-backup-gcp.yaml | 8 +-- .../veeam-backup-manager-login.yaml | 2 +- http/exposed-panels/veeam-panel.yaml | 7 +-- .../veritas-netbackup-panel.yaml | 28 ++++----- http/exposed-panels/verizon-router-panel.yaml | 6 +- .../versa/versa-director-login.yaml | 12 +--- http/exposed-panels/vidyo-login.yaml | 5 +- http/exposed-panels/vince-panel.yaml | 28 ++++----- http/exposed-panels/vinchin-panel.yaml | 5 +- .../exposed-panels/virtua-software-panel.yaml | 2 +- http/exposed-panels/vmware-aria-panel.yaml | 24 ++++---- .../vmware-cloud-availability.yaml | 12 +--- .../exposed-panels/vmware-cloud-director.yaml | 10 +-- http/exposed-panels/vmware-hcx-login.yaml | 6 +- http/exposed-panels/vmware-horizon-daas.yaml | 4 +- http/exposed-panels/vmware-horizon-panel.yaml | 3 - http/exposed-panels/vmware-nsx-login.yaml | 5 +- .../vmware-vcenter-converter-standalone.yaml | 4 +- .../vmware-vcloud-director.yaml | 4 +- http/exposed-panels/voipmonitor-panel.yaml | 4 +- .../vrealize-hyperic-login-panel.yaml | 8 +-- .../vrealize-loginsight-panel.yaml | 4 +- http/exposed-panels/vue-pacs-panel.yaml | 4 +- http/exposed-panels/wagtail-cms-detect.yaml | 4 +- .../wallix-accessmanager-panel.yaml | 6 +- http/exposed-panels/wampserver-homepage.yaml | 12 +--- http/exposed-panels/wazuh-panel.yaml | 8 +-- http/exposed-panels/wd-mycloud-panel.yaml | 2 +- http/exposed-panels/web-file-manager.yaml | 8 +-- http/exposed-panels/web-viewer-panel.yaml | 4 +- http/exposed-panels/weblogic-login.yaml | 1 + http/exposed-panels/webpagetest-panel.yaml | 6 +- http/exposed-panels/webroot-login.yaml | 6 +- http/exposed-panels/webtitan-cloud-panel.yaml | 3 +- .../webtransfer-client-panel.yaml | 11 +--- http/exposed-panels/webuzo-admin-panel.yaml | 10 +-- http/exposed-panels/whatsup-gold-panel.yaml | 10 +-- .../wildix-collaboration-panel.yaml | 32 +++++----- http/exposed-panels/wordpress-login.yaml | 1 - .../exposed-panels/workspace-one-uem-ssp.yaml | 10 +-- http/exposed-panels/workspace-one-uem.yaml | 10 +-- .../wowza-streaming-engine.yaml | 1 + .../ws_ftp-server-web-transfer.yaml | 9 ++- .../wso2-management-console.yaml | 2 +- http/exposed-panels/xeams-admin-console.yaml | 4 +- .../xiaomi-wireless-router-login.yaml | 12 ++-- http/exposed-panels/xibocms-login.yaml | 7 +-- http/exposed-panels/xnat-login.yaml | 6 +- .../xoops/xoops-installation-wizard.yaml | 1 - .../xphoneconnect-admin-panel.yaml | 21 ++----- http/exposed-panels/xvr-login.yaml | 4 +- http/exposed-panels/xweb500-panel.yaml | 6 +- http/exposed-panels/xxljob-panel.yaml | 6 +- http/exposed-panels/yellowfin-panel.yaml | 6 +- http/exposed-panels/yzmcms-panel.yaml | 4 +- http/exposed-panels/zabbix-server-login.yaml | 3 +- .../zblog-exposed-admin-panel.yaml | 8 +-- http/exposed-panels/zblogphp-panel.yaml | 12 +--- .../exposed-panels/zenml-dashboard-panel.yaml | 6 +- http/exposed-panels/zentao-detect.yaml | 5 -- http/exposed-panels/zeroshell-login.yaml | 4 +- http/exposed-panels/zimbra-web-client.yaml | 5 +- http/exposed-panels/zimbra-web-login.yaml | 3 +- .../zoho/manageengine-adaudit.yaml | 4 +- .../zoho/manageengine-adselfservice.yaml | 1 + .../zoho/manageengine-analytics.yaml | 3 +- .../zoho/manageengine-apex-helpdesk.yaml | 4 +- .../zoho/manageengine-assetexplorer.yaml | 4 +- .../zoho/manageengine-desktop.yaml | 9 +-- .../zoho/manageengine-network-config.yaml | 4 +- .../zoho/manageengine-opmanager.yaml | 10 +-- .../zoho/manageengine-servicedesk.yaml | 4 +- .../zoho/manageengine-supportcenter.yaml | 4 +- http/exposed-panels/zoneminder-login.yaml | 11 +--- http/exposed-panels/zoraxy-panel.yaml | 2 +- http/exposed-panels/zte-panel.yaml | 5 +- http/exposed-panels/zuul-panel.yaml | 7 +-- http/exposed-panels/zyxel-router-panel.yaml | 4 +- .../zyxel/zyxel-firewall-panel.yaml | 7 +-- .../zyxel/zyxel-vmg1312b10d-login.yaml | 4 +- .../apis/drupal-jsonapi-user-listing.yaml | 4 +- http/exposures/apis/exposed-mcp-server.yaml | 6 +- http/exposures/apis/jeecg-boot-swagger.yaml | 10 +-- http/exposures/apis/seafile-api.yaml | 9 +-- http/exposures/apis/strapi-page.yaml | 15 +---- http/exposures/apis/swagger-api.yaml | 4 +- .../backups/backup-directory-listing.yaml | 2 +- .../backups/froxlor-database-backup.yaml | 8 +-- http/exposures/backups/php-backup-files.yaml | 2 +- http/exposures/backups/sql-server-dump.yaml | 27 ++++---- .../exposures/configs/accueil-wampserver.yaml | 12 +--- .../configs/apache-jspwiki-ip-userenum.yaml | 9 +-- http/exposures/configs/apache-ozone-conf.yaml | 6 +- .../configs/apache-pinot-config.yaml | 6 +- .../configs/babel-config-exposure.yaml | 7 +-- http/exposures/configs/cakephp-config.yaml | 12 +--- .../exposures/configs/codeception-config.yaml | 5 +- http/exposures/configs/dompdf-config.yaml | 6 +- .../configs/filestash-admin-config.yaml | 3 +- .../configs/ftp-credentials-exposure.yaml | 7 +-- .../configs/gcloud-config-default.yaml | 7 +-- http/exposures/configs/jkstatus-manager.yaml | 18 +----- http/exposures/configs/karma-config-js.yaml | 7 +-- .../configs/magento-config-disclosure.yaml | 8 +-- .../exposures/configs/mercurial-hgignore.yaml | 9 +-- .../configs/neo4j-neodash-config.yaml | 4 +- .../configs/ovpn-config-exposed.yaml | 14 +---- http/exposures/configs/phpinfo-files.yaml | 2 +- http/exposures/configs/phpsys-info.yaml | 3 +- .../configs/rakefile-disclosure.yaml | 11 +--- http/exposures/configs/redis-config.yaml | 11 +--- http/exposures/configs/rubocop-config.yaml | 7 +-- .../configs/sftp-credentials-exposure.yaml | 6 +- http/exposures/configs/svnserve-config.yaml | 15 +---- http/exposures/configs/symfony-profiler.yaml | 22 ++----- .../configs/vbulletin-path-disclosure.yaml | 18 +----- http/exposures/configs/webpack-config.yaml | 11 +--- http/exposures/configs/wgetrc-config.yaml | 7 +-- http/exposures/configs/yii-debugger.yaml | 10 +-- http/exposures/files/adcs-certificate.yaml | 1 - http/exposures/files/angular-json.yaml | 8 +-- .../files/azure-pipelines-exposed.yaml | 3 +- http/exposures/files/bitbucket-pipelines.yaml | 8 +-- http/exposures/files/cargo-toml-file.yaml | 5 +- .../files/cold-fusion-cfcache-map.yaml | 9 +-- http/exposures/files/composer-auth-json.yaml | 4 +- http/exposures/files/django-secret-key.yaml | 12 +--- http/exposures/files/environment-rb.yaml | 9 +-- .../files/get-access-token-json.yaml | 4 +- http/exposures/files/git-mailmap.yaml | 6 +- http/exposures/files/gitlab-ci-yml.yaml | 13 +--- http/exposures/files/go-mod-disclosure.yaml | 6 +- .../exposures/files/npm-cli-metrics-json.yaml | 12 +--- .../files/npm-shrinkwrap-exposure.yaml | 12 +--- .../exposures/files/nuget-package-config.yaml | 5 +- http/exposures/files/oracle-test-cgi.yaml | 19 +----- http/exposures/files/php-ini.yaml | 11 +--- .../files/phpunit-result-cache-exposure.yaml | 2 +- .../files/pipeline-configuration.yaml | 5 +- .../files/putty-private-key-disclosure.yaml | 2 +- http/exposures/files/redmine-config.yaml | 15 +---- http/exposures/files/redmine-settings.yaml | 13 +--- http/exposures/files/ruby-rail-storage.yaml | 16 +---- http/exposures/files/secret-token-rb.yaml | 16 +---- http/exposures/files/secrets-file.yaml | 16 +---- http/exposures/files/sendgrid-env.yaml | 3 +- .../files/service-account-credentials.yaml | 2 +- http/exposures/files/svn-wc-db.yaml | 13 +--- .../files/symfony-properties-ini.yaml | 18 +----- http/exposures/files/symfony-security.yaml | 18 +----- http/exposures/files/token-info-json.yaml | 4 +- .../exposures/files/travis-ci-disclosure.yaml | 2 +- http/exposures/files/uwsgi-ini.yaml | 5 +- http/exposures/files/viminfo-disclosure.yaml | 5 +- http/exposures/files/vscode-launch.yaml | 2 +- http/exposures/files/vscode-sftp.yaml | 5 +- http/exposures/files/webpack-mix-js.yaml | 9 +-- .../files/wordpress-readme-file.yaml | 5 +- http/exposures/files/wp-cli-exposure.yaml | 3 +- http/exposures/files/ws-ftp-ini.yaml | 15 +---- .../logs/action-controller-exception.yaml | 2 +- http/exposures/logs/delphi-mvc-exception.yaml | 2 +- .../logs/expression-engine-exception.yaml | 2 +- http/exposures/logs/fastcgi-echo.yaml | 6 +- http/exposures/logs/lua-runtime-error.yaml | 2 +- http/exposures/logs/mako-runtime-error.yaml | 2 +- .../logs/microsoft-runtime-error.yaml | 2 +- http/exposures/logs/milesight-system-log.yaml | 8 +-- .../logs/mongodb-exception-page.yaml | 2 +- http/exposures/logs/npm-debug-log.yaml | 10 +-- http/exposures/logs/npm-log-file.yaml | 12 +--- http/exposures/logs/opentsdb-status.yaml | 7 +-- .../exposures/logs/redis-exception-error.yaml | 9 +-- .../logs/sap-logon-error-message.yaml | 2 +- http/exposures/logs/teampass-ldap.yaml | 7 +-- http/exposures/logs/twig-runtime-error.yaml | 2 +- http/exposures/logs/vugex-source-detect.yaml | 2 +- http/exposures/logs/ws-ftp-log.yaml | 15 +---- http/exposures/logs/yii-error-page.yaml | 10 +-- .../tokens/github/github-personal-access.yaml | 2 +- .../tokens/gitlab/gitlab-personal-token.yaml | 2 +- http/exposures/tokens/jwk-json-leak.yaml | 9 ++- .../tokens/npm/npm-access-token.yaml | 2 +- .../tokens/rapid/rapidapi-access-token.yaml | 2 +- .../tokens/readme/readme-api-token.yaml | 2 +- .../tokens/ruby/rubygems-api-key.yaml | 2 +- .../tokens/scalingo/scalingo-api-token.yaml | 2 +- .../tokens/sendbird/sendbird-access-id.yaml | 2 +- .../sendbird/sendbird-access-token.yaml | 2 +- .../tokens/slack/slack-bot-token.yaml | 5 +- .../tokens/slack/slack-user-token.yaml | 5 +- .../sonarqube/sonarqube-cloud-token.yaml | 3 +- .../tokens/square/square-access.yaml | 2 +- .../tokens/stackhawk/stackhawk-api.yaml | 2 +- .../tokens/stripe/stripe-secret-key.yaml | 3 +- .../tokens/zenserp/zenscrape-api-key.yaml | 3 +- http/fuzzing/cache-poisoning-fuzz.yaml | 2 +- http/fuzzing/wordpress-plugins-detect.yaml | 2 +- http/fuzzing/xff-403-bypass.yaml | 2 +- .../secrets-patterns-rules.yaml | 2 +- http/honeypot/citrix-honeypot-detect.yaml | 12 ++-- http/honeypot/snare-honeypot-detect.yaml | 4 +- http/iot/automation-direct.yaml | 9 ++- http/iot/cae-monitor-panel.yaml | 4 +- http/iot/etic-telecom-panel.yaml | 4 +- .../iot/grandstream-device-configuration.yaml | 6 +- http/iot/honeywell-building-control.yaml | 5 +- http/iot/hp-color-laserjet-detect.yaml | 5 +- http/iot/hue-personal-wireless-panel.yaml | 8 +-- http/iot/kyocera-printer-panel.yaml | 4 +- http/iot/moxa-vpn-router-panel.yaml | 4 +- http/iot/octoprint-3dprinter-detect.yaml | 14 ++--- http/iot/siemens-logo8-panel.yaml | 7 ++- http/iot/siemens-simatic-panel.yaml | 4 +- http/iot/wago-webbased-panel.yaml | 4 +- http/iot/zebra-printer-detect.yaml | 3 +- .../miscellaneous/azure-blob-core-detect.yaml | 4 +- .../credit-card-number-detect.yaml | 4 +- .../exposed-file-upload-form.yaml | 3 +- http/miscellaneous/microsoft-azure-error.yaml | 4 +- .../netflix-conductor-version.yaml | 4 +- http/miscellaneous/ntlm-directories.yaml | 2 +- .../onion-website-supported.yaml | 22 +++---- http/miscellaneous/seized-site.yaml | 24 ++++---- http/miscellaneous/trust-center-detect.yaml | 2 +- http/misconfiguration/aem/aem-acs-common.yaml | 6 +- http/misconfiguration/aem/aem-bg-servlet.yaml | 9 +-- http/misconfiguration/aem/aem-bulkeditor.yaml | 7 +-- .../aem/aem-cached-pages.yaml | 9 +-- .../aem/aem-childrenlist-xss.yaml | 11 ++-- http/misconfiguration/aem/aem-crx-bypass.yaml | 7 +-- .../aem/aem-crx-namespace.yaml | 6 +- http/misconfiguration/aem/aem-crx-search.yaml | 6 +- .../aem/aem-custom-script.yaml | 7 +-- .../aem/aem-debugging-libraries.yaml | 6 +- .../aem/aem-default-get-servlet.yaml | 7 +-- http/misconfiguration/aem/aem-disk-usage.yaml | 6 +- .../aem/aem-dump-contentnode.yaml | 6 +- .../aem/aem-explorer-nodetypes.yaml | 6 +- .../aem/aem-external-link-checker.yaml | 6 +- .../misconfiguration/aem/aem-gql-servlet.yaml | 9 +-- .../aem/aem-groovyconsole.yaml | 6 +- .../aem/aem-hash-querybuilder.yaml | 8 +-- .../aem/aem-login-status.yaml | 7 +-- .../aem/aem-merge-metadata-servlet.yaml | 9 +-- .../aem/aem-offloading-browser.yaml | 6 +- .../aem/aem-osgi-bundles.yaml | 6 +- .../aem-querybuilder-internal-path-read.yaml | 9 +-- .../aem/aem-querybuilder-json-servlet.yaml | 6 +- .../aem/aem-setpreferences-xss.yaml | 11 +--- .../aem/aem-sling-userinfo.yaml | 7 +-- .../aem/aem-userinfo-servlet.yaml | 9 +-- http/misconfiguration/aem/crxde-lite.yaml | 2 +- .../airflow/airflow-debug.yaml | 17 +----- .../airflow/unauthenticated-airflow.yaml | 17 +----- .../ampache-update-exposure.yaml | 15 +---- .../apache-drill-exposure.yaml | 4 +- .../misconfiguration/apache-druid-unauth.yaml | 4 +- http/misconfiguration/apache-impala.yaml | 3 +- .../apache-struts-showcase.yaml | 10 +-- .../apache/apache-nifi-unauth.yaml | 9 +-- .../apache/apache-zeppelin-unauth.yaml | 9 +-- .../apollo-adminservice-unauth.yaml | 11 +--- .../misconfiguration/apple-cups-exposure.yaml | 3 +- http/misconfiguration/atlantis-dashboard.yaml | 4 +- .../atlassian-bamboo-build.yaml | 15 +---- .../misconfiguration/aws/aws-s3-explorer.yaml | 4 +- .../bitbucket-auth-bypass.yaml | 5 +- .../bitbucket-public-repository.yaml | 8 +-- .../bootstrap-admin-panel-template.yaml | 8 +-- .../browserless-debugger.yaml | 2 - http/misconfiguration/canon-c3325-unauth.yaml | 2 +- .../casdoor-users-password.yaml | 6 +- .../changedetection-unauth.yaml | 2 +- http/misconfiguration/chatgpt-web-unauth.yaml | 6 +- .../clickhouse-unauth-api.yaml | 4 +- .../codeigniter-errorpage.yaml | 16 +---- http/misconfiguration/codemeter-webadmin.yaml | 5 +- .../confluence/confluence-oauth-admin.yaml | 2 +- .../cookies-without-httponly.yaml | 4 +- .../cookies-without-secure.yaml | 4 +- http/misconfiguration/corebos-htaccess.yaml | 4 +- .../misconfiguration/debug/ampache-debug.yaml | 15 +---- http/misconfiguration/debug/bottle-debug.yaml | 5 +- .../debug/flask-werkzeug-debug.yaml | 7 +-- http/misconfiguration/debug/github-debug.yaml | 4 +- .../deployment-interface-exposed.yaml | 2 +- .../dgraph-dashboard-exposure.yaml | 8 +-- .../directory-listing-no-host-header.yaml | 2 +- http/misconfiguration/dlink-n300-backup.yaml | 2 +- .../dlink-unauth-cgi-script.yaml | 2 +- .../docmosis-tornado-server.yaml | 6 +- .../drupal/drupal-user-enum-ajax.yaml | 4 +- .../drupal/drupal-user-enum-redirect.yaml | 4 +- http/misconfiguration/elasticsearch.yaml | 1 - .../envoy-admin-exposure.yaml | 8 +-- http/misconfiguration/esphome-dashboard.yaml | 10 +-- http/misconfiguration/everything-listing.yaml | 3 +- .../misconfiguration/feiyuxing-info-leak.yaml | 2 +- http/misconfiguration/filebrowser-unauth.yaml | 4 +- http/misconfiguration/freshrss-unauth.yaml | 6 +- .../fusionauth-admin-setup.yaml | 11 +--- .../ganglia-cluster-dashboard.yaml | 3 +- .../genieacs-default-jwt.yaml | 2 +- http/misconfiguration/git-web-interface.yaml | 6 +- .../misconfiguration/gitea-public-signup.yaml | 15 +---- .../gitlab/gitlab-public-repos.yaml | 11 +--- .../gitlab/gitlab-public-signup.yaml | 11 +--- http/misconfiguration/gitlist-disclosure.yaml | 6 +- .../global-traffic-statistics.yaml | 6 +- .../gocd/gocd-cruise-configuration.yaml | 10 +-- .../gocd/gocd-encryption-key.yaml | 10 +-- .../gocd/gocd-unauth-dashboard.yaml | 10 +-- .../grafana-public-signup.yaml | 8 +-- .../graphql/graphql-alias-batching.yaml | 6 +- .../graphql/graphql-playground.yaml | 4 +- .../misconfiguration/grav-register-admin.yaml | 6 +- .../h2o/h2o-arbitary-file-read.yaml | 6 +- http/misconfiguration/h2o/h2o-dashboard.yaml | 4 +- .../haproxy-exporter-metrics.yaml | 4 +- .../helm-dashboard-exposure.yaml | 3 +- http/misconfiguration/hfs-exposure.yaml | 10 +-- .../hp/unauthorized-printer-hp.yaml | 4 +- .../ibm-friendly-path-exposure.yaml | 5 +- http/misconfiguration/imgproxy-unauth.yaml | 9 +-- .../ingress-nginx-valid-admission.yaml | 2 +- .../installer/activecollab-installer.yaml | 5 +- .../installer/adguard-installer.yaml | 4 +- .../installer/alma-installer.yaml | 6 +- .../installer/ampache-music-installer.yaml | 15 +---- .../atlassian-bamboo-setup-wizard.yaml | 15 +---- .../installer/avideo-install.yaml | 13 ++-- .../installer/bagisto-installer.yaml | 8 +-- .../installer/basercms-install.yaml | 2 +- .../installer/bitrix24-installer.yaml | 7 +-- .../installer/call-com-installer.yaml | 3 +- .../installer/chamilo-installer.yaml | 7 +-- .../installer/circarlife-setup.yaml | 6 +- .../installer/clipbucket-installer.yaml | 4 +- .../installer/cloudcenter-installer.yaml | 4 +- .../installer/codeigniter-installer.yaml | 15 +---- .../installer/combodo-itop-installer.yaml | 11 +--- .../installer/concrete-installer.yaml | 6 +- .../installer/connectwise-setup.yaml | 5 +- .../installer/custom-xoops-installer.yaml | 2 +- .../installer/discourse-installer.yaml | 4 +- .../installer/dokuwiki-installer.yaml | 9 +-- .../installer/dolibarr-installer.yaml | 12 +--- .../installer/dolphin-installer.yaml | 3 +- .../installer/drupal-install.yaml | 4 +- .../installer/ejbca-enterprise-installer.yaml | 5 +- .../installer/elgg-install.yaml | 5 +- .../installer/emlog-installer.yaml | 4 +- .../installer/eshop-installer.yaml | 10 +-- .../installer/espocrm-installer.yaml | 3 +- .../installer/eyoucms-installer.yaml | 7 +-- .../installer/facturascripts-installer.yaml | 3 +- .../installer/flarum-installer.yaml | 8 +-- .../installer/fossbilling-installer.yaml | 4 +- .../installer/freshrss-installer.yaml | 6 +- .../installer/froxlor-installer.yaml | 6 +- .../installer/gibbon-installer.yaml | 8 +-- .../installer/gitea-installer.yaml | 15 +---- .../installer/glpi-installer.yaml | 12 +--- .../installer/gogs-installer.yaml | 13 +--- .../installer/growi-installer.yaml | 5 +- .../installer/impresspages-installer.yaml | 6 +- .../installer/jira-setup.yaml | 8 +-- .../installer/joomla-installer.yaml | 6 +- .../installer/knowledgetree-installer.yaml | 4 +- .../installer/kodbox-installer.yaml | 2 +- .../installer/librenms-installer.yaml | 5 +- .../installer/limesurvey-installer.yaml | 10 +-- .../installer/lychee-installer.yaml | 5 +- .../installer/magento-installer.yaml | 6 +- .../installer/magnolia-installer.yaml | 10 +-- .../installer/mantisbt-installer.yaml | 11 +--- .../installer/matomo-installer.yaml | 9 +-- .../installer/mautic-installer.yaml | 10 +-- .../installer/monstra-installer.yaml | 8 +-- .../installer/moodle-installer.yaml | 13 +--- .../installer/moosocial-installer.yaml | 7 +-- .../installer/mosparo-install.yaml | 4 +- .../installer/mura-cms-setup-installer.yaml | 7 +-- .../installer/nagios-logserver-installer.yaml | 2 +- .../installer/nagiosxi-installer.yaml | 11 +--- .../installer/nodebb-installer.yaml | 8 +-- .../installer/nopcommerce-installer.yaml | 5 +- .../installer/octoprint-installer.yaml | 10 +-- .../installer/ojs-installer.yaml | 8 +-- .../installer/onlyoffice-installer.yaml | 3 +- .../installer/openemr-setup-installer.yaml | 17 +----- .../installer/openfire-setup.yaml | 14 +---- .../installer/openmage-install.yaml | 4 +- .../installer/openshift-installer-panel.yaml | 8 +-- .../installer/opensis-installer.yaml | 6 +- .../installer/orangehrm-installer.yaml | 4 +- .../installer/orangescrum-install.yaml | 4 +- .../installer/orchard-installer.yaml | 5 +- .../owncloud-installer-exposure.yaml | 8 +-- .../installer/oxid-eshop-installer.yaml | 10 +-- .../installer/pagekit-installer.yaml | 6 +- .../installer/pandora-fms-installer.yaml | 10 +-- .../installer/permissions-installer.yaml | 6 +- .../installer/phpbb-installer.yaml | 4 +- .../installer/phpgedview-installer.yaml | 3 +- .../installer/phpipam-installer.yaml | 7 +-- .../installer/phpmyfaq-installer.yaml | 5 +- .../installer/phpwind-installer.yaml | 4 +- .../installer/piwigo-installer.yaml | 11 +--- .../installer/pmm-installer.yaml | 6 +- .../installer/poste-io-installer.yaml | 10 +-- .../installer/prestashop-installer.yaml | 7 +-- .../installer/processwire-installer.yaml | 8 +-- .../installer/projectsend-installer.yaml | 12 +--- .../installer/qloapps-installer.yaml | 6 +- .../installer/redash-installer.yaml | 7 +-- .../installer/sabnzbd-installer.yaml | 4 +- .../installer/server-monitor-installer.yaml | 6 +- .../installer/setup-github-enterprise.yaml | 4 +- .../installer/shopware-installer.yaml | 8 +-- .../installer/smf-installer.yaml | 6 +- .../installer/snipe-it-installer.yaml | 9 +-- .../installer/spa-cart-installer.yaml | 2 +- .../installer/subrion-installer.yaml | 7 +-- .../installer/sugarcrm-install.yaml | 13 +--- .../installer/suitecrm-installer.yaml | 6 +- .../installer/tasmota-install.yaml | 8 +-- .../installer/tastyigniter-installer.yaml | 3 +- .../installer/tautulli-install.yaml | 13 +--- .../installer/testrail-install.yaml | 10 +-- .../installer/tiny-rss-installer.yaml | 10 +-- .../installer/typo3-installer.yaml | 13 +--- .../installer/umbraco-installer.yaml | 14 +---- .../installer/uvdesk-install.yaml | 6 +- .../installer/vtiger-installer.yaml | 3 +- .../installer/webcalendar-install.yaml | 7 +-- .../installer/webtrees-install.yaml | 4 +- .../installer/webuzo-installer.yaml | 12 +--- .../installer/wiki-js-installer.yaml | 6 +- .../installer/wowonder-installer.yaml | 3 +- .../installer/yzmcms-installer.yaml | 5 +- .../installer/zabbix-installer.yaml | 7 +-- .../installer/zencart-installer.yaml | 8 +-- .../installer/zenphoto-setup.yaml | 6 +- .../intercom-identity-misconfiguration.yaml | 2 - .../misconfiguration/jaeger-ui-dashboard.yaml | 10 ++- http/misconfiguration/jboss-status.yaml | 12 +--- .../jenkins/jenkins-openuser-register.yaml | 7 +-- .../jetty-showcontexts-enable.yaml | 11 +--- .../jupyter-notebooks-exposed.yaml | 15 +---- .../kentico-13-auth-bypass-wt-2025-0006.yaml | 2 +- .../kentico-13-auth-bypass-wt-2025-0011.yaml | 2 +- .../kubernetes/kube-state-metrics.yaml | 4 +- .../misconfiguration/label-studio-signup.yaml | 5 +- .../misconfiguration/laravel-debug-error.yaml | 2 +- .../laravel-debug-infoleak.yaml | 6 +- .../libvirt-exporter-metrics.yaml | 6 +- .../lidarr-dashboard-unauth.yaml | 2 +- .../misconfiguration/liferay/liferay-api.yaml | 11 +--- .../liferay/liferay-axis.yaml | 11 +--- .../liferay/liferay-jsonws.yaml | 11 +--- http/misconfiguration/locust-exposure.yaml | 4 +- .../manage-cabinet-register.yaml | 28 ++++----- .../manage-engine-ad-search.yaml | 6 +- .../microsoft/aspnetcore-dev-env.yaml | 7 +-- .../microsoft/ms-exchange-local-domain.yaml | 18 +----- http/misconfiguration/mlflow-unauth.yaml | 6 +- http/misconfiguration/mongod-exposure.yaml | 7 +-- .../ms-exchange-user-enum.yaml | 14 +---- .../multilaser-pro-setup.yaml | 4 +- http/misconfiguration/mysql-history.yaml | 7 +-- .../nacos-authentication-bypass.yaml | 12 ++-- .../nacos/nacos-create-user.yaml | 9 +-- .../misconfiguration/netalertx-dashboard.yaml | 4 +- .../nginx/nginx-api-traversal.yaml | 1 - http/misconfiguration/ntop-panel-exposed.yaml | 13 +--- .../ntopng-traffic-dashboard.yaml | 17 +----- .../odoo-unprotected-database.yaml | 6 +- http/misconfiguration/openstack-config.yaml | 3 +- .../oracle-reports-services.yaml | 4 +- http/misconfiguration/pcdn-cache-node.yaml | 6 +- http/misconfiguration/perfsonar-toolkit.yaml | 6 +- .../pghero-dashboard-exposure.yaml | 8 +-- .../pgwatch2-db-exposure.yaml | 2 +- .../php-debugbar-exposure.yaml | 2 +- http/misconfiguration/php-errors.yaml | 9 +-- http/misconfiguration/phpcli-stack-trace.yaml | 11 +--- .../phpmyadmin/phpmyadmin-setup.yaml | 16 +---- http/misconfiguration/puppetdb-dashboard.yaml | 8 +-- http/misconfiguration/python-metrics.yaml | 5 +- .../rabbitmq-exporter-metrics.yaml | 8 +-- http/misconfiguration/ray-dashboard.yaml | 12 +--- http/misconfiguration/repetier-unauth.yaml | 5 +- .../request-baskets-exposure.yaml | 5 +- .../salesforce-community-misconfig.yaml | 2 +- .../sap/sap-netweaver-info-leak.yaml | 8 +-- .../sentinel-license-monitor.yaml | 8 +-- .../servicenow-title-injection.yaml | 5 +- .../servicenow-widget-misconfig.yaml | 8 +-- http/misconfiguration/sftpgo-admin-setup.yaml | 4 +- .../misconfiguration/slurm-hpc-dashboard.yaml | 8 +-- http/misconfiguration/smarterstats-setup.yaml | 6 +- http/misconfiguration/smokeping-grapher.yaml | 4 +- .../solr-query-dashboard.yaml | 17 +----- .../sonarqube-projects-disclosure.yaml | 9 +-- .../springboot/springboot-auditevents.yaml | 8 +-- .../springboot/springboot-info.yaml | 3 +- .../sql-server-report-viewer.yaml | 4 +- .../ssrpm-arbitrary-password-reset.yaml | 7 ++- .../misconfiguration/struts-ognl-console.yaml | 10 +-- .../symfony/symfony-debug.yaml | 18 +----- .../symfony/symfony-default-key-rce.yaml | 3 +- .../symfony/symfony-fragment.yaml | 18 +----- .../misconfiguration/syncthing-dashboard.yaml | 1 - .../tasmota-config-webui.yaml | 8 +-- .../teamcity-guest-login-enabled.yaml | 8 +-- .../teamcity-registration-enabled.yaml | 8 +-- .../teslamate-unauth-access.yaml | 8 +-- http/misconfiguration/thinkphp-errors.yaml | 11 +--- http/misconfiguration/tomcat-stacktraces.yaml | 16 +---- .../transmission-dashboard.yaml | 8 +-- http/misconfiguration/typo3-composer.yaml | 13 +--- http/misconfiguration/typo3-debug-mode.yaml | 13 +--- .../unauth-apache-kafka-ui.yaml | 13 +--- .../unauth-celery-flower.yaml | 5 +- http/misconfiguration/unauth-etherpad.yaml | 5 +- .../unauth-ldap-account-manager.yaml | 6 +- http/misconfiguration/unauth-mercurial.yaml | 7 +-- .../unauth-temporal-web-ui.yaml | 5 +- .../unauthenticated-alert-manager.yaml | 6 +- .../unauthenticated-mongo-express.yaml | 12 +--- .../unauthorized-h3csecparh-login.yaml | 6 +- .../untangle-admin-setup.yaml | 12 +--- http/misconfiguration/zabbix-error.yaml | 6 +- http/technologies/4D-detect.yaml | 5 +- http/technologies/accellion-detect.yaml | 24 ++++---- http/technologies/activecollab-detect.yaml | 5 +- .../adobe/adobe-coldfusion-detect.yaml | 9 +-- .../adobe/adobe-coldfusion-error-detect.yaml | 9 +-- http/technologies/aem-detect.yaml | 7 +-- http/technologies/aerocms-detect.yaml | 9 +-- http/technologies/angular-detect.yaml | 9 +-- http/technologies/apache/airflow-detect.yaml | 17 +----- .../apache/apache-allura-detect.yaml | 5 +- .../apache/apache-answer-detect.yaml | 2 +- .../apache/apache-axis-detect.yaml | 3 +- .../apache/apache-cloudstack-detect.yaml | 7 +-- .../apache/apache-cocoon-detect.yaml | 6 +- .../apache/apache-dubbo-detect.yaml | 2 +- .../apache/apache-gravitino-detect.yaml | 4 +- .../apache/apache-hertzbeat-detect.yaml | 2 +- .../apache/apache-jspwiki-detect.yaml | 6 +- .../apache/apache-ofbiz-detect.yaml | 8 +-- .../apache/apache-ozone-detect.yaml | 4 +- .../apache/apache-pinot-detect.yaml | 6 +- .../apache/apache-shenyu-detect.yaml | 4 +- .../apache/apache-streampipes-detect.yaml | 3 +- .../apache/apache-tapestry-detect.yaml | 2 +- .../apache/apache-zeppelin-detect.yaml | 6 +- .../apache/default-apache-test-all.yaml | 18 +----- .../apache/default-apache-test-page.yaml | 18 +----- .../apache/default-apache2-page.yaml | 18 +----- .../technologies/apache/ranger-detection.yaml | 4 +- http/technologies/apache/tomcat-detect.yaml | 10 +-- .../apache/xampp-default-page.yaml | 6 +- http/technologies/appcms-detect.yaml | 3 +- http/technologies/arcgis-tokens.yaml | 4 +- http/technologies/autobahn-python-detect.yaml | 4 +- http/technologies/avideo-detect.yaml | 11 +--- http/technologies/b2b-builder-detect.yaml | 4 +- http/technologies/bamboo-detect.yaml | 15 +---- http/technologies/bigbluebutton-detect.yaml | 4 +- http/technologies/bigip-apm-detect.yaml | 8 +-- http/technologies/boa-web-server.yaml | 4 +- .../burp-collaborator-detect.yaml | 6 +- http/technologies/caobox-cms-detect.yaml | 26 ++++---- http/technologies/casaos-detection.yaml | 10 +-- .../checkpoint-mobile-detect.yaml | 3 +- http/technologies/chevereto-detect.yaml | 4 +- http/technologies/citrix-hypervisor-page.yaml | 4 +- .../citrix-xenmobile-version.yaml | 10 +-- http/technologies/cleo-detect.yaml | 28 ++++----- http/technologies/confluence-detect.yaml | 4 +- .../connectwise-control-detect.yaml | 5 +- http/technologies/couchbase-sync-gateway.yaml | 5 +- http/technologies/craftercms-detect.yaml | 2 - http/technologies/cups-detect.yaml | 24 ++++---- http/technologies/cvsweb-detect.yaml | 9 +-- http/technologies/dash-panel-detect.yaml | 3 +- http/technologies/dedecms-detect.yaml | 12 +--- http/technologies/default-apache-shiro.yaml | 4 +- http/technologies/default-cakephp-page.yaml | 8 +-- .../default-codeigniter-page.yaml | 15 +---- http/technologies/default-django-page.yaml | 12 +--- http/technologies/default-fastcgi-page.yaml | 6 +- http/technologies/default-fedora-page.yaml | 8 +-- .../default-glassfish-server-page.yaml | 8 +-- http/technologies/default-jetty-page.yaml | 11 +--- http/technologies/default-lighttpd-page.yaml | 7 +-- .../default-lighttpd-placeholder-page.yaml | 7 +-- http/technologies/default-movable-page.yaml | 15 +---- http/technologies/default-openresty.yaml | 4 +- .../technologies/default-parallels-plesk.yaml | 6 +- .../default-payara-server-page.yaml | 10 +-- http/technologies/default-plesk-page.yaml | 4 +- .../default-redhat-test-page.yaml | 4 +- http/technologies/default-sitecore-page.yaml | 10 +-- .../default-ssltls-test-page.yaml | 20 +----- http/technologies/default-symfony-page.yaml | 18 +----- http/technologies/default-tengine-page.yaml | 6 +- .../default-websphere-liberty.yaml | 6 +- .../technologies/dell/dell-idrac8-detect.yaml | 2 +- http/technologies/devexpress-detect.yaml | 3 +- http/technologies/directus-detect.yaml | 4 +- http/technologies/domibus-detect.yaml | 27 ++++---- http/technologies/dufs-detect.yaml | 28 ++++----- .../elasticsearch-sql-client-detect.yaml | 3 +- http/technologies/element-web-detect.yaml | 2 +- http/technologies/empirecms-detect.yaml | 5 +- http/technologies/erxes-detect.yaml | 4 +- http/technologies/flutter-web-detect.yaml | 2 +- .../technologies/frappe-framework-detect.yaml | 2 +- http/technologies/gitbook-detect.yaml | 5 +- http/technologies/glpi-status-page.yaml | 13 +--- http/technologies/goliath-detect.yaml | 4 +- .../google/chromecast-detect.yaml | 2 +- .../graylog/graylog-api-exposure.yaml | 6 +- http/technologies/harbor-detect.yaml | 6 +- http/technologies/hikvision-detect.yaml | 4 +- http/technologies/hubble-detect.yaml | 30 ++++----- http/technologies/hugegraph-detect.yaml | 28 ++++----- http/technologies/hugo-detect.yaml | 2 +- http/technologies/ibm/ibm-http-server.yaml | 19 +----- http/technologies/ibm/ibm-odm-detect.yaml | 11 +--- .../technologies/ibm/ibm-spectrum-detect.yaml | 28 ++++----- .../icecast-mediaserver-detect.yaml | 8 +-- http/technologies/icecast-server-detect.yaml | 6 +- .../identity-server-v3-detect.yaml | 6 +- http/technologies/imgproxy-detect.yaml | 7 +-- .../technologies/influxdb-version-detect.yaml | 11 +--- http/technologies/interactsh-server.yaml | 5 +- http/technologies/ispyconnect-detect.yaml | 7 +-- http/technologies/ivanti-epm-detect.yaml | 28 ++++----- .../ivanti/ivanti-endpoint-manager.yaml | 4 +- http/technologies/jeecg-boot-detect.yaml | 10 +-- http/technologies/jellyfin-detect.yaml | 9 +-- http/technologies/jenkins-detect.yaml | 7 +-- http/technologies/jhipster-detect.yaml | 3 +- http/technologies/jira-detect.yaml | 5 +- http/technologies/jitsi-meet-detect.yaml | 4 +- http/technologies/jolokia-detect.yaml | 2 +- http/technologies/joomla-detect.yaml | 6 +- http/technologies/jway-products-detect.yaml | 2 +- http/technologies/kodexplorer-detect.yaml | 4 +- .../kubernetes/kubelet/kubelet-metrics.yaml | 2 +- http/technologies/landesk/landesk-ma.yaml | 3 +- http/technologies/limesurvey-detect.yaml | 7 +-- http/technologies/livehelperchat-detect.yaml | 4 +- http/technologies/lobechat-detect.yaml | 3 - http/technologies/localai-detect.yaml | 8 +-- http/technologies/luxtrust-cosi-detect.yaml | 26 ++++---- http/technologies/magento-detect.yaml | 6 +- http/technologies/magento-eol.yaml | 8 +-- http/technologies/magento-version-detect.yaml | 8 +-- http/technologies/magmi-detect.yaml | 4 +- .../matrix-homeserver-detect.yaml | 4 +- http/technologies/microsoft-iis-8.yaml | 11 +--- .../microsoft/default-azure-function-app.yaml | 8 +-- .../microsoft/default-iis7-page.yaml | 13 +--- .../default-microsoft-azure-page.yaml | 8 +-- .../default-windows-server-page.yaml | 8 +-- .../powerbi-report-server-detect.yaml | 28 ++++----- http/technologies/microweber-detect.yaml | 6 +- http/technologies/mikrotik-httpproxy.yaml | 2 +- http/technologies/mirth-connect-detect.yaml | 28 ++++----- http/technologies/mongoose-server.yaml | 4 +- http/technologies/monstracms-detect.yaml | 11 +--- http/technologies/moveit-transfer-detect.yaml | 11 +--- http/technologies/nacos-version.yaml | 11 +--- http/technologies/neo4j-neodash-detect.yaml | 4 +- http/technologies/nextcloud-detect.yaml | 4 +- .../nextcloud-owncloud-detect.yaml | 8 +-- http/technologies/nexus-detect.yaml | 5 +- http/technologies/notion-detect.yaml | 4 +- http/technologies/nperf-server-detect.yaml | 28 ++++----- http/technologies/ntop-detect.yaml | 15 +---- http/technologies/open-journal-systems.yaml | 8 +-- http/technologies/openarchives-detect.yaml | 1 - http/technologies/openhap-detect.yaml | 4 +- http/technologies/openproject-detect.yaml | 4 +- http/technologies/openssl-detect.yaml | 4 +- http/technologies/oqtane-db-detect.yaml | 9 ++- http/technologies/oracle-fusion-detect.yaml | 24 ++++---- http/technologies/oracle/oracle-dbcs.yaml | 4 +- .../oracle/oracle-iplanet-web-server.yaml | 3 +- .../oracle/oracle-webcenter-sites.yaml | 3 +- http/technologies/osquery-fleet-detect.yaml | 7 +-- .../payara-micro-server-detect.yaml | 10 +-- http/technologies/pbootcms-detect.yaml | 3 +- http/technologies/pexip-detect.yaml | 4 +- http/technologies/pghero-detect.yaml | 28 ++++----- http/technologies/php-detect.yaml | 9 +-- http/technologies/php-fusion-detect.yaml | 2 +- http/technologies/phplist-detect.yaml | 3 +- http/technologies/pi-hole-detect.yaml | 6 +- http/technologies/piwigo-detect.yaml | 11 +--- http/technologies/pomerium-detect.yaml | 2 +- http/technologies/prestashop-detect.yaml | 7 +-- http/technologies/privatebin-detect.yaml | 4 +- http/technologies/projectsend-detect.yaml | 12 +--- http/technologies/pypiserver-detect.yaml | 5 +- .../roundcube-webmail-portal.yaml | 4 +- http/technologies/rseenet-detect.yaml | 12 +--- http/technologies/rsshub-detect.yaml | 3 +- http/technologies/samsung-smarttv-debug.yaml | 4 +- .../sap/sap-netweaver-detect.yaml | 6 +- .../sap/sap-web-dispatcher-admin-portal.yaml | 8 +-- http/technologies/searxng-detect.yaml | 28 ++++----- http/technologies/sekolahku-cms-detect.yaml | 26 ++++---- .../sharefile-storage-server.yaml | 4 +- http/technologies/shibboleth-detect.yaml | 2 +- http/technologies/shopware-detect.yaml | 8 +-- http/technologies/simplesamlphp-detect.yaml | 4 +- http/technologies/sitecore-cms.yaml | 6 +- http/technologies/slims-cms-detect.yaml | 26 ++++---- http/technologies/smartstore-detect.yaml | 3 +- http/technologies/snipeit-panel.yaml | 11 +--- http/technologies/sogo-detect.yaml | 6 +- http/technologies/sparklighter-detect.yaml | 2 +- http/technologies/spip-detect.yaml | 7 +-- http/technologies/springboot-actuator.yaml | 11 +--- http/technologies/statamic-detect.yaml | 2 +- http/technologies/subrion-cms-detect.yaml | 8 +-- http/technologies/thinkphp-detect.yaml | 14 +---- .../tibco-businessconnect-detect.yaml | 3 +- .../tibco-spotfire-services-detect.yaml | 2 +- http/technologies/tileserver-gl.yaml | 7 +-- http/technologies/tinyproxy-detect.yaml | 4 +- http/technologies/torchserve-detect.yaml | 3 +- http/technologies/twenty-detect.yaml | 28 ++++----- http/technologies/typo3-detect.yaml | 13 +--- http/technologies/utility-service-detect.yaml | 8 +-- http/technologies/vbulletin-detect.yaml | 17 +----- .../versa/versa-analytics-server.yaml | 7 +-- .../versa/versa-director-api.yaml | 10 +-- .../versa/versa-networks-detect.yaml | 13 ++-- .../vivotex-web-console-detect.yaml | 11 +--- .../vmware/vmware-horizon-version.yaml | 4 +- .../technologies/wing-ftp-service-detect.yaml | 5 +- http/technologies/winrm-detect.yaml | 2 +- http/technologies/wms-server-detect.yaml | 4 +- http/technologies/wordpress-detect.yaml | 2 +- .../wordpress/plugins/ad-inserter.yaml | 5 +- .../wordpress/plugins/add-to-any.yaml | 5 +- .../wordpress/plugins/admin-menu-editor.yaml | 5 +- .../plugins/advanced-custom-fields.yaml | 5 +- .../wordpress/plugins/akismet.yaml | 3 +- .../plugins/all-in-one-seo-pack.yaml | 5 +- .../plugins/all-in-one-wp-migration.yaml | 5 +- .../all-in-one-wp-security-and-firewall.yaml | 5 +- http/technologies/wordpress/plugins/amp.yaml | 3 +- .../wordpress/plugins/antispam-bee.yaml | 5 +- .../wordpress/plugins/aryo-activity-log.yaml | 5 +- .../wordpress/plugins/astra-sites.yaml | 5 +- .../wordpress/plugins/autoptimize.yaml | 3 +- .../wordpress/plugins/backuply.yaml | 3 +- .../wordpress/plugins/backwpup.yaml | 3 +- .../plugins/better-search-replace.yaml | 5 +- .../wordpress/plugins/better-wp-security.yaml | 5 +- .../plugins/black-studio-tinymce-widget.yaml | 5 +- .../wordpress/plugins/breadcrumb-navxt.yaml | 5 +- .../wordpress/plugins/breeze.yaml | 3 +- .../plugins/broken-link-checker.yaml | 5 +- .../wordpress/plugins/burst-statistics.yaml | 5 +- .../technologies/wordpress/plugins/chaty.yaml | 3 +- .../plugins/child-theme-configurator.yaml | 5 +- .../wordpress/plugins/classic-editor.yaml | 5 +- .../wordpress/plugins/classic-widgets.yaml | 5 +- .../plugins/click-to-chat-for-whatsapp.yaml | 5 +- http/technologies/wordpress/plugins/cmb2.yaml | 3 +- .../wordpress/plugins/coblocks.yaml | 3 +- .../wordpress/plugins/code-snippets.yaml | 5 +- .../wordpress/plugins/coming-soon.yaml | 5 +- .../wordpress/plugins/complianz-gdpr.yaml | 5 +- .../plugins/contact-form-7-honeypot.yaml | 5 +- .../wordpress/plugins/contact-form-7.yaml | 5 +- .../wordpress/plugins/contact-form-cfdb7.yaml | 5 +- .../wordpress/plugins/cookie-law-info.yaml | 5 +- .../wordpress/plugins/cookie-notice.yaml | 5 +- .../wordpress/plugins/copy-delete-posts.yaml | 5 +- .../wordpress/plugins/creame-whatsapp-me.yaml | 5 +- .../creative-mail-by-constant-contact.yaml | 5 +- .../wordpress/plugins/custom-css-js.yaml | 5 +- .../wordpress/plugins/custom-fonts.yaml | 5 +- .../plugins/custom-post-type-ui.yaml | 5 +- .../wordpress/plugins/disable-comments.yaml | 5 +- .../wordpress/plugins/disable-gutenberg.yaml | 5 +- .../wordpress/plugins/duplicate-page.yaml | 5 +- .../wordpress/plugins/duplicate-post.yaml | 5 +- .../wordpress/plugins/duplicator.yaml | 3 +- .../duracelltomi-google-tag-manager.yaml | 5 +- .../plugins/easy-table-of-contents.yaml | 5 +- .../wordpress/plugins/easy-wp-smtp.yaml | 5 +- .../wordpress/plugins/elementor.yaml | 3 +- .../wordpress/plugins/elementskit-lite.yaml | 5 +- .../plugins/enable-media-replace.yaml | 5 +- .../wordpress/plugins/envato-elements.yaml | 5 +- .../essential-addons-for-elementor-lite.yaml | 5 +- .../plugins/ewww-image-optimizer.yaml | 5 +- .../wordpress/plugins/extendify.yaml | 3 +- .../plugins/facebook-for-woocommerce.yaml | 5 +- .../wordpress/plugins/fast-indexing-api.yaml | 5 +- .../favicon-by-realfavicongenerator.yaml | 5 +- .../wordpress/plugins/flamingo.yaml | 3 +- .../wordpress/plugins/flexmls-detect.yaml | 20 +++--- .../wordpress/plugins/fluent-smtp.yaml | 5 +- .../wordpress/plugins/fluentform.yaml | 3 +- .../wordpress/plugins/font-awesome.yaml | 5 +- .../plugins/force-regenerate-thumbnails.yaml | 5 +- .../wordpress/plugins/formidable.yaml | 3 +- .../wordpress/plugins/forminator.yaml | 3 +- .../plugins/ga-google-analytics.yaml | 5 +- .../plugins/gdpr-cookie-compliance.yaml | 5 +- http/technologies/wordpress/plugins/give.yaml | 3 +- .../google-analytics-dashboard-for-wp.yaml | 5 +- .../google-analytics-for-wordpress.yaml | 5 +- .../plugins/google-listings-and-ads.yaml | 5 +- .../wordpress/plugins/google-site-kit.yaml | 5 +- .../plugins/google-sitemap-generator.yaml | 5 +- .../wordpress/plugins/gtranslate.yaml | 3 +- .../wordpress/plugins/gutenberg.yaml | 3 +- .../plugins/happy-elementor-addons.yaml | 5 +- .../plugins/header-footer-code-manager.yaml | 5 +- .../plugins/header-footer-elementor.yaml | 5 +- .../wordpress/plugins/header-footer.yaml | 5 +- .../wordpress/plugins/health-check.yaml | 5 +- .../wordpress/plugins/hello-dolly.yaml | 5 +- .../plugins/host-webfonts-local.yaml | 5 +- .../wordpress/plugins/hostinger.yaml | 3 +- .../wordpress/plugins/image-optimization.yaml | 5 +- .../wordpress/plugins/imagify.yaml | 3 +- .../wordpress/plugins/imsanity.yaml | 3 +- .../plugins/inpost-for-woocommerce.yaml | 5 +- .../plugins/insert-headers-and-footers.yaml | 5 +- .../wordpress/plugins/instagram-feed.yaml | 5 +- .../plugins/intuitive-custom-post-order.yaml | 5 +- .../wordpress/plugins/iwp-client.yaml | 5 +- .../wordpress/plugins/jeg-elementor-kit.yaml | 5 +- .../wordpress/plugins/jetpack-boost.yaml | 5 +- .../wordpress/plugins/jetpack.yaml | 3 +- .../wordpress/plugins/kadence-blocks.yaml | 5 +- .../technologies/wordpress/plugins/kirki.yaml | 3 +- .../wordpress/plugins/leadin.yaml | 3 +- .../limit-login-attempts-reloaded.yaml | 5 +- .../plugins/limit-login-attempts.yaml | 5 +- .../wordpress/plugins/litespeed-cache.yaml | 5 +- .../wordpress/plugins/loco-translate.yaml | 5 +- .../wordpress/plugins/loginizer.yaml | 3 +- .../plugins/mailchimp-for-woocommerce.yaml | 5 +- .../wordpress/plugins/mailchimp-for-wp.yaml | 5 +- .../wordpress/plugins/mailpoet.yaml | 3 +- .../wordpress/plugins/maintenance.yaml | 3 +- .../wordpress/plugins/mainwp-child.yaml | 5 +- .../wordpress/plugins/malcare-security.yaml | 5 +- .../wordpress/plugins/megamenu.yaml | 3 +- .../wordpress/plugins/members.yaml | 3 +- .../wordpress/plugins/meta-box.yaml | 5 +- .../wordpress/plugins/metform.yaml | 3 +- .../wordpress/plugins/ml-slider.yaml | 5 +- .../wordpress/plugins/newsletter.yaml | 3 +- .../plugins/nextend-facebook-connect.yaml | 5 +- .../wordpress/plugins/nextgen-gallery.yaml | 5 +- .../wordpress/plugins/ninja-forms.yaml | 5 +- .../wordpress/plugins/ocean-extra.yaml | 5 +- .../plugins/official-facebook-pixel.yaml | 5 +- .../plugins/one-click-demo-import.yaml | 5 +- .../wordpress/plugins/optinmonster.yaml | 3 +- .../wordpress/plugins/otter-blocks.yaml | 5 +- .../wordpress/plugins/password-protected.yaml | 5 +- .../wordpress/plugins/pdf-embedder.yaml | 5 +- .../plugins/pinterest-for-woocommerce.yaml | 5 +- .../wordpress/plugins/pixelyoursite.yaml | 3 +- .../wordpress/plugins/polylang.yaml | 3 +- .../wordpress/plugins/popup-maker.yaml | 5 +- .../wordpress/plugins/post-smtp.yaml | 5 +- .../wordpress/plugins/post-types-order.yaml | 5 +- .../plugins/premium-addons-for-elementor.yaml | 5 +- .../wordpress/plugins/pretty-link.yaml | 5 +- .../plugins/really-simple-captcha.yaml | 5 +- .../wordpress/plugins/really-simple-ssl.yaml | 5 +- .../wordpress/plugins/redirection.yaml | 3 +- .../wordpress/plugins/redux-framework.yaml | 5 +- .../plugins/regenerate-thumbnails.yaml | 5 +- .../plugins/royal-elementor-addons.yaml | 5 +- .../wordpress/plugins/safe-svg.yaml | 5 +- .../wordpress/plugins/seo-by-rank-math.yaml | 5 +- .../wordpress/plugins/sg-cachepress.yaml | 5 +- .../wordpress/plugins/sg-security.yaml | 5 +- .../plugins/shortcodes-ultimate.yaml | 5 +- .../plugins/shortpixel-image-optimiser.yaml | 5 +- .../plugins/simple-custom-post-order.yaml | 5 +- .../wordpress/plugins/simple-history.yaml | 5 +- .../wordpress/plugins/siteguard.yaml | 3 +- .../wordpress/plugins/siteorigin-panels.yaml | 5 +- .../wordpress/plugins/smart-slider-3.yaml | 5 +- .../wordpress/plugins/so-widgets-bundle.yaml | 5 +- .../wordpress/plugins/speedycache.yaml | 3 +- .../sticky-header-effects-for-elementor.yaml | 5 +- .../stops-core-theme-and-plugin-updates.yaml | 5 +- .../wordpress/plugins/sucuri-scanner.yaml | 5 +- .../wordpress/plugins/svg-support.yaml | 5 +- .../plugins/table-of-contents-plus.yaml | 5 +- .../wordpress/plugins/tablepress.yaml | 3 +- .../plugins/taxonomy-terms-order.yaml | 5 +- .../wordpress/plugins/templately.yaml | 3 +- .../plugins/the-events-calendar.yaml | 5 +- .../wordpress/plugins/tinymce-advanced.yaml | 5 +- .../plugins/translatepress-multilingual.yaml | 5 +- .../ultimate-addons-for-gutenberg.yaml | 5 +- .../plugins/under-construction-page.yaml | 5 +- .../wordpress/plugins/updraftplus.yaml | 3 +- .../wordpress/plugins/user-role-editor.yaml | 5 +- .../wordpress/plugins/userfeedback-lite.yaml | 5 +- .../wordpress/plugins/w3-total-cache.yaml | 5 +- .../plugins/webp-converter-for-media.yaml | 5 +- .../wordpress/plugins/webp-express.yaml | 5 +- .../plugins/widget-importer-exporter.yaml | 5 +- .../woo-cart-abandonment-recovery.yaml | 5 +- .../woo-checkout-field-editor-pro.yaml | 5 +- .../wordpress/plugins/woo-inpost.yaml | 5 +- .../plugins/woo-variation-swatches.yaml | 5 +- .../plugins/woocommerce-gateway-stripe.yaml | 5 +- .../plugins/woocommerce-legacy-rest-api.yaml | 5 +- .../plugins/woocommerce-payments.yaml | 5 +- .../plugins/woocommerce-paypal-payments.yaml | 5 +- ...oocommerce-pdf-invoices-packing-slips.yaml | 5 +- .../plugins/woocommerce-services.yaml | 5 +- .../wordpress/plugins/woocommerce.yaml | 3 +- .../wordpress/plugins/wordfence.yaml | 3 +- .../wordpress/plugins/wordpress-importer.yaml | 5 +- .../wordpress/plugins/wordpress-seo.yaml | 5 +- .../wordpress/plugins/worker.yaml | 3 +- .../wordpress/plugins/wp-crontrol.yaml | 5 +- .../wordpress/plugins/wp-fastest-cache.yaml | 5 +- .../wordpress/plugins/wp-file-manager.yaml | 5 +- .../wordpress/plugins/wp-google-maps.yaml | 5 +- .../wordpress/plugins/wp-mail-logging.yaml | 5 +- .../wordpress/plugins/wp-mail-smtp.yaml | 5 +- .../plugins/wp-maintenance-mode.yaml | 5 +- .../wordpress/plugins/wp-migrate-db.yaml | 5 +- .../wordpress/plugins/wp-multibyte-patch.yaml | 5 +- .../wordpress/plugins/wp-optimize.yaml | 5 +- .../wordpress/plugins/wp-pagenavi.yaml | 5 +- .../wordpress/plugins/wp-reset.yaml | 5 +- .../plugins/wp-reviews-plugin-for-google.yaml | 5 +- .../wordpress/plugins/wp-rollback.yaml | 5 +- .../wordpress/plugins/wp-seopress.yaml | 5 +- .../wordpress/plugins/wp-sitemap-page.yaml | 5 +- .../wordpress/plugins/wp-smushit.yaml | 5 +- .../wordpress/plugins/wp-statistics.yaml | 5 +- .../wordpress/plugins/wp-super-cache.yaml | 5 +- .../wordpress/plugins/wpcf7-recaptcha.yaml | 5 +- .../wordpress/plugins/wpcf7-redirect.yaml | 5 +- .../wordpress/plugins/wpforms-lite.yaml | 5 +- .../wordpress/plugins/wps-hide-login.yaml | 5 +- .../plugins/wpvivid-backuprestore.yaml | 5 +- .../plugins/yith-woocommerce-wishlist.yaml | 5 +- .../themes/wp-bricks-builder-theme.yaml | 4 +- http/technologies/writebook-detect.yaml | 2 +- http/technologies/xenforo-detect.yaml | 4 +- .../technologies/xerox-workcentre-detect.yaml | 4 +- http/technologies/yapi-detect.yaml | 6 +- http/technologies/yeswiki-detect.yaml | 5 +- http/technologies/yourls-detect.yaml | 5 +- http/technologies/zend-server-test-page.yaml | 6 +- http/technologies/zk-framework-detect.yaml | 13 +--- .../74cms/74cms-weixin-sqli.yaml | 7 +-- .../apache/apache-nifi-rce.yaml | 8 +-- .../apache/apache-ofbiz-log4j-rce.yaml | 10 +-- .../apache/apache-solr-log4j-rce.yaml | 18 +----- .../vulnerabilities/avaya/avaya-aura-xss.yaml | 10 +-- .../backdoor/cisco-implant-detect.yaml | 4 +- .../backdoor/lottie-backdoor.yaml | 2 - .../backdoor/sap-netweaver-backdoor.yaml | 4 +- .../cisco-unified-communications-log4j.yaml | 6 +- .../cisco/cisco-webex-log4j-rce.yaml | 6 +- .../citrix/citrix-oob-memory-read.yaml | 3 +- http/vulnerabilities/codimd-file-upload.yaml | 2 +- .../dedecms-carbuyaction-fileinclude.yaml | 12 +--- .../dedecms/dedecms-config-xss.yaml | 14 +---- .../dedecms/dedecms-membergroup-sqli.yaml | 14 +---- .../dedecms/dedecms-openredirect.yaml | 14 +---- http/vulnerabilities/dedecms/dedecms-rce.yaml | 14 +---- .../discuz/discuz-api-pathinfo.yaml | 7 +-- .../drupal/drupal7-elfinder-rce.yaml | 11 ++-- .../ecstatic/node-ecstatic-internal-path.yaml | 2 - .../ecstatic/node-ecstatic-listing.yaml | 7 ++- .../esafenet/esafenet-mysql-fileread.yaml | 7 +-- .../esafenet-netsecconfigajax-sqli.yaml | 4 +- .../esafenet/esafenet-noticeajax-sqli.yaml | 8 +-- .../finereport/finereport-sqli-rce.yaml | 3 +- http/vulnerabilities/fronsetiav-xss.yaml | 2 +- http/vulnerabilities/froxlor-xss.yaml | 8 +-- http/vulnerabilities/gitea/gitea-rce.yaml | 15 +---- http/vulnerabilities/gitlab/gitlab-rce.yaml | 13 +--- .../gnuboard/gnuboard-sms-xss.yaml | 9 +-- .../gnuboard/gnuboard5-rxss.yaml | 9 +-- .../gnuboard/gnuboard5-xss.yaml | 9 +-- http/vulnerabilities/gradio/gradio-lfi.yaml | 15 ++--- http/vulnerabilities/gradio/gradio-ssrf.yaml | 15 ++--- .../grafana/grafana-file-read.yaml | 10 +-- .../huawei/huawei-hg255s-lfi.yaml | 5 +- .../imo/imo-file-download.yaml | 4 +- .../j2ee/liferay-resource-leak.yaml | 13 +--- .../jamf/jamf-log4j-jndi-rce.yaml | 4 +- .../jinhe/jinhe-oa-c6-upload-lfi.yaml | 2 +- .../jira/jira-servicedesk-signup.yaml | 4 +- .../jira-unauthenticated-adminprojects.yaml | 8 +-- .../jira/jira-unauthenticated-dashboards.yaml | 8 +-- .../jira/jira-unauthenticated-screens.yaml | 2 +- .../jira-unauthenticated-user-picker.yaml | 2 +- .../jolokia/jolokia-acceslogvalve-rce.yaml | 4 +- .../jolokia-createstandardhost-rce.yaml | 2 - .../jolokia/jolokia-tomcat-creds-leak.yaml | 4 +- .../jorani/jorani-benjamin-xss.yaml | 10 +-- http/vulnerabilities/juniper/junos-xss.yaml | 7 +-- .../vulnerabilities/jupyter-notebook-rce.yaml | 17 +----- http/vulnerabilities/kkfileview-ssrf.yaml | 5 +- .../landray/landray-eis-sqli.yaml | 5 +- .../landray/landray-oa-replaceextend-rce.yaml | 10 ++- ...andray-oa-sysSearchMain-editParam-rce.yaml | 7 +-- .../landray/landray-oa-treexml-rce.yaml | 5 +- .../leantime/leantime-stored-xss.yaml | 2 - .../magento/magento-2-exposed-api.yaml | 6 +- .../magento/magento-cacheleak.yaml | 6 +- .../magento-unprotected-dev-files.yaml | 6 +- .../microsoft/office-webapps-ssrf.yaml | 6 +- .../mingsoft/mcms-list-sqli.yaml | 5 +- .../mobileiron/mobileiron-log4j-jndi-rce.yaml | 5 +- .../vulnerabilities/nagios/nagios-xi-xss.yaml | 10 +-- .../netgear/netgear-dgn-rce.yaml | 2 +- .../netgear/netgear-wnr614-auth-bypass.yaml | 9 +-- .../nextjs/next-js-cache-poisoning.yaml | 16 ++--- .../nextjs/nextjs-middleware-cache.yaml | 18 +++--- .../nextjs/nextjs-rsc-cache.yaml | 18 +++--- .../nuxt/nuxt-js-semi-lfi.yaml | 10 +-- .../oracle/oracle-ebs-xss.yaml | 5 +- .../other/3cx-management-console.yaml | 14 +---- .../vulnerabilities/other/acti-video-lfi.yaml | 12 +--- .../other/aishu-anyshare-info-exposure.yaml | 4 +- .../other/apache-druid-log4j.yaml | 6 +- http/vulnerabilities/other/bagisto-csti.yaml | 8 +-- .../other/beyond-trust-xss.yaml | 9 +-- http/vulnerabilities/other/carrental-xss.yaml | 7 +-- .../other/citrix-xenapp-log4j-rce.yaml | 5 +- .../other/ckan-dom-based-xss.yaml | 7 +-- .../other/cmseasy-crossall-act-sqli.yaml | 2 +- .../other/coldfusion-debug-xss.yaml | 11 +--- .../other/cpas-managment-sqli.yaml | 2 +- .../other/dixell-xweb500-filewrite.yaml | 2 +- .../other/doorgets-info-disclosure.yaml | 2 +- http/vulnerabilities/other/dzzoffice-xss.yaml | 10 +-- .../other/ecology-oa-file-sqli.yaml | 8 +-- http/vulnerabilities/other/ecshop-sqli.yaml | 8 +-- .../other/elFinder-path-traversal.yaml | 8 +-- .../other/elasticsearch5-log4j-rce.yaml | 7 +-- http/vulnerabilities/other/elgg-sqli.yaml | 8 +-- .../vulnerabilities/other/enjoyrmis-sqli.yaml | 2 +- .../other/fastbee-arbitrary-file-read.yaml | 4 +- http/vulnerabilities/other/flatpress-xss.yaml | 9 +-- .../other/flexnet-log4j-rce.yaml | 8 +-- http/vulnerabilities/other/flir-ax8-rce.yaml | 6 +- .../other/fortiportal-log4j-rce.yaml | 12 +--- http/vulnerabilities/other/fumasoft-sqli.yaml | 3 +- .../vulnerabilities/other/fumengyun-sqli.yaml | 3 +- http/vulnerabilities/other/graylog-log4j.yaml | 8 +-- .../h3c-cnsss-arbitrary-file-upload.yaml | 5 +- .../other/hospital-management-xss.yaml | 9 ++- .../other/hospital-management-xss2.yaml | 9 ++- .../other/icewarp-open-redirect.yaml | 10 +-- .../other/icewarp-webclient-rce.yaml | 10 +-- .../other/inspur-clusterengine-rce.yaml | 4 +- .../other/jan-file-upload.yaml | 3 +- http/vulnerabilities/other/kavita-lfi.yaml | 12 +--- .../other/kingsoft-vgm-lfi.yaml | 2 +- .../other/kiwitcms-json-rpc.yaml | 4 +- .../other/landray-oa-datajson-rce.yaml | 5 +- .../other/logstash-log4j-rce.yaml | 7 +-- .../other/manage-engine-dc-log4j-rce.yaml | 17 +----- .../other/mcms-search-xss.yaml | 3 +- .../vulnerabilities/other/microweber-xss.yaml | 6 +- http/vulnerabilities/other/mockoon-lfi.yaml | 2 - .../other/motic-dsm-arbitrary-file-read.yaml | 4 +- .../other/nacos-auth-bypass.yaml | 9 +-- .../other/nacos-info-leak.yaml | 11 +--- http/vulnerabilities/other/ncast-lfi.yaml | 11 +--- .../other/nextjs-redirect.yaml | 12 +--- .../other/ns-asg-file-read.yaml | 16 ++--- .../other/nsfocus-auth-bypass.yaml | 3 +- http/vulnerabilities/other/nsfocus-lfi.yaml | 3 +- .../other/opencart-core-sqli.yaml | 14 +---- http/vulnerabilities/other/opencti-lfi.yaml | 7 +-- .../other/opennms-log4j-jndi-rce.yaml | 6 +- .../other/openshift-log4j-rce.yaml | 8 +-- http/vulnerabilities/other/opensis-lfi.yaml | 8 +-- .../other/panmicro-arbitrary-file-read.yaml | 2 +- .../other/papercut-log4j-rce.yaml | 13 +--- .../other/parallels-hsphere-xss.yaml | 12 +--- .../vulnerabilities/other/pega-log4j-rce.yaml | 13 +--- .../other/phpldapadmin-xss.yaml | 10 +-- http/vulnerabilities/other/phpok-sqli.yaml | 4 +- http/vulnerabilities/other/pmb-xss.yaml | 8 +-- .../other/prest-sqli-auth-bypass.yaml | 2 +- .../vulnerabilities/other/quick-cms-sqli.yaml | 7 +-- .../other/rconfig-file-upload.yaml | 6 +- .../other/readymade-unilevel-sqli.yaml | 7 +-- .../other/readymade-unilevel-xss.yaml | 8 +-- http/vulnerabilities/other/rundeck-log4j.yaml | 10 +-- .../other/seeyon-oa-log4j.yaml | 6 +- .../other/sharp-printers-lfi.yaml | 2 +- .../other/siteminder-dom-xss.yaml | 8 +-- .../other/slims-8-akasia-xss.yaml | 35 +++++------ .../other/slims-9-xss-index.yaml | 35 +++++------ http/vulnerabilities/other/slims-xss.yaml | 5 +- .../other/sofneta-mecdream-pacs-lfi.yaml | 6 +- .../other/solarview-compact-xss.yaml | 12 +--- .../other/sonicwall-nsm-log4j-rce.yaml | 6 +- .../other/splunk-enterprise-log4j-rce.yaml | 12 +--- http/vulnerabilities/other/steve-xss.yaml | 9 ++- .../other/symantec-sepm-log4j-rce.yaml | 6 +- http/vulnerabilities/other/tamronos-rce.yaml | 7 +-- .../other/tekon-info-leak.yaml | 4 +- .../other/tendat-credential.yaml | 4 +- http/vulnerabilities/other/thruk-xss.yaml | 5 +- http/vulnerabilities/other/tikiwiki-xss.yaml | 6 +- .../other/unifi-network-log4j-rce.yaml | 8 +-- .../other/ups-network-lfi.yaml | 15 +---- http/vulnerabilities/other/voyager-lfi.yaml | 7 +-- .../other/wapples-firewall-lfi.yaml | 8 +-- .../other/webp-server-lfi.yaml | 2 +- .../other/webpagetest-ssrf.yaml | 4 +- .../wp-publishpress-capabilities-xss.yaml | 6 +- http/vulnerabilities/other/wuzhicms-sqli.yaml | 8 +-- .../other/xenmobile-server-log4j.yaml | 14 +---- .../other/xhibiter-nft-sqli.yaml | 5 +- .../other/xxljob-executor-unauth.yaml | 7 +-- http/vulnerabilities/other/yeswiki-sql.yaml | 5 +- .../other/yeswiki-stored-xss.yaml | 5 +- http/vulnerabilities/other/yeswiki-xss.yaml | 5 +- http/vulnerabilities/phpmyadmin-unauth.yaml | 15 +---- .../pkp-lib-open-redirect.yaml | 5 +- .../prestashop-apmarketplace-sqli.yaml | 1 - ...estashop-blocktestimonial-file-upload.yaml | 6 +- ...tashop-cartabandonmentpro-file-upload.yaml | 11 ++-- .../ruijie/ruijie-nmc-sync-rce.yaml | 7 +-- .../ruijie/ruijie-password-leak.yaml | 3 +- .../sangfor/sangfor-ngaf-lfi.yaml | 2 +- .../sitecore/sitecore-xml-xss.yaml | 3 +- .../springboot/springboot-h2-db-rce.yaml | 13 +--- .../thinkphp/thinkphp6-arbitrary-write.yaml | 12 +--- .../tongda/tongda-action-uploadfile.yaml | 7 +-- .../tongda/tongda-auth-bypass.yaml | 13 ++-- .../tongda/tongda-getdata-rce.yaml | 14 ++--- .../tongda/tongda-insert-sqli.yaml | 11 +--- .../tongda/tongda-meeting-unauth.yaml | 11 +--- .../tongda/tongda-report-func-sqli.yaml | 11 +--- .../tongda/tongda-video-file-read.yaml | 9 +-- .../tongda/tongdaoa-auth-bypass.yaml | 11 +--- .../vulnerabilities/ueditor/ueditor-ssrf.yaml | 5 +- .../vbulletin/vbulletin-ajaxreg-sqli.yaml | 18 +----- .../vbulletin/vbulletin-replacead-rce.yaml | 18 +----- .../vbulletin/vbulletin-search-sqli.yaml | 16 +---- http/vulnerabilities/videoxpert-lfi.yaml | 8 +-- .../vmware/vmware-cloud-xss.yaml | 4 +- .../vmware-operation-manager-log4j.yaml | 6 +- .../vmware/vmware-vcenter-log4j-jndi-rce.yaml | 6 +- .../vmware/vrealize-operations-log4j-rce.yaml | 6 +- .../ecology-jqueryfiletree-traversal.yaml | 6 +- .../ecology-verifyquicklogin-auth-bypass.yaml | 5 +- .../ecology/ecology-syncuserinfo-sqli.yaml | 9 +-- .../eoffice/weaver-eoffice-file-upload.yaml | 7 +-- .../weaver/weaver-checkserver-sqli.yaml | 5 +- .../weaver/weaver-ecology-bshservlet-rce.yaml | 6 +- .../weaver-ecology-getsqldata-sqli.yaml | 9 ++- .../weaver/weaver-ecology-hrmcareer-sqli.yaml | 9 ++- .../weaver/weaver-group-xml-sqli.yaml | 4 +- .../weaver/weaver-jquery-file-upload.yaml | 7 +-- .../weaver-ktreeuploadaction-file-upload.yaml | 9 ++- .../weaver/weaver-mysql-config-info-leak.yaml | 4 +- .../weaver-office-server-file-upload.yaml | 7 +-- .../weaver/weaver-officeserver-lfi.yaml | 4 +- .../weaver/weaver-signaturedownload-lfi.yaml | 5 +- .../weaver-sptmforportalthumbnail-lfi.yaml | 5 +- .../weaver/weaver-uploadify-file-upload.yaml | 4 +- .../weaver-uploadoperation-file-upload.yaml | 10 ++- .../weaver/weaver-userselect-unauth.yaml | 4 +- .../wechat/wechat-info-leak.yaml | 1 - .../wordpress/analytify-plugin-xss.yaml | 4 +- .../wordpress/booked-export-csv.yaml | 7 +-- .../wordpress/ninja-forms-xss.yaml | 11 ++-- .../wordpress/photo-gallery-xss.yaml | 4 +- .../photoblocks-grid-gallery-xss.yaml | 4 +- .../wordpress/shortcode-lfi.yaml | 6 +- .../wordpress/wordpress-ssrf-oembed.yaml | 3 - .../wordpress/wp-enabled-registration.yaml | 2 +- .../wordpress/wp-footnote-xss.yaml | 2 +- .../wordpress/wp-gallery-file-upload.yaml | 11 ++-- .../wp-gtranslate-open-redirect.yaml | 3 +- .../wordpress/wp-mstore-plugin-listing.yaml | 5 +- .../wordpress/wp-real-estate-xss.yaml | 8 +-- .../wordpress/wp-social-warfare-rce.yaml | 6 +- .../wordpress/wp-statistics-sqli.yaml | 5 +- .../wp-superstorefinder-misconfig.yaml | 6 +- http/vulnerabilities/wordpress/wp-sym404.yaml | 2 +- .../wordpress/wp-touch-redirect.yaml | 2 +- .../wordpress/wp-user-enum.yaml | 2 +- .../wordpress/wp-yoast-user-enumeration.yaml | 2 +- .../yonyou/yonyou-nc-accept-fileupload.yaml | 7 +-- .../yonyou-nc-baseapp-deserialization.yaml | 7 +-- .../yonyou-nc-dispatcher-fileupload.yaml | 7 +-- .../yonyou-nc-grouptemplet-fileupload.yaml | 10 +-- .../yonyou/yonyou-nc-info-leak.yaml | 7 +-- .../yonyou-nc-ncmessageservlet-rce.yaml | 7 +-- .../yonyou/yonyou-ufida-nc-cloud-sqli.yaml | 2 +- .../yonyou/yonyou-ufida-nc-lfi.yaml | 7 +-- .../yonyou/yonyou-yonbip-lfi.yaml | 28 ++++----- http/vulnerabilities/zend/zend-v1-xss.yaml | 2 +- .../zyxel/unauth-ztp-ping.yaml | 4 +- .../zzzcms/zzzcms-info-disclosure.yaml | 6 +- http/vulnerabilities/zzzcms/zzzcms-ssrf.yaml | 9 ++- http/vulnerabilities/zzzcms/zzzcms-xss.yaml | 8 +-- javascript/backdoor/proftpd-backdoor.yaml | 4 +- javascript/cves/2012/CVE-2012-2122.yaml | 11 ++-- javascript/cves/2016/CVE-2016-8706.yaml | 3 +- javascript/cves/2019/CVE-2019-9193.yaml | 21 +------ javascript/cves/2020/CVE-2020-7247.yaml | 9 +-- javascript/cves/2021/CVE-2021-35394.yaml | 19 +----- javascript/cves/2023/CVE-2023-34039.yaml | 4 +- javascript/cves/2023/CVE-2023-46604.yaml | 15 ++--- javascript/cves/2023/CVE-2023-48795.yaml | 11 ++-- javascript/cves/2024/CVE-2024-23897.yaml | 22 +++---- javascript/cves/2024/CVE-2024-45519.yaml | 30 +++------ javascript/cves/2024/CVE-2024-47176.yaml | 14 ++--- .../default-logins/ldap-default-login.yaml | 2 +- .../default-logins/redis-default-logins.yaml | 12 ++-- javascript/detection/oracle-detect.yaml | 2 +- javascript/detection/oracle-tns-listener.yaml | 2 +- javascript/detection/rdp-detect.yaml | 2 +- javascript/detection/samba-detect.yaml | 8 +-- javascript/detection/ssh-auth-methods.yaml | 2 +- .../enumeration/checkpoint-firewall-enum.yaml | 5 +- .../enumeration/ldap/ldap-metadata.yaml | 2 +- javascript/enumeration/minecraft-enum.yaml | 2 +- javascript/enumeration/mysql/mysql-info.yaml | 2 +- .../mysql/mysql-show-databases.yaml | 2 +- .../mysql/mysql-show-variables.yaml | 2 +- .../enumeration/mysql/mysql-user-enum.yaml | 2 +- .../enumeration/pgsql/pgsql-default-db.yaml | 4 +- .../enumeration/pgsql/pgsql-file-read.yaml | 4 +- .../pgsql/pgsql-list-database.yaml | 4 +- .../pgsql/pgsql-list-password-hashes.yaml | 4 +- .../enumeration/pgsql/pgsql-list-users.yaml | 4 +- .../pgsql/pgsql-version-detect.yaml | 5 +- .../pop3/pop3-capabilities-enum.yaml | 2 +- javascript/enumeration/redis/redis-info.yaml | 19 ++---- .../enumeration/redis/redis-require-auth.yaml | 19 ++---- .../enumeration/rsync/rsync-list-modules.yaml | 5 +- .../enumeration/rsync/rsync-version.yaml | 2 +- javascript/enumeration/smb/ntlm-info.yaml | 6 +- .../enumeration/smb/smb-default-creds.yaml | 9 +-- .../enumeration/smb/smb-enum-domains.yaml | 9 +-- javascript/enumeration/smb/smb-enum.yaml | 9 +-- javascript/enumeration/smb/smb-os-detect.yaml | 9 +-- .../enumeration/smb/smb-v1-supported.yaml | 6 +- .../enumeration/smb/smb-version-detect.yaml | 9 +-- .../enumeration/smb/smb2-capabilities.yaml | 9 +-- .../enumeration/smb/smb2-server-time.yaml | 9 +-- .../ldap/ldap-anonymous-login-detect.yaml | 3 +- .../pgsql/pgsql-empty-password.yaml | 4 +- .../pgsql/pgsql-extensions-rce.yaml | 4 +- .../smb/smb-anonymous-access.yaml | 8 +-- .../misconfiguration/smb/smb-shares.yaml | 9 +-- .../misconfiguration/smb/smb-signing.yaml | 8 +-- .../x11/x11-unauth-access.yaml | 5 +- javascript/udp/detection/db2-discover.yaml | 5 +- javascript/udp/detection/tftp-detect.yaml | 2 +- network/cves/2001/CVE-2001-1473.yaml | 4 +- network/cves/2004/CVE-2004-2687.yaml | 11 ++-- network/cves/2015/CVE-2015-3306.yaml | 4 +- network/cves/2016/CVE-2016-2004.yaml | 4 +- network/cves/2016/CVE-2016-3510.yaml | 4 +- network/cves/2017/CVE-2017-3881.yaml | 5 +- network/cves/2017/CVE-2017-5645.yaml | 5 +- network/cves/2018/CVE-2018-2628.yaml | 6 +- network/cves/2018/CVE-2018-2893.yaml | 4 +- network/cves/2020/CVE-2020-11981.yaml | 9 +-- network/cves/2020/CVE-2020-1938.yaml | 5 +- network/cves/2021/CVE-2021-44521.yaml | 6 +- network/cves/2022/CVE-2022-0543.yaml | 5 -- network/cves/2022/CVE-2022-24706.yaml | 2 +- network/cves/2023/CVE-2023-33246.yaml | 3 +- network/cves/2023/CVE-2023-48788.yaml | 2 +- network/detection/erlang-otp-ssh-detect.yaml | 7 ++- network/detection/fortinet-fgfm-detect.yaml | 2 +- network/detection/mikrotik-ssh-detect.yaml | 5 +- network/detection/redis-detect.yaml | 11 +--- network/detection/wing-ftp-detect.yaml | 3 +- network/detection/ws_ftp-ssh-detect.yaml | 5 +- .../enumeration/smtp/smtp-commands-enum.yaml | 2 +- .../adbhoney-honeypot-cnxn-detect.yaml | 4 +- .../adbhoney-honeypot-shell-detect.yaml | 4 +- .../conpot-siemens-honeypot-detect.yaml | 4 +- .../dionaea-mqtt-honeypot-detect.yaml | 4 +- .../dionaea-mysql-honeypot-detect.yaml | 5 +- .../honeypot/dionaea-smb-honeypot-detect.yaml | 2 +- network/honeypot/gaspot-honeypot-detect.yaml | 2 +- network/honeypot/redis-honeypot-detect.yaml | 5 -- network/misconfig/lantronix-xport-unauth.yaml | 1 - passive/cves/2024/CVE-2024-25723.yaml | 18 ++---- passive/cves/2024/CVE-2024-32651.yaml | 5 +- passive/cves/2024/CVE-2024-40711.yaml | 13 ++-- ssl/c2/onimai-rat-c2.yaml | 2 +- ssl/fortinet/fortimanager-certificate.yaml | 2 +- 5381 files changed, 13350 insertions(+), 21158 deletions(-) diff --git a/cloud/alibaba/ack/ack-cluster-api-public.yaml b/cloud/alibaba/ack/ack-cluster-api-public.yaml index 33dd12ac9a9..22aa245e806 100644 --- a/cloud/alibaba/ack/ack-cluster-api-public.yaml +++ b/cloud/alibaba/ack/ack-cluster-api-public.yaml @@ -9,9 +9,10 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-ACK/private-cluster.html metadata: - verified: true max-request: 1 + verified: true tags: cloud,devops,aliyun,alibaba,aliyun-cloud-config,ack + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/ack/ack-cluster-auditing-disable.yaml b/cloud/alibaba/ack/ack-cluster-auditing-disable.yaml index 0a760259dfe..c1ab344cfb3 100644 --- a/cloud/alibaba/ack/ack-cluster-auditing-disable.yaml +++ b/cloud/alibaba/ack/ack-cluster-auditing-disable.yaml @@ -9,9 +9,10 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-ACK/enable-log-service.html metadata: - verified: true max-request: 2 + verified: true tags: cloud,devops,aliyun,alibaba,aliyun-cloud-config,ack + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/ack/ack-cluster-cloud-monitor-disable.yaml b/cloud/alibaba/ack/ack-cluster-cloud-monitor-disable.yaml index 4abd4a2547c..c88251fe7aa 100644 --- a/cloud/alibaba/ack/ack-cluster-cloud-monitor-disable.yaml +++ b/cloud/alibaba/ack/ack-cluster-cloud-monitor-disable.yaml @@ -9,9 +9,10 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-ACK/enable-cloud-monitor.html metadata: - verified: true max-request: 2 + verified: true tags: cloud,devops,aliyun,alibaba,aliyun-cloud-config,ack + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/ack/ack-cluster-health-disable.yaml b/cloud/alibaba/ack/ack-cluster-health-disable.yaml index 6f0e7c1ca72..7146cdfe275 100644 --- a/cloud/alibaba/ack/ack-cluster-health-disable.yaml +++ b/cloud/alibaba/ack/ack-cluster-health-disable.yaml @@ -9,9 +9,10 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-ACK/cluster-check.html metadata: - verified: true max-request: 2 + verified: true tags: cloud,devops,aliyun,alibaba,aliyun-cloud-config,ack + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/ack/ack-cluster-network-policies-disable.yaml b/cloud/alibaba/ack/ack-cluster-network-policies-disable.yaml index 1aa6dc2c41c..74179220b15 100644 --- a/cloud/alibaba/ack/ack-cluster-network-policies-disable.yaml +++ b/cloud/alibaba/ack/ack-cluster-network-policies-disable.yaml @@ -9,9 +9,10 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-ACK/enable-network-policy-support.html metadata: - verified: true max-request: 2 + verified: true tags: cloud,devops,aliyun,alibaba,aliyun-cloud-config,ack + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/ack/ack-cluster-network-policies-missing.yaml b/cloud/alibaba/ack/ack-cluster-network-policies-missing.yaml index 3b8f044dc3f..8f82c8ff0d8 100644 --- a/cloud/alibaba/ack/ack-cluster-network-policies-missing.yaml +++ b/cloud/alibaba/ack/ack-cluster-network-policies-missing.yaml @@ -9,9 +9,10 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-ACK/enable-network-policy-support.html metadata: - verified: true max-request: 2 + verified: true tags: cloud,devops,aliyun,alibaba,aliyun-cloud-config,ack + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/ack/kubernetes-dashboard-enabled.yaml b/cloud/alibaba/ack/kubernetes-dashboard-enabled.yaml index d056461ec01..b1a5aaddd71 100644 --- a/cloud/alibaba/ack/kubernetes-dashboard-enabled.yaml +++ b/cloud/alibaba/ack/kubernetes-dashboard-enabled.yaml @@ -9,9 +9,10 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-ACK/disable-kubernetes-dashboard.html metadata: - verified: true max-request: 2 + verified: true tags: cloud,devops,aliyun,alibaba,aliyun-cloud-config,ack + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/actiontrail/multi-region-logging-disabled.yaml b/cloud/alibaba/actiontrail/multi-region-logging-disabled.yaml index a464be9b42e..3a982db9fce 100644 --- a/cloud/alibaba/actiontrail/multi-region-logging-disabled.yaml +++ b/cloud/alibaba/actiontrail/multi-region-logging-disabled.yaml @@ -10,9 +10,10 @@ info: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-ActionTrail/enable-multi-region-trails.html - https://www.alibabacloud.com/help/en/actiontrail/product-overview/services-that-work-with-actiontrail metadata: - verified: true max-request: 1 + verified: true tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,actiontrail + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/actiontrail/public-actiontrail-bucket.yaml b/cloud/alibaba/actiontrail/public-actiontrail-bucket.yaml index e3235c2d535..1025503143f 100644 --- a/cloud/alibaba/actiontrail/public-actiontrail-bucket.yaml +++ b/cloud/alibaba/actiontrail/public-actiontrail-bucket.yaml @@ -9,9 +9,10 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-ActionTrail/trail-bucket-publicly-accessible.html metadata: - verified: true max-request: 2 + verified: true tags: cloud,devops,aliyun,alibaba,aliyun-cloud-config,actiontrail + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/alibaba-cloud-code-env.yaml b/cloud/alibaba/alibaba-cloud-code-env.yaml index 7bf30ba4252..2a7e0a0127a 100644 --- a/cloud/alibaba/alibaba-cloud-code-env.yaml +++ b/cloud/alibaba/alibaba-cloud-code-env.yaml @@ -9,9 +9,10 @@ info: reference: - https://github.com/aliyun/aliyun-cli metadata: - verified: true max-request: 3 + verified: true tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/ecs/os-patches-outdated.yaml b/cloud/alibaba/ecs/os-patches-outdated.yaml index afb4be3eb37..dd41b71f0c6 100644 --- a/cloud/alibaba/ecs/os-patches-outdated.yaml +++ b/cloud/alibaba/ecs/os-patches-outdated.yaml @@ -10,9 +10,10 @@ info: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-ECS/apply-latest-os-patches.html - https://www.alibabacloud.com/help/en/security-center/user-guide/fix-software-vulnerabilities metadata: - verified: true max-request: 1 + verified: true tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,ecs + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/ecs/unattached-disk-encryption-disabled.yaml b/cloud/alibaba/ecs/unattached-disk-encryption-disabled.yaml index 679415e0758..70d88e75d33 100644 --- a/cloud/alibaba/ecs/unattached-disk-encryption-disabled.yaml +++ b/cloud/alibaba/ecs/unattached-disk-encryption-disabled.yaml @@ -10,9 +10,10 @@ info: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-ECS/encrypt-unattached-disks.html - https://www.alibabacloud.com/help/en/ecs/user-guide/encrypt-a-data-disk metadata: - verified: true max-request: 1 + verified: true tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,ecs + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/ecs/unattached-vminstance-encryption-disabled.yaml b/cloud/alibaba/ecs/unattached-vminstance-encryption-disabled.yaml index 51ee8270ea5..6b086bc486c 100644 --- a/cloud/alibaba/ecs/unattached-vminstance-encryption-disabled.yaml +++ b/cloud/alibaba/ecs/unattached-vminstance-encryption-disabled.yaml @@ -11,9 +11,10 @@ info: - https://www.alibabacloud.com/help/en/ecs/user-guide/encrypt-a-system-disk - https://www.alibabacloud.com/help/en/ecs/user-guide/encrypt-a-data-disk metadata: + max-request: 1 verified: true - max-request: 2 tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,ecs + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/ecs/unrestricted-rdp-access.yaml b/cloud/alibaba/ecs/unrestricted-rdp-access.yaml index e6e73944a40..a08f2f3e45e 100644 --- a/cloud/alibaba/ecs/unrestricted-rdp-access.yaml +++ b/cloud/alibaba/ecs/unrestricted-rdp-access.yaml @@ -10,9 +10,10 @@ info: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-ECS/unrestricted-rdp-access.html - https://www.alibabacloud.com/help/en/ecs/use-cases/best-practices-of-the-security-group metadata: + max-request: 1 verified: true - max-request: 2 tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,ecs + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/ecs/unrestricted-ssh-access.yaml b/cloud/alibaba/ecs/unrestricted-ssh-access.yaml index 96fb0a574d8..5e52d3d736c 100644 --- a/cloud/alibaba/ecs/unrestricted-ssh-access.yaml +++ b/cloud/alibaba/ecs/unrestricted-ssh-access.yaml @@ -10,9 +10,10 @@ info: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-ECS/unrestricted-ssh-access.html - https://www.alibabacloud.com/help/en/ecs/use-cases/best-practices-of-the-security-group metadata: + max-request: 1 verified: true - max-request: 2 tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,ecs + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/oss/access-logoss-disabled.yaml b/cloud/alibaba/oss/access-logoss-disabled.yaml index d9cb37f71b7..5a6b3829be2 100644 --- a/cloud/alibaba/oss/access-logoss-disabled.yaml +++ b/cloud/alibaba/oss/access-logoss-disabled.yaml @@ -11,9 +11,10 @@ info: - https://www.alibabacloud.com/help/en/oss/user-guide/getting-started - https://www.alibabacloud.com/help/en/oss/user-guide/enable-logging metadata: - verified: true max-request: 2 + verified: true tags: cloud,devops,aliyun,alibaba,aliyun-cloud-config,alibaba-oss + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/oss/improper-bucket-sse.yaml b/cloud/alibaba/oss/improper-bucket-sse.yaml index e83bae83081..f4962d1c388 100644 --- a/cloud/alibaba/oss/improper-bucket-sse.yaml +++ b/cloud/alibaba/oss/improper-bucket-sse.yaml @@ -9,9 +9,10 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-OSS/enable-sse-with-customer-managed-key.html metadata: + max-request: 1 verified: true - max-request: 2 tags: cloud,devops,aliyun,alibaba,aliyun-cloud-config,oss + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/oss/limit-networkaccess-disabled.yaml b/cloud/alibaba/oss/limit-networkaccess-disabled.yaml index b9e4c634c5c..3bf2d0568bc 100644 --- a/cloud/alibaba/oss/limit-networkaccess-disabled.yaml +++ b/cloud/alibaba/oss/limit-networkaccess-disabled.yaml @@ -10,9 +10,10 @@ info: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-OSS/publicly-accessible-oss-bucket.html - https://www.alibabacloud.com/help/en/oss/user-guide/block-public-access metadata: - verified: true max-request: 2 + verified: true tags: cloud,devops,aliyun,alibaba,aliyun-cloud-config,alibaba-oss + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/oss/oos-bucket-public-access.yaml b/cloud/alibaba/oss/oos-bucket-public-access.yaml index 7c4092fe030..875d4af2634 100644 --- a/cloud/alibaba/oss/oos-bucket-public-access.yaml +++ b/cloud/alibaba/oss/oos-bucket-public-access.yaml @@ -10,9 +10,10 @@ info: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-OSS/publicly-accessible-oss-bucket.html - https://www.alibabacloud.com/help/en/oss/user-guide/block-public-access metadata: - verified: true max-request: 2 + verified: true tags: cloud,devops,aliyun,alibaba,aliyun-cloud-config,alibaba-oss + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/oss/secure-transfeross-disabled.yaml b/cloud/alibaba/oss/secure-transfeross-disabled.yaml index bd2a86a8aed..185d83c262c 100644 --- a/cloud/alibaba/oss/secure-transfeross-disabled.yaml +++ b/cloud/alibaba/oss/secure-transfeross-disabled.yaml @@ -10,9 +10,10 @@ info: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-OSS/enable-secure-transfer.html - https://www.alibabacloud.com/help/en/oss/user-guide/use-bucket-policy-to-grant-permission-to-access-oss/ metadata: - verified: true max-request: 2 + verified: true tags: cloud,devops,aliyun,alibaba,aliyun-cloud-config,alibaba-oss + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/oss/sse-cmk-disabled.yaml b/cloud/alibaba/oss/sse-cmk-disabled.yaml index 8bac19d5e2d..a9e3a212444 100644 --- a/cloud/alibaba/oss/sse-cmk-disabled.yaml +++ b/cloud/alibaba/oss/sse-cmk-disabled.yaml @@ -9,9 +9,10 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-OSS/enable-sse-with-customer-managed-key.html metadata: + max-request: 1 verified: true - max-request: 3 tags: cloud,devops,aliyun,alibaba,aliyun-cloud-config,ecs + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/oss/sse-smk-disabled.yaml b/cloud/alibaba/oss/sse-smk-disabled.yaml index 92dc2c6ee13..63a6b085303 100644 --- a/cloud/alibaba/oss/sse-smk-disabled.yaml +++ b/cloud/alibaba/oss/sse-smk-disabled.yaml @@ -9,9 +9,10 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-OSS/enable-sse-with-service-key.html metadata: + max-request: 1 verified: true - max-request: 3 tags: cloud,devops,aliyun,alibaba,aliyun-cloud-config,oss + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/ram/custom-ram-policy-admin-priv.yaml b/cloud/alibaba/ram/custom-ram-policy-admin-priv.yaml index cac782b199b..150d18438d7 100644 --- a/cloud/alibaba/ram/custom-ram-policy-admin-priv.yaml +++ b/cloud/alibaba/ram/custom-ram-policy-admin-priv.yaml @@ -10,9 +10,10 @@ info: - https://www.alibabacloud.com/help/en/ram/user-guide/create-a-custom-policy - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RAM/policies-with-full-administrative-privileges.html metadata: + max-request: 1 verified: true - max-request: 2 tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,alibaba-ram + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/ram/max-password-retry-disabled.yaml b/cloud/alibaba/ram/max-password-retry-disabled.yaml index cf42c1bd9a6..8c19a5e2673 100644 --- a/cloud/alibaba/ram/max-password-retry-disabled.yaml +++ b/cloud/alibaba/ram/max-password-retry-disabled.yaml @@ -9,9 +9,10 @@ info: reference: - https://www.alibabacloud.com/help/en/ram/user-guide/configure-a-password-policy-for-ram-users metadata: - verified: true max-request: 1 + verified: true tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,alibaba-ram + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/ram/mfa-console-password-disabled.yaml b/cloud/alibaba/ram/mfa-console-password-disabled.yaml index 7e502d18d94..efb84fd8e6e 100644 --- a/cloud/alibaba/ram/mfa-console-password-disabled.yaml +++ b/cloud/alibaba/ram/mfa-console-password-disabled.yaml @@ -10,8 +10,8 @@ info: - https://www.alibabacloud.com/help/en/ram/user-guide/bind-an-mfa-device-to-a-ram-user - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RAM/ram-user-multi-factor-authentication-enabled.html metadata: + max-request: 1 verified: true - max-request: 2 tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,alibaba-ram variables: diff --git a/cloud/alibaba/ram/password-policy-expiration-unconfigured.yaml b/cloud/alibaba/ram/password-policy-expiration-unconfigured.yaml index 41acaf9938c..3cfef5f5450 100644 --- a/cloud/alibaba/ram/password-policy-expiration-unconfigured.yaml +++ b/cloud/alibaba/ram/password-policy-expiration-unconfigured.yaml @@ -10,9 +10,10 @@ info: - https://www.alibabacloud.com/help/en/ram/user-guide/configure-a-password-policy-for-ram-users - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RAM/require-password-expiration-policy.html metadata: - verified: true max-request: 1 + verified: true tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,alibaba-ram + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/ram/password-policy-length-unconfigured.yaml b/cloud/alibaba/ram/password-policy-length-unconfigured.yaml index 3a2d7cb6ec9..50adacbaf0f 100644 --- a/cloud/alibaba/ram/password-policy-length-unconfigured.yaml +++ b/cloud/alibaba/ram/password-policy-length-unconfigured.yaml @@ -10,9 +10,10 @@ info: - https://www.alibabacloud.com/help/en/ram/user-guide/configure-a-password-policy-for-ram-users - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RAM/require-14-characters-password-policy.html metadata: - verified: true max-request: 1 + verified: true tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,alibaba-ram + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/ram/password-policy-lowercase-unconfigured.yaml b/cloud/alibaba/ram/password-policy-lowercase-unconfigured.yaml index f904eaf4a62..3d4e1092c17 100644 --- a/cloud/alibaba/ram/password-policy-lowercase-unconfigured.yaml +++ b/cloud/alibaba/ram/password-policy-lowercase-unconfigured.yaml @@ -10,9 +10,10 @@ info: - https://www.alibabacloud.com/help/en/ram/user-guide/configure-a-password-policy-for-ram-users - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RAM/lowercase-letter-password-policy.html metadata: - verified: true max-request: 1 + verified: true tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,alibaba-ram + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/ram/password-policy-num-unconfigured.yaml b/cloud/alibaba/ram/password-policy-num-unconfigured.yaml index 939ca83485c..b38810a7a9e 100644 --- a/cloud/alibaba/ram/password-policy-num-unconfigured.yaml +++ b/cloud/alibaba/ram/password-policy-num-unconfigured.yaml @@ -10,9 +10,10 @@ info: - https://www.alibabacloud.com/help/en/ram/user-guide/configure-a-password-policy-for-ram-users - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RAM/require-number-password-policy.html metadata: - verified: true max-request: 1 + verified: true tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,alibaba-ram + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/ram/password-policy-reuse-enabled.yaml b/cloud/alibaba/ram/password-policy-reuse-enabled.yaml index 35417396aac..2f01956cec4 100644 --- a/cloud/alibaba/ram/password-policy-reuse-enabled.yaml +++ b/cloud/alibaba/ram/password-policy-reuse-enabled.yaml @@ -10,9 +10,10 @@ info: - https://www.alibabacloud.com/help/en/ram/user-guide/configure-a-password-policy-for-ram-users - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RAM/prevent-password-reuse-password-policy.html metadata: - verified: true max-request: 1 + verified: true tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,alibaba-ram + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/ram/password-policy-symbol-unconfigured.yaml b/cloud/alibaba/ram/password-policy-symbol-unconfigured.yaml index 0d36fdf736c..bcb4cc23750 100644 --- a/cloud/alibaba/ram/password-policy-symbol-unconfigured.yaml +++ b/cloud/alibaba/ram/password-policy-symbol-unconfigured.yaml @@ -10,9 +10,10 @@ info: - https://www.alibabacloud.com/help/en/ram/user-guide/configure-a-password-policy-for-ram-users - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RAM/require-symbol-password-policy.html metadata: - verified: true max-request: 1 + verified: true tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,alibaba-ram + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/ram/password-policy-uppercase-unconfigured.yaml b/cloud/alibaba/ram/password-policy-uppercase-unconfigured.yaml index 7abacf79006..b1a5d7bb8a4 100644 --- a/cloud/alibaba/ram/password-policy-uppercase-unconfigured.yaml +++ b/cloud/alibaba/ram/password-policy-uppercase-unconfigured.yaml @@ -10,9 +10,10 @@ info: - https://www.alibabacloud.com/help/en/ram/user-guide/configure-a-password-policy-for-ram-users - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RAM/uppercase-letter-password-policy.html metadata: - verified: true max-request: 1 + verified: true tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,alibaba-ram + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/rds/encryption-intransit-disabled.yaml b/cloud/alibaba/rds/encryption-intransit-disabled.yaml index f9f6eddaf5f..f2c0a51c89e 100644 --- a/cloud/alibaba/rds/encryption-intransit-disabled.yaml +++ b/cloud/alibaba/rds/encryption-intransit-disabled.yaml @@ -10,9 +10,10 @@ info: - https://www.alibabacloud.com/help/en/rds/apsaradb-rds-for-mysql/configure-ssl-encryption-for-an-apsaradb-rds-for-mysql-instance - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RDS/enable-encryption-in-transit.html metadata: + max-request: 1 verified: true - max-request: 2 tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,alibaba-rds + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/rds/log-connections-disabled.yaml b/cloud/alibaba/rds/log-connections-disabled.yaml index 178c30f11e0..94d57eea46e 100644 --- a/cloud/alibaba/rds/log-connections-disabled.yaml +++ b/cloud/alibaba/rds/log-connections-disabled.yaml @@ -10,9 +10,10 @@ info: - https://www.alibabacloud.com/help/en/rds/apsaradb-rds-for-postgresql/use-a-parameter-template-to-configure-the-parameters-of-apsaradb-rds-for-postgresql-instances - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RDS/enable-log-connections-for-postgresql.html metadata: - verified: true max-request: 2 + verified: true tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,alibaba-rds + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/rds/log-disconnections-disabled.yaml b/cloud/alibaba/rds/log-disconnections-disabled.yaml index 77bb0fd0515..da4adb5a335 100644 --- a/cloud/alibaba/rds/log-disconnections-disabled.yaml +++ b/cloud/alibaba/rds/log-disconnections-disabled.yaml @@ -10,9 +10,10 @@ info: - https://www.alibabacloud.com/help/en/rds/apsaradb-rds-for-postgresql/use-a-parameter-template-to-configure-the-parameters-of-apsaradb-rds-for-postgresql-instances - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RDS/enable-log-disconnections-for-postgresql.html metadata: + max-request: 1 verified: true - max-request: 2 tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,alibaba-rds + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/rds/log-duration-disabled.yaml b/cloud/alibaba/rds/log-duration-disabled.yaml index 976ccbce3a3..31d2f064f06 100644 --- a/cloud/alibaba/rds/log-duration-disabled.yaml +++ b/cloud/alibaba/rds/log-duration-disabled.yaml @@ -10,9 +10,10 @@ info: - https://www.alibabacloud.com/help/en/rds/apsaradb-rds-for-postgresql/use-a-parameter-template-to-configure-the-parameters-of-apsaradb-rds-for-postgresql-instances - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RDS/enable-log-duration-for-postgresql.html metadata: - verified: true max-request: 2 + verified: true tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,alibaba-rds + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/rds/mssql-audit-disabled.yaml b/cloud/alibaba/rds/mssql-audit-disabled.yaml index d0668eb55b6..6e58a76cf83 100644 --- a/cloud/alibaba/rds/mssql-audit-disabled.yaml +++ b/cloud/alibaba/rds/mssql-audit-disabled.yaml @@ -10,9 +10,10 @@ info: - https://www.alibabacloud.com/help/en/rds/apsaradb-rds-for-mysql/use-the-sql-explorer-and-audit-feature-on-an-apsaradb-rds-for-mysql-instance - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RDS/enable-sql-server-audit-logs.html metadata: - verified: true max-request: 2 + verified: true tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,alibaba-rds + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/rds/mysql-audit-disabled.yaml b/cloud/alibaba/rds/mysql-audit-disabled.yaml index b0c7c679553..4de08e50011 100644 --- a/cloud/alibaba/rds/mysql-audit-disabled.yaml +++ b/cloud/alibaba/rds/mysql-audit-disabled.yaml @@ -10,9 +10,10 @@ info: - https://www.alibabacloud.com/help/en/rds/apsaradb-rds-for-mysql/use-the-sql-explorer-and-audit-feature-on-an-apsaradb-rds-for-mysql-instance - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RDS/enable-mysql-audit-logs.html metadata: - verified: true max-request: 2 + verified: true tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,alibaba-rds + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/rds/postgresql-audit-disabled.yaml b/cloud/alibaba/rds/postgresql-audit-disabled.yaml index 771cd1c8787..0b4dd7deddb 100644 --- a/cloud/alibaba/rds/postgresql-audit-disabled.yaml +++ b/cloud/alibaba/rds/postgresql-audit-disabled.yaml @@ -10,9 +10,10 @@ info: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RDS/enable-postgres-audit-logs.html - https://www.alibabacloud.com/help/en/rds/apsaradb-rds-for-postgresql/use-the-sql-explorer-and-audit-feature-on-an-apsaradb-rds-for-postgresql-instance metadata: - verified: true max-request: 2 + verified: true tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,alibaba-rds + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/rds/rds-audit-disabled.yaml b/cloud/alibaba/rds/rds-audit-disabled.yaml index 4b8db9d8878..8426d5df31e 100644 --- a/cloud/alibaba/rds/rds-audit-disabled.yaml +++ b/cloud/alibaba/rds/rds-audit-disabled.yaml @@ -10,9 +10,10 @@ info: - https://www.alibabacloud.com/help/en/rds/apsaradb-rds-for-mysql/use-the-sql-explorer-and-audit-feature-on-an-apsaradb-rds-for-mysql-instance - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RDS/enable-audit-logs.html metadata: - verified: true max-request: 2 + verified: true tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,alibaba-rds + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/rds/transparent-encryption-disabled.yaml b/cloud/alibaba/rds/transparent-encryption-disabled.yaml index 8f5f9cdbb4b..d41aa6f1446 100644 --- a/cloud/alibaba/rds/transparent-encryption-disabled.yaml +++ b/cloud/alibaba/rds/transparent-encryption-disabled.yaml @@ -10,9 +10,10 @@ info: - https://www.alibabacloud.com/help/en/rds/apsaradb-rds-for-postgresql/enable-tde-for-an-apsaradb-rds-for-postgresql-instance-and-use-tde - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-RDS/enable-sql-database-tde.html metadata: - verified: true max-request: 2 + verified: true tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,alibaba-rds + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/security-center/scheduled-vulnscan-disabled.yaml b/cloud/alibaba/security-center/scheduled-vulnscan-disabled.yaml index a4b31a46162..aa437b2449a 100644 --- a/cloud/alibaba/security-center/scheduled-vulnscan-disabled.yaml +++ b/cloud/alibaba/security-center/scheduled-vulnscan-disabled.yaml @@ -10,9 +10,10 @@ info: - https://www.alibabacloud.com/help/en/security-center/user-guide/scan-for-vulnerabilities - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-SecurityCenter/enable-scheduled-vulnerability-scan.html metadata: - verified: true max-request: 1 + verified: true tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,security-center + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/security-center/security-notification-disabled.yaml b/cloud/alibaba/security-center/security-notification-disabled.yaml index e420420c0bb..3f6d1b746af 100644 --- a/cloud/alibaba/security-center/security-notification-disabled.yaml +++ b/cloud/alibaba/security-center/security-notification-disabled.yaml @@ -10,9 +10,10 @@ info: - https://www.alibabacloud.com/help/en/security-center/user-guide/use-the-notification-feature - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-SecurityCenter/enable-high-risk-item-notifications.html metadata: - verified: true max-request: 1 + verified: true tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,security-center + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/security-center/security-plan-disabled.yaml b/cloud/alibaba/security-center/security-plan-disabled.yaml index d686f526a4b..3a059ba29a7 100644 --- a/cloud/alibaba/security-center/security-plan-disabled.yaml +++ b/cloud/alibaba/security-center/security-plan-disabled.yaml @@ -10,9 +10,10 @@ info: - https://www.alibabacloud.com/help/en/security-center/product-overview/upgrade-and-downgrade-security-center - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-SecurityCenter/security-center-plan.html metadata: - verified: true max-request: 1 + verified: true tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,security-center + variables: region: "cn-hangzhou" diff --git a/cloud/alibaba/vpc/vpc-flow-disabled.yaml b/cloud/alibaba/vpc/vpc-flow-disabled.yaml index d2680bd7023..beed1fad176 100644 --- a/cloud/alibaba/vpc/vpc-flow-disabled.yaml +++ b/cloud/alibaba/vpc/vpc-flow-disabled.yaml @@ -10,9 +10,10 @@ info: - https://www.alibabacloud.com/help/en/vpc/user-guide/create-and-manage-flow-log - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-VPC/enable-flow-logs.html metadata: + max-request: 1 verified: true - max-request: 2 tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,alibaba-vpc + variables: region: "cn-hangzhou" diff --git a/cloud/aws/cloudformation/stack-notification-disabled.yaml b/cloud/aws/cloudformation/stack-notification-disabled.yaml index 8eedb43f237..e4a4666de1d 100644 --- a/cloud/aws/cloudformation/stack-notification-disabled.yaml +++ b/cloud/aws/cloudformation/stack-notification-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFormation/cloudformation-stack-notification.html - http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-stack.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,cloudformation,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/cloudformation/stack-policy-not-inuse.yaml b/cloud/aws/cloudformation/stack-policy-not-inuse.yaml index a34d5d05cfc..0ec3f6a1e27 100644 --- a/cloud/aws/cloudformation/stack-policy-not-inuse.yaml +++ b/cloud/aws/cloudformation/stack-policy-not-inuse.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFormation/cloudformation-stack-policy.html - http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/protect-stack-resources.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,cloudformation,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/cloudformation/stack-termination-disabled.yaml b/cloud/aws/cloudformation/stack-termination-disabled.yaml index 6cef73bc013..b0468ff6a32 100644 --- a/cloud/aws/cloudformation/stack-termination-disabled.yaml +++ b/cloud/aws/cloudformation/stack-termination-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFormation/stack-termination-protection.html - http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,cloudformation,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/cloudfront/cloudfront-compress-object.yaml b/cloud/aws/cloudfront/cloudfront-compress-object.yaml index 145ae852e08..7cb8c58aed0 100644 --- a/cloud/aws/cloudfront/cloudfront-compress-object.yaml +++ b/cloud/aws/cloudfront/cloudfront-compress-object.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/compress-objects-automatically.html - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/ServingCompressedFiles.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/cloudfront/cloudfront-custom-certificates.yaml b/cloud/aws/cloudfront/cloudfront-custom-certificates.yaml index a6eb7f15b81..5b43972df65 100644 --- a/cloud/aws/cloudfront/cloudfront-custom-certificates.yaml +++ b/cloud/aws/cloudfront/cloudfront-custom-certificates.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-distro-custom-tls.html - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/cloudfront/cloudfront-geo-restriction.yaml b/cloud/aws/cloudfront/cloudfront-geo-restriction.yaml index 35dec7a1715..c742d1ccebb 100644 --- a/cloud/aws/cloudfront/cloudfront-geo-restriction.yaml +++ b/cloud/aws/cloudfront/cloudfront-geo-restriction.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/geo-restriction.html - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/georestrictions.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/cloudfront/cloudfront-insecure-protocol.yaml b/cloud/aws/cloudfront/cloudfront-insecure-protocol.yaml index 70289305f19..aa30c2169b5 100644 --- a/cloud/aws/cloudfront/cloudfront-insecure-protocol.yaml +++ b/cloud/aws/cloudfront/cloudfront-insecure-protocol.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-insecure-origin-ssl-protocols.html - http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/cloudfront/cloudfront-integrated-waf.yaml b/cloud/aws/cloudfront/cloudfront-integrated-waf.yaml index dcdc00cd719..ae70315daa6 100644 --- a/cloud/aws/cloudfront/cloudfront-integrated-waf.yaml +++ b/cloud/aws/cloudfront/cloudfront-integrated-waf.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-integrated-with-waf.html - http://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html - metadata: - max-request: 2 - tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config,xss,sqli + tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/cloudfront/cloudfront-logging-disabled.yaml b/cloud/aws/cloudfront/cloudfront-logging-disabled.yaml index f9e6eb0be28..4632fd851c3 100644 --- a/cloud/aws/cloudfront/cloudfront-logging-disabled.yaml +++ b/cloud/aws/cloudfront/cloudfront-logging-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-logging-enabled.html - http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/cloudfront/cloudfront-origin-shield.yaml b/cloud/aws/cloudfront/cloudfront-origin-shield.yaml index 020c3b31b43..2f8d724c5f1 100644 --- a/cloud/aws/cloudfront/cloudfront-origin-shield.yaml +++ b/cloud/aws/cloudfront/cloudfront-origin-shield.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/enable-origin-shield.html - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/cloudfront/cloudfront-security-policy.yaml b/cloud/aws/cloudfront/cloudfront-security-policy.yaml index 70807834b91..b7e61f30187 100644 --- a/cloud/aws/cloudfront/cloudfront-security-policy.yaml +++ b/cloud/aws/cloudfront/cloudfront-security-policy.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/security-policy.html - https://aws.amazon.com/about-aws/whats-new/2017/09/amazon-cloudfront-now-lets-you-select-a-security-policy-with-minimum-tls-v1_1-1_2-and-security-ciphers-for-viewer-connections/ - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/cloudfront/cloudfront-traffic-unencrypted.yaml b/cloud/aws/cloudfront/cloudfront-traffic-unencrypted.yaml index ea76d5d2212..902ab638f1a 100644 --- a/cloud/aws/cloudfront/cloudfront-traffic-unencrypted.yaml +++ b/cloud/aws/cloudfront/cloudfront-traffic-unencrypted.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-traffic-to-origin-unencrypted.html - http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/cloudfront/cloudfront-viewer-policy.yaml b/cloud/aws/cloudfront/cloudfront-viewer-policy.yaml index 7fea6c07c51..18934871225 100644 --- a/cloud/aws/cloudfront/cloudfront-viewer-policy.yaml +++ b/cloud/aws/cloudfront/cloudfront-viewer-policy.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/viewer-protocol-policy.html - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/dms/dms-multi-az.yaml b/cloud/aws/dms/dms-multi-az.yaml index e126ddb2a61..0cea92e23f3 100644 --- a/cloud/aws/dms/dms-multi-az.yaml +++ b/cloud/aws/dms/dms-multi-az.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/DMS/multi-az.html - https://docs.aws.amazon.com/cli/latest/reference/dms/describe-replication-instances.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,dms,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/dms/dms-public-access.yaml b/cloud/aws/dms/dms-public-access.yaml index 350e4679364..62f4ec7a11a 100644 --- a/cloud/aws/dms/dms-public-access.yaml +++ b/cloud/aws/dms/dms-public-access.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/DMS/publicly-accessible.html - https://docs.aws.amazon.com/dms/latest/userguide/CHAP_ReplicationInstance.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,dms,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/dms/dms-version-upgrade.yaml b/cloud/aws/dms/dms-version-upgrade.yaml index dada7938e52..be6ab7aaa99 100644 --- a/cloud/aws/dms/dms-version-upgrade.yaml +++ b/cloud/aws/dms/dms-version-upgrade.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/DMS/auto-minor-version-upgrade.html - https://docs.aws.amazon.com/cli/latest/reference/dms/index.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,dms,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/ebs/ebs-encryption-disabled.yaml b/cloud/aws/ebs/ebs-encryption-disabled.yaml index fa0930b942f..d6c6da5e373 100644 --- a/cloud/aws/ebs/ebs-encryption-disabled.yaml +++ b/cloud/aws/ebs/ebs-encryption-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/EBS/ebs-encrypted.html - http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,ebs,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/efs/efs-encryption-disabled.yaml b/cloud/aws/efs/efs-encryption-disabled.yaml index 47596489812..e2c97278f21 100644 --- a/cloud/aws/efs/efs-encryption-disabled.yaml +++ b/cloud/aws/efs/efs-encryption-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/ElastiCache/in-transit-and-at-rest-encryption.html - https://docs.aws.amazon.com/efs/latest/ug/encryption.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,efs-encryption-disabled,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/eks/eks-aws-managed-iam-policy.yaml b/cloud/aws/eks/eks-aws-managed-iam-policy.yaml index 124521a214a..b61ee6954e0 100644 --- a/cloud/aws/eks/eks-aws-managed-iam-policy.yaml +++ b/cloud/aws/eks/eks-aws-managed-iam-policy.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/EKS/eks-aws-managed-iam-policy.html - https://docs.aws.amazon.com/eks/latest/userguide/service_IAM_role.html - metadata: - max-request: 3 tags: cloud,devops,aws,amazon,eks,aws-cloud-config + variables: region: "us-east-1" diff --git a/cloud/aws/eks/eks-cluster-logging.yaml b/cloud/aws/eks/eks-cluster-logging.yaml index a203155fe45..84cb2d4cbf8 100644 --- a/cloud/aws/eks/eks-cluster-logging.yaml +++ b/cloud/aws/eks/eks-cluster-logging.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/EKS/cluster-logging.html - https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,eks,aws-cloud-config + variables: region: "us-east-1" diff --git a/cloud/aws/eks/eks-endpoint-access.yaml b/cloud/aws/eks/eks-endpoint-access.yaml index dda06796b9c..e387bfbeb4a 100644 --- a/cloud/aws/eks/eks-endpoint-access.yaml +++ b/cloud/aws/eks/eks-endpoint-access.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/EKS/endpoint-access.html - https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,eks,aws-cloud-config + variables: region: "us-east-1" diff --git a/cloud/aws/eks/eks-iam-managed-policy-networking.yaml b/cloud/aws/eks/eks-iam-managed-policy-networking.yaml index 61931f4beac..1d58bbf0270 100644 --- a/cloud/aws/eks/eks-iam-managed-policy-networking.yaml +++ b/cloud/aws/eks/eks-iam-managed-policy-networking.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/EKS/eks-iam-managed-policy-networking.html - https://docs.aws.amazon.com/eks/latest/userguide/cni-iam-role.html - metadata: - max-request: 4 tags: cloud,devops,aws,amazon,eks,aws-cloud-config + variables: region: "us-east-1" diff --git a/cloud/aws/eks/eks-kubernetes-secrets-encryption.yaml b/cloud/aws/eks/eks-kubernetes-secrets-encryption.yaml index a20099e620e..92ab8c4a60a 100644 --- a/cloud/aws/eks/eks-kubernetes-secrets-encryption.yaml +++ b/cloud/aws/eks/eks-kubernetes-secrets-encryption.yaml @@ -13,9 +13,8 @@ info: reference: - https://docs.aws.amazon.com/eks/latest/userguide/encryption-configuration.html - https://docs.aws.amazon.com/eks/latest/userguide/update-cluster.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,eks,aws-cloud-config + variables: region: "us-east-1" diff --git a/cloud/aws/eks/eks-logging-kubes-api-calls.yaml b/cloud/aws/eks/eks-logging-kubes-api-calls.yaml index d656f0407a8..7e177523c6d 100644 --- a/cloud/aws/eks/eks-logging-kubes-api-calls.yaml +++ b/cloud/aws/eks/eks-logging-kubes-api-calls.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/EKS/eks-logging-kubes-api-calls.html - https://docs.aws.amazon.com/eks/latest/userguide/logging-using-cloudtrail.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,eks,aws-cloud-config + variables: region: "us-east-1" diff --git a/cloud/aws/eks/eks-long-running-pods.yaml b/cloud/aws/eks/eks-long-running-pods.yaml index b9f294a3145..42ef884a617 100644 --- a/cloud/aws/eks/eks-long-running-pods.yaml +++ b/cloud/aws/eks/eks-long-running-pods.yaml @@ -13,9 +13,8 @@ info: reference: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/ - https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,eks,aws-cloud-config + variables: region: "us-east-1" days: "30" diff --git a/cloud/aws/eks/eks-managed-policy-ecr-access.yaml b/cloud/aws/eks/eks-managed-policy-ecr-access.yaml index 300909d5a4b..6c31b33f56a 100644 --- a/cloud/aws/eks/eks-managed-policy-ecr-access.yaml +++ b/cloud/aws/eks/eks-managed-policy-ecr-access.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/EKS/managed-policy-ecr-access.html - https://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr_managed_policies.html - metadata: - max-request: 4 tags: cloud,devops,aws,amazon,eks,aws-cloud-config + variables: region: "us-east-1" diff --git a/cloud/aws/eks/eks-node-group-remote-access.yaml b/cloud/aws/eks/eks-node-group-remote-access.yaml index deca8f33c2f..e4e3597bb51 100644 --- a/cloud/aws/eks/eks-node-group-remote-access.yaml +++ b/cloud/aws/eks/eks-node-group-remote-access.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/EKS/eks-node-group-remote-access.html - https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html - metadata: - max-request: 3 tags: cloud,devops,aws,amazon,eks,aws-cloud-config + variables: region: "us-east-1" diff --git a/cloud/aws/elasticache/cache-automatic-backups-disabled.yaml b/cloud/aws/elasticache/cache-automatic-backups-disabled.yaml index 49694deb4dd..3e6273f9e2a 100644 --- a/cloud/aws/elasticache/cache-automatic-backups-disabled.yaml +++ b/cloud/aws/elasticache/cache-automatic-backups-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/ElastiCache/enable-automatic-backups.html - https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/backups-automatic.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,elasticache,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/elasticache/cache-event-notification-disabled.yaml b/cloud/aws/elasticache/cache-event-notification-disabled.yaml index 8a1bb7dec3e..6e3ff4da3f5 100644 --- a/cloud/aws/elasticache/cache-event-notification-disabled.yaml +++ b/cloud/aws/elasticache/cache-event-notification-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/ElastiCache/enable-cluster-event-notifications.html - https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/ECEvents.SNS.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,elasticache,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/elasticache/cache-redis-encryption-disabled.yaml b/cloud/aws/elasticache/cache-redis-encryption-disabled.yaml index 07d7ab5db96..42681142f28 100644 --- a/cloud/aws/elasticache/cache-redis-encryption-disabled.yaml +++ b/cloud/aws/elasticache/cache-redis-encryption-disabled.yaml @@ -14,9 +14,8 @@ info: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/ElastiCache/in-transit-and-at-rest-encryption.html - https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html - https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/at-rest-encryption.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,elasticache,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/elasticache/cache-redis-multiaz-disabled.yaml b/cloud/aws/elasticache/cache-redis-multiaz-disabled.yaml index eb67b1f946a..ad678296cb2 100644 --- a/cloud/aws/elasticache/cache-redis-multiaz-disabled.yaml +++ b/cloud/aws/elasticache/cache-redis-multiaz-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/ElastiCache/elasticache-multi-az.html - https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/WhatIs.Components.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,elasticache,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/elb/elb-delete-protection-disabled.yaml b/cloud/aws/elb/elb-delete-protection-disabled.yaml index bb2d5ec64f5..92757e8e96c 100644 --- a/cloud/aws/elb/elb-delete-protection-disabled.yaml +++ b/cloud/aws/elb/elb-delete-protection-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/ELBv2/enable-gwlb-deletion-protection.html - https://awscli.amazonaws.com/v2/documentation/api/latest/reference/elbv2/index.html - metadata: - max-request: 2 tags: cloud, devops, aws, amazon, elb, aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/firehose/firehose-server-destination-encryption.yaml b/cloud/aws/firehose/firehose-server-destination-encryption.yaml index 118524de86c..c3151d89bcc 100644 --- a/cloud/aws/firehose/firehose-server-destination-encryption.yaml +++ b/cloud/aws/firehose/firehose-server-destination-encryption.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Firehose/delivery-stream-destination-encryption.html - https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,firehose,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/firehose/firehose-server-side-encryption.yaml b/cloud/aws/firehose/firehose-server-side-encryption.yaml index d5ca2168710..b7f05eba0d4 100644 --- a/cloud/aws/firehose/firehose-server-side-encryption.yaml +++ b/cloud/aws/firehose/firehose-server-side-encryption.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Firehose/delivery-stream-encrypted-with-kms-customer-master-keys.html - https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,firehose,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/guardduty/guardduty-findings.yaml b/cloud/aws/guardduty/guardduty-findings.yaml index e57c0f0a142..d038fcaa070 100644 --- a/cloud/aws/guardduty/guardduty-findings.yaml +++ b/cloud/aws/guardduty/guardduty-findings.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/GuardDuty/findings.html - https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,guardduty,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/guardduty/malware-protection-disabled.yaml b/cloud/aws/guardduty/malware-protection-disabled.yaml index 5ef72108c4a..208b48a2f7a 100644 --- a/cloud/aws/guardduty/malware-protection-disabled.yaml +++ b/cloud/aws/guardduty/malware-protection-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/GuardDuty/enable-malware-protection.html - https://docs.aws.amazon.com/guardduty/latest/ug/malware-protection.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,guardduty,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/guardduty/s3-protection-disabled.yaml b/cloud/aws/guardduty/s3-protection-disabled.yaml index 7be5675b9f2..1c3221968d0 100644 --- a/cloud/aws/guardduty/s3-protection-disabled.yaml +++ b/cloud/aws/guardduty/s3-protection-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/GuardDuty/enable-s3-protection.html - https://docs.aws.amazon.com/guardduty/latest/ug/s3-protection.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,guardduty,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/rds/rds-auto-minor-upgrade-disabled.yaml b/cloud/aws/rds/rds-auto-minor-upgrade-disabled.yaml index 4d43e89b5e5..56964bb6593 100644 --- a/cloud/aws/rds/rds-auto-minor-upgrade-disabled.yaml +++ b/cloud/aws/rds/rds-auto-minor-upgrade-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/rds-auto-minor-version-upgrade.html - http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Upgrading.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,rds,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/rds/rds-automated-backup-disabled.yaml b/cloud/aws/rds/rds-automated-backup-disabled.yaml index e766a97e846..be137144057 100644 --- a/cloud/aws/rds/rds-automated-backup-disabled.yaml +++ b/cloud/aws/rds/rds-automated-backup-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/rds-automated-backups-enabled.html - http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,rds,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/rds/rds-backtrack-disabled.yaml b/cloud/aws/rds/rds-backtrack-disabled.yaml index e60bd9cf2cc..da54fedd1ed 100644 --- a/cloud/aws/rds/rds-backtrack-disabled.yaml +++ b/cloud/aws/rds/rds-backtrack-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/backtrack.html - https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Managing.Backtrack.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,rds,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/rds/rds-cluster-protection-disabled.yaml b/cloud/aws/rds/rds-cluster-protection-disabled.yaml index 30f83aaf95e..f4f7d975aaa 100644 --- a/cloud/aws/rds/rds-cluster-protection-disabled.yaml +++ b/cloud/aws/rds/rds-cluster-protection-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/cluster-deletion-protection.html - https://aws.amazon.com/about-aws/whats-new/2018/09/amazon-rds-now-provides-database-deletion-protection/ - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,rds,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/rds/rds-copy-snap.yaml b/cloud/aws/rds/rds-copy-snap.yaml index 934331feb2a..b6460ff2ad3 100644 --- a/cloud/aws/rds/rds-copy-snap.yaml +++ b/cloud/aws/rds/rds-copy-snap.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/copy-tags-to-snapshot.html - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,rds,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/rds/rds-insights-disabled.yaml b/cloud/aws/rds/rds-insights-disabled.yaml index 1352d93bc74..93a6e7e9ca7 100644 --- a/cloud/aws/rds/rds-insights-disabled.yaml +++ b/cloud/aws/rds/rds-insights-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/performance-insights.html - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.Enabling.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,rds,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/rds/rds-instance-autoscaling-disabled.yaml b/cloud/aws/rds/rds-instance-autoscaling-disabled.yaml index 0d43d68a2d6..f21a5b4d5cf 100644 --- a/cloud/aws/rds/rds-instance-autoscaling-disabled.yaml +++ b/cloud/aws/rds/rds-instance-autoscaling-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/enable-rds-storage-autoscaling.html - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,rds,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/rds/rds-log-export-disabled.yaml b/cloud/aws/rds/rds-log-export-disabled.yaml index 7ddf7a16127..d77b390482b 100644 --- a/cloud/aws/rds/rds-log-export-disabled.yaml +++ b/cloud/aws/rds/rds-log-export-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/log-exports.html - https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,rds,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/rds/rds-multi-az.yaml b/cloud/aws/rds/rds-multi-az.yaml index 717ff4dbe7d..f82d315a1f3 100644 --- a/cloud/aws/rds/rds-multi-az.yaml +++ b/cloud/aws/rds/rds-multi-az.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/rds-multi-az.html - http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,rds,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/rds/rds-public-access.yaml b/cloud/aws/rds/rds-public-access.yaml index a89b7947036..43369bec509 100644 --- a/cloud/aws/rds/rds-public-access.yaml +++ b/cloud/aws/rds/rds-public-access.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/rds-publicly-accessible.html - http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,rds,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/route53/route53-dns-query-disabled.yaml b/cloud/aws/route53/route53-dns-query-disabled.yaml index 1f6e2f55bfb..2d7826a8afa 100644 --- a/cloud/aws/route53/route53-dns-query-disabled.yaml +++ b/cloud/aws/route53/route53-dns-query-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Route53/enable-query-logging.html - https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/monitoring-overview.html - metadata: - max-request: 3 tags: cloud,devops,aws,amazon,route53,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/route53/route53-dnssec-signing-disabled.yaml b/cloud/aws/route53/route53-dnssec-signing-disabled.yaml index 9dd71798558..12c73044658 100644 --- a/cloud/aws/route53/route53-dnssec-signing-disabled.yaml +++ b/cloud/aws/route53/route53-dnssec-signing-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/Route53/enable-query-logging.html - https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/monitoring-overview.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,route53,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/secrets-manager/secret-rotation-interval.yaml b/cloud/aws/secrets-manager/secret-rotation-interval.yaml index d88ac7129cf..77f43e48427 100644 --- a/cloud/aws/secrets-manager/secret-rotation-interval.yaml +++ b/cloud/aws/secrets-manager/secret-rotation-interval.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/SecretsManager/rotation-interval.html - https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/rotate-secret.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,secret-manager,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/secrets-manager/secrets-rotation-disabled.yaml b/cloud/aws/secrets-manager/secrets-rotation-disabled.yaml index d482d383e4f..74289d0a885 100644 --- a/cloud/aws/secrets-manager/secrets-rotation-disabled.yaml +++ b/cloud/aws/secrets-manager/secrets-rotation-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/SecretsManager/rotation-enabled.html - https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/rotate-secret.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,secrets-manager,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/sns/sns-public-subscribe-access.yaml b/cloud/aws/sns/sns-public-subscribe-access.yaml index 6e0f166798c..ae4e00c2295 100644 --- a/cloud/aws/sns/sns-public-subscribe-access.yaml +++ b/cloud/aws/sns/sns-public-subscribe-access.yaml @@ -8,8 +8,6 @@ info: This template checks if Amazon SNS topics are configured to allow public subscription access via topic policies. reference: - https://docs.aws.amazon.com/sns/latest/api/API_GetTopicAttributes.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,sns,aws-cloud-config flow: | diff --git a/cloud/aws/sqs/sqs-deadletter-disabled.yaml b/cloud/aws/sqs/sqs-deadletter-disabled.yaml index df1e1098a9e..94d50ceb52b 100644 --- a/cloud/aws/sqs/sqs-deadletter-disabled.yaml +++ b/cloud/aws/sqs/sqs-deadletter-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/SQS/dead-letter-queue.html - https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,sqs,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/sqs/sqs-encryption-disabled.yaml b/cloud/aws/sqs/sqs-encryption-disabled.yaml index 301b499f723..7f71d1a6815 100644 --- a/cloud/aws/sqs/sqs-encryption-disabled.yaml +++ b/cloud/aws/sqs/sqs-encryption-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/SQS/server-side-encryption.html - http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sse-existing-queue.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,sqs,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/aws/sqs/sqs-queue-exposed.yaml b/cloud/aws/sqs/sqs-queue-exposed.yaml index e79ac0b19ea..37ba84f964e 100644 --- a/cloud/aws/sqs/sqs-queue-exposed.yaml +++ b/cloud/aws/sqs/sqs-queue-exposed.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/SQS/sqs-queue-exposed.html - https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html - metadata: - max-request: 2 tags: cloud,devops,aws,amazon,sqs,aws-cloud-config + variables: region: "us-west-2" diff --git a/cloud/azure/accesscontrol/azure-custom-admin-role-unrestricted.yaml b/cloud/azure/accesscontrol/azure-custom-admin-role-unrestricted.yaml index 13efcd481bb..5a047c40df1 100644 --- a/cloud/azure/accesscontrol/azure-custom-admin-role-unrestricted.yaml +++ b/cloud/azure/accesscontrol/azure-custom-admin-role-unrestricted.yaml @@ -11,9 +11,8 @@ info: Review and restrict the permissions of custom roles in Azure cloud subscriptions. Ensure that custom roles do not grant more privileges than necessary by conforming to the Principle of Least Privilege. reference: - https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,role-based-access,azure-cloud-config + flow: | code(1); for (let RoleData of iterate(template.roleList)) { diff --git a/cloud/azure/accesscontrol/azure-custom-owner-role-unrestricted.yaml b/cloud/azure/accesscontrol/azure-custom-owner-role-unrestricted.yaml index 7be3078676b..8f2a0888149 100644 --- a/cloud/azure/accesscontrol/azure-custom-owner-role-unrestricted.yaml +++ b/cloud/azure/accesscontrol/azure-custom-owner-role-unrestricted.yaml @@ -11,9 +11,8 @@ info: Remove any custom owner roles or modify their permissions to align with the principle of least privilege, ensuring users have only the necessary access rights to perform their duties. reference: - https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,role-management,azure-cloud-config + flow: | code(1); for (let RoleData of iterate(template.roleList)) { diff --git a/cloud/azure/accesscontrol/azure-iam-role-resource-lock-unassigned.yaml b/cloud/azure/accesscontrol/azure-iam-role-resource-lock-unassigned.yaml index b4fe2478814..a72348fdcab 100644 --- a/cloud/azure/accesscontrol/azure-iam-role-resource-lock-unassigned.yaml +++ b/cloud/azure/accesscontrol/azure-iam-role-resource-lock-unassigned.yaml @@ -11,9 +11,8 @@ info: Create a custom IAM role with permissions for Microsoft.Authorization/locks/read, Microsoft.Authorization/locks/write, and Microsoft.Authorization/locks/delete and ensure it is assigned to an identity. reference: - https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles - metadata: - max-request: 3 tags: cloud,devops,azure,microsoft,resource-lock,azure-cloud-config + flow: | code(1); for (let roleName of iterate(template.roleNameList)) { diff --git a/cloud/azure/activedirectory/azure-mfa-not-enabled-privileged-users.yaml b/cloud/azure/activedirectory/azure-mfa-not-enabled-privileged-users.yaml index 1e38349fb1d..e231045c83d 100644 --- a/cloud/azure/activedirectory/azure-mfa-not-enabled-privileged-users.yaml +++ b/cloud/azure/activedirectory/azure-mfa-not-enabled-privileged-users.yaml @@ -14,9 +14,8 @@ info: - https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles - https://docs.microsoft.com/en-us/graph/api/resources/authenticationmethods-overview - https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,azure-cloud-config,graph-api + flow: | code(1); for (let User of iterate(template.noMfaUsers)) { diff --git a/cloud/azure/activitylog/azure-db-mysql-delete-unalerted.yaml b/cloud/azure/activitylog/azure-db-mysql-delete-unalerted.yaml index 6f6d78cd3ea..79ea0f94fa6 100644 --- a/cloud/azure/activitylog/azure-db-mysql-delete-unalerted.yaml +++ b/cloud/azure/activitylog/azure-db-mysql-delete-unalerted.yaml @@ -11,9 +11,8 @@ info: Configure an activity log alert to fire on "Delete MySQL Database" events with the condition set to "Microsoft.DBforMySQL/servers/databases/delete" and ensure that an action group is attached to manage notifications. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,mysql,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-delete-lb-alert-unconfigured.yaml b/cloud/azure/activitylog/azure-delete-lb-alert-unconfigured.yaml index 3b59a5621d7..4620c07f665 100644 --- a/cloud/azure/activitylog/azure-delete-lb-alert-unconfigured.yaml +++ b/cloud/azure/activitylog/azure-delete-lb-alert-unconfigured.yaml @@ -11,9 +11,8 @@ info: Ensure alert rules are properly configured to monitor and notify on "Delete Load Balancer" events by setting the alert condition to "Microsoft.Network/loadBalancers/delete" and attaching an action group for notifications. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,load-balancer,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-key-vault-delete-unalerted.yaml b/cloud/azure/activitylog/azure-key-vault-delete-unalerted.yaml index b81d93cb335..dcdaf3e923b 100644 --- a/cloud/azure/activitylog/azure-key-vault-delete-unalerted.yaml +++ b/cloud/azure/activitylog/azure-key-vault-delete-unalerted.yaml @@ -11,9 +11,8 @@ info: Configure alert rules to monitor and notify whenever "Delete Key Vault" events occur by setting the alert condition to "Microsoft.KeyVault/vaults/delete" and attaching an action group to manage notifications. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,key-vault,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-keyvault-update-unalerted.yaml b/cloud/azure/activitylog/azure-keyvault-update-unalerted.yaml index d80f188a69e..4fcbe1802bd 100644 --- a/cloud/azure/activitylog/azure-keyvault-update-unalerted.yaml +++ b/cloud/azure/activitylog/azure-keyvault-update-unalerted.yaml @@ -11,9 +11,8 @@ info: Configure alert rules to monitor and notify of "Update Key Vault" events by setting the alert condition to "Microsoft.KeyVault/vaults/write" and ensuring that an action group is attached for managing notifications. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,keyvault,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-lb-create-update-missing.yaml b/cloud/azure/activitylog/azure-lb-create-update-missing.yaml index b55de035b40..010c27c9c53 100644 --- a/cloud/azure/activitylog/azure-lb-create-update-missing.yaml +++ b/cloud/azure/activitylog/azure-lb-create-update-missing.yaml @@ -11,9 +11,8 @@ info: Configure Azure activity log alerts to include events for "Create or Update Load Balancer" with proper conditions to ensure compliance and operational awareness. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,loadbalancer,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertIds)) { diff --git a/cloud/azure/activitylog/azure-mysql-db-update-unalerted.yaml b/cloud/azure/activitylog/azure-mysql-db-update-unalerted.yaml index a5b80044ca9..cbee522de40 100644 --- a/cloud/azure/activitylog/azure-mysql-db-update-unalerted.yaml +++ b/cloud/azure/activitylog/azure-mysql-db-update-unalerted.yaml @@ -11,9 +11,8 @@ info: Ensure alert rules are properly configured to monitor and notify on "Create or Update MySQL Database" events by setting the alert condition to "Microsoft.DBforMySQL/servers/databases/write" and ensuring that an action group is attached to manage notifications. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,mysql,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-nsg-create-update-unalerted.yaml b/cloud/azure/activitylog/azure-nsg-create-update-unalerted.yaml index 6e87e63405b..41b273f300e 100644 --- a/cloud/azure/activitylog/azure-nsg-create-update-unalerted.yaml +++ b/cloud/azure/activitylog/azure-nsg-create-update-unalerted.yaml @@ -11,9 +11,8 @@ info: Configure alert rules to monitor "Create" or "Update Network Security Group" events by setting the alert condition to "Microsoft.Network/networkSecurityGroups/write" and attaching an action group to handle notifications. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,network-security-group,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-nsg-delete-unalerted.yaml b/cloud/azure/activitylog/azure-nsg-delete-unalerted.yaml index 55ca08b0d1f..ca1c0e1a37a 100644 --- a/cloud/azure/activitylog/azure-nsg-delete-unalerted.yaml +++ b/cloud/azure/activitylog/azure-nsg-delete-unalerted.yaml @@ -11,9 +11,8 @@ info: Configure alert rules to monitor and notify on "Delete Network Security Group" events by setting the alert condition to "Microsoft.Network/networkSecurityGroups/delete" and ensuring that an action group is attached to manage notifications. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,network-security-group,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-nsg-rule-delete-unalerted.yaml b/cloud/azure/activitylog/azure-nsg-rule-delete-unalerted.yaml index e7e6e784a52..0f7e3609a58 100644 --- a/cloud/azure/activitylog/azure-nsg-rule-delete-unalerted.yaml +++ b/cloud/azure/activitylog/azure-nsg-rule-delete-unalerted.yaml @@ -11,9 +11,8 @@ info: Ensure alert rules are properly configured to monitor and notify on "Delete Network Security Group Rule" events by setting the alert condition to "Microsoft.Network/networkSecurityGroups/securityRules/delete" and ensuring that an action group is attached to manage notifications. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,network-security,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-nsg-rule-update-unalerted.yaml b/cloud/azure/activitylog/azure-nsg-rule-update-unalerted.yaml index b95c1438452..52abd25118f 100644 --- a/cloud/azure/activitylog/azure-nsg-rule-update-unalerted.yaml +++ b/cloud/azure/activitylog/azure-nsg-rule-update-unalerted.yaml @@ -11,9 +11,8 @@ info: Ensure alert rules are properly configured to monitor and notify on "Create or Update Network Security Group Rule" events by setting the alert condition to "Microsoft.Network/networkSecurityGroups/securityRules/write" and ensuring that an action group is attached to manage notifications. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,network-security-group,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-policy-assignment-create-alert-missing.yaml b/cloud/azure/activitylog/azure-policy-assignment-create-alert-missing.yaml index 2f9c06952c2..b1d4bb62189 100644 --- a/cloud/azure/activitylog/azure-policy-assignment-create-alert-missing.yaml +++ b/cloud/azure/activitylog/azure-policy-assignment-create-alert-missing.yaml @@ -11,9 +11,8 @@ info: Configure an Azure activity log alert for "Create Policy Assignment" events to ensure compliance and enhance security monitoring. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,azure-monitor,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-policy-assignment-delete-unalerted.yaml b/cloud/azure/activitylog/azure-policy-assignment-delete-unalerted.yaml index f519639cee1..5ade082a8b0 100644 --- a/cloud/azure/activitylog/azure-policy-assignment-delete-unalerted.yaml +++ b/cloud/azure/activitylog/azure-policy-assignment-delete-unalerted.yaml @@ -11,9 +11,8 @@ info: Configure alert rules to monitor and notify on "Delete Policy Assignment" events by setting the alert condition to "Microsoft.Authorization/policyAssignments/delete" and ensuring that an action group is attached for notifications. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,policy-assignment,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-postgresql-db-delete-unalerted.yaml b/cloud/azure/activitylog/azure-postgresql-db-delete-unalerted.yaml index 6aed67baa30..46be16a98d3 100644 --- a/cloud/azure/activitylog/azure-postgresql-db-delete-unalerted.yaml +++ b/cloud/azure/activitylog/azure-postgresql-db-delete-unalerted.yaml @@ -11,9 +11,8 @@ info: Configure alert rules to fire when events with the operation name "Microsoft.DBforPostgreSQL/servers/databases/delete" occur, ensuring these critical events are monitored effectively. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,postgresql,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-postgresql-db-update-unalerted.yaml b/cloud/azure/activitylog/azure-postgresql-db-update-unalerted.yaml index 7ebbfbda5ac..310fa0afc7f 100644 --- a/cloud/azure/activitylog/azure-postgresql-db-update-unalerted.yaml +++ b/cloud/azure/activitylog/azure-postgresql-db-update-unalerted.yaml @@ -11,9 +11,8 @@ info: Ensure alert rules are properly configured to monitor and notify on "Create or Update PostgreSQL Database" events by setting the alert condition to "Microsoft.DBforPostgreSQL/servers/databases/write" and ensuring that an action group is attached to manage notifications. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,postgresql,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-public-ip-delete-unalerted.yaml b/cloud/azure/activitylog/azure-public-ip-delete-unalerted.yaml index 9b4db88bb01..1942c1796b4 100644 --- a/cloud/azure/activitylog/azure-public-ip-delete-unalerted.yaml +++ b/cloud/azure/activitylog/azure-public-ip-delete-unalerted.yaml @@ -11,9 +11,8 @@ info: Ensure alert rules are properly configured to monitor and notify on "Delete Public IP Address" events by setting the alert condition to "Microsoft.Network/publicIPAddresses/delete" and ensuring that an action group is attached to manage notifications. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,public-ip,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-public-ip-update-unalerted.yaml b/cloud/azure/activitylog/azure-public-ip-update-unalerted.yaml index 066d42d4923..f60dba48836 100644 --- a/cloud/azure/activitylog/azure-public-ip-update-unalerted.yaml +++ b/cloud/azure/activitylog/azure-public-ip-update-unalerted.yaml @@ -11,9 +11,8 @@ info: Ensure alert rules are properly configured to monitor and notify on "Create or Update Public IP Address" events by setting the alert condition to "Microsoft.Network/publicIPAddresses/write" and ensuring that an action group is attached to manage notifications. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,public-ip,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-security-policy-update-unalerted.yaml b/cloud/azure/activitylog/azure-security-policy-update-unalerted.yaml index 67c8e48aefa..90786469bbd 100644 --- a/cloud/azure/activitylog/azure-security-policy-update-unalerted.yaml +++ b/cloud/azure/activitylog/azure-security-policy-update-unalerted.yaml @@ -11,9 +11,8 @@ info: Ensure alert rules are properly configured to monitor and notify on "Update Security Policy" events by setting the alert condition to "Microsoft.Security/policies/write" and ensuring that an action group is attached to manage notifications. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,security,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-security-solution-delete-unalerted.yaml b/cloud/azure/activitylog/azure-security-solution-delete-unalerted.yaml index 9ece9e7b648..87872626a17 100644 --- a/cloud/azure/activitylog/azure-security-solution-delete-unalerted.yaml +++ b/cloud/azure/activitylog/azure-security-solution-delete-unalerted.yaml @@ -11,9 +11,8 @@ info: Ensure alert rules are properly configured to monitor and notify on "Delete Security Solution" events by setting the alert condition to "Microsoft.Security/securitySolutions/delete" and ensuring that an action group is attached to manage notifications. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,security-solution,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-security-solutions-update-unalerted.yaml b/cloud/azure/activitylog/azure-security-solutions-update-unalerted.yaml index 7066376c491..a9da63858a5 100644 --- a/cloud/azure/activitylog/azure-security-solutions-update-unalerted.yaml +++ b/cloud/azure/activitylog/azure-security-solutions-update-unalerted.yaml @@ -11,9 +11,8 @@ info: Ensure alert rules are properly configured to monitor and notify on "Create or Update Security Solution" events by setting the alert condition to "Microsoft.Security/securitySolutions/write" and ensuring that an action group is attached to manage notifications. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,security-solutions,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-sql-database-rename-unalerted.yaml b/cloud/azure/activitylog/azure-sql-database-rename-unalerted.yaml index 262d3edce9f..47fba9d9c5a 100644 --- a/cloud/azure/activitylog/azure-sql-database-rename-unalerted.yaml +++ b/cloud/azure/activitylog/azure-sql-database-rename-unalerted.yaml @@ -11,9 +11,8 @@ info: Ensure alert rules are properly configured to monitor and notify on "Rename Azure SQL Database" events by setting the alert condition to "Microsoft.Sql/servers/databases/move/action" and ensuring that an action group is attached to manage notifications. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,sql-database,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-sql-db-update-unalerted.yaml b/cloud/azure/activitylog/azure-sql-db-update-unalerted.yaml index 0b735575355..4ffb64e67ca 100644 --- a/cloud/azure/activitylog/azure-sql-db-update-unalerted.yaml +++ b/cloud/azure/activitylog/azure-sql-db-update-unalerted.yaml @@ -11,9 +11,8 @@ info: Configure Azure activity log alerts to monitor and notify on "Create or Update Azure SQL Database" events by setting the alert condition to "Microsoft.Sql/servers/databases/write" and ensuring that an action group is attached to manage notifications. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,sql-database,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-sql-delete-db-unalerted.yaml b/cloud/azure/activitylog/azure-sql-delete-db-unalerted.yaml index 36af34cd815..3b7ca6ff44b 100644 --- a/cloud/azure/activitylog/azure-sql-delete-db-unalerted.yaml +++ b/cloud/azure/activitylog/azure-sql-delete-db-unalerted.yaml @@ -11,9 +11,8 @@ info: Configure alert rules to monitor and notify on "Delete Azure SQL Database" events by setting the alert condition to "Microsoft.Sql/servers/databases/delete" and ensuring an action group is configured to handle the alert. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,sql-database,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-sql-fw-rule-unalerted.yaml b/cloud/azure/activitylog/azure-sql-fw-rule-unalerted.yaml index 96e09ffbb90..dfc7edc47cf 100644 --- a/cloud/azure/activitylog/azure-sql-fw-rule-unalerted.yaml +++ b/cloud/azure/activitylog/azure-sql-fw-rule-unalerted.yaml @@ -11,9 +11,8 @@ info: Configure activity log alerts to monitor "Create, Update, or Delete SQL Server Firewall Rule" events by setting the alert condition to "Microsoft.Sql/servers/firewallRules/write" and attaching an action group to handle notifications. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,sql-server,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-storage-account-delete-unalerted.yaml b/cloud/azure/activitylog/azure-storage-account-delete-unalerted.yaml index 06e25d5e252..53be8be8985 100644 --- a/cloud/azure/activitylog/azure-storage-account-delete-unalerted.yaml +++ b/cloud/azure/activitylog/azure-storage-account-delete-unalerted.yaml @@ -11,9 +11,8 @@ info: Ensure alert rules are configured to fire on "Delete Storage Account" events by setting the alert condition to "Microsoft.Storage/storageAccounts/delete" and ensuring that an action group is attached to manage notifications. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,storage-account,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-storage-account-update-unalerted.yaml b/cloud/azure/activitylog/azure-storage-account-update-unalerted.yaml index 0d2f575e2b0..cc9dfe05e49 100644 --- a/cloud/azure/activitylog/azure-storage-account-update-unalerted.yaml +++ b/cloud/azure/activitylog/azure-storage-account-update-unalerted.yaml @@ -11,9 +11,8 @@ info: Ensure alert rules are properly configured to monitor and notify on "Create or Update Storage Account" events by setting the alert condition to "Microsoft.Storage/storageAccounts/write" and ensuring that an action group is attached to manage notifications. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,storage-account,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-vm-create-update-unalerted.yaml b/cloud/azure/activitylog/azure-vm-create-update-unalerted.yaml index 40133d9b362..17e57c5d9c2 100644 --- a/cloud/azure/activitylog/azure-vm-create-update-unalerted.yaml +++ b/cloud/azure/activitylog/azure-vm-create-update-unalerted.yaml @@ -11,9 +11,8 @@ info: Configure alert rules to fire on "Create or Update Virtual Machine" events by setting the alert condition to "Microsoft.Compute/virtualMachines/write" and ensuring that notifications are managed through an action group. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,virtual-machines,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-vm-deallocate-unalerted.yaml b/cloud/azure/activitylog/azure-vm-deallocate-unalerted.yaml index de6c11c6671..d8094e21848 100644 --- a/cloud/azure/activitylog/azure-vm-deallocate-unalerted.yaml +++ b/cloud/azure/activitylog/azure-vm-deallocate-unalerted.yaml @@ -11,9 +11,8 @@ info: Configure Azure activity log alerts to detect "Deallocate Virtual Machine" events by setting the alert condition to "Microsoft.Compute/virtualMachines/deallocate/action" and ensuring that alerts trigger notifications appropriately. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,virtual-machines,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-vm-delete-unalerted.yaml b/cloud/azure/activitylog/azure-vm-delete-unalerted.yaml index 381e3fcb76b..6745f495aaf 100644 --- a/cloud/azure/activitylog/azure-vm-delete-unalerted.yaml +++ b/cloud/azure/activitylog/azure-vm-delete-unalerted.yaml @@ -11,9 +11,8 @@ info: Configure activity log alerts to fire on "Delete Virtual Machine" events by setting the alert condition to "Microsoft.Compute/virtualMachines/delete" and ensure that notifications are managed by an attached action group. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,virtual-machines,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/activitylog/azure-vm-poweroff-unalerted.yaml b/cloud/azure/activitylog/azure-vm-poweroff-unalerted.yaml index 6669a15fda2..b04c3680b33 100644 --- a/cloud/azure/activitylog/azure-vm-poweroff-unalerted.yaml +++ b/cloud/azure/activitylog/azure-vm-poweroff-unalerted.yaml @@ -11,9 +11,8 @@ info: Configure the activity log alert to trigger on the event "Microsoft.Compute/virtualMachines/powerOff/action". Ensure the alert condition includes any event level, status, and initiator to capture all related events. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,virtual-machines,azure-cloud-config + flow: | code(1); for (let AlertData of iterate(template.alertList)) { diff --git a/cloud/azure/aiservices/azure-openai-cmk-not-enabled.yaml b/cloud/azure/aiservices/azure-openai-cmk-not-enabled.yaml index 94e94b5a415..c00ec917c30 100644 --- a/cloud/azure/aiservices/azure-openai-cmk-not-enabled.yaml +++ b/cloud/azure/aiservices/azure-openai-cmk-not-enabled.yaml @@ -11,9 +11,8 @@ info: Configure your Azure OpenAI instances to use Customer-Managed Keys by setting up encryption key attributes in the Azure Key Vault and then linking them to your OpenAI service instances. reference: - https://docs.microsoft.com/en-us/azure/cognitive-services/encryption-key-management - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,openai,azure-cloud-config + flow: | code(1); for (let ServiceData of iterate(template.serviceList)) { diff --git a/cloud/azure/aiservices/azure-openai-managed-identity-not-used.yaml b/cloud/azure/aiservices/azure-openai-managed-identity-not-used.yaml index e80cf5b2476..6b1c7c7cd05 100644 --- a/cloud/azure/aiservices/azure-openai-managed-identity-not-used.yaml +++ b/cloud/azure/aiservices/azure-openai-managed-identity-not-used.yaml @@ -11,9 +11,8 @@ info: Configure your Azure OpenAI service instances to use either system-assigned or user-assigned managed identities to enhance security and simplify resource access management. reference: - https://docs.microsoft.com/en-us/azure/cognitive-services/authentication - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,openai,azure-cloud-config + flow: | code(1); for (let ServiceInstance of iterate(template.instanceList)) { diff --git a/cloud/azure/aiservices/azure-openai-private-endpoints-unconfigured.yaml b/cloud/azure/aiservices/azure-openai-private-endpoints-unconfigured.yaml index 722ac20b4d5..14a6e9c84f7 100644 --- a/cloud/azure/aiservices/azure-openai-private-endpoints-unconfigured.yaml +++ b/cloud/azure/aiservices/azure-openai-private-endpoints-unconfigured.yaml @@ -11,9 +11,8 @@ info: Configure all Azure OpenAI service instances to use private endpoints to enhance security and ensure that these instances are not accessible over the public internet. reference: - https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,openai,azure-cloud-config + flow: | code(1); for (let ServiceInstance of iterate(template.serviceList)) { diff --git a/cloud/azure/aiservices/azure-openai-public-access-disabled.yaml b/cloud/azure/aiservices/azure-openai-public-access-disabled.yaml index 78cf5d73a1a..8f48301481d 100644 --- a/cloud/azure/aiservices/azure-openai-public-access-disabled.yaml +++ b/cloud/azure/aiservices/azure-openai-public-access-disabled.yaml @@ -11,9 +11,8 @@ info: Configure the Azure OpenAI service instances to disable public network access to secure them against unauthorized external access. reference: - https://docs.microsoft.com/en-us/azure/cognitive-services/cognitive-services-apis-create-account-cli?tabs=windows - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,openai,azure-cloud-config + flow: | code(1); for (let ServiceData of iterate(template.serviceList)) { diff --git a/cloud/azure/aks/azure-aks-api-unrestricted.yaml b/cloud/azure/aks/azure-aks-api-unrestricted.yaml index 69fec047e5d..a126f49ee00 100644 --- a/cloud/azure/aks/azure-aks-api-unrestricted.yaml +++ b/cloud/azure/aks/azure-aks-api-unrestricted.yaml @@ -11,9 +11,8 @@ info: Configure the AKS clusters to use API Server Authorized IP Address Ranges by setting the appropriate IP ranges in the AKS configuration to ensure that only authorized IPs have access to the Kubernetes control plane. reference: - https://docs.microsoft.com/en-us/azure/aks/api-server-authorized-ip-ranges - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,aks,azure-cloud-config + flow: | code(1); for (let ClusterData of iterate(template.clusterList)) { diff --git a/cloud/azure/aks/azure-aks-api-version-not-latest.yaml b/cloud/azure/aks/azure-aks-api-version-not-latest.yaml index 4cd98a1e9a5..4f6320ba68b 100644 --- a/cloud/azure/aks/azure-aks-api-version-not-latest.yaml +++ b/cloud/azure/aks/azure-aks-api-version-not-latest.yaml @@ -11,9 +11,8 @@ info: Upgrade the Kubernetes API version of your AKS clusters by following the Azure documentation to apply the latest approved updates and ensure all clusters are consistently using the most recent version available. reference: - https://docs.microsoft.com/en-us/azure/aks/upgrade-cluster - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,kubernetes,azure-cloud-config + flow: | code(1); for (let ClusterData of iterate(template.clusterList)) { diff --git a/cloud/azure/aks/azure-aks-cni-not-configured.yaml b/cloud/azure/aks/azure-aks-cni-not-configured.yaml index 0149fee434e..e0548f8fe2c 100644 --- a/cloud/azure/aks/azure-aks-cni-not-configured.yaml +++ b/cloud/azure/aks/azure-aks-cni-not-configured.yaml @@ -11,9 +11,8 @@ info: Configure AKS clusters to use Azure CNI by setting the networkProfile.networkPlugin to 'azure' during AKS cluster setup or update the existing AKS clusters to use Azure CNI. reference: - https://docs.microsoft.com/en-us/azure/aks/configure-azure-cni - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,aks,azure-cloud-config + flow: | code(1); for (let clusterData of iterate(template.clusterList)) { diff --git a/cloud/azure/aks/azure-aks-entra-id-unintegrated.yaml b/cloud/azure/aks/azure-aks-entra-id-unintegrated.yaml index 744a371408a..7c37d65da7b 100644 --- a/cloud/azure/aks/azure-aks-entra-id-unintegrated.yaml +++ b/cloud/azure/aks/azure-aks-entra-id-unintegrated.yaml @@ -11,9 +11,8 @@ info: Ensure that each Azure Kubernetes Service (AKS) cluster is configured with Microsoft Entra ID by enabling the integration in the AKS cluster settings. reference: - https://docs.microsoft.com/en-us/azure/aks/managed-aad - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,aks,azure-cloud-config + flow: | code(1); for (let ClusterInfo of iterate(template.clusterList)) { diff --git a/cloud/azure/aks/azure-aks-kubernetes-version-outdated.yaml b/cloud/azure/aks/azure-aks-kubernetes-version-outdated.yaml index 572e8ba39ae..01c54473367 100644 --- a/cloud/azure/aks/azure-aks-kubernetes-version-outdated.yaml +++ b/cloud/azure/aks/azure-aks-kubernetes-version-outdated.yaml @@ -11,9 +11,8 @@ info: Upgrade your AKS clusters to the latest available Kubernetes version approved by Microsoft Azure to ensure enhanced features and security. reference: - https://docs.microsoft.com/en-us/azure/aks/kubernetes-service - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,kubernetes,azure-cloud-config + flow: | code(1); for (let ClusterData of iterate(template.clusterList)) { diff --git a/cloud/azure/aks/azure-aks-managed-identity-unassigned.yaml b/cloud/azure/aks/azure-aks-managed-identity-unassigned.yaml index 5c0a2f6f8dc..96b491dd9dd 100644 --- a/cloud/azure/aks/azure-aks-managed-identity-unassigned.yaml +++ b/cloud/azure/aks/azure-aks-managed-identity-unassigned.yaml @@ -11,9 +11,8 @@ info: Ensure that all AKS clusters are configured to use system-assigned managed identities. This can be set during the AKS cluster creation or can be updated on existing clusters. reference: - https://docs.microsoft.com/en-us/azure/aks/use-managed-identity - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,aks,azure-cloud-config + flow: | code(1); for (let AKSData of iterate(template.clusterList)) { diff --git a/cloud/azure/aks/azure-aks-network-contrib-unassigned.yaml b/cloud/azure/aks/azure-aks-network-contrib-unassigned.yaml index a76520b763f..dbc48d09814 100644 --- a/cloud/azure/aks/azure-aks-network-contrib-unassigned.yaml +++ b/cloud/azure/aks/azure-aks-network-contrib-unassigned.yaml @@ -11,9 +11,8 @@ info: Ensure that the Network Contributor role is assigned to your AKS clusters within Azure to enable proper management of networking resources. This can be configured in the IAM settings of the Azure portal. reference: - https://docs.microsoft.com/en-us/azure/aks/manage-azure-rbac - metadata: - max-request: 3 tags: cloud,devops,azure,microsoft,aks,azure-cloud-config + flow: | code(1); for (let ClusterData of iterate(template.clusterList)) { diff --git a/cloud/azure/aks/azure-aks-not-user-assigned.yaml b/cloud/azure/aks/azure-aks-not-user-assigned.yaml index c8ffb467619..75191a676ec 100644 --- a/cloud/azure/aks/azure-aks-not-user-assigned.yaml +++ b/cloud/azure/aks/azure-aks-not-user-assigned.yaml @@ -11,9 +11,8 @@ info: Configure your AKS clusters to use user-assigned managed identities by updating the identity type in the AKS cluster settings and specifying the appropriate managed identities. reference: - https://docs.microsoft.com/en-us/azure/aks/use-managed-identity - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,aks,azure-cloud-config + flow: | code(1); for (let ClusterInfo of iterate(template.clusterList)) { diff --git a/cloud/azure/aks/azure-aks-rbac-unconfigured.yaml b/cloud/azure/aks/azure-aks-rbac-unconfigured.yaml index e00e52a769b..a45997455ec 100644 --- a/cloud/azure/aks/azure-aks-rbac-unconfigured.yaml +++ b/cloud/azure/aks/azure-aks-rbac-unconfigured.yaml @@ -11,9 +11,8 @@ info: Ensure that Kubernetes Role-Based Access Control (RBAC) is enabled for each AKS cluster by configuring it during cluster creation or modifying existing clusters to enable RBAC settings. reference: - https://docs.microsoft.com/en-us/azure/aks/concepts-identity - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,aks,azure-cloud-config + flow: | code(1); for (let ClusterData of iterate(template.clusterList)) { diff --git a/cloud/azure/aks/azure-aks-use-private-kv.yaml b/cloud/azure/aks/azure-aks-use-private-kv.yaml index 267452a20ac..08c8da39476 100644 --- a/cloud/azure/aks/azure-aks-use-private-kv.yaml +++ b/cloud/azure/aks/azure-aks-use-private-kv.yaml @@ -11,9 +11,8 @@ info: Configure your AKS clusters to use private Azure Key Vaults for encryption at rest by setting the 'azureKeyVaultKms.keyVaultNetworkAccess' to 'Private'. reference: - https://docs.microsoft.com/en-us/azure/aks/developer-best-practices-resource-management - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,aks,azure-cloud-config + flow: | code(1); for (let ClusterData of iterate(template.clusterList)) { diff --git a/cloud/azure/apimanagement/azure-apim-http2-not-enabled.yaml b/cloud/azure/apimanagement/azure-apim-http2-not-enabled.yaml index 151db04e2ca..352a50fbb79 100644 --- a/cloud/azure/apimanagement/azure-apim-http2-not-enabled.yaml +++ b/cloud/azure/apimanagement/azure-apim-http2-not-enabled.yaml @@ -11,9 +11,8 @@ info: Enable HTTP/2 support in Azure API Management gateways by setting the 'Microsoft.WindowsAzure.ApiManagement.Gateway.Protocols.Server.Http2' property to 'true'. reference: - https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-http2 - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,api-management,azure-cloud-config + flow: | code(1); for (let APIData of iterate(template.apiList)) { diff --git a/cloud/azure/apimanagement/azure-apim-https-enforcement-missing.yaml b/cloud/azure/apimanagement/azure-apim-https-enforcement-missing.yaml index 0ecc285e815..c209bf098ef 100644 --- a/cloud/azure/apimanagement/azure-apim-https-enforcement-missing.yaml +++ b/cloud/azure/apimanagement/azure-apim-https-enforcement-missing.yaml @@ -11,9 +11,8 @@ info: Configure all Azure API Management APIs to enforce HTTPS by setting the URL scheme to "https" only in the API settings. reference: - https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-secure-backend - metadata: - max-request: 3 tags: cloud,devops,azure,microsoft,apim,azure-cloud-config + flow: | code(1); for (let Service of iterate(template.serviceList)) { diff --git a/cloud/azure/apimanagement/azure-apim-nv-plaintext-exposure.yaml b/cloud/azure/apimanagement/azure-apim-nv-plaintext-exposure.yaml index cfdf680aebe..22e88d5a0d2 100644 --- a/cloud/azure/apimanagement/azure-apim-nv-plaintext-exposure.yaml +++ b/cloud/azure/apimanagement/azure-apim-nv-plaintext-exposure.yaml @@ -11,9 +11,8 @@ info: Convert all named values storing secrets to use the secret (encrypted) type in Azure API Management to mitigate the risk of exposing sensitive information. reference: - https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-properties - metadata: - max-request: 3 tags: cloud,devops,azure,microsoft,api-management,azure-cloud-config + flow: | code(1); for (let ServiceData of iterate(template.serviceList)) { diff --git a/cloud/azure/apimanagement/azure-apim-public-access-disabled.yaml b/cloud/azure/apimanagement/azure-apim-public-access-disabled.yaml index 07e85861814..94725f1538b 100644 --- a/cloud/azure/apimanagement/azure-apim-public-access-disabled.yaml +++ b/cloud/azure/apimanagement/azure-apim-public-access-disabled.yaml @@ -11,9 +11,8 @@ info: Disable public network access for Azure API Management services that are configured with a private endpoint to ensure they are only accessible via Azure Private Link within the private network. reference: - https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-private-link - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,api-management,azure-cloud-config + flow: | code(1); for (let ServiceData of iterate(template.serviceList)) { diff --git a/cloud/azure/apimanagement/azure-apim-resource-logs-not-configured.yaml b/cloud/azure/apimanagement/azure-apim-resource-logs-not-configured.yaml index 6e4e4d509b9..d0fc656e97d 100644 --- a/cloud/azure/apimanagement/azure-apim-resource-logs-not-configured.yaml +++ b/cloud/azure/apimanagement/azure-apim-resource-logs-not-configured.yaml @@ -11,9 +11,8 @@ info: Ensure that resource logs are enabled by setting up diagnostic settings for each Azure API Management service instance. This should include capturing all logs related to API operations and errors. reference: - https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-use-diagnostic-logs - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,api-management,azure-cloud-config + flow: | code(1); for (let Resource of iterate(template.resourceList)) { diff --git a/cloud/azure/apimanagement/azure-apim-system-assigned-identity-unconfigured.yaml b/cloud/azure/apimanagement/azure-apim-system-assigned-identity-unconfigured.yaml index 28e9ce3ce93..f662071c7c9 100644 --- a/cloud/azure/apimanagement/azure-apim-system-assigned-identity-unconfigured.yaml +++ b/cloud/azure/apimanagement/azure-apim-system-assigned-identity-unconfigured.yaml @@ -11,9 +11,8 @@ info: Enable system-assigned managed identities for your Azure API Management service instances through the Azure portal or by configuring the ARM template of your instance to include a system-assigned identity. reference: - https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-use-managed-service-identity - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,api-management,azure-cloud-config + flow: | code(1); for (let ApiService of iterate(template.apiServiceList)) { diff --git a/cloud/azure/apimanagement/azure-apim-tls-config-weak.yaml b/cloud/azure/apimanagement/azure-apim-tls-config-weak.yaml index da5f4dcadbb..c7551a2a6f7 100644 --- a/cloud/azure/apimanagement/azure-apim-tls-config-weak.yaml +++ b/cloud/azure/apimanagement/azure-apim-tls-config-weak.yaml @@ -11,9 +11,8 @@ info: Update the Azure API Management gateway configurations to disable TLS 1.0 and TLS 1.1, ensuring only the latest TLS protocols are used. Refer to the Azure documentation on updating API gateway configurations. reference: - https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-configure-protocols - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,api-management,azure-cloud-config + flow: | code(1); for (let GatewayData of iterate(template.gatewayList)) { diff --git a/cloud/azure/apimanagement/azure-apim-user-assigned-id-not-used.yaml b/cloud/azure/apimanagement/azure-apim-user-assigned-id-not-used.yaml index 0fe4e1b575d..a886ede49f9 100644 --- a/cloud/azure/apimanagement/azure-apim-user-assigned-id-not-used.yaml +++ b/cloud/azure/apimanagement/azure-apim-user-assigned-id-not-used.yaml @@ -11,9 +11,8 @@ info: Configure user-assigned managed identities for your Azure API Management service instances to ensure only the necessary permissions are granted to each service. reference: - https://docs.microsoft.com/en-us/azure/api-management/how-to-use-managed-service-identity - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,apim,azure-cloud-config + flow: | code(1); for (let APIMData of iterate(template.apimList)) { diff --git a/cloud/azure/appservice/azure-appservice-always-on-disabled.yaml b/cloud/azure/appservice/azure-appservice-always-on-disabled.yaml index 9009bef1f31..9822e94b84a 100644 --- a/cloud/azure/appservice/azure-appservice-always-on-disabled.yaml +++ b/cloud/azure/appservice/azure-appservice-always-on-disabled.yaml @@ -11,9 +11,8 @@ info: Enable the Always On feature for your Azure App Services web applications to ensure they remain active and responsive at all times. reference: - https://docs.microsoft.com/en-us/azure/app-service/configure-common - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,appservice,azure-cloud-config + flow: | code(1); for (let WebAppData of iterate(template.webAppList)) { diff --git a/cloud/azure/appservice/azure-appservice-auth-disabled.yaml b/cloud/azure/appservice/azure-appservice-auth-disabled.yaml index f021dddb870..249470ffc47 100644 --- a/cloud/azure/appservice/azure-appservice-auth-disabled.yaml +++ b/cloud/azure/appservice/azure-appservice-auth-disabled.yaml @@ -11,9 +11,8 @@ info: Enable the App Service Authentication feature for Azure App Services to ensure an additional layer of security for your web applications. reference: - https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,appservice,azure-cloud-config + flow: | code(1); for (let WebAppData of iterate(template.webAppList)) { diff --git a/cloud/azure/appservice/azure-appservice-backup-not-enabled.yaml b/cloud/azure/appservice/azure-appservice-backup-not-enabled.yaml index 8bd06dd6288..8998f28df76 100644 --- a/cloud/azure/appservice/azure-appservice-backup-not-enabled.yaml +++ b/cloud/azure/appservice/azure-appservice-backup-not-enabled.yaml @@ -11,9 +11,8 @@ info: Enable and configure the Backup and Restore feature for Azure App Services applications through the Azure portal or Azure CLI to ensure compliance and data integrity. reference: - https://docs.microsoft.com/en-us/azure/app-service/manage-backup - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,appservice,azure-cloud-config + flow: | code(1); for (let AppServiceData of iterate(template.appServiceList)) { diff --git a/cloud/azure/appservice/azure-appservice-backup-retention-missing.yaml b/cloud/azure/appservice/azure-appservice-backup-retention-missing.yaml index c287de72fca..9198e9fd994 100644 --- a/cloud/azure/appservice/azure-appservice-backup-retention-missing.yaml +++ b/cloud/azure/appservice/azure-appservice-backup-retention-missing.yaml @@ -11,9 +11,8 @@ info: Configure the daily backup retention period for Azure App Services applications in the Cloud Conformity account dashboard to meet security and compliance requirements. reference: - https://docs.microsoft.com/en-us/azure/app-service/manage-backup - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,appservice,azure-cloud-config + flow: | code(1); for (let AppServiceData of iterate(template.appServiceList)) { diff --git a/cloud/azure/appservice/azure-appservice-client-cert-disabled.yaml b/cloud/azure/appservice/azure-appservice-client-cert-disabled.yaml index ceb56a86287..3dadeee442a 100644 --- a/cloud/azure/appservice/azure-appservice-client-cert-disabled.yaml +++ b/cloud/azure/appservice/azure-appservice-client-cert-disabled.yaml @@ -11,9 +11,8 @@ info: Configure Azure App Services to require SSL certificates for incoming requests to enhance security and compliance with regulations. reference: - https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate#require-incoming-certificate - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,appservice,azure-cloud-config + flow: | code(1); for (let WebAppId of iterate(template.webAppIds)) { diff --git a/cloud/azure/appservice/azure-appservice-entra-id-missing.yaml b/cloud/azure/appservice/azure-appservice-entra-id-missing.yaml index bb58638c695..a3317477414 100644 --- a/cloud/azure/appservice/azure-appservice-entra-id-missing.yaml +++ b/cloud/azure/appservice/azure-appservice-entra-id-missing.yaml @@ -11,9 +11,8 @@ info: Enable the Microsoft Entra ID for Azure App Services to ensure secure connectivity to other Azure services without manual credential handling. reference: - https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,appservice,azure-cloud-config + flow: | code(1); for (let AppServiceData of iterate(template.appServiceList)) { diff --git a/cloud/azure/appservice/azure-appservice-ftp-deployment-disabled.yaml b/cloud/azure/appservice/azure-appservice-ftp-deployment-disabled.yaml index dc5bdf9275e..135fa4011b9 100644 --- a/cloud/azure/appservice/azure-appservice-ftp-deployment-disabled.yaml +++ b/cloud/azure/appservice/azure-appservice-ftp-deployment-disabled.yaml @@ -11,9 +11,8 @@ info: Configure the Azure App Services to disable FTP deployment or to use FTPS, ensuring encrypted and secure file transfers. reference: - https://docs.microsoft.com/en-us/azure/app-service/deploy-ftp - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,appservice,azure-cloud-config + flow: | code(1); for (let WebAppId of iterate(template.webAppIds)) { diff --git a/cloud/azure/appservice/azure-appservice-ftps-only-not-enabled.yaml b/cloud/azure/appservice/azure-appservice-ftps-only-not-enabled.yaml index 69465c3af0c..8a98a75db08 100644 --- a/cloud/azure/appservice/azure-appservice-ftps-only-not-enabled.yaml +++ b/cloud/azure/appservice/azure-appservice-ftps-only-not-enabled.yaml @@ -11,9 +11,8 @@ info: Configure the Azure App Services to enforce FTPS-only access in the Azure portal or use Azure CLI commands to modify the FTPS settings. reference: - https://docs.microsoft.com/en-us/azure/app-service/configure-ftp - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,appservice,azure-cloud-config + flow: | code(1); for (let WebAppId of iterate(template.webAppIdList)) { diff --git a/cloud/azure/appservice/azure-appservice-http2-not-enabled.yaml b/cloud/azure/appservice/azure-appservice-http2-not-enabled.yaml index e901299974c..824e2ef4bfd 100644 --- a/cloud/azure/appservice/azure-appservice-http2-not-enabled.yaml +++ b/cloud/azure/appservice/azure-appservice-http2-not-enabled.yaml @@ -11,9 +11,8 @@ info: Enable HTTP/2 on your Azure App Service web applications to improve their performance and adhere to modern web standards. reference: - https://docs.microsoft.com/en-us/azure/app-service/configure-language-http2 - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,appservice,azure-cloud-config + flow: | code(1); for (let WebAppId of iterate(template.webAppIds)) { diff --git a/cloud/azure/appservice/azure-appservice-https-only-not-enforced.yaml b/cloud/azure/appservice/azure-appservice-https-only-not-enforced.yaml index 3b796f7b0db..0d466a62086 100644 --- a/cloud/azure/appservice/azure-appservice-https-only-not-enforced.yaml +++ b/cloud/azure/appservice/azure-appservice-https-only-not-enforced.yaml @@ -11,9 +11,8 @@ info: Enable the HTTPS-only feature on all Azure App Services to enforce all traffic to be encrypted and secure. reference: - https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-bindings#enforce-https - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,appservice,azure-cloud-config + flow: | code(1); for (let AppServiceData of iterate(template.appServiceList)) { diff --git a/cloud/azure/appservice/azure-appservice-insights-not-enabled.yaml b/cloud/azure/appservice/azure-appservice-insights-not-enabled.yaml index e1928dfb38d..fdc477ff98b 100644 --- a/cloud/azure/appservice/azure-appservice-insights-not-enabled.yaml +++ b/cloud/azure/appservice/azure-appservice-insights-not-enabled.yaml @@ -11,9 +11,8 @@ info: Enable Application Insights for Azure App Services applications through the Azure portal or by using the Azure CLI to ensure comprehensive monitoring and management of application performance. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,application-insights,azure-cloud-config + flow: | code(1); for (let AppServiceData of iterate(template.appServiceList)) { diff --git a/cloud/azure/appservice/azure-appservice-remote-debugging-enabled.yaml b/cloud/azure/appservice/azure-appservice-remote-debugging-enabled.yaml index c33cafce9ed..de069266edf 100644 --- a/cloud/azure/appservice/azure-appservice-remote-debugging-enabled.yaml +++ b/cloud/azure/appservice/azure-appservice-remote-debugging-enabled.yaml @@ -11,9 +11,8 @@ info: Disable remote debugging for Azure App Services web applications through the Azure portal or using Azure CLI commands to enhance application security. reference: - https://docs.microsoft.com/en-us/azure/app-service/troubleshoot-remote-debug - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,appservice,azure-cloud-config + flow: | code(1); for (let WebAppData of iterate(template.webAppList)) { diff --git a/cloud/azure/appservice/azure-appservice-tls-latest-version-missing.yaml b/cloud/azure/appservice/azure-appservice-tls-latest-version-missing.yaml index 00e24e9caa5..6025bc1878c 100644 --- a/cloud/azure/appservice/azure-appservice-tls-latest-version-missing.yaml +++ b/cloud/azure/appservice/azure-appservice-tls-latest-version-missing.yaml @@ -11,9 +11,8 @@ info: Configure the minimum TLS version to "1.2" in the Azure App Service settings to ensure data is encrypted with the latest security standards. reference: - https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-bindings#enforce-https - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,appservice,azure-cloud-config + flow: | code(1); for (let appData of iterate(template.appList)) { diff --git a/cloud/azure/cosmosdb/azure-cosmosdb-auto-failover-missing.yaml b/cloud/azure/cosmosdb/azure-cosmosdb-auto-failover-missing.yaml index a76d4793061..4f8670cf1a2 100644 --- a/cloud/azure/cosmosdb/azure-cosmosdb-auto-failover-missing.yaml +++ b/cloud/azure/cosmosdb/azure-cosmosdb-auto-failover-missing.yaml @@ -11,9 +11,8 @@ info: Enable the Automatic Failover feature on your Azure Cosmos DB accounts to ensure high availability and fault tolerance across multiple regions. reference: - https://docs.microsoft.com/en-us/azure/cosmos-db/high-availability - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,cosmosdb,azure-cloud-config + flow: | code(1); for (let CosmosDBData of iterate(template.cosmosDBAccounts)) { diff --git a/cloud/azure/cosmosdb/azure-cosmosdb-default-network-access-unrestricted.yaml b/cloud/azure/cosmosdb/azure-cosmosdb-default-network-access-unrestricted.yaml index 5cbd4acde5b..59be171fa07 100644 --- a/cloud/azure/cosmosdb/azure-cosmosdb-default-network-access-unrestricted.yaml +++ b/cloud/azure/cosmosdb/azure-cosmosdb-default-network-access-unrestricted.yaml @@ -11,9 +11,8 @@ info: Update the firewall settings and enable Virtual Network filtering on your Azure Cosmos DB accounts to restrict access to trusted networks and IP addresses only. reference: - https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-configure-firewall-vnet - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,cosmosdb,azure-cloud-config + flow: | code(1); for (let CosmosDBData of iterate(template.cosmosDBAccounts)) { diff --git a/cloud/azure/functions/azure-functionapp-access-keys-missing.yaml b/cloud/azure/functions/azure-functionapp-access-keys-missing.yaml index 70004de06e4..c1f8406dc4c 100644 --- a/cloud/azure/functions/azure-functionapp-access-keys-missing.yaml +++ b/cloud/azure/functions/azure-functionapp-access-keys-missing.yaml @@ -11,9 +11,8 @@ info: Configure access keys for HTTP-triggered functions in Azure Function App to enforce secure and authorized function invocations. reference: - https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-http-webhook-trigger?tabs=csharp - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,functionapp,azure-cloud-config + flow: | code(1); for (let AppData of iterate(template.functionApps)) { diff --git a/cloud/azure/functions/azure-functionapp-admin-privileges.yaml b/cloud/azure/functions/azure-functionapp-admin-privileges.yaml index b3e9bf41562..88eb399442c 100644 --- a/cloud/azure/functions/azure-functionapp-admin-privileges.yaml +++ b/cloud/azure/functions/azure-functionapp-admin-privileges.yaml @@ -11,9 +11,8 @@ info: Review and restrict the roles assigned to function apps to ensure they only have permissions necessary for their operation. Modify the roles through Azure portal or Azure CLI. reference: - https://docs.microsoft.com/en-us/azure/azure-functions/functions-reference - metadata: - max-request: 3 tags: cloud,devops,azure,microsoft,functionapp,azure-cloud-config + flow: | code(1); for (let functionName of iterate(template.functionNames)) { diff --git a/cloud/azure/functions/azure-functionapp-appinsights-missing.yaml b/cloud/azure/functions/azure-functionapp-appinsights-missing.yaml index 4bc8b2428c0..2766f066687 100644 --- a/cloud/azure/functions/azure-functionapp-appinsights-missing.yaml +++ b/cloud/azure/functions/azure-functionapp-appinsights-missing.yaml @@ -11,9 +11,8 @@ info: Configure your Azure Function Apps to integrate with Application Insights to enable detailed monitoring and analytics capabilities. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,application-insights,azure-cloud-config + flow: | code(1); for (let AppData of iterate(template.functionApps)) { diff --git a/cloud/azure/functions/azure-functionapp-public-exposure.yaml b/cloud/azure/functions/azure-functionapp-public-exposure.yaml index 7fcc29c950d..cf1df8bf46d 100644 --- a/cloud/azure/functions/azure-functionapp-public-exposure.yaml +++ b/cloud/azure/functions/azure-functionapp-public-exposure.yaml @@ -11,9 +11,8 @@ info: Configure Azure Functions to restrict access from the public network by setting the 'publicNetworkAccess' to 'Disabled'. reference: - https://docs.microsoft.com/en-us/azure/azure-functions/functions-networking-options - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,functionapp,azure-cloud-config + flow: | code(1); for (let AppData of iterate(template.functionApps)) { diff --git a/cloud/azure/functions/azure-functionapp-system-assigned-missing.yaml b/cloud/azure/functions/azure-functionapp-system-assigned-missing.yaml index 25d6abfa832..bb5b4b3f132 100644 --- a/cloud/azure/functions/azure-functionapp-system-assigned-missing.yaml +++ b/cloud/azure/functions/azure-functionapp-system-assigned-missing.yaml @@ -11,9 +11,8 @@ info: Enable system-assigned managed identities for your Azure Function Apps to enhance security and simplify the management of resource access. reference: - https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,functionapp,azure-cloud-config + flow: | code(1); for (let AppData of iterate(template.functionApps)) { diff --git a/cloud/azure/functions/azure-functionapp-user-assigned-id-missing.yaml b/cloud/azure/functions/azure-functionapp-user-assigned-id-missing.yaml index 34c2a43f18f..45d9aee0b60 100644 --- a/cloud/azure/functions/azure-functionapp-user-assigned-id-missing.yaml +++ b/cloud/azure/functions/azure-functionapp-user-assigned-id-missing.yaml @@ -11,9 +11,8 @@ info: Configure user-assigned managed identities for your Azure Function Apps to gain more granular control over permissions and reduce potential security risks. reference: - https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,functionapp,azure-cloud-config + flow: | code(1); for (let AppData of iterate(template.functionApps)) { diff --git a/cloud/azure/functions/azure-functionapp-vnet-integration-missing.yaml b/cloud/azure/functions/azure-functionapp-vnet-integration-missing.yaml index 4e9fdf2fd70..3d0cabb67fe 100644 --- a/cloud/azure/functions/azure-functionapp-vnet-integration-missing.yaml +++ b/cloud/azure/functions/azure-functionapp-vnet-integration-missing.yaml @@ -11,9 +11,8 @@ info: Enable Virtual Network integration for your Azure Function Apps to secure connections to trusted Virtual Networks. reference: - https://docs.microsoft.com/en-us/azure/azure-functions/functions-networking-options - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,functionapp,azure-cloud-config + flow: | code(1); for (let AppData of iterate(template.functionApps)) { diff --git a/cloud/azure/keyvault/azure-app-tier-cmk-untagged.yaml b/cloud/azure/keyvault/azure-app-tier-cmk-untagged.yaml index 6aa54192822..90b7698b219 100644 --- a/cloud/azure/keyvault/azure-app-tier-cmk-untagged.yaml +++ b/cloud/azure/keyvault/azure-app-tier-cmk-untagged.yaml @@ -11,9 +11,8 @@ info: Ensure all Customer-Managed Keys used in the application tier are properly tagged according to organizational policies. Update the key's metadata through the Azure portal or Azure CLI. reference: - https://docs.microsoft.com/en-us/azure/key-vault/keys/about-keys-details - metadata: - max-request: 3 tags: cloud,devops,azure,microsoft,keyvault,azure-cloud-config + flow: | code(1); for (let vaultName of iterate(template.vaultNames)) { diff --git a/cloud/azure/keyvault/azure-database-tier-cmk-absent.yaml b/cloud/azure/keyvault/azure-database-tier-cmk-absent.yaml index 3ab86da08ac..733cfe72123 100644 --- a/cloud/azure/keyvault/azure-database-tier-cmk-absent.yaml +++ b/cloud/azure/keyvault/azure-database-tier-cmk-absent.yaml @@ -11,9 +11,8 @@ info: Configure a Customer-Managed Key for your Azure database tier by setting the appropriate policies through Azure portal or using Azure CLI. reference: - https://docs.microsoft.com/en-us/azure/key-vault/keys/about-keys - metadata: - max-request: 3 tags: cloud,devops,azure,microsoft,azure-key-vault,azure-cloud-config + flow: | code(1); for (let vaultName of iterate(template.vaultNames)) { diff --git a/cloud/azure/keyvault/azure-keyvault-audit-not-enabled.yaml b/cloud/azure/keyvault/azure-keyvault-audit-not-enabled.yaml index b63bf880322..a43a569159c 100644 --- a/cloud/azure/keyvault/azure-keyvault-audit-not-enabled.yaml +++ b/cloud/azure/keyvault/azure-keyvault-audit-not-enabled.yaml @@ -11,9 +11,8 @@ info: Enable the AuditEvent logging for Azure Key Vaults to ensure all access and operations are logged, enhancing security and compliance. reference: - https://docs.microsoft.com/en-us/azure/key-vault/general/overview-security - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,keyvault,azure-cloud-config + flow: | code(1); for (let VaultData of iterate(template.vaultNames)) { diff --git a/cloud/azure/keyvault/azure-keyvault-cert-keytype-unapproved.yaml b/cloud/azure/keyvault/azure-keyvault-cert-keytype-unapproved.yaml index ed23eb5e077..bf1d2e00856 100644 --- a/cloud/azure/keyvault/azure-keyvault-cert-keytype-unapproved.yaml +++ b/cloud/azure/keyvault/azure-keyvault-cert-keytype-unapproved.yaml @@ -11,9 +11,8 @@ info: Review and update the certificate key types for your Azure Key Vault SSL/TLS certificates to align with approved key types through the Azure portal or Azure CLI. reference: - https://docs.microsoft.com/en-us/azure/key-vault/certificates/about-certificates - metadata: - max-request: 3 tags: cloud,devops,azure,microsoft,keyvault,azure-cloud-config + flow: | code(1); for (let KeyVaultName of iterate(template.keyVaultNames)) { diff --git a/cloud/azure/keyvault/azure-keyvault-cert-transparency-missing.yaml b/cloud/azure/keyvault/azure-keyvault-cert-transparency-missing.yaml index 2d28c78f77d..336f32c925d 100644 --- a/cloud/azure/keyvault/azure-keyvault-cert-transparency-missing.yaml +++ b/cloud/azure/keyvault/azure-keyvault-cert-transparency-missing.yaml @@ -11,9 +11,8 @@ info: Enable Certificate Transparency for all Azure Key Vault SSL/TLS certificates through the Azure portal or Azure CLI to meet the standards enforced by the Certification Authority Browser Forum (CA/Browser Forum). reference: - https://docs.microsoft.com/en-us/azure/key-vault/certificates/how-to-enable-certificate-transparency - metadata: - max-request: 3 tags: cloud,devops,azure,microsoft,keyvault,azure-cloud-config + flow: | code(1); for (let KeyVaultName of iterate(template.keyVaultNames)) { diff --git a/cloud/azure/keyvault/azure-keyvault-certificate-insufficient-autorenew.yaml b/cloud/azure/keyvault/azure-keyvault-certificate-insufficient-autorenew.yaml index bbbf99dc03b..d71c572e9d8 100644 --- a/cloud/azure/keyvault/azure-keyvault-certificate-insufficient-autorenew.yaml +++ b/cloud/azure/keyvault/azure-keyvault-certificate-insufficient-autorenew.yaml @@ -11,9 +11,8 @@ info: Configure SSL certificates within Azure Key Vaults to have an auto-renewal period that aligns with your organization's security and compliance requirements to ensure timely and effective renewal. reference: - https://docs.microsoft.com/en-us/azure/key-vault/certificates/about-certificates - metadata: - max-request: 3 tags: cloud,devops,azure,microsoft,keyvault,azure-cloud-config + flow: | code(1); for (let VaultData of iterate(template.vaultNames)) { diff --git a/cloud/azure/keyvault/azure-keyvault-network-unrestricted.yaml b/cloud/azure/keyvault/azure-keyvault-network-unrestricted.yaml index a1050682b60..bf4f4f73dc1 100644 --- a/cloud/azure/keyvault/azure-keyvault-network-unrestricted.yaml +++ b/cloud/azure/keyvault/azure-keyvault-network-unrestricted.yaml @@ -11,9 +11,8 @@ info: Modify Key Vault network settings to deny access from all networks by default. Configure network rules to allow access only from specific trusted IPs or networks. reference: - https://docs.microsoft.com/en-us/azure/key-vault/general/network-security - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,keyvault,azure-cloud-config + flow: | code(1); for (let VaultData of iterate(template.vaultNames)) { diff --git a/cloud/azure/keyvault/azure-keyvault-recoverability-unconfigured.yaml b/cloud/azure/keyvault/azure-keyvault-recoverability-unconfigured.yaml index ad765533898..64d7646477a 100644 --- a/cloud/azure/keyvault/azure-keyvault-recoverability-unconfigured.yaml +++ b/cloud/azure/keyvault/azure-keyvault-recoverability-unconfigured.yaml @@ -11,9 +11,8 @@ info: Enable "Soft Delete" and "Do Not Purge" on all Azure Key Vaults to ensure they are recoverable and protected against permanent deletion. reference: - https://docs.microsoft.com/en-us/azure/key-vault/general/soft-delete-overview - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,keyvault,azure-cloud-config + flow: | code(1); for (let VaultName of iterate(template.vaultNames)) { diff --git a/cloud/azure/keyvault/azure-keyvault-ssl-autorenewal-missing.yaml b/cloud/azure/keyvault/azure-keyvault-ssl-autorenewal-missing.yaml index 223e727b269..32e8ce03beb 100644 --- a/cloud/azure/keyvault/azure-keyvault-ssl-autorenewal-missing.yaml +++ b/cloud/azure/keyvault/azure-keyvault-ssl-autorenewal-missing.yaml @@ -11,9 +11,8 @@ info: Configure SSL certificates in Azure Key Vaults to automatically renew by setting the correct policies in the Azure portal or through Azure CLI. reference: - https://docs.microsoft.com/en-us/azure/key-vault/certificates/how-to-renew-certificate - metadata: - max-request: 3 tags: cloud,devops,azure,microsoft,keyvault,azure-cloud-config + flow: | code(1); for (let KeyVaultName of iterate(template.keyVaultNames)) { diff --git a/cloud/azure/keyvault/azure-keyvault-trusted-ms-unrestricted.yaml b/cloud/azure/keyvault/azure-keyvault-trusted-ms-unrestricted.yaml index a7d8d388e8f..1470e1c78af 100644 --- a/cloud/azure/keyvault/azure-keyvault-trusted-ms-unrestricted.yaml +++ b/cloud/azure/keyvault/azure-keyvault-trusted-ms-unrestricted.yaml @@ -11,9 +11,8 @@ info: Enable the "Allow trusted Microsoft services to bypass this firewall" setting in your Key Vault network configuration to allow trusted services access. reference: - https://docs.microsoft.com/en-us/azure/key-vault/general/network-security - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,keyvault,azure-cloud-config + flow: | code(1); for (let VaultData of iterate(template.vaultNames)) { diff --git a/cloud/azure/locks/azure-keyvault-resource-lock-check.yaml b/cloud/azure/locks/azure-keyvault-resource-lock-check.yaml index c8212fd7b49..8ef08fa6381 100644 --- a/cloud/azure/locks/azure-keyvault-resource-lock-check.yaml +++ b/cloud/azure/locks/azure-keyvault-resource-lock-check.yaml @@ -11,9 +11,8 @@ info: Apply resource locks to all critical Azure resources, particularly Key Vaults. Use either the "ReadOnly" or "CanNotDelete" lock levels to prevent unwanted changes or deletions. reference: - https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,keyvault,azure-cloud-config + flow: | code(1); for (let keyVaultData of iterate(template.keyvaultdata)) { diff --git a/cloud/azure/monitor/azure-diag-logs-not-enabled.yaml b/cloud/azure/monitor/azure-diag-logs-not-enabled.yaml index 8f10f2d870d..1d41de104d9 100644 --- a/cloud/azure/monitor/azure-diag-logs-not-enabled.yaml +++ b/cloud/azure/monitor/azure-diag-logs-not-enabled.yaml @@ -11,9 +11,8 @@ info: Enable Diagnostic Logs for all Azure resources and ensure logs are sent to a storage account and Log Analytics Workspace or an equivalent system. Logs should be kept in accessible storage for at least one year, then moved to cold storage. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/logs/diagnostic-logs-overview - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,diagnostic-logs,azure-cloud-config + flow: | code(1); for (let ResourceId of iterate(template.resourceIds)) { diff --git a/cloud/azure/monitor/azure-log-profile-all-activities.yaml b/cloud/azure/monitor/azure-log-profile-all-activities.yaml index 2f001ffce34..f8d9aa299eb 100644 --- a/cloud/azure/monitor/azure-log-profile-all-activities.yaml +++ b/cloud/azure/monitor/azure-log-profile-all-activities.yaml @@ -11,9 +11,8 @@ info: Configure the Azure Log Profile to include all necessary activity categories such as "Write", "Delete", and "Action" to ensure comprehensive logging and compliance with security policies. reference: - https://docs.microsoft.com/en-us/azure/azure-monitor/platform/activity-log-collect - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,log-profile,azure-cloud-config + flow: | code(1); for (let logProfileName of iterate(template.logProfileNames)) { diff --git a/cloud/azure/network/azure-network-watcher.yaml b/cloud/azure/network/azure-network-watcher.yaml index 7702f1f50ec..2fb18eef7e4 100644 --- a/cloud/azure/network/azure-network-watcher.yaml +++ b/cloud/azure/network/azure-network-watcher.yaml @@ -11,7 +11,7 @@ info: Enable Azure Network Watcher in all regions of your Microsoft Azure subscription. Refer to Azure documentation on how to enable and manage Azure Network Watcher. reference: - https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview - tags: cloud,devops,azure,microsoft,network-watcher,azure-cloud-config,network + tags: cloud,devops,azure,microsoft,network-watcher,azure-cloud-config self-contained: true code: diff --git a/cloud/azure/network/azure-nic-ip-forwarding-check.yaml b/cloud/azure/network/azure-nic-ip-forwarding-check.yaml index e4c8e870117..0e2809464b8 100644 --- a/cloud/azure/network/azure-nic-ip-forwarding-check.yaml +++ b/cloud/azure/network/azure-nic-ip-forwarding-check.yaml @@ -11,9 +11,8 @@ info: Regularly review and validate the necessity of IP forwarding settings on Azure NICs. Ensure that only authorized and secure virtual appliances use this feature. reference: - https://docs.microsoft.com/en-us/azure/virtual-network/ip-forwarding - metadata: - max-request: 2 - tags: cloud,devops,azure,microsoft,nic,azure-cloud-config,network + tags: cloud,devops,azure,microsoft,nic,azure-cloud-config + flow: | code(1); for (let NicData of iterate(template.nicdata)) { diff --git a/cloud/azure/network/azure-nsg-cifs-unrestricted.yaml b/cloud/azure/network/azure-nsg-cifs-unrestricted.yaml index 86e83750754..9a02b82504d 100644 --- a/cloud/azure/network/azure-nsg-cifs-unrestricted.yaml +++ b/cloud/azure/network/azure-nsg-cifs-unrestricted.yaml @@ -11,9 +11,8 @@ info: Modify NSG rules to restrict access on TCP port 445. Only allow known IPs, and consider implementing stronger security measures for sensitive file transfers. reference: - https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview - metadata: - max-request: 2 - tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config,network + tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config + flow: | code(1); for (let NsgData of iterate(template.nsgdata)) { diff --git a/cloud/azure/network/azure-nsg-dns-unrestricted.yaml b/cloud/azure/network/azure-nsg-dns-unrestricted.yaml index ce73e20ae12..197e0d95683 100644 --- a/cloud/azure/network/azure-nsg-dns-unrestricted.yaml +++ b/cloud/azure/network/azure-nsg-dns-unrestricted.yaml @@ -11,9 +11,8 @@ info: Restrict access to DNS services by configuring NSG rules to only allow trusted sources and necessary traffic on TCP and UDP port 53. reference: - https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview - metadata: - max-request: 2 - tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config,network + tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config + flow: | code(1); for (let NsgData of iterate(template.nsgdata)) { diff --git a/cloud/azure/network/azure-nsg-ftp-unrestricted.yaml b/cloud/azure/network/azure-nsg-ftp-unrestricted.yaml index 03b86e4f558..f52bf9a092e 100644 --- a/cloud/azure/network/azure-nsg-ftp-unrestricted.yaml +++ b/cloud/azure/network/azure-nsg-ftp-unrestricted.yaml @@ -11,9 +11,8 @@ info: Update NSG rules to restrict FTP access by allowing only IP addresses that require FTP services on TCP ports 20 and 21. reference: - https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview - metadata: - max-request: 2 - tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config,network + tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config + flow: | code(1); for (let NsgData of iterate(template.nsgdata)) { diff --git a/cloud/azure/network/azure-nsg-http-unrestricted.yaml b/cloud/azure/network/azure-nsg-http-unrestricted.yaml index a1b6c3978a2..8f67901e66f 100644 --- a/cloud/azure/network/azure-nsg-http-unrestricted.yaml +++ b/cloud/azure/network/azure-nsg-http-unrestricted.yaml @@ -11,9 +11,8 @@ info: Modify NSG rules to restrict access on TCP port 80. Ensure that only known IPs are allowed, or implement additional authentication methods to protect against unauthorized access. reference: - https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview - metadata: - max-request: 2 - tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config,network + tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config + flow: | code(1); for (let NsgData of iterate(template.nsgdata)) { diff --git a/cloud/azure/network/azure-nsg-https-unrestricted.yaml b/cloud/azure/network/azure-nsg-https-unrestricted.yaml index 53cf007d6ab..77fa490e227 100644 --- a/cloud/azure/network/azure-nsg-https-unrestricted.yaml +++ b/cloud/azure/network/azure-nsg-https-unrestricted.yaml @@ -11,9 +11,8 @@ info: Modify NSG rules to restrict access on TCP port 443. Only allow known IPs, and consider using advanced security measures such as Web Application Firewalls. reference: - https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview - metadata: - max-request: 2 - tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config,network + tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config + flow: | code(1); for (let NsgData of iterate(template.nsgdata)) { diff --git a/cloud/azure/network/azure-nsg-icmp-unrestricted.yaml b/cloud/azure/network/azure-nsg-icmp-unrestricted.yaml index ab155555e3c..e5b4f01dbee 100644 --- a/cloud/azure/network/azure-nsg-icmp-unrestricted.yaml +++ b/cloud/azure/network/azure-nsg-icmp-unrestricted.yaml @@ -11,9 +11,8 @@ info: Configure NSG rules to restrict ICMP traffic. Only allow necessary ICMP types and codes and monitor ICMP activity to detect unusual patterns. reference: - https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview - metadata: - max-request: 2 - tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config,network + tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config + flow: | code(1); for (let NsgData of iterate(template.nsgdata)) { diff --git a/cloud/azure/network/azure-nsg-mongodb-unrestricted.yaml b/cloud/azure/network/azure-nsg-mongodb-unrestricted.yaml index 95b26c6e3db..e06e736dc7a 100644 --- a/cloud/azure/network/azure-nsg-mongodb-unrestricted.yaml +++ b/cloud/azure/network/azure-nsg-mongodb-unrestricted.yaml @@ -11,9 +11,8 @@ info: Modify NSG rules to restrict access on TCP ports 27017, 27018, and 27019. Only allow known IPs and implement database encryption and other security measures. reference: - https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview - metadata: - max-request: 2 - tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config,network + tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config + flow: | code(1); for (let NsgData of iterate(template.nsgdata)) { diff --git a/cloud/azure/network/azure-nsg-mssql-unrestricted.yaml b/cloud/azure/network/azure-nsg-mssql-unrestricted.yaml index c3e9c2455bf..159852f646a 100644 --- a/cloud/azure/network/azure-nsg-mssql-unrestricted.yaml +++ b/cloud/azure/network/azure-nsg-mssql-unrestricted.yaml @@ -11,9 +11,8 @@ info: Restrict access to MS SQL Server by configuring NSG rules to only allow trusted sources to connect on TCP port 1433. Implement robust monitoring and alerting mechanisms to detect unauthorized access attempts. reference: - https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview - metadata: - max-request: 2 - tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config,network,sqli + tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config + flow: | code(1); for (let NsgData of iterate(template.nsgdata)) { diff --git a/cloud/azure/network/azure-nsg-mysql-unrestricted.yaml b/cloud/azure/network/azure-nsg-mysql-unrestricted.yaml index ff163e2ad0e..84b770d334c 100644 --- a/cloud/azure/network/azure-nsg-mysql-unrestricted.yaml +++ b/cloud/azure/network/azure-nsg-mysql-unrestricted.yaml @@ -11,9 +11,8 @@ info: Modify NSG rules to restrict access on TCP port 3306. Allow connections only from trusted and necessary IP addresses to secure the MySQL databases against unauthorized access. reference: - https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview - metadata: - max-request: 2 - tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config,network + tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config + flow: | code(1); for (let NsgData of iterate(template.nsgdata)) { diff --git a/cloud/azure/network/azure-nsg-netbios-unrestricted.yaml b/cloud/azure/network/azure-nsg-netbios-unrestricted.yaml index 372fce77017..48669cd2631 100644 --- a/cloud/azure/network/azure-nsg-netbios-unrestricted.yaml +++ b/cloud/azure/network/azure-nsg-netbios-unrestricted.yaml @@ -11,9 +11,8 @@ info: Update NSG rules to limit NetBIOS access to only necessary and secure sources, thereby enhancing the overall security posture of your network infrastructure. reference: - https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview - metadata: - max-request: 2 - tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config,network + tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config + flow: | code(1); for (let NsgData of iterate(template.nsgdata)) { diff --git a/cloud/azure/network/azure-nsg-oracle-db-unrestricted.yaml b/cloud/azure/network/azure-nsg-oracle-db-unrestricted.yaml index 868f6e9234e..5a5970a0646 100644 --- a/cloud/azure/network/azure-nsg-oracle-db-unrestricted.yaml +++ b/cloud/azure/network/azure-nsg-oracle-db-unrestricted.yaml @@ -11,9 +11,8 @@ info: Modify NSG rules to restrict access on TCP port 1521. Implement strict access controls and monitor connections to ensure only authorized access. reference: - https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview - metadata: - max-request: 2 - tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config,network + tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config + flow: | code(1); for (let NsgData of iterate(template.nsgdata)) { diff --git a/cloud/azure/network/azure-nsg-postgresql-unrestricted.yaml b/cloud/azure/network/azure-nsg-postgresql-unrestricted.yaml index 4432f71c30a..1dd53277f92 100644 --- a/cloud/azure/network/azure-nsg-postgresql-unrestricted.yaml +++ b/cloud/azure/network/azure-nsg-postgresql-unrestricted.yaml @@ -11,9 +11,8 @@ info: Implement strict NSG rules to restrict access on TCP port 5432 to only trusted IPs. Consider using additional layers of security, such as VPNs or Azure Private Link, to enhance database security. reference: - https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview - metadata: - max-request: 2 - tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config,network + tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config + flow: | code(1); for (let NsgData of iterate(template.nsgdata)) { diff --git a/cloud/azure/network/azure-nsg-rdp-unrestricted.yaml b/cloud/azure/network/azure-nsg-rdp-unrestricted.yaml index 34aacf02989..0f74c513265 100644 --- a/cloud/azure/network/azure-nsg-rdp-unrestricted.yaml +++ b/cloud/azure/network/azure-nsg-rdp-unrestricted.yaml @@ -11,9 +11,8 @@ info: Configure NSG rules to restrict RDP access to only trusted IP addresses. Consider using VPNs or other secure methods for remote access. reference: - https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview - metadata: - max-request: 2 - tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config,network + tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config + flow: | code(1); for (let NsgData of iterate(template.nsgdata)) { diff --git a/cloud/azure/network/azure-nsg-rpc-unrestricted.yaml b/cloud/azure/network/azure-nsg-rpc-unrestricted.yaml index bb32b124293..ce4578c77d1 100644 --- a/cloud/azure/network/azure-nsg-rpc-unrestricted.yaml +++ b/cloud/azure/network/azure-nsg-rpc-unrestricted.yaml @@ -11,9 +11,8 @@ info: Configure NSG rules to restrict access on TCP port 135. Ensure only necessary systems can initiate RPC, and apply strict monitoring and logging to detect unusual activities. reference: - https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview - metadata: - max-request: 2 - tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config,network + tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config + flow: | code(1); for (let NsgData of iterate(template.nsgdata)) { diff --git a/cloud/azure/network/azure-nsg-smtp-unrestricted.yaml b/cloud/azure/network/azure-nsg-smtp-unrestricted.yaml index c00070681aa..3738fc6ac97 100644 --- a/cloud/azure/network/azure-nsg-smtp-unrestricted.yaml +++ b/cloud/azure/network/azure-nsg-smtp-unrestricted.yaml @@ -11,9 +11,8 @@ info: Configure NSG rules to restrict access to SMTP services on TCP port 25. Allow only trusted IP addresses to send emails and implement proper email authentication mechanisms. reference: - https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview - metadata: - max-request: 2 - tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config,network + tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config + flow: | code(1); for (let NsgData of iterate(template.nsgdata)) { diff --git a/cloud/azure/network/azure-nsg-ssh-unrestricted.yaml b/cloud/azure/network/azure-nsg-ssh-unrestricted.yaml index ee26086f5d1..c78b8a84587 100644 --- a/cloud/azure/network/azure-nsg-ssh-unrestricted.yaml +++ b/cloud/azure/network/azure-nsg-ssh-unrestricted.yaml @@ -11,9 +11,8 @@ info: Modify NSG rules to restrict SSH access by allowing only specific, trusted IP addresses to connect on TCP port 22. reference: - https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview - metadata: - max-request: 2 - tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config,network + tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config + flow: | code(1); for (let NsgData of iterate(template.nsgdata)) { diff --git a/cloud/azure/network/azure-nsg-telnet-unrestricted.yaml b/cloud/azure/network/azure-nsg-telnet-unrestricted.yaml index 9860a3f1121..d46d8007c19 100644 --- a/cloud/azure/network/azure-nsg-telnet-unrestricted.yaml +++ b/cloud/azure/network/azure-nsg-telnet-unrestricted.yaml @@ -11,9 +11,8 @@ info: Modify NSG rules to restrict access on TCP port 23. Only allow access from secure, authenticated sources and consider using more secure alternatives like SSH. reference: - https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview - metadata: - max-request: 2 - tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config,network + tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config + flow: | code(1); for (let NsgData of iterate(template.nsgdata)) { diff --git a/cloud/azure/network/azure-nsg-udp-unrestricted.yaml b/cloud/azure/network/azure-nsg-udp-unrestricted.yaml index f62b2cdeee0..780d20ee1f8 100644 --- a/cloud/azure/network/azure-nsg-udp-unrestricted.yaml +++ b/cloud/azure/network/azure-nsg-udp-unrestricted.yaml @@ -11,9 +11,8 @@ info: Restrict access to UDP ports by configuring NSG rules to only allow trusted sources and necessary traffic. Implement additional security measures where possible. reference: - https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview - metadata: - max-request: 2 - tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config,network + tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config + flow: | code(1); for (let NsgData of iterate(template.nsgdata)) { diff --git a/cloud/azure/network/azure-nsg-unrestricted-port-range.yaml b/cloud/azure/network/azure-nsg-unrestricted-port-range.yaml index 8339675182f..366a361b3c1 100644 --- a/cloud/azure/network/azure-nsg-unrestricted-port-range.yaml +++ b/cloud/azure/network/azure-nsg-unrestricted-port-range.yaml @@ -11,9 +11,8 @@ info: Modify the NSG rules to only allow inbound traffic on necessary ports specific to your application requirements. This practice minimizes potential attack vectors. reference: - https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview - metadata: - max-request: 2 - tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config,network + tags: cloud,devops,azure,microsoft,nsg,azure-cloud-config + flow: | code(1); for (let NsgData of iterate(template.nsgdata)) { diff --git a/cloud/azure/network/azure-vnet-ddos-protection.yaml b/cloud/azure/network/azure-vnet-ddos-protection.yaml index 27b28ecb5b9..da9638cb439 100644 --- a/cloud/azure/network/azure-vnet-ddos-protection.yaml +++ b/cloud/azure/network/azure-vnet-ddos-protection.yaml @@ -11,9 +11,8 @@ info: Enable DDoS Standard Protection for all security-critical virtual networks in your Microsoft Azure subscription to mitigate the risks associated with DDoS attacks. reference: - https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview - metadata: - max-request: 2 - tags: cloud,devops,azure,microsoft,ddos,azure-cloud-config,network + tags: cloud,devops,azure,microsoft,ddos,azure-cloud-config + flow: | code(1); for (let VnetData of iterate(template.vnetdata)) { diff --git a/cloud/azure/postgresql/azure-postgres-allow-azure-services-disabled.yaml b/cloud/azure/postgresql/azure-postgres-allow-azure-services-disabled.yaml index be834fa1c74..67856028557 100644 --- a/cloud/azure/postgresql/azure-postgres-allow-azure-services-disabled.yaml +++ b/cloud/azure/postgresql/azure-postgres-allow-azure-services-disabled.yaml @@ -11,9 +11,8 @@ info: Configure firewall rules to disable the "Allow access to Azure services" setting for Azure PostgreSQL Database servers to restrict access to trusted sources only. reference: - https://docs.microsoft.com/en-us/azure/postgresql/concepts-firewall-rules - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,postgresql,azure-cloud-config + flow: | code(1); for (let ServerData of iterate(template.serverList)) { diff --git a/cloud/azure/postgresql/azure-postgres-connection-throttling-disabled.yaml b/cloud/azure/postgresql/azure-postgres-connection-throttling-disabled.yaml index 07af03f8166..5004bac1bd3 100644 --- a/cloud/azure/postgresql/azure-postgres-connection-throttling-disabled.yaml +++ b/cloud/azure/postgresql/azure-postgres-connection-throttling-disabled.yaml @@ -11,9 +11,8 @@ info: Enable the "connection_throttling" server parameter on your Azure PostgreSQL servers to prevent excessive failed login attempts and mitigate potential attacks. reference: - https://docs.microsoft.com/en-us/azure/postgresql/concepts-server-parameters - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,postgresql,azure-cloud-config + flow: | code(1); for (let ServerData of iterate(template.serverList)) { diff --git a/cloud/azure/postgresql/azure-postgres-double-encryption-disabled.yaml b/cloud/azure/postgresql/azure-postgres-double-encryption-disabled.yaml index 93e291bb8cc..bf9edcfa832 100644 --- a/cloud/azure/postgresql/azure-postgres-double-encryption-disabled.yaml +++ b/cloud/azure/postgresql/azure-postgres-double-encryption-disabled.yaml @@ -11,9 +11,8 @@ info: Enable infrastructure double encryption on all your Azure PostgreSQL Single Server databases to ensure an additional layer of security. reference: - https://docs.microsoft.com/en-us/azure/postgresql/concepts-data-security-encryption - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,postgresql,azure-cloud-config + flow: | code(1); for (let ServerData of iterate(template.serverList)) { diff --git a/cloud/azure/postgresql/azure-postgres-log-checkpoints-disabled.yaml b/cloud/azure/postgresql/azure-postgres-log-checkpoints-disabled.yaml index 737d5198e5c..70a50c0b743 100644 --- a/cloud/azure/postgresql/azure-postgres-log-checkpoints-disabled.yaml +++ b/cloud/azure/postgresql/azure-postgres-log-checkpoints-disabled.yaml @@ -11,9 +11,8 @@ info: Enable the "log_checkpoints" parameter for your Azure PostgreSQL flexible servers to ensure critical operational events are logged. reference: - https://docs.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-server-parameters - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,postgres,azure-cloud-config + flow: | code(1); for (let ServerData of iterate(template.serverList)) { diff --git a/cloud/azure/postgresql/azure-postgres-log-connections-disabled.yaml b/cloud/azure/postgresql/azure-postgres-log-connections-disabled.yaml index fa6205f89a0..1129adfecba 100644 --- a/cloud/azure/postgresql/azure-postgres-log-connections-disabled.yaml +++ b/cloud/azure/postgresql/azure-postgres-log-connections-disabled.yaml @@ -11,9 +11,8 @@ info: Enable the "log_connections" server parameter for all Azure PostgreSQL servers to ensure that all connection attempts are logged, enhancing security monitoring capabilities. reference: - https://docs.microsoft.com/en-us/azure/postgresql/concepts-server-logs - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,postgresql,azure-cloud-config + flow: | code(1); for (let ServerData of iterate(template.serverList)) { diff --git a/cloud/azure/postgresql/azure-postgres-log-disconnections-disabled.yaml b/cloud/azure/postgresql/azure-postgres-log-disconnections-disabled.yaml index 02593ca5f68..6d4e9315f93 100644 --- a/cloud/azure/postgresql/azure-postgres-log-disconnections-disabled.yaml +++ b/cloud/azure/postgresql/azure-postgres-log-disconnections-disabled.yaml @@ -11,9 +11,8 @@ info: Enable the "log_disconnections" parameter for your Azure PostgreSQL servers to enhance security and auditing capabilities. This change must be made by an Azure account admin at the session start. reference: - https://docs.microsoft.com/en-us/azure/postgresql/concepts-server-logs - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,postgresql,azure-cloud-config + flow: | code(1); for (let ServerData of iterate(template.serverList)) { diff --git a/cloud/azure/postgresql/azure-postgres-log-duration-disabled.yaml b/cloud/azure/postgresql/azure-postgres-log-duration-disabled.yaml index 5da4e2cd865..e393644c5fe 100644 --- a/cloud/azure/postgresql/azure-postgres-log-duration-disabled.yaml +++ b/cloud/azure/postgresql/azure-postgres-log-duration-disabled.yaml @@ -11,9 +11,8 @@ info: Enable the "log_duration" parameter in Azure PostgreSQL server configurations to ensure comprehensive logging of query durations for security and performance analysis. reference: - https://docs.microsoft.com/en-us/azure/postgresql/concepts-server-logs - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,postgresql,azure-cloud-config + flow: | code(1); for (let ServerData of iterate(template.serverList)) { diff --git a/cloud/azure/postgresql/azure-postgresql-geo-backup-disabled.yaml b/cloud/azure/postgresql/azure-postgresql-geo-backup-disabled.yaml index 256af89c5fd..aabc41ca685 100644 --- a/cloud/azure/postgresql/azure-postgresql-geo-backup-disabled.yaml +++ b/cloud/azure/postgresql/azure-postgresql-geo-backup-disabled.yaml @@ -11,9 +11,8 @@ info: Enable geo-redundant backups in the Azure portal or use Azure CLI to update your PostgreSQL server's backup configuration to enable geo-redundancy. reference: - https://docs.microsoft.com/en-us/azure/postgresql/concepts-backup - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,postgresql,azure-cloud-config + flow: | code(1); for (let ServerData of iterate(template.serverList)) { diff --git a/cloud/azure/postgresql/azure-postgresql-ssl-enforcement.yaml b/cloud/azure/postgresql/azure-postgresql-ssl-enforcement.yaml index a47d83117cd..b6f74d7e722 100644 --- a/cloud/azure/postgresql/azure-postgresql-ssl-enforcement.yaml +++ b/cloud/azure/postgresql/azure-postgresql-ssl-enforcement.yaml @@ -11,9 +11,8 @@ info: Enable SSL enforcement on all Azure PostgreSQL servers to ensure that data is encrypted in transit and protected from unauthorized access. reference: - https://docs.microsoft.com/en-us/azure/postgresql/concepts-ssl-connection-security - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,postgresql,azure-cloud-config + flow: | code(1); for (let ServerData of iterate(template.serverList)) { diff --git a/cloud/azure/postgresql/azure-postgresql-storage-autogrow-disabled.yaml b/cloud/azure/postgresql/azure-postgresql-storage-autogrow-disabled.yaml index 23caf0213b0..6606f830cc0 100644 --- a/cloud/azure/postgresql/azure-postgresql-storage-autogrow-disabled.yaml +++ b/cloud/azure/postgresql/azure-postgresql-storage-autogrow-disabled.yaml @@ -11,9 +11,8 @@ info: Enable the Storage Auto-Growth feature on your Azure PostgreSQL servers to prevent potential disruptions and ensure continuous database operation. reference: - https://docs.microsoft.com/en-us/azure/postgresql/concepts-storage - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,postgresql,azure-cloud-config + flow: | code(1); for (let ServerData of iterate(template.serverList)) { diff --git a/cloud/azure/redis/azure-redis-nonssl-port-disabled.yaml b/cloud/azure/redis/azure-redis-nonssl-port-disabled.yaml index 008cbd27bd2..2bb1fe8d49a 100644 --- a/cloud/azure/redis/azure-redis-nonssl-port-disabled.yaml +++ b/cloud/azure/redis/azure-redis-nonssl-port-disabled.yaml @@ -11,9 +11,8 @@ info: Enable SSL on your Azure Redis Cache servers and ensure the non-SSL port (6379) is disabled to enforce encryption in transit. reference: - https://docs.microsoft.com/en-us/azure/azure-cache-for-redis/cache-configure#ssl-ports - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,redis,azure-cloud-config + flow: | code(1); for (let CacheData of iterate(template.redisList)) { diff --git a/cloud/azure/redis/azure-redis-tls-version-outdated.yaml b/cloud/azure/redis/azure-redis-tls-version-outdated.yaml index 046c150c1cc..df251b53ae3 100644 --- a/cloud/azure/redis/azure-redis-tls-version-outdated.yaml +++ b/cloud/azure/redis/azure-redis-tls-version-outdated.yaml @@ -11,9 +11,8 @@ info: Upgrade the TLS version of your Azure Redis Cache servers to the latest version supported by Microsoft Azure to enhance security and compliance with industry standards. reference: - https://docs.microsoft.com/en-us/azure/redis-cache/ - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,redis,azure-cloud-config + flow: | code(1); for (let RedisData of iterate(template.redisIdList)) { diff --git a/cloud/azure/search/azure-search-service-managed-identity-disabled.yaml b/cloud/azure/search/azure-search-service-managed-identity-disabled.yaml index 13df7f37f02..584a935f2b8 100644 --- a/cloud/azure/search/azure-search-service-managed-identity-disabled.yaml +++ b/cloud/azure/search/azure-search-service-managed-identity-disabled.yaml @@ -11,9 +11,8 @@ info: Enable system-assigned managed identities on your Azure Search Service instances to secure access to Azure resources. reference: - https://docs.microsoft.com/en-us/azure/search/search-managed-identities - metadata: - max-request: 3 tags: cloud,devops,azure,microsoft,azure-search,azure-cloud-config + flow: | code(1); for (let ResourceGroupName of iterate(template.resourceGroupNames)) { diff --git a/cloud/azure/servicebus/azure-servicebus-public-access-disabled.yaml b/cloud/azure/servicebus/azure-servicebus-public-access-disabled.yaml index 68237872fd0..bc2fa7bed0a 100644 --- a/cloud/azure/servicebus/azure-servicebus-public-access-disabled.yaml +++ b/cloud/azure/servicebus/azure-servicebus-public-access-disabled.yaml @@ -11,9 +11,8 @@ info: Disable public network access to all your Azure Service Bus namespaces to ensure that they are only accessible through authorized private networks. reference: - https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-networking - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,service-bus,azure-cloud-config + flow: | code(1); for (let NamespaceData of iterate(template.namespaceList)) { diff --git a/cloud/azure/servicebus/azure-servicebus-tls-version-outdated.yaml b/cloud/azure/servicebus/azure-servicebus-tls-version-outdated.yaml index c40e9c74e63..38fb6555022 100644 --- a/cloud/azure/servicebus/azure-servicebus-tls-version-outdated.yaml +++ b/cloud/azure/servicebus/azure-servicebus-tls-version-outdated.yaml @@ -11,9 +11,8 @@ info: Update your Azure Service Bus namespaces to use the latest supported TLS version, TLS 1.2, to ensure improved security and data protection. reference: - https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-tls - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,servicebus,azure-cloud-config + flow: | code(1); for (let NamespaceData of iterate(template.namespaceList)) { diff --git a/cloud/azure/sql/azure-sql-auditing-disabled.yaml b/cloud/azure/sql/azure-sql-auditing-disabled.yaml index f626efa52c1..aed9805ffc3 100644 --- a/cloud/azure/sql/azure-sql-auditing-disabled.yaml +++ b/cloud/azure/sql/azure-sql-auditing-disabled.yaml @@ -11,9 +11,8 @@ info: Enable the "Auditing" feature in Azure SQL server settings to ensure comprehensive monitoring and compliance across all databases. reference: - https://docs.microsoft.com/en-us/azure/azure-sql/database/auditing-overview - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,sql,azure-cloud-config + flow: | code(1); for (let ServerData of iterate(template.serverList)) { diff --git a/cloud/azure/sql/azure-sql-failover-not-enabled.yaml b/cloud/azure/sql/azure-sql-failover-not-enabled.yaml index 57b6b8976be..6b8a7715f19 100644 --- a/cloud/azure/sql/azure-sql-failover-not-enabled.yaml +++ b/cloud/azure/sql/azure-sql-failover-not-enabled.yaml @@ -11,9 +11,8 @@ info: Enable auto-failover groups on your Azure SQL database servers to ensure high availability and automatic failover capabilities are in place. reference: - https://docs.microsoft.com/en-us/azure/azure-sql/database/auto-failover-group-overview - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,azure-sql,azure-cloud-config + flow: | code(1); for (let ServerData of iterate(template.serverList)) { diff --git a/cloud/azure/sql/azure-sql-mi-tde-cmk-not-enabled.yaml b/cloud/azure/sql/azure-sql-mi-tde-cmk-not-enabled.yaml index 1309cc30c97..28d0d826157 100644 --- a/cloud/azure/sql/azure-sql-mi-tde-cmk-not-enabled.yaml +++ b/cloud/azure/sql/azure-sql-mi-tde-cmk-not-enabled.yaml @@ -11,9 +11,8 @@ info: Configure Transparent Data Encryption to use Customer-Managed Keys by setting the TDE protector to use a key from your Azure key vault for your SQL managed instances. reference: - https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-tde-overview - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,sql-managed-instance,azure-cloud-config + flow: | code(1); for (let SQLMI of iterate(template.sqlManagedInstanceList)) { diff --git a/cloud/azure/sql/azure-sql-mi-tls-version-outdated.yaml b/cloud/azure/sql/azure-sql-mi-tls-version-outdated.yaml index e2a06a22b63..8114fb9b78b 100644 --- a/cloud/azure/sql/azure-sql-mi-tls-version-outdated.yaml +++ b/cloud/azure/sql/azure-sql-mi-tls-version-outdated.yaml @@ -11,9 +11,8 @@ info: Update the TLS configuration of your Azure SQL managed instances to use TLS 1.2, ensuring enhanced security and compliance with industry best practices. reference: - https://docs.microsoft.com/en-us/azure/azure-sql/managed-instance/transact-sql-tls-configuration - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,azure-sql,azure-cloud-config + flow: | code(1); for (let InstanceData of iterate(template.instanceList)) { diff --git a/cloud/azure/sql/azure-sql-tde-cmk-not-used.yaml b/cloud/azure/sql/azure-sql-tde-cmk-not-used.yaml index a72cb2810e3..46f0008b052 100644 --- a/cloud/azure/sql/azure-sql-tde-cmk-not-used.yaml +++ b/cloud/azure/sql/azure-sql-tde-cmk-not-used.yaml @@ -11,9 +11,8 @@ info: Configure the Transparent Data Encryption (TDE) feature of your Azure SQL server to use a Customer-Managed Key (CMK) from your own Azure Key Vault. reference: - https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-byok-azure-sql-configure - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,sql,azure-cloud-config + flow: | code(1); for (let ServerData of iterate(template.serverList)) { diff --git a/cloud/azure/sql/azure-sql-tde-not-enabled.yaml b/cloud/azure/sql/azure-sql-tde-not-enabled.yaml index 2eb74f7aee9..e9d4c9a4b11 100644 --- a/cloud/azure/sql/azure-sql-tde-not-enabled.yaml +++ b/cloud/azure/sql/azure-sql-tde-not-enabled.yaml @@ -11,9 +11,8 @@ info: Enable Transparent Data Encryption on all your Azure SQL databases to protect data at rest using encryption. reference: - https://docs.microsoft.com/en-us/azure/azure-sql/database/transparent-data-encryption-tde-overview - metadata: - max-request: 3 tags: cloud,devops,azure,microsoft,sql-database,azure-cloud-config + flow: | code(1); for (let serverId of iterate(template.serverIds)) { diff --git a/cloud/azure/sql/azure-sql-va-emails-unconfigured.yaml b/cloud/azure/sql/azure-sql-va-emails-unconfigured.yaml index fdde45c40e8..68baf376aeb 100644 --- a/cloud/azure/sql/azure-sql-va-emails-unconfigured.yaml +++ b/cloud/azure/sql/azure-sql-va-emails-unconfigured.yaml @@ -11,9 +11,8 @@ info: Configure the email addresses for vulnerability assessment notifications in your SQL server settings to ensure alerts and reports are received by the appropriate stakeholders. reference: - https://docs.microsoft.com/en-us/azure/azure-sql/database/security-overview - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,sql-server,azure-cloud-config + flow: | code(1); for (let ServerData of iterate(template.serverList)) { diff --git a/cloud/azure/storageaccounts/azure-blob-anonymous-access-disabled.yaml b/cloud/azure/storageaccounts/azure-blob-anonymous-access-disabled.yaml index d25b47e9634..c60a6104b39 100644 --- a/cloud/azure/storageaccounts/azure-blob-anonymous-access-disabled.yaml +++ b/cloud/azure/storageaccounts/azure-blob-anonymous-access-disabled.yaml @@ -11,9 +11,8 @@ info: Disable public (anonymous) access to all blob containers in Azure storage accounts to protect your data against unauthorized access. reference: - https://docs.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-prevent - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,azure-storage,azure-cloud-config + flow: | code(1); for (let StorageAccount of iterate(template.storageAccountIds)) { diff --git a/cloud/azure/storageaccounts/azure-blob-immutable-not-enabled.yaml b/cloud/azure/storageaccounts/azure-blob-immutable-not-enabled.yaml index 3004f7e9e38..ea4e3d9be41 100644 --- a/cloud/azure/storageaccounts/azure-blob-immutable-not-enabled.yaml +++ b/cloud/azure/storageaccounts/azure-blob-immutable-not-enabled.yaml @@ -11,9 +11,8 @@ info: Apply an appropriate time-based immutability policy or a legal hold policy to your Azure Storage blob containers to protect sensitive and business-critical data from being modified or deleted. reference: - https://docs.microsoft.com/en-us/azure/storage/blobs/immutable-storage - metadata: - max-request: 3 tags: cloud,devops,azure,microsoft,azure-blob-storage,azure-cloud-config + flow: | code(1); for (let AccountData of iterate(template.accountList)) { diff --git a/cloud/azure/storageaccounts/azure-blob-lifecycle-not-enabled.yaml b/cloud/azure/storageaccounts/azure-blob-lifecycle-not-enabled.yaml index beeb62e813c..8a00b98c27d 100644 --- a/cloud/azure/storageaccounts/azure-blob-lifecycle-not-enabled.yaml +++ b/cloud/azure/storageaccounts/azure-blob-lifecycle-not-enabled.yaml @@ -11,9 +11,8 @@ info: Configure a lifecycle management policy for your Azure Blob Storage accounts to enable automatic transitioning or expiration of data as appropriate. reference: - https://docs.microsoft.com/en-us/azure/storage/blobs/storage-lifecycle-management-concepts - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,blob-storage,azure-cloud-config + flow: | code(1); for (let AccountData of iterate(template.accountList)) { diff --git a/cloud/azure/storageaccounts/azure-blob-service-logging-disabled.yaml b/cloud/azure/storageaccounts/azure-blob-service-logging-disabled.yaml index 6af00439681..5342e7a2d8d 100644 --- a/cloud/azure/storageaccounts/azure-blob-service-logging-disabled.yaml +++ b/cloud/azure/storageaccounts/azure-blob-service-logging-disabled.yaml @@ -11,9 +11,8 @@ info: Enable logging for the Azure Storage Blob service by setting the 'read', 'write', and 'delete' attributes to true in the storage account settings. reference: - https://docs.microsoft.com/en-us/azure/storage/common/storage-analytics-logging - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,azure-storage,azure-cloud-config + flow: | code(1); for (let AccountData of iterate(template.accountList)) { diff --git a/cloud/azure/storageaccounts/azure-blob-soft-delete-disabled.yaml b/cloud/azure/storageaccounts/azure-blob-soft-delete-disabled.yaml index 1c2e9fb6af0..2fbe7f6a209 100644 --- a/cloud/azure/storageaccounts/azure-blob-soft-delete-disabled.yaml +++ b/cloud/azure/storageaccounts/azure-blob-soft-delete-disabled.yaml @@ -11,9 +11,8 @@ info: Enable the Soft Delete feature for all blob storage accounts via the Azure Portal or using Azure CLI commands to ensure data is recoverable even after deletion or overwriting. reference: - https://docs.microsoft.com/en-us/azure/storage/blobs/soft-delete-overview - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,blob-storage,azure-cloud-config + flow: | code(1); for (let storageAccount of iterate(template.storageAccountNames)) { diff --git a/cloud/azure/storageaccounts/azure-storage-blob-public-access.yaml b/cloud/azure/storageaccounts/azure-storage-blob-public-access.yaml index eb00fcd1884..d23c70fc9c3 100644 --- a/cloud/azure/storageaccounts/azure-storage-blob-public-access.yaml +++ b/cloud/azure/storageaccounts/azure-storage-blob-public-access.yaml @@ -11,9 +11,8 @@ info: Disable public access to all storage accounts containing blob containers to prevent unauthorized data access. reference: - https://docs.microsoft.com/en-us/azure/storage/common/storage-disallow-access - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,storage,azure-cloud-config + flow: | code(1); for (let AccountData of iterate(template.accountList)) { diff --git a/cloud/azure/storageaccounts/azure-storage-byok-not-used.yaml b/cloud/azure/storageaccounts/azure-storage-byok-not-used.yaml index 09c08c1154d..90f194e343f 100644 --- a/cloud/azure/storageaccounts/azure-storage-byok-not-used.yaml +++ b/cloud/azure/storageaccounts/azure-storage-byok-not-used.yaml @@ -11,9 +11,8 @@ info: Configure your Azure Storage accounts to use customer-managed keys (BYOK) for data encryption to ensure compliance and enhanced security. reference: - https://docs.microsoft.com/en-us/azure/storage/common/storage-encryption-keys-manage - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,storage,azure-cloud-config + flow: | code(1); for (let StorageData of iterate(template.storageList)) { diff --git a/cloud/azure/storageaccounts/azure-storage-cmk-not-used.yaml b/cloud/azure/storageaccounts/azure-storage-cmk-not-used.yaml index a6fe04f8240..c90fbe69b85 100644 --- a/cloud/azure/storageaccounts/azure-storage-cmk-not-used.yaml +++ b/cloud/azure/storageaccounts/azure-storage-cmk-not-used.yaml @@ -11,9 +11,8 @@ info: Configure your Azure Storage accounts to use Customer Managed Keys for data encryption to enhance security and control. reference: - https://docs.microsoft.com/en-us/azure/storage/common/storage-encryption-keys-manage?tabs=portal - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,azure-storage,azure-cloud-config + flow: | code(1); for (let accountData of iterate(template.accountList)) { diff --git a/cloud/azure/storageaccounts/azure-storage-cross-tenant-replication-disabled.yaml b/cloud/azure/storageaccounts/azure-storage-cross-tenant-replication-disabled.yaml index 7dc6e4e54e5..26b5d778f63 100644 --- a/cloud/azure/storageaccounts/azure-storage-cross-tenant-replication-disabled.yaml +++ b/cloud/azure/storageaccounts/azure-storage-cross-tenant-replication-disabled.yaml @@ -11,9 +11,8 @@ info: Disable the Cross-Tenant Replication feature for Azure Storage accounts to ensure data is not replicated across different Microsoft Entra tenants without authorization. reference: - https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,storage,azure-cloud-config + flow: | code(1); for (let StorageAccount of iterate(template.storageAccountList)) { diff --git a/cloud/azure/storageaccounts/azure-storage-encryption-missing.yaml b/cloud/azure/storageaccounts/azure-storage-encryption-missing.yaml index 7aef06f8c65..1b720ccf7a7 100644 --- a/cloud/azure/storageaccounts/azure-storage-encryption-missing.yaml +++ b/cloud/azure/storageaccounts/azure-storage-encryption-missing.yaml @@ -11,9 +11,8 @@ info: Enable Infrastructure Encryption on your Azure Storage accounts to ensure data is encrypted at both software and hardware levels, enhancing the security posture. reference: - https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,azure-storage,azure-cloud-config + flow: | code(1); for (let StorageData of iterate(template.storageList)) { diff --git a/cloud/azure/storageaccounts/azure-storage-min-tls-version.yaml b/cloud/azure/storageaccounts/azure-storage-min-tls-version.yaml index ebca2047aa6..68b0a986b5e 100644 --- a/cloud/azure/storageaccounts/azure-storage-min-tls-version.yaml +++ b/cloud/azure/storageaccounts/azure-storage-min-tls-version.yaml @@ -11,9 +11,8 @@ info: Configure all Azure Storage accounts to use TLS version 1.2 as the minimum required version for connections to ensure compliance with industry standards and enhanced security. reference: - https://docs.microsoft.com/en-us/azure/storage/common/storage-security-guide - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,storage,azure-cloud-config + flow: | code(1); for (let AccountData of iterate(template.accountList)) { diff --git a/cloud/azure/storageaccounts/azure-storage-network-unrestricted.yaml b/cloud/azure/storageaccounts/azure-storage-network-unrestricted.yaml index 674155d04c8..8aaeeba7ca3 100644 --- a/cloud/azure/storageaccounts/azure-storage-network-unrestricted.yaml +++ b/cloud/azure/storageaccounts/azure-storage-network-unrestricted.yaml @@ -11,9 +11,8 @@ info: Configure the network access rule for Azure Storage accounts to "Deny" to restrict access to selected networks only, enhancing security by preventing unwanted or unauthorized access. reference: - https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,storage,azure-cloud-config + flow: | code(1); for (let StorageData of iterate(template.storageList)) { diff --git a/cloud/azure/storageaccounts/azure-storage-overly-permissive-sap.yaml b/cloud/azure/storageaccounts/azure-storage-overly-permissive-sap.yaml index a61d9f4aba5..38e33a132c8 100644 --- a/cloud/azure/storageaccounts/azure-storage-overly-permissive-sap.yaml +++ b/cloud/azure/storageaccounts/azure-storage-overly-permissive-sap.yaml @@ -11,9 +11,8 @@ info: Review and restrict the permissions in your stored access policies to ensure they align with the principle of least privilege. reference: - https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview - metadata: - max-request: 3 tags: cloud,devops,azure,microsoft,azure-storage,azure-cloud-config + flow: | code(1); for (let accountName of iterate(template.accountNames)) { diff --git a/cloud/azure/storageaccounts/azure-storage-private-endpoint-unconfigured.yaml b/cloud/azure/storageaccounts/azure-storage-private-endpoint-unconfigured.yaml index 012b3f173fa..db178fcc02d 100644 --- a/cloud/azure/storageaccounts/azure-storage-private-endpoint-unconfigured.yaml +++ b/cloud/azure/storageaccounts/azure-storage-private-endpoint-unconfigured.yaml @@ -11,9 +11,8 @@ info: Configure private endpoints for your Azure Storage accounts to ensure secure access via Private Link. reference: - https://docs.microsoft.com/en-us/azure/storage/common/storage-private-endpoints - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,azure-storage,azure-cloud-config + flow: | code(1); for (let StorageAccount of iterate(template.storageAccounts)) { diff --git a/cloud/azure/storageaccounts/azure-storage-public-access.yaml b/cloud/azure/storageaccounts/azure-storage-public-access.yaml index d34a3375868..27edfa69540 100644 --- a/cloud/azure/storageaccounts/azure-storage-public-access.yaml +++ b/cloud/azure/storageaccounts/azure-storage-public-access.yaml @@ -11,9 +11,8 @@ info: Ensure that the Azure storage containers storing activity log files are configured to deny public access. Review and modify the public access settings of your storage accounts to protect sensitive data. reference: - https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview - metadata: - max-request: 3 tags: cloud,devops,azure,microsoft,storage,azure-cloud-config + flow: | code(1); for (let subName of iterate(template.subscriptionNames)) { diff --git a/cloud/azure/storageaccounts/azure-storage-queue-logging-disabled.yaml b/cloud/azure/storageaccounts/azure-storage-queue-logging-disabled.yaml index d85bc628f18..8eb87fa46c6 100644 --- a/cloud/azure/storageaccounts/azure-storage-queue-logging-disabled.yaml +++ b/cloud/azure/storageaccounts/azure-storage-queue-logging-disabled.yaml @@ -11,9 +11,8 @@ info: Enable logging for read, write, and delete requests in Azure Storage Queue service to ensure compliance and improve security monitoring. reference: - https://docs.microsoft.com/en-us/azure/storage/queues/storage-queues-introduction - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,storage-queue,azure-cloud-config + flow: | code(1); for (let StorageAccount of iterate(template.storageAccounts)) { diff --git a/cloud/azure/storageaccounts/azure-storage-secure-transfer.yaml b/cloud/azure/storageaccounts/azure-storage-secure-transfer.yaml index 1afe4902c89..e8e61cd1980 100644 --- a/cloud/azure/storageaccounts/azure-storage-secure-transfer.yaml +++ b/cloud/azure/storageaccounts/azure-storage-secure-transfer.yaml @@ -11,9 +11,8 @@ info: Enable "Secure transfer required" in your Azure Storage account settings to enforce HTTPS traffic only, ensuring all data in transit is encrypted. reference: - https://docs.microsoft.com/en-us/azure/storage/common/storage-require-secure-transfer - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,azure-storage,azure-cloud-config + flow: | code(1); for (let StorageAccount of iterate(template.storageAccounts)) { diff --git a/cloud/azure/storageaccounts/azure-storage-static-website-review.yaml b/cloud/azure/storageaccounts/azure-storage-static-website-review.yaml index c87b8ed1d67..4fcbd4e941d 100644 --- a/cloud/azure/storageaccounts/azure-storage-static-website-review.yaml +++ b/cloud/azure/storageaccounts/azure-storage-static-website-review.yaml @@ -11,9 +11,8 @@ info: Regularly review your Azure Storage accounts that host static websites and ensure they comply with security and data protection standards. reference: - https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-static-website - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,storage-account,azure-cloud-config + flow: | code(1); for (let accountData of iterate(template.accountList)) { diff --git a/cloud/azure/storageaccounts/azure-storage-table-logging-disabled.yaml b/cloud/azure/storageaccounts/azure-storage-table-logging-disabled.yaml index 1186c5ec587..5fefe14777c 100644 --- a/cloud/azure/storageaccounts/azure-storage-table-logging-disabled.yaml +++ b/cloud/azure/storageaccounts/azure-storage-table-logging-disabled.yaml @@ -11,9 +11,8 @@ info: Enable logging for read, write, and delete requests in the Azure Storage Table service through the Azure portal or using the Azure CLI. reference: - https://docs.microsoft.com/en-us/azure/storage/tables/table-storage-overview - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,azure-storage,azure-cloud-config + flow: | code(1); for (let AccountData of iterate(template.accountList)) { diff --git a/cloud/azure/storageaccounts/azure-storage-trusted-access-disabled.yaml b/cloud/azure/storageaccounts/azure-storage-trusted-access-disabled.yaml index 2e4f8e8379f..21bdf2e912d 100644 --- a/cloud/azure/storageaccounts/azure-storage-trusted-access-disabled.yaml +++ b/cloud/azure/storageaccounts/azure-storage-trusted-access-disabled.yaml @@ -11,9 +11,8 @@ info: Enable the "Allow trusted Microsoft services to access this storage account" exception in the Azure portal under Storage account settings. reference: - https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,storage,azure-cloud-config + flow: | code(1); for (let StorageAccountData of iterate(template.storageAccounts)) { diff --git a/cloud/azure/subscriptions/azure-policy-not-allowed-types-unassigned.yaml b/cloud/azure/subscriptions/azure-policy-not-allowed-types-unassigned.yaml index ac2dbd63b42..e345f771ab1 100644 --- a/cloud/azure/subscriptions/azure-policy-not-allowed-types-unassigned.yaml +++ b/cloud/azure/subscriptions/azure-policy-not-allowed-types-unassigned.yaml @@ -11,9 +11,8 @@ info: Assign the "Not Allowed Resource Types" policy to your Azure subscriptions to ensure compliance with corporate standards and prevent unauthorized resource deployment. reference: - https://docs.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,azure-policy,azure-cloud-config + flow: | code(1); for (let AssignmentData of iterate(template.policyAssignmentList)) { diff --git a/cloud/azure/synapse/azure-synapse-sqlpool-tde-disabled.yaml b/cloud/azure/synapse/azure-synapse-sqlpool-tde-disabled.yaml index e6c62e5788e..48dc100574f 100644 --- a/cloud/azure/synapse/azure-synapse-sqlpool-tde-disabled.yaml +++ b/cloud/azure/synapse/azure-synapse-sqlpool-tde-disabled.yaml @@ -11,9 +11,8 @@ info: Enable Transparent Data Encryption (TDE) for all Azure Synapse Analytics dedicated SQL pools to ensure your data at rest is encrypted and secure. reference: - https://docs.microsoft.com/en-us/azure/synapse-analytics/sql-data-warehouse/sql-data-warehouse-overview-what-is - metadata: - max-request: 3 tags: cloud,devops,azure,microsoft,synapse,azure-cloud-config + flow: | code(1); for (let workspaceId of iterate(template.workspaceIds)) { diff --git a/cloud/azure/tags/azure-vm-tags-schema-noncompliant.yaml b/cloud/azure/tags/azure-vm-tags-schema-noncompliant.yaml index e7e14c26f59..7690fa722d6 100644 --- a/cloud/azure/tags/azure-vm-tags-schema-noncompliant.yaml +++ b/cloud/azure/tags/azure-vm-tags-schema-noncompliant.yaml @@ -11,9 +11,8 @@ info: Update the tagging schema of your Azure virtual machines to include the recommended tags: Name, Role, Environment, and Owner to ensure effective resource management and billing. reference: - https://docs.microsoft.com/en-us/azure/virtual-machines/tagging - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,azure-vm,azure-cloud-config + flow: | code(1); for (let VMData of iterate(template.vmList)) { diff --git a/cloud/azure/virtualmachines/azure-app-tier-vm-disk-unencrypted.yaml b/cloud/azure/virtualmachines/azure-app-tier-vm-disk-unencrypted.yaml index e30936b8979..376efcc4682 100644 --- a/cloud/azure/virtualmachines/azure-app-tier-vm-disk-unencrypted.yaml +++ b/cloud/azure/virtualmachines/azure-app-tier-vm-disk-unencrypted.yaml @@ -11,9 +11,8 @@ info: Enable disk encryption on all Azure virtual machine disk volumes within the application tier by using Azure Disk Encryption. reference: - https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,vm-disk,azure-cloud-config + flow: | code(1); for (let vmData of iterate(template.vmList)) { diff --git a/cloud/azure/virtualmachines/azure-disk-encryption-unattached-volumes.yaml b/cloud/azure/virtualmachines/azure-disk-encryption-unattached-volumes.yaml index 6238c5037c9..e1bc9996370 100644 --- a/cloud/azure/virtualmachines/azure-disk-encryption-unattached-volumes.yaml +++ b/cloud/azure/virtualmachines/azure-disk-encryption-unattached-volumes.yaml @@ -11,9 +11,8 @@ info: Encrypt all unattached disk volumes using Azure Disk Encryption integrated with Azure Key Vault to ensure data is protected even when disks are detached. reference: - https://docs.microsoft.com/en-us/azure/virtual-machines/disks-enable-host-based-encryption-cli - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,disk-encryption,azure-cloud-config + flow: | code(1); for (let DiskData of iterate(template.diskList)) { diff --git a/cloud/azure/virtualmachines/azure-lb-unused.yaml b/cloud/azure/virtualmachines/azure-lb-unused.yaml index 5e543bd29cd..b6a3fad4c16 100644 --- a/cloud/azure/virtualmachines/azure-lb-unused.yaml +++ b/cloud/azure/virtualmachines/azure-lb-unused.yaml @@ -11,9 +11,8 @@ info: Review and remove unused load balancers that do not have any backend pool instances. reference: - https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,load-balancer,azure-cloud-config + flow: | code(1); for (let BalancerData of iterate(template.balancerList)) { diff --git a/cloud/azure/virtualmachines/azure-vm-accelerated-networking-disabled.yaml b/cloud/azure/virtualmachines/azure-vm-accelerated-networking-disabled.yaml index b84ad1a380b..cb2956b34d9 100644 --- a/cloud/azure/virtualmachines/azure-vm-accelerated-networking-disabled.yaml +++ b/cloud/azure/virtualmachines/azure-vm-accelerated-networking-disabled.yaml @@ -11,9 +11,8 @@ info: Enable Accelerated Networking on all compatible Azure VMs to ensure optimal network performance. This can be done through the Azure portal or using Azure CLI commands. reference: - https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-accelerated-networking-cli - metadata: - max-request: 3 tags: cloud,devops,azure,microsoft,virtual-machines,azure-cloud-config + flow: | code(1); for(let InstanceDetails of iterate(template.vmIDs)) { diff --git a/cloud/azure/virtualmachines/azure-vm-accelerated-networking-not-enabled.yaml b/cloud/azure/virtualmachines/azure-vm-accelerated-networking-not-enabled.yaml index 2044c087ec2..b6752b87ab9 100644 --- a/cloud/azure/virtualmachines/azure-vm-accelerated-networking-not-enabled.yaml +++ b/cloud/azure/virtualmachines/azure-vm-accelerated-networking-not-enabled.yaml @@ -11,9 +11,8 @@ info: Enable Accelerated Networking on all Azure VMs that support this feature to ensure optimal networking performance. reference: - https://docs.microsoft.com/en-us/azure/virtual-network/create-vm-accelerated-networking-cli - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,vm,azure-cloud-config + flow: | code(1); for (let VM of iterate(template.vmList)) { diff --git a/cloud/azure/virtualmachines/azure-vm-boot-diagnostics-not-enabled.yaml b/cloud/azure/virtualmachines/azure-vm-boot-diagnostics-not-enabled.yaml index d46092a2dba..d56ee3047c8 100644 --- a/cloud/azure/virtualmachines/azure-vm-boot-diagnostics-not-enabled.yaml +++ b/cloud/azure/virtualmachines/azure-vm-boot-diagnostics-not-enabled.yaml @@ -11,9 +11,8 @@ info: Enable Boot Diagnostics for all your Azure VMs to facilitate effective troubleshooting and ensure quick recovery from startup-related issues. reference: - https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/boot-diagnostics - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,virtual-machines,azure-cloud-config + flow: | code(1); for (let VmData of iterate(template.vmList)) { diff --git a/cloud/azure/virtualmachines/azure-vm-boot-disk-unencrypted.yaml b/cloud/azure/virtualmachines/azure-vm-boot-disk-unencrypted.yaml index d4eb16de74c..48719539d63 100644 --- a/cloud/azure/virtualmachines/azure-vm-boot-disk-unencrypted.yaml +++ b/cloud/azure/virtualmachines/azure-vm-boot-disk-unencrypted.yaml @@ -11,9 +11,8 @@ info: Enable Azure Disk Encryption for VM boot volumes using Azure Key Vault to manage encryption keys and ensure data security. reference: - https://docs.microsoft.com/en-us/azure/virtual-machines/linux/encrypt-disks - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,vm-disk-encryption,azure-cloud-config + flow: | code(1); for (let VMData of iterate(template.vmList)) { diff --git a/cloud/azure/virtualmachines/azure-vm-byok-disk-volumes-not-enabled.yaml b/cloud/azure/virtualmachines/azure-vm-byok-disk-volumes-not-enabled.yaml index 047ca2e7ed7..c0564319d3f 100644 --- a/cloud/azure/virtualmachines/azure-vm-byok-disk-volumes-not-enabled.yaml +++ b/cloud/azure/virtualmachines/azure-vm-byok-disk-volumes-not-enabled.yaml @@ -11,9 +11,8 @@ info: Configure your VM disk volumes to use customer-managed keys (BYOK) to ensure better security and control over your data encryption and decryption processes. reference: - https://docs.microsoft.com/en-us/azure/virtual-machines/disks-enable-customer-managed-keys - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,virtual-machine,azure-cloud-config + flow: | code(1); for (let VmData of iterate(template.vmList)) { diff --git a/cloud/azure/virtualmachines/azure-vm-endpoint-protection-missing.yaml b/cloud/azure/virtualmachines/azure-vm-endpoint-protection-missing.yaml index 8d20ca2fc0b..cbbf6ee3917 100644 --- a/cloud/azure/virtualmachines/azure-vm-endpoint-protection-missing.yaml +++ b/cloud/azure/virtualmachines/azure-vm-endpoint-protection-missing.yaml @@ -11,9 +11,8 @@ info: Install an approved endpoint protection solution on your Azure VMs to mitigate the risk of malware and maintain compliance with organizational security policies. reference: - https://docs.microsoft.com/en-us/azure/security-center/security-center-intro - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,endpoint-protection,azure-cloud-config + flow: | code(1); for (let VMData of iterate(template.vmList)) { diff --git a/cloud/azure/virtualmachines/azure-vm-entra-id-unenabled.yaml b/cloud/azure/virtualmachines/azure-vm-entra-id-unenabled.yaml index 54b7f00ac43..cd59725268d 100644 --- a/cloud/azure/virtualmachines/azure-vm-entra-id-unenabled.yaml +++ b/cloud/azure/virtualmachines/azure-vm-entra-id-unenabled.yaml @@ -11,9 +11,8 @@ info: Ensure the Microsoft Entra ID authentication extensions, "AADLoginForWindows" or "AADLoginForLinux", are installed and enabled on your Azure VMs for secure access management. reference: - https://docs.microsoft.com/en-us/azure/active-directory/develop/ - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,entra-id,azure-cloud-config + flow: | code(1); for (let VmData of iterate(template.vmList)) { diff --git a/cloud/azure/virtualmachines/azure-vm-guest-diagnostics-unenabled.yaml b/cloud/azure/virtualmachines/azure-vm-guest-diagnostics-unenabled.yaml index 118cc195fe7..8840241d6b0 100644 --- a/cloud/azure/virtualmachines/azure-vm-guest-diagnostics-unenabled.yaml +++ b/cloud/azure/virtualmachines/azure-vm-guest-diagnostics-unenabled.yaml @@ -11,9 +11,8 @@ info: Enable Guest-Level Diagnostics on your Azure virtual machines to ensure comprehensive data collection and enhance monitoring capabilities. reference: - https://docs.microsoft.com/en-us/azure/virtual-machines/windows/diagnostics - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,virtual-machines,azure-cloud-config + flow: | code(1); for (let VMData of iterate(template.vmList)) { diff --git a/cloud/azure/virtualmachines/azure-vm-jit-access-not-enabled.yaml b/cloud/azure/virtualmachines/azure-vm-jit-access-not-enabled.yaml index c46e740634a..44deaa1da72 100644 --- a/cloud/azure/virtualmachines/azure-vm-jit-access-not-enabled.yaml +++ b/cloud/azure/virtualmachines/azure-vm-jit-access-not-enabled.yaml @@ -11,9 +11,8 @@ info: Enable Just-in-Time access for your Azure VMs to control inbound traffic and improve security. reference: - https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,security-center,azure-cloud-config + flow: | code(1); for (let VMData of iterate(template.vmList)) { diff --git a/cloud/azure/virtualmachines/azure-vm-managed-identity-unassigned.yaml b/cloud/azure/virtualmachines/azure-vm-managed-identity-unassigned.yaml index 603cd8228e0..a2657e8c8f1 100644 --- a/cloud/azure/virtualmachines/azure-vm-managed-identity-unassigned.yaml +++ b/cloud/azure/virtualmachines/azure-vm-managed-identity-unassigned.yaml @@ -11,9 +11,8 @@ info: Enable system-assigned managed identities on all Azure VMs to ensure secure access to other Azure services. reference: - https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,vm,azure-cloud-config + flow: | code(1); for (let VMData of iterate(template.vmList)) { diff --git a/cloud/azure/virtualmachines/azure-vm-performance-diagnostics-unenabled.yaml b/cloud/azure/virtualmachines/azure-vm-performance-diagnostics-unenabled.yaml index 96896e5324c..ddf8250d66c 100644 --- a/cloud/azure/virtualmachines/azure-vm-performance-diagnostics-unenabled.yaml +++ b/cloud/azure/virtualmachines/azure-vm-performance-diagnostics-unenabled.yaml @@ -11,9 +11,8 @@ info: Enable the Performance Diagnostics feature by installing the AzurePerformanceDiagnostics extension through Azure Portal or Azure CLI commands to mitigate performance issues and ensure optimal VM operation. reference: - https://docs.microsoft.com/en-us/azure/virtual-machines/performance-diagnostics - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,virtual-machine,azure-cloud-config + flow: | code(1); for (let vmData of iterate(template.vmList)) { diff --git a/cloud/azure/virtualmachines/azure-vm-ssh-auth-type.yaml b/cloud/azure/virtualmachines/azure-vm-ssh-auth-type.yaml index 096c736f4aa..60fe32596be 100644 --- a/cloud/azure/virtualmachines/azure-vm-ssh-auth-type.yaml +++ b/cloud/azure/virtualmachines/azure-vm-ssh-auth-type.yaml @@ -11,9 +11,8 @@ info: Configure all Azure virtual machines to use SSH keys for authentication. Disable password authentication to enhance the security of your virtual machines. reference: - https://docs.microsoft.com/en-us/azure/virtual-machines/linux/ssh-from-windows - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,vm,azure-cloud-config + flow: | code(1); for (let vmData of iterate(template.vmList)) { diff --git a/cloud/azure/virtualmachines/azure-vm-standard-ssd-required.yaml b/cloud/azure/virtualmachines/azure-vm-standard-ssd-required.yaml index 60ea99b85a8..8edff049858 100644 --- a/cloud/azure/virtualmachines/azure-vm-standard-ssd-required.yaml +++ b/cloud/azure/virtualmachines/azure-vm-standard-ssd-required.yaml @@ -11,9 +11,8 @@ info: Convert any Premium SSD volumes to Standard SSD unless the workload requires high performance disk specifications. This can be achieved through Azure's portal or via CLI commands. reference: - https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,virtual-machine,azure-cloud-config + flow: | code(1); for (let VMData of iterate(template.vmList)) { diff --git a/cloud/azure/virtualmachines/azure-vm-trusted-launch-disabled.yaml b/cloud/azure/virtualmachines/azure-vm-trusted-launch-disabled.yaml index 9e3c4dab833..5e449aa8c60 100644 --- a/cloud/azure/virtualmachines/azure-vm-trusted-launch-disabled.yaml +++ b/cloud/azure/virtualmachines/azure-vm-trusted-launch-disabled.yaml @@ -11,9 +11,8 @@ info: Enable the Trusted Launch feature on your Azure VMs to utilize security enhancements such as Secure Boot and vTPM to protect against sophisticated attacks. reference: - https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,virtual-machine,azure-cloud-config + flow: | code(1); for (let VmData of iterate(template.vmList)) { diff --git a/cloud/azure/virtualmachines/azure-vm-unapproved-image.yaml b/cloud/azure/virtualmachines/azure-vm-unapproved-image.yaml index f2e72970dab..9f9d62e8039 100644 --- a/cloud/azure/virtualmachines/azure-vm-unapproved-image.yaml +++ b/cloud/azure/virtualmachines/azure-vm-unapproved-image.yaml @@ -11,9 +11,8 @@ info: Ensure all Azure VM instances are launched from approved machine images. Update any instances that are not using the approved images. reference: - https://docs.microsoft.com/en-us/azure/virtual-machines/windows/overview - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,virtual-machine,azure-cloud-config + flow: | code(1); for (let VMData of iterate(template.vmList)) { diff --git a/cloud/azure/virtualmachines/azure-vm-unmanaged-disk-volumes.yaml b/cloud/azure/virtualmachines/azure-vm-unmanaged-disk-volumes.yaml index 9165ea05021..306417202b6 100644 --- a/cloud/azure/virtualmachines/azure-vm-unmanaged-disk-volumes.yaml +++ b/cloud/azure/virtualmachines/azure-vm-unmanaged-disk-volumes.yaml @@ -11,9 +11,8 @@ info: Configure your Azure VMs to use managed disks for better reliability and simplified management of disk resources. reference: - https://docs.microsoft.com/en-us/azure/virtual-machines/managed-disks-overview - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,virtual-machine,azure-cloud-config + flow: | code(1); for (let VMData of iterate(template.vmList)) { diff --git a/cloud/azure/virtualmachines/azure-vm-web-tier-disk-unencrypted.yaml b/cloud/azure/virtualmachines/azure-vm-web-tier-disk-unencrypted.yaml index 1ab3b9f2fc6..4a11a7cfb8e 100644 --- a/cloud/azure/virtualmachines/azure-vm-web-tier-disk-unencrypted.yaml +++ b/cloud/azure/virtualmachines/azure-vm-web-tier-disk-unencrypted.yaml @@ -11,9 +11,8 @@ info: Enable encryption for all disk volumes attached to VMs within the Azure web tier to enhance data security and comply with regulatory requirements. reference: - https://docs.microsoft.com/en-us/azure/virtual-machines/linux/encrypt-disks - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,azure-vm,azure-cloud-config + flow: | code(1); for (let VmData of iterate(template.vmList)) { diff --git a/cloud/azure/virtualmachines/azure-vmss-auto-os-upgrade-missing.yaml b/cloud/azure/virtualmachines/azure-vmss-auto-os-upgrade-missing.yaml index 8fcc4c7aebc..071b9ddd503 100644 --- a/cloud/azure/virtualmachines/azure-vmss-auto-os-upgrade-missing.yaml +++ b/cloud/azure/virtualmachines/azure-vmss-auto-os-upgrade-missing.yaml @@ -11,9 +11,8 @@ info: Enable automatic OS upgrades in Azure VMSS settings to ensure all instances are updated automatically with the latest OS image version, thereby improving security and reducing manual maintenance overhead. reference: - https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,vmss,azure-cloud-config + flow: | code(1); for (let VmssData of iterate(template.vmssList)) { diff --git a/cloud/azure/virtualmachines/azure-vmss-auto-repairs-disabled.yaml b/cloud/azure/virtualmachines/azure-vmss-auto-repairs-disabled.yaml index 016fe7c0d68..e6b82af503e 100644 --- a/cloud/azure/virtualmachines/azure-vmss-auto-repairs-disabled.yaml +++ b/cloud/azure/virtualmachines/azure-vmss-auto-repairs-disabled.yaml @@ -11,9 +11,8 @@ info: Enable the Automatic Instance Repairs feature for Azure VMSS to ensure high availability and resilience of your applications. reference: - https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-instance-repairs - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,vmss,azure-cloud-config + flow: | code(1); for (let ScaleSetData of iterate(template.scaleSetList)) { diff --git a/cloud/azure/virtualmachines/azure-vmss-empty-unattached.yaml b/cloud/azure/virtualmachines/azure-vmss-empty-unattached.yaml index a7b0dba8f8a..e5a584ac1be 100644 --- a/cloud/azure/virtualmachines/azure-vmss-empty-unattached.yaml +++ b/cloud/azure/virtualmachines/azure-vmss-empty-unattached.yaml @@ -11,9 +11,8 @@ info: Regularly check and remove any VM scale sets that do not contain any VM instances and are not associated with any load balancers. reference: - https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/ - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,vmss,azure-cloud-config + flow: | code(1); for (let ScaleSetData of iterate(template.scaleSetList)) { diff --git a/cloud/azure/virtualmachines/azure-vmss-health-monitoring-missing.yaml b/cloud/azure/virtualmachines/azure-vmss-health-monitoring-missing.yaml index 679c38406e9..95ba9afeb5e 100644 --- a/cloud/azure/virtualmachines/azure-vmss-health-monitoring-missing.yaml +++ b/cloud/azure/virtualmachines/azure-vmss-health-monitoring-missing.yaml @@ -11,9 +11,8 @@ info: Enable the Application Health extension in your Azure VMSS instances to ensure continuous health monitoring and eligibility for necessary upgrades and repairs. reference: - https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-health-extension - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,vmss,azure-cloud-config + flow: | code(1); for (let VMSSData of iterate(template.vmssList)) { diff --git a/cloud/azure/virtualmachines/azure-vmss-load-balancer-unassociated.yaml b/cloud/azure/virtualmachines/azure-vmss-load-balancer-unassociated.yaml index 7520ed99871..963df547e7b 100644 --- a/cloud/azure/virtualmachines/azure-vmss-load-balancer-unassociated.yaml +++ b/cloud/azure/virtualmachines/azure-vmss-load-balancer-unassociated.yaml @@ -11,9 +11,8 @@ info: Ensure each Azure virtual machine scale set is integrated with a load balancer to distribute incoming traffic effectively among instances. reference: - https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-load-balancer - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,vmss,azure-cloud-config + flow: | code(1); for (let VmssData of iterate(template.vmssList)) { diff --git a/cloud/azure/virtualmachines/azure-vmss-public-ip-disabled.yaml b/cloud/azure/virtualmachines/azure-vmss-public-ip-disabled.yaml index 4477b58550c..d82e7fbe586 100644 --- a/cloud/azure/virtualmachines/azure-vmss-public-ip-disabled.yaml +++ b/cloud/azure/virtualmachines/azure-vmss-public-ip-disabled.yaml @@ -11,9 +11,8 @@ info: Configure your VMSS to disable public IP address assignments to its instances. Ensure that all networking is handled through internal networking resources. reference: - https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-networking - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,vmss,azure-cloud-config + flow: | code(1); for (let InstanceData of iterate(template.vmssList)) { diff --git a/cloud/azure/virtualmachines/azure-vmss-termination-notif-disabled.yaml b/cloud/azure/virtualmachines/azure-vmss-termination-notif-disabled.yaml index 777e1295115..2f81a2704cd 100644 --- a/cloud/azure/virtualmachines/azure-vmss-termination-notif-disabled.yaml +++ b/cloud/azure/virtualmachines/azure-vmss-termination-notif-disabled.yaml @@ -11,9 +11,8 @@ info: Configure the termination notification feature for all your Azure VM scale sets to receive proper alerts and set a reasonable delay for the termination events. reference: - https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-terminate-notification - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,vmss,azure-cloud-config + flow: | code(1); for (let ScaleSetData of iterate(template.scaleSetList)) { diff --git a/cloud/azure/virtualmachines/azure-vmss-zone-redundancy-missing.yaml b/cloud/azure/virtualmachines/azure-vmss-zone-redundancy-missing.yaml index c33cae656e8..3f9073cda2a 100644 --- a/cloud/azure/virtualmachines/azure-vmss-zone-redundancy-missing.yaml +++ b/cloud/azure/virtualmachines/azure-vmss-zone-redundancy-missing.yaml @@ -11,9 +11,8 @@ info: Configure your VMSS to use zone-redundant availability configurations to ensure high availability and fault tolerance across multiple data centers. reference: - https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-design-overview - metadata: - max-request: 2 tags: cloud,devops,azure,microsoft,vmss,azure-cloud-config + flow: | code(1); for (let ScaleSetData of iterate(template.scaleSetList)) { diff --git a/cloud/gcp/api/gcloud-api-key-restrictions-missing.yaml b/cloud/gcp/api/gcloud-api-key-restrictions-missing.yaml index 7141f949696..aaf6c55bc05 100644 --- a/cloud/gcp/api/gcloud-api-key-restrictions-missing.yaml +++ b/cloud/gcp/api/gcloud-api-key-restrictions-missing.yaml @@ -12,9 +12,8 @@ info: Apply API restrictions to each Google Cloud API key to limit their usage to specific APIs. This can be managed through the Google Cloud Console or using the gcloud command-line tool. reference: - https://cloud.google.com/api-keys/docs/restricting-api-keys - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,api-keys,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/api/gcloud-api-key-unrestricted.yaml b/cloud/gcp/api/gcloud-api-key-unrestricted.yaml index db243b419ae..0263233ed2d 100644 --- a/cloud/gcp/api/gcloud-api-key-unrestricted.yaml +++ b/cloud/gcp/api/gcloud-api-key-unrestricted.yaml @@ -12,9 +12,8 @@ info: Apply restrictions to all production API keys to specify the allowed websites, IP addresses, or mobile applications that can use each key, to mitigate potential abuse. reference: - https://cloud.google.com/docs/authentication/api-keys#restricting_api_keys - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,api-keys,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/api/gcloud-api-keys-inactive-services.yaml b/cloud/gcp/api/gcloud-api-keys-inactive-services.yaml index db00ac5bb4a..f98433cbcff 100644 --- a/cloud/gcp/api/gcloud-api-keys-inactive-services.yaml +++ b/cloud/gcp/api/gcloud-api-keys-inactive-services.yaml @@ -12,9 +12,8 @@ info: Review and ensure that API keys are only configured for active services. Delete or disable API keys associated with inactive or unnecessary services to minimize security risks. reference: - https://cloud.google.com/docs/authentication/api-keys - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,api-keys,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/api/gcloud-critical-service-apis-disabled.yaml b/cloud/gcp/api/gcloud-critical-service-apis-disabled.yaml index 083975fef32..c8a535e9980 100644 --- a/cloud/gcp/api/gcloud-critical-service-apis-disabled.yaml +++ b/cloud/gcp/api/gcloud-critical-service-apis-disabled.yaml @@ -12,9 +12,8 @@ info: Enable the necessary service APIs via the GCP Console or the gcloud command-line tool for each project where they are found to be disabled. reference: - https://cloud.google.com/service-usage/docs/enable-disable - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,api-management,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/api/gcloud-security-center-api-disabled.yaml b/cloud/gcp/api/gcloud-security-center-api-disabled.yaml index 4e3a0bf1bb2..a04952a9737 100644 --- a/cloud/gcp/api/gcloud-security-center-api-disabled.yaml +++ b/cloud/gcp/api/gcloud-security-center-api-disabled.yaml @@ -12,9 +12,8 @@ info: Enable the Security Command Center API for each Google Cloud project to maintain proper security monitoring and threat detection capabilities. This can be done through the Google Cloud Console or using the `gcloud services enable securitycenter.googleapis.com` command. reference: - https://cloud.google.com/security-command-center/docs/reference/rest - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,security-center,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/api/gcloud-vm-os-config-disabled.yaml b/cloud/gcp/api/gcloud-vm-os-config-disabled.yaml index 2d74190ed58..3005c95cfc5 100644 --- a/cloud/gcp/api/gcloud-vm-os-config-disabled.yaml +++ b/cloud/gcp/api/gcloud-vm-os-config-disabled.yaml @@ -12,9 +12,8 @@ info: Enable the Google Cloud Asset Inventory by activating the Cloud Asset API in each GCP project through the Google Cloud Console or using the `gcloud services enable cloudasset.googleapis.com --project ` command. reference: - https://cloud.google.com/asset-inventory/docs - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,cloud-asset,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/artifactregistry/gcloud-artifact-registry-public.yaml b/cloud/gcp/artifactregistry/gcloud-artifact-registry-public.yaml index 724db9c4bb0..0ca7bf52931 100644 --- a/cloud/gcp/artifactregistry/gcloud-artifact-registry-public.yaml +++ b/cloud/gcp/artifactregistry/gcloud-artifact-registry-public.yaml @@ -12,9 +12,8 @@ info: Update the IAM policies for each Artifact Registry repository to remove "allUsers" and "allAuthenticatedUsers". This action will ensure that repositories are not exposed to any user on the internet or authenticated users not explicitly granted permission. reference: - https://cloud.google.com/artifact-registry/docs/managing/access-control - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,artifact-registry,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/artifactregistry/gcloud-vuln-scan-missing.yaml b/cloud/gcp/artifactregistry/gcloud-vuln-scan-missing.yaml index 13194410f9e..9516551e5d8 100644 --- a/cloud/gcp/artifactregistry/gcloud-vuln-scan-missing.yaml +++ b/cloud/gcp/artifactregistry/gcloud-vuln-scan-missing.yaml @@ -12,9 +12,8 @@ info: Enable the Container Scanning API for each Artifact Registry by visiting the API & services page in the Google Cloud Console and enabling `containerscanning.googleapis.com`. reference: - https://cloud.google.com/artifact-registry/docs/vulnerability-scanning - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,artifact-registry,container-scanning,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/bigquery/gcloud-bigquery-cmek-not-enabled.yaml b/cloud/gcp/bigquery/gcloud-bigquery-cmek-not-enabled.yaml index f17c8eae924..fc0d1171740 100644 --- a/cloud/gcp/bigquery/gcloud-bigquery-cmek-not-enabled.yaml +++ b/cloud/gcp/bigquery/gcloud-bigquery-cmek-not-enabled.yaml @@ -12,9 +12,8 @@ info: Update the encryption configuration of your BigQuery datasets to use Customer-Managed Encryption Keys. This can be done by setting the 'defaultEncryptionConfiguration' property of each dataset to use a 'kmsKeyName' that you manage. reference: - https://cloud.google.com/bigquery/docs/customer-managed-encryption - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,bigquery,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/bigquery/gcloud-bigquery-cmk-not-enabled.yaml b/cloud/gcp/bigquery/gcloud-bigquery-cmk-not-enabled.yaml index ce5f8a16259..68b43a3921c 100644 --- a/cloud/gcp/bigquery/gcloud-bigquery-cmk-not-enabled.yaml +++ b/cloud/gcp/bigquery/gcloud-bigquery-cmk-not-enabled.yaml @@ -12,9 +12,8 @@ info: Configure BigQuery dataset tables to use Customer-Managed Keys (CMKs) for encryption. This can be done in the dataset settings where you specify the encryption key managed in Google Cloud KMS. reference: - https://cloud.google.com/bigquery/docs/encryption-customer-managed-keys - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,bigquery,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/bigquery/gcloud-bigquery-public-datasets.yaml b/cloud/gcp/bigquery/gcloud-bigquery-public-datasets.yaml index 0f00400b861..d3445700359 100644 --- a/cloud/gcp/bigquery/gcloud-bigquery-public-datasets.yaml +++ b/cloud/gcp/bigquery/gcloud-bigquery-public-datasets.yaml @@ -12,9 +12,8 @@ info: Update the IAM policies for each BigQuery dataset to remove "allUsers" and "allAuthenticatedUsers". This action will ensure that datasets are not exposed to any user on the internet or authenticated users not explicitly granted permission. reference: - https://cloud.google.com/bigquery/docs/managing-dataset-access - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,bigquery,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/cdn/gcloud-backend-bucket-missing-storage.yaml b/cloud/gcp/cdn/gcloud-backend-bucket-missing-storage.yaml index 10faf0b58d4..dd18beee733 100644 --- a/cloud/gcp/cdn/gcloud-backend-bucket-missing-storage.yaml +++ b/cloud/gcp/cdn/gcloud-backend-bucket-missing-storage.yaml @@ -12,9 +12,8 @@ info: Verify that each backend bucket is referencing an existing storage bucket. Update the Cloud CDN backend bucket configuration to point to valid and existing storage buckets. reference: - https://cloud.google.com/cdn/docs/backends - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,cdn,cloud-cdn,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/cdn/gcloud-cdn-backend-bucket.yaml b/cloud/gcp/cdn/gcloud-cdn-backend-bucket.yaml index 71585a0975f..47cc58eef8c 100644 --- a/cloud/gcp/cdn/gcloud-cdn-backend-bucket.yaml +++ b/cloud/gcp/cdn/gcloud-cdn-backend-bucket.yaml @@ -12,9 +12,8 @@ info: Reconfigure the Cloud CDN origin to point to a backend bucket instead of a backend service by modifying the associated Google Cloud load balancer's URL map. reference: - https://cloud.google.com/cdn/docs/using-cdn - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,cloud-cdn,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/cdn/gcloud-cdn-origin-auth-unconfigured.yaml b/cloud/gcp/cdn/gcloud-cdn-origin-auth-unconfigured.yaml index fb70cde7b5a..bc1527491ce 100644 --- a/cloud/gcp/cdn/gcloud-cdn-origin-auth-unconfigured.yaml +++ b/cloud/gcp/cdn/gcloud-cdn-origin-auth-unconfigured.yaml @@ -12,9 +12,8 @@ info: Configure your Cloud CDN origins to use signed cookies and URLs by adding signed request keys to your backend services. This will enforce authentication on CDN-cached content, preventing unauthorized access. reference: - https://cloud.google.com/cdn/docs/using-signed-urls - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,cloud-cdn,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/cdn/gcloud-cdn-ssl-enforcement.yaml b/cloud/gcp/cdn/gcloud-cdn-ssl-enforcement.yaml index 57707722b4e..62325a0a77b 100644 --- a/cloud/gcp/cdn/gcloud-cdn-ssl-enforcement.yaml +++ b/cloud/gcp/cdn/gcloud-cdn-ssl-enforcement.yaml @@ -12,9 +12,8 @@ info: Configure SSL/TLS certificates for Cloud CDN backend bucket origins and ensure all traffic is served over HTTPS by adjusting the forwarding rules and url-maps. reference: - https://cloud.google.com/cdn/docs/using-https - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,cloud-cdn,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/cdn/gcloud-cdn-tls-unenforced.yaml b/cloud/gcp/cdn/gcloud-cdn-tls-unenforced.yaml index d84ac533ed5..3e4dcf61f03 100644 --- a/cloud/gcp/cdn/gcloud-cdn-tls-unenforced.yaml +++ b/cloud/gcp/cdn/gcloud-cdn-tls-unenforced.yaml @@ -12,9 +12,8 @@ info: Configure SSL/TLS certificates for your Cloud CDN backend service origins to enforce HTTPS and ensure that all communications are securely encrypted. reference: - https://cloud.google.com/cdn/docs/using-https - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,cloud-cdn,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/certificatemanager/gcloud-certificate-validity-exceeded.yaml b/cloud/gcp/certificatemanager/gcloud-certificate-validity-exceeded.yaml index d5067d13ebf..5b2dcb58352 100644 --- a/cloud/gcp/certificatemanager/gcloud-certificate-validity-exceeded.yaml +++ b/cloud/gcp/certificatemanager/gcloud-certificate-validity-exceeded.yaml @@ -12,9 +12,8 @@ info: Review and adjust the renewal configurations for SSL certificates to ensure their validity periods do not exceed 398 days. reference: - https://cloud.google.com/certificate-manager/docs - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,certificate-manager,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/compute/gcloud-disk-image-public-access.yaml b/cloud/gcp/compute/gcloud-disk-image-public-access.yaml index 08a288776cb..14d84c94318 100644 --- a/cloud/gcp/compute/gcloud-disk-image-public-access.yaml +++ b/cloud/gcp/compute/gcloud-disk-image-public-access.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ComputeEngine/publicly-shared-disk-images.html - https://cloud.google.com/compute/docs/images/managing-access-custom-images - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,compute,security,storage,disk-images,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/compute/gcloud-instance-group-autohealing-disabled.yaml b/cloud/gcp/compute/gcloud-instance-group-autohealing-disabled.yaml index a2618018c8f..1530b395425 100644 --- a/cloud/gcp/compute/gcloud-instance-group-autohealing-disabled.yaml +++ b/cloud/gcp/compute/gcloud-instance-group-autohealing-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ComputeEngine/enable-instance-group-autohealing.html - https://cloud.google.com/compute/docs/instance-groups/autohealing-instances - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,compute,reliability,instance-groups,autohealing,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/compute/gcloud-mig-no-load-balancer.yaml b/cloud/gcp/compute/gcloud-mig-no-load-balancer.yaml index d68fd87cbc2..1f8bb6b1da7 100644 --- a/cloud/gcp/compute/gcloud-mig-no-load-balancer.yaml +++ b/cloud/gcp/compute/gcloud-mig-no-load-balancer.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ComputeEngine/mig-load-balancer-check.html - https://cloud.google.com/compute/docs/instance-groups/adding-an-instance-group-to-a-load-balancer - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,compute,reliability,mig,load-balancer,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/compute/gcloud-mig-single-zone.yaml b/cloud/gcp/compute/gcloud-mig-single-zone.yaml index 037cf8a9dee..b1ec8fd37ad 100644 --- a/cloud/gcp/compute/gcloud-mig-single-zone.yaml +++ b/cloud/gcp/compute/gcloud-mig-single-zone.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ComputeEngine/mig-multiple-zones.html - https://cloud.google.com/compute/docs/instance-groups/distributing-instances-with-regional-instance-groups - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,compute,reliability,mig,zones,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/compute/gcloud-oslogin-disabled.yaml b/cloud/gcp/compute/gcloud-oslogin-disabled.yaml index 17445df1fa5..caa2c0de101 100644 --- a/cloud/gcp/compute/gcloud-oslogin-disabled.yaml +++ b/cloud/gcp/compute/gcloud-oslogin-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ComputeEngine/enable-os-login.html - https://cloud.google.com/compute/docs/oslogin - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,compute,security,ssh,oslogin,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/compute/gcloud-persistent-disks-suspended-vms.yaml b/cloud/gcp/compute/gcloud-persistent-disks-suspended-vms.yaml index c80cb151d45..34a23a8ccd0 100644 --- a/cloud/gcp/compute/gcloud-persistent-disks-suspended-vms.yaml +++ b/cloud/gcp/compute/gcloud-persistent-disks-suspended-vms.yaml @@ -12,9 +12,8 @@ info: Identify and detach persistent disks from suspended VMs, or delete the disks if they are no longer needed to optimize cloud resource costs. reference: - https://cloud.google.com/compute/docs/disks - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,compute,storage,cost-optimization,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/compute/gcloud-vm-automatic-restart-disabled.yaml b/cloud/gcp/compute/gcloud-vm-automatic-restart-disabled.yaml index 0d7a9a6dd3d..a7c23d55c66 100644 --- a/cloud/gcp/compute/gcloud-vm-automatic-restart-disabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-automatic-restart-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ComputeEngine/enable-automatic-restart.html - https://cloud.google.com/compute/docs/instances/setting-instance-scheduling-options - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,compute,reliability,automatic-restart,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/compute/gcloud-vm-confidential-computing-disabled.yaml b/cloud/gcp/compute/gcloud-vm-confidential-computing-disabled.yaml index a2cfa29170c..fc721084777 100644 --- a/cloud/gcp/compute/gcloud-vm-confidential-computing-disabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-confidential-computing-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ComputeEngine/confidential-computing.html - https://cloud.google.com/compute/confidential-vm/docs/about-cvm - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,compute,security,confidential-computing,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/compute/gcloud-vm-default-service-account-full-access.yaml b/cloud/gcp/compute/gcloud-vm-default-service-account-full-access.yaml index dc2625abcfc..38c4751ee70 100644 --- a/cloud/gcp/compute/gcloud-vm-default-service-account-full-access.yaml +++ b/cloud/gcp/compute/gcloud-vm-default-service-account-full-access.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ComputeEngine/default-service-accounts-with-full-access-in-use.html - https://cloud.google.com/compute/docs/access/service-accounts - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,compute,security,iam,service-account,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/compute/gcloud-vm-default-service-account.yaml b/cloud/gcp/compute/gcloud-vm-default-service-account.yaml index 90ac0668747..da417b92366 100644 --- a/cloud/gcp/compute/gcloud-vm-default-service-account.yaml +++ b/cloud/gcp/compute/gcloud-vm-default-service-account.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ComputeEngine/default-service-accounts-in-use.html - https://cloud.google.com/compute/docs/access/service-accounts - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,compute,security,iam,service-account,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/compute/gcloud-vm-deletion-protection-disabled.yaml b/cloud/gcp/compute/gcloud-vm-deletion-protection-disabled.yaml index 82dcd734882..35be3501b09 100644 --- a/cloud/gcp/compute/gcloud-vm-deletion-protection-disabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-deletion-protection-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ComputeEngine/enable-deletion-protection.html - https://cloud.google.com/compute/docs/instances/preventing-accidental-vm-deletion - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,compute,security,deletion-protection,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/compute/gcloud-vm-disk-autodelete-enabled.yaml b/cloud/gcp/compute/gcloud-vm-disk-autodelete-enabled.yaml index fb74aa13862..0ad6b1919f8 100644 --- a/cloud/gcp/compute/gcloud-vm-disk-autodelete-enabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-disk-autodelete-enabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ComputeEngine/disable-auto-delete.html - https://cloud.google.com/compute/docs/disks/add-persistent-disk - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,compute,security,storage,disk,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/compute/gcloud-vm-disk-cmk-not-enabled.yaml b/cloud/gcp/compute/gcloud-vm-disk-cmk-not-enabled.yaml index 877535553a0..a467be9c4fc 100644 --- a/cloud/gcp/compute/gcloud-vm-disk-cmk-not-enabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-disk-cmk-not-enabled.yaml @@ -12,9 +12,8 @@ info: Configure your Compute Engine persistent disks to use Customer-Managed Keys (CMKs) for encryption by specifying a Cloud KMS key during disk creation or by updating existing disks. reference: - https://cloud.google.com/compute/docs/disks/customer-managed-encryption - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,compute,encryption,cmk,security,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/compute/gcloud-vm-disk-csek-disabled.yaml b/cloud/gcp/compute/gcloud-vm-disk-csek-disabled.yaml index bb3608dcb3e..93fb7f00987 100644 --- a/cloud/gcp/compute/gcloud-vm-disk-csek-disabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-disk-csek-disabled.yaml @@ -12,9 +12,8 @@ info: Enable Customer-Supplied Encryption Keys (CSEKs) for your VM disks by providing a valid encryption key during disk creation or instance launch. The key must be a 256-bit string encoded in RFC 4648 base64 format. reference: - https://cloud.google.com/compute/docs/disks/customer-supplied-encryption - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,compute,encryption,csek,security,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/compute/gcloud-vm-disk-csek-not-enabled.yaml b/cloud/gcp/compute/gcloud-vm-disk-csek-not-enabled.yaml index 04f471cbf16..ef8a08a4f9b 100644 --- a/cloud/gcp/compute/gcloud-vm-disk-csek-not-enabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-disk-csek-not-enabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ComputeEngine/enable-encryption-with-csek.html - https://cloud.google.com/compute/docs/disks/customer-supplied-encryption - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,compute,encryption,csek,security,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/compute/gcloud-vm-ip-forwarding-enabled.yaml b/cloud/gcp/compute/gcloud-vm-ip-forwarding-enabled.yaml index 78eee93e3bd..7637aa6ed4d 100644 --- a/cloud/gcp/compute/gcloud-vm-ip-forwarding-enabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-ip-forwarding-enabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ComputeEngine/disable-ip-forwarding.html - https://cloud.google.com/vpc/docs/using-routes - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,compute,security,networking,ip-forwarding,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/compute/gcloud-vm-maintenance-terminate.yaml b/cloud/gcp/compute/gcloud-vm-maintenance-terminate.yaml index 06ccf6d31d1..8ac41050d31 100644 --- a/cloud/gcp/compute/gcloud-vm-maintenance-terminate.yaml +++ b/cloud/gcp/compute/gcloud-vm-maintenance-terminate.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ComputeEngine/configure-maintenance-behavior.html - https://cloud.google.com/compute/docs/instances/setting-instance-scheduling-options - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,compute,reliability,maintenance,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/compute/gcloud-vm-oslogin-2fa-disabled.yaml b/cloud/gcp/compute/gcloud-vm-oslogin-2fa-disabled.yaml index 272759e9b44..af59d0e617e 100644 --- a/cloud/gcp/compute/gcloud-vm-oslogin-2fa-disabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-oslogin-2fa-disabled.yaml @@ -12,9 +12,8 @@ info: Enable OS Login with 2FA authentication for all VM instances by setting the "enable-oslogin-2fa" metadata key to "TRUE". reference: - https://cloud.google.com/compute/docs/oslogin/set-up-oslogin - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,compute,security,2fa,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/compute/gcloud-vm-preemptible-enabled.yaml b/cloud/gcp/compute/gcloud-vm-preemptible-enabled.yaml index 497f1e7ad41..08ecc325202 100644 --- a/cloud/gcp/compute/gcloud-vm-preemptible-enabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-preemptible-enabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ComputeEngine/disable-preemptibility.html - https://cloud.google.com/compute/docs/instances/preemptible - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,compute,reliability,preemptible,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/compute/gcloud-vm-project-ssh-keys-enabled.yaml b/cloud/gcp/compute/gcloud-vm-project-ssh-keys-enabled.yaml index 6d8f27fb25a..f32d6912347 100644 --- a/cloud/gcp/compute/gcloud-vm-project-ssh-keys-enabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-project-ssh-keys-enabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ComputeEngine/enable-block-project-wide-ssh-keys.html - https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,compute,security,ssh,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/compute/gcloud-vm-public-ip-enabled.yaml b/cloud/gcp/compute/gcloud-vm-public-ip-enabled.yaml index ae1bbeb456d..7fbf877b28a 100644 --- a/cloud/gcp/compute/gcloud-vm-public-ip-enabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-public-ip-enabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ComputeEngine/instances-with-public-ip-addresses.html - https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,compute,security,networking,public-ip,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/compute/gcloud-vm-serial-console-enabled.yaml b/cloud/gcp/compute/gcloud-vm-serial-console-enabled.yaml index 8e74c43d73c..74720423828 100644 --- a/cloud/gcp/compute/gcloud-vm-serial-console-enabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-serial-console-enabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ComputeEngine/disable-interactive-serial-console-support.html - https://cloud.google.com/compute/docs/instances/interacting-with-serial-console - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,compute,security,serial-console,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/compute/gcloud-vm-shielded-disabled.yaml b/cloud/gcp/compute/gcloud-vm-shielded-disabled.yaml index c72c196942b..90ad795a739 100644 --- a/cloud/gcp/compute/gcloud-vm-shielded-disabled.yaml +++ b/cloud/gcp/compute/gcloud-vm-shielded-disabled.yaml @@ -16,9 +16,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ComputeEngine/enable-shielded-vm.html - https://cloud.google.com/compute/docs/instances/modifying-shielded-vm - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,compute,security,shielded-vm,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/dataproc/gcloud-dataproc-no-cmk.yaml b/cloud/gcp/dataproc/gcloud-dataproc-no-cmk.yaml index c298101f3fa..34174b90718 100644 --- a/cloud/gcp/dataproc/gcloud-dataproc-no-cmk.yaml +++ b/cloud/gcp/dataproc/gcloud-dataproc-no-cmk.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/Dataproc/enable-encryption-with-cmks-for-dataproc-clusters.html - https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/customer-managed-encryption - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,dataproc,security,encryption,cmk,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/dataproc/gcloud-dataproc-public-access.yaml b/cloud/gcp/dataproc/gcloud-dataproc-public-access.yaml index 6b7713dc955..3c901062204 100644 --- a/cloud/gcp/dataproc/gcloud-dataproc-public-access.yaml +++ b/cloud/gcp/dataproc/gcloud-dataproc-public-access.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/Dataproc/publicly-accessible-dataproc-clusters.html - https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/network - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,dataproc,security,networking,public-access,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/dns/gcloud-dns-dangling-records.yaml b/cloud/gcp/dns/gcloud-dns-dangling-records.yaml index 2479cc6ce11..508c195fcbe 100644 --- a/cloud/gcp/dns/gcloud-dns-dangling-records.yaml +++ b/cloud/gcp/dns/gcloud-dns-dangling-records.yaml @@ -12,9 +12,8 @@ info: Regularly audit your DNS records and associated IP addresses. Remove any DNS records that point to IP addresses no longer reserved under your Google Cloud account. reference: - https://cloud.google.com/dns/docs - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,dns,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/dns/gcloud-dns-dnssec-unenabled.yaml b/cloud/gcp/dns/gcloud-dns-dnssec-unenabled.yaml index 17fbddacc27..4dc8d54de89 100644 --- a/cloud/gcp/dns/gcloud-dns-dnssec-unenabled.yaml +++ b/cloud/gcp/dns/gcloud-dns-dnssec-unenabled.yaml @@ -12,9 +12,8 @@ info: Enable DNSSEC for each Google Cloud DNS managed zone through the Google Cloud Console or using the `gcloud dns managed-zones update` command with the `--dnssec-state=on` flag. reference: - https://cloud.google.com/dns/docs/dnssec - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,dns,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/dns/gcloud-dnssec-keysigning-rsasha1.yaml b/cloud/gcp/dns/gcloud-dnssec-keysigning-rsasha1.yaml index cd8dbb40a02..570db50fcef 100644 --- a/cloud/gcp/dns/gcloud-dnssec-keysigning-rsasha1.yaml +++ b/cloud/gcp/dns/gcloud-dnssec-keysigning-rsasha1.yaml @@ -12,9 +12,8 @@ info: Update the DNSSEC configuration for each DNS managed zone to use more secure algorithms like RSASHA256 or ECDSAP256SHA256 for the Key-Signing Key (KSK). reference: - https://cloud.google.com/dns/docs/dnssec-config - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,dns,dnssec,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/dns/gcloud-dnssec-zonesigning-rsasha1.yaml b/cloud/gcp/dns/gcloud-dnssec-zonesigning-rsasha1.yaml index 754f5e99c95..9a641870833 100644 --- a/cloud/gcp/dns/gcloud-dnssec-zonesigning-rsasha1.yaml +++ b/cloud/gcp/dns/gcloud-dnssec-zonesigning-rsasha1.yaml @@ -12,9 +12,8 @@ info: Update the DNSSEC configuration to use a stronger, more secure signing algorithm like RSASHA256 or ECDSAP256SHA256 for your DNS managed zones. reference: - https://cloud.google.com/dns/docs/dnssec-configuring - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,dns,dnssec,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/filestore/gcloud-filestore-deletion-protection-disabled.yaml b/cloud/gcp/filestore/gcloud-filestore-deletion-protection-disabled.yaml index 08fa207765b..ab8e6f32433 100644 --- a/cloud/gcp/filestore/gcloud-filestore-deletion-protection-disabled.yaml +++ b/cloud/gcp/filestore/gcloud-filestore-deletion-protection-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/Filestore/enable-deletion-protection.html - https://cloud.google.com/filestore/docs/prevent-deletion - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,filestore,security,deletion-protection,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/filestore/gcloud-filestore-no-backups.yaml b/cloud/gcp/filestore/gcloud-filestore-no-backups.yaml index a71223debb6..a4f21447722 100644 --- a/cloud/gcp/filestore/gcloud-filestore-no-backups.yaml +++ b/cloud/gcp/filestore/gcloud-filestore-no-backups.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/Filestore/backup-and-restore.html - https://cloud.google.com/filestore/docs/backup-restore - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,filestore,security,backup,disaster-recovery,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/filestore/gcloud-filestore-no-cmek.yaml b/cloud/gcp/filestore/gcloud-filestore-no-cmek.yaml index cb3b4f9088b..78b22316835 100644 --- a/cloud/gcp/filestore/gcloud-filestore-no-cmek.yaml +++ b/cloud/gcp/filestore/gcloud-filestore-no-cmek.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/Filestore/instances-encrypted-with-cmeks.html - https://cloud.google.com/filestore/docs/encryption - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,filestore,security,encryption,cmek,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/filestore/gcloud-filestore-no-vpc-controls.yaml b/cloud/gcp/filestore/gcloud-filestore-no-vpc-controls.yaml index e6f85b0f42f..ed7be347fff 100644 --- a/cloud/gcp/filestore/gcloud-filestore-no-vpc-controls.yaml +++ b/cloud/gcp/filestore/gcloud-filestore-no-vpc-controls.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/Filestore/use-vpc-service-controls.html - https://cloud.google.com/vpc-service-controls/docs/supported-products - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,filestore,security,networking,vpc,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/filestore/gcloud-filestore-unrestricted-access.yaml b/cloud/gcp/filestore/gcloud-filestore-unrestricted-access.yaml index 7d34443d9e3..8402035782d 100644 --- a/cloud/gcp/filestore/gcloud-filestore-unrestricted-access.yaml +++ b/cloud/gcp/filestore/gcloud-filestore-unrestricted-access.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/Filestore/restrict-client-access.html - https://cloud.google.com/filestore/docs/access-control - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,filestore,security,networking,access-control,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/function/gcloud-func-auto-runtime-updates-disabled.yaml b/cloud/gcp/function/gcloud-func-auto-runtime-updates-disabled.yaml index c8a939a7f82..1d7b1574e65 100644 --- a/cloud/gcp/function/gcloud-func-auto-runtime-updates-disabled.yaml +++ b/cloud/gcp/function/gcloud-func-auto-runtime-updates-disabled.yaml @@ -12,9 +12,8 @@ info: Enable automatic runtime security updates for each Google Cloud function by setting the `serviceConfig.minInstanceCount` to a non-null value, ensuring functions are automatically updated with the latest security patches. reference: - https://cloud.google.com/functions/docs/securing/managing-security - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-functions,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/function/gcloud-func-cmek-not-used.yaml b/cloud/gcp/function/gcloud-func-cmek-not-used.yaml index d3151fa0f8b..e375cb46480 100644 --- a/cloud/gcp/function/gcloud-func-cmek-not-used.yaml +++ b/cloud/gcp/function/gcloud-func-cmek-not-used.yaml @@ -12,9 +12,8 @@ info: Configure your Google Cloud functions to use Customer-Managed Encryption Keys (CMEK) to ensure data encryption at rest is managed according to your compliance and security requirements. reference: - https://cloud.google.com/functions/docs/securing/managing-encryption-keys - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-functions,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/function/gcloud-func-inactive-svc-acc.yaml b/cloud/gcp/function/gcloud-func-inactive-svc-acc.yaml index bcc423a96ba..0dd5836fb14 100644 --- a/cloud/gcp/function/gcloud-func-inactive-svc-acc.yaml +++ b/cloud/gcp/function/gcloud-func-inactive-svc-acc.yaml @@ -12,9 +12,8 @@ info: Verify and update the service accounts associated with your Google Cloud functions to ensure they are active and have the necessary permissions for function execution. reference: - https://cloud.google.com/functions/docs/securing/managing-access-iam - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,google-cloud-functions,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/function/gcloud-func-min-instances-unset.yaml b/cloud/gcp/function/gcloud-func-min-instances-unset.yaml index f9db4303015..303c0c2187a 100644 --- a/cloud/gcp/function/gcloud-func-min-instances-unset.yaml +++ b/cloud/gcp/function/gcloud-func-min-instances-unset.yaml @@ -12,9 +12,8 @@ info: Configure the serviceConfig.minInstanceCount parameter for your Google Cloud Functions to an appropriate value that suits your workload demands. reference: - https://cloud.google.com/functions/docs/scaling#setting_a_minimum_number_of_instances - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-functions,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/function/gcloud-func-missing-labels.yaml b/cloud/gcp/function/gcloud-func-missing-labels.yaml index 1cae19637f1..83bc123a1ce 100644 --- a/cloud/gcp/function/gcloud-func-missing-labels.yaml +++ b/cloud/gcp/function/gcloud-func-missing-labels.yaml @@ -12,9 +12,8 @@ info: Define and apply user-defined labels to all Google Cloud functions to enhance resource management capabilities and improve operational efficiency. reference: - https://cloud.google.com/resource-manager/docs/creating-managing-labels - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-functions,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/function/gcloud-func-no-vpc-access.yaml b/cloud/gcp/function/gcloud-func-no-vpc-access.yaml index 4811c3d7fbc..45015852210 100644 --- a/cloud/gcp/function/gcloud-func-no-vpc-access.yaml +++ b/cloud/gcp/function/gcloud-func-no-vpc-access.yaml @@ -12,9 +12,8 @@ info: Configure Serverless VPC Access for your Google Cloud functions by setting the vpcConnector parameter to the name of an already configured VPC connector in your project settings. reference: - https://cloud.google.com/functions/docs/connecting-vpc - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-functions,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/function/gcloud-func-public-access.yaml b/cloud/gcp/function/gcloud-func-public-access.yaml index 09a6148ce58..b7bb85f0c40 100644 --- a/cloud/gcp/function/gcloud-func-public-access.yaml +++ b/cloud/gcp/function/gcloud-func-public-access.yaml @@ -12,9 +12,8 @@ info: Update the IAM policies of your Google Cloud functions to remove allUsers and allAuthenticatedUsers from the bindings to ensure that the functions are not publicly accessible. reference: - https://cloud.google.com/functions/docs/securing/managing-access-iam - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-functions,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/function/gcloud-func-pubsub-dlt-missing.yaml b/cloud/gcp/function/gcloud-func-pubsub-dlt-missing.yaml index cfe4a16b0b4..5b29b105c76 100644 --- a/cloud/gcp/function/gcloud-func-pubsub-dlt-missing.yaml +++ b/cloud/gcp/function/gcloud-func-pubsub-dlt-missing.yaml @@ -12,9 +12,8 @@ info: Configure a Dead-Letter Topic for each Pub/Sub-triggered function by setting up the necessary Pub/Sub subscription settings. reference: - https://cloud.google.com/functions/docs/calling/pubsub#retry - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-functions,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/function/gcloud-func-secrets-unmanaged.yaml b/cloud/gcp/function/gcloud-func-secrets-unmanaged.yaml index b6ab0b66409..4e11b2a5761 100644 --- a/cloud/gcp/function/gcloud-func-secrets-unmanaged.yaml +++ b/cloud/gcp/function/gcloud-func-secrets-unmanaged.yaml @@ -12,9 +12,8 @@ info: Refactor your Google Cloud Functions to use Secrets Manager for managing sensitive configuration settings instead of storing them directly in environment variables. reference: - https://cloud.google.com/functions/docs/securing/managing-secrets - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-functions,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/function/gcloud-func-unrestricted-outbound.yaml b/cloud/gcp/function/gcloud-func-unrestricted-outbound.yaml index 7a1ffb6ffbb..1c9576e29c6 100644 --- a/cloud/gcp/function/gcloud-func-unrestricted-outbound.yaml +++ b/cloud/gcp/function/gcloud-func-unrestricted-outbound.yaml @@ -12,9 +12,8 @@ info: Configure the VpcConnectorEgressSettings of your Google Cloud functions to PRIVATE_RANGES_ONLY to ensure all outgoing traffic is limited to internal IP ranges only. reference: - https://cloud.google.com/functions/docs/networking/network-settings - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-functions,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/function/gcp-cloud-func-gen1-deprecated.yaml b/cloud/gcp/function/gcp-cloud-func-gen1-deprecated.yaml index 0d606bb3b8a..8a4f86f9c64 100644 --- a/cloud/gcp/function/gcp-cloud-func-gen1-deprecated.yaml +++ b/cloud/gcp/function/gcp-cloud-func-gen1-deprecated.yaml @@ -12,9 +12,8 @@ info: Migrate all 1st generation Google Cloud functions to newer generation runtimes as recommended by Google to ensure continued support and access to the latest features and security enhancements. reference: - https://cloud.google.com/functions/docs/migrating - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-functions,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/function/gcp-func-default-svc-acc.yaml b/cloud/gcp/function/gcp-func-default-svc-acc.yaml index f72ed5557d3..c6de28ac4bb 100644 --- a/cloud/gcp/function/gcp-func-default-svc-acc.yaml +++ b/cloud/gcp/function/gcp-func-default-svc-acc.yaml @@ -12,9 +12,8 @@ info: Configure your Google Cloud functions to use user-managed service accounts that have only the permissions necessary for the function to operate. reference: - https://cloud.google.com/functions/docs/securing/managing-access-iam - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-functions,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-auto-repair-disabled.yaml b/cloud/gcp/gke/gcloud-gke-auto-repair-disabled.yaml index 9262b3d5f30..851ec7fb643 100644 --- a/cloud/gcp/gke/gcloud-gke-auto-repair-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-auto-repair-disabled.yaml @@ -14,9 +14,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-repair - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/enable-auto-repair.html - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,gke,kubernetes,reliability,maintenance,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-auto-upgrade-disabled.yaml b/cloud/gcp/gke/gcloud-gke-auto-upgrade-disabled.yaml index 9d03a37cf60..5d31e0978da 100644 --- a/cloud/gcp/gke/gcloud-gke-auto-upgrade-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-auto-upgrade-disabled.yaml @@ -14,9 +14,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-upgrades - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/enable-auto-upgrade.html - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,gke,kubernetes,security,updates,maintenance,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-backups-disabled.yaml b/cloud/gcp/gke/gcloud-gke-backups-disabled.yaml index c658b8de1a7..95270cb958e 100644 --- a/cloud/gcp/gke/gcloud-gke-backups-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-backups-disabled.yaml @@ -14,9 +14,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/how-to/backup-restore - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/enable-cluster-backups.html - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,gke,kubernetes,security,backup,disaster-recovery,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-binary-authorization-disabled.yaml b/cloud/gcp/gke/gcloud-gke-binary-authorization-disabled.yaml index 75e0fabed21..0928ae07ea4 100644 --- a/cloud/gcp/gke/gcloud-gke-binary-authorization-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-binary-authorization-disabled.yaml @@ -14,9 +14,8 @@ info: reference: - https://cloud.google.com/binary-authorization/docs/overview - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/enable-binary-authorization.html - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,gke,kubernetes,security,container,authorization,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-client-certificate-enabled.yaml b/cloud/gcp/gke/gcloud-gke-client-certificate-enabled.yaml index 4f48e29e8fe..1614ac519ad 100644 --- a/cloud/gcp/gke/gcloud-gke-client-certificate-enabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-client-certificate-enabled.yaml @@ -14,9 +14,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/disable-client-certificate.html - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,gke,kubernetes,security,authentication,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-confidential-nodes-disabled.yaml b/cloud/gcp/gke/gcloud-gke-confidential-nodes-disabled.yaml index 5109257bd20..bac863fe288 100644 --- a/cloud/gcp/gke/gcloud-gke-confidential-nodes-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-confidential-nodes-disabled.yaml @@ -14,9 +14,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/how-to/confidential-gke-nodes - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/enable-confidential-gke-nodes.html - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,gke,kubernetes,security,encryption,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-cos-containerd-disabled.yaml b/cloud/gcp/gke/gcloud-gke-cos-containerd-disabled.yaml index 89b7b8736ae..8f3c6d56ae6 100644 --- a/cloud/gcp/gke/gcloud-gke-cos-containerd-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-cos-containerd-disabled.yaml @@ -14,9 +14,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/concepts/node-images - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/use-cos-containerd.html - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,gke,kubernetes,security,containers,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-cost-allocation-disabled.yaml b/cloud/gcp/gke/gcloud-gke-cost-allocation-disabled.yaml index a98c7ecd032..bcb872da052 100644 --- a/cloud/gcp/gke/gcloud-gke-cost-allocation-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-cost-allocation-disabled.yaml @@ -14,9 +14,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-usage-metering - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/enable-cost-allocation.html - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,gke,kubernetes,cost,monitoring,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-default-service-account.yaml b/cloud/gcp/gke/gcloud-gke-default-service-account.yaml index d1026b7ab31..4cf4edef66e 100644 --- a/cloud/gcp/gke/gcloud-gke-default-service-account.yaml +++ b/cloud/gcp/gke/gcloud-gke-default-service-account.yaml @@ -13,9 +13,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/how-to/hardening-your-cluster#use_least_privilege_sa - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/remove-default-service-account.html - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,gke,kubernetes,security,iam,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-integrity-monitoring-disabled.yaml b/cloud/gcp/gke/gcloud-gke-integrity-monitoring-disabled.yaml index 80d0a90f234..5f86a781e6d 100644 --- a/cloud/gcp/gke/gcloud-gke-integrity-monitoring-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-integrity-monitoring-disabled.yaml @@ -14,9 +14,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/enable-integrity-monitoring.html - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,gke,kubernetes,security,monitoring,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-intranode-visibility-disabled.yaml b/cloud/gcp/gke/gcloud-gke-intranode-visibility-disabled.yaml index 67018fc8602..66e87a5933f 100644 --- a/cloud/gcp/gke/gcloud-gke-intranode-visibility-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-intranode-visibility-disabled.yaml @@ -14,9 +14,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/how-to/intranode-visibility - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/enable-intranode-visibility.html - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,gke,kubernetes,security,networking,visibility,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-labels-missing.yaml b/cloud/gcp/gke/gcloud-gke-labels-missing.yaml index 0a5bc30b987..53a4f6f9238 100644 --- a/cloud/gcp/gke/gcloud-gke-labels-missing.yaml +++ b/cloud/gcp/gke/gcloud-gke-labels-missing.yaml @@ -13,9 +13,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/how-to/creating-managing-labels - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/use-labels-for-resource-management.html - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,gke,kubernetes,labels,management,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-logging-disabled.yaml b/cloud/gcp/gke/gcloud-gke-logging-disabled.yaml index 8d4aa324382..a7e96d032dc 100644 --- a/cloud/gcp/gke/gcloud-gke-logging-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-logging-disabled.yaml @@ -14,9 +14,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/how-to/logging - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/enable-and-configure-logging.html - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,gke,kubernetes,logging,security,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-metadata-server-disabled.yaml b/cloud/gcp/gke/gcloud-gke-metadata-server-disabled.yaml index fcd275e8e74..f11f817dab7 100644 --- a/cloud/gcp/gke/gcloud-gke-metadata-server-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-metadata-server-disabled.yaml @@ -14,9 +14,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/how-to/protecting-cluster-metadata - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/enable-metadata-server.html - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,gke,kubernetes,security,metadata,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-monitoring-disabled.yaml b/cloud/gcp/gke/gcloud-gke-monitoring-disabled.yaml index d2155dc2d84..88e464f8e2a 100644 --- a/cloud/gcp/gke/gcloud-gke-monitoring-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-monitoring-disabled.yaml @@ -14,9 +14,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/how-to/monitoring - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/enable-and-configure-cloud-monitoring.html - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,gke,kubernetes,monitoring,observability,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-notifications-disabled.yaml b/cloud/gcp/gke/gcloud-gke-notifications-disabled.yaml index 7be8418b674..c7d2d0a6267 100644 --- a/cloud/gcp/gke/gcloud-gke-notifications-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-notifications-disabled.yaml @@ -14,9 +14,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-notifications - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/enable-notifications.html - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,gke,kubernetes,security,monitoring,notifications,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-private-nodes-disabled.yaml b/cloud/gcp/gke/gcloud-gke-private-nodes-disabled.yaml index 5b731a011ea..12f6ebe7cda 100644 --- a/cloud/gcp/gke/gcloud-gke-private-nodes-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-private-nodes-disabled.yaml @@ -14,9 +14,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/enable-private-nodes.html - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,gke,kubernetes,security,networking,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-public-endpoint-enabled.yaml b/cloud/gcp/gke/gcloud-gke-public-endpoint-enabled.yaml index 91c5d05af30..459f29ed5e3 100644 --- a/cloud/gcp/gke/gcloud-gke-public-endpoint-enabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-public-endpoint-enabled.yaml @@ -11,9 +11,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/clusters-with-private-endpoints.html - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,gke,kubernetes,security,networking,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-release-channel-disabled.yaml b/cloud/gcp/gke/gcloud-gke-release-channel-disabled.yaml index 2c572ea9278..6d9ad921ba3 100644 --- a/cloud/gcp/gke/gcloud-gke-release-channel-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-release-channel-disabled.yaml @@ -14,9 +14,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/concepts/release-channels - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/automate-version-upgrades.html - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,gke,kubernetes,security,updates,maintenance,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-sandbox-disabled.yaml b/cloud/gcp/gke/gcloud-gke-sandbox-disabled.yaml index 4d606d825a8..48651e03ca4 100644 --- a/cloud/gcp/gke/gcloud-gke-sandbox-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-sandbox-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/how-to/sandbox-pods - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/enable-gke-sandbox-with-gvisor.html - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,gke,kubernetes,security,sandbox,gvisor,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-secrets-encryption-disabled.yaml b/cloud/gcp/gke/gcloud-gke-secrets-encryption-disabled.yaml index 9bccaebe52a..02c0c8be565 100644 --- a/cloud/gcp/gke/gcloud-gke-secrets-encryption-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-secrets-encryption-disabled.yaml @@ -14,9 +14,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/how-to/encrypting-secrets - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/enable-application-layer-secrets-encryption.html - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,gke,kubernetes,security,encryption,secrets,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-secure-boot-disabled.yaml b/cloud/gcp/gke/gcloud-gke-secure-boot-disabled.yaml index ea401ec551e..478dd1f8676 100644 --- a/cloud/gcp/gke/gcloud-gke-secure-boot-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-secure-boot-disabled.yaml @@ -14,9 +14,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/enable-secure-boot.html - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,gke,kubernetes,security,boot,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-security-posture-disabled.yaml b/cloud/gcp/gke/gcloud-gke-security-posture-disabled.yaml index c83e16548c4..b34f95cef58 100644 --- a/cloud/gcp/gke/gcloud-gke-security-posture-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-security-posture-disabled.yaml @@ -14,9 +14,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/how-to/security-posture - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/enable-and-configure-security-posture.html - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,gke,kubernetes,security,monitoring,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-shielded-nodes-disabled.yaml b/cloud/gcp/gke/gcloud-gke-shielded-nodes-disabled.yaml index 87b49d94834..811b7fab178 100644 --- a/cloud/gcp/gke/gcloud-gke-shielded-nodes-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-shielded-nodes-disabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/use-shielded-cluster-nodes.html - https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,gke,kubernetes,security,shielded-nodes,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-transparent-encryption-disabled.yaml b/cloud/gcp/gke/gcloud-gke-transparent-encryption-disabled.yaml index bbdb989853b..05085cf2fc3 100644 --- a/cloud/gcp/gke/gcloud-gke-transparent-encryption-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-transparent-encryption-disabled.yaml @@ -14,9 +14,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/how-to/encrypt-in-transit - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/enable-inter-node-transparent-encryption.html - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,gke,kubernetes,security,encryption,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-vpc-native-disabled.yaml b/cloud/gcp/gke/gcloud-gke-vpc-native-disabled.yaml index 686bd64c4c4..4519ce445ec 100644 --- a/cloud/gcp/gke/gcloud-gke-vpc-native-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-vpc-native-disabled.yaml @@ -14,9 +14,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/how-to/alias-ips - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/enable-vpc-native-traffic-routing.html - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,gke,kubernetes,security,networking,vpc,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-vulnerability-scanning-disabled.yaml b/cloud/gcp/gke/gcloud-gke-vulnerability-scanning-disabled.yaml index 95fb3f79653..b1843c526de 100644 --- a/cloud/gcp/gke/gcloud-gke-vulnerability-scanning-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-vulnerability-scanning-disabled.yaml @@ -14,9 +14,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/how-to/security-posture - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/enable-workload-vulnerability-scanning.html - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,gke,kubernetes,security,vulnerability,scanning,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/gke/gcloud-gke-workload-identity-disabled.yaml b/cloud/gcp/gke/gcloud-gke-workload-identity-disabled.yaml index 3ede4e848d6..9a0fa4aea1b 100644 --- a/cloud/gcp/gke/gcloud-gke-workload-identity-disabled.yaml +++ b/cloud/gcp/gke/gcloud-gke-workload-identity-disabled.yaml @@ -14,9 +14,8 @@ info: reference: - https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/GKE/enable-workload-identity.html - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,gke,kubernetes,security,iam,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/iam/gcloud-access-approval-not-enabled.yaml b/cloud/gcp/iam/gcloud-access-approval-not-enabled.yaml index f2011219ef7..4ab19cc95e5 100644 --- a/cloud/gcp/iam/gcloud-access-approval-not-enabled.yaml +++ b/cloud/gcp/iam/gcloud-access-approval-not-enabled.yaml @@ -12,9 +12,8 @@ info: Enable Access Approval in your GCP projects to create a new control and logging layer that reveals who in your organization approved or denied access requests. reference: - https://cloud.google.com/access-approval/docs/quickstart - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,google-cloud-platform,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/iam/gcloud-api-keys-present.yaml b/cloud/gcp/iam/gcloud-api-keys-present.yaml index 8796ccf2a0f..77235bf8a32 100644 --- a/cloud/gcp/iam/gcloud-api-keys-present.yaml +++ b/cloud/gcp/iam/gcloud-api-keys-present.yaml @@ -12,9 +12,8 @@ info: Remove all API keys and replace them with standard authentication methods to secure your applications. reference: - https://cloud.google.com/docs/authentication/api-keys - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-api,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/iam/gcloud-iam-admin-roles.yaml b/cloud/gcp/iam/gcloud-iam-admin-roles.yaml index 73f6f1bf33a..51cc6356c0c 100644 --- a/cloud/gcp/iam/gcloud-iam-admin-roles.yaml +++ b/cloud/gcp/iam/gcloud-iam-admin-roles.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/IAM/roles-with-admin-permissions.html - https://cloud.google.com/iam/docs/understanding-roles - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,iam,security,admin,permissions,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/iam/gcloud-iam-primitive-roles.yaml b/cloud/gcp/iam/gcloud-iam-primitive-roles.yaml index 090ee516e7c..b6fbd4d7bfc 100644 --- a/cloud/gcp/iam/gcloud-iam-primitive-roles.yaml +++ b/cloud/gcp/iam/gcloud-iam-primitive-roles.yaml @@ -12,9 +12,8 @@ info: Replace primitive roles with predefined or custom roles tailored to the specific needs of the users and the minimum permissions they require to perform their tasks. reference: - https://cloud.google.com/iam/docs/understanding-roles - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-iam,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/iam/gcloud-iam-separation-duties.yaml b/cloud/gcp/iam/gcloud-iam-separation-duties.yaml index 8bf42190d39..448ca256380 100644 --- a/cloud/gcp/iam/gcloud-iam-separation-duties.yaml +++ b/cloud/gcp/iam/gcloud-iam-separation-duties.yaml @@ -12,9 +12,8 @@ info: Review and modify the roles assigned to GCP service accounts ensuring that no service account has both the Service Account Admin and Service Account User roles assigned at the same time. reference: - https://cloud.google.com/iam/docs/understanding-roles - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-iam,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/iam/gcloud-iam-service-roles-project-level.yaml b/cloud/gcp/iam/gcloud-iam-service-roles-project-level.yaml index 20bbc61617c..928e227efbf 100644 --- a/cloud/gcp/iam/gcloud-iam-service-roles-project-level.yaml +++ b/cloud/gcp/iam/gcloud-iam-service-roles-project-level.yaml @@ -12,9 +12,8 @@ info: Ensure these roles are assigned directly to service accounts and not at the project level to enforce the principle of least privilege. reference: - https://cloud.google.com/iam/docs/understanding-roles - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-iam,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/iam/gcloud-iam-unrestricted-decryption.yaml b/cloud/gcp/iam/gcloud-iam-unrestricted-decryption.yaml index a8776bb54f4..8dd43d69087 100644 --- a/cloud/gcp/iam/gcloud-iam-unrestricted-decryption.yaml +++ b/cloud/gcp/iam/gcloud-iam-unrestricted-decryption.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/IAM/decryption-with-all-keys-not-allowed.html - https://cloud.google.com/kms/docs/reference/permissions-and-roles - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,iam,security,encryption,kms,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/iam/gcloud-service-account-admin-restriction.yaml b/cloud/gcp/iam/gcloud-service-account-admin-restriction.yaml index a80138b8ed1..af5436c2a57 100644 --- a/cloud/gcp/iam/gcloud-service-account-admin-restriction.yaml +++ b/cloud/gcp/iam/gcloud-service-account-admin-restriction.yaml @@ -12,9 +12,8 @@ info: Review and minimize the roles assigned to service accounts, ensuring no administrative privileges are granted unless absolutely necessary. reference: - https://cloud.google.com/iam/docs/understanding-roles - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-iam,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/iam/gcloud-service-account-user-keys.yaml b/cloud/gcp/iam/gcloud-service-account-user-keys.yaml index 597271e0199..3d1970ea277 100644 --- a/cloud/gcp/iam/gcloud-service-account-user-keys.yaml +++ b/cloud/gcp/iam/gcloud-service-account-user-keys.yaml @@ -12,9 +12,8 @@ info: Transition to using GCP-managed keys for service accounts to ensure key management is handled by Google Cloud, thereby enhancing security and reducing the administrative burden of manual key management. reference: - https://cloud.google.com/iam/docs/managing-service-account-keys - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-iam,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/kms/gcloud-kms-public-access.yaml b/cloud/gcp/kms/gcloud-kms-public-access.yaml index 98c9b49662d..fbb20f659b7 100644 --- a/cloud/gcp/kms/gcloud-kms-public-access.yaml +++ b/cloud/gcp/kms/gcloud-kms-public-access.yaml @@ -12,9 +12,8 @@ info: Update the IAM policy for your KMS keys by removing any bindings that include "allUsers" or "allAuthenticatedUsers" to restrict access to authenticated and authorized users only. reference: - https://cloud.google.com/kms/docs/restricting-access - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-kms,gcp-cloud-config + flow: | code(1) for(let keyRing of iterate(template.keyRings)){ diff --git a/cloud/gcp/loadbalancing/gcloud-alb-ssl-google-managed.yaml b/cloud/gcp/loadbalancing/gcloud-alb-ssl-google-managed.yaml index c8d1e21e57e..065ff87b878 100644 --- a/cloud/gcp/loadbalancing/gcloud-alb-ssl-google-managed.yaml +++ b/cloud/gcp/loadbalancing/gcloud-alb-ssl-google-managed.yaml @@ -12,9 +12,8 @@ info: Configure your Application Load Balancers to use Google-managed SSL certificates to ensure trust and proper security standards. reference: - https://cloud.google.com/load-balancing/docs/ssl-certificates - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,google-cloud-load-balancing,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/loadbalancing/gcloud-approved-external-lb.yaml b/cloud/gcp/loadbalancing/gcloud-approved-external-lb.yaml index 47c8e59cd59..efbc1c1991a 100644 --- a/cloud/gcp/loadbalancing/gcloud-approved-external-lb.yaml +++ b/cloud/gcp/loadbalancing/gcloud-approved-external-lb.yaml @@ -12,9 +12,8 @@ info: Ensure all used external load balancers are approved in the Trend Cloud One™ – Conformity account console. Replace unapproved load balancers with approved ones. reference: - https://cloud.google.com/load-balancing/docs - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,google-cloud-load-balancing,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/loadbalancing/gcloud-https-lb-logging-disabled.yaml b/cloud/gcp/loadbalancing/gcloud-https-lb-logging-disabled.yaml index 8f961c0ad49..c8251181051 100644 --- a/cloud/gcp/loadbalancing/gcloud-https-lb-logging-disabled.yaml +++ b/cloud/gcp/loadbalancing/gcloud-https-lb-logging-disabled.yaml @@ -12,9 +12,8 @@ info: Enable logging on all Google Cloud HTTP(S) load balancers by configuring the logConfig.enable setting to true in the backend services settings. reference: - https://cloud.google.com/load-balancing/docs/https - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,google-cloud-load-balancing,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/loadbalancing/gcloud-lb-backend-unsecured.yaml b/cloud/gcp/loadbalancing/gcloud-lb-backend-unsecured.yaml index bc160a7339b..a800910ffc1 100644 --- a/cloud/gcp/loadbalancing/gcloud-lb-backend-unsecured.yaml +++ b/cloud/gcp/loadbalancing/gcloud-lb-backend-unsecured.yaml @@ -12,9 +12,8 @@ info: Attach an edge security policy to your backend services via the Google Cloud Console or using the Cloud Armor APIs to enhance security at your network's edge. reference: - https://cloud.google.com/armor/docs/security-policy-overview - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,google-cloud-load-balancer,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/loadbalancing/gcloud-ssl-policy-insecure-ciphers.yaml b/cloud/gcp/loadbalancing/gcloud-ssl-policy-insecure-ciphers.yaml index fac97931eb0..b4a4a0828f9 100644 --- a/cloud/gcp/loadbalancing/gcloud-ssl-policy-insecure-ciphers.yaml +++ b/cloud/gcp/loadbalancing/gcloud-ssl-policy-insecure-ciphers.yaml @@ -12,9 +12,8 @@ info: Ensure SSL policies use MODERN or RESTRICTED profiles, or a secure CUSTOM profile without weak ciphers. reference: - https://cloud.google.com/load-balancing/docs/ssl-policies - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,google-cloud-load-balancing,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/logging/gcloud-enable-data-access-audit-logging.yaml b/cloud/gcp/logging/gcloud-enable-data-access-audit-logging.yaml index 899cad09102..72c68b0baf5 100644 --- a/cloud/gcp/logging/gcloud-enable-data-access-audit-logging.yaml +++ b/cloud/gcp/logging/gcloud-enable-data-access-audit-logging.yaml @@ -12,9 +12,8 @@ info: Configure the IAM policy of your Google Cloud project to include the "auditConfigs" configuration object that enables data access audit logging for all critical APIs. reference: - https://cloud.google.com/logging/docs/audit/configure-data-access - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,google-cloud-iam,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/logging/gcloud-global-logging-not-enabled.yaml b/cloud/gcp/logging/gcloud-global-logging-not-enabled.yaml index 45d0808e380..79171f156ec 100644 --- a/cloud/gcp/logging/gcloud-global-logging-not-enabled.yaml +++ b/cloud/gcp/logging/gcloud-global-logging-not-enabled.yaml @@ -12,9 +12,8 @@ info: Update Cloud Logging buckets to use the global location scope to enable centralized logging across all regions. reference: - https://cloud.google.com/logging/docs/export/configure_export_v2 - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-logging,logging-buckets,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/logging/gcloud-log-retention-period-insufficient.yaml b/cloud/gcp/logging/gcloud-log-retention-period-insufficient.yaml index 210a4f860cf..7bf982e94e7 100644 --- a/cloud/gcp/logging/gcloud-log-retention-period-insufficient.yaml +++ b/cloud/gcp/logging/gcloud-log-retention-period-insufficient.yaml @@ -12,9 +12,8 @@ info: Update the retention period for your Cloud Logging buckets to 365 days or more using the Google Cloud CLI or the Console to ensure compliance with best practices. reference: - https://cloud.google.com/logging/docs/export/configure_storage - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,google-cloud-logging,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/logging/gcloud-logging-sink-not-configured.yaml b/cloud/gcp/logging/gcloud-logging-sink-not-configured.yaml index 236a2580d7a..c248ae28007 100644 --- a/cloud/gcp/logging/gcloud-logging-sink-not-configured.yaml +++ b/cloud/gcp/logging/gcloud-logging-sink-not-configured.yaml @@ -12,9 +12,8 @@ info: Create a log sink with a blank filter to export all log entries within the project. Ensure the export destination aligns with your organizational logging strategy. reference: - https://cloud.google.com/logging/docs/export/configure_export_v2 - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,google-cloud-logging,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/logging/gcloud-vpc-network-changes-monitoring-not-enabled.yaml b/cloud/gcp/logging/gcloud-vpc-network-changes-monitoring-not-enabled.yaml index bd60e88c508..1106bcfe09a 100644 --- a/cloud/gcp/logging/gcloud-vpc-network-changes-monitoring-not-enabled.yaml +++ b/cloud/gcp/logging/gcloud-vpc-network-changes-monitoring-not-enabled.yaml @@ -13,9 +13,8 @@ info: reference: - https://cloud.google.com/monitoring/alerts - https://cloud.google.com/logging/docs/audit - metadata: - max-request: 7 tags: cloud,devops,gcp,gcloud,vpc,google-cloud-monitoring,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/nat/gcloud-iam-least-privilege-nat.yaml b/cloud/gcp/nat/gcloud-iam-least-privilege-nat.yaml index 7cd2f33b4b8..dd7e50944cb 100644 --- a/cloud/gcp/nat/gcloud-iam-least-privilege-nat.yaml +++ b/cloud/gcp/nat/gcloud-iam-least-privilege-nat.yaml @@ -13,9 +13,8 @@ info: reference: - https://cloud.google.com/iam/docs/understanding-roles - https://cloud.google.com/nat/docs/overview - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,iam,cloud-nat,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/nat/gcloud-nat-logging-disabled.yaml b/cloud/gcp/nat/gcloud-nat-logging-disabled.yaml index 52603cc276c..58b915e5a9e 100644 --- a/cloud/gcp/nat/gcloud-nat-logging-disabled.yaml +++ b/cloud/gcp/nat/gcloud-nat-logging-disabled.yaml @@ -12,9 +12,8 @@ info: Enable logging for your Google Cloud NAT gateways by setting the `logConfig.enable` parameter to `True`. This ensures that all NAT connection and error activities are logged appropriately. reference: - https://cloud.google.com/nat/docs/logging - metadata: - max-request: 5 tags: cloud,devops,gcp,gcloud,google-cloud-nat,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/nat/gcloud-nat-private-subnet-disabled.yaml b/cloud/gcp/nat/gcloud-nat-private-subnet-disabled.yaml index 0fdfa06779f..3bec11ee1f1 100644 --- a/cloud/gcp/nat/gcloud-nat-private-subnet-disabled.yaml +++ b/cloud/gcp/nat/gcloud-nat-private-subnet-disabled.yaml @@ -12,9 +12,8 @@ info: Configure Cloud NAT for all private subnets that require outbound access. Use Compute Engine routers to define NAT configuration and associate them with your VPC subnets. reference: - https://cloud.google.com/nat/docs/overview - metadata: - max-request: 6 tags: cloud,devops,gcp,gcloud,google-cloud-nat,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/nat/gcloud-nat-static-ip-unconfigured.yaml b/cloud/gcp/nat/gcloud-nat-static-ip-unconfigured.yaml index 6556eb1d100..a084008dda4 100644 --- a/cloud/gcp/nat/gcloud-nat-static-ip-unconfigured.yaml +++ b/cloud/gcp/nat/gcloud-nat-static-ip-unconfigured.yaml @@ -12,9 +12,8 @@ info: Configure your Google Cloud NAT gateways to use static reserved external IPs by reserving external IPs and attaching them to the NAT configuration. reference: - https://cloud.google.com/nat/docs/using-nat - metadata: - max-request: 5 tags: cloud,devops,gcp,gcloud,google-cloud-nat,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/nat/gcloud-nat-subnet-unrestricted.yaml b/cloud/gcp/nat/gcloud-nat-subnet-unrestricted.yaml index 225e73297c0..cadaa8cb7f8 100644 --- a/cloud/gcp/nat/gcloud-nat-subnet-unrestricted.yaml +++ b/cloud/gcp/nat/gcloud-nat-subnet-unrestricted.yaml @@ -12,9 +12,8 @@ info: Restrict your Cloud NAT gateways to specific VPC subnets by defining subnet mappings in the NAT configuration settings. Review and update your network configurations to ensure adherence to your organization's security policies. reference: - https://cloud.google.com/nat/docs/using-nat - metadata: - max-request: 5 tags: cloud,devops,gcp,gcloud,google-cloud-nat,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/pubsub/gcloud-pubsub-cmek-disabled.yaml b/cloud/gcp/pubsub/gcloud-pubsub-cmek-disabled.yaml index 2eb040a6e11..21a2b5e1995 100644 --- a/cloud/gcp/pubsub/gcloud-pubsub-cmek-disabled.yaml +++ b/cloud/gcp/pubsub/gcloud-pubsub-cmek-disabled.yaml @@ -12,9 +12,8 @@ info: Configure your Pub/Sub topics to use Customer-Managed Encryption Keys (CMEKs) by specifying a Cloud KMS key during the topic creation or update process. reference: - https://cloud.google.com/pubsub/docs/encryption - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-pubsub,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/pubsub/gcloud-pubsub-crossproject-access.yaml b/cloud/gcp/pubsub/gcloud-pubsub-crossproject-access.yaml index e41b6623f4a..34b6343baa4 100644 --- a/cloud/gcp/pubsub/gcloud-pubsub-crossproject-access.yaml +++ b/cloud/gcp/pubsub/gcloud-pubsub-crossproject-access.yaml @@ -13,9 +13,8 @@ info: reference: - https://cloud.google.com/pubsub/docs/access-control - https://cloudone.trendmicro.com/docs/conformity - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-pubsub,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/pubsub/gcloud-pubsub-deadletter-disabled.yaml b/cloud/gcp/pubsub/gcloud-pubsub-deadletter-disabled.yaml index 469939d1742..234826cd531 100644 --- a/cloud/gcp/pubsub/gcloud-pubsub-deadletter-disabled.yaml +++ b/cloud/gcp/pubsub/gcloud-pubsub-deadletter-disabled.yaml @@ -12,9 +12,8 @@ info: Configure a dead-letter topic for all Google Cloud Pub/Sub subscriptions to capture undeliverable messages. This ensures messages can be retained and addressed later. reference: - https://cloud.google.com/pubsub/docs/dead-letter-topics - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-pubsub,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/pubsub/gcloud-pubsub-publicly-accessible.yaml b/cloud/gcp/pubsub/gcloud-pubsub-publicly-accessible.yaml index 39674dcbe89..a080779ab45 100644 --- a/cloud/gcp/pubsub/gcloud-pubsub-publicly-accessible.yaml +++ b/cloud/gcp/pubsub/gcloud-pubsub-publicly-accessible.yaml @@ -12,9 +12,8 @@ info: Remove "allUsers" and "allAuthenticatedUsers" from the IAM policy bindings of your Pub/Sub topics. This ensures only authorized identities have access to the topics. reference: - https://cloud.google.com/pubsub/docs/access-control - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-pubsub,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/resourcemanager/gcloud-org-allowed-apis.yaml b/cloud/gcp/resourcemanager/gcloud-org-allowed-apis.yaml index 06dc17aec9b..95776a53fe9 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-allowed-apis.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-allowed-apis.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ResourceManager/allowed-apis-and-services.html - https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,resourcemanager,security,api,services,gcp-cloud-config + flow: | code(1) for(let orgId of iterate(template.orgIds)){ diff --git a/cloud/gcp/resourcemanager/gcloud-org-allowed-external-ips.yaml b/cloud/gcp/resourcemanager/gcloud-org-allowed-external-ips.yaml index c1f3b0e8a3a..edd214bfb3c 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-allowed-external-ips.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-allowed-external-ips.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ResourceManager/allowed-external-ips.html - https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,resourcemanager,security,networking,organization,gcp-cloud-config + flow: | code(1) for(let orgId of iterate(template.orgIds)){ diff --git a/cloud/gcp/resourcemanager/gcloud-org-auto-iam-grants.yaml b/cloud/gcp/resourcemanager/gcloud-org-auto-iam-grants.yaml index 3530f139270..047b2ed5212 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-auto-iam-grants.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-auto-iam-grants.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ResourceManager/disable-automatic-role-grants.html - https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,resourcemanager,security,iam,organization,gcp-cloud-config + flow: | code(1) for(let orgId of iterate(template.orgIds)){ diff --git a/cloud/gcp/resourcemanager/gcloud-org-default-network.yaml b/cloud/gcp/resourcemanager/gcloud-org-default-network.yaml index e8bce1f6e74..1096f8085eb 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-default-network.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-default-network.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ResourceManager/disable-default-network-creation.html - https://cloud.google.com/vpc/docs/vpc-network-overview - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,resourcemanager,security,networking,vpc,gcp-cloud-config + flow: | code(1) for(let orgId of iterate(template.orgIds)){ diff --git a/cloud/gcp/resourcemanager/gcloud-org-detailed-audit-logging.yaml b/cloud/gcp/resourcemanager/gcloud-org-detailed-audit-logging.yaml index cba57e2ae1b..c5d67ce8e69 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-detailed-audit-logging.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-detailed-audit-logging.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ResourceManager/enable-detailed-audit-logging.html - https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,resourcemanager,security,audit,logging,gcp-cloud-config + flow: | code(1) for(let orgId of iterate(template.orgIds)){ diff --git a/cloud/gcp/resourcemanager/gcloud-org-guest-attributes.yaml b/cloud/gcp/resourcemanager/gcloud-org-guest-attributes.yaml index c1e031768f0..4ce85d4f711 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-guest-attributes.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-guest-attributes.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ResourceManager/disable-using-guest-attributes.html - https://cloud.google.com/compute/docs/metadata/guest-attributes - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,resourcemanager,security,compute,metadata,gcp-cloud-config + flow: | code(1) for(let orgId of iterate(template.orgIds)){ diff --git a/cloud/gcp/resourcemanager/gcloud-org-ip-forwarding.yaml b/cloud/gcp/resourcemanager/gcloud-org-ip-forwarding.yaml index 57d9580bacf..d7e32f108b3 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-ip-forwarding.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-ip-forwarding.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ResourceManager/enable-ip-forwarding-restriction-policy.html - https://cloud.google.com/vpc/docs/using-instance-ip-forwarding - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,resourcemanager,security,networking,ip-forwarding,gcp-cloud-config + flow: | code(1) for(let orgId of iterate(template.orgIds)){ diff --git a/cloud/gcp/resourcemanager/gcloud-org-load-balancer-types.yaml b/cloud/gcp/resourcemanager/gcloud-org-load-balancer-types.yaml index d8a1f810ba4..53c9e46db86 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-load-balancer-types.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-load-balancer-types.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ResourceManager/restrict-load-balancer-creation-based-on-type.html - https://cloud.google.com/load-balancing/docs/load-balancer-types - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,resourcemanager,security,load-balancer,networking,gcp-cloud-config + flow: | code(1) for(let orgId of iterate(template.orgIds)){ diff --git a/cloud/gcp/resourcemanager/gcloud-org-os-login.yaml b/cloud/gcp/resourcemanager/gcloud-org-os-login.yaml index b1755061965..4e5e8a0c8c9 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-os-login.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-os-login.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ResourceManager/enquire-os-login.html - https://cloud.google.com/compute/docs/oslogin - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,resourcemanager,security,compute,ssh,gcp-cloud-config + flow: | code(1) for(let orgId of iterate(template.orgIds)){ diff --git a/cloud/gcp/resourcemanager/gcloud-org-resource-locations.yaml b/cloud/gcp/resourcemanager/gcloud-org-resource-locations.yaml index 9b5e3f615fe..0f21eb2fc7a 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-resource-locations.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-resource-locations.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ResourceManager/resource-location-restriction.html - https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,resourcemanager,security,compliance,location,gcp-cloud-config + flow: | code(1) for(let orgId of iterate(template.orgIds)){ diff --git a/cloud/gcp/resourcemanager/gcloud-org-service-account-creation.yaml b/cloud/gcp/resourcemanager/gcloud-org-service-account-creation.yaml index a3dfbeac3d3..b73c67275a4 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-service-account-creation.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-service-account-creation.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ResourceManager/prevent-service-account-creation.html - https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,resourcemanager,security,iam,service-account,gcp-cloud-config + flow: | code(1) for(let orgId of iterate(template.orgIds)){ diff --git a/cloud/gcp/resourcemanager/gcloud-org-service-account-key-creation.yaml b/cloud/gcp/resourcemanager/gcloud-org-service-account-key-creation.yaml index 237289f0e52..12851f6fb66 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-service-account-key-creation.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-service-account-key-creation.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ResourceManager/disable-service-account-key-creation.html - https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,resourcemanager,security,iam,service-account,gcp-cloud-config + flow: | code(1) for(let orgId of iterate(template.orgIds)){ diff --git a/cloud/gcp/resourcemanager/gcloud-org-service-account-key-upload.yaml b/cloud/gcp/resourcemanager/gcloud-org-service-account-key-upload.yaml index c1acc8fefad..1b1579a5704 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-service-account-key-upload.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-service-account-key-upload.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ResourceManager/disable-service-account-key-upload.html - https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,resourcemanager,security,iam,service-account,gcp-cloud-config + flow: | code(1) for(let orgId of iterate(template.orgIds)){ diff --git a/cloud/gcp/resourcemanager/gcloud-org-shared-vpc-subnets.yaml b/cloud/gcp/resourcemanager/gcloud-org-shared-vpc-subnets.yaml index ae56ecd7d36..8fc30dfef14 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-shared-vpc-subnets.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-shared-vpc-subnets.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ResourceManager/restrict-shared-vps-subnetworks.html - https://cloud.google.com/vpc/docs/shared-vpc - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,resourcemanager,security,networking,vpc,gcp-cloud-config + flow: | code(1) for(let orgId of iterate(template.orgIds)){ diff --git a/cloud/gcp/resourcemanager/gcloud-org-sql-authorized-networks.yaml b/cloud/gcp/resourcemanager/gcloud-org-sql-authorized-networks.yaml index bb70713f874..ead44370f04 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-sql-authorized-networks.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-sql-authorized-networks.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ResourceManager/restrict-authorized-networks.html - https://cloud.google.com/sql/docs/mysql/authorize-networks - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,resourcemanager,security,sql,networking,gcp-cloud-config + flow: | code(1) for(let orgId of iterate(template.orgIds)){ diff --git a/cloud/gcp/resourcemanager/gcloud-org-sql-default-encryption.yaml b/cloud/gcp/resourcemanager/gcloud-org-sql-default-encryption.yaml index b7e2880be0f..83da57b200d 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-sql-default-encryption.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-sql-default-encryption.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ResourceManager/restrict-default-encryption-for-sql-instances.html - https://cloud.google.com/sql/docs/mysql/customer-managed-encryption-keys - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,resourcemanager,security,sql,encryption,cmk,gcp-cloud-config + flow: | code(1) for(let orgId of iterate(template.orgIds)){ diff --git a/cloud/gcp/resourcemanager/gcloud-org-sql-public-ip.yaml b/cloud/gcp/resourcemanager/gcloud-org-sql-public-ip.yaml index 4ce247764ca..46151bf6b43 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-sql-public-ip.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-sql-public-ip.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ResourceManager/restrict-public-ip-access-at-organization-level.html - https://cloud.google.com/sql/docs/mysql/configure-ip - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,resourcemanager,security,sql,networking,gcp-cloud-config + flow: | code(1) for(let orgId of iterate(template.orgIds)){ diff --git a/cloud/gcp/resourcemanager/gcloud-org-trusted-images.yaml b/cloud/gcp/resourcemanager/gcloud-org-trusted-images.yaml index 8231d011617..9916d65ad45 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-trusted-images.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-trusted-images.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ResourceManager/disk-image-restriction.html - https://cloud.google.com/compute/docs/images/restricting-image-access - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,resourcemanager,security,compute,images,gcp-cloud-config + flow: | code(1) for(let orgId of iterate(template.orgIds)){ diff --git a/cloud/gcp/resourcemanager/gcloud-org-uniform-bucket-access.yaml b/cloud/gcp/resourcemanager/gcloud-org-uniform-bucket-access.yaml index df2ec575c60..4c19e565f9c 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-uniform-bucket-access.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-uniform-bucket-access.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ResourceManager/enforce-uniform-bucket-level-access-constraint.html - https://cloud.google.com/storage/docs/uniform-bucket-level-access - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,resourcemanager,security,storage,bucket,gcp-cloud-config + flow: | code(1) for(let orgId of iterate(template.orgIds)){ diff --git a/cloud/gcp/resourcemanager/gcloud-org-vpc-peering.yaml b/cloud/gcp/resourcemanager/gcloud-org-vpc-peering.yaml index 8400bc10101..8d38dab29c2 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-vpc-peering.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-vpc-peering.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ResourceManager/restrict-vpc-peering-usage.html - https://cloud.google.com/vpc/docs/vpc-peering - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,resourcemanager,security,networking,vpc,gcp-cloud-config + flow: | code(1) for(let orgId of iterate(template.orgIds)){ diff --git a/cloud/gcp/resourcemanager/gcloud-org-vpn-peer-ips.yaml b/cloud/gcp/resourcemanager/gcloud-org-vpn-peer-ips.yaml index 6535b324df1..02d827c4da9 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-vpn-peer-ips.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-vpn-peer-ips.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ResourceManager/restrict-vpn-peer-ips.html - https://cloud.google.com/vpc/docs/using-vpn - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,resourcemanager,security,networking,vpn,gcp-cloud-config + flow: | code(1) for(let orgId of iterate(template.orgIds)){ diff --git a/cloud/gcp/resourcemanager/gcloud-org-workload-identity.yaml b/cloud/gcp/resourcemanager/gcloud-org-workload-identity.yaml index 038119abcfb..49c9dff57d6 100644 --- a/cloud/gcp/resourcemanager/gcloud-org-workload-identity.yaml +++ b/cloud/gcp/resourcemanager/gcloud-org-workload-identity.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/ResourceManager/disable-workload-identity-cluster-creation.html - https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,resourcemanager,security,gke,kubernetes,workload-identity,gcp-cloud-config + flow: | code(1) for(let orgId of iterate(template.orgIds)){ diff --git a/cloud/gcp/run/gcloud-run-services-user-labels-missing.yaml b/cloud/gcp/run/gcloud-run-services-user-labels-missing.yaml index 521c5168610..889a625201d 100644 --- a/cloud/gcp/run/gcloud-run-services-user-labels-missing.yaml +++ b/cloud/gcp/run/gcloud-run-services-user-labels-missing.yaml @@ -12,9 +12,8 @@ info: Add user-defined labels to Cloud Run services to improve resource management. Ensure that the labels are meaningful and adhere to organizational standards for resource grouping. reference: - https://cloud.google.com/run/docs/configuring/labels - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-run,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-mysql-local-infile-enabled.yaml b/cloud/gcp/sql/gcloud-mysql-local-infile-enabled.yaml index 6341f9ad6da..88ad4253a7c 100644 --- a/cloud/gcp/sql/gcloud-mysql-local-infile-enabled.yaml +++ b/cloud/gcp/sql/gcloud-mysql-local-infile-enabled.yaml @@ -12,9 +12,8 @@ info: Disable the local_infile flag in your MySQL database instance configuration to enhance security and prevent potential misuse of the feature. reference: - https://cloud.google.com/sql/docs/mysql/flags - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,mysql,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-mysql-pitr-disabled.yaml b/cloud/gcp/sql/gcloud-mysql-pitr-disabled.yaml index 6d71fc3081d..29dfd1e1f2d 100644 --- a/cloud/gcp/sql/gcloud-mysql-pitr-disabled.yaml +++ b/cloud/gcp/sql/gcloud-mysql-pitr-disabled.yaml @@ -12,9 +12,8 @@ info: Enable binary logging and configure automated backups for your MySQL database instances to ensure that the PITR feature is enabled. reference: - https://cloud.google.com/sql/docs/mysql/backup-recovery/pitr - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-mysql-slowquerylog-disabled.yaml b/cloud/gcp/sql/gcloud-mysql-slowquerylog-disabled.yaml index 6ee297511c7..ba0dde23755 100644 --- a/cloud/gcp/sql/gcloud-mysql-slowquerylog-disabled.yaml +++ b/cloud/gcp/sql/gcloud-mysql-slowquerylog-disabled.yaml @@ -12,9 +12,8 @@ info: Enable the "slow_query_log" flag for MySQL database instances in Google Cloud to log and analyze slow SQL queries, improving database performance and query efficiency. reference: - https://cloud.google.com/sql/docs/mysql/flags - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-pg-log-error-verbosity-flag-not-configured.yaml b/cloud/gcp/sql/gcloud-pg-log-error-verbosity-flag-not-configured.yaml index cc719618f23..2051ec4a8dc 100644 --- a/cloud/gcp/sql/gcloud-pg-log-error-verbosity-flag-not-configured.yaml +++ b/cloud/gcp/sql/gcloud-pg-log-error-verbosity-flag-not-configured.yaml @@ -12,9 +12,8 @@ info: Set the "log_error_verbosity" flag to DEFAULT or a stricter value (e.g., TERSE) to balance logging detail and performance, as per your organization's logging policy. reference: - https://cloud.google.com/sql/docs/postgres/flags - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,postgresql,logging,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-pg-log-executor-stats-enabled.yaml b/cloud/gcp/sql/gcloud-pg-log-executor-stats-enabled.yaml index a2e42d2da07..c4b4f19cec2 100644 --- a/cloud/gcp/sql/gcloud-pg-log-executor-stats-enabled.yaml +++ b/cloud/gcp/sql/gcloud-pg-log-executor-stats-enabled.yaml @@ -12,9 +12,8 @@ info: Disable the log_executor_stats flag in your PostgreSQL database instance configuration to prevent performance issues caused by excessive logging. reference: - https://cloud.google.com/sql/docs/postgres/flags - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,postgresql,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-pg-log-min-duration-statement-enabled.yaml b/cloud/gcp/sql/gcloud-pg-log-min-duration-statement-enabled.yaml index d3e632c6428..4059c904763 100644 --- a/cloud/gcp/sql/gcloud-pg-log-min-duration-statement-enabled.yaml +++ b/cloud/gcp/sql/gcloud-pg-log-min-duration-statement-enabled.yaml @@ -12,9 +12,8 @@ info: Set the log_min_duration_statement flag to -1 in your PostgreSQL database instance configuration to disable logging based on statement duration. reference: - https://cloud.google.com/sql/docs/postgres/flags - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,postgresql,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-pg-log-min-error-statement-flag-not-configured.yaml b/cloud/gcp/sql/gcloud-pg-log-min-error-statement-flag-not-configured.yaml index 0c97c3a53b1..40b06900ce3 100644 --- a/cloud/gcp/sql/gcloud-pg-log-min-error-statement-flag-not-configured.yaml +++ b/cloud/gcp/sql/gcloud-pg-log-min-error-statement-flag-not-configured.yaml @@ -12,9 +12,8 @@ info: Set the "log_min_error_statement" flag to the appropriate severity level (e.g., FATAL) as per your organization's logging policy to balance logging effectiveness and performance. reference: - https://cloud.google.com/sql/docs/postgres/flags - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,postgresql,logging,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-pg-log-min-messages-flag-not-configured.yaml b/cloud/gcp/sql/gcloud-pg-log-min-messages-flag-not-configured.yaml index 0e5c8d82404..f214a0ed87c 100644 --- a/cloud/gcp/sql/gcloud-pg-log-min-messages-flag-not-configured.yaml +++ b/cloud/gcp/sql/gcloud-pg-log-min-messages-flag-not-configured.yaml @@ -12,9 +12,8 @@ info: Set the "log_min_messages" flag to the appropriate severity level (e.g., ERROR) as per your organization's logging policy to balance logging effectiveness and performance. reference: - https://cloud.google.com/sql/docs/postgres/flags - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,postgresql,logging,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-pg-log-parser-stats-enabled.yaml b/cloud/gcp/sql/gcloud-pg-log-parser-stats-enabled.yaml index 0ce6482dd5f..dee3ca9f911 100644 --- a/cloud/gcp/sql/gcloud-pg-log-parser-stats-enabled.yaml +++ b/cloud/gcp/sql/gcloud-pg-log-parser-stats-enabled.yaml @@ -12,9 +12,8 @@ info: Disable the "log_parser_stats" flag in your PostgreSQL database instance configuration to prevent performance issues caused by excessive logging. reference: - https://cloud.google.com/sql/docs/postgres/flags - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,postgresql,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-pg-log-planner-stats-enabled.yaml b/cloud/gcp/sql/gcloud-pg-log-planner-stats-enabled.yaml index 69420b24bce..b4a1640bb0f 100644 --- a/cloud/gcp/sql/gcloud-pg-log-planner-stats-enabled.yaml +++ b/cloud/gcp/sql/gcloud-pg-log-planner-stats-enabled.yaml @@ -12,9 +12,8 @@ info: Disable the log_planner_stats flag in your PostgreSQL database instance configuration to prevent performance issues caused by excessive logging. reference: - https://cloud.google.com/sql/docs/postgres/flags - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,postgresql,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-pg-log-statement-flag-not-configured.yaml b/cloud/gcp/sql/gcloud-pg-log-statement-flag-not-configured.yaml index 5b4d28f846f..d4702e50c06 100644 --- a/cloud/gcp/sql/gcloud-pg-log-statement-flag-not-configured.yaml +++ b/cloud/gcp/sql/gcloud-pg-log-statement-flag-not-configured.yaml @@ -12,9 +12,8 @@ info: Set the "log_statement" flag to the appropriate value (e.g., mod) based on your organization's logging policy to balance performance and logging requirements. reference: - https://cloud.google.com/sql/docs/postgres/flags - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,postgresql,logging,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-pg-log-statement-stats-enabled.yaml b/cloud/gcp/sql/gcloud-pg-log-statement-stats-enabled.yaml index 87787ad8149..ef9270b2344 100644 --- a/cloud/gcp/sql/gcloud-pg-log-statement-stats-enabled.yaml +++ b/cloud/gcp/sql/gcloud-pg-log-statement-stats-enabled.yaml @@ -12,9 +12,8 @@ info: Disable the "log_statement_stats" flag in your PostgreSQL database instance configuration to prevent performance issues caused by excessive logging. reference: - https://cloud.google.com/sql/docs/postgres/flags - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,postgresql,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-postgresql-log-checkpoints-disabled.yaml b/cloud/gcp/sql/gcloud-postgresql-log-checkpoints-disabled.yaml index 505bb95efde..7c2c2dff557 100644 --- a/cloud/gcp/sql/gcloud-postgresql-log-checkpoints-disabled.yaml +++ b/cloud/gcp/sql/gcloud-postgresql-log-checkpoints-disabled.yaml @@ -12,9 +12,8 @@ info: Enable the "log_checkpoints" flag for all PostgreSQL database instances by updating the database configuration using the Google Cloud Console or gcloud CLI. reference: - https://cloud.google.com/sql/docs/postgres/flags - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,postgresql,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-postgresql-log-disconnections-unenabled.yaml b/cloud/gcp/sql/gcloud-postgresql-log-disconnections-unenabled.yaml index 65b40856840..282ad1f57b7 100644 --- a/cloud/gcp/sql/gcloud-postgresql-log-disconnections-unenabled.yaml +++ b/cloud/gcp/sql/gcloud-postgresql-log-disconnections-unenabled.yaml @@ -12,9 +12,8 @@ info: Enable the "log_disconnections" flag for all Google Cloud PostgreSQL database instances by updating the database flag in the configuration settings. reference: - https://cloud.google.com/sql/docs/postgres/flags - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,postgresql,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-postgresql-log-hostname-disabled.yaml b/cloud/gcp/sql/gcloud-postgresql-log-hostname-disabled.yaml index 43834003837..294ada20681 100644 --- a/cloud/gcp/sql/gcloud-postgresql-log-hostname-disabled.yaml +++ b/cloud/gcp/sql/gcloud-postgresql-log-hostname-disabled.yaml @@ -12,9 +12,8 @@ info: Enable the "log_hostname" database flag for all PostgreSQL database instances in your Google Cloud environment to ensure proper logging and traceability. reference: - https://cloud.google.com/sql/docs/postgres/configure-instance-settings - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,postgresql,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-postgresql-logtempfiles-disabled.yaml b/cloud/gcp/sql/gcloud-postgresql-logtempfiles-disabled.yaml index a8cc8c625c5..2f00ccf35e2 100644 --- a/cloud/gcp/sql/gcloud-postgresql-logtempfiles-disabled.yaml +++ b/cloud/gcp/sql/gcloud-postgresql-logtempfiles-disabled.yaml @@ -12,9 +12,8 @@ info: Set the "log_temp_files" database flag to 0 for your PostgreSQL database instances to ensure temporary file operations are logged. reference: - https://cloud.google.com/sql/docs/postgres/configure-database-flags - metadata: - max-request: 3 tags: cloud,devops,gcp,google-cloud-sql,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-sql-auto-storage-disabled.yaml b/cloud/gcp/sql/gcloud-sql-auto-storage-disabled.yaml index 73186b83286..3d4cc62c474 100644 --- a/cloud/gcp/sql/gcloud-sql-auto-storage-disabled.yaml +++ b/cloud/gcp/sql/gcloud-sql-auto-storage-disabled.yaml @@ -12,9 +12,8 @@ info: Enable the Automatic Storage Increase feature for your Google Cloud SQL database instances to prevent storage exhaustion and ensure uninterrupted operations. reference: - https://cloud.google.com/sql/docs/overview#automatic-storage-increase - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-sql-auto-storage-limit-not-configured.yaml b/cloud/gcp/sql/gcloud-sql-auto-storage-limit-not-configured.yaml index 8c229706f6c..689602e68f8 100644 --- a/cloud/gcp/sql/gcloud-sql-auto-storage-limit-not-configured.yaml +++ b/cloud/gcp/sql/gcloud-sql-auto-storage-limit-not-configured.yaml @@ -12,9 +12,8 @@ info: Configure an appropriate limit for the Automatic Storage Increase feature in your Cloud SQL database instance settings to control costs and maintain predictability. reference: - https://cloud.google.com/sql/docs/configure-storage - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,storage,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-sql-backups-disabled.yaml b/cloud/gcp/sql/gcloud-sql-backups-disabled.yaml index 558bd140f61..216e6828b64 100644 --- a/cloud/gcp/sql/gcloud-sql-backups-disabled.yaml +++ b/cloud/gcp/sql/gcloud-sql-backups-disabled.yaml @@ -12,9 +12,8 @@ info: Enable automated backups for all Cloud SQL database instances in your GCP account to ensure regular backups are taken to safeguard against data issues. reference: - https://cloud.google.com/sql/docs/mysql/backup-recovery/backups - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-sql-cmk-not-enabled.yaml b/cloud/gcp/sql/gcloud-sql-cmk-not-enabled.yaml index 4b36e95d5c2..f8acaf8bd2c 100644 --- a/cloud/gcp/sql/gcloud-sql-cmk-not-enabled.yaml +++ b/cloud/gcp/sql/gcloud-sql-cmk-not-enabled.yaml @@ -12,9 +12,8 @@ info: Configure Cloud SQL instances to use Customer-Managed Keys (CMKs) for encryption by enabling encryption with Cloud KMS and specifying a key for each database instance. reference: - https://cloud.google.com/sql/docs/mysql/configure-cmek - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-sql-contained-db-authentication-enabled.yaml b/cloud/gcp/sql/gcloud-sql-contained-db-authentication-enabled.yaml index 4403e56c343..d70000c404a 100644 --- a/cloud/gcp/sql/gcloud-sql-contained-db-authentication-enabled.yaml +++ b/cloud/gcp/sql/gcloud-sql-contained-db-authentication-enabled.yaml @@ -12,9 +12,8 @@ info: Disable the "contained database authentication" flag in your SQL Server database instance configuration to enhance security and enforce centralized authentication. reference: - https://cloud.google.com/sql/docs/sqlserver/flags - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,sqlserver,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-sql-cross-db-ownership-chaining-enabled.yaml b/cloud/gcp/sql/gcloud-sql-cross-db-ownership-chaining-enabled.yaml index f33e72f014b..f909fb0e01a 100644 --- a/cloud/gcp/sql/gcloud-sql-cross-db-ownership-chaining-enabled.yaml +++ b/cloud/gcp/sql/gcloud-sql-cross-db-ownership-chaining-enabled.yaml @@ -12,9 +12,8 @@ info: Disable the "cross db ownership chaining" flag in your SQL Server database instance configuration to prevent unauthorized cross-database access. reference: - https://cloud.google.com/sql/docs/sqlserver/flags - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,sqlserver,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-sql-database-public-ip-configured.yaml b/cloud/gcp/sql/gcloud-sql-database-public-ip-configured.yaml index 96fc6233a67..89f086da160 100644 --- a/cloud/gcp/sql/gcloud-sql-database-public-ip-configured.yaml +++ b/cloud/gcp/sql/gcloud-sql-database-public-ip-configured.yaml @@ -12,9 +12,8 @@ info: Configure your Cloud SQL database instances to use private IP addresses to limit exposure to external networks and enhance security. reference: - https://cloud.google.com/sql/docs/mysql/configure-private-ip - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,networking,security,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-sql-external-scripts-enabled.yaml b/cloud/gcp/sql/gcloud-sql-external-scripts-enabled.yaml index 16eedd1e684..5794ec12832 100644 --- a/cloud/gcp/sql/gcloud-sql-external-scripts-enabled.yaml +++ b/cloud/gcp/sql/gcloud-sql-external-scripts-enabled.yaml @@ -12,9 +12,8 @@ info: Disable the external scripts enabled flag in your SQL Server database instance configuration to enhance security and prevent potential misuse of the feature. reference: - https://cloud.google.com/sql/docs/sqlserver/flags - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,sqlserver,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-sql-ha-not-enabled.yaml b/cloud/gcp/sql/gcloud-sql-ha-not-enabled.yaml index c38d8e0f060..f2e25a9a1de 100644 --- a/cloud/gcp/sql/gcloud-sql-ha-not-enabled.yaml +++ b/cloud/gcp/sql/gcloud-sql-ha-not-enabled.yaml @@ -12,9 +12,8 @@ info: Update the configuration of your Google Cloud SQL database instances to use High Availability (REGIONAL) instead of the default ZONAL configuration to enable automatic failover and ensure minimal downtime. reference: - https://cloud.google.com/sql/docs/mysql/high-availability - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-sql-log-checkpoints-disabled.yaml b/cloud/gcp/sql/gcloud-sql-log-checkpoints-disabled.yaml index 3ec41b719f3..7042f4e5310 100644 --- a/cloud/gcp/sql/gcloud-sql-log-checkpoints-disabled.yaml +++ b/cloud/gcp/sql/gcloud-sql-log-checkpoints-disabled.yaml @@ -12,9 +12,8 @@ info: Enable the "log_checkpoints" flag for PostgreSQL database instances to ensure logging of checkpoints and restart points for better observability. reference: - https://cloud.google.com/sql/docs/postgres/configure-instance-settings - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,postgresql,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-sql-log-connections-disabled.yaml b/cloud/gcp/sql/gcloud-sql-log-connections-disabled.yaml index 6cf0fe20fc6..e20bad54442 100644 --- a/cloud/gcp/sql/gcloud-sql-log-connections-disabled.yaml +++ b/cloud/gcp/sql/gcloud-sql-log-connections-disabled.yaml @@ -12,9 +12,8 @@ info: Enable the "log_connections" database flag for your PostgreSQL instances in Google Cloud. This can be done by updating the instance settings and applying the change. reference: - https://cloud.google.com/sql/docs/postgres/configure-database-flags - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-sql-log-lock-waits-disabled.yaml b/cloud/gcp/sql/gcloud-sql-log-lock-waits-disabled.yaml index 8482030d116..022f0e8b829 100644 --- a/cloud/gcp/sql/gcloud-sql-log-lock-waits-disabled.yaml +++ b/cloud/gcp/sql/gcloud-sql-log-lock-waits-disabled.yaml @@ -12,9 +12,8 @@ info: Enable the "log_lock_waits" database flag for all PostgreSQL database instances in your Google Cloud environment. This ensures better monitoring and identification of lock wait issues. reference: - https://cloud.google.com/sql/docs/postgres/flags - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,postgreSQL,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-sql-pgaudit-not-enabled.yaml b/cloud/gcp/sql/gcloud-sql-pgaudit-not-enabled.yaml index 41170088c92..3da36d4295d 100644 --- a/cloud/gcp/sql/gcloud-sql-pgaudit-not-enabled.yaml +++ b/cloud/gcp/sql/gcloud-sql-pgaudit-not-enabled.yaml @@ -12,9 +12,8 @@ info: Configure your PostgreSQL instances with the "cloudsql.enable_pgaudit" flag set to "on" and the "pgaudit.log" flag set to "all". These settings enable enhanced auditing capabilities. reference: - https://cloud.google.com/sql/docs/postgres/flags - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,postgresql,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-sql-publicly-accessible-instances.yaml b/cloud/gcp/sql/gcloud-sql-publicly-accessible-instances.yaml index 5bd5e1e017d..87384910e7b 100644 --- a/cloud/gcp/sql/gcloud-sql-publicly-accessible-instances.yaml +++ b/cloud/gcp/sql/gcloud-sql-publicly-accessible-instances.yaml @@ -12,9 +12,8 @@ info: Configure your Cloud SQL database instances to accept connections only from trusted IP addresses and networks by limiting access to known authorized networks. reference: - https://cloud.google.com/sql/docs/mysql/configure-ip - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,google-cloud-sql,networking,security,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-sql-remote-access-enabled.yaml b/cloud/gcp/sql/gcloud-sql-remote-access-enabled.yaml index 070f4069f08..6fb62be16fc 100644 --- a/cloud/gcp/sql/gcloud-sql-remote-access-enabled.yaml +++ b/cloud/gcp/sql/gcloud-sql-remote-access-enabled.yaml @@ -12,9 +12,8 @@ info: Disable the "remote access" database flag for all SQL Server database instances in Google Cloud Platform. Update the database configuration settings to ensure the flag is turned off. reference: - https://cloud.google.com/sql/docs/sqlserver/configure-instance-settings - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,sqlserver,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-sql-skip-show-database-disabled.yaml b/cloud/gcp/sql/gcloud-sql-skip-show-database-disabled.yaml index 858585d9013..b8a49d9d6cf 100644 --- a/cloud/gcp/sql/gcloud-sql-skip-show-database-disabled.yaml +++ b/cloud/gcp/sql/gcloud-sql-skip-show-database-disabled.yaml @@ -12,9 +12,8 @@ info: Enable the "skip_show_database" flag for MySQL database instances in Google Cloud. This can be configured in the database settings under the databaseFlags section or through the gcloud CLI. reference: - https://cloud.google.com/sql/docs/mysql/configure-database-flags - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,mysql-database,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-sql-ssl-not-enforced.yaml b/cloud/gcp/sql/gcloud-sql-ssl-not-enforced.yaml index 3a47e51c74f..b748d560f8b 100644 --- a/cloud/gcp/sql/gcloud-sql-ssl-not-enforced.yaml +++ b/cloud/gcp/sql/gcloud-sql-ssl-not-enforced.yaml @@ -12,9 +12,8 @@ info: Enable SSL/TLS for all incoming connections to your Cloud SQL instances. Update the SSL_MODE configuration to allow only encrypted connections. reference: - https://cloud.google.com/sql/docs/mysql/configure-ssl-instance - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-sql-ssl-tls-connections-not-enforced.yaml b/cloud/gcp/sql/gcloud-sql-ssl-tls-connections-not-enforced.yaml index 0d0520eaee7..b76e8006512 100644 --- a/cloud/gcp/sql/gcloud-sql-ssl-tls-connections-not-enforced.yaml +++ b/cloud/gcp/sql/gcloud-sql-ssl-tls-connections-not-enforced.yaml @@ -12,9 +12,8 @@ info: Set the SSL enforcement mode to "ENCRYPTED_ONLY" for all Cloud SQL database instances to ensure all incoming connections use SSL/TLS encryption. reference: - https://cloud.google.com/sql/docs/mysql/configure-ssl - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,networking,security,ssl,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-sql-trace-3625-enabled.yaml b/cloud/gcp/sql/gcloud-sql-trace-3625-enabled.yaml index 62ea2f6bed0..c2049288852 100644 --- a/cloud/gcp/sql/gcloud-sql-trace-3625-enabled.yaml +++ b/cloud/gcp/sql/gcloud-sql-trace-3625-enabled.yaml @@ -12,9 +12,8 @@ info: Disable the 3625 trace flag in your SQL Server database instance configuration to enhance security and protect sensitive information. reference: - https://cloud.google.com/sql/docs/sqlserver/flags - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,sqlserver,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/sql/gcloud-sql-user-options.yaml b/cloud/gcp/sql/gcloud-sql-user-options.yaml index 7117ce8236c..444dd562631 100644 --- a/cloud/gcp/sql/gcloud-sql-user-options.yaml +++ b/cloud/gcp/sql/gcloud-sql-user-options.yaml @@ -12,9 +12,8 @@ info: Disable the "user options" database flag for your Google Cloud SQL Server instances to avoid global defaults for all database users. reference: - https://cloud.google.com/sql/docs/sqlserver/configure-database-flags - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-sql,sql-database-flags,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/storage/gcloud-bucket-lock-not-configured.yaml b/cloud/gcp/storage/gcloud-bucket-lock-not-configured.yaml index e29be0f70c4..d2d0725b00b 100644 --- a/cloud/gcp/storage/gcloud-bucket-lock-not-configured.yaml +++ b/cloud/gcp/storage/gcloud-bucket-lock-not-configured.yaml @@ -12,9 +12,8 @@ info: Enable Bucket Lock on your Google Cloud log sink buckets to enforce retention policies and prevent changes to the data retention duration. reference: - https://cloud.google.com/storage/docs/bucket-lock - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-logging,retention,bucket-lock,security,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/storage/gcloud-bucket-policies-admin-permissions.yaml b/cloud/gcp/storage/gcloud-bucket-policies-admin-permissions.yaml index fdc8f228449..e6f6fac3314 100644 --- a/cloud/gcp/storage/gcloud-bucket-policies-admin-permissions.yaml +++ b/cloud/gcp/storage/gcloud-bucket-policies-admin-permissions.yaml @@ -12,9 +12,8 @@ info: Review and update IAM policies for your Google Cloud Storage buckets to remove roles such as roles/owner, roles/editor, or any roles containing "Admin" to adhere to the Principle of Least Privilege. reference: - https://cloud.google.com/storage/docs/access-control/iam - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-storage,iam,security,polp,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/storage/gcloud-bucket-website-config-not-defined.yaml b/cloud/gcp/storage/gcloud-bucket-website-config-not-defined.yaml index 36834d79b6b..936e104a758 100644 --- a/cloud/gcp/storage/gcloud-bucket-website-config-not-defined.yaml +++ b/cloud/gcp/storage/gcloud-bucket-website-config-not-defined.yaml @@ -12,9 +12,8 @@ info: Define an index page suffix (e.g., index.html) and an error page (e.g., 404.html) in the static website configuration for your Cloud Storage buckets. reference: - https://cloud.google.com/storage/docs/hosting-static-website - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-storage,website-config,static-website,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/storage/gcloud-data-access-audit-logs-not-enabled.yaml b/cloud/gcp/storage/gcloud-data-access-audit-logs-not-enabled.yaml index 9136eb26c25..47bc22b6ea4 100644 --- a/cloud/gcp/storage/gcloud-data-access-audit-logs-not-enabled.yaml +++ b/cloud/gcp/storage/gcloud-data-access-audit-logs-not-enabled.yaml @@ -12,9 +12,8 @@ info: Enable Data Access audit logs for the "storage.googleapis.com" service in your project to monitor all read, write, and admin activities on Cloud Storage resources. reference: - https://cloud.google.com/logging/docs/audit - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,google-cloud-storage,audit-logs,security,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/storage/gcloud-insufficient-data-retention-period.yaml b/cloud/gcp/storage/gcloud-insufficient-data-retention-period.yaml index d96f97a1c76..f32ddb51e1c 100644 --- a/cloud/gcp/storage/gcloud-insufficient-data-retention-period.yaml +++ b/cloud/gcp/storage/gcloud-insufficient-data-retention-period.yaml @@ -12,9 +12,8 @@ info: Configure a sufficient data retention period for your Google Cloud Storage buckets based on your organization's security and compliance policies. reference: - https://cloud.google.com/storage/docs/bucket-lock - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-storage,retention,security,compliance,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/storage/gcloud-lifecycle-management-not-enabled.yaml b/cloud/gcp/storage/gcloud-lifecycle-management-not-enabled.yaml index 4640ca93918..647cc8bde8f 100644 --- a/cloud/gcp/storage/gcloud-lifecycle-management-not-enabled.yaml +++ b/cloud/gcp/storage/gcloud-lifecycle-management-not-enabled.yaml @@ -12,9 +12,8 @@ info: Enable lifecycle management rules for your Cloud Storage buckets to automate actions like deleting or downgrading storage class of objects based on conditions. reference: - https://cloud.google.com/storage/docs/lifecycle - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-storage,lifecycle-management,cost-optimization,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/storage/gcloud-object-encryption-cmk-not-enabled.yaml b/cloud/gcp/storage/gcloud-object-encryption-cmk-not-enabled.yaml index 884c2dcd723..0ed40aecfd5 100644 --- a/cloud/gcp/storage/gcloud-object-encryption-cmk-not-enabled.yaml +++ b/cloud/gcp/storage/gcloud-object-encryption-cmk-not-enabled.yaml @@ -12,9 +12,8 @@ info: Configure your Cloud Storage buckets to use Customer-Managed Keys (CMKs) for encryption to enhance data security and comply with organizational policies. reference: - https://cloud.google.com/storage/docs/encryption/customer-managed-keys - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-storage,encryption,cmk,security,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/storage/gcloud-object-versioning-not-enabled.yaml b/cloud/gcp/storage/gcloud-object-versioning-not-enabled.yaml index 9c8c0934a7c..e5bdda141a9 100644 --- a/cloud/gcp/storage/gcloud-object-versioning-not-enabled.yaml +++ b/cloud/gcp/storage/gcloud-object-versioning-not-enabled.yaml @@ -12,9 +12,8 @@ info: Enable object versioning for your Cloud Storage buckets to preserve object versions and allow for data recovery. reference: - https://cloud.google.com/storage/docs/object-versioning - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-storage,object-versioning,backup,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/storage/gcloud-public-access-prevention-not-enabled.yaml b/cloud/gcp/storage/gcloud-public-access-prevention-not-enabled.yaml index 2944ed86769..9f3e3481e5b 100644 --- a/cloud/gcp/storage/gcloud-public-access-prevention-not-enabled.yaml +++ b/cloud/gcp/storage/gcloud-public-access-prevention-not-enabled.yaml @@ -12,9 +12,8 @@ info: Enable the Public Access Prevention feature for your Cloud Storage buckets to restrict public access and secure your data. reference: - https://cloud.google.com/storage/docs/public-access-prevention - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-storage,security,public-access-prevention,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/storage/gcloud-publicly-accessible-storage-buckets.yaml b/cloud/gcp/storage/gcloud-publicly-accessible-storage-buckets.yaml index 230b8a9b4db..2faf8cc750d 100644 --- a/cloud/gcp/storage/gcloud-publicly-accessible-storage-buckets.yaml +++ b/cloud/gcp/storage/gcloud-publicly-accessible-storage-buckets.yaml @@ -12,9 +12,8 @@ info: Update the IAM policy of your Google Cloud Storage buckets to remove bindings for "allUsers" and "allAuthenticatedUsers" members, restricting access to authorized users only. reference: - https://cloud.google.com/storage/docs/access-control/iam - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-storage,iam,security,public-access,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/storage/gcloud-secure-cors-configuration.yaml b/cloud/gcp/storage/gcloud-secure-cors-configuration.yaml index f634d721e50..036e630160d 100644 --- a/cloud/gcp/storage/gcloud-secure-cors-configuration.yaml +++ b/cloud/gcp/storage/gcloud-secure-cors-configuration.yaml @@ -12,9 +12,8 @@ info: Update the CORS configuration for your Cloud Storage buckets to only allow trusted origins defined by your organization’s policy. reference: - https://cloud.google.com/storage/docs/configuring-cors - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-storage,cors,security,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/storage/gcloud-storage-logs-not-enabled.yaml b/cloud/gcp/storage/gcloud-storage-logs-not-enabled.yaml index c9cabe2ce18..6bf8234d0c5 100644 --- a/cloud/gcp/storage/gcloud-storage-logs-not-enabled.yaml +++ b/cloud/gcp/storage/gcloud-storage-logs-not-enabled.yaml @@ -12,9 +12,8 @@ info: Enable usage and storage logs for your Google Cloud Storage buckets to gain visibility into bucket activity and ensure audit compliance. reference: - https://cloud.google.com/storage/docs/access-logs - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-storage,logging,security,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/storage/gcloud-uniform-bucket-level-access-not-enabled.yaml b/cloud/gcp/storage/gcloud-uniform-bucket-level-access-not-enabled.yaml index b50ce9ca2d0..80739994ccd 100644 --- a/cloud/gcp/storage/gcloud-uniform-bucket-level-access-not-enabled.yaml +++ b/cloud/gcp/storage/gcloud-uniform-bucket-level-access-not-enabled.yaml @@ -12,9 +12,8 @@ info: Enable uniform bucket-level access for your Google Cloud Storage buckets to manage permissions uniformly and improve security. reference: - https://cloud.google.com/storage/docs/uniform-bucket-level-access - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-storage,security,access-control,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/storage/gcloud-vpc-service-controls-not-configured.yaml b/cloud/gcp/storage/gcloud-vpc-service-controls-not-configured.yaml index cdd95ace65a..a1c8c8b3545 100644 --- a/cloud/gcp/storage/gcloud-vpc-service-controls-not-configured.yaml +++ b/cloud/gcp/storage/gcloud-vpc-service-controls-not-configured.yaml @@ -12,9 +12,8 @@ info: Configure VPC Service Controls with a security perimeter that includes the Cloud Storage service (storage.googleapis.com) to protect your sensitive data. reference: - https://cloud.google.com/vpc-service-controls/docs/overview - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-storage,vpc-service-controls,security,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vertexai/gcloud-vertexai-auto-upgrades.yaml b/cloud/gcp/vertexai/gcloud-vertexai-auto-upgrades.yaml index ad34d82091c..a4ccdf9fbf0 100644 --- a/cloud/gcp/vertexai/gcloud-vertexai-auto-upgrades.yaml +++ b/cloud/gcp/vertexai/gcloud-vertexai-auto-upgrades.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/VertexAI/enable-auto-upgrades.html - https://cloud.google.com/vertex-ai/docs/workbench/user-managed/manage-instance - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,vertexai,security,upgrades,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vertexai/gcloud-vertexai-default-vpc.yaml b/cloud/gcp/vertexai/gcloud-vertexai-default-vpc.yaml index 30c4f7bb73a..84a5dac8e90 100644 --- a/cloud/gcp/vertexai/gcloud-vertexai-default-vpc.yaml +++ b/cloud/gcp/vertexai/gcloud-vertexai-default-vpc.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/VertexAI/default-vpc-in-use.html - https://cloud.google.com/vertex-ai/docs/workbench/user-managed/create-instance - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,vertexai,networking,security,vpc,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vertexai/gcloud-vertexai-external-ip.yaml b/cloud/gcp/vertexai/gcloud-vertexai-external-ip.yaml index 11413706f3f..82a3be87f0a 100644 --- a/cloud/gcp/vertexai/gcloud-vertexai-external-ip.yaml +++ b/cloud/gcp/vertexai/gcloud-vertexai-external-ip.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/VertexAI/prevent-external-ip-usage.html - https://cloud.google.com/vertex-ai/docs/workbench/user-managed/manage-instance - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,vertexai,security,networking,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vertexai/gcloud-vertexai-idle-shutdown.yaml b/cloud/gcp/vertexai/gcloud-vertexai-idle-shutdown.yaml index 310819b8d1e..0f7ee303313 100644 --- a/cloud/gcp/vertexai/gcloud-vertexai-idle-shutdown.yaml +++ b/cloud/gcp/vertexai/gcloud-vertexai-idle-shutdown.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/VertexAI/enable-idle-shutdown.html - https://cloud.google.com/vertex-ai/docs/workbench/user-managed/manage-instance - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,vertexai,cost-optimization,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vertexai/gcloud-vertexai-integrity.yaml b/cloud/gcp/vertexai/gcloud-vertexai-integrity.yaml index f502f507a9d..3954b599003 100644 --- a/cloud/gcp/vertexai/gcloud-vertexai-integrity.yaml +++ b/cloud/gcp/vertexai/gcloud-vertexai-integrity.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/VertexAI/enable-integrity-monitoring.html - https://cloud.google.com/vertex-ai/docs/workbench/user-managed/manage-instance - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,vertexai,security,integrity,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vertexai/gcloud-vertexai-monitoring.yaml b/cloud/gcp/vertexai/gcloud-vertexai-monitoring.yaml index 59f331019f2..516c446c5b3 100644 --- a/cloud/gcp/vertexai/gcloud-vertexai-monitoring.yaml +++ b/cloud/gcp/vertexai/gcloud-vertexai-monitoring.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/VertexAI/enable-cloud-monitoring.html - https://cloud.google.com/vertex-ai/docs/workbench/user-managed/manage-instance - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,vertexai,security,monitoring,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vertexai/gcloud-vertexai-root-access.yaml b/cloud/gcp/vertexai/gcloud-vertexai-root-access.yaml index c431f70374a..3719a26a3d8 100644 --- a/cloud/gcp/vertexai/gcloud-vertexai-root-access.yaml +++ b/cloud/gcp/vertexai/gcloud-vertexai-root-access.yaml @@ -13,9 +13,8 @@ info: reference: - https://trendmicro.com/cloudoneconformity/knowledge-base/gcp/VertexAI/disable-root-access.html - https://cloud.google.com/vertex-ai/docs/workbench/user-managed/manage-instance - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,vertexai,security,root-access,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vertexai/gcloud-vertexai-secure-boot.yaml b/cloud/gcp/vertexai/gcloud-vertexai-secure-boot.yaml index db8b97fc297..1ed7daabe53 100644 --- a/cloud/gcp/vertexai/gcloud-vertexai-secure-boot.yaml +++ b/cloud/gcp/vertexai/gcloud-vertexai-secure-boot.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/VertexAI/enable-secure-boot.html - https://cloud.google.com/vertex-ai/docs/workbench/user-managed/manage-instance - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,vertexai,security,secure-boot,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vertexai/gcloud-vertexai-vtpm.yaml b/cloud/gcp/vertexai/gcloud-vertexai-vtpm.yaml index e83836c2b40..1c882c3f006 100644 --- a/cloud/gcp/vertexai/gcloud-vertexai-vtpm.yaml +++ b/cloud/gcp/vertexai/gcloud-vertexai-vtpm.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/VertexAI/enable-vtpm.html - https://cloud.google.com/vertex-ai/docs/workbench/user-managed/manage-instance - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,vertexai,security,vtpm,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vpc/gcloud-check-legacy-networks.yaml b/cloud/gcp/vpc/gcloud-check-legacy-networks.yaml index b474a5c9331..1a7836b8f9d 100644 --- a/cloud/gcp/vpc/gcloud-check-legacy-networks.yaml +++ b/cloud/gcp/vpc/gcloud-check-legacy-networks.yaml @@ -12,9 +12,8 @@ info: Migrate your GCP project from legacy networks to Virtual Private Cloud (VPC) networks to utilize the latest networking capabilities. reference: - https://cloud.google.com/vpc/docs/vpc - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,vpc,networking,security,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vpc/gcloud-default-vpc-in-use.yaml b/cloud/gcp/vpc/gcloud-default-vpc-in-use.yaml index e2b47bb6200..f145e2708c6 100644 --- a/cloud/gcp/vpc/gcloud-default-vpc-in-use.yaml +++ b/cloud/gcp/vpc/gcloud-default-vpc-in-use.yaml @@ -12,9 +12,8 @@ info: Delete the default VPC network and create custom VPC networks with tailored configurations to meet your organization's security and networking requirements. reference: - https://cloud.google.com/vpc/docs/vpc - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,google-cloud-vpc,networking,security,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vpc/gcloud-dns-logging-not-enabled.yaml b/cloud/gcp/vpc/gcloud-dns-logging-not-enabled.yaml index 59106fd70d6..6c8d39e3299 100644 --- a/cloud/gcp/vpc/gcloud-dns-logging-not-enabled.yaml +++ b/cloud/gcp/vpc/gcloud-dns-logging-not-enabled.yaml @@ -12,9 +12,8 @@ info: Enable Cloud DNS logging for your VPC networks to monitor and analyze DNS query activity for better security and compliance. reference: - https://cloud.google.com/dns/docs/policies - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,google-cloud-dns,logging,security,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vpc/gcloud-enable-vpc-flow-logs.yaml b/cloud/gcp/vpc/gcloud-enable-vpc-flow-logs.yaml index 441118d3a6b..2e5445dd737 100644 --- a/cloud/gcp/vpc/gcloud-enable-vpc-flow-logs.yaml +++ b/cloud/gcp/vpc/gcloud-enable-vpc-flow-logs.yaml @@ -12,9 +12,8 @@ info: Enable VPC Flow Logs for your VPC subnets to gain insights into network traffic and support network security, compliance, and operational monitoring. reference: - https://cloud.google.com/vpc/docs/using-flow-logs - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,google-cloud-vpc,flow-logs,networking,security,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vpc/gcloud-exclude-metadata-from-firewall-logging.yaml b/cloud/gcp/vpc/gcloud-exclude-metadata-from-firewall-logging.yaml index a0fb027351e..1703b9ce1fb 100644 --- a/cloud/gcp/vpc/gcloud-exclude-metadata-from-firewall-logging.yaml +++ b/cloud/gcp/vpc/gcloud-exclude-metadata-from-firewall-logging.yaml @@ -12,9 +12,8 @@ info: Update the VPC firewall logging configuration to exclude metadata from the logs and reduce storage costs while maintaining logging efficiency. reference: - https://cloud.google.com/vpc/docs/using-firewall-rules-logging - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-vpc,firewall-logging,security,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vpc/gcloud-firewall-rule-logging-not-enabled.yaml b/cloud/gcp/vpc/gcloud-firewall-rule-logging-not-enabled.yaml index 103e5c99136..f2170cd895d 100644 --- a/cloud/gcp/vpc/gcloud-firewall-rule-logging-not-enabled.yaml +++ b/cloud/gcp/vpc/gcloud-firewall-rule-logging-not-enabled.yaml @@ -12,9 +12,8 @@ info: Enable logging for your VPC firewall rules to capture connection details, including traffic source, destination, and actions taken by the rules. reference: - https://cloud.google.com/vpc/docs/using-firewall-rules-logging - metadata: - max-request: 3 tags: cloud,devops,gcp,gcloud,google-cloud-vpc,firewall-logging,security,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vpc/gcloud-unrestricted-dns-access.yaml b/cloud/gcp/vpc/gcloud-unrestricted-dns-access.yaml index e3a1a3443ce..18aa1ce0179 100644 --- a/cloud/gcp/vpc/gcloud-unrestricted-dns-access.yaml +++ b/cloud/gcp/vpc/gcloud-unrestricted-dns-access.yaml @@ -12,9 +12,8 @@ info: Update your VPC firewall rules to allow DNS traffic only from trusted IP addresses or ranges. reference: - https://cloud.google.com/vpc/docs/firewalls - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,vpc,firewall,dns,security,networking,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vpc/gcloud-unrestricted-ftp-access.yaml b/cloud/gcp/vpc/gcloud-unrestricted-ftp-access.yaml index 184913f066d..02996a79db5 100644 --- a/cloud/gcp/vpc/gcloud-unrestricted-ftp-access.yaml +++ b/cloud/gcp/vpc/gcloud-unrestricted-ftp-access.yaml @@ -12,9 +12,8 @@ info: Update your VPC firewall rules to allow FTP traffic only from trusted IP addresses or ranges. reference: - https://cloud.google.com/vpc/docs/firewalls - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,vpc,firewall,ftp,security,networking,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vpc/gcloud-unrestricted-icmp-access.yaml b/cloud/gcp/vpc/gcloud-unrestricted-icmp-access.yaml index 9968db7f5f3..3d6c9c1ae9c 100644 --- a/cloud/gcp/vpc/gcloud-unrestricted-icmp-access.yaml +++ b/cloud/gcp/vpc/gcloud-unrestricted-icmp-access.yaml @@ -12,9 +12,8 @@ info: Update your VPC firewall rules to restrict ICMP-based access to trusted IP addresses or ranges only. reference: - https://cloud.google.com/vpc/docs/firewalls - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,vpc,firewall,icmp,security,networking,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vpc/gcloud-unrestricted-inbound-uncommon-ports.yaml b/cloud/gcp/vpc/gcloud-unrestricted-inbound-uncommon-ports.yaml index ce836da06e6..2bf2830a052 100644 --- a/cloud/gcp/vpc/gcloud-unrestricted-inbound-uncommon-ports.yaml +++ b/cloud/gcp/vpc/gcloud-unrestricted-inbound-uncommon-ports.yaml @@ -12,9 +12,8 @@ info: Update your VPC firewall rules to allow traffic only to common ports required for your applications, and restrict access to uncommon ports. reference: - https://cloud.google.com/vpc/docs/firewalls - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,vpc,firewall,security,networking,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vpc/gcloud-unrestricted-mysql-access.yaml b/cloud/gcp/vpc/gcloud-unrestricted-mysql-access.yaml index 265f62bfd28..8fbeeb449fe 100644 --- a/cloud/gcp/vpc/gcloud-unrestricted-mysql-access.yaml +++ b/cloud/gcp/vpc/gcloud-unrestricted-mysql-access.yaml @@ -12,9 +12,8 @@ info: Update your VPC firewall rules to allow MySQL traffic only from trusted IP addresses or ranges. reference: - https://cloud.google.com/vpc/docs/firewalls - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,vpc,firewall,security,mysql,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vpc/gcloud-unrestricted-oracle-db-access.yaml b/cloud/gcp/vpc/gcloud-unrestricted-oracle-db-access.yaml index 76e015e19b0..fcf0ff9dd77 100644 --- a/cloud/gcp/vpc/gcloud-unrestricted-oracle-db-access.yaml +++ b/cloud/gcp/vpc/gcloud-unrestricted-oracle-db-access.yaml @@ -12,9 +12,8 @@ info: Update your VPC firewall rules to allow Oracle Database traffic only from trusted IP addresses or ranges. reference: - https://cloud.google.com/vpc/docs/firewalls - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,vpc,firewall,security,oracle,db,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vpc/gcloud-unrestricted-outbound-access.yaml b/cloud/gcp/vpc/gcloud-unrestricted-outbound-access.yaml index 23e29732ca4..091d4f42306 100644 --- a/cloud/gcp/vpc/gcloud-unrestricted-outbound-access.yaml +++ b/cloud/gcp/vpc/gcloud-unrestricted-outbound-access.yaml @@ -12,9 +12,8 @@ info: Update your VPC firewall rules to restrict outbound traffic to trusted IP addresses and ports only. reference: - https://cloud.google.com/vpc/docs/firewalls - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,vpc,firewall,security,networking,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vpc/gcloud-unrestricted-postgresql-access.yaml b/cloud/gcp/vpc/gcloud-unrestricted-postgresql-access.yaml index 5d3885daa16..0c2a256eb79 100644 --- a/cloud/gcp/vpc/gcloud-unrestricted-postgresql-access.yaml +++ b/cloud/gcp/vpc/gcloud-unrestricted-postgresql-access.yaml @@ -12,9 +12,8 @@ info: Update your VPC firewall rules to allow PostgreSQL traffic only from trusted IP addresses or ranges. reference: - https://cloud.google.com/vpc/docs/firewalls - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,vpc,firewall,security,postgresql,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vpc/gcloud-unrestricted-rdp-access.yaml b/cloud/gcp/vpc/gcloud-unrestricted-rdp-access.yaml index 2ae542e96b3..3f8974d0a6a 100644 --- a/cloud/gcp/vpc/gcloud-unrestricted-rdp-access.yaml +++ b/cloud/gcp/vpc/gcloud-unrestricted-rdp-access.yaml @@ -12,9 +12,8 @@ info: Update your VPC firewall rules to allow RDP traffic only from trusted IP addresses or ranges. reference: - https://cloud.google.com/vpc/docs/firewalls - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,vpc,firewall,security,rdp,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vpc/gcloud-unrestricted-rpc-access.yaml b/cloud/gcp/vpc/gcloud-unrestricted-rpc-access.yaml index bf7edda2009..b05ce34a8a5 100644 --- a/cloud/gcp/vpc/gcloud-unrestricted-rpc-access.yaml +++ b/cloud/gcp/vpc/gcloud-unrestricted-rpc-access.yaml @@ -12,9 +12,8 @@ info: Update your VPC firewall rules to allow RPC traffic only from trusted IP addresses or ranges. reference: - https://cloud.google.com/vpc/docs/firewalls - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,vpc,firewall,security,rpc,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vpc/gcloud-unrestricted-smtp-access.yaml b/cloud/gcp/vpc/gcloud-unrestricted-smtp-access.yaml index 91f9f462fb0..1e9fe4f8194 100644 --- a/cloud/gcp/vpc/gcloud-unrestricted-smtp-access.yaml +++ b/cloud/gcp/vpc/gcloud-unrestricted-smtp-access.yaml @@ -12,9 +12,8 @@ info: Update your VPC firewall rules to allow SMTP traffic only from trusted IP addresses or ranges. reference: - https://cloud.google.com/vpc/docs/firewalls - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,vpc,firewall,security,smtp,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vpc/gcloud-unrestricted-sqlserver-access.yaml b/cloud/gcp/vpc/gcloud-unrestricted-sqlserver-access.yaml index cd504346058..561d517931f 100644 --- a/cloud/gcp/vpc/gcloud-unrestricted-sqlserver-access.yaml +++ b/cloud/gcp/vpc/gcloud-unrestricted-sqlserver-access.yaml @@ -12,9 +12,8 @@ info: Update your VPC firewall rules to allow SQL Server traffic only from trusted IP addresses or ranges. reference: - https://cloud.google.com/vpc/docs/firewalls - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,vpc,firewall,security,sqlserver,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vpc/gcloud-unrestricted-ssh-access.yaml b/cloud/gcp/vpc/gcloud-unrestricted-ssh-access.yaml index d3eb47fad93..61641366833 100644 --- a/cloud/gcp/vpc/gcloud-unrestricted-ssh-access.yaml +++ b/cloud/gcp/vpc/gcloud-unrestricted-ssh-access.yaml @@ -12,9 +12,8 @@ info: Update your VPC firewall rules to allow SSH traffic only from trusted IP addresses or ranges. reference: - https://cloud.google.com/vpc/docs/firewalls - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,vpc,firewall,security,ssh,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vpc/gcloud-vpc-firewall-port-ranges.yaml b/cloud/gcp/vpc/gcloud-vpc-firewall-port-ranges.yaml index 33eb76e1f01..8ac0993639b 100644 --- a/cloud/gcp/vpc/gcloud-vpc-firewall-port-ranges.yaml +++ b/cloud/gcp/vpc/gcloud-vpc-firewall-port-ranges.yaml @@ -12,9 +12,8 @@ info: Update your VPC firewall rules to allow only specific ports required for your applications, rather than a range of ports. reference: - https://cloud.google.com/vpc/docs/firewalls - metadata: - max-request: 4 tags: cloud,devops,gcp,gcloud,vpc,firewall,security,networking,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vpc/gcloud-vpc-private-service-connect.yaml b/cloud/gcp/vpc/gcloud-vpc-private-service-connect.yaml index 2f5d551c861..53dea34a225 100644 --- a/cloud/gcp/vpc/gcloud-vpc-private-service-connect.yaml +++ b/cloud/gcp/vpc/gcloud-vpc-private-service-connect.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/VPC/vpc-with-private-service-connect-endpoints.html - https://cloud.google.com/vpc/docs/private-service-connect - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,vpc,networking,security,psc,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/gcp/vpc/gcloud-vpc-unattached-static-ips.yaml b/cloud/gcp/vpc/gcloud-vpc-unattached-static-ips.yaml index bafc7e4f916..20508468ed9 100644 --- a/cloud/gcp/vpc/gcloud-vpc-unattached-static-ips.yaml +++ b/cloud/gcp/vpc/gcloud-vpc-unattached-static-ips.yaml @@ -13,9 +13,8 @@ info: reference: - https://www.trendmicro.com/cloudoneconformity/knowledge-base/gcp/VPC/unattached-static-ip-address.html - https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address - metadata: - max-request: 2 tags: cloud,devops,gcp,gcloud,vpc,networking,cost-optimization,gcp-cloud-config + flow: | code(1) for(let projectId of iterate(template.projectIds)){ diff --git a/cloud/kubernetes/cves/2025/CVE-2025-1974-k8s.yaml b/cloud/kubernetes/cves/2025/CVE-2025-1974-k8s.yaml index ca207a235d9..4b39a9b5f41 100644 --- a/cloud/kubernetes/cves/2025/CVE-2025-1974-k8s.yaml +++ b/cloud/kubernetes/cves/2025/CVE-2025-1974-k8s.yaml @@ -12,9 +12,8 @@ info: reference: - https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities - https://projectdiscovery.io/blog/ingressnightmare-unauth-rce-in-ingress-nginx - metadata: - max-request: 2 tags: cve,cve2025,cloud,devops,kubernetes,ingress,nginx,k8s,k8s-cluster-security + flow: | code(1); for (let pod of template.items) { diff --git a/cloud/kubernetes/deployments/k8s-cpu-limits-not-set.yaml b/cloud/kubernetes/deployments/k8s-cpu-limits-not-set.yaml index 6c10449ba75..05a4a29d35f 100644 --- a/cloud/kubernetes/deployments/k8s-cpu-limits-not-set.yaml +++ b/cloud/kubernetes/deployments/k8s-cpu-limits-not-set.yaml @@ -11,9 +11,8 @@ info: Set CPU limits for all containers in Kubernetes Deployments to ensure fair CPU resource distribution and prevent performance issues. reference: - https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/ - metadata: - max-request: 2 tags: cloud,devops,kubernetes,k8s,devsecops,deployments,k8s-cluster-security + flow: | code(1); for (let deployment of template.items) { diff --git a/cloud/kubernetes/deployments/k8s-cpu-requests-not-set.yaml b/cloud/kubernetes/deployments/k8s-cpu-requests-not-set.yaml index 6a964526c39..28d346dcb45 100644 --- a/cloud/kubernetes/deployments/k8s-cpu-requests-not-set.yaml +++ b/cloud/kubernetes/deployments/k8s-cpu-requests-not-set.yaml @@ -11,9 +11,8 @@ info: Set CPU requests for all containers in Kubernetes Deplayments to ensure efficient scheduling and resource allocation. reference: - https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/ - metadata: - max-request: 2 tags: cloud,devops,kubernetes,k8s,devsecops,deployments,k8s-cluster-security + flow: | code(1); for (let deployment of template.items) { diff --git a/cloud/kubernetes/deployments/k8s-default-namespace-used.yaml b/cloud/kubernetes/deployments/k8s-default-namespace-used.yaml index d1362b52a7a..93e3f79f686 100644 --- a/cloud/kubernetes/deployments/k8s-default-namespace-used.yaml +++ b/cloud/kubernetes/deployments/k8s-default-namespace-used.yaml @@ -11,9 +11,8 @@ info: Avoid using the default namespace for Kubernetes Deployments. Create and specify dedicated namespaces tailored to specific applications or teams to enhance security and manage resources effectively. reference: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - metadata: - max-request: 2 tags: cloud,devops,kubernetes,k8s,devsecops,namespaces,k8s-cluster-security + flow: | code(1); for (let deployment of template.items) { diff --git a/cloud/kubernetes/deployments/k8s-host-ports-check.yaml b/cloud/kubernetes/deployments/k8s-host-ports-check.yaml index 33540bf8f1c..61e7c185384 100644 --- a/cloud/kubernetes/deployments/k8s-host-ports-check.yaml +++ b/cloud/kubernetes/deployments/k8s-host-ports-check.yaml @@ -11,9 +11,8 @@ info: Avoid using host ports in Kubernetes Deployments. Use services or other networking mechanisms to expose container applications. reference: - https://kubernetes.io/docs/concepts/services-networking/service/ - metadata: - max-request: 2 tags: cloud,devops,kubernetes,devsecops,deployments,k8s,k8s-cluster-security + flow: | code(1); for (let deployment of template.items) { diff --git a/cloud/kubernetes/deployments/k8s-image-pull-policy-always.yaml b/cloud/kubernetes/deployments/k8s-image-pull-policy-always.yaml index d2139c1cee3..1110b11408f 100644 --- a/cloud/kubernetes/deployments/k8s-image-pull-policy-always.yaml +++ b/cloud/kubernetes/deployments/k8s-image-pull-policy-always.yaml @@ -10,9 +10,8 @@ info: remediation: Update the image pull policy in Kubernetes Deployments to 'Always' to ensure that the latest container images are always used. reference: - https://kubernetes.io/docs/concepts/containers/images/#updating-images - metadata: - max-request: 2 tags: cloud,devops,kubernetes,k8s,devsecops,deployments,images,docker,k8s-cluster-security + flow: | code(1); for (let deployment of template.items) { diff --git a/cloud/kubernetes/deployments/k8s-image-tag-not-fixed.yaml b/cloud/kubernetes/deployments/k8s-image-tag-not-fixed.yaml index 48998187a48..686fae42b4a 100644 --- a/cloud/kubernetes/deployments/k8s-image-tag-not-fixed.yaml +++ b/cloud/kubernetes/deployments/k8s-image-tag-not-fixed.yaml @@ -11,9 +11,8 @@ info: Use specific image tags for all containers in Kubernetes Deployments to ensure reproducibility and stability of application deployments. reference: - https://kubernetes.io/docs/concepts/containers/images/ - metadata: - max-request: 2 tags: cloud,devops,kubernetes,k8s,devsecops,deployments,k8s-cluster-security + flow: | code(1); for (let deployment of template.items) { diff --git a/cloud/kubernetes/deployments/k8s-liveness-probe-not-configured.yaml b/cloud/kubernetes/deployments/k8s-liveness-probe-not-configured.yaml index fa87d87c9e0..a5bd5b55255 100644 --- a/cloud/kubernetes/deployments/k8s-liveness-probe-not-configured.yaml +++ b/cloud/kubernetes/deployments/k8s-liveness-probe-not-configured.yaml @@ -10,9 +10,8 @@ info: remediation: Configure liveness probes for all containers in Kubernetes Deployments to ensure proper health checks and automatic restarts of failing containers reference: - https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ - metadata: - max-request: 2 tags: cloud,devops,kubernetes,k8s,devsecops,deployments,k8s-cluster-security + flow: | code(1); for (let deployment of template.items) { diff --git a/cloud/kubernetes/deployments/k8s-memory-limits-not-set.yaml b/cloud/kubernetes/deployments/k8s-memory-limits-not-set.yaml index 79a253aa1a5..1bf64ed0c83 100644 --- a/cloud/kubernetes/deployments/k8s-memory-limits-not-set.yaml +++ b/cloud/kubernetes/deployments/k8s-memory-limits-not-set.yaml @@ -10,9 +10,8 @@ info: remediation: Set memory limits for all containers in Kubernetes Deployments to ensure resource management and application stability reference: - https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/ - metadata: - max-request: 2 tags: cloud,devops,kubernetes,k8s,devsecops,deployments,k8s-cluster-security + flow: | code(1); for (let deployment of template.items) { diff --git a/cloud/kubernetes/deployments/k8s-memory-requests-not-set.yaml b/cloud/kubernetes/deployments/k8s-memory-requests-not-set.yaml index ba92e810e58..cba22bae273 100644 --- a/cloud/kubernetes/deployments/k8s-memory-requests-not-set.yaml +++ b/cloud/kubernetes/deployments/k8s-memory-requests-not-set.yaml @@ -10,9 +10,8 @@ info: remediation: Set memory requests for all containers in Kubernetes Deployments to ensure efficient pod scheduling and node resource utilization. reference: - https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/ - metadata: - max-request: 2 tags: cloud,devops,kubernetes,k8s,devsecops,deployments,k8s-cluster-security + flow: | code(1); for (let deployment of template.items) { diff --git a/cloud/kubernetes/deployments/k8s-minimize-added-capabilities.yaml b/cloud/kubernetes/deployments/k8s-minimize-added-capabilities.yaml index 964b3c963eb..e02a2a9b5bd 100644 --- a/cloud/kubernetes/deployments/k8s-minimize-added-capabilities.yaml +++ b/cloud/kubernetes/deployments/k8s-minimize-added-capabilities.yaml @@ -11,9 +11,8 @@ info: Ensure that no unnecessary capabilities are added to containers within Kubernetes Deployments. Use security contexts to define the minimum necessary privileges. reference: - https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - metadata: - max-request: 2 tags: cloud,devops,kubernetes,k8s,devsecops,deployments,k8s-cluster-security + flow: | code(1); for (let deployment of template.items) { diff --git a/cloud/kubernetes/deployments/k8s-privileged-container.yaml b/cloud/kubernetes/deployments/k8s-privileged-container.yaml index 4e0daab9a2a..ea8f558540c 100644 --- a/cloud/kubernetes/deployments/k8s-privileged-container.yaml +++ b/cloud/kubernetes/deployments/k8s-privileged-container.yaml @@ -11,9 +11,8 @@ info: Ensure that no container in Kubernetes Deployments runs in privileged mode, as the root user, or with privilege escalation enabled. Modify the security context for each container to set `privileged: false`, `runAsUser` appropriately, and `allowPrivilegeEscalation: false`. reference: - https://kubernetes.io/docs/concepts/policy/pod-security-policy/#privileged - metadata: - max-request: 2 tags: cloud,devops,kubernetes,k8s,devsecops,deployments,k8s-cluster-security + flow: | code(1); for (let deployment of template.items) { diff --git a/cloud/kubernetes/deployments/k8s-readiness-probe-not-set.yaml b/cloud/kubernetes/deployments/k8s-readiness-probe-not-set.yaml index e76e5fe987d..c9b0e12ca93 100644 --- a/cloud/kubernetes/deployments/k8s-readiness-probe-not-set.yaml +++ b/cloud/kubernetes/deployments/k8s-readiness-probe-not-set.yaml @@ -11,9 +11,8 @@ info: Define readiness probes in all containers within your Kubernetes Deployments to ensure that traffic is only routed to containers that are fully prepared to handle it. reference: - https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ - metadata: - max-request: 2 tags: cloud,devops,kubernetes,k8s,devsecops,deployments,k8s-cluster-security + flow: | code(1); for (let deployment of template.items) { diff --git a/cloud/kubernetes/deployments/k8s-root-container-admission.yaml b/cloud/kubernetes/deployments/k8s-root-container-admission.yaml index 67e7909fcd4..c8c6c4cc651 100644 --- a/cloud/kubernetes/deployments/k8s-root-container-admission.yaml +++ b/cloud/kubernetes/deployments/k8s-root-container-admission.yaml @@ -11,9 +11,8 @@ info: Configure security contexts for all pods to run containers with a non-root user. Use Pod Security Policies or OPA/Gatekeeper to enforce these configurations. reference: - https://kubernetes.io/docs/concepts/policy/pod-security-policy/#users-and-groups - metadata: - max-request: 2 tags: cloud,devops,kubernetes,devsecops,deployments,k8s,k8s-cluster-security + flow: | code(1); for (let deployment of template.items) { diff --git a/cloud/kubernetes/deployments/k8s-seccomp-profile-set.yaml b/cloud/kubernetes/deployments/k8s-seccomp-profile-set.yaml index 49e8ec98661..d006e5b8c60 100644 --- a/cloud/kubernetes/deployments/k8s-seccomp-profile-set.yaml +++ b/cloud/kubernetes/deployments/k8s-seccomp-profile-set.yaml @@ -11,9 +11,8 @@ info: Ensure that all containers in Kubernetes Deployments have a seccomp profile of docker/default or runtime/default set in their security contexts. reference: - https://kubernetes.io/docs/tutorials/clusters/seccomp/ - metadata: - max-request: 2 tags: cloud,devops,kubernetes,devsecops,containers,k8s,k8s-cluster-security + flow: | code(1); for (let deployment of template.items) { diff --git a/cloud/kubernetes/network-policies/k8s-netpol-egress-rules.yaml b/cloud/kubernetes/network-policies/k8s-netpol-egress-rules.yaml index b0e920019c7..46f9f50d15c 100644 --- a/cloud/kubernetes/network-policies/k8s-netpol-egress-rules.yaml +++ b/cloud/kubernetes/network-policies/k8s-netpol-egress-rules.yaml @@ -10,9 +10,8 @@ info: remediation: Define egress rules in all network policies to control outbound traffic from your Kubernetes pods, thereby reducing security risks. reference: - https://kubernetes.io/docs/concepts/services-networking/network-policies/ - metadata: - max-request: 2 tags: cloud,devops,kubernetes,devsecops,k8s,k8s-cluster-security + flow: | code(1); for (let policy of template.items) { diff --git a/cloud/kubernetes/network-policies/k8s-netpol-namespace.yaml b/cloud/kubernetes/network-policies/k8s-netpol-namespace.yaml index 8265dc129ad..0bff44b0e81 100644 --- a/cloud/kubernetes/network-policies/k8s-netpol-namespace.yaml +++ b/cloud/kubernetes/network-policies/k8s-netpol-namespace.yaml @@ -11,9 +11,8 @@ info: Ensure that all Network Policies explicitly define a namespace to maintain proper network isolation and security boundaries. reference: - https://kubernetes.io/docs/concepts/services-networking/network-policies/ - metadata: - max-request: 2 tags: cloud,devops,kubernetes,devsecops,k8s,k8s-cluster-security + flow: | code(1); for (let policy of template.items) { diff --git a/cloud/kubernetes/network-policies/k8s-network-ingress-rules.yaml b/cloud/kubernetes/network-policies/k8s-network-ingress-rules.yaml index f210d38ebb0..67fb230760b 100644 --- a/cloud/kubernetes/network-policies/k8s-network-ingress-rules.yaml +++ b/cloud/kubernetes/network-policies/k8s-network-ingress-rules.yaml @@ -11,9 +11,8 @@ info: Define specific ingress rules in all network policies to control the flow of inbound traffic to pods, ensuring only authorized traffic can access cluster resources. reference: - https://kubernetes.io/docs/concepts/services-networking/network-policies/ - metadata: - max-request: 2 tags: cloud,devops,kubernetes,security,k8s,k8s-cluster-security + flow: | code(1); for (let policy of template.items) { diff --git a/cloud/kubernetes/pods/k8s-allow-privilege-escalation-set.yaml b/cloud/kubernetes/pods/k8s-allow-privilege-escalation-set.yaml index b3a0ceffd83..dd3e76b7584 100644 --- a/cloud/kubernetes/pods/k8s-allow-privilege-escalation-set.yaml +++ b/cloud/kubernetes/pods/k8s-allow-privilege-escalation-set.yaml @@ -10,9 +10,8 @@ info: remediation: Ensure that the allowPrivilegeEscalation flag is set to false in all container configurations to minimize security risks reference: - https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - metadata: - max-request: 2 tags: cloud,devops,kubernetes,security,devsecops,containers,k8s,k8s-cluster-security + flow: | code(1); for (let container of template.items) { diff --git a/cloud/kubernetes/pods/k8s-containers-share-host-ipc.yaml b/cloud/kubernetes/pods/k8s-containers-share-host-ipc.yaml index dd1ca8b168a..0f4f074018a 100644 --- a/cloud/kubernetes/pods/k8s-containers-share-host-ipc.yaml +++ b/cloud/kubernetes/pods/k8s-containers-share-host-ipc.yaml @@ -10,9 +10,8 @@ info: remediation: Ensure that no container in Kubernetes Pods is set to share the host IPC namespace. Configure 'spec.hostIPC' to 'false' for all pods to isolate IPC namespaces. reference: - https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - metadata: - max-request: 2 tags: cloud,devops,kubernetes,k8s,devsecops,pods,k8s-cluster-security + flow: | code(1); for (let pod of template.items) { diff --git a/cloud/kubernetes/pods/k8s-host-network-namespace-shared.yaml b/cloud/kubernetes/pods/k8s-host-network-namespace-shared.yaml index 984e65cd340..c232d31e89c 100644 --- a/cloud/kubernetes/pods/k8s-host-network-namespace-shared.yaml +++ b/cloud/kubernetes/pods/k8s-host-network-namespace-shared.yaml @@ -11,9 +11,8 @@ info: Ensure that the 'hostNetwork' field is set to false in all Kubernetes Pods to prevent containers from sharing the host's network namespace. reference: - https://kubernetes.io/docs/concepts/policy/pod-security-policy/#host-namespaces - metadata: - max-request: 2 tags: cloud,devops,kubernetes,k8s,devsecops,namespace,k8s-cluster-security + flow: | code(1); for (let pod of template.items) { diff --git a/cloud/kubernetes/pods/k8s-host-pid-namespace-sharing.yaml b/cloud/kubernetes/pods/k8s-host-pid-namespace-sharing.yaml index 83be1b1e04f..b222d49a0c1 100644 --- a/cloud/kubernetes/pods/k8s-host-pid-namespace-sharing.yaml +++ b/cloud/kubernetes/pods/k8s-host-pid-namespace-sharing.yaml @@ -11,9 +11,8 @@ info: Ensure that the 'hostPID' field is set to 'false' in Kubernetes Pod specifications to prevent containers from sharing the host's PID namespace. reference: - https://kubernetes.io/docs/concepts/policy/pod-security-policy/#host-namespaces - metadata: - max-request: 2 tags: cloud,devops,kubernetes,k8s,devsecops,pods,k8s-cluster-security + flow: | code(1); for (let pod of template.items) { diff --git a/cloud/kubernetes/pods/k8s-readonly-fs.yaml b/cloud/kubernetes/pods/k8s-readonly-fs.yaml index 410af214374..8873b8610d3 100644 --- a/cloud/kubernetes/pods/k8s-readonly-fs.yaml +++ b/cloud/kubernetes/pods/k8s-readonly-fs.yaml @@ -10,9 +10,8 @@ info: remediation: Configure containers to use read-only filesystems where possible to enhance security and minimize risk of unauthorized data modification reference: - https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation - metadata: - max-request: 2 tags: cloud,devops,kubernetes,k8s,devsecops,pods,k8s-cluster-security + flow: | code(1); for (let container of template.items) { diff --git a/cloud/kubernetes/pods/k8s-readonly-rootfs.yaml b/cloud/kubernetes/pods/k8s-readonly-rootfs.yaml index fb23bafb52d..4e02024cb80 100644 --- a/cloud/kubernetes/pods/k8s-readonly-rootfs.yaml +++ b/cloud/kubernetes/pods/k8s-readonly-rootfs.yaml @@ -11,9 +11,8 @@ info: Configure all pods and containers to have their root filesystem set to read-only mode. This can be achieved by setting the securityContext.readOnlyRootFilesystem parameter to true in the pod or container configuration. reference: - https://kubernetes.io/docs/concepts/policy/pod-security-policy/#volumes-and-file-systems - metadata: - max-request: 2 tags: cloud,devops,kubernetes,devsecops,pods,k8s,k8s-cluster-security + flow: | code(1); for (let pod of template.items) { diff --git a/cloud/kubernetes/pods/k8s-root-user-id.yaml b/cloud/kubernetes/pods/k8s-root-user-id.yaml index 3623c531a40..92993086b78 100644 --- a/cloud/kubernetes/pods/k8s-root-user-id.yaml +++ b/cloud/kubernetes/pods/k8s-root-user-id.yaml @@ -10,9 +10,8 @@ info: remediation: Configure pods to run with a non-root user ID by setting the 'securityContext' for each container and the pod itself. reference: - https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - metadata: - max-request: 2 tags: cloud,devops,kubernetes,devsecops,pods,k8s,k8s-cluster-security + flow: | code(1); for (let pod of template.items) { diff --git a/code/cves/2017/CVE-2017-1000353.yaml b/code/cves/2017/CVE-2017-1000353.yaml index 342b410a63e..b93752a64cc 100644 --- a/code/cves/2017/CVE-2017-1000353.yaml +++ b/code/cves/2017/CVE-2017-1000353.yaml @@ -26,10 +26,9 @@ info: - http.favicon.hash:"81586312" - product:"jenkins" - x-jenkins - fofa-query: - - icon_hash=81586312 - - icon_hash="81586312" - tags: packetstorm,cve,cve2017,jenkins,rce,code + fofa-query: icon_hash=81586312 + tags: cve,cve2017,jenkins,rce + variables: OAST: "{{interactsh-url}}" ROOTURL: "{{RootURL}}" diff --git a/code/cves/2019/CVE-2019-14287.yaml b/code/cves/2019/CVE-2019-14287.yaml index f8691333e02..f9c073ef0bc 100644 --- a/code/cves/2019/CVE-2019-14287.yaml +++ b/code/cves/2019/CVE-2019-14287.yaml @@ -17,8 +17,8 @@ info: cvss-score: 8.8 cve-id: CVE-2019-14287 cwe-id: CWE-755 - epss-score: 0.84563 - epss-percentile: 0.9926 + epss-score: 0.30814 + epss-percentile: 0.96854 cpe: cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/code/cves/2020/CVE-2020-13935.yaml b/code/cves/2020/CVE-2020-13935.yaml index c5d1dcd0322..a0983c2734a 100644 --- a/code/cves/2020/CVE-2020-13935.yaml +++ b/code/cves/2020/CVE-2020-13935.yaml @@ -6,6 +6,10 @@ info: severity: high description: | Apache Tomcat versions 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56, and 7.0.27 to 7.0.104 contain a vulnerability in the WebSocket module where the payload length of WebSocket frames is not correctly validated. This can lead to an infinite loop when processing frames with invalid payload lengths. Attackers can exploit this flaw by sending multiple malicious requests, resulting in a denial of service (DoS) on the affected Tomcat instance. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + cvss-score: 7.5 + cve-id: CVE-2020-13935 reference: - http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00084.html - http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00088.html @@ -14,33 +18,12 @@ info: - https://lists.apache.org/thread.html/r4e5d3c09f4dd2923191e972408b40fb8b42dbff0bc7904d44b651e50%40%3Cusers.tomcat.apache.org%3E - https://security.netapp.com/advisory/ntap-20200724-0003/ - https://github.com/RedTeamPentesting/CVE-2020-13935 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H - cvss-score: 7.5 - cve-id: CVE-2020-13935 - cwe-id: CWE-835 - epss-score: 0.92541 - epss-percentile: 0.99721 - cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* metadata: + shodan-query: html:"Apache Tomcat" vendor: apache product: tomcat - shodan-query: - - http.html:"apache tomcat" - - cpe:"cpe:2.3:a:apache:tomcat" - - http.component:"apache tomcat" - - http.html:"jk status manager" - - http.title:"apache tomcat" - - product:"tomcat" - fofa-query: - - body="apache tomcat" - - body="jk status manager" - - server=="apache tomcat" - - title="apache tomcat" - google-query: - - intitle:"apache tomcat" - - site:*/examples/jsp/snp/snoop.jsp - tags: packetstorm,cve,cve2020,tomcat,websocket,dos,code,apache + tags: cve,cve2020,tomcat,websocket,dos,code + flow: http(1) && code(1,2) && code (3) variables: diff --git a/code/cves/2023/CVE-2023-49105.yaml b/code/cves/2023/CVE-2023-49105.yaml index 91476e422f8..4e25e827df2 100644 --- a/code/cves/2023/CVE-2023-49105.yaml +++ b/code/cves/2023/CVE-2023-49105.yaml @@ -17,13 +17,13 @@ info: cvss-score: 9.8 cve-id: CVE-2023-49105 cwe-id: CWE-287 - epss-score: 0.86872 - epss-percentile: 0.99378 - cpe: cpe:2.3:a:owncloud:owncloud_server:*:*:*:*:*:*:*:* + epss-score: 0.18166 + epss-percentile: 0.96172 + cpe: cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: owncloud - product: owncloud_server + product: owncloud shodan-query: - title:"owncloud" - http.title:"owncloud" diff --git a/code/cves/2023/CVE-2023-6246.yaml b/code/cves/2023/CVE-2023-6246.yaml index cf5286b53b6..3f690cf9709 100644 --- a/code/cves/2023/CVE-2023-6246.yaml +++ b/code/cves/2023/CVE-2023-6246.yaml @@ -13,12 +13,12 @@ info: - https://bugzilla.redhat.com/show_bug.cgi?id=2249053 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/ classification: - cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.4 + cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.8 cve-id: CVE-2023-6246 - cwe-id: CWE-122,CWE-787 - epss-score: 0.22699 - epss-percentile: 0.95541 + cwe-id: CWE-787,CWE-122 + epss-score: 0.0077 + epss-percentile: 0.80859 cpe: cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/code/cves/2024/CVE-2024-12356.yaml b/code/cves/2024/CVE-2024-12356.yaml index 2e62b007be7..a9f4f2d4b8c 100644 --- a/code/cves/2024/CVE-2024-12356.yaml +++ b/code/cves/2024/CVE-2024-12356.yaml @@ -8,25 +8,18 @@ info: A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. reference: - https://nvd.nist.gov/vuln/detail/CVE-2024-12356 - - https://www.cve.org/CVERecord?id=CVE-2024-12356 - - https://github.com/20142995/nuclei-templates - - https://github.com/cloudefence/CVE-2024-12356 - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-12356 cwe-id: CWE-77 - epss-score: 0.935 - epss-percentile: 0.99815 cpe: cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:* metadata: - verified: true vendor: beyondtrust product: privileged_remote_access - shodan-query: http.html:"beyondtrust privileged remote access login" - fofa-query: body="beyondtrust privileged remote access login" - tags: cve,beyondtrust,rce,remote-support,privileged-remote-access,code,cve2024,kev + verified: true + tags: cve,cve2024,beyondtrust,rce,remote-support,privileged-remote-access + code: - engine: - sh diff --git a/code/cves/2024/CVE-2024-22120.yaml b/code/cves/2024/CVE-2024-22120.yaml index fbabdba4d81..225fcc9f2dd 100644 --- a/code/cves/2024/CVE-2024-22120.yaml +++ b/code/cves/2024/CVE-2024-22120.yaml @@ -19,8 +19,8 @@ info: cvss-score: 9.1 cve-id: CVE-2024-22120 cwe-id: CWE-20 - epss-score: 0.9369 - epss-percentile: 0.99835 + epss-score: 0.00043 + epss-percentile: 0.09568 metadata: max-request: 1 vendor: zabbix @@ -33,9 +33,8 @@ info: - icon_hash=892542951 - app="zabbix-监控系统" && body="saml" - title="zabbix-server" - - icon_hash="892542951" google-query: intitle:"zabbix-server" - tags: cve,authenticated,zabbix,sqli,code,cve2024 + tags: cve,cve2024,authenticated,zabbix,sqli variables: HOST: "{{Host}}" PORT: "{{Port}}" diff --git a/code/cves/2024/CVE-2024-4340.yaml b/code/cves/2024/CVE-2024-4340.yaml index cb9f4407fd4..117c5e901f7 100644 --- a/code/cves/2024/CVE-2024-4340.yaml +++ b/code/cves/2024/CVE-2024-4340.yaml @@ -6,12 +6,12 @@ info: severity: high description: | Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError. - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2024-4340 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H cvss-score: 7.5 cve-id: CVE-2024-4340 + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2024-4340 tags: cve,cve2024,py,code,dos,python,sqlparse self-contained: true diff --git a/code/cves/2024/CVE-2024-45409.yaml b/code/cves/2024/CVE-2024-45409.yaml index d0a74bba3b5..7abd1fcf042 100644 --- a/code/cves/2024/CVE-2024-45409.yaml +++ b/code/cves/2024/CVE-2024-45409.yaml @@ -15,22 +15,18 @@ info: - https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq - https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2 - https://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass/ - - https://lists.debian.org/debian-lts-announce/2024/11/msg00006.html classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N - cvss-score: 10 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2024-45409 cwe-id: CWE-347 - epss-score: 0.14907 - epss-percentile: 0.9417 - cpe: cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 - vendor: onelogin - product: ruby-saml shodan-query: http.title:"GitLab" + product: gitlab + vendor: gitlab tags: cve,cve2024,saml,auth-bypass,gitlab,code + code: - engine: - py diff --git a/code/cves/2024/CVE-2024-55556.yaml b/code/cves/2024/CVE-2024-55556.yaml index 11ad31ee485..ba2daebfb0e 100644 --- a/code/cves/2024/CVE-2024-55556.yaml +++ b/code/cves/2024/CVE-2024-55556.yaml @@ -22,7 +22,7 @@ info: max-request: 2 shodan-query: 'http.title:"InvoiceShelf"' fofa-query: 'title="InvoiceShelf"' - tags: cve,invoiceshelf,rce,deserialization,code,cve2024 + tags: cve,cve2024,invoiceshelf,rce,deserialization variables: marker: "{{randstr}}" diff --git a/code/cves/2024/CVE-2024-56331.yaml b/code/cves/2024/CVE-2024-56331.yaml index 3a4e581d468..964d2b90ec0 100644 --- a/code/cves/2024/CVE-2024-56331.yaml +++ b/code/cves/2024/CVE-2024-56331.yaml @@ -23,12 +23,11 @@ info: cwe-id: CWE-22 metadata: verified: true - vendor: uptime-kuma + shodan-query: http.title:"Uptime Kuma" product: uptime-kuma - shodan-query: http.title:"uptime kuma" - fofa-query: title="uptime kuma" - google-query: intitle:"uptime kuma" - tags: cve,lfi,uptime-kuma,file-disclosure,code,cve2024 + vendor: uptime-kuma + tags: cve,cve2024,lfi,uptime-kuma,file-disclosure + variables: username: "{{username}}" password: "{{password}}" diff --git a/code/cves/2025/CVE-2025-25291.yaml b/code/cves/2025/CVE-2025-25291.yaml index bf24016a953..8fcfe4513ea 100644 --- a/code/cves/2025/CVE-2025-25291.yaml +++ b/code/cves/2025/CVE-2025-25291.yaml @@ -23,22 +23,20 @@ info: epss-percentile: 0.6872 metadata: verified: true - max-request: 2 vendor: gitlab product: gitlab shodan-query: - - '[http.title:"gitlab" cpe:"cpe:2.3:a:gitlab:gitlab" http.html:"gitlab enterprise edition" http.html:"gitlab-ci.yml"]' + - http.title:"gitlab" - cpe:"cpe:2.3:a:gitlab:gitlab" - http.html:"gitlab enterprise edition" - http.html:"gitlab-ci.yml" - - http.title:"gitlab" fofa-query: - - '[body="gitlab enterprise edition" body="gitlab-ci.yml" title="gitlab"]' - body="gitlab enterprise edition" - body="gitlab-ci.yml" - title="gitlab" google-query: intitle:"gitlab" tags: cve,cve2025,saml,auth-bypass,gitlab,code + code: - engine: - py diff --git a/code/cves/2025/CVE-2025-32433.yaml b/code/cves/2025/CVE-2025-32433.yaml index 14751125bb4..55450c9bc1c 100644 --- a/code/cves/2025/CVE-2025-32433.yaml +++ b/code/cves/2025/CVE-2025-32433.yaml @@ -20,13 +20,14 @@ info: cvss-score: 10 cve-id: CVE-2025-32433 cwe-id: CWE-306 - epss-score: 0.50208 - epss-percentile: 0.97664 + epss-score: 0.00386 + epss-percentile: 0.58724 metadata: verified: true max-request: 1 shodan-query: "Erlang OTP" - tags: cve,cve2025,erlang,otp,ssh,rce,oast,code + tags: cve,cve2025,erlang,otp,ssh,rce,oast + variables: OAST: "{{interactsh-url}}" diff --git a/code/windows/audit/automatic-windows-updates-disabled.yaml b/code/windows/audit/automatic-windows-updates-disabled.yaml index 47530d69293..2600b9a6249 100644 --- a/code/windows/audit/automatic-windows-updates-disabled.yaml +++ b/code/windows/audit/automatic-windows-updates-disabled.yaml @@ -9,7 +9,7 @@ info: Without regular updates, systems may miss important security patches. remediation: | Enable automatic Windows Updates to ensure timely updates for system security. - tags: windows,updates,disabled,windows-audit,code + tags: windows,updates,disabled,windows-audit self-contained: true diff --git a/code/windows/audit/insecure-powershell-execution-policy.yaml b/code/windows/audit/insecure-powershell-execution-policy.yaml index c63b98e7dab..a7168bca0e8 100644 --- a/code/windows/audit/insecure-powershell-execution-policy.yaml +++ b/code/windows/audit/insecure-powershell-execution-policy.yaml @@ -6,12 +6,12 @@ info: severity: medium description: | Checks if the PowerShell Execution Policy is set to an insecure level, which could allow unauthorized or malicious scripts to run. + reference: + - https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7.4 impact: | An insecure Execution Policy can allow unauthorized or malicious scripts to execute, increasing the risk of security breaches and system compromise. remediation: | Set execution policy to RemoteSigned or AllSigned according to your organization's policy. - reference: - - https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7.4 tags: windows,powershell,audit,code self-contained: true diff --git a/code/windows/audit/minimum-password-age-zero.yaml b/code/windows/audit/minimum-password-age-zero.yaml index 00910e8176d..ea2f17dd063 100644 --- a/code/windows/audit/minimum-password-age-zero.yaml +++ b/code/windows/audit/minimum-password-age-zero.yaml @@ -9,7 +9,7 @@ info: Allowing a password age of zero may lead to the rapid reuse of weak passwords, reducing account security. remediation: | Set a reasonable minimum password age to prevent users from reusing old passwords frequently. - tags: windows, password, policy, code, windows-audit,code + tags: windows, password, policy, code, windows-audit self-contained: true diff --git a/code/windows/audit/plaintext-passwords-in-memory.yaml b/code/windows/audit/plaintext-passwords-in-memory.yaml index 4d7a854c39b..28f828940bc 100644 --- a/code/windows/audit/plaintext-passwords-in-memory.yaml +++ b/code/windows/audit/plaintext-passwords-in-memory.yaml @@ -9,7 +9,7 @@ info: Storing passwords in plaintext in memory can expose sensitive credentials to attackers who gain access to memory dumps or can read memory directly, leading to unauthorized access and data breaches. remediation: | Ensure that all sensitive data, especially passwords, are stored in memory in an encrypted or hashed format to mitigate the risk of exposure. - tags: windows,security,credentials,windows-audit,code + tags: windows,security,credentials,windows-audit self-contained: true diff --git a/code/windows/audit/powershell-script-block-logging-disabled.yaml b/code/windows/audit/powershell-script-block-logging-disabled.yaml index 9113005b3a1..9598dc13048 100644 --- a/code/windows/audit/powershell-script-block-logging-disabled.yaml +++ b/code/windows/audit/powershell-script-block-logging-disabled.yaml @@ -6,12 +6,12 @@ info: severity: medium description: | Disabling script block logging reduces visibility into executed scripts, making it harder to detect and investigate malicious PowerShell activity. + reference: + - https://www.elastic.co/guide/en/security/7.17/prebuilt-rule-0-16-1-powershell-script-block-logging-disabled.html impact: | Lack of script block logging allows malicious PowerShell activity to go unnoticed, increasing security risks and reducing forensic capabilities. remediation: | Enable PowerShell script block logging in Group Policy or Registry. - reference: - - https://www.elastic.co/guide/en/security/7.17/prebuilt-rule-0-16-1-powershell-script-block-logging-disabled.html tags: windows,powershell,audit,code self-contained: true diff --git a/code/windows/audit/remote-assistance-enabled.yaml b/code/windows/audit/remote-assistance-enabled.yaml index 061a4d3d46f..4f0c42c75c5 100644 --- a/code/windows/audit/remote-assistance-enabled.yaml +++ b/code/windows/audit/remote-assistance-enabled.yaml @@ -9,7 +9,7 @@ info: Enabling Remote Assistance can lead to unauthorized access. remediation: | Disable Remote Assistance to comply with security policy. - tags: remote-assistance, misconfiguration, windows-audit,code + tags: remote-assistance, misconfiguration, windows-audit self-contained: true diff --git a/code/windows/audit/remote-desktop-default-port.yaml b/code/windows/audit/remote-desktop-default-port.yaml index f091e62727d..8b41f99aa65 100644 --- a/code/windows/audit/remote-desktop-default-port.yaml +++ b/code/windows/audit/remote-desktop-default-port.yaml @@ -10,7 +10,7 @@ info: Exposure of the default RDP port (TCP 3389) increases the risk of brute-force attacks and unauthorized access. This can lead to system compromise, data breaches, and ransomware deployment. remediation: | Change the default RDP listening port to a non-standard port to reduce exposure. - tags: windows,rdp,audit,code + tags: windows,rdp,audit self-contained: true diff --git a/code/windows/audit/windows-defender-realtime-protection-disabled.yaml b/code/windows/audit/windows-defender-realtime-protection-disabled.yaml index 676cd0f6df9..15e9d476182 100644 --- a/code/windows/audit/windows-defender-realtime-protection-disabled.yaml +++ b/code/windows/audit/windows-defender-realtime-protection-disabled.yaml @@ -9,7 +9,7 @@ info: Disabling real-time protection increases the risk of malware infections. remediation: | Enable Windows Defender real-time protection to secure the system. - tags: windows,defender,windows-audit,code + tags: windows,defender,windows-audit self-contained: true diff --git a/dast/cves/2022/CVE-2022-22965.yaml b/dast/cves/2022/CVE-2022-22965.yaml index 7a28d223cd1..9a088229394 100644 --- a/dast/cves/2022/CVE-2022-22965.yaml +++ b/dast/cves/2022/CVE-2022-22965.yaml @@ -24,7 +24,7 @@ info: max-request: 1 vendor: vmware product: spring_framework - tags: packetstorm,cve,cve2024,dast,spring,rce,kev,vmware + tags: packetstorm,cve,cve2024,dast,spring,rce,kev http: - pre-condition: diff --git a/dast/cves/2022/CVE-2022-42889.yaml b/dast/cves/2022/CVE-2022-42889.yaml index 6f61bfc2eb3..8f8e0a32cdc 100644 --- a/dast/cves/2022/CVE-2022-42889.yaml +++ b/dast/cves/2022/CVE-2022-42889.yaml @@ -18,13 +18,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-42889 cwe-id: CWE-94 - epss-score: 0.94161 - epss-percentile: 0.99903 - cpe: cpe:2.3:a:apache:commons_text:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: apache - product: commons_text confidence: tenative tags: cve,cve2022,rce,oast,text4shell,dast diff --git a/dast/cves/2024/CVE-2024-2961.yaml b/dast/cves/2024/CVE-2024-2961.yaml index 4c56b0d6608..2fa3e13642d 100644 --- a/dast/cves/2024/CVE-2024-2961.yaml +++ b/dast/cves/2024/CVE-2024-2961.yaml @@ -20,9 +20,8 @@ info: cwe-id: CWE-787 epss-score: 0.00046 epss-percentile: 0.17937 - metadata: - max-request: 2 tags: cve,cve2024,php,iconv,glibc,lfr,rce,dast + flow: http(1) && http(2) http: diff --git a/dast/vulnerabilities/cmdi/python-code-injection.yaml b/dast/vulnerabilities/cmdi/python-code-injection.yaml index 4c2eeb83c98..94303075599 100644 --- a/dast/vulnerabilities/cmdi/python-code-injection.yaml +++ b/dast/vulnerabilities/cmdi/python-code-injection.yaml @@ -4,8 +4,6 @@ info: name: Python Code Injection author: ritikchaddha severity: high - metadata: - max-request: 10 tags: python,dast,injection,cmdi variables: diff --git a/dast/vulnerabilities/injection/csv-injection.yaml b/dast/vulnerabilities/injection/csv-injection.yaml index 138ce13ff80..a1bb9c87fd8 100644 --- a/dast/vulnerabilities/injection/csv-injection.yaml +++ b/dast/vulnerabilities/injection/csv-injection.yaml @@ -6,8 +6,6 @@ info: severity: medium description: | A CSV injection detection template to identify and prevent CSV injection vulnerabilities by using various payloads that could be interpreted as formulas by spreadsheet applications. - metadata: - max-request: 10 tags: dast,csv,oast http: diff --git a/dast/vulnerabilities/injection/xinclude-injection.yaml b/dast/vulnerabilities/injection/xinclude-injection.yaml index 2ca37b71b41..9b01f0e0f24 100644 --- a/dast/vulnerabilities/injection/xinclude-injection.yaml +++ b/dast/vulnerabilities/injection/xinclude-injection.yaml @@ -8,8 +8,6 @@ info: XInclude is a part of the XML specification that allows an XML document to be built from sub-documents. You can place an XInclude attack within any data value in an XML document, so the attack can be performed in situations where you only control a single item of data that is placed into a server-side XML document. reference: - https://d0pt3x.gitbook.io/passion/webapp-security/xxe-attacks/xinclude-attacks - metadata: - max-request: 2 tags: dast,xxe,xinclude http: diff --git a/dast/vulnerabilities/redirect/open-redirect-bypass.yaml b/dast/vulnerabilities/redirect/open-redirect-bypass.yaml index 2ab60a6efae..844cbe091fd 100644 --- a/dast/vulnerabilities/redirect/open-redirect-bypass.yaml +++ b/dast/vulnerabilities/redirect/open-redirect-bypass.yaml @@ -5,7 +5,7 @@ info: author: ritikchaddha severity: medium metadata: - max-request: 105 + max-request: 1 tags: redirect,dast http: diff --git a/dast/vulnerabilities/sqli/time-based-sqli.yaml b/dast/vulnerabilities/sqli/time-based-sqli.yaml index 6f49f34edad..b09dc29efa1 100644 --- a/dast/vulnerabilities/sqli/time-based-sqli.yaml +++ b/dast/vulnerabilities/sqli/time-based-sqli.yaml @@ -6,8 +6,6 @@ info: severity: critical description: | This Template detects time-based Blind SQL Injection vulnerability - metadata: - max-request: 7 tags: time-based-sqli,sqli,dast,blind flow: http(1) && http(2) diff --git a/dast/vulnerabilities/ssrf/blind-ssrf.yaml b/dast/vulnerabilities/ssrf/blind-ssrf.yaml index 164b3796a66..03a4cf1479f 100644 --- a/dast/vulnerabilities/ssrf/blind-ssrf.yaml +++ b/dast/vulnerabilities/ssrf/blind-ssrf.yaml @@ -5,7 +5,7 @@ info: author: pdteam,AmirHossein Raeisi severity: medium metadata: - max-request: 5 + max-request: 3 tags: ssrf,dast,oast http: diff --git a/dast/vulnerabilities/ssrf/response-ssrf.yaml b/dast/vulnerabilities/ssrf/response-ssrf.yaml index b21ef32879e..9fed98e2600 100644 --- a/dast/vulnerabilities/ssrf/response-ssrf.yaml +++ b/dast/vulnerabilities/ssrf/response-ssrf.yaml @@ -7,7 +7,7 @@ info: reference: - https://github.com/bugcrowd/HUNT/blob/master/ZAP/scripts/passive/SSRF.py metadata: - max-request: 16 + max-request: 12 tags: ssrf,dast http: diff --git a/dast/vulnerabilities/ssti/freemarker-sandbox-bypass-ssti.yaml b/dast/vulnerabilities/ssti/freemarker-sandbox-bypass-ssti.yaml index 7f09b77b21d..26953e110ca 100644 --- a/dast/vulnerabilities/ssti/freemarker-sandbox-bypass-ssti.yaml +++ b/dast/vulnerabilities/ssti/freemarker-sandbox-bypass-ssti.yaml @@ -10,7 +10,6 @@ info: - https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Template%20Injection/Java.md#freemarker---sandbox-bypass metadata: verified: true - max-request: 1 tags: ssti,dast,freemarker http: diff --git a/dast/vulnerabilities/ssti/oob/blade-oob.yaml b/dast/vulnerabilities/ssti/oob/blade-oob.yaml index 4951b2e9d24..34289a10557 100644 --- a/dast/vulnerabilities/ssti/oob/blade-oob.yaml +++ b/dast/vulnerabilities/ssti/oob/blade-oob.yaml @@ -9,7 +9,6 @@ info: - https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756 metadata: verified: true - max-request: 1 tags: ssti,dast,oast,oob http: diff --git a/dast/vulnerabilities/ssti/oob/bottle-oob.yaml b/dast/vulnerabilities/ssti/oob/bottle-oob.yaml index d8a2124a1b1..ae223c9e229 100644 --- a/dast/vulnerabilities/ssti/oob/bottle-oob.yaml +++ b/dast/vulnerabilities/ssti/oob/bottle-oob.yaml @@ -9,7 +9,6 @@ info: - https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756 metadata: verified: true - max-request: 1 tags: ssti,dast,oast,oob variables: diff --git a/dast/vulnerabilities/ssti/oob/chameleon-oob.yaml b/dast/vulnerabilities/ssti/oob/chameleon-oob.yaml index 376e920fc4b..49ebd2ad93c 100644 --- a/dast/vulnerabilities/ssti/oob/chameleon-oob.yaml +++ b/dast/vulnerabilities/ssti/oob/chameleon-oob.yaml @@ -9,7 +9,6 @@ info: - https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756 metadata: verified: true - max-request: 1 tags: ssti,dast,oast,oob http: diff --git a/dast/vulnerabilities/ssti/oob/codepen-oob.yaml b/dast/vulnerabilities/ssti/oob/codepen-oob.yaml index a5ac03b66e3..00b6e23faad 100644 --- a/dast/vulnerabilities/ssti/oob/codepen-oob.yaml +++ b/dast/vulnerabilities/ssti/oob/codepen-oob.yaml @@ -8,7 +8,6 @@ info: - https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Template%20Injection/Java.md#codepen metadata: verified: true - max-request: 1 tags: ssti,dast,oast,oob http: diff --git a/dast/vulnerabilities/ssti/oob/dotjs-oob.yaml b/dast/vulnerabilities/ssti/oob/dotjs-oob.yaml index bd1199fc321..a9b04182fd7 100644 --- a/dast/vulnerabilities/ssti/oob/dotjs-oob.yaml +++ b/dast/vulnerabilities/ssti/oob/dotjs-oob.yaml @@ -9,7 +9,6 @@ info: - https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756 metadata: verified: true - max-request: 1 tags: ssti,dast,oast,oob variables: diff --git a/dast/vulnerabilities/ssti/oob/ejs-underscore-oob.yaml b/dast/vulnerabilities/ssti/oob/ejs-underscore-oob.yaml index 5460176adb8..fc5cbc042c8 100644 --- a/dast/vulnerabilities/ssti/oob/ejs-underscore-oob.yaml +++ b/dast/vulnerabilities/ssti/oob/ejs-underscore-oob.yaml @@ -10,8 +10,8 @@ info: - https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756 metadata: verified: true - max-request: 1 tags: ssti,dast,oast,oob + variables: prefix: "{{rand_text_alpha(5)}}" diff --git a/dast/vulnerabilities/ssti/oob/erb-erubi-erubis-oob.yaml b/dast/vulnerabilities/ssti/oob/erb-erubi-erubis-oob.yaml index b805bdec7ed..91ab5c3e81d 100644 --- a/dast/vulnerabilities/ssti/oob/erb-erubi-erubis-oob.yaml +++ b/dast/vulnerabilities/ssti/oob/erb-erubi-erubis-oob.yaml @@ -10,7 +10,6 @@ info: - https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756 metadata: verified: true - max-request: 1 tags: ssti,dast,oast,oob http: diff --git a/dast/vulnerabilities/ssti/oob/freemarker-oob.yaml b/dast/vulnerabilities/ssti/oob/freemarker-oob.yaml index c01935fbc30..ed18e477e52 100644 --- a/dast/vulnerabilities/ssti/oob/freemarker-oob.yaml +++ b/dast/vulnerabilities/ssti/oob/freemarker-oob.yaml @@ -10,7 +10,6 @@ info: - https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Template%20Injection/Java.md#freemarker---code-execution metadata: verified: true - max-request: 6 tags: ssti,dast,oast,oob http: diff --git a/dast/vulnerabilities/ssti/oob/groovy-oob.yaml b/dast/vulnerabilities/ssti/oob/groovy-oob.yaml index 75e6c7770c2..cee27cf975e 100644 --- a/dast/vulnerabilities/ssti/oob/groovy-oob.yaml +++ b/dast/vulnerabilities/ssti/oob/groovy-oob.yaml @@ -12,7 +12,6 @@ info: - https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Template%20Injection/Java.md#groovy---command-execution metadata: verified: true - max-request: 5 tags: ssti,dast,oast,oob,groovy http: diff --git a/dast/vulnerabilities/ssti/oob/jinja2-oob.yaml b/dast/vulnerabilities/ssti/oob/jinja2-oob.yaml index 425e06c83b0..b3525c3eb3d 100644 --- a/dast/vulnerabilities/ssti/oob/jinja2-oob.yaml +++ b/dast/vulnerabilities/ssti/oob/jinja2-oob.yaml @@ -9,7 +9,6 @@ info: - https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756 metadata: verified: true - max-request: 2 tags: ssti,dast,oast,oob http: diff --git a/dast/vulnerabilities/ssti/oob/jinjava-oob.yaml b/dast/vulnerabilities/ssti/oob/jinjava-oob.yaml index 190a4db939f..728e9147eee 100644 --- a/dast/vulnerabilities/ssti/oob/jinjava-oob.yaml +++ b/dast/vulnerabilities/ssti/oob/jinjava-oob.yaml @@ -9,7 +9,7 @@ info: reference: - https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Template%20Injection/Java.md#jinjava---command-execution metadata: - max-request: 2 + max-request: 1 tags: ssti,dast,jinjava http: diff --git a/dast/vulnerabilities/ssti/oob/latte-oob.yaml b/dast/vulnerabilities/ssti/oob/latte-oob.yaml index ab606277a8b..41d18e2bd66 100644 --- a/dast/vulnerabilities/ssti/oob/latte-oob.yaml +++ b/dast/vulnerabilities/ssti/oob/latte-oob.yaml @@ -9,7 +9,6 @@ info: - https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756 metadata: verified: true - max-request: 1 tags: ssti,dast,oast,oob http: diff --git a/dast/vulnerabilities/ssti/oob/mako-oob.yaml b/dast/vulnerabilities/ssti/oob/mako-oob.yaml index c4995b1f77d..fb357def2f8 100644 --- a/dast/vulnerabilities/ssti/oob/mako-oob.yaml +++ b/dast/vulnerabilities/ssti/oob/mako-oob.yaml @@ -9,7 +9,6 @@ info: - https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756 metadata: verified: true - max-request: 1 tags: ssti,dast,oast,oob http: diff --git a/dast/vulnerabilities/ssti/oob/pebble-oob.yaml b/dast/vulnerabilities/ssti/oob/pebble-oob.yaml index 37be6055774..50d3fdf4b00 100644 --- a/dast/vulnerabilities/ssti/oob/pebble-oob.yaml +++ b/dast/vulnerabilities/ssti/oob/pebble-oob.yaml @@ -9,7 +9,7 @@ info: reference: - https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Template%20Injection/Java.md#pebble---code-execution metadata: - max-request: 2 + max-request: 1 tags: ssti,dast,pebble http: diff --git a/dast/vulnerabilities/ssti/oob/pugjs-oob.yaml b/dast/vulnerabilities/ssti/oob/pugjs-oob.yaml index 9114f3be4b8..0682b6eca51 100644 --- a/dast/vulnerabilities/ssti/oob/pugjs-oob.yaml +++ b/dast/vulnerabilities/ssti/oob/pugjs-oob.yaml @@ -9,8 +9,8 @@ info: - https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756 metadata: verified: true - max-request: 1 tags: ssti,dast,oast,oob + variables: prefix: "{{rand_text_alpha(5)}}" diff --git a/dast/vulnerabilities/ssti/oob/spring-expression-oob.yaml b/dast/vulnerabilities/ssti/oob/spring-expression-oob.yaml index d118e23a867..1a2d6c5ce04 100644 --- a/dast/vulnerabilities/ssti/oob/spring-expression-oob.yaml +++ b/dast/vulnerabilities/ssti/oob/spring-expression-oob.yaml @@ -9,7 +9,7 @@ info: reference: - https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Template%20Injection/Java.md#spel---command-execution metadata: - max-request: 5 + max-request: 1 tags: spel,oob,ssti,oast,dast http: diff --git a/dast/vulnerabilities/ssti/oob/thymeleaf-oob.yaml b/dast/vulnerabilities/ssti/oob/thymeleaf-oob.yaml index 90d7768c3b2..f50de90a01b 100644 --- a/dast/vulnerabilities/ssti/oob/thymeleaf-oob.yaml +++ b/dast/vulnerabilities/ssti/oob/thymeleaf-oob.yaml @@ -9,7 +9,7 @@ info: reference: - https://www.acunetix.com/blog/web-security-zone/exploiting-ssti-in-thymeleaf/ metadata: - max-request: 3 + max-request: 1 tags: thymeleaf,oob,ssti,oast,dast http: diff --git a/dast/vulnerabilities/ssti/oob/tornado-oob.yaml b/dast/vulnerabilities/ssti/oob/tornado-oob.yaml index 6891b639aff..f8a3e1113ce 100644 --- a/dast/vulnerabilities/ssti/oob/tornado-oob.yaml +++ b/dast/vulnerabilities/ssti/oob/tornado-oob.yaml @@ -9,7 +9,6 @@ info: - https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756 metadata: verified: true - max-request: 1 tags: ssti,dast,oast,oob http: diff --git a/dast/vulnerabilities/ssti/oob/velocityjs-oob.yaml b/dast/vulnerabilities/ssti/oob/velocityjs-oob.yaml index f6b2847fdbb..2f0dc1bfbb4 100644 --- a/dast/vulnerabilities/ssti/oob/velocityjs-oob.yaml +++ b/dast/vulnerabilities/ssti/oob/velocityjs-oob.yaml @@ -9,7 +9,6 @@ info: - https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756 metadata: verified: true - max-request: 1 tags: ssti,dast,oast,oob http: diff --git a/dast/vulnerabilities/ssti/twig-ssti.yaml b/dast/vulnerabilities/ssti/twig-ssti.yaml index a712d794fdc..a5784851380 100644 --- a/dast/vulnerabilities/ssti/twig-ssti.yaml +++ b/dast/vulnerabilities/ssti/twig-ssti.yaml @@ -9,7 +9,7 @@ info: reference: - https://www.yeswehack.com/learn-bug-bounty/server-side-template-injection-exploitation metadata: - max-request: 2 + max-request: 1 tags: twig,ssti,dast http: diff --git a/dast/vulnerabilities/xss/csp-bypass/adnxs-ib-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/adnxs-ib-csp-bypass.yaml index 78ca6337244..e33e8d6bb7f 100644 --- a/dast/vulnerabilities/xss/csp-bypass/adnxs-ib-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/adnxs-ib-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,adnxs-ib,dast + tags: xss,csp-bypass,adnxs-ib flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/adnxs-secure-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/adnxs-secure-csp-bypass.yaml index 642036bbd21..01b29c85efb 100644 --- a/dast/vulnerabilities/xss/csp-bypass/adnxs-secure-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/adnxs-secure-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,adnxs-secure,dast + tags: xss,csp-bypass,adnxs-secure flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/adobe-campaign-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/adobe-campaign-csp-bypass.yaml index b02c36ed461..f0c7ae69959 100644 --- a/dast/vulnerabilities/xss/csp-bypass/adobe-campaign-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/adobe-campaign-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,adobe-campaign,dast + tags: xss,csp-bypass,adobe-campaign flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/adroll-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/adroll-csp-bypass.yaml index aa15cc0d639..d5aa71395ee 100644 --- a/dast/vulnerabilities/xss/csp-bypass/adroll-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/adroll-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,adroll,dast + tags: xss,csp-bypass,adroll flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/afterpay-help-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/afterpay-help-csp-bypass.yaml index b8ce6de9b0e..9590099227d 100644 --- a/dast/vulnerabilities/xss/csp-bypass/afterpay-help-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/afterpay-help-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,afterpay-help,dast + tags: xss,csp-bypass,afterpay-help flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/akamai-content-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/akamai-content-csp-bypass.yaml index 289b80ba52b..08510ba5376 100644 --- a/dast/vulnerabilities/xss/csp-bypass/akamai-content-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/akamai-content-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,akamai-content,dast + tags: xss,csp-bypass,akamai-content flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/alibaba-ug-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/alibaba-ug-csp-bypass.yaml index 35d1c8bd41b..2d0fbf525d8 100644 --- a/dast/vulnerabilities/xss/csp-bypass/alibaba-ug-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/alibaba-ug-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,alibaba-ug,dast + tags: xss,csp-bypass,alibaba-ug flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/aliexpress-acs-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/aliexpress-acs-csp-bypass.yaml index a22aaeb1715..38c5b2b966c 100644 --- a/dast/vulnerabilities/xss/csp-bypass/aliexpress-acs-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/aliexpress-acs-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,aliexpress-acs,dast + tags: xss,csp-bypass,aliexpress-acs flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/amap-wb-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/amap-wb-csp-bypass.yaml index 8f2044b7b4e..220b1148523 100644 --- a/dast/vulnerabilities/xss/csp-bypass/amap-wb-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/amap-wb-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,amap-wb,dast + tags: xss,csp-bypass,amap-wb flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/amazon-aax-eu-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/amazon-aax-eu-csp-bypass.yaml index 893ed3382e3..dc98fe9648f 100644 --- a/dast/vulnerabilities/xss/csp-bypass/amazon-aax-eu-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/amazon-aax-eu-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,amazon-aax-eu,dast + tags: xss,csp-bypass,amazon-aax-eu flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/amazon-media-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/amazon-media-csp-bypass.yaml index e3f549fef00..c76aeca5422 100644 --- a/dast/vulnerabilities/xss/csp-bypass/amazon-media-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/amazon-media-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,amazon-media,dast + tags: xss,csp-bypass,amazon-media flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/amazon-romania-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/amazon-romania-csp-bypass.yaml index c5461a794fd..764fd460e8c 100644 --- a/dast/vulnerabilities/xss/csp-bypass/amazon-romania-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/amazon-romania-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,amazon-romania,dast + tags: xss,csp-bypass,amazon-romania flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/amazon-s3-elysium-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/amazon-s3-elysium-csp-bypass.yaml index 130be5d96cb..60563ace874 100644 --- a/dast/vulnerabilities/xss/csp-bypass/amazon-s3-elysium-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/amazon-s3-elysium-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,amazon-s3-elysium,dast + tags: xss,csp-bypass,amazon-s3-elysium flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/ancestrycdn-angular-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/ancestrycdn-angular-csp-bypass.yaml index aa74064cf77..1922ef4a319 100644 --- a/dast/vulnerabilities/xss/csp-bypass/ancestrycdn-angular-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/ancestrycdn-angular-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,ancestrycdn-angular,dast + tags: xss,csp-bypass,ancestrycdn-angular flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/angularjs-code-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/angularjs-code-csp-bypass.yaml index 4a477796c0a..f491f371f3b 100644 --- a/dast/vulnerabilities/xss/csp-bypass/angularjs-code-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/angularjs-code-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,angularjs-code,dast + tags: xss,csp-bypass,angularjs-code flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/app-link-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/app-link-csp-bypass.yaml index 17955113157..475e8eb3c32 100644 --- a/dast/vulnerabilities/xss/csp-bypass/app-link-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/app-link-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,app-link,dast + tags: xss,csp-bypass,app-link flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/apple-developer-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/apple-developer-csp-bypass.yaml index 27fdc8f9a89..21b48a2188b 100644 --- a/dast/vulnerabilities/xss/csp-bypass/apple-developer-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/apple-developer-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,apple-developer,dast + tags: xss,csp-bypass,apple-developer flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/arkoselabs-cdn-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/arkoselabs-cdn-csp-bypass.yaml index 35c254de9ec..2b5234c151c 100644 --- a/dast/vulnerabilities/xss/csp-bypass/arkoselabs-cdn-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/arkoselabs-cdn-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,arkoselabs-cdn,dast + tags: xss,csp-bypass,arkoselabs-cdn flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/arkoselabs-client-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/arkoselabs-client-api-csp-bypass.yaml index 849bc35c5b2..e954c57f7d4 100644 --- a/dast/vulnerabilities/xss/csp-bypass/arkoselabs-client-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/arkoselabs-client-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,arkoselabs-client-api,dast + tags: xss,csp-bypass,arkoselabs-client-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/ayco-portal-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/ayco-portal-csp-bypass.yaml index f7753d3a23c..d3651c2c1c3 100644 --- a/dast/vulnerabilities/xss/csp-bypass/ayco-portal-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/ayco-portal-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,ayco-portal,dast + tags: xss,csp-bypass,ayco-portal flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/azure-inno-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/azure-inno-csp-bypass.yaml index fef7332a7c4..17b0649e08c 100644 --- a/dast/vulnerabilities/xss/csp-bypass/azure-inno-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/azure-inno-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,azure-inno,dast + tags: xss,csp-bypass,azure-inno flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/baidu-map-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/baidu-map-api-csp-bypass.yaml index 30f680e4083..869e17abba2 100644 --- a/dast/vulnerabilities/xss/csp-bypass/baidu-map-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/baidu-map-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,baidu-map-api,dast + tags: xss,csp-bypass,baidu-map-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/baidu-passport-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/baidu-passport-csp-bypass.yaml index 38a4c22c545..6a29efba603 100644 --- a/dast/vulnerabilities/xss/csp-bypass/baidu-passport-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/baidu-passport-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,baidu-passport,dast + tags: xss,csp-bypass,baidu-passport flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/battlenet-eu-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/battlenet-eu-csp-bypass.yaml index 0533803fb87..4fb63fd14af 100644 --- a/dast/vulnerabilities/xss/csp-bypass/battlenet-eu-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/battlenet-eu-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,battlenet-eu,dast + tags: xss,csp-bypass,battlenet-eu flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/bazaarvoice-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/bazaarvoice-api-csp-bypass.yaml index 241703c52ab..c7742f9bc52 100644 --- a/dast/vulnerabilities/xss/csp-bypass/bazaarvoice-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/bazaarvoice-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,bazaarvoice-api,dast + tags: xss,csp-bypass,bazaarvoice-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/bdimg-apps-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/bdimg-apps-csp-bypass.yaml index a0a0b8438d3..c3e06241e4a 100644 --- a/dast/vulnerabilities/xss/csp-bypass/bdimg-apps-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/bdimg-apps-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,bdimg-apps,dast + tags: xss,csp-bypass,bdimg-apps flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/bebezoo-1688-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/bebezoo-1688-csp-bypass.yaml index ed7e8c1eb27..7c320e942fe 100644 --- a/dast/vulnerabilities/xss/csp-bypass/bebezoo-1688-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/bebezoo-1688-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,bebezoo-1688,dast + tags: xss,csp-bypass,bebezoo-1688 flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/bild-don-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/bild-don-csp-bypass.yaml index ab2f64b38af..8641737dd39 100644 --- a/dast/vulnerabilities/xss/csp-bypass/bild-don-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/bild-don-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,bild-don,dast + tags: xss,csp-bypass,bild-don flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/bing-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/bing-api-csp-bypass.yaml index 8ab6719c8ed..996483db07b 100644 --- a/dast/vulnerabilities/xss/csp-bypass/bing-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/bing-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,bing-api,dast + tags: xss,csp-bypass,bing-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/bing-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/bing-csp-bypass.yaml index 2f6e7b24c88..d77a5bc563a 100644 --- a/dast/vulnerabilities/xss/csp-bypass/bing-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/bing-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,bing,dast + tags: xss,csp-bypass,bing flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/blogger-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/blogger-api-csp-bypass.yaml index 1aa6a598a40..5500f177612 100644 --- a/dast/vulnerabilities/xss/csp-bypass/blogger-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/blogger-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,blogger-api,dast + tags: xss,csp-bypass,blogger-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/buzzfeed-mango-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/buzzfeed-mango-csp-bypass.yaml index 01b6f7d6d91..5e285f26fc3 100644 --- a/dast/vulnerabilities/xss/csp-bypass/buzzfeed-mango-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/buzzfeed-mango-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,buzzfeed-mango,dast + tags: xss,csp-bypass,buzzfeed-mango flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/bytedance-sso-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/bytedance-sso-csp-bypass.yaml index 54a141754d1..a0a70ac8a53 100644 --- a/dast/vulnerabilities/xss/csp-bypass/bytedance-sso-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/bytedance-sso-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,bytedance-sso,dast + tags: xss,csp-bypass,bytedance-sso flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/carbonads-srv-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/carbonads-srv-csp-bypass.yaml index 593071cbbda..5a70805c8e3 100644 --- a/dast/vulnerabilities/xss/csp-bypass/carbonads-srv-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/carbonads-srv-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,carbonads-srv,dast + tags: xss,csp-bypass,carbonads-srv flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/chartbeat-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/chartbeat-api-csp-bypass.yaml index 22b9facb282..c679b24bb3a 100644 --- a/dast/vulnerabilities/xss/csp-bypass/chartbeat-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/chartbeat-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,chartbeat-api,dast + tags: xss,csp-bypass,chartbeat-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/clearbit-reveal-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/clearbit-reveal-csp-bypass.yaml index 7521c6fde60..b4a4135f534 100644 --- a/dast/vulnerabilities/xss/csp-bypass/clearbit-reveal-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/clearbit-reveal-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,clearbit-reveal,dast + tags: xss,csp-bypass,clearbit-reveal flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/cloudflare-cdn-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/cloudflare-cdn-csp-bypass.yaml index aaccc897a94..f8a203afd86 100644 --- a/dast/vulnerabilities/xss/csp-bypass/cloudflare-cdn-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/cloudflare-cdn-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,cloudflare-cdn,dast + tags: xss,csp-bypass,cloudflare-cdn flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/cloudflare-challenges-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/cloudflare-challenges-csp-bypass.yaml index 05a361302f4..d9c4fc4f9dd 100644 --- a/dast/vulnerabilities/xss/csp-bypass/cloudflare-challenges-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/cloudflare-challenges-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,cloudflare-challenges,dast + tags: xss,csp-bypass,cloudflare-challenges flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/cloudflare-info-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/cloudflare-info-csp-bypass.yaml index ee999f04845..33885679b52 100644 --- a/dast/vulnerabilities/xss/csp-bypass/cloudflare-info-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/cloudflare-info-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,cloudflare-info,dast + tags: xss,csp-bypass,cloudflare-info flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/cloudfront-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/cloudfront-csp-bypass.yaml index 9915867b75d..fe24e1fe559 100644 --- a/dast/vulnerabilities/xss/csp-bypass/cloudfront-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/cloudfront-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,cloudfront,dast + tags: xss,csp-bypass,cloudfront flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/coinbase-commerce-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/coinbase-commerce-csp-bypass.yaml index 25d75d3c926..f2bb097c09f 100644 --- a/dast/vulnerabilities/xss/csp-bypass/coinbase-commerce-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/coinbase-commerce-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,coinbase-commerce,dast + tags: xss,csp-bypass,coinbase-commerce flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/coinbase-investor-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/coinbase-investor-csp-bypass.yaml index dc434861a19..43a8dc6a70b 100644 --- a/dast/vulnerabilities/xss/csp-bypass/coinbase-investor-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/coinbase-investor-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,coinbase-investor,dast + tags: xss,csp-bypass,coinbase-investor flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/crisp-client-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/crisp-client-csp-bypass.yaml index 69747f55ce7..f05397aaa39 100644 --- a/dast/vulnerabilities/xss/csp-bypass/crisp-client-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/crisp-client-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,crisp-client,dast + tags: xss,csp-bypass,crisp-client flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/criteo-cas-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/criteo-cas-csp-bypass.yaml index 0c80b94ccd4..db6f50a72a4 100644 --- a/dast/vulnerabilities/xss/csp-bypass/criteo-cas-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/criteo-cas-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,criteo-cas,dast + tags: xss,csp-bypass,criteo-cas flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/criteo-dynamic-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/criteo-dynamic-csp-bypass.yaml index 409cec4f799..29de2c7e65d 100644 --- a/dast/vulnerabilities/xss/csp-bypass/criteo-dynamic-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/criteo-dynamic-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,criteo-dynamic,dast + tags: xss,csp-bypass,criteo-dynamic flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/criteo-gum-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/criteo-gum-csp-bypass.yaml index 372bfbf2c58..4dc72327601 100644 --- a/dast/vulnerabilities/xss/csp-bypass/criteo-gum-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/criteo-gum-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,criteo-gum,dast + tags: xss,csp-bypass,criteo-gum flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/cxense-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/cxense-api-csp-bypass.yaml index 1fc65056e4e..d609dda9536 100644 --- a/dast/vulnerabilities/xss/csp-bypass/cxense-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/cxense-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,cxense-api,dast + tags: xss,csp-bypass,cxense-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/dailymotion-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/dailymotion-api-csp-bypass.yaml index dab02e62b17..d6b08552430 100644 --- a/dast/vulnerabilities/xss/csp-bypass/dailymotion-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/dailymotion-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,dailymotion-api,dast + tags: xss,csp-bypass,dailymotion-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/dblp-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/dblp-csp-bypass.yaml index afd39ea42af..12a6f6d59ef 100644 --- a/dast/vulnerabilities/xss/csp-bypass/dblp-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/dblp-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,dblp,dast + tags: xss,csp-bypass,dblp flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/demdex-dpm-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/demdex-dpm-csp-bypass.yaml index 41e7da42e01..a49bd6363eb 100644 --- a/dast/vulnerabilities/xss/csp-bypass/demdex-dpm-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/demdex-dpm-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,demdex-dpm,dast + tags: xss,csp-bypass,demdex-dpm flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/digitalocean-anchor-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/digitalocean-anchor-csp-bypass.yaml index eb8ed1a15ca..70ba67976b2 100644 --- a/dast/vulnerabilities/xss/csp-bypass/digitalocean-anchor-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/digitalocean-anchor-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,digitalocean-anchor,dast + tags: xss,csp-bypass,digitalocean-anchor flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/disqus-links-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/disqus-links-csp-bypass.yaml index 1ff96056dde..cae02acb937 100644 --- a/dast/vulnerabilities/xss/csp-bypass/disqus-links-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/disqus-links-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,disqus-links,dast + tags: xss,csp-bypass,disqus-links flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/doubleclick-pubads-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/doubleclick-pubads-csp-bypass.yaml index 0e44eb4d765..8045067dc45 100644 --- a/dast/vulnerabilities/xss/csp-bypass/doubleclick-pubads-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/doubleclick-pubads-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,doubleclick-pubads,dast + tags: xss,csp-bypass,doubleclick-pubads flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/doubleclick-securepubads-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/doubleclick-securepubads-csp-bypass.yaml index 6dc7fcbceec..30ddd55c760 100644 --- a/dast/vulnerabilities/xss/csp-bypass/doubleclick-securepubads-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/doubleclick-securepubads-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,doubleclick-securepubads,dast + tags: xss,csp-bypass,doubleclick-securepubads flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/duckduckgo-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/duckduckgo-api-csp-bypass.yaml index 60f07519687..565c1f88547 100644 --- a/dast/vulnerabilities/xss/csp-bypass/duckduckgo-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/duckduckgo-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,duckduckgo-api,dast + tags: xss,csp-bypass,duckduckgo-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/elastic-info-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/elastic-info-csp-bypass.yaml index 2d8b9e851d5..7b54a20d25b 100644 --- a/dast/vulnerabilities/xss/csp-bypass/elastic-info-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/elastic-info-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,elastic-info,dast + tags: xss,csp-bypass,elastic-info flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/ethicalads-server-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/ethicalads-server-csp-bypass.yaml index 7c5e01d8a55..619685de448 100644 --- a/dast/vulnerabilities/xss/csp-bypass/ethicalads-server-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/ethicalads-server-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,ethicalads-server,dast + tags: xss,csp-bypass,ethicalads-server flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/facebook-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/facebook-api-csp-bypass.yaml index c8e8c68b49f..ee57a318b9d 100644 --- a/dast/vulnerabilities/xss/csp-bypass/facebook-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/facebook-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,facebook-api,dast + tags: xss,csp-bypass,facebook-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/facebook-graph-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/facebook-graph-csp-bypass.yaml index 7e3ec41ae9d..94090f3208c 100644 --- a/dast/vulnerabilities/xss/csp-bypass/facebook-graph-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/facebook-graph-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,facebook-graph,dast + tags: xss,csp-bypass,facebook-graph flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/fastly-storemapper-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/fastly-storemapper-csp-bypass.yaml index ed375f2a1f2..644bcd777e7 100644 --- a/dast/vulnerabilities/xss/csp-bypass/fastly-storemapper-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/fastly-storemapper-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,fastly-storemapper,dast + tags: xss,csp-bypass,fastly-storemapper flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/firebaseio-rentokil-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/firebaseio-rentokil-csp-bypass.yaml index ff2fdbbeb67..008118547a8 100644 --- a/dast/vulnerabilities/xss/csp-bypass/firebaseio-rentokil-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/firebaseio-rentokil-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,firebaseio-rentokil,dast + tags: xss,csp-bypass,firebaseio-rentokil flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/flickr-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/flickr-api-csp-bypass.yaml index 2a30bdc376d..06d12c2d7b2 100644 --- a/dast/vulnerabilities/xss/csp-bypass/flickr-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/flickr-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,flickr-api,dast + tags: xss,csp-bypass,flickr-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/forismatic-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/forismatic-api-csp-bypass.yaml index 1426a283194..99808ac7231 100644 --- a/dast/vulnerabilities/xss/csp-bypass/forismatic-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/forismatic-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,forismatic-api,dast + tags: xss,csp-bypass,forismatic-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/fqtag-query-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/fqtag-query-csp-bypass.yaml index 2fd1f96419f..c77557a42be 100644 --- a/dast/vulnerabilities/xss/csp-bypass/fqtag-query-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/fqtag-query-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,fqtag-query,dast + tags: xss,csp-bypass,fqtag-query flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/fqtag-s-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/fqtag-s-csp-bypass.yaml index 07f3c377a4d..59acd53eb0d 100644 --- a/dast/vulnerabilities/xss/csp-bypass/fqtag-s-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/fqtag-s-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,fqtag-s,dast + tags: xss,csp-bypass,fqtag-s flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/fwmrm-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/fwmrm-csp-bypass.yaml index 821e4020361..a57624fcaa0 100644 --- a/dast/vulnerabilities/xss/csp-bypass/fwmrm-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/fwmrm-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,fwmrm,dast + tags: xss,csp-bypass,fwmrm flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/getdrip-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/getdrip-api-csp-bypass.yaml index af0c843c1bc..b4133f5f468 100644 --- a/dast/vulnerabilities/xss/csp-bypass/getdrip-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/getdrip-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,getdrip-api,dast + tags: xss,csp-bypass,getdrip-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/github-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/github-api-csp-bypass.yaml index dfa4f41bed6..f9a319a40ef 100644 --- a/dast/vulnerabilities/xss/csp-bypass/github-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/github-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,github-api,dast + tags: xss,csp-bypass,github-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/github-gist-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/github-gist-csp-bypass.yaml index 5c3d5677a0b..2236dab101d 100644 --- a/dast/vulnerabilities/xss/csp-bypass/github-gist-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/github-gist-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,github-gist,dast + tags: xss,csp-bypass,github-gist flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/gitlab-page-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/gitlab-page-csp-bypass.yaml index fe259fac1b9..5d4be8b84bf 100644 --- a/dast/vulnerabilities/xss/csp-bypass/gitlab-page-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/gitlab-page-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,gitlab-page,dast + tags: xss,csp-bypass,gitlab-page flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/go-dev-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/go-dev-csp-bypass.yaml index 76ef1ebef26..6f74123b2d7 100644 --- a/dast/vulnerabilities/xss/csp-bypass/go-dev-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/go-dev-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,go-dev,dast + tags: xss,csp-bypass,go-dev flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/google-accounts-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/google-accounts-csp-bypass.yaml index 1252f37e223..45287ebdb0b 100644 --- a/dast/vulnerabilities/xss/csp-bypass/google-accounts-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/google-accounts-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,google-accounts,dast + tags: xss,csp-bypass,google-accounts flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/google-ajax-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/google-ajax-csp-bypass.yaml index f780d4e2bfc..d13054a98d9 100644 --- a/dast/vulnerabilities/xss/csp-bypass/google-ajax-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/google-ajax-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,google-ajax,dast + tags: xss,csp-bypass,google-ajax flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/google-analytics-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/google-analytics-csp-bypass.yaml index 293d8f55772..1c2e753ad29 100644 --- a/dast/vulnerabilities/xss/csp-bypass/google-analytics-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/google-analytics-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,google-analytics,dast + tags: xss,csp-bypass,google-analytics flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/google-apis-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/google-apis-csp-bypass.yaml index 4d42e2e2a21..2e116c0da8c 100644 --- a/dast/vulnerabilities/xss/csp-bypass/google-apis-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/google-apis-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,google-apis,dast + tags: xss,csp-bypass,google-apis flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/google-clients1-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/google-clients1-csp-bypass.yaml index 442d4874f4c..5bdeaffa08c 100644 --- a/dast/vulnerabilities/xss/csp-bypass/google-clients1-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/google-clients1-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,google-clients1,dast + tags: xss,csp-bypass,google-clients1 flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/google-complete-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/google-complete-csp-bypass.yaml index 6cd088cb27e..94456bfec80 100644 --- a/dast/vulnerabilities/xss/csp-bypass/google-complete-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/google-complete-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,google-complete,dast + tags: xss,csp-bypass,google-complete flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/google-cse-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/google-cse-csp-bypass.yaml index 1a5523a9a58..9daaedb53fa 100644 --- a/dast/vulnerabilities/xss/csp-bypass/google-cse-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/google-cse-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,google-cse,dast + tags: xss,csp-bypass,google-cse flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/google-maps-api-ssl-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/google-maps-api-ssl-csp-bypass.yaml index 1d845d1dd22..e12e38095bd 100644 --- a/dast/vulnerabilities/xss/csp-bypass/google-maps-api-ssl-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/google-maps-api-ssl-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,google-maps-api-ssl,dast + tags: xss,csp-bypass,google-maps-api-ssl flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/google-maps-apis-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/google-maps-apis-csp-bypass.yaml index 188a0cb9f3c..e141c487e08 100644 --- a/dast/vulnerabilities/xss/csp-bypass/google-maps-apis-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/google-maps-apis-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,google-maps-apis,dast + tags: xss,csp-bypass,google-maps-apis flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/google-maps-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/google-maps-csp-bypass.yaml index bfdd46ee2e2..caf4e793d09 100644 --- a/dast/vulnerabilities/xss/csp-bypass/google-maps-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/google-maps-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,google-maps,dast + tags: xss,csp-bypass,google-maps flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/google-maps-de-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/google-maps-de-csp-bypass.yaml index f1c0d486d3e..09695c33bd1 100644 --- a/dast/vulnerabilities/xss/csp-bypass/google-maps-de-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/google-maps-de-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,google-maps-de,dast + tags: xss,csp-bypass,google-maps-de flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/google-maps-lv-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/google-maps-lv-csp-bypass.yaml index df541f6f259..7cbc83b3ceb 100644 --- a/dast/vulnerabilities/xss/csp-bypass/google-maps-lv-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/google-maps-lv-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,google-maps-lv,dast + tags: xss,csp-bypass,google-maps-lv flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/google-maps-ru-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/google-maps-ru-csp-bypass.yaml index efaa8a25cbc..3ab29f4c48c 100644 --- a/dast/vulnerabilities/xss/csp-bypass/google-maps-ru-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/google-maps-ru-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,google-maps-ru,dast + tags: xss,csp-bypass,google-maps-ru flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/google-recaptcha-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/google-recaptcha-csp-bypass.yaml index dc9f8e0650f..3de25228871 100644 --- a/dast/vulnerabilities/xss/csp-bypass/google-recaptcha-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/google-recaptcha-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,google-recaptcha,dast + tags: xss,csp-bypass,google-recaptcha flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/google-tagmanager-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/google-tagmanager-csp-bypass.yaml index 5b8753a8435..e278d71d1ee 100644 --- a/dast/vulnerabilities/xss/csp-bypass/google-tagmanager-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/google-tagmanager-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,google-tagmanager,dast + tags: xss,csp-bypass,google-tagmanager flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/google-translate-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/google-translate-csp-bypass.yaml index bcbaf9ee038..3ac41ecf68e 100644 --- a/dast/vulnerabilities/xss/csp-bypass/google-translate-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/google-translate-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,google-translate,dast + tags: xss,csp-bypass,google-translate flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/googleadservices-partner-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/googleadservices-partner-csp-bypass.yaml index 3492f17074e..dd5a36d8ba1 100644 --- a/dast/vulnerabilities/xss/csp-bypass/googleadservices-partner-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/googleadservices-partner-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,googleadservices-partner,dast + tags: xss,csp-bypass,googleadservices-partner flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/googleapis-blogger-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/googleapis-blogger-csp-bypass.yaml index 32267593dc4..80443421951 100644 --- a/dast/vulnerabilities/xss/csp-bypass/googleapis-blogger-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/googleapis-blogger-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,googleapis-blogger,dast + tags: xss,csp-bypass,googleapis-blogger flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/googleapis-customsearch-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/googleapis-customsearch-csp-bypass.yaml index 9c2617736d4..3babf8e8e6d 100644 --- a/dast/vulnerabilities/xss/csp-bypass/googleapis-customsearch-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/googleapis-customsearch-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,googleapis-customsearch,dast + tags: xss,csp-bypass,googleapis-customsearch flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/googleapis-storage-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/googleapis-storage-csp-bypass.yaml index 1da9157556a..26ca341fff0 100644 --- a/dast/vulnerabilities/xss/csp-bypass/googleapis-storage-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/googleapis-storage-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,googleapis-storage,dast + tags: xss,csp-bypass,googleapis-storage flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/googleapis-translate-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/googleapis-translate-csp-bypass.yaml index df42b31acb8..c51b86a607c 100644 --- a/dast/vulnerabilities/xss/csp-bypass/googleapis-translate-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/googleapis-translate-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,googleapis-translate,dast + tags: xss,csp-bypass,googleapis-translate flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/googletagmanager-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/googletagmanager-csp-bypass.yaml index f76e8f47088..476df109440 100644 --- a/dast/vulnerabilities/xss/csp-bypass/googletagmanager-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/googletagmanager-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,googletagmanager,dast + tags: xss,csp-bypass,googletagmanager flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/gravatar-secure-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/gravatar-secure-csp-bypass.yaml index a1f33df9a76..845c0f7784d 100644 --- a/dast/vulnerabilities/xss/csp-bypass/gravatar-secure-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/gravatar-secure-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,gravatar-secure,dast + tags: xss,csp-bypass,gravatar-secure flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/grubhub-assets-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/grubhub-assets-csp-bypass.yaml index 8e18ddcb43c..75f04302cdf 100644 --- a/dast/vulnerabilities/xss/csp-bypass/grubhub-assets-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/grubhub-assets-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,grubhub-assets,dast + tags: xss,csp-bypass,grubhub-assets flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/gstatic-angular-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/gstatic-angular-csp-bypass.yaml index 1f4f35836ca..bb593fe2332 100644 --- a/dast/vulnerabilities/xss/csp-bypass/gstatic-angular-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/gstatic-angular-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,gstatic-angular,dast + tags: xss,csp-bypass,gstatic-angular flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/gstatic-recaptcha-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/gstatic-recaptcha-csp-bypass.yaml index 99c058ad534..378f725e89b 100644 --- a/dast/vulnerabilities/xss/csp-bypass/gstatic-recaptcha-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/gstatic-recaptcha-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,gstatic-recaptcha,dast + tags: xss,csp-bypass,gstatic-recaptcha flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/gstatic-ssl-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/gstatic-ssl-csp-bypass.yaml index 68a595f5eec..53614e115db 100644 --- a/dast/vulnerabilities/xss/csp-bypass/gstatic-ssl-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/gstatic-ssl-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,gstatic-ssl,dast + tags: xss,csp-bypass,gstatic-ssl flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/hatenaapis-bookmark-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/hatenaapis-bookmark-csp-bypass.yaml index 1fd00bf8b6d..50f6cbde271 100644 --- a/dast/vulnerabilities/xss/csp-bypass/hatenaapis-bookmark-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/hatenaapis-bookmark-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,hatenaapis-bookmark,dast + tags: xss,csp-bypass,hatenaapis-bookmark flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/hcaptcha-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/hcaptcha-csp-bypass.yaml index e5fba8d982e..94f1c96da5f 100644 --- a/dast/vulnerabilities/xss/csp-bypass/hcaptcha-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/hcaptcha-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,hcaptcha,dast + tags: xss,csp-bypass,hcaptcha flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/hcaptcha-js-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/hcaptcha-js-csp-bypass.yaml index 37c8a714c07..06e5a9dc975 100644 --- a/dast/vulnerabilities/xss/csp-bypass/hcaptcha-js-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/hcaptcha-js-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,hcaptcha-js,dast + tags: xss,csp-bypass,hcaptcha-js flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/here-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/here-api-csp-bypass.yaml index 6ccdf9dc390..8b4e2a5680a 100644 --- a/dast/vulnerabilities/xss/csp-bypass/here-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/here-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,here-api,dast + tags: xss,csp-bypass,here-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/hsforms-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/hsforms-csp-bypass.yaml index 5e2c1f9623c..2658d530703 100644 --- a/dast/vulnerabilities/xss/csp-bypass/hsforms-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/hsforms-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,hsforms,dast + tags: xss,csp-bypass,hsforms flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/hubspot-forms-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/hubspot-forms-csp-bypass.yaml index 44bf804737f..b7e4701bb77 100644 --- a/dast/vulnerabilities/xss/csp-bypass/hubspot-forms-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/hubspot-forms-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,hubspot-forms,dast + tags: xss,csp-bypass,hubspot-forms flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/ibm-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/ibm-api-csp-bypass.yaml index e54e1bd9650..24e3f4b8438 100644 --- a/dast/vulnerabilities/xss/csp-bypass/ibm-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/ibm-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,ibm-api,dast + tags: xss,csp-bypass,ibm-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/ieee-oamssoqae-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/ieee-oamssoqae-csp-bypass.yaml index 039d12e9d53..b4c4b7e11f0 100644 --- a/dast/vulnerabilities/xss/csp-bypass/ieee-oamssoqae-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/ieee-oamssoqae-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,ieee-oamssoqae,dast + tags: xss,csp-bypass,ieee-oamssoqae flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/im-apps-sync-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/im-apps-sync-csp-bypass.yaml index d4276342964..a227c874d51 100644 --- a/dast/vulnerabilities/xss/csp-bypass/im-apps-sync-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/im-apps-sync-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,im-apps-sync,dast + tags: xss,csp-bypass,im-apps-sync flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/indeed-tr-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/indeed-tr-csp-bypass.yaml index bbb83e164cc..6203b551971 100644 --- a/dast/vulnerabilities/xss/csp-bypass/indeed-tr-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/indeed-tr-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,indeed-tr,dast + tags: xss,csp-bypass,indeed-tr flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/indeed-uk-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/indeed-uk-csp-bypass.yaml index b94ceb64cc1..34ecc2eee5d 100644 --- a/dast/vulnerabilities/xss/csp-bypass/indeed-uk-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/indeed-uk-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,indeed-uk,dast + tags: xss,csp-bypass,indeed-uk flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/ip-api-edns-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/ip-api-edns-csp-bypass.yaml index 87d1e6d1bac..ecfd0b3d590 100644 --- a/dast/vulnerabilities/xss/csp-bypass/ip-api-edns-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/ip-api-edns-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,ip-api-edns,dast + tags: xss,csp-bypass,ip-api-edns flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/ipify-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/ipify-api-csp-bypass.yaml index 7cb6bbc23f5..fc5102f5174 100644 --- a/dast/vulnerabilities/xss/csp-bypass/ipify-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/ipify-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,ipify-api,dast + tags: xss,csp-bypass,ipify-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/ipinfo-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/ipinfo-csp-bypass.yaml index fa20c53c3c4..7b7a9578265 100644 --- a/dast/vulnerabilities/xss/csp-bypass/ipinfo-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/ipinfo-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,ipinfo,dast + tags: xss,csp-bypass,ipinfo flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/itunes-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/itunes-csp-bypass.yaml index 715ab8e9a87..6eeb3854e03 100644 --- a/dast/vulnerabilities/xss/csp-bypass/itunes-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/itunes-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,itunes,dast + tags: xss,csp-bypass,itunes flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/jd-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/jd-api-csp-bypass.yaml index 43bb2497f72..5e3520b079e 100644 --- a/dast/vulnerabilities/xss/csp-bypass/jd-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/jd-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,jd-api,dast + tags: xss,csp-bypass,jd-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/jsdelivr-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/jsdelivr-csp-bypass.yaml index 13dc595a656..3f670745775 100644 --- a/dast/vulnerabilities/xss/csp-bypass/jsdelivr-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/jsdelivr-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,jsdelivr,dast + tags: xss,csp-bypass,jsdelivr flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/lijit-ap-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/lijit-ap-csp-bypass.yaml index e77a1dbc00a..2ab03905fba 100644 --- a/dast/vulnerabilities/xss/csp-bypass/lijit-ap-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/lijit-ap-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,lijit-ap,dast + tags: xss,csp-bypass,lijit-ap flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/livechatinc-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/livechatinc-api-csp-bypass.yaml index 2c04657e38b..5edb593c522 100644 --- a/dast/vulnerabilities/xss/csp-bypass/livechatinc-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/livechatinc-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,livechatinc-api,dast + tags: xss,csp-bypass,livechatinc-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/liveperson-lptag-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/liveperson-lptag-csp-bypass.yaml index 5cc7457411c..42e80f4a8ec 100644 --- a/dast/vulnerabilities/xss/csp-bypass/liveperson-lptag-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/liveperson-lptag-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,liveperson-lptag,dast + tags: xss,csp-bypass,liveperson-lptag flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/lpsnmedia-accdn-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/lpsnmedia-accdn-csp-bypass.yaml index 4d1000626ae..a1b03a37998 100644 --- a/dast/vulnerabilities/xss/csp-bypass/lpsnmedia-accdn-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/lpsnmedia-accdn-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,lpsnmedia-accdn,dast + tags: xss,csp-bypass,lpsnmedia-accdn flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/mailru-connect-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/mailru-connect-csp-bypass.yaml index 3801817f0f0..86fda5bb977 100644 --- a/dast/vulnerabilities/xss/csp-bypass/mailru-connect-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/mailru-connect-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,mailru-connect,dast + tags: xss,csp-bypass,mailru-connect flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/marketo-app-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/marketo-app-csp-bypass.yaml index fa934bbfe86..9f4100b72ed 100644 --- a/dast/vulnerabilities/xss/csp-bypass/marketo-app-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/marketo-app-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,marketo-app,dast + tags: xss,csp-bypass,marketo-app flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/mathtag-pixel-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/mathtag-pixel-csp-bypass.yaml index 7b9bbc93d7e..218af500928 100644 --- a/dast/vulnerabilities/xss/csp-bypass/mathtag-pixel-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/mathtag-pixel-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,mathtag-pixel,dast + tags: xss,csp-bypass,mathtag-pixel flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/matomo-demo-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/matomo-demo-csp-bypass.yaml index e0d7b35f267..3c887f6144f 100644 --- a/dast/vulnerabilities/xss/csp-bypass/matomo-demo-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/matomo-demo-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,matomo-demo,dast + tags: xss,csp-bypass,matomo-demo flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/meetup-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/meetup-api-csp-bypass.yaml index a923d88083b..4cf33b5b30d 100644 --- a/dast/vulnerabilities/xss/csp-bypass/meetup-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/meetup-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,meetup-api,dast + tags: xss,csp-bypass,meetup-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/meteoprog-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/meteoprog-csp-bypass.yaml index 15609e9d8ae..839a4be365d 100644 --- a/dast/vulnerabilities/xss/csp-bypass/meteoprog-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/meteoprog-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,meteoprog,dast + tags: xss,csp-bypass,meteoprog flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/mi-huodong-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/mi-huodong-csp-bypass.yaml index 592e867c0ad..447811ad68a 100644 --- a/dast/vulnerabilities/xss/csp-bypass/mi-huodong-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/mi-huodong-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,mi-huodong,dast + tags: xss,csp-bypass,mi-huodong flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/microsoft-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/microsoft-api-csp-bypass.yaml index 97c9b3ee9be..309f2086846 100644 --- a/dast/vulnerabilities/xss/csp-bypass/microsoft-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/microsoft-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,microsoft-api,dast + tags: xss,csp-bypass,microsoft-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/microsofttranslator-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/microsofttranslator-api-csp-bypass.yaml index e0cac5bd959..803ebf8eba1 100644 --- a/dast/vulnerabilities/xss/csp-bypass/microsofttranslator-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/microsofttranslator-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,microsofttranslator-api,dast + tags: xss,csp-bypass,microsofttranslator-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/mixpanel-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/mixpanel-api-csp-bypass.yaml index 1d6e9e7a000..0bce89b82f6 100644 --- a/dast/vulnerabilities/xss/csp-bypass/mixpanel-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/mixpanel-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,mixpanel-api,dast + tags: xss,csp-bypass,mixpanel-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/moatads-geo-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/moatads-geo-csp-bypass.yaml index dc5967be77d..0bf7117b470 100644 --- a/dast/vulnerabilities/xss/csp-bypass/moatads-geo-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/moatads-geo-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,moatads-geo,dast + tags: xss,csp-bypass,moatads-geo flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/naver-global-apis-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/naver-global-apis-csp-bypass.yaml index 22a8bdf66c2..e9f947420a5 100644 --- a/dast/vulnerabilities/xss/csp-bypass/naver-global-apis-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/naver-global-apis-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,naver-global-apis,dast + tags: xss,csp-bypass,naver-global-apis flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/naver-like-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/naver-like-csp-bypass.yaml index 9e52e38601d..cfde67a97b8 100644 --- a/dast/vulnerabilities/xss/csp-bypass/naver-like-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/naver-like-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,naver-like,dast + tags: xss,csp-bypass,naver-like flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/olark-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/olark-api-csp-bypass.yaml index 231d7962d75..9ed5adc84ad 100644 --- a/dast/vulnerabilities/xss/csp-bypass/olark-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/olark-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,olark-api,dast + tags: xss,csp-bypass,olark-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/onetrust-geolocation-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/onetrust-geolocation-csp-bypass.yaml index 99223e2b5b7..42911d96495 100644 --- a/dast/vulnerabilities/xss/csp-bypass/onetrust-geolocation-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/onetrust-geolocation-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,onetrust-geolocation,dast + tags: xss,csp-bypass,onetrust-geolocation flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/openai-tcr9i-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/openai-tcr9i-csp-bypass.yaml index 1453d1ad059..8a514eefe38 100644 --- a/dast/vulnerabilities/xss/csp-bypass/openai-tcr9i-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/openai-tcr9i-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,openai-tcr9i,dast + tags: xss,csp-bypass,openai-tcr9i flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/opendatasoft-docs-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/opendatasoft-docs-csp-bypass.yaml index 29946f010fa..d78a7d15f6b 100644 --- a/dast/vulnerabilities/xss/csp-bypass/opendatasoft-docs-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/opendatasoft-docs-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,opendatasoft-docs,dast + tags: xss,csp-bypass,opendatasoft-docs flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/openexchangerates-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/openexchangerates-csp-bypass.yaml index e004520d0e8..3eebc6af365 100644 --- a/dast/vulnerabilities/xss/csp-bypass/openexchangerates-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/openexchangerates-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,openexchangerates,dast + tags: xss,csp-bypass,openexchangerates flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/openstreetmap-nominatim-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/openstreetmap-nominatim-csp-bypass.yaml index 02aff2484fe..67e3759d04d 100644 --- a/dast/vulnerabilities/xss/csp-bypass/openstreetmap-nominatim-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/openstreetmap-nominatim-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,openstreetmap-nominatim,dast + tags: xss,csp-bypass,openstreetmap-nominatim flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/ovoenergy-js-smb-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/ovoenergy-js-smb-csp-bypass.yaml index 2f585c6c5a1..1e6413c1b8f 100644 --- a/dast/vulnerabilities/xss/csp-bypass/ovoenergy-js-smb-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/ovoenergy-js-smb-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,ovoenergy-js-smb,dast + tags: xss,csp-bypass,ovoenergy-js-smb flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/parastorage-static-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/parastorage-static-csp-bypass.yaml index fc07ac32796..5880f5d0a3e 100644 --- a/dast/vulnerabilities/xss/csp-bypass/parastorage-static-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/parastorage-static-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,parastorage-static,dast + tags: xss,csp-bypass,parastorage-static flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/paypal-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/paypal-api-csp-bypass.yaml index 24ce5e53070..809d10e42b7 100644 --- a/dast/vulnerabilities/xss/csp-bypass/paypal-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/paypal-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,paypal-api,dast + tags: xss,csp-bypass,paypal-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/pbs-urs-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/pbs-urs-csp-bypass.yaml index bf6b7805cf5..ff02da6d7a5 100644 --- a/dast/vulnerabilities/xss/csp-bypass/pbs-urs-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/pbs-urs-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,pbs-urs,dast + tags: xss,csp-bypass,pbs-urs flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/pinterest-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/pinterest-api-csp-bypass.yaml index c973aa116d6..ac465d29ef0 100644 --- a/dast/vulnerabilities/xss/csp-bypass/pinterest-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/pinterest-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,pinterest-api,dast + tags: xss,csp-bypass,pinterest-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/pinterest-widgets-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/pinterest-widgets-csp-bypass.yaml index f4870ce3606..ef9ec5e54a4 100644 --- a/dast/vulnerabilities/xss/csp-bypass/pinterest-widgets-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/pinterest-widgets-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,pinterest-widgets,dast + tags: xss,csp-bypass,pinterest-widgets flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/pixplug-visitor-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/pixplug-visitor-csp-bypass.yaml index 0bcd2470d41..48c4b10a60a 100644 --- a/dast/vulnerabilities/xss/csp-bypass/pixplug-visitor-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/pixplug-visitor-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,pixplug-visitor,dast + tags: xss,csp-bypass,pixplug-visitor flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/qq-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/qq-csp-bypass.yaml index 46d6925c3c0..ce38ba5016b 100644 --- a/dast/vulnerabilities/xss/csp-bypass/qq-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/qq-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,qq,dast + tags: xss,csp-bypass,qq flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/quantserve-pixel-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/quantserve-pixel-csp-bypass.yaml index 8e1c81fbf20..d204328a634 100644 --- a/dast/vulnerabilities/xss/csp-bypass/quantserve-pixel-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/quantserve-pixel-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,quantserve-pixel,dast + tags: xss,csp-bypass,quantserve-pixel flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/quantserve-secure-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/quantserve-secure-csp-bypass.yaml index 778b1206701..0c3341b1d17 100644 --- a/dast/vulnerabilities/xss/csp-bypass/quantserve-secure-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/quantserve-secure-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,quantserve-secure,dast + tags: xss,csp-bypass,quantserve-secure flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/quantserve-segapi-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/quantserve-segapi-csp-bypass.yaml index 5adbaede304..b5c3087d1f5 100644 --- a/dast/vulnerabilities/xss/csp-bypass/quantserve-segapi-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/quantserve-segapi-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,quantserve-segapi,dast + tags: xss,csp-bypass,quantserve-segapi flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/recaptcha-net-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/recaptcha-net-csp-bypass.yaml index 87a21991257..1d692affd18 100644 --- a/dast/vulnerabilities/xss/csp-bypass/recaptcha-net-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/recaptcha-net-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,recaptcha-net,dast + tags: xss,csp-bypass,recaptcha-net flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/reddit-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/reddit-api-csp-bypass.yaml index 020fc276bd7..e65ebeec339 100644 --- a/dast/vulnerabilities/xss/csp-bypass/reddit-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/reddit-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,reddit-api,dast + tags: xss,csp-bypass,reddit-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/ring-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/ring-csp-bypass.yaml index 0ca63d95025..d180fde477f 100644 --- a/dast/vulnerabilities/xss/csp-bypass/ring-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/ring-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,ring,dast + tags: xss,csp-bypass,ring flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/roblox-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/roblox-api-csp-bypass.yaml index b394fdcccff..867d22e1b5f 100644 --- a/dast/vulnerabilities/xss/csp-bypass/roblox-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/roblox-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,roblox-api,dast + tags: xss,csp-bypass,roblox-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/samsung-shop-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/samsung-shop-csp-bypass.yaml index 45a82b8d290..2280fd6d013 100644 --- a/dast/vulnerabilities/xss/csp-bypass/samsung-shop-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/samsung-shop-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,samsung-shop,dast + tags: xss,csp-bypass,samsung-shop flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/servicenow-kbcprod-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/servicenow-kbcprod-csp-bypass.yaml index 658d3ba517a..a4ee5bf28b3 100644 --- a/dast/vulnerabilities/xss/csp-bypass/servicenow-kbcprod-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/servicenow-kbcprod-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,servicenow-kbcprod,dast + tags: xss,csp-bypass,servicenow-kbcprod flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/shopify-cdn-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/shopify-cdn-csp-bypass.yaml index ac07cabce60..7b8ef3321c5 100644 --- a/dast/vulnerabilities/xss/csp-bypass/shopify-cdn-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/shopify-cdn-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,shopify-cdn,dast + tags: xss,csp-bypass,shopify-cdn flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/shopify-thehive-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/shopify-thehive-csp-bypass.yaml index 7cf3209f695..e4750feb665 100644 --- a/dast/vulnerabilities/xss/csp-bypass/shopify-thehive-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/shopify-thehive-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,shopify-thehive,dast + tags: xss,csp-bypass,shopify-thehive flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/skimresources-r-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/skimresources-r-csp-bypass.yaml index 29ecdcc3c10..28823383d7a 100644 --- a/dast/vulnerabilities/xss/csp-bypass/skimresources-r-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/skimresources-r-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,skimresources-r,dast + tags: xss,csp-bypass,skimresources-r flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/skype-config-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/skype-config-csp-bypass.yaml index fee3b1c3681..158ee9d9720 100644 --- a/dast/vulnerabilities/xss/csp-bypass/skype-config-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/skype-config-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,skype-config,dast + tags: xss,csp-bypass,skype-config flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/snyk-go-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/snyk-go-csp-bypass.yaml index 79c4058561f..a0189c13392 100644 --- a/dast/vulnerabilities/xss/csp-bypass/snyk-go-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/snyk-go-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,snyk-go,dast + tags: xss,csp-bypass,snyk-go flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/soundcloud-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/soundcloud-csp-bypass.yaml index 7da985276a8..f66601972a0 100644 --- a/dast/vulnerabilities/xss/csp-bypass/soundcloud-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/soundcloud-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,soundcloud,dast + tags: xss,csp-bypass,soundcloud flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/st-angular-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/st-angular-csp-bypass.yaml index 40beecf3e9f..31abfc1646f 100644 --- a/dast/vulnerabilities/xss/csp-bypass/st-angular-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/st-angular-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,st-angular,dast + tags: xss,csp-bypass,st-angular flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/stackexchange-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/stackexchange-api-csp-bypass.yaml index 0cb07de64c8..6b81ae81500 100644 --- a/dast/vulnerabilities/xss/csp-bypass/stackexchange-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/stackexchange-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,stackexchange-api,dast + tags: xss,csp-bypass,stackexchange-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/swiftype-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/swiftype-api-csp-bypass.yaml index 791681b651d..4c461e3cb67 100644 --- a/dast/vulnerabilities/xss/csp-bypass/swiftype-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/swiftype-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,swiftype-api,dast + tags: xss,csp-bypass,swiftype-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/syncfusion-cdn-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/syncfusion-cdn-csp-bypass.yaml index ed59110f592..0c89988ffda 100644 --- a/dast/vulnerabilities/xss/csp-bypass/syncfusion-cdn-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/syncfusion-cdn-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,syncfusion-cdn,dast + tags: xss,csp-bypass,syncfusion-cdn flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/taobao-suggest-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/taobao-suggest-csp-bypass.yaml index 99e5a15c39e..a6450646a98 100644 --- a/dast/vulnerabilities/xss/csp-bypass/taobao-suggest-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/taobao-suggest-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,taobao-suggest,dast + tags: xss,csp-bypass,taobao-suggest flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/tealiumiq-visitor-service-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/tealiumiq-visitor-service-csp-bypass.yaml index a7813e5a76e..bfdefb4f606 100644 --- a/dast/vulnerabilities/xss/csp-bypass/tealiumiq-visitor-service-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/tealiumiq-visitor-service-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,tealiumiq-visitor-service,dast + tags: xss,csp-bypass,tealiumiq-visitor-service flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/tiktok-analytics-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/tiktok-analytics-csp-bypass.yaml index 1e74b816e59..b0004627942 100644 --- a/dast/vulnerabilities/xss/csp-bypass/tiktok-analytics-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/tiktok-analytics-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,tiktok-analytics,dast + tags: xss,csp-bypass,tiktok-analytics flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/tumblr-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/tumblr-api-csp-bypass.yaml index 733090e9768..9e89cbe8f82 100644 --- a/dast/vulnerabilities/xss/csp-bypass/tumblr-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/tumblr-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,tumblr-api,dast + tags: xss,csp-bypass,tumblr-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/twitter-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/twitter-api-csp-bypass.yaml index d464b928453..e9f618f515b 100644 --- a/dast/vulnerabilities/xss/csp-bypass/twitter-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/twitter-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,twitter-api,dast + tags: xss,csp-bypass,twitter-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/ulogin-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/ulogin-csp-bypass.yaml index ccb4d56409f..caf4ef18d38 100644 --- a/dast/vulnerabilities/xss/csp-bypass/ulogin-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/ulogin-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,ulogin,dast + tags: xss,csp-bypass,ulogin flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/unpkg-angular-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/unpkg-angular-csp-bypass.yaml index 337f8a9796c..ef6e9ef673f 100644 --- a/dast/vulnerabilities/xss/csp-bypass/unpkg-angular-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/unpkg-angular-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,unpkg-angular,dast + tags: xss,csp-bypass,unpkg-angular flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/unpkg-hyperscript-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/unpkg-hyperscript-csp-bypass.yaml index 740a1af4c98..391e88a31de 100644 --- a/dast/vulnerabilities/xss/csp-bypass/unpkg-hyperscript-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/unpkg-hyperscript-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,unpkg-hyperscript,dast + tags: xss,csp-bypass,unpkg-hyperscript flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/usersnap-widget-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/usersnap-widget-csp-bypass.yaml index 358974c46d9..6db7d6fbce6 100644 --- a/dast/vulnerabilities/xss/csp-bypass/usersnap-widget-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/usersnap-widget-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,usersnap-widget,dast + tags: xss,csp-bypass,usersnap-widget flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/vercel-storage-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/vercel-storage-csp-bypass.yaml index 3aa5f8d0ade..f0180c75d7f 100644 --- a/dast/vulnerabilities/xss/csp-bypass/vercel-storage-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/vercel-storage-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,vercel-storage,dast + tags: xss,csp-bypass,vercel-storage flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/vimeo-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/vimeo-csp-bypass.yaml index 551f864fe31..ee4e50546c7 100644 --- a/dast/vulnerabilities/xss/csp-bypass/vimeo-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/vimeo-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,vimeo,dast + tags: xss,csp-bypass,vimeo flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/virtualearth-dev-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/virtualearth-dev-csp-bypass.yaml index 0face449780..9d1f4f2ddc6 100644 --- a/dast/vulnerabilities/xss/csp-bypass/virtualearth-dev-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/virtualearth-dev-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,virtualearth-dev,dast + tags: xss,csp-bypass,virtualearth-dev flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/vk-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/vk-api-csp-bypass.yaml index dde7dd9f191..8074bd09221 100644 --- a/dast/vulnerabilities/xss/csp-bypass/vk-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/vk-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,vk-api,dast + tags: xss,csp-bypass,vk-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/wikipedia-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/wikipedia-api-csp-bypass.yaml index 9f07ad4264d..a9974e72ad5 100644 --- a/dast/vulnerabilities/xss/csp-bypass/wikipedia-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/wikipedia-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,wikipedia-api,dast + tags: xss,csp-bypass,wikipedia-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/wistia-fast-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/wistia-fast-csp-bypass.yaml index d22bf0886e0..90175899d70 100644 --- a/dast/vulnerabilities/xss/csp-bypass/wistia-fast-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/wistia-fast-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,wistia-fast,dast + tags: xss,csp-bypass,wistia-fast flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/wordpress-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/wordpress-api-csp-bypass.yaml index 35be7edd427..59d8b19c065 100644 --- a/dast/vulnerabilities/xss/csp-bypass/wordpress-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/wordpress-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,wordpress-api,dast + tags: xss,csp-bypass,wordpress-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/wordpress-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/wordpress-csp-bypass.yaml index 27013596d2e..bcfb7a34f91 100644 --- a/dast/vulnerabilities/xss/csp-bypass/wordpress-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/wordpress-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,wordpress,dast + tags: xss,csp-bypass,wordpress flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/wordpress-public-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/wordpress-public-api-csp-bypass.yaml index bcd876b21f5..13c2dbc3618 100644 --- a/dast/vulnerabilities/xss/csp-bypass/wordpress-public-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/wordpress-public-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,wordpress-public-api,dast + tags: xss,csp-bypass,wordpress-public-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/x-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/x-api-csp-bypass.yaml index 1a331de1831..7419da16486 100644 --- a/dast/vulnerabilities/xss/csp-bypass/x-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/x-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,x-api,dast + tags: xss,csp-bypass,x-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/yahoo-ads-yap-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/yahoo-ads-yap-csp-bypass.yaml index 27601782b5a..738f7b7c09b 100644 --- a/dast/vulnerabilities/xss/csp-bypass/yahoo-ads-yap-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/yahoo-ads-yap-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,yahoo-ads-yap,dast + tags: xss,csp-bypass,yahoo-ads-yap flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/yahoo-search-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/yahoo-search-csp-bypass.yaml index f21d6d3d0a0..015d2133146 100644 --- a/dast/vulnerabilities/xss/csp-bypass/yahoo-search-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/yahoo-search-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,yahoo-search,dast + tags: xss,csp-bypass,yahoo-search flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/yandex-mc-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/yandex-mc-csp-bypass.yaml index d52178c0d96..d80bd3cb003 100644 --- a/dast/vulnerabilities/xss/csp-bypass/yandex-mc-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/yandex-mc-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,yandex-mc,dast + tags: xss,csp-bypass,yandex-mc flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/yandex-social-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/yandex-social-csp-bypass.yaml index f1992fb5896..37c73b9ed8e 100644 --- a/dast/vulnerabilities/xss/csp-bypass/yandex-social-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/yandex-social-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,yandex-social,dast + tags: xss,csp-bypass,yandex-social flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/yandex-st-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/yandex-st-csp-bypass.yaml index 3f43740d17b..90d199ecd8f 100644 --- a/dast/vulnerabilities/xss/csp-bypass/yandex-st-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/yandex-st-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,yandex-st,dast + tags: xss,csp-bypass,yandex-st flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/yandex-translate-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/yandex-translate-csp-bypass.yaml index 188df432e7d..d91405d5fec 100644 --- a/dast/vulnerabilities/xss/csp-bypass/yandex-translate-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/yandex-translate-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,yandex-translate,dast + tags: xss,csp-bypass,yandex-translate flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/yandexcloud-smartcaptcha-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/yandexcloud-smartcaptcha-csp-bypass.yaml index 83392a53306..54e0951aa98 100644 --- a/dast/vulnerabilities/xss/csp-bypass/yandexcloud-smartcaptcha-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/yandexcloud-smartcaptcha-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,yandexcloud-smartcaptcha,dast + tags: xss,csp-bypass,yandexcloud-smartcaptcha flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/yastat-angular-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/yastat-angular-csp-bypass.yaml index c9af149a96e..67c5517b611 100644 --- a/dast/vulnerabilities/xss/csp-bypass/yastat-angular-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/yastat-angular-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,yastat-angular,dast + tags: xss,csp-bypass,yastat-angular flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/yastatic-angular-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/yastatic-angular-csp-bypass.yaml index aa38a0b05d6..b646638c755 100644 --- a/dast/vulnerabilities/xss/csp-bypass/yastatic-angular-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/yastatic-angular-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,yastatic-angular,dast + tags: xss,csp-bypass,yastatic-angular flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/youku-acs-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/youku-acs-csp-bypass.yaml index 9f9827ed12f..acdaea53a22 100644 --- a/dast/vulnerabilities/xss/csp-bypass/youku-acs-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/youku-acs-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,youku-acs,dast + tags: xss,csp-bypass,youku-acs flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/youtube-api-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/youtube-api-csp-bypass.yaml index c52978ea324..e01dba74ce0 100644 --- a/dast/vulnerabilities/xss/csp-bypass/youtube-api-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/youtube-api-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,youtube-api,dast + tags: xss,csp-bypass,youtube-api flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/youtube-suggestqueries-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/youtube-suggestqueries-csp-bypass.yaml index 363fa135946..d68cead2119 100644 --- a/dast/vulnerabilities/xss/csp-bypass/youtube-suggestqueries-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/youtube-suggestqueries-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,youtube-suggestqueries,dast + tags: xss,csp-bypass,youtube-suggestqueries flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/ytimg-s-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/ytimg-s-csp-bypass.yaml index 15ef953cb9a..4b773293514 100644 --- a/dast/vulnerabilities/xss/csp-bypass/ytimg-s-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/ytimg-s-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,ytimg-s,dast + tags: xss,csp-bypass,ytimg-s flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/yuedust-angular-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/yuedust-angular-csp-bypass.yaml index 4dbfb836ef4..4d68226b1c3 100644 --- a/dast/vulnerabilities/xss/csp-bypass/yuedust-angular-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/yuedust-angular-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,yuedust-angular,dast + tags: xss,csp-bypass,yuedust-angular flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/yugiohmonstrosdeduelo-blogger-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/yugiohmonstrosdeduelo-blogger-csp-bypass.yaml index 18593b3ecf4..7254e00f5aa 100644 --- a/dast/vulnerabilities/xss/csp-bypass/yugiohmonstrosdeduelo-blogger-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/yugiohmonstrosdeduelo-blogger-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,yugiohmonstrosdeduelo-blogger,dast + tags: xss,csp-bypass,yugiohmonstrosdeduelo-blogger flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/zendesk-support-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/zendesk-support-csp-bypass.yaml index 3fbd012e5e1..113f54846ae 100644 --- a/dast/vulnerabilities/xss/csp-bypass/zendesk-support-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/zendesk-support-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,zendesk-support,dast + tags: xss,csp-bypass,zendesk-support flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/zendesk-thiscanbeanything-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/zendesk-thiscanbeanything-csp-bypass.yaml index a106a37d02a..25b5259a87e 100644 --- a/dast/vulnerabilities/xss/csp-bypass/zendesk-thiscanbeanything-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/zendesk-thiscanbeanything-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,zendesk-thiscanbeanything,dast + tags: xss,csp-bypass,zendesk-thiscanbeanything flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/zhike-help-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/zhike-help-csp-bypass.yaml index 8eee8eb8dc6..b3bfb0ab37e 100644 --- a/dast/vulnerabilities/xss/csp-bypass/zhike-help-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/zhike-help-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,zhike-help,dast + tags: xss,csp-bypass,zhike-help flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/zhuanjia-sogou-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/zhuanjia-sogou-csp-bypass.yaml index 9ea45aa1352..bba2de09db3 100644 --- a/dast/vulnerabilities/xss/csp-bypass/zhuanjia-sogou-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/zhuanjia-sogou-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,zhuanjia-sogou,dast + tags: xss,csp-bypass,zhuanjia-sogou flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/csp-bypass/zoom-st3-csp-bypass.yaml b/dast/vulnerabilities/xss/csp-bypass/zoom-st3-csp-bypass.yaml index afac18b8f1d..81af9955381 100644 --- a/dast/vulnerabilities/xss/csp-bypass/zoom-st3-csp-bypass.yaml +++ b/dast/vulnerabilities/xss/csp-bypass/zoom-st3-csp-bypass.yaml @@ -8,7 +8,7 @@ info: - https://github.com/renniepak/CSPBypass/blob/main/data.tsv metadata: verified: true - tags: xss,csp-bypass,zoom-st3,dast + tags: xss,csp-bypass,zoom-st3 flow: http(1) && headless(1) diff --git a/dast/vulnerabilities/xss/reflected-xss.yaml b/dast/vulnerabilities/xss/reflected-xss.yaml index 6d1c325fedf..027697880f8 100644 --- a/dast/vulnerabilities/xss/reflected-xss.yaml +++ b/dast/vulnerabilities/xss/reflected-xss.yaml @@ -5,7 +5,7 @@ info: author: pdteam,0xKayala,AmirHossein Raeisi severity: medium metadata: - max-request: 3 + max-request: 1 tags: xss,rxss,dast variables: diff --git a/dast/vulnerabilities/xxe/generic-xxe.yaml b/dast/vulnerabilities/xxe/generic-xxe.yaml index 67c7218ede2..95bf781e623 100644 --- a/dast/vulnerabilities/xxe/generic-xxe.yaml +++ b/dast/vulnerabilities/xxe/generic-xxe.yaml @@ -7,7 +7,7 @@ info: reference: - https://github.com/andresriancho/w3af/blob/master/w3af/plugins/audit/xxe.py metadata: - max-request: 3 + max-request: 2 tags: dast,xxe variables: diff --git a/file/audit/iis/iis-directory-browsing.yaml b/file/audit/iis/iis-directory-browsing.yaml index 18ba2683033..0152bd2a42d 100644 --- a/file/audit/iis/iis-directory-browsing.yaml +++ b/file/audit/iis/iis-directory-browsing.yaml @@ -8,7 +8,7 @@ info: Ensures IIS directory browsing is disabled to prevent exposure of file structures. reference: - https://wiki.devsecopsguides.com/docs/checklists/iis/ - tags: iis,windows,file,hardening,audit + tags: iis,windows,file,hardening file: - extensions: diff --git a/file/audit/iis/iis-logging-disabled.yaml b/file/audit/iis/iis-logging-disabled.yaml index 76441d3183c..acb0350fc7f 100644 --- a/file/audit/iis/iis-logging-disabled.yaml +++ b/file/audit/iis/iis-logging-disabled.yaml @@ -8,7 +8,7 @@ info: Checks if IIS logging is disabled, which can hinder incident response. reference: - https://wiki.devsecopsguides.com/docs/checklists/iis/ - tags: iis,windows,security,hardening,logging,file,audit + tags: iis,windows,security,hardening,logging file: - extensions: diff --git a/file/audit/mongodb/file-mongodb-http-interface-enabled.yaml b/file/audit/mongodb/file-mongodb-http-interface-enabled.yaml index 1bac2379e31..723cfe68675 100644 --- a/file/audit/mongodb/file-mongodb-http-interface-enabled.yaml +++ b/file/audit/mongodb/file-mongodb-http-interface-enabled.yaml @@ -13,7 +13,7 @@ info: - https://www.mongodb.com/docs/manual/reference/configuration-options/ metadata: verified: true - tags: mongodb,config,file,hardening,audit + tags: mongodb,config,file,hardening file: - extensions: diff --git a/file/audit/nginx/file-missing-nginx-xss-protection.yaml b/file/audit/nginx/file-missing-nginx-xss-protection.yaml index e4125907bf5..c81b2201f4a 100644 --- a/file/audit/nginx/file-missing-nginx-xss-protection.yaml +++ b/file/audit/nginx/file-missing-nginx-xss-protection.yaml @@ -11,7 +11,7 @@ info: - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection metadata: verified: true - tags: audit,file,nginx,hardening,xss + tags: audit,file,nginx,hardening file: - extensions: diff --git a/file/logs/aspnet-framework-exceptions.yaml b/file/logs/aspnet-framework-exceptions.yaml index 16c69d0663a..6a8f46b9089 100644 --- a/file/logs/aspnet-framework-exceptions.yaml +++ b/file/logs/aspnet-framework-exceptions.yaml @@ -1,13 +1,14 @@ id: aspnet-framework-exceptions -info: - name: ASP.NET Framework Exceptions - author: Aayush Dhakal - severity: info - description: Detects suspicious ASP.NET framework exceptions that could indicate exploitation attempts - reference: - - https://docs.microsoft.com/en-us/dotnet/api/system.web.httpexception - tags: file,logs,aspnet +info: + name: ASP.NET Framework Exceptions + author: Aayush Dhakal + severity: info + description: Detects suspicious ASP.NET framework exceptions that could indicate exploitation attempts + reference: + - https://docs.microsoft.com/en-us/dotnet/api/system.web.httpexception + tags: file,logs,aspnet + file: - extensions: - all diff --git a/file/logs/nodejs-framework-exceptions.yaml b/file/logs/nodejs-framework-exceptions.yaml index 32d3d25ddf2..7726ac8fa2f 100644 --- a/file/logs/nodejs-framework-exceptions.yaml +++ b/file/logs/nodejs-framework-exceptions.yaml @@ -1,14 +1,15 @@ id: nodejs-framework-exceptions -info: - name: Node.js Framework Exceptions - author: Aayush Dhakal - severity: info - description: Detects suspicious Node.js framework exceptions that could indicate exploitation attempts - reference: - - https://expressjs.com/en/guide/error-handling.html - - https://nodejs.org/en/docs/guides - tags: file,logs,nodejs +info: + name: Node.js Framework Exceptions + author: Aayush Dhakal + severity: info + description: Detects suspicious Node.js framework exceptions that could indicate exploitation attempts + reference: + - https://expressjs.com/en/guide/error-handling.html + - https://nodejs.org/en/docs/guides + tags: file,logs,nodejs + file: - extensions: - all diff --git a/file/malware/hash/anthem-deeppanda-malware-hash.yaml b/file/malware/hash/anthem-deeppanda-malware-hash.yaml index dfefd61ee97..2533b7934b4 100644 --- a/file/malware/hash/anthem-deeppanda-malware-hash.yaml +++ b/file/malware/hash/anthem-deeppanda-malware-hash.yaml @@ -7,7 +7,7 @@ info: Anthem Hack Deep Panda - Trojan.Kakfum sqlsrv32.dll reference: - https://github.com/Yara-Rules/rules/blob/master/malware/APT_DeepPanda_Anthem.yar - tags: malware,deeppanda,file + tags: malware,deeppanda file: - extensions: diff --git a/file/malware/hash/applejeus-malware-hash.yaml b/file/malware/hash/applejeus-malware-hash.yaml index 7becad4a972..0eb591f0e60 100644 --- a/file/malware/hash/applejeus-malware-hash.yaml +++ b/file/malware/hash/applejeus-malware-hash.yaml @@ -6,7 +6,7 @@ info: description: Detects AppleJeus DLL samples reference: - https://github.com/volexity/threat-intel/blob/main/2022/2022-12-01%20Buyer%20Beware%20-%20Fake%20Cryptocurrency%20Applications%20Serving%20as%20Front%20for%20AppleJeus%20Malware/yara.yar - tags: malware,lazarus,file + tags: malware,lazarus file: - extensions: diff --git a/file/malware/hash/avburner-malware-hash.yaml b/file/malware/hash/avburner-malware-hash.yaml index 48501471269..118778d3305 100644 --- a/file/malware/hash/avburner-malware-hash.yaml +++ b/file/malware/hash/avburner-malware-hash.yaml @@ -6,7 +6,7 @@ info: description: Detects AVBurner based on a combination of API calls used, hard-coded strings, and bytecode patterns reference: - https://github.com/volexity/threat-intel/blob/main/2023/2023-03-07%20AVBurner/yara.yar - tags: malware,snakecharmer,file + tags: malware,snakecharmer file: - extensions: diff --git a/file/malware/hash/backwash-malware-hash.yaml b/file/malware/hash/backwash-malware-hash.yaml index 9475584099f..c1209a4d0a2 100644 --- a/file/malware/hash/backwash-malware-hash.yaml +++ b/file/malware/hash/backwash-malware-hash.yaml @@ -8,7 +8,7 @@ info: reference: - https://github.com/volexity/threat-intel/blob/main/2021/2021-12-06%20-%20XEGroup/indicators/yara.yar - https://blog.malwarebytes.com/threat-analysis/2020/07/credit-card-skimmer-targets-asp-net-sites/ - tags: malware,xegroup,file + tags: malware,xegroup file: - extensions: diff --git a/file/malware/hash/blackenergy-driver-amdide-hash.yaml b/file/malware/hash/blackenergy-driver-amdide-hash.yaml index ec814510bfd..139d39a9af1 100644 --- a/file/malware/hash/blackenergy-driver-amdide-hash.yaml +++ b/file/malware/hash/blackenergy-driver-amdide-hash.yaml @@ -7,7 +7,7 @@ info: Detects the AMDIDE driver from BlackEnergy malware reference: - http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/ - tags: malware,blackenergy,file + tags: malware,blackenergy file: - extensions: diff --git a/file/malware/hash/blackenergy-driver-malware-hash.yaml b/file/malware/hash/blackenergy-driver-malware-hash.yaml index cb31a80aae9..79f7a42cf3c 100644 --- a/file/malware/hash/blackenergy-driver-malware-hash.yaml +++ b/file/malware/hash/blackenergy-driver-malware-hash.yaml @@ -6,7 +6,7 @@ info: description: Auto-generated rule - detects BlackEnergy Driver USBMDM malware reference: - http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry - tags: malware,blackenergy,file + tags: malware,blackenergy file: - extensions: diff --git a/file/malware/hash/blackenergy-killdisk-malware-hash.yaml b/file/malware/hash/blackenergy-killdisk-malware-hash.yaml index ad0463e7747..43151510a5e 100644 --- a/file/malware/hash/blackenergy-killdisk-malware-hash.yaml +++ b/file/malware/hash/blackenergy-killdisk-malware-hash.yaml @@ -6,7 +6,7 @@ info: description: Detects KillDisk malware from BlackEnergy reference: - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Blackenergy.yar - tags: malware,blackenergy,file + tags: malware,blackenergy file: - extensions: diff --git a/file/malware/hash/blackenergy-ssh-malware-hash.yaml b/file/malware/hash/blackenergy-ssh-malware-hash.yaml index a8bec2a6968..bdd45f94f35 100644 --- a/file/malware/hash/blackenergy-ssh-malware-hash.yaml +++ b/file/malware/hash/blackenergy-ssh-malware-hash.yaml @@ -6,7 +6,7 @@ info: description: Detects the password of the backdoored DropBear SSH Server - BlackEnergy reference: - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Blackenergy.yar - tags: malware,blackenergy,file + tags: malware,blackenergy file: - extensions: diff --git a/file/malware/hash/blackenergy-vbs-malware-hash.yaml b/file/malware/hash/blackenergy-vbs-malware-hash.yaml index d658cf8ba65..c9c4725c016 100644 --- a/file/malware/hash/blackenergy-vbs-malware-hash.yaml +++ b/file/malware/hash/blackenergy-vbs-malware-hash.yaml @@ -6,7 +6,7 @@ info: description: Detects VBS Agent from BlackEnergy Report - file Dropbearrun.vbs reference: - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Blackenergy.yar - tags: malware,blackenergy,file + tags: malware,blackenergy file: - extensions: diff --git a/file/malware/hash/bluelight-malware-hash.yaml b/file/malware/hash/bluelight-malware-hash.yaml index bc5c5297c7c..8cead6028a4 100644 --- a/file/malware/hash/bluelight-malware-hash.yaml +++ b/file/malware/hash/bluelight-malware-hash.yaml @@ -6,7 +6,7 @@ info: description: North Korean origin malware which uses a custom Google App for C2 communications. reference: - https://github.com/volexity/threat-intel/blob/main/2021/2021-08-17%20-%20InkySquid%20Part%201/indicators/yara.yar - tags: malware,inkysquid,file + tags: malware,inkysquid file: - extensions: diff --git a/file/malware/hash/bluetermite-emdivi-malware-hash.yaml b/file/malware/hash/bluetermite-emdivi-malware-hash.yaml index 24d894b576a..dcd5424840f 100644 --- a/file/malware/hash/bluetermite-emdivi-malware-hash.yaml +++ b/file/malware/hash/bluetermite-emdivi-malware-hash.yaml @@ -6,7 +6,7 @@ info: reference: - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Bluetermite_Emdivi.yar - https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/ - tags: malware,bluetermite,file + tags: malware,bluetermite file: - extensions: diff --git a/file/malware/hash/bluetermite-emdivi-sfx-hash.yaml b/file/malware/hash/bluetermite-emdivi-sfx-hash.yaml index 6bfa7846b2c..02700d93a65 100644 --- a/file/malware/hash/bluetermite-emdivi-sfx-hash.yaml +++ b/file/malware/hash/bluetermite-emdivi-sfx-hash.yaml @@ -6,7 +6,7 @@ info: reference: - https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/ - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Bluetermite_Emdivi.yar - tags: malware,bluetermite,file + tags: malware,bluetermite file: - extensions: diff --git a/file/malware/hash/charmingcypress-malware-hash.yaml b/file/malware/hash/charmingcypress-malware-hash.yaml index 1d8a2cd4c45..e7745a3c44a 100644 --- a/file/malware/hash/charmingcypress-malware-hash.yaml +++ b/file/malware/hash/charmingcypress-malware-hash.yaml @@ -5,7 +5,7 @@ info: severity: info reference: - https://github.com/volexity/threat-intel/blob/main/2024/2024-02-13%20CharmingCypress/rules.yar - tags: malware,cypress,file + tags: malware,cypress file: - extensions: diff --git a/file/malware/hash/cheshirecat-malware-hash.yaml b/file/malware/hash/cheshirecat-malware-hash.yaml index 64d7166977d..f928f5c7ce8 100644 --- a/file/malware/hash/cheshirecat-malware-hash.yaml +++ b/file/malware/hash/cheshirecat-malware-hash.yaml @@ -6,7 +6,7 @@ info: reference: - https://malware-research.org/prepare-father-of-stuxnet-news-are-coming/ - https://github.com/Yara-Rules/rules/blob/master/malware/APT_CheshireCat.yar - tags: malware,apt,file + tags: malware,apt file: - extensions: diff --git a/file/malware/hash/cloudduke-malware-hash.yaml b/file/malware/hash/cloudduke-malware-hash.yaml index a2de6acaf20..1f9294d1253 100644 --- a/file/malware/hash/cloudduke-malware-hash.yaml +++ b/file/malware/hash/cloudduke-malware-hash.yaml @@ -6,7 +6,7 @@ info: reference: - https://www.f-secure.com/weblog/archives/00002822.html - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Cloudduke.yar - tags: malware,apt,file + tags: malware,apt file: - extensions: diff --git a/file/malware/hash/codoso-gh0st-malware.yaml b/file/malware/hash/codoso-gh0st-malware.yaml index 7985279beb3..f4af732c4dc 100644 --- a/file/malware/hash/codoso-gh0st-malware.yaml +++ b/file/malware/hash/codoso-gh0st-malware.yaml @@ -6,7 +6,7 @@ info: reference: - https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Codoso.yar - tags: malware,apt,codoso,file + tags: malware,apt,codoso file: - extensions: diff --git a/file/malware/hash/codoso-malware-hash.yaml b/file/malware/hash/codoso-malware-hash.yaml index 60b91f8ad1a..11f0e7a696b 100644 --- a/file/malware/hash/codoso-malware-hash.yaml +++ b/file/malware/hash/codoso-malware-hash.yaml @@ -8,7 +8,7 @@ info: reference: - https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Codoso.yar - tags: malware,apt,codoso,file + tags: malware,apt,codoso file: - extensions: diff --git a/file/malware/hash/codoso-pgv-malware-hash.yaml b/file/malware/hash/codoso-pgv-malware-hash.yaml index 7b39e642201..4b2170ae4fd 100644 --- a/file/malware/hash/codoso-pgv-malware-hash.yaml +++ b/file/malware/hash/codoso-pgv-malware-hash.yaml @@ -8,7 +8,7 @@ info: reference: - https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Codoso.yar - tags: malware,apt,codoso,file + tags: malware,apt,codoso file: - extensions: diff --git a/file/malware/hash/codoso-plugx-malware-hash.yaml b/file/malware/hash/codoso-plugx-malware-hash.yaml index d91a88cfeda..eb32cfab520 100644 --- a/file/malware/hash/codoso-plugx-malware-hash.yaml +++ b/file/malware/hash/codoso-plugx-malware-hash.yaml @@ -8,7 +8,7 @@ info: reference: - https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Codoso.yar - tags: malware,apt,codoso,file + tags: malware,apt,codoso file: - extensions: diff --git a/file/malware/hash/disgomoji-malware-hash.yaml b/file/malware/hash/disgomoji-malware-hash.yaml index 8c0d2828d8b..400609515fd 100644 --- a/file/malware/hash/disgomoji-malware-hash.yaml +++ b/file/malware/hash/disgomoji-malware-hash.yaml @@ -6,7 +6,7 @@ info: description: Detects DISGOMOJI modules based on strings in the ELF. reference: - https://github.com/volexity/threat-intel/blob/main/2024/2024-06-13%20DISGOMOJI/indicators/rules.yar - tags: malware,disgomoji,file + tags: malware,disgomoji file: - extensions: diff --git a/file/malware/hash/dubnium-malware-hash.yaml b/file/malware/hash/dubnium-malware-hash.yaml index 706d9683933..8bd79e721dc 100644 --- a/file/malware/hash/dubnium-malware-hash.yaml +++ b/file/malware/hash/dubnium-malware-hash.yaml @@ -8,7 +8,7 @@ info: reference: - https://goo.gl/AW9Cuu - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Dubnium.yar - tags: malware,dubnium,file + tags: malware,dubnium file: - extensions: diff --git a/file/malware/hash/dubnium-sshopenssl-malware-hash.yaml b/file/malware/hash/dubnium-sshopenssl-malware-hash.yaml index 5955e86c5c8..11eff191794 100644 --- a/file/malware/hash/dubnium-sshopenssl-malware-hash.yaml +++ b/file/malware/hash/dubnium-sshopenssl-malware-hash.yaml @@ -8,7 +8,7 @@ info: reference: - https://goo.gl/AW9Cuu - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Dubnium.yar - tags: malware,Dubnium,apt,file + tags: malware,Dubnium,apt file: - extensions: diff --git a/file/malware/hash/emissary-malware-hash.yaml b/file/malware/hash/emissary-malware-hash.yaml index 484d2ac7a3d..b617903185b 100644 --- a/file/malware/hash/emissary-malware-hash.yaml +++ b/file/malware/hash/emissary-malware-hash.yaml @@ -8,7 +8,7 @@ info: reference: - http://goo.gl/V0epcf - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Emissary.yar - tags: malware,emissary,apt,file + tags: malware,emissary,apt file: - extensions: diff --git a/file/malware/hash/evilbamboo-malware-hash.yaml b/file/malware/hash/evilbamboo-malware-hash.yaml index edc0c86d2a2..f3e3590deee 100644 --- a/file/malware/hash/evilbamboo-malware-hash.yaml +++ b/file/malware/hash/evilbamboo-malware-hash.yaml @@ -8,7 +8,7 @@ info: reference: - https://github.com/volexity/threat-intel/blob/main/2023/2023-09-22%20EvilBamboo/indicators/rules.yar - https://www.lookout.com/blog/uyghur-surveillance-campaign-badbazaar-moonshine - tags: malware,evilbamboo,file + tags: malware,evilbamboo file: - extensions: diff --git a/file/malware/hash/fakem-malware-hash.yaml b/file/malware/hash/fakem-malware-hash.yaml index 895d78f7fb6..84d88c94f88 100644 --- a/file/malware/hash/fakem-malware-hash.yaml +++ b/file/malware/hash/fakem-malware-hash.yaml @@ -8,7 +8,7 @@ info: reference: - http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/ - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_FakeM.yar - tags: malware,apt,fakem,file + tags: malware,apt,fakem file: - extensions: diff --git a/file/malware/hash/flipflop-malware-hash.yaml b/file/malware/hash/flipflop-malware-hash.yaml index 9b9399c3321..fcfb5bc7fc4 100644 --- a/file/malware/hash/flipflop-malware-hash.yaml +++ b/file/malware/hash/flipflop-malware-hash.yaml @@ -6,7 +6,7 @@ info: description: A loader for the CobaltStrike malware family, which ultimately takes the first and second bytes of an embedded file, and flips them prior to executing the resulting payload. reference: - https://github.com/volexity/threat-intel/blob/main/2021/2021-05-27%20-%20Suspected%20APT29%20Operation%20Launches%20Election%20Fraud%20Themed%20Phishing%20Campaigns/indicators/yara.yar - tags: malware,apt29,cobaltstrike,file + tags: malware,apt29,cobaltstrike file: - extensions: diff --git a/file/malware/hash/furtim-malware-hash.yaml b/file/malware/hash/furtim-malware-hash.yaml index 5ba6cf84a4b..c7a5b7bcf4f 100644 --- a/file/malware/hash/furtim-malware-hash.yaml +++ b/file/malware/hash/furtim-malware-hash.yaml @@ -8,7 +8,7 @@ info: reference: - https://sentinelone.com/blogs/sfg-furtims-parent/ - https://github.com/Yara-Rules/rules/blob/master/malware/APT_furtim.yar - tags: malware,apt,furtim,file + tags: malware,apt,furtim file: - extensions: diff --git a/file/malware/hash/gimmick-malware-hash.yaml b/file/malware/hash/gimmick-malware-hash.yaml index 1329e3241e9..2381a68d573 100644 --- a/file/malware/hash/gimmick-malware-hash.yaml +++ b/file/malware/hash/gimmick-malware-hash.yaml @@ -6,7 +6,7 @@ info: description: Detects the macOS port of the GIMMICK malware. reference: - https://github.com/volexity/threat-intel/blob/main/2022/2022-03-22%20GIMMICK/indicators/yara.yar - tags: malware,stormcloud,file + tags: malware,stormcloud file: - extensions: diff --git a/file/malware/hash/godzilla-webshell-hash.yaml b/file/malware/hash/godzilla-webshell-hash.yaml index 49b8dfbe65c..3da0c4bab9a 100644 --- a/file/malware/hash/godzilla-webshell-hash.yaml +++ b/file/malware/hash/godzilla-webshell-hash.yaml @@ -7,7 +7,7 @@ info: reference: - https://github.com/volexity/threat-intel/blob/main/2022/2022-08-10%20Mass%20exploitation%20of%20(Un)authenticated%20Zimbra%20RCE%20CVE-2022-27925/yara.yar - https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/ - tags: malware,webshells,file + tags: malware,webshells file: - extensions: diff --git a/file/malware/hash/greenbug-malware-hash.yaml b/file/malware/hash/greenbug-malware-hash.yaml index 97ed96e131e..6b51e3bb2ee 100644 --- a/file/malware/hash/greenbug-malware-hash.yaml +++ b/file/malware/hash/greenbug-malware-hash.yaml @@ -8,7 +8,7 @@ info: reference: - https://goo.gl/urp4CD - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Greenbug.yar - tags: malware,Greenbug,file + tags: malware,Greenbug file: - extensions: diff --git a/file/malware/hash/ico-malware-hash.yaml b/file/malware/hash/ico-malware-hash.yaml index 0c7f1c84c96..4b38c400666 100644 --- a/file/malware/hash/ico-malware-hash.yaml +++ b/file/malware/hash/ico-malware-hash.yaml @@ -6,7 +6,7 @@ info: description: Detection of malicious ICO files used in 3CX compromise reference: - https://github.com/volexity/threat-intel/blob/main/2023/2023-03-30%203CX/indicators/rules.yar - tags: malware,uta0040,file + tags: malware,uta0040 file: - extensions: diff --git a/file/malware/hash/industroyer-malware-hash.yaml b/file/malware/hash/industroyer-malware-hash.yaml index c3e16c5924f..dd8bdacfd68 100644 --- a/file/malware/hash/industroyer-malware-hash.yaml +++ b/file/malware/hash/industroyer-malware-hash.yaml @@ -7,7 +7,7 @@ info: reference: - https://goo.gl/x81cSy - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Industroyer.yar - tags: malware,industroyer,apt,file + tags: malware,industroyer,apt file: - extensions: diff --git a/file/malware/hash/ironPanda-htran-malware-hash.yaml b/file/malware/hash/ironPanda-htran-malware-hash.yaml index 1e0fb6d337d..a56a2bc894e 100644 --- a/file/malware/hash/ironPanda-htran-malware-hash.yaml +++ b/file/malware/hash/ironPanda-htran-malware-hash.yaml @@ -8,7 +8,7 @@ info: reference: - https://goo.gl/E4qia9 - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Irontiger.yar - tags: malware,ironpanda,file + tags: malware,ironpanda file: - extensions: diff --git a/file/malware/hash/ironpanda-dnstunclient-malware-hash.yaml b/file/malware/hash/ironpanda-dnstunclient-malware-hash.yaml index b92c6656938..103d14454d4 100644 --- a/file/malware/hash/ironpanda-dnstunclient-malware-hash.yaml +++ b/file/malware/hash/ironpanda-dnstunclient-malware-hash.yaml @@ -8,7 +8,7 @@ info: reference: - https://goo.gl/E4qia9 - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Irontiger.yar - tags: malware,ironpanda,file + tags: malware,ironpanda file: - extensions: diff --git a/file/malware/hash/ironpanda-malware-hash.yaml b/file/malware/hash/ironpanda-malware-hash.yaml index ea90ba98810..ab149842211 100644 --- a/file/malware/hash/ironpanda-malware-hash.yaml +++ b/file/malware/hash/ironpanda-malware-hash.yaml @@ -6,7 +6,7 @@ info: description: Iron Panda Malware reference: - https://goo.gl/E4qia9 - tags: malware,IronPanda,file + tags: malware,IronPanda file: - extensions: diff --git a/file/malware/hash/locky-ransomware-hash.yaml b/file/malware/hash/locky-ransomware-hash.yaml index 7c31d7a7772..6625218de2b 100644 --- a/file/malware/hash/locky-ransomware-hash.yaml +++ b/file/malware/hash/locky-ransomware-hash.yaml @@ -8,7 +8,7 @@ info: reference: - https://goo.gl/qScSrE - https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_Locky.yar - tags: ransomware,malware,file + tags: ransomware,malware file: - extensions: diff --git a/file/malware/hash/minidionis-readerview-malware-hash.yaml b/file/malware/hash/minidionis-readerview-malware-hash.yaml index 0c4ae56487b..39497c12106 100644 --- a/file/malware/hash/minidionis-readerview-malware-hash.yaml +++ b/file/malware/hash/minidionis-readerview-malware-hash.yaml @@ -8,7 +8,7 @@ info: reference: - http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3950 - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Minidionis.yar - tags: malware,minidionis,file + tags: malware,minidionis file: - extensions: diff --git a/file/malware/hash/minidionis-vbs-malware-hash.yaml b/file/malware/hash/minidionis-vbs-malware-hash.yaml index 53a398378ca..d68e94fd3d8 100644 --- a/file/malware/hash/minidionis-vbs-malware-hash.yaml +++ b/file/malware/hash/minidionis-vbs-malware-hash.yaml @@ -7,7 +7,7 @@ info: reference: - https://malwr.com/analysis/ZDc4ZmIyZDI4MTVjNGY5NWI0YzE3YjIzNGFjZTcyYTY/ - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Minidionis.yar - tags: malware,minidionis,file + tags: malware,minidionis file: - extensions: diff --git a/file/malware/hash/naikon-apt-malware-hash.yaml b/file/malware/hash/naikon-apt-malware-hash.yaml index 19328b9bb0c..86d18f3c1ea 100644 --- a/file/malware/hash/naikon-apt-malware-hash.yaml +++ b/file/malware/hash/naikon-apt-malware-hash.yaml @@ -5,7 +5,7 @@ info: severity: info reference: - https://goo.gl/7vHyvh - tags: malware,naikon,file + tags: malware,naikon file: - extensions: diff --git a/file/malware/hash/neuron2-malware-hash.yaml b/file/malware/hash/neuron2-malware-hash.yaml index 1911557bc06..53988f9688b 100644 --- a/file/malware/hash/neuron2-malware-hash.yaml +++ b/file/malware/hash/neuron2-malware-hash.yaml @@ -6,7 +6,7 @@ info: reference: | - https://www.ncsc.gov.uk/alerts/turla-group-malware - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Turla_Neuron.yar - tags: malware,turla,neuron2,apt,file + tags: malware,turla,neuron2,apt file: - extensions: diff --git a/file/malware/hash/oilrig-malware-hash.yaml b/file/malware/hash/oilrig-malware-hash.yaml index 3c18fe3c80a..20371581c9a 100644 --- a/file/malware/hash/oilrig-malware-hash.yaml +++ b/file/malware/hash/oilrig-malware-hash.yaml @@ -8,7 +8,7 @@ info: reference: - https://goo.gl/QMRZ8K - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Oilrig.yar - tags: malware,oilrig,apt,file + tags: malware,oilrig,apt file: - extensions: diff --git a/file/malware/hash/passcv-ntscan-malware-hash.yaml b/file/malware/hash/passcv-ntscan-malware-hash.yaml index e6d65ecb24c..c1d595d96dd 100644 --- a/file/malware/hash/passcv-ntscan-malware-hash.yaml +++ b/file/malware/hash/passcv-ntscan-malware-hash.yaml @@ -7,7 +7,7 @@ info: reference: - https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Passcv.yar - tags: malware,passcv,file + tags: malware,passcv file: - extensions: diff --git a/file/malware/hash/passcv-sabre-malware-hash.yaml b/file/malware/hash/passcv-sabre-malware-hash.yaml index 42b1ec57642..6d93ca5e59f 100644 --- a/file/malware/hash/passcv-sabre-malware-hash.yaml +++ b/file/malware/hash/passcv-sabre-malware-hash.yaml @@ -8,7 +8,7 @@ info: reference: - https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Passcv.yar - tags: malware,passcv,file + tags: malware,passcv file: - extensions: diff --git a/file/malware/hash/passcv-signingcert-malware-hash.yaml b/file/malware/hash/passcv-signingcert-malware-hash.yaml index 63ff550e2b3..0160d8202a8 100644 --- a/file/malware/hash/passcv-signingcert-malware-hash.yaml +++ b/file/malware/hash/passcv-signingcert-malware-hash.yaml @@ -8,7 +8,7 @@ info: reference: - https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Passcv.yar - tags: malware,passcv,file + tags: malware,passcv file: - extensions: diff --git a/file/malware/hash/petya-ransomware-hash.yaml b/file/malware/hash/petya-ransomware-hash.yaml index bcd290868d0..e4ed63144ee 100644 --- a/file/malware/hash/petya-ransomware-hash.yaml +++ b/file/malware/hash/petya-ransomware-hash.yaml @@ -7,7 +7,7 @@ info: Detects Petya Ransomware. reference: - http://www.heise.de/newsticker/meldung/Erpressungs-Trojaner-Petya-riegelt-den-gesamten-Rechner-ab-3150917.html - tags: ransomware,malware,file + tags: ransomware,malware file: - extensions: diff --git a/file/malware/hash/poseidongroup-maldoc-malware-hash.yaml b/file/malware/hash/poseidongroup-maldoc-malware-hash.yaml index d75406aa8c3..64afc47e386 100644 --- a/file/malware/hash/poseidongroup-maldoc-malware-hash.yaml +++ b/file/malware/hash/poseidongroup-maldoc-malware-hash.yaml @@ -7,7 +7,7 @@ info: reference: - https://securelist.com/blog/research/73673/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/ - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Poseidon_Group.yar - tags: malware,poseidon,file + tags: malware,poseidon file: - extensions: diff --git a/file/malware/hash/poseidongroup-malware-hash.yaml b/file/malware/hash/poseidongroup-malware-hash.yaml index a92cf52e57b..f1db153c092 100644 --- a/file/malware/hash/poseidongroup-malware-hash.yaml +++ b/file/malware/hash/poseidongroup-malware-hash.yaml @@ -7,7 +7,7 @@ info: reference: - https://securelist.com/blog/research/73673/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/ - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Poseidon_Group.yar - tags: malware,file + tags: malware file: - extensions: diff --git a/file/malware/hash/powerstar-malware-hash.yaml b/file/malware/hash/powerstar-malware-hash.yaml index 7b095b4cf4f..d1ff131ea8b 100644 --- a/file/malware/hash/powerstar-malware-hash.yaml +++ b/file/malware/hash/powerstar-malware-hash.yaml @@ -6,7 +6,7 @@ info: description: Detects the batch script used to persist PowerStar via Startup. reference: - https://github.com/volexity/threat-intel/blob/main/2023/2023-06-28%20POWERSTAR/indicators/rules.yar - tags: malware,charmingkitten,file + tags: malware,charmingkitten file: - extensions: diff --git a/file/malware/hash/purplewave-malware-hash.yaml b/file/malware/hash/purplewave-malware-hash.yaml index 95ed43b0970..29fe1cad9ad 100644 --- a/file/malware/hash/purplewave-malware-hash.yaml +++ b/file/malware/hash/purplewave-malware-hash.yaml @@ -6,7 +6,7 @@ info: reference: - https://twitter.com/3xp0rtblog/status/1289125217751781376 - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_PurpleWave.yar - tags: malware,apt,purplewave,file + tags: malware,apt,purplewave file: - extensions: diff --git a/file/malware/hash/red-leaves-malware-hash.yaml b/file/malware/hash/red-leaves-malware-hash.yaml index 62cdd96d2dd..e31fa82be24 100644 --- a/file/malware/hash/red-leaves-malware-hash.yaml +++ b/file/malware/hash/red-leaves-malware-hash.yaml @@ -8,7 +8,7 @@ info: reference: - https://www.virustotal.com/ - https://github.com/Yara-Rules/rules/blob/master/malware/APT_RedLeaves.yar - tags: malware,apt,red-leaves,file + tags: malware,apt,red-leaves file: - extensions: diff --git a/file/malware/hash/regeorg-webshell-hash.yaml b/file/malware/hash/regeorg-webshell-hash.yaml index c66fd26955a..faac4fc0263 100644 --- a/file/malware/hash/regeorg-webshell-hash.yaml +++ b/file/malware/hash/regeorg-webshell-hash.yaml @@ -7,7 +7,7 @@ info: reference: - https://github.com/volexity/threat-intel/blob/main/2022/2022-08-10%20Mass%20exploitation%20of%20(Un)authenticated%20Zimbra%20RCE%20CVE-2022-27925/yara.yar - https://github.com/SecWiki/WebShell-2/blob/master/reGeorg-master/tunnel.jsp - tags: malware,webshells,file + tags: malware,webshells file: - extensions: diff --git a/file/malware/hash/revil-ransomware-hash.yaml b/file/malware/hash/revil-ransomware-hash.yaml index cf92e8a2531..025ab103b78 100644 --- a/file/malware/hash/revil-ransomware-hash.yaml +++ b/file/malware/hash/revil-ransomware-hash.yaml @@ -3,11 +3,13 @@ info: name: Revil Ransomware Hash - Detect author: pussycat0x severity: info - description: Detect Revil Ransomware. + description: + Detect Revil Ransomware. reference: - https://angle.ankura.com/post/102hcny/revix-linux-ransomware - https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_Revix.yar - tags: ransomware,malware,file + tags: ransomware,malware + file: - extensions: - all diff --git a/file/malware/hash/rokrat-malware-hash.yaml b/file/malware/hash/rokrat-malware-hash.yaml index dbb36ccf6a4..95e16ea0ee7 100644 --- a/file/malware/hash/rokrat-malware-hash.yaml +++ b/file/malware/hash/rokrat-malware-hash.yaml @@ -8,7 +8,7 @@ info: reference: - https://www.carbonblack.com/2018/02/27/threat-analysis-rokrat-malware/ - https://github.com/Yara-Rules/rules/blob/master/malware/APT_DPRK_ROKRAT.yar - tags: malware,taudprkapt,file + tags: malware,taudprkapt file: - extensions: diff --git a/file/malware/hash/sauron-malware-hash.yaml b/file/malware/hash/sauron-malware-hash.yaml index e75d9b853ed..5e16582642e 100644 --- a/file/malware/hash/sauron-malware-hash.yaml +++ b/file/malware/hash/sauron-malware-hash.yaml @@ -7,7 +7,7 @@ info: reference: - https://goo.gl/eFoP4A - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Sauron_extras.yar - tags: malware,apt,sauron,file + tags: malware,apt,sauron file: - extensions: diff --git a/file/malware/hash/seaduke-malware-hash.yaml b/file/malware/hash/seaduke-malware-hash.yaml index 4bf30b79cdb..bc424976973 100644 --- a/file/malware/hash/seaduke-malware-hash.yaml +++ b/file/malware/hash/seaduke-malware-hash.yaml @@ -6,7 +6,7 @@ info: reference: | http://goo.gl/MJ0c2M https://github.com/Yara-Rules/rules/blob/master/malware/APT_Seaduke.yar - tags: malware,seaduke,file + tags: malware,seaduke file: - extensions: diff --git a/file/malware/hash/sfx1-malware-hash.yaml b/file/malware/hash/sfx1-malware-hash.yaml index 9dd26ce091b..bfe4f148df1 100644 --- a/file/malware/hash/sfx1-malware-hash.yaml +++ b/file/malware/hash/sfx1-malware-hash.yaml @@ -7,7 +7,7 @@ info: reference: - http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3950 - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Minidionis.yar - tags: malware,sfx1,file + tags: malware,sfx1 file: - extensions: diff --git a/file/malware/hash/sfxrar-acrotray-malware-hash.yaml b/file/malware/hash/sfxrar-acrotray-malware-hash.yaml index fc5682774aa..5e1c51687fc 100644 --- a/file/malware/hash/sfxrar-acrotray-malware-hash.yaml +++ b/file/malware/hash/sfxrar-acrotray-malware-hash.yaml @@ -6,7 +6,7 @@ info: reference: - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Cloudduke.yar - https://www.f-secure.com/weblog/archives/00002822.html - tags: malware,apt,sfx,file + tags: malware,apt,sfx file: - extensions: diff --git a/file/malware/hash/sharpext-malware-hash.yaml b/file/malware/hash/sharpext-malware-hash.yaml index 3f5f13b09a9..23e264faccb 100644 --- a/file/malware/hash/sharpext-malware-hash.yaml +++ b/file/malware/hash/sharpext-malware-hash.yaml @@ -6,7 +6,7 @@ info: description: A malicious Chrome browser extension used by the SharpTongue threat actor to steal mail data from a victim. reference: - https://github.com/volexity/threat-intel/blob/main/2022/2022-07-28%20SharpTongue%20SharpTongue%20Deploys%20Clever%20Mail-Stealing%20Browser%20Extension%20SHARPEXT/yara.yar - tags: malware,sharptongue,file + tags: malware,sharptongue file: - extensions: diff --git a/file/malware/hash/sofacy-Winexe-malware-hash.yaml b/file/malware/hash/sofacy-Winexe-malware-hash.yaml index fc45cde8e44..49903ff2c58 100644 --- a/file/malware/hash/sofacy-Winexe-malware-hash.yaml +++ b/file/malware/hash/sofacy-Winexe-malware-hash.yaml @@ -8,7 +8,7 @@ info: reference: | - http://dokumente.linksfraktion.de/inhalt/report-orig.pdf - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Sofacy_Bundestag.yar - tags: malware,sofacy,file + tags: malware,sofacy file: - extensions: diff --git a/file/malware/hash/sofacy-bundestag-malware-hash.yaml b/file/malware/hash/sofacy-bundestag-malware-hash.yaml index e56230dabda..ca789726041 100644 --- a/file/malware/hash/sofacy-bundestag-malware-hash.yaml +++ b/file/malware/hash/sofacy-bundestag-malware-hash.yaml @@ -8,7 +8,7 @@ info: reference: | - http://dokumente.linksfraktion.de/inhalt/report-orig.pdf - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Sofacy_Bundestag.yar - tags: malware,sofacy,file + tags: malware,sofacy file: - extensions: diff --git a/file/malware/hash/sofacy-fybis-malware-hash.yaml b/file/malware/hash/sofacy-fybis-malware-hash.yaml index e1b9de548f0..45ffc514a38 100644 --- a/file/malware/hash/sofacy-fybis-malware-hash.yaml +++ b/file/malware/hash/sofacy-fybis-malware-hash.yaml @@ -6,7 +6,7 @@ info: reference: | - http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/ - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Sofacy_Fysbis.yar - tags: malware,sofacy,file + tags: malware,sofacy file: - extensions: diff --git a/file/malware/hash/tidepool-malware-hash.yaml b/file/malware/hash/tidepool-malware-hash.yaml index a37a1387499..3a9380fcf7d 100644 --- a/file/malware/hash/tidepool-malware-hash.yaml +++ b/file/malware/hash/tidepool-malware-hash.yaml @@ -8,7 +8,7 @@ info: reference: - http://goo.gl/m2CXWR - https://github.com/Yara-Rules/rules/blob/master/malware/APT_Ke3Chang_TidePool.yar - tags: malware,tidepool,file + tags: malware,tidepool file: - extensions: diff --git a/file/malware/hash/turla-malware-hash.yaml b/file/malware/hash/turla-malware-hash.yaml index 9fe29349206..0754fae8dbb 100644 --- a/file/malware/hash/turla-malware-hash.yaml +++ b/file/malware/hash/turla-malware-hash.yaml @@ -7,7 +7,7 @@ info: reference: | https://www.govcert.admin.ch/blog/22/technical-report-about-the-ruag-espionage-case https://github.com/Yara-Rules/rules/blob/master/malware/APT_Turla_RUAG.yar - tags: malware,turla,apt,ruag,file + tags: malware,turla,apt,ruag file: - extensions: diff --git a/file/malware/hash/unit78020-malware-hash.yaml b/file/malware/hash/unit78020-malware-hash.yaml index 9c363451721..f59f98e205b 100644 --- a/file/malware/hash/unit78020-malware-hash.yaml +++ b/file/malware/hash/unit78020-malware-hash.yaml @@ -8,7 +8,7 @@ info: reference: | http://threatconnect.com/camerashy/?utm_campaign=CameraShy https://github.com/Yara-Rules/rules/blob/master/malware/APT_Unit78020.yar - tags: malware,unit78020,file + tags: malware,unit78020 file: - extensions: diff --git a/file/malware/hash/upstyle-malware-hash.yaml b/file/malware/hash/upstyle-malware-hash.yaml index 1ed7e94c4a2..2780d52cac9 100644 --- a/file/malware/hash/upstyle-malware-hash.yaml +++ b/file/malware/hash/upstyle-malware-hash.yaml @@ -6,7 +6,7 @@ info: severity: info reference: - https://github.com/volexity/threat-intel/blob/main/2024/2024-04-12%20Palo%20Alto%20Networks%20GlobalProtect/indicators/rules.yar - tags: malware,upstyle,file + tags: malware,upstyle file: - extensions: diff --git a/file/malware/hash/wildneutron-malware-hash.yaml b/file/malware/hash/wildneutron-malware-hash.yaml index fb162426a4e..22b43fefa64 100644 --- a/file/malware/hash/wildneutron-malware-hash.yaml +++ b/file/malware/hash/wildneutron-malware-hash.yaml @@ -8,7 +8,7 @@ info: reference: | - https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/ - https://github.com/Yara-Rules/rules/blob/master/malware/APT_WildNeutron.yar - tags: malware,wildneutron,apt,file + tags: malware,wildneutron,apt file: - extensions: diff --git a/headless/cookie-consent-detection.yaml b/headless/cookie-consent-detection.yaml index 8980f0ced6e..0129181fb3d 100644 --- a/headless/cookie-consent-detection.yaml +++ b/headless/cookie-consent-detection.yaml @@ -1,12 +1,13 @@ id: cookie-consent-detection -info: - name: Cookie Consent Detection - author: rxerium - severity: info - description: | - This template detects the presence of cookie consent forms - tags: headless,cookie,detect +info: + name: Cookie Consent Detection + author: rxerium + severity: info + description: | + This template detects the presence of cookie consent forms + tags: headless,cookie,detect + headless: - steps: - action: navigate diff --git a/headless/cves/2018/CVE-2018-25031.yaml b/headless/cves/2018/CVE-2018-25031.yaml index d5d49dbf746..7947e6fa6c0 100644 --- a/headless/cves/2018/CVE-2018-25031.yaml +++ b/headless/cves/2018/CVE-2018-25031.yaml @@ -19,8 +19,8 @@ info: cvss-score: 4.3 cve-id: CVE-2018-25031 cwe-id: CWE-20 - epss-score: 0.82878 - epss-percentile: 0.99182 + epss-score: 0.00265 + epss-percentile: 0.65516 cpe: cpe:2.3:a:smartbear:swagger_ui:*:*:*:*:*:*:*:* metadata: verified: true @@ -28,10 +28,12 @@ info: vendor: smartbear product: swagger_ui shodan-query: + - http.component:"Swagger" - http.component:"swagger" - http.favicon.hash:"-1180440057" fofa-query: icon_hash="-1180440057" tags: headless,cve,cve2018,swagger,xss,smartbear + headless: - steps: - args: diff --git a/headless/cves/2022/CVE-2022-29455-headless.yaml b/headless/cves/2022/CVE-2022-29455-headless.yaml index cfc9f9b3609..ddf28bc8690 100644 --- a/headless/cves/2022/CVE-2022-29455-headless.yaml +++ b/headless/cves/2022/CVE-2022-29455-headless.yaml @@ -30,10 +30,8 @@ info: vendor: elementor product: website_builder framework: wordpress - publicwww-query: /wp-content/plugins/elementor/ - shodan-query: http.html:"/wp-content/plugins/elementor/" - fofa-query: body=/wp-content/plugins/elementor/ - tags: cve,cve2022,xss,wordpress,elementor,headless + tags: cve,cve2022,xss,wordpress,elementor + headless: - steps: - args: diff --git a/headless/cves/2024/CVE-2024-29882.yaml b/headless/cves/2024/CVE-2024-29882.yaml index 6b234fc69e4..42816573c69 100644 --- a/headless/cves/2024/CVE-2024-29882.yaml +++ b/headless/cves/2024/CVE-2024-29882.yaml @@ -21,9 +21,9 @@ info: max-request: 1 vendor: ossrs product: simple_realtime_server - shodan-query: http.favicon.hash:"1386054408" - fofa-query: icon_hash=1386054408 - tags: cve,cve2023,srs,dom,xss,headless,ossrs + shodan-query: http.favicon.hash:1386054408 + tags: cve,cve2023,srs,dom,xss + headless: - steps: - args: diff --git a/headless/cves/2024/CVE-2024-38526.yaml b/headless/cves/2024/CVE-2024-38526.yaml index 144bee229fc..bbf23e4fec5 100644 --- a/headless/cves/2024/CVE-2024-38526.yaml +++ b/headless/cves/2024/CVE-2024-38526.yaml @@ -20,9 +20,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L cvss-score: 7.2 cve-id: CVE-2024-38526 - epss-score: 0.57702 - epss-percentile: 0.98014 - tags: cve,cve2024,supply-chain,polyfill,headless + epss-score: 0.00045 + epss-percentile: 0.16001 + tags: cve,cve2024,supply-chain,polyfill headless: - steps: - args: diff --git a/headless/cves/2025/CVE-2025-24752.yaml b/headless/cves/2025/CVE-2025-24752.yaml index 341215abb20..3d6e13aeb5c 100644 --- a/headless/cves/2025/CVE-2025-24752.yaml +++ b/headless/cves/2025/CVE-2025-24752.yaml @@ -3,27 +3,19 @@ id: CVE-2025-24752 info: name: Essential Addons for Elementor < 6.0.15 - Cross-Site Scripting author: DhiyaneshDK - severity: high + severity: medium description: | A Cross-Site Scripting (XSS) vulnerability exists in Essential Addons for Elementor Plugin for WordPress versions prior to 6.0.15. The vulnerability allows an attacker to inject malicious JavaScript payloads into web pages by exploiting insufficient input sanitization and output escaping in specific plugin components. reference: - https://www.tenable.com/plugins/was/114609 - https://patchstack.com/articles/reflected-xss-patched-in-essential-addons-for-elementor-affecting-2-million-sites/ - https://github.com/Sachinart/essential-addons-for-elementor-xss-poc/blob/main/poc.py - - https://patchstack.com/database/wordpress/plugin/essential-addons-for-elementor-lite/vulnerability/wordpress-essential-addons-for-elementor-plugin-6-0-14-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve - - https://github.com/GhostTroops/TOP - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L - cvss-score: 7.1 - cve-id: CVE-2025-24752 - cwe-id: CWE-79 - epss-score: 0.03253 - epss-percentile: 0.86503 metadata: verified: true max-request: 1 fofa-query: body="/wp-content/plugins/essential-addons-for-elementor-lite" - tags: cve,cve2025,xss,essential,elementor-lite,headless + tags: cve,cve2025,xss,essential,elementor-lite + variables: random_int: '{{rand_int(1,1000)}}' diff --git a/headless/cves/2025/CVE-2025-25062.yaml b/headless/cves/2025/CVE-2025-25062.yaml index 70869c10a81..6ed88cae06b 100644 --- a/headless/cves/2025/CVE-2025-25062.yaml +++ b/headless/cves/2025/CVE-2025-25062.yaml @@ -22,7 +22,8 @@ info: metadata: max-request: 7 shodan-query: "Backdrop CMS" - tags: cve,cve2025,xss,stored,backdrop,headless,intrusive + tags: cve,cve2025,xss,stored,backdrop,headless + variables: username: "{{username}}" password: "{{password}}" diff --git a/headless/cves/2025/CVE-2025-29927-HEADLESS.yaml b/headless/cves/2025/CVE-2025-29927-HEADLESS.yaml index 060a0f457b8..9137bec08a8 100644 --- a/headless/cves/2025/CVE-2025-29927-HEADLESS.yaml +++ b/headless/cves/2025/CVE-2025-29927-HEADLESS.yaml @@ -19,7 +19,7 @@ info: vendor: vercel product: Next.js framework: node.js - tags: cve,cve2025,headless,nextjs,node.js,vercel + tags: cve,cve2025,headless,nextjs headless: - steps: diff --git a/headless/prototype-pollution-check.yaml b/headless/prototype-pollution-check.yaml index db1d318ac9c..b83ccb727fd 100644 --- a/headless/prototype-pollution-check.yaml +++ b/headless/prototype-pollution-check.yaml @@ -5,9 +5,10 @@ info: author: pdteam severity: medium metadata: - verified: true max-request: 8 + verified: true tags: headless + headless: - steps: - args: diff --git a/http/cnvd/2020/CNVD-2020-63964.yaml b/http/cnvd/2020/CNVD-2020-63964.yaml index 16dc7a99c7a..b3b1d78a103 100644 --- a/http/cnvd/2020/CNVD-2020-63964.yaml +++ b/http/cnvd/2020/CNVD-2020-63964.yaml @@ -14,11 +14,9 @@ info: max-request: 1 vendor: jishenghua product: jsherp - shodan-query: http.favicon.hash:"-1298131932" - fofa-query: - - jsherp-boot - - icon_hash=-1298131932 - tags: cnvd,cnvd2020,jsherp,disclosure,jishenghua + shodan-query: http.favicon.hash:-1298131932 + fofa-query: jshERP-boot + tags: cnvd,cnvd2020,jsherp,disclosure http: - method: GET diff --git a/http/cnvd/2021/CNVD-2021-14536.yaml b/http/cnvd/2021/CNVD-2021-14536.yaml index f94a70e94d1..7512f6be0e7 100644 --- a/http/cnvd/2021/CNVD-2021-14536.yaml +++ b/http/cnvd/2021/CNVD-2021-14536.yaml @@ -14,11 +14,9 @@ info: cpe: cpe:2.3:h:ruijie:rg-uac:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: ruijie + fofa-query: title="RG-UAC登录页面" product: rg-uac - fofa-query: - - title="rg-uac登录页面" - - title="rg-uac登录页面" && body="admin" + vendor: ruijie tags: cnvd2021,cnvd,ruijie,disclosure http: diff --git a/http/cnvd/2021/CNVD-2021-15822.yaml b/http/cnvd/2021/CNVD-2021-15822.yaml index 12a9b5a87a0..c27b7b6da87 100644 --- a/http/cnvd/2021/CNVD-2021-15822.yaml +++ b/http/cnvd/2021/CNVD-2021-15822.yaml @@ -15,11 +15,8 @@ info: max-request: 1 vendor: shopxo product: shopxo - shodan-query: http.title:"shopxo企业级b2c电商系统提供商" - fofa-query: - - app="shopxo企业级b2c电商系统提供商" - - title="shopxo企业级b2c电商系统提供商" - google-query: intitle:"shopxo企业级b2c电商系统提供商" + shodan-query: title:"ShopXO企业级B2C电商系统提供商" + fofa-query: app="ShopXO企业级B2C电商系统提供商" tags: cnvd2021,cnvd,shopxo,lfi http: diff --git a/http/cnvd/2021/CNVD-2021-28277.yaml b/http/cnvd/2021/CNVD-2021-28277.yaml index cd37c88ac5d..73b63209784 100644 --- a/http/cnvd/2021/CNVD-2021-28277.yaml +++ b/http/cnvd/2021/CNVD-2021-28277.yaml @@ -15,12 +15,9 @@ info: cpe: cpe:2.3:a:landray:landray_office_automation:*:*:*:*:*:*:*:* metadata: max-request: 2 - vendor: landray + fofa-query: app="Landray OA system" product: landray_office_automation - fofa-query: - - app="landray oa system" - - app="landray-oa系统" - hunter-query: web.body=="蓝凌软件",web.icon=="302464c3f6207d57240649926cfc7bd4" + vendor: landray tags: cnvd,cnvd2021,landray,lfi http: diff --git a/http/cnvd/2021/CNVD-2021-33202.yaml b/http/cnvd/2021/CNVD-2021-33202.yaml index ca1fdac055e..5a4f66c9a75 100755 --- a/http/cnvd/2021/CNVD-2021-33202.yaml +++ b/http/cnvd/2021/CNVD-2021-33202.yaml @@ -14,13 +14,11 @@ info: metadata: verified: true max-request: 1 - vendor: weaver + fofa-query: app="泛微-协同办公OA" product: e-cology - fofa-query: - - app="泛微-协同办公oa" - - app="泛微-e-weaver" - shodan-query: ecology_jsessionid - tags: cnvd2021,cnvd,e-cology,sqli,weaver + vendor: weaver + tags: cnvd2021,cnvd,e-cology,sqli + variables: num: "999999999" diff --git a/http/cnvd/2021/CNVD-2021-64035.yaml b/http/cnvd/2021/CNVD-2021-64035.yaml index a4e30c9c5b2..7b1d0d5ec76 100644 --- a/http/cnvd/2021/CNVD-2021-64035.yaml +++ b/http/cnvd/2021/CNVD-2021-64035.yaml @@ -13,7 +13,7 @@ info: verified: true max-request: 1 fofa-query: icon_hash="-15980305" - tags: cnvd,lfi,leadsec,vpn,cnvd2021 + tags: cnvd,cnvd2024,lfi,leadsec,vpn http: - raw: diff --git a/http/cnvd/2022/CNVD-2022-42853.yaml b/http/cnvd/2022/CNVD-2022-42853.yaml index 118df2eb597..279472ede20 100644 --- a/http/cnvd/2022/CNVD-2022-42853.yaml +++ b/http/cnvd/2022/CNVD-2022-42853.yaml @@ -17,14 +17,11 @@ info: metadata: verified: true max-request: 1 - vendor: easycorp - product: zentao shodan-query: http.title:"zentao" - fofa-query: - - zentao - - title="zentao" - google-query: intitle:"zentao" - tags: cnvd,cnvd2022,zentao,sqli,easycorp + fofa-query: "Zentao" + product: zentao + vendor: easycorp + tags: cnvd,cnvd2022,zentao,sqli variables: num: "999999999" diff --git a/http/cnvd/2022/CNVD-2022-43245.yaml b/http/cnvd/2022/CNVD-2022-43245.yaml index 6a97d77bc0a..ebdecaf6141 100755 --- a/http/cnvd/2022/CNVD-2022-43245.yaml +++ b/http/cnvd/2022/CNVD-2022-43245.yaml @@ -13,9 +13,7 @@ info: max-request: 1 vendor: weaver product: e-office - fofa-query: - - app="泛微-协同办公oa" - - app="泛微-eoffice" + fofa-query: app="泛微-协同办公OA" tags: cnvd,cnvd2022,weaver,e-office,oa,lfi http: diff --git a/http/cnvd/2023/CNVD-2023-03903.yaml b/http/cnvd/2023/CNVD-2023-03903.yaml index cf7699de7af..4fa53595af7 100644 --- a/http/cnvd/2023/CNVD-2023-03903.yaml +++ b/http/cnvd/2023/CNVD-2023-03903.yaml @@ -14,8 +14,8 @@ info: max-request: 1 vendor: hagzhou-kuozhi-network-technology product: edusoho - fofa-query: title="powered by edusoho" || body="powered by edusoho" || (body="powered by edusoho" && body="var app") - tags: cnvd,cnvd2023,lfi,edushoho,hagzhou-kuozhi-network-technology + fofa-query: title="Powered By EduSoho" || body="Powered by EduSoho" || (body="Powered By EduSoho" && body="var app") + tags: cnvd,cnvd2023,lfi,edushoho http: - raw: diff --git a/http/cnvd/2023/CNVD-2023-72138.yaml b/http/cnvd/2023/CNVD-2023-72138.yaml index 39e3b5923c0..67a02b63218 100644 --- a/http/cnvd/2023/CNVD-2023-72138.yaml +++ b/http/cnvd/2023/CNVD-2023-72138.yaml @@ -9,10 +9,11 @@ info: reference: - https://github.com/wy876/POC/blob/main/LiveGBS%E5%AD%98%E5%9C%A8%E9%80%BB%E8%BE%91%E7%BC%BA%E9%99%B7%E6%BC%8F%E6%B4%9E(CNVD-2023-72138).md metadata: - verified: true max-request: 1 + verified: true fofa-query: icon_hash="-206100324" tags: cnvd,cnvd2023,livegbs,info-leak + variables: user: "{{to_lower(rand_base(5))}}" diff --git a/http/cnvd/2024/CNVD-2024-15077.yaml b/http/cnvd/2024/CNVD-2024-15077.yaml index a03ecef27ab..5c93b5ac4fc 100644 --- a/http/cnvd/2024/CNVD-2024-15077.yaml +++ b/http/cnvd/2024/CNVD-2024-15077.yaml @@ -16,8 +16,8 @@ info: max-request: 1 vendor: anji-plus product: aj-report - fofa-query: title="aj-report" - tags: cnvd,cnvd2024,aj-report,rce,anji-plus + fofa-query: title="AJ-Report" + tags: cnvd,cnvd2024,aj-report,rce http: - raw: diff --git a/http/credential-stuffing/self-hosted/grafana-login-check.yaml b/http/credential-stuffing/self-hosted/grafana-login-check.yaml index 601b7d64768..1ca90e4135c 100644 --- a/http/credential-stuffing/self-hosted/grafana-login-check.yaml +++ b/http/credential-stuffing/self-hosted/grafana-login-check.yaml @@ -11,15 +11,10 @@ info: cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: grafana + shodan-query: title:"Grafana" + fofa-query: title="Grafana" product: grafana - shodan-query: - - http.title:"grafana" - - cpe:"cpe:2.3:a:grafana:grafana" - fofa-query: - - title="grafana" - - app="grafana" - google-query: intitle:"grafana" + vendor: grafana tags: self-hosted,creds-stuffing,login-check,grafana variables: username: "{{username}}" diff --git a/http/cves/2000/CVE-2000-0114.yaml b/http/cves/2000/CVE-2000-0114.yaml index ecfb778db81..4d6116d733f 100644 --- a/http/cves/2000/CVE-2000-0114.yaml +++ b/http/cves/2000/CVE-2000-0114.yaml @@ -19,8 +19,8 @@ info: cvss-score: 5 cve-id: CVE-2000-0114 cwe-id: NVD-CWE-Other - epss-score: 0.03618 - epss-percentile: 0.8722 + epss-score: 0.15958 + epss-percentile: 0.95958 cpe: cpe:2.3:a:microsoft:internet_information_server:3.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2000/CVE-2000-0760.yaml b/http/cves/2000/CVE-2000-0760.yaml index b1d679de635..54efba6d7a0 100644 --- a/http/cves/2000/CVE-2000-0760.yaml +++ b/http/cves/2000/CVE-2000-0760.yaml @@ -3,42 +3,19 @@ id: CVE-2000-0760 info: name: Jakarta Tomcat 3.1 and 3.0 - Exposure author: Thabisocn - severity: medium + severity: low description: | The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension. reference: - https://vulners.com/nessus/TOMCAT_SNOOP.NASL - https://nvd.nist.gov/vuln/detail/CVE-2000-0760 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection - classification: - cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N - cvss-score: 6.4 - cve-id: CVE-2000-0760 - epss-score: 0.53194 - epss-percentile: 0.978 - cpe: cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:* metadata: - verified: true max-request: 1 + verified: true + google-query: site:*/examples/jsp/snp/snoop.jsp vendor: apache product: tomcat - google-query: - - site:*/examples/jsp/snp/snoop.jsp - - intitle:"apache tomcat" - shodan-query: - - cpe:"cpe:2.3:a:apache:tomcat" - - http.component:"apache tomcat" - - http.html:"apache tomcat" - - http.html:"jk status manager" - - http.title:"apache tomcat" - - product:"tomcat" - fofa-query: - - body="apache tomcat" - - body="jk status manager" - - server=="apache tomcat" - - title="apache tomcat" - tags: cve,cve2000,jakarta,tomcat,exposure,info-leak,apache + tags: cve,cve2000,jakarta,tomcat,exposure,info-leak http: - method: GET diff --git a/http/cves/2001/CVE-2001-0537.yaml b/http/cves/2001/CVE-2001-0537.yaml index 5211b4edc27..b9ea0db48bd 100644 --- a/http/cves/2001/CVE-2001-0537.yaml +++ b/http/cves/2001/CVE-2001-0537.yaml @@ -30,7 +30,7 @@ info: vendor: cisco product: ios shodan-query: - - product:"cisco ios http config" && 200 + - product:"Cisco IOS http config" && 200 - product:"cisco ios http config" - cpe:"cpe:2.3:o:cisco:ios" tags: cve,cve2001,cisco,ios,auth-bypass diff --git a/http/cves/2004/CVE-2004-0519.yaml b/http/cves/2004/CVE-2004-0519.yaml index d3ba7c3cc64..6847f09deb9 100644 --- a/http/cves/2004/CVE-2004-0519.yaml +++ b/http/cves/2004/CVE-2004-0519.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.8 cve-id: CVE-2004-0519 cwe-id: NVD-CWE-Other - epss-score: 0.00124 - epss-percentile: 0.32937 + epss-score: 0.02285 + epss-percentile: 0.89406 cpe: cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2005/CVE-2005-3344.yaml b/http/cves/2005/CVE-2005-3344.yaml index dabec2dbb44..159237749d3 100644 --- a/http/cves/2005/CVE-2005-3344.yaml +++ b/http/cves/2005/CVE-2005-3344.yaml @@ -20,8 +20,8 @@ info: cvss-score: 10 cve-id: CVE-2005-3344 cwe-id: NVD-CWE-Other - epss-score: 0.1015 - epss-percentile: 0.92707 + epss-score: 0.01539 + epss-percentile: 0.87085 cpe: cpe:2.3:a:horde:horde:3.0.4:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2005/CVE-2005-3634.yaml b/http/cves/2005/CVE-2005-3634.yaml index 093af3527d4..09761fbc781 100644 --- a/http/cves/2005/CVE-2005-3634.yaml +++ b/http/cves/2005/CVE-2005-3634.yaml @@ -22,14 +22,16 @@ info: cvss-score: 5 cve-id: CVE-2005-3634 cwe-id: NVD-CWE-Other - epss-score: 0.0287 - epss-percentile: 0.85602 + epss-score: 0.02843 + epss-percentile: 0.90695 cpe: cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:* metadata: max-request: 1 vendor: sap product: sap_web_application_server - shodan-query: http.html:"sap business server pages team" + shodan-query: + - html:"SAP Business Server Pages Team" + - http.html:"sap business server pages team" fofa-query: body="sap business server pages team" tags: cve,cve2005,sap,redirect,business,xss diff --git a/http/cves/2006/CVE-2006-1681.yaml b/http/cves/2006/CVE-2006-1681.yaml index cfd50522b43..1bde0c24f9f 100644 --- a/http/cves/2006/CVE-2006-1681.yaml +++ b/http/cves/2006/CVE-2006-1681.yaml @@ -14,20 +14,20 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2006-1681 - https://exchange.xforce.ibmcloud.com/vulnerabilities/25698 - https://security.gentoo.org/glsa/202012-09 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2006-1681 cwe-id: NVD-CWE-Other - epss-score: 0.00286 - epss-percentile: 0.51775 + epss-score: 0.01015 + epss-percentile: 0.82067 cpe: cpe:2.3:a:cherokee:cherokee_httpd:0.1:*:*:*:*:*:*:* metadata: - max-request: 2 + max-request: 1 vendor: cherokee - product: "cherokee_httpd" + product: cherokee_httpd tags: cve,cve2006,cherokee,httpd,xss + flow: http(1) && http(2) http: diff --git a/http/cves/2006/CVE-2006-2842.yaml b/http/cves/2006/CVE-2006-2842.yaml index ce398eff1cf..3a8527c5a8c 100644 --- a/http/cves/2006/CVE-2006-2842.yaml +++ b/http/cves/2006/CVE-2006-2842.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2006-2842 cwe-id: CWE-22 - epss-score: 0.00909 - epss-percentile: 0.7465 + epss-score: 0.28102 + epss-percentile: 0.96839 cpe: cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2007/CVE-2007-2449.yaml b/http/cves/2007/CVE-2007-2449.yaml index 7555592324f..34d58e6a8b9 100644 --- a/http/cves/2007/CVE-2007-2449.yaml +++ b/http/cves/2007/CVE-2007-2449.yaml @@ -9,37 +9,14 @@ info: reference: - https://vulners.com/securityvulns/SECURITYVULNS:DOC:17267 - https://nvd.nist.gov/vuln/detail/CVE-2007-2449 - - http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx - - http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 - - http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html classification: - cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N - cvss-score: 4.3 - cve-id: CVE-2007-2449 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N + cvss-score: 7.2 cwe-id: CWE-79 - epss-score: 0.89189 - epss-percentile: 0.99498 - cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 1 - vendor: apache - product: tomcat - shodan-query: - - http.title:"apache tomcat" - - cpe:"cpe:2.3:a:apache:tomcat" - - http.component:"apache tomcat" - - http.html:"apache tomcat" - - http.html:"jk status manager" - - product:"tomcat" - fofa-query: - - body="apache tomcat" - - body="jk status manager" - - server=="apache tomcat" - - title="apache tomcat" - google-query: - - intitle:"apache tomcat" - - site:*/examples/jsp/snp/snoop.jsp + verified: true + shodan-query: title:"Apache Tomcat" tags: cve,cve2007,apache,misconfig,tomcat,xss http: diff --git a/http/cves/2007/CVE-2007-3010.yaml b/http/cves/2007/CVE-2007-3010.yaml index 50b41c3e988..77f46f74c8f 100644 --- a/http/cves/2007/CVE-2007-3010.yaml +++ b/http/cves/2007/CVE-2007-3010.yaml @@ -17,18 +17,18 @@ info: - http://www.vupen.com/english/advisories/2007/3185 - http://www1.alcatel-lucent.com/psirt/statements/2007002/OXEUMT.htm classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C + cvss-score: 10 cve-id: CVE-2007-3010 cwe-id: CWE-20 - epss-score: 0.94246 - epss-percentile: 0.99917 - cpe: cpe:2.3:a:al-enterprise:omnipcx_enterprise_communication_server:*:*:*:*:*:*:*:* + epss-score: 0.97313 + epss-percentile: 0.99874 + cpe: cpe:2.3:a:alcatel-lucent:omnipcx:7.1:*:enterprise:*:*:*:*:* metadata: verified: true max-request: 1 - vendor: al-enterprise - product: omnipcx_enterprise_communication_server + vendor: alcatel-lucent + product: omnipcx shodan-query: - title:"OmniPCX for Enterprise" - http.title:"omnipcx for enterprise" diff --git a/http/cves/2007/CVE-2007-4504.yaml b/http/cves/2007/CVE-2007-4504.yaml index 797a2acc207..737079b48d6 100644 --- a/http/cves/2007/CVE-2007-4504.yaml +++ b/http/cves/2007/CVE-2007-4504.yaml @@ -19,8 +19,8 @@ info: cvss-score: 5 cve-id: CVE-2007-4504 cwe-id: CWE-22 - epss-score: 0.00065 - epss-percentile: 0.20643 + epss-score: 0.02171 + epss-percentile: 0.89338 cpe: cpe:2.3:a:joomla:rsfiles:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2007/CVE-2007-5728.yaml b/http/cves/2007/CVE-2007-5728.yaml index 58ddb518a37..102f6a81838 100644 --- a/http/cves/2007/CVE-2007-5728.yaml +++ b/http/cves/2007/CVE-2007-5728.yaml @@ -28,7 +28,8 @@ info: vendor: phppgadmin product: phppgadmin shodan-query: - - http.title:"phppgadmin" + - http.title:"phpPgAdmin" + - http.title:phppgadmin - cpe:"cpe:2.3:a:phppgadmin_project:phppgadmin" fofa-query: title=phppgadmin google-query: intitle:phppgadmin diff --git a/http/cves/2008/CVE-2008-1061.yaml b/http/cves/2008/CVE-2008-1061.yaml index 78ac316f522..84d1921b404 100644 --- a/http/cves/2008/CVE-2008-1061.yaml +++ b/http/cves/2008/CVE-2008-1061.yaml @@ -21,8 +21,8 @@ info: cvss-score: 4.3 cve-id: CVE-2008-1061 cwe-id: CWE-79 - epss-score: 0.00155 - epss-percentile: 0.37369 + epss-score: 0.00663 + epss-percentile: 0.7961 cpe: cpe:2.3:a:wordpress:sniplets_plugin:1.1.2:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2008/CVE-2008-1547.yaml b/http/cves/2008/CVE-2008-1547.yaml index afea46ed1b0..0802b7349d5 100644 --- a/http/cves/2008/CVE-2008-1547.yaml +++ b/http/cves/2008/CVE-2008-1547.yaml @@ -29,18 +29,14 @@ info: vendor: microsoft product: exchange_server shodan-query: + - http.title:"Outlook" + - http.favicon.hash:1768726119 - http.title:"outlook" - - http.favicon.hash:"1768726119" - cpe:"cpe:2.3:a:microsoft:exchange_server" - - http.title:"outlook exchange" - - vuln:"cve-2021-26855" fofa-query: - title="outlook" - icon_hash=1768726119 - - title=outlook exchange - google-query: - - intitle:"outlook" - - intitle:outlook exchange + google-query: intitle:"outlook" tags: cve2008,cve,redirect,owa,exchange,microsoft http: diff --git a/http/cves/2008/CVE-2008-2398.yaml b/http/cves/2008/CVE-2008-2398.yaml index 9b0f4532acd..ed9c4034e00 100644 --- a/http/cves/2008/CVE-2008-2398.yaml +++ b/http/cves/2008/CVE-2008-2398.yaml @@ -13,15 +13,13 @@ info: - https://exchange.xforce.ibmcloud.com/vulnerabilities/42546 - http://securityreason.com/securityalert/3896 - https://nvd.nist.gov/vuln/detail/CVE-2008-2398 - - https://github.com/Elsfa7-110/kenzer-templates - - https://github.com/gnarkill78/CSA_S2_2024 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2008-2398 cwe-id: CWE-79 - epss-score: 0.00764 - epss-percentile: 0.72244 + epss-score: 0.00329 + epss-percentile: 0.67909 cpe: cpe:2.3:a:appserv_open_project:appserv:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2008/CVE-2008-5587.yaml b/http/cves/2008/CVE-2008-5587.yaml index a79f97dc41d..624272c0026 100644 --- a/http/cves/2008/CVE-2008-5587.yaml +++ b/http/cves/2008/CVE-2008-5587.yaml @@ -20,15 +20,16 @@ info: cvss-score: 4.3 cve-id: CVE-2008-5587 cwe-id: CWE-22 - epss-score: 0.02751 - epss-percentile: 0.85271 + epss-score: 0.02331 + epss-percentile: 0.89734 cpe: cpe:2.3:a:phppgadmin:phppgadmin:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: phppgadmin product: phppgadmin shodan-query: - - http.title:"phppgadmin" + - http.title:"phpPgAdmin" + - http.title:phppgadmin - cpe:"cpe:2.3:a:phppgadmin_project:phppgadmin" fofa-query: title=phppgadmin google-query: intitle:phppgadmin diff --git a/http/cves/2008/CVE-2008-6172.yaml b/http/cves/2008/CVE-2008-6172.yaml index 8d4a2fee864..ff8bf059a74 100644 --- a/http/cves/2008/CVE-2008-6172.yaml +++ b/http/cves/2008/CVE-2008-6172.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2008-6172 - https://exchange.xforce.ibmcloud.com/vulnerabilities/46081 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2008-6172 cwe-id: CWE-22 - epss-score: 0.07294 - epss-percentile: 0.91162 + epss-score: 0.00509 + epss-percentile: 0.76498 cpe: cpe:2.3:a:weberr:rwcards:3.0.11:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2008/CVE-2008-6222.yaml b/http/cves/2008/CVE-2008-6222.yaml index 01b703007a9..77613b6a7f9 100644 --- a/http/cves/2008/CVE-2008-6222.yaml +++ b/http/cves/2008/CVE-2008-6222.yaml @@ -19,8 +19,8 @@ info: cvss-score: 5 cve-id: CVE-2008-6222 cwe-id: CWE-22 - epss-score: 0.03499 - epss-percentile: 0.8701 + epss-score: 0.01302 + epss-percentile: 0.85861 cpe: cpe:2.3:a:joomlashowroom:pro_desk_support_center:1.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2008/CVE-2008-6465.yaml b/http/cves/2008/CVE-2008-6465.yaml index 0aec36c3ec6..fe760e6c060 100644 --- a/http/cves/2008/CVE-2008-6465.yaml +++ b/http/cves/2008/CVE-2008-6465.yaml @@ -21,8 +21,8 @@ info: cvss-score: 4.3 cve-id: CVE-2008-6465 cwe-id: CWE-79 - epss-score: 0.01157 - epss-percentile: 0.77504 + epss-score: 0.00421 + epss-percentile: 0.73765 cpe: cpe:2.3:a:parallels:h-sphere:3.0.0:p9:*:*:*:*:*:* metadata: verified: true @@ -30,7 +30,7 @@ info: vendor: parallels product: h-sphere shodan-query: - - http.title:"parallels h-sphere + - title:"Parallels H-Sphere - http.title:"h-sphere" - http.title:"parallels h-sphere" fofa-query: diff --git a/http/cves/2008/CVE-2008-6668.yaml b/http/cves/2008/CVE-2008-6668.yaml index f576f3a4755..bdfa298a823 100644 --- a/http/cves/2008/CVE-2008-6668.yaml +++ b/http/cves/2008/CVE-2008-6668.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5 cve-id: CVE-2008-6668 cwe-id: CWE-22 - epss-score: 0.01077 - epss-percentile: 0.7671 + epss-score: 0.00359 + epss-percentile: 0.72128 cpe: cpe:2.3:a:dirk_bartley:nweb2fax:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2008/CVE-2008-7269.yaml b/http/cves/2008/CVE-2008-7269.yaml index ef01cece9f5..8ce626afd55 100644 --- a/http/cves/2008/CVE-2008-7269.yaml +++ b/http/cves/2008/CVE-2008-7269.yaml @@ -12,21 +12,22 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2008-7269 - https://www.exploit-db.com/exploits/6823 - https://github.com/tr3ss/newclei - - https://github.com/dearestdoe/newclei classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:P cvss-score: 5.8 cve-id: CVE-2008-7269 cwe-id: CWE-20 - epss-score: 0.00653 - epss-percentile: 0.6978 + epss-score: 0.01544 + epss-percentile: 0.87118 cpe: cpe:2.3:a:boka:siteengine:5.0:*:*:*:*:*:*:* metadata: verified: "true" max-request: 1 vendor: boka product: siteengine - shodan-query: http.html:"siteengine" + shodan-query: + - html:"SiteEngine" + - http.html:"siteengine" fofa-query: body="siteengine" tags: cve,cve2008,redirect,siteengine,boka diff --git a/http/cves/2009/CVE-2009-0347.yaml b/http/cves/2009/CVE-2009-0347.yaml index ef3f5963b53..9b38ce8a1c8 100644 --- a/http/cves/2009/CVE-2009-0347.yaml +++ b/http/cves/2009/CVE-2009-0347.yaml @@ -21,8 +21,8 @@ info: cvss-score: 5.8 cve-id: CVE-2009-0347 cwe-id: CWE-59 - epss-score: 0.00975 - epss-percentile: 0.75566 + epss-score: 0.10607 + epss-percentile: 0.94532 cpe: cpe:2.3:a:autonomy:ultraseek:_nil_:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2009/CVE-2009-0932.yaml b/http/cves/2009/CVE-2009-0932.yaml index f13557aee30..7e77043982f 100644 --- a/http/cves/2009/CVE-2009-0932.yaml +++ b/http/cves/2009/CVE-2009-0932.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.4 cve-id: CVE-2009-0932 cwe-id: CWE-22 - epss-score: 0.05612 - epss-percentile: 0.89839 + epss-score: 0.04048 + epss-percentile: 0.92091 cpe: cpe:2.3:a:debian:horde:3.2:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2009/CVE-2009-1151.yaml b/http/cves/2009/CVE-2009-1151.yaml index b0a0260e95b..878cc706212 100644 --- a/http/cves/2009/CVE-2009-1151.yaml +++ b/http/cves/2009/CVE-2009-1151.yaml @@ -3,7 +3,7 @@ id: CVE-2009-1151 info: name: PhpMyAdmin Scripts - Remote Code Execution author: princechaddha - severity: critical + severity: high description: PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code. impact: | Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the affected system. @@ -16,12 +16,12 @@ info: - http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php - https://nvd.nist.gov/vuln/detail/CVE-2009-1151 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2009-1151 cwe-id: CWE-94 - epss-score: 0.9316 - epss-percentile: 0.99781 + epss-score: 0.79939 + epss-percentile: 0.983 cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:* metadata: max-request: 1 @@ -31,13 +31,9 @@ info: - http.title:"phpmyadmin" - http.component:"phpmyadmin" - cpe:"cpe:2.3:a:phpmyadmin:phpmyadmin" - - http.html:"phpmyadmin" - - http.html:"server_databases.php" fofa-query: - title="phpmyadmin" - body="pma_servername" && body="4.8.4" - - body="phpmyadmin" - - body="server_databases.php" google-query: intitle:"phpmyadmin" hunter-query: app.name="phpmyadmin"&&web.body="pma_servername"&&web.body="4.8.4" tags: cve,cve2009,deserialization,kev,vulhub,phpmyadmin,rce diff --git a/http/cves/2009/CVE-2009-1558.yaml b/http/cves/2009/CVE-2009-1558.yaml index 99e3dbc1fbc..e87f8e0f4f4 100644 --- a/http/cves/2009/CVE-2009-1558.yaml +++ b/http/cves/2009/CVE-2009-1558.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.8 cve-id: CVE-2009-1558 cwe-id: CWE-22 - epss-score: 0.09101 - epss-percentile: 0.92218 + epss-score: 0.01101 + epss-percentile: 0.84137 cpe: cpe:2.3:h:cisco:wvc54gca:1.00r22:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2009/CVE-2009-1872.yaml b/http/cves/2009/CVE-2009-1872.yaml index 997117268ad..ef2853ca3a2 100644 --- a/http/cves/2009/CVE-2009-1872.yaml +++ b/http/cves/2009/CVE-2009-1872.yaml @@ -20,8 +20,8 @@ info: cvss-score: 4.3 cve-id: CVE-2009-1872 cwe-id: CWE-79 - epss-score: 0.153 - epss-percentile: 0.94258 + epss-score: 0.37553 + epss-percentile: 0.97102 cpe: cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:* metadata: verified: true @@ -29,6 +29,7 @@ info: vendor: adobe product: coldfusion shodan-query: + - http.component:"Adobe ColdFusion" - http.component:"adobe coldfusion" - http.title:"coldfusion administrator login" - cpe:"cpe:2.3:a:adobe:coldfusion" diff --git a/http/cves/2009/CVE-2009-2015.yaml b/http/cves/2009/CVE-2009-2015.yaml index c00765f9939..58fd9cfdc64 100644 --- a/http/cves/2009/CVE-2009-2015.yaml +++ b/http/cves/2009/CVE-2009-2015.yaml @@ -14,14 +14,13 @@ info: - http://www.vupen.com/english/advisories/2009/1530 - https://nvd.nist.gov/vuln/detail/CVE-2009-2015 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2009-2015 cwe-id: CWE-22 - epss-score: 0.01674 - epss-percentile: 0.81203 + epss-score: 0.01197 + epss-percentile: 0.84862 cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2009/CVE-2009-2100.yaml b/http/cves/2009/CVE-2009-2100.yaml index 15283b7b578..29eed113822 100644 --- a/http/cves/2009/CVE-2009-2100.yaml +++ b/http/cves/2009/CVE-2009-2100.yaml @@ -13,14 +13,13 @@ info: - https://www.exploit-db.com/exploits/8946 - https://nvd.nist.gov/vuln/detail/CVE-2009-2100 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2009-2100 cwe-id: CWE-22 - epss-score: 0.01877 - epss-percentile: 0.82206 + epss-score: 0.02365 + epss-percentile: 0.89809 cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2009/CVE-2009-3053.yaml b/http/cves/2009/CVE-2009-3053.yaml index 019ce663c16..5c7e742a8db 100644 --- a/http/cves/2009/CVE-2009-3053.yaml +++ b/http/cves/2009/CVE-2009-3053.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.8 cve-id: CVE-2009-3053 cwe-id: CWE-22 - epss-score: 0.06716 - epss-percentile: 0.90755 + epss-score: 0.00447 + epss-percentile: 0.74489 cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2009/CVE-2009-3318.yaml b/http/cves/2009/CVE-2009-3318.yaml index c3487f5f98d..15e0d39bbd5 100644 --- a/http/cves/2009/CVE-2009-3318.yaml +++ b/http/cves/2009/CVE-2009-3318.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2009-3318 - http://www.exploit-db.com/exploits/9706 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2009-3318 cwe-id: CWE-22 - epss-score: 0.04657 - epss-percentile: 0.88757 + epss-score: 0.01062 + epss-percentile: 0.84107 cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2009/CVE-2009-4202.yaml b/http/cves/2009/CVE-2009-4202.yaml index 4517c48fd9e..c9f2411d59e 100644 --- a/http/cves/2009/CVE-2009-4202.yaml +++ b/http/cves/2009/CVE-2009-4202.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2009-4202 cwe-id: CWE-22 - epss-score: 0.0648 - epss-percentile: 0.90576 + epss-score: 0.01917 + epss-percentile: 0.88567 cpe: cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2009/CVE-2009-5020.yaml b/http/cves/2009/CVE-2009-5020.yaml index cfa0221d23f..642e32737c4 100644 --- a/http/cves/2009/CVE-2009-5020.yaml +++ b/http/cves/2009/CVE-2009-5020.yaml @@ -12,14 +12,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2009-5020 - http://awstats.sourceforge.net/docs/awstats_changelog.txt - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:P cvss-score: 5.8 cve-id: CVE-2009-5020 cwe-id: CWE-20 - epss-score: 0.01389 - epss-percentile: 0.79385 + epss-score: 0.00253 + epss-percentile: 0.65112 cpe: cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2009/CVE-2009-5114.yaml b/http/cves/2009/CVE-2009-5114.yaml index edba9e0cbed..f1cf59d6e8e 100644 --- a/http/cves/2009/CVE-2009-5114.yaml +++ b/http/cves/2009/CVE-2009-5114.yaml @@ -19,8 +19,8 @@ info: cvss-score: 5 cve-id: CVE-2009-5114 cwe-id: CWE-22 - epss-score: 0.32374 - epss-percentile: 0.96592 + epss-score: 0.01077 + epss-percentile: 0.84241 cpe: cpe:2.3:a:iwork:webglimpse:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-0157.yaml b/http/cves/2010/CVE-2010-0157.yaml index 668e2dd61cf..52d79321e64 100644 --- a/http/cves/2010/CVE-2010-0157.yaml +++ b/http/cves/2010/CVE-2010-0157.yaml @@ -13,14 +13,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-0157 - http://packetstormsecurity.org/1001-exploits/joomlabiblestudy-lfi.txt - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-0157 cwe-id: CWE-22 - epss-score: 0.03683 - epss-percentile: 0.87336 + epss-score: 0.23423 + epss-percentile: 0.96555 cpe: cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-0219.yaml b/http/cves/2010/CVE-2010-0219.yaml index 8fbbaa5c587..9eb9c3c92a6 100644 --- a/http/cves/2010/CVE-2010-0219.yaml +++ b/http/cves/2010/CVE-2010-0219.yaml @@ -27,7 +27,9 @@ info: max-request: 2 vendor: apache product: axis2 - shodan-query: http.html:"apache axis" + shodan-query: + - http.html:"Apache Axis" + - http.html:"apache axis" fofa-query: body="apache axis" tags: cve,cve2010,axis,apache,default-login,axis2 diff --git a/http/cves/2010/CVE-2010-0759.yaml b/http/cves/2010/CVE-2010-0759.yaml index 7fe8d26e624..17414932547 100644 --- a/http/cves/2010/CVE-2010-0759.yaml +++ b/http/cves/2010/CVE-2010-0759.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.5 cve-id: CVE-2010-0759 cwe-id: CWE-22 - epss-score: 0.03967 - epss-percentile: 0.87807 + epss-score: 0.01569 + epss-percentile: 0.87232 cpe: cpe:2.3:a:greatjoomla:scriptegrator_plugin:1.4.1:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-0942.yaml b/http/cves/2010/CVE-2010-0942.yaml index ddb64671abc..50016315dcd 100644 --- a/http/cves/2010/CVE-2010-0942.yaml +++ b/http/cves/2010/CVE-2010-0942.yaml @@ -19,8 +19,8 @@ info: cvss-score: 5 cve-id: CVE-2010-0942 cwe-id: CWE-22 - epss-score: 0.01875 - epss-percentile: 0.82198 + epss-score: 0.00477 + epss-percentile: 0.75733 cpe: cpe:2.3:a:jvideodirect:com_jvideodirect:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-0943.yaml b/http/cves/2010/CVE-2010-0943.yaml index 82c2e93edbe..bf5e959c217 100644 --- a/http/cves/2010/CVE-2010-0943.yaml +++ b/http/cves/2010/CVE-2010-0943.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-0943 - https://exchange.xforce.ibmcloud.com/vulnerabilities/55512 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-0943 cwe-id: CWE-22 - epss-score: 0.01026 - epss-percentile: 0.76166 + epss-score: 0.01155 + epss-percentile: 0.83338 cpe: cpe:2.3:a:joomlart:com_jashowcase:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-0944.yaml b/http/cves/2010/CVE-2010-0944.yaml index c0131c74f82..ebff3fb2c2c 100644 --- a/http/cves/2010/CVE-2010-0944.yaml +++ b/http/cves/2010/CVE-2010-0944.yaml @@ -19,8 +19,8 @@ info: cvss-score: 5 cve-id: CVE-2010-0944 cwe-id: CWE-22 - epss-score: 0.00796 - epss-percentile: 0.72848 + epss-score: 0.00477 + epss-percentile: 0.75733 cpe: cpe:2.3:a:thorsten_riess:com_jcollection:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-0972.yaml b/http/cves/2010/CVE-2010-0972.yaml index fd158843df7..3b330254b36 100644 --- a/http/cves/2010/CVE-2010-0972.yaml +++ b/http/cves/2010/CVE-2010-0972.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.5 cve-id: CVE-2010-0972 cwe-id: CWE-22 - epss-score: 0.03709 - epss-percentile: 0.87379 + epss-score: 0.00813 + epss-percentile: 0.81755 cpe: cpe:2.3:a:g4j.laoneo:com_gcalendar:2.1.5:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-0985.yaml b/http/cves/2010/CVE-2010-0985.yaml index c7f1f110a09..bf706713e1f 100644 --- a/http/cves/2010/CVE-2010-0985.yaml +++ b/http/cves/2010/CVE-2010-0985.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.5 cve-id: CVE-2010-0985 cwe-id: CWE-22 - epss-score: 0.02961 - epss-percentile: 0.85817 + epss-score: 0.01222 + epss-percentile: 0.85327 cpe: cpe:2.3:a:chris_simon:com_abbrev:1.1:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1056.yaml b/http/cves/2010/CVE-2010-1056.yaml index 71a581ff8da..4eb05f4099e 100644 --- a/http/cves/2010/CVE-2010-1056.yaml +++ b/http/cves/2010/CVE-2010-1056.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.8 cve-id: CVE-2010-1056 cwe-id: CWE-22 - epss-score: 0.06367 - epss-percentile: 0.90487 + epss-score: 0.06484 + epss-percentile: 0.93567 cpe: cpe:2.3:a:rockettheme:com_rokdownloads:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1219.yaml b/http/cves/2010/CVE-2010-1219.yaml index cadc24375e0..6479887dcaa 100644 --- a/http/cves/2010/CVE-2010-1219.yaml +++ b/http/cves/2010/CVE-2010-1219.yaml @@ -13,14 +13,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-1219 - https://exchange.xforce.ibmcloud.com/vulnerabilities/56901 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1219 cwe-id: CWE-22 - epss-score: 0.06191 - epss-percentile: 0.90347 + epss-score: 0.00813 + epss-percentile: 0.81755 cpe: cpe:2.3:a:com_janews:com_janews:1.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1304.yaml b/http/cves/2010/CVE-2010-1304.yaml index 0b498128486..0f4effc2a94 100644 --- a/http/cves/2010/CVE-2010-1304.yaml +++ b/http/cves/2010/CVE-2010-1304.yaml @@ -17,8 +17,8 @@ info: cvss-score: 5 cve-id: CVE-2010-1304 cwe-id: CWE-22 - epss-score: 0.01644 - epss-percentile: 0.81041 + epss-score: 0.0045 + epss-percentile: 0.74575 cpe: cpe:2.3:a:joomlamo:com_userstatus:1.21.16:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1305.yaml b/http/cves/2010/CVE-2010-1305.yaml index efe7dc0f834..e1e34b33cdc 100644 --- a/http/cves/2010/CVE-2010-1305.yaml +++ b/http/cves/2010/CVE-2010-1305.yaml @@ -19,8 +19,8 @@ info: cvss-score: 5 cve-id: CVE-2010-1305 cwe-id: CWE-22 - epss-score: 0.07358 - epss-percentile: 0.91213 + epss-score: 0.03203 + epss-percentile: 0.91191 cpe: cpe:2.3:a:joomlamo:com_jinventory:1.23.02:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1306.yaml b/http/cves/2010/CVE-2010-1306.yaml index b3c2c9d2828..ce1421519bc 100644 --- a/http/cves/2010/CVE-2010-1306.yaml +++ b/http/cves/2010/CVE-2010-1306.yaml @@ -13,14 +13,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-1306 - https://exchange.xforce.ibmcloud.com/vulnerabilities/57508 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1306 cwe-id: CWE-22 - epss-score: 0.02656 - epss-percentile: 0.85032 + epss-score: 0.01242 + epss-percentile: 0.85468 cpe: cpe:2.3:a:roberto_aloi:com_joomlapicasa2:2.0.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1308.yaml b/http/cves/2010/CVE-2010-1308.yaml index 7f2daa3ba64..fe334d6328a 100644 --- a/http/cves/2010/CVE-2010-1308.yaml +++ b/http/cves/2010/CVE-2010-1308.yaml @@ -13,14 +13,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-1308 - http://www.vupen.com/english/advisories/2010/0809 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1308 cwe-id: CWE-22 - epss-score: 0.08228 - epss-percentile: 0.91758 + epss-score: 0.01334 + epss-percentile: 0.86023 cpe: cpe:2.3:a:la-souris-verte:com_svmap:1.1.1:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1313.yaml b/http/cves/2010/CVE-2010-1313.yaml index 82ea324d7a1..35fdc92f158 100644 --- a/http/cves/2010/CVE-2010-1313.yaml +++ b/http/cves/2010/CVE-2010-1313.yaml @@ -13,14 +13,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-1313 - http://www.exploit-db.com/exploits/12082 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N cvss-score: 4.3 cve-id: CVE-2010-1313 cwe-id: CWE-22 - epss-score: 0.02581 - epss-percentile: 0.84804 + epss-score: 0.0045 + epss-percentile: 0.75061 cpe: cpe:2.3:a:seber:com_sebercart:1.0.0.12:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1315.yaml b/http/cves/2010/CVE-2010-1315.yaml index f62dc881e10..dfb60cbce3d 100644 --- a/http/cves/2010/CVE-2010-1315.yaml +++ b/http/cves/2010/CVE-2010-1315.yaml @@ -19,8 +19,8 @@ info: cvss-score: 5 cve-id: CVE-2010-1315 cwe-id: CWE-22 - epss-score: 0.02971 - epss-percentile: 0.85839 + epss-score: 0.0087 + epss-percentile: 0.82023 cpe: cpe:2.3:a:joomlamo:com_weberpcustomer:1.2.1:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1352.yaml b/http/cves/2010/CVE-2010-1352.yaml index 543a8e144e9..8791cec9032 100644 --- a/http/cves/2010/CVE-2010-1352.yaml +++ b/http/cves/2010/CVE-2010-1352.yaml @@ -13,14 +13,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-1352 - http://packetstormsecurity.org/1004-exploits/joomlajukebox-lfi.txt - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1352 cwe-id: CWE-22 - epss-score: 0.02837 - epss-percentile: 0.85514 + epss-score: 0.00477 + epss-percentile: 0.75733 cpe: cpe:2.3:a:jooforge:com_jukebox:1.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1353.yaml b/http/cves/2010/CVE-2010-1353.yaml index 31a36d4262d..7e262746dd9 100644 --- a/http/cves/2010/CVE-2010-1353.yaml +++ b/http/cves/2010/CVE-2010-1353.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5 cve-id: CVE-2010-1353 cwe-id: CWE-22 - epss-score: 0.01291 - epss-percentile: 0.78645 + epss-score: 0.01751 + epss-percentile: 0.87931 cpe: cpe:2.3:a:wowjoomla:com_loginbox:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1354.yaml b/http/cves/2010/CVE-2010-1354.yaml index 955d1c8edf6..aaa4132e9ea 100644 --- a/http/cves/2010/CVE-2010-1354.yaml +++ b/http/cves/2010/CVE-2010-1354.yaml @@ -19,8 +19,8 @@ info: cvss-score: 5 cve-id: CVE-2010-1354 cwe-id: CWE-22 - epss-score: 0.02911 - epss-percentile: 0.85702 + epss-score: 0.00477 + epss-percentile: 0.75733 cpe: cpe:2.3:a:ternaria:com_vjdeo:1.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1429.yaml b/http/cves/2010/CVE-2010-1429.yaml index 1db7e8753c4..2a2c8a222b3 100644 --- a/http/cves/2010/CVE-2010-1429.yaml +++ b/http/cves/2010/CVE-2010-1429.yaml @@ -21,8 +21,8 @@ info: cvss-score: 5 cve-id: CVE-2010-1429 cwe-id: CWE-264 - epss-score: 0.21185 - epss-percentile: 0.95328 + epss-score: 0.00573 + epss-percentile: 0.77469 cpe: cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp08:*:*:*:*:*:* metadata: verified: true @@ -30,12 +30,11 @@ info: vendor: redhat product: jboss_enterprise_application_platform shodan-query: - - http.title:"jboss" + - title:"JBoss" - cpe:"cpe:2.3:a:redhat:jboss_enterprise_application_platform" + - http.title:"jboss" fofa-query: title="jboss" - google-query: - - intitle:"jboss" - - inurl:/web-console/serverinfo.jsp | inurl:/status?full=true + google-query: intitle:"jboss" tags: cve2010,cve,jboss,eap,tomcat,exposure,redhat http: diff --git a/http/cves/2010/CVE-2010-1469.yaml b/http/cves/2010/CVE-2010-1469.yaml index d0ced6add39..59b98818395 100644 --- a/http/cves/2010/CVE-2010-1469.yaml +++ b/http/cves/2010/CVE-2010-1469.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.8 cve-id: CVE-2010-1469 cwe-id: CWE-22 - epss-score: 0.04188 - epss-percentile: 0.88141 + epss-score: 0.00813 + epss-percentile: 0.81755 cpe: cpe:2.3:a:ternaria:com_jprojectmanager:1.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1470.yaml b/http/cves/2010/CVE-2010-1470.yaml index a4e63689653..898068b15bc 100644 --- a/http/cves/2010/CVE-2010-1470.yaml +++ b/http/cves/2010/CVE-2010-1470.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.5 cve-id: CVE-2010-1470 cwe-id: CWE-22 - epss-score: 0.0963 - epss-percentile: 0.92461 + epss-score: 0.04616 + epss-percentile: 0.92547 cpe: cpe:2.3:a:dev.pucit.edu.pk:com_webtv:1.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1471.yaml b/http/cves/2010/CVE-2010-1471.yaml index bf3fb24965d..3b584a007b0 100644 --- a/http/cves/2010/CVE-2010-1471.yaml +++ b/http/cves/2010/CVE-2010-1471.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-1471 - http://www.vupen.com/english/advisories/2010/0862 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1471 cwe-id: CWE-22 - epss-score: 0.19714 - epss-percentile: 0.9511 + epss-score: 0.05684 + epss-percentile: 0.93322 cpe: cpe:2.3:a:b-elektro:com_addressbook:1.5.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1473.yaml b/http/cves/2010/CVE-2010-1473.yaml index 81e0a891417..904ad9db7a9 100644 --- a/http/cves/2010/CVE-2010-1473.yaml +++ b/http/cves/2010/CVE-2010-1473.yaml @@ -13,14 +13,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-1473 - http://packetstormsecurity.org/1004-exploits/joomlaeasyadbanner-lfi.txt - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1473 cwe-id: CWE-22 - epss-score: 0.02925 - epss-percentile: 0.85743 + epss-score: 0.00826 + epss-percentile: 0.8192 cpe: cpe:2.3:a:johnmccollum:com_advertising:0.25:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1475.yaml b/http/cves/2010/CVE-2010-1475.yaml index 41718833b2b..cee8666479f 100644 --- a/http/cves/2010/CVE-2010-1475.yaml +++ b/http/cves/2010/CVE-2010-1475.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.8 cve-id: CVE-2010-1475 cwe-id: CWE-22 - epss-score: 0.0244 - epss-percentile: 0.84359 + epss-score: 0.01242 + epss-percentile: 0.85468 cpe: cpe:2.3:a:ternaria:com_preventive:1.0.5:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1491.yaml b/http/cves/2010/CVE-2010-1491.yaml index 927233ce1de..60788df8aa7 100644 --- a/http/cves/2010/CVE-2010-1491.yaml +++ b/http/cves/2010/CVE-2010-1491.yaml @@ -19,8 +19,8 @@ info: cvss-score: 5 cve-id: CVE-2010-1491 cwe-id: CWE-22 - epss-score: 0.02837 - epss-percentile: 0.85514 + epss-score: 0.00477 + epss-percentile: 0.75244 cpe: cpe:2.3:a:mms.pipp:com_mmsblog:2.3.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1494.yaml b/http/cves/2010/CVE-2010-1494.yaml index 8a723a86a65..0c4c1611ca9 100644 --- a/http/cves/2010/CVE-2010-1494.yaml +++ b/http/cves/2010/CVE-2010-1494.yaml @@ -19,8 +19,8 @@ info: cvss-score: 5 cve-id: CVE-2010-1494 cwe-id: CWE-22 - epss-score: 0.04579 - epss-percentile: 0.88646 + epss-score: 0.01827 + epss-percentile: 0.88212 cpe: cpe:2.3:a:awdsolution:com_awdwall:1.5.4:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1531.yaml b/http/cves/2010/CVE-2010-1531.yaml index f431de9b0e0..1c34b017adb 100644 --- a/http/cves/2010/CVE-2010-1531.yaml +++ b/http/cves/2010/CVE-2010-1531.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.5 cve-id: CVE-2010-1531 cwe-id: CWE-22 - epss-score: 0.03331 - epss-percentile: 0.8667 + epss-score: 0.01815 + epss-percentile: 0.88163 cpe: cpe:2.3:a:redcomponent:com_redshop:1.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1532.yaml b/http/cves/2010/CVE-2010-1532.yaml index d04f920b9fa..8069adab654 100644 --- a/http/cves/2010/CVE-2010-1532.yaml +++ b/http/cves/2010/CVE-2010-1532.yaml @@ -13,14 +13,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-1532 - http://packetstormsecurity.org/1004-exploits/joomlapowermail-lfi.txt - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1532 cwe-id: CWE-22 - epss-score: 0.00987 - epss-percentile: 0.7571 + epss-score: 0.00477 + epss-percentile: 0.75733 cpe: cpe:2.3:a:givesight:com_powermail:1.53:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1535.yaml b/http/cves/2010/CVE-2010-1535.yaml index 7ff694669a7..d18a8a998e8 100644 --- a/http/cves/2010/CVE-2010-1535.yaml +++ b/http/cves/2010/CVE-2010-1535.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-1535 - http://www.exploit-db.com/exploits/12151 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1535 cwe-id: CWE-22 - epss-score: 0.02609 - epss-percentile: 0.84875 + epss-score: 0.00706 + epss-percentile: 0.80337 cpe: cpe:2.3:a:peter_hocherl:com_travelbook:1.0.1:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1540.yaml b/http/cves/2010/CVE-2010-1540.yaml index 914acc775a1..777407096f7 100644 --- a/http/cves/2010/CVE-2010-1540.yaml +++ b/http/cves/2010/CVE-2010-1540.yaml @@ -12,15 +12,13 @@ info: reference: - https://www.exploit-db.com/exploits/11625 - https://nvd.nist.gov/vuln/detail/CVE-2010-1540 - - https://github.com/20142995/nuclei-templates - - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1540 cwe-id: CWE-22 - epss-score: 0.02837 - epss-percentile: 0.85514 + epss-score: 0.0045 + epss-percentile: 0.72402 cpe: cpe:2.3:a:myblog:com_myblog:3.0.329:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1586.yaml b/http/cves/2010/CVE-2010-1586.yaml index db1065f508d..a56353dceeb 100644 --- a/http/cves/2010/CVE-2010-1586.yaml +++ b/http/cves/2010/CVE-2010-1586.yaml @@ -14,15 +14,13 @@ info: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1586 - https://yehg.net/lab/pr0js/advisories/hp_system_management_homepage_url_redirection_abuse - https://exchange.xforce.ibmcloud.com/vulnerabilities/58107 - - https://github.com/ARPSyndicate/cvemon - - https://github.com/dearestdoe/newclei classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2010-1586 cwe-id: CWE-20 - epss-score: 0.00564 - epss-percentile: 0.67257 + epss-score: 0.00917 + epss-percentile: 0.81107 cpe: cpe:2.3:a:hp:system_management_homepage:2.0.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1601.yaml b/http/cves/2010/CVE-2010-1601.yaml index 6da21f3b1e3..c110d0d8771 100644 --- a/http/cves/2010/CVE-2010-1601.yaml +++ b/http/cves/2010/CVE-2010-1601.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5 cve-id: CVE-2010-1601 cwe-id: CWE-22 - epss-score: 0.03148 - epss-percentile: 0.86252 + epss-score: 0.01299 + epss-percentile: 0.85844 cpe: cpe:2.3:a:joomlamart:com_jacomment:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1602.yaml b/http/cves/2010/CVE-2010-1602.yaml index 37091b2f023..e4c4e965db9 100644 --- a/http/cves/2010/CVE-2010-1602.yaml +++ b/http/cves/2010/CVE-2010-1602.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2010-1602 cwe-id: CWE-22 - epss-score: 0.01122 - epss-percentile: 0.7716 + epss-score: 0.03451 + epss-percentile: 0.91491 cpe: cpe:2.3:a:zimbllc:com_zimbcomment:0.8.1:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1603.yaml b/http/cves/2010/CVE-2010-1603.yaml index fd24006d2f6..f013542f7db 100644 --- a/http/cves/2010/CVE-2010-1603.yaml +++ b/http/cves/2010/CVE-2010-1603.yaml @@ -13,14 +13,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-1603 - http://www.vupen.com/english/advisories/2010/0931 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1603 cwe-id: CWE-22 - epss-score: 0.02988 - epss-percentile: 0.85877 + epss-score: 0.03451 + epss-percentile: 0.91491 cpe: cpe:2.3:a:zimbllc:com_zimbcore:0.1:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1607.yaml b/http/cves/2010/CVE-2010-1607.yaml index 331450fc1e5..906ea798fb5 100644 --- a/http/cves/2010/CVE-2010-1607.yaml +++ b/http/cves/2010/CVE-2010-1607.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-1607 - https://exchange.xforce.ibmcloud.com/vulnerabilities/58032 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1607 cwe-id: CWE-22 - epss-score: 0.02245 - epss-percentile: 0.83732 + epss-score: 0.01726 + epss-percentile: 0.87848 cpe: cpe:2.3:a:paysyspro:com_wmi:1.5.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1653.yaml b/http/cves/2010/CVE-2010-1653.yaml index 4bd9a16558b..81610acda7a 100644 --- a/http/cves/2010/CVE-2010-1653.yaml +++ b/http/cves/2010/CVE-2010-1653.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2010-1653 cwe-id: CWE-22 - epss-score: 0.05171 - epss-percentile: 0.89371 + epss-score: 0.03527 + epss-percentile: 0.91571 cpe: cpe:2.3:a:htmlcoderhelper:com_graphics:1.0.6:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1657.yaml b/http/cves/2010/CVE-2010-1657.yaml index 5fdcf51675c..160e0809d63 100644 --- a/http/cves/2010/CVE-2010-1657.yaml +++ b/http/cves/2010/CVE-2010-1657.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5 cve-id: CVE-2010-1657 cwe-id: CWE-22 - epss-score: 0.01291 - epss-percentile: 0.78645 + epss-score: 0.01751 + epss-percentile: 0.87931 cpe: cpe:2.3:a:recly:com_smartsite:1.0.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1658.yaml b/http/cves/2010/CVE-2010-1658.yaml index c62d9b88eaf..a86021bc87a 100644 --- a/http/cves/2010/CVE-2010-1658.yaml +++ b/http/cves/2010/CVE-2010-1658.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5 cve-id: CVE-2010-1658 cwe-id: CWE-22 - epss-score: 0.04579 - epss-percentile: 0.88646 + epss-score: 0.01751 + epss-percentile: 0.87665 cpe: cpe:2.3:a:code-garage:com_noticeboard:1.3:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1714.yaml b/http/cves/2010/CVE-2010-1714.yaml index f2ba0afbda0..40618e5f50f 100644 --- a/http/cves/2010/CVE-2010-1714.yaml +++ b/http/cves/2010/CVE-2010-1714.yaml @@ -18,8 +18,8 @@ info: cvss-score: 5 cve-id: CVE-2010-1714 cwe-id: CWE-22 - epss-score: 0.15491 - epss-percentile: 0.94294 + epss-score: 0.01751 + epss-percentile: 0.86649 cpe: cpe:2.3:a:dev.pucit.edu.pk:com_arcadegames:1.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1715.yaml b/http/cves/2010/CVE-2010-1715.yaml index cd6e9678928..71faba283bb 100644 --- a/http/cves/2010/CVE-2010-1715.yaml +++ b/http/cves/2010/CVE-2010-1715.yaml @@ -18,8 +18,8 @@ info: cvss-score: 6.8 cve-id: CVE-2010-1715 cwe-id: CWE-22 - epss-score: 0.02884 - epss-percentile: 0.85641 + epss-score: 0.01242 + epss-percentile: 0.85468 cpe: cpe:2.3:a:pucit.edu:com_onlineexam:1.5.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1719.yaml b/http/cves/2010/CVE-2010-1719.yaml index c4301b123e7..e5c94edd545 100644 --- a/http/cves/2010/CVE-2010-1719.yaml +++ b/http/cves/2010/CVE-2010-1719.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.8 cve-id: CVE-2010-1719 cwe-id: CWE-22 - epss-score: 0.03866 - epss-percentile: 0.87664 + epss-score: 0.01671 + epss-percentile: 0.87631 cpe: cpe:2.3:a:moto-treks:com_mtfireeagle:1.2:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1858.yaml b/http/cves/2010/CVE-2010-1858.yaml index af0be386b17..a85f470b879 100644 --- a/http/cves/2010/CVE-2010-1858.yaml +++ b/http/cves/2010/CVE-2010-1858.yaml @@ -19,8 +19,8 @@ info: cvss-score: 5 cve-id: CVE-2010-1858 cwe-id: CWE-22 - epss-score: 0.02876 - epss-percentile: 0.85618 + epss-score: 0.01155 + epss-percentile: 0.84543 cpe: cpe:2.3:a:gelembjuk:com_smestorage:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1878.yaml b/http/cves/2010/CVE-2010-1878.yaml index ebbd70a8925..c60d36b4b8e 100644 --- a/http/cves/2010/CVE-2010-1878.yaml +++ b/http/cves/2010/CVE-2010-1878.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2010-1878 cwe-id: CWE-22 - epss-score: 0.01594 - epss-percentile: 0.80744 + epss-score: 0.00826 + epss-percentile: 0.81565 cpe: cpe:2.3:a:blueflyingfish.no-ip:com_orgchart:1.0.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1952.yaml b/http/cves/2010/CVE-2010-1952.yaml index f74f8b66079..159595250fa 100644 --- a/http/cves/2010/CVE-2010-1952.yaml +++ b/http/cves/2010/CVE-2010-1952.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.5 cve-id: CVE-2010-1952 cwe-id: CWE-22 - epss-score: 0.04857 - epss-percentile: 0.89007 + epss-score: 0.01242 + epss-percentile: 0.85468 cpe: cpe:2.3:a:cmstactics:com_beeheard:1.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1954.yaml b/http/cves/2010/CVE-2010-1954.yaml index e90b0298aa5..c30bc9e0571 100644 --- a/http/cves/2010/CVE-2010-1954.yaml +++ b/http/cves/2010/CVE-2010-1954.yaml @@ -11,14 +11,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-1954 - http://www.exploit-db.com/exploits/12287 - http://www.vupen.com/english/advisories/2010/0928 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1954 cwe-id: CWE-22 - epss-score: 0.11976 - epss-percentile: 0.93374 + epss-score: 0.05684 + epss-percentile: 0.92564 cpe: cpe:2.3:a:joomlacomponent.inetlanka:com_multiroot:1.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1955.yaml b/http/cves/2010/CVE-2010-1955.yaml index e919b77173f..aa5507e4ba3 100644 --- a/http/cves/2010/CVE-2010-1955.yaml +++ b/http/cves/2010/CVE-2010-1955.yaml @@ -13,14 +13,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-1955 - https://exchange.xforce.ibmcloud.com/vulnerabilities/57846 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1955 cwe-id: CWE-22 - epss-score: 0.01265 - epss-percentile: 0.78419 + epss-score: 0.01671 + epss-percentile: 0.87631 cpe: cpe:2.3:a:thefactory:com_blogfactory:1.1.2:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1956.yaml b/http/cves/2010/CVE-2010-1956.yaml index 001804b1c01..48ec5950c27 100644 --- a/http/cves/2010/CVE-2010-1956.yaml +++ b/http/cves/2010/CVE-2010-1956.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.5 cve-id: CVE-2010-1956 cwe-id: CWE-22 - epss-score: 0.05871 - epss-percentile: 0.90084 + epss-score: 0.06055 + epss-percentile: 0.93494 cpe: cpe:2.3:a:thefactory:com_gadgetfactory:1.0.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1977.yaml b/http/cves/2010/CVE-2010-1977.yaml index ead2dbe82a9..c8410a0afeb 100644 --- a/http/cves/2010/CVE-2010-1977.yaml +++ b/http/cves/2010/CVE-2010-1977.yaml @@ -12,14 +12,13 @@ info: - https://www.exploit-db.com/exploits/12083 - https://nvd.nist.gov/vuln/detail/CVE-2010-1977 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1977 cwe-id: CWE-22 - epss-score: 0.03556 - epss-percentile: 0.87131 + epss-score: 0.00826 + epss-percentile: 0.8192 cpe: cpe:2.3:a:gohigheris:com_jwhmcs:1.5.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1980.yaml b/http/cves/2010/CVE-2010-1980.yaml index 7724d039246..cb809f6b7c5 100644 --- a/http/cves/2010/CVE-2010-1980.yaml +++ b/http/cves/2010/CVE-2010-1980.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.5 cve-id: CVE-2010-1980 cwe-id: CWE-22 - epss-score: 0.04183 - epss-percentile: 0.88133 + epss-score: 0.02401 + epss-percentile: 0.88823 cpe: cpe:2.3:a:roberto_aloi:com_joomlaflickr:1.0.3:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1981.yaml b/http/cves/2010/CVE-2010-1981.yaml index 7b197e7f786..b59a72aa749 100644 --- a/http/cves/2010/CVE-2010-1981.yaml +++ b/http/cves/2010/CVE-2010-1981.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.8 cve-id: CVE-2010-1981 cwe-id: CWE-22 - epss-score: 0.01604 - epss-percentile: 0.80806 + epss-score: 0.00656 + epss-percentile: 0.79446 cpe: cpe:2.3:a:fabrikar:fabrik:2.0:*:*:*:*:joomla\!:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1982.yaml b/http/cves/2010/CVE-2010-1982.yaml index 67af5c0a382..4cb8d3440db 100644 --- a/http/cves/2010/CVE-2010-1982.yaml +++ b/http/cves/2010/CVE-2010-1982.yaml @@ -12,14 +12,13 @@ info: - https://www.exploit-db.com/exploits/12121 - https://nvd.nist.gov/vuln/detail/CVE-2010-1982 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1982 cwe-id: CWE-22 - epss-score: 0.01761 - epss-percentile: 0.81663 + epss-score: 0.00477 + epss-percentile: 0.75733 cpe: cpe:2.3:a:joomlart:com_javoice:2.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-1983.yaml b/http/cves/2010/CVE-2010-1983.yaml index 9e768d43ea5..60c5770b979 100644 --- a/http/cves/2010/CVE-2010-1983.yaml +++ b/http/cves/2010/CVE-2010-1983.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.5 cve-id: CVE-2010-1983 cwe-id: CWE-22 - epss-score: 0.00765 - epss-percentile: 0.72261 + epss-score: 0.01815 + epss-percentile: 0.87898 cpe: cpe:2.3:a:redcomponent:com_redtwitter:1.0b8:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-2034.yaml b/http/cves/2010/CVE-2010-2034.yaml index a5225983ab3..534565646b1 100644 --- a/http/cves/2010/CVE-2010-2034.yaml +++ b/http/cves/2010/CVE-2010-2034.yaml @@ -13,14 +13,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-2034 - http://packetstormsecurity.org/1005-exploits/joomlaperchaia-lfi.txt - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-2034 cwe-id: CWE-22 - epss-score: 0.00931 - epss-percentile: 0.74982 + epss-score: 0.00718 + epss-percentile: 0.7851 cpe: cpe:2.3:a:percha:com_perchaimageattach:1.1:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-2036.yaml b/http/cves/2010/CVE-2010-2036.yaml index ee66a935f1f..bf8f167b369 100644 --- a/http/cves/2010/CVE-2010-2036.yaml +++ b/http/cves/2010/CVE-2010-2036.yaml @@ -13,14 +13,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-2036 - http://packetstormsecurity.org/1005-exploits/joomlaperchafa-lfi.txt - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-2036 cwe-id: CWE-22 - epss-score: 0.00322 - epss-percentile: 0.54616 + epss-score: 0.08973 + epss-percentile: 0.94583 cpe: cpe:2.3:a:percha:com_perchafieldsattach:1.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-2037.yaml b/http/cves/2010/CVE-2010-2037.yaml index bc7eb9206c8..1a10b8da35b 100644 --- a/http/cves/2010/CVE-2010-2037.yaml +++ b/http/cves/2010/CVE-2010-2037.yaml @@ -13,14 +13,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-2037 - http://packetstormsecurity.org/1005-exploits/joomlaperchada-lfi.txt - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-2037 cwe-id: CWE-22 - epss-score: 0.00931 - epss-percentile: 0.74982 + epss-score: 0.08973 + epss-percentile: 0.94583 cpe: cpe:2.3:a:percha:com_perchadownloadsattach:1.1:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-2045.yaml b/http/cves/2010/CVE-2010-2045.yaml index 6b5a883cfbb..d9f3e6ba186 100644 --- a/http/cves/2010/CVE-2010-2045.yaml +++ b/http/cves/2010/CVE-2010-2045.yaml @@ -13,14 +13,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-2045 - http://packetstormsecurity.org/1005-exploits/joomlafdione-lfi.txt - https://exchange.xforce.ibmcloud.com/vulnerabilities/58574 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-2045 cwe-id: CWE-22 - epss-score: 0.02392 - epss-percentile: 0.84211 + epss-score: 0.01671 + epss-percentile: 0.86287 cpe: cpe:2.3:a:dionesoft:com_dioneformwizard:1.0.2:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-2050.yaml b/http/cves/2010/CVE-2010-2050.yaml index 04bbc78c958..16a4fd850e4 100644 --- a/http/cves/2010/CVE-2010-2050.yaml +++ b/http/cves/2010/CVE-2010-2050.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.5 cve-id: CVE-2010-2050 cwe-id: CWE-22 - epss-score: 0.01775 - epss-percentile: 0.81751 + epss-score: 0.03527 + epss-percentile: 0.91571 cpe: cpe:2.3:a:m0r0n:com_mscomment:0.8.0:b:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-2122.yaml b/http/cves/2010/CVE-2010-2122.yaml index e051a2203f1..c2e04fcd2bd 100644 --- a/http/cves/2010/CVE-2010-2122.yaml +++ b/http/cves/2010/CVE-2010-2122.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.8 cve-id: CVE-2010-2122 cwe-id: CWE-22 - epss-score: 0.01825 - epss-percentile: 0.81983 + epss-score: 0.01806 + epss-percentile: 0.87868 cpe: cpe:2.3:a:joelrowley:com_simpledownload:0.9.5:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-2128.yaml b/http/cves/2010/CVE-2010-2128.yaml index cf7dea8b582..40ab1fd2364 100644 --- a/http/cves/2010/CVE-2010-2128.yaml +++ b/http/cves/2010/CVE-2010-2128.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.5 cve-id: CVE-2010-2128 cwe-id: CWE-22 - epss-score: 0.0312 - epss-percentile: 0.8619 + epss-score: 0.01242 + epss-percentile: 0.85468 cpe: cpe:2.3:a:harmistechnology:com_jequoteform:1.0:b1:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-2307.yaml b/http/cves/2010/CVE-2010-2307.yaml index 895ca7f2a50..9622c506392 100644 --- a/http/cves/2010/CVE-2010-2307.yaml +++ b/http/cves/2010/CVE-2010-2307.yaml @@ -19,8 +19,8 @@ info: cvss-score: 5 cve-id: CVE-2010-2307 cwe-id: CWE-22 - epss-score: 0.05839 - epss-percentile: 0.90057 + epss-score: 0.00917 + epss-percentile: 0.82851 cpe: cpe:2.3:h:motorola:surfboard_sbv6120e:sbv6x2x-1.0.0.5-scm-02-shpc:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-2507.yaml b/http/cves/2010/CVE-2010-2507.yaml index 953bb1656d6..5aadd6c787c 100644 --- a/http/cves/2010/CVE-2010-2507.yaml +++ b/http/cves/2010/CVE-2010-2507.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.8 cve-id: CVE-2010-2507 cwe-id: CWE-22 - epss-score: 0.0193 - epss-percentile: 0.82441 + epss-score: 0.01671 + epss-percentile: 0.87631 cpe: cpe:2.3:a:masselink:com_picasa2gallery:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-2680.yaml b/http/cves/2010/CVE-2010-2680.yaml index 005656e1edb..8be034a3bdf 100644 --- a/http/cves/2010/CVE-2010-2680.yaml +++ b/http/cves/2010/CVE-2010-2680.yaml @@ -17,8 +17,8 @@ info: cvss-score: 6.8 cve-id: CVE-2010-2680 cwe-id: CWE-22 - epss-score: 0.00852 - epss-percentile: 0.73795 + epss-score: 0.00826 + epss-percentile: 0.8192 cpe: cpe:2.3:a:harmistechnology:com_jesectionfinder:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-2682.yaml b/http/cves/2010/CVE-2010-2682.yaml index 773890eecb2..febd7170c8b 100644 --- a/http/cves/2010/CVE-2010-2682.yaml +++ b/http/cves/2010/CVE-2010-2682.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.5 cve-id: CVE-2010-2682 cwe-id: CWE-22 - epss-score: 0.00367 - epss-percentile: 0.5786 + epss-score: 0.00826 + epss-percentile: 0.81565 cpe: cpe:2.3:a:realtyna:com_realtyna:1.0.15:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-2857.yaml b/http/cves/2010/CVE-2010-2857.yaml index b392d32630a..6e66aebf06c 100644 --- a/http/cves/2010/CVE-2010-2857.yaml +++ b/http/cves/2010/CVE-2010-2857.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.8 cve-id: CVE-2010-2857 cwe-id: CWE-22 - epss-score: 0.00852 - epss-percentile: 0.73795 + epss-score: 0.00826 + epss-percentile: 0.8192 cpe: cpe:2.3:a:danieljamesscott:com_music:0.1:-:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-2861.yaml b/http/cves/2010/CVE-2010-2861.yaml index d2e0daeb55d..b541ef8c6d5 100644 --- a/http/cves/2010/CVE-2010-2861.yaml +++ b/http/cves/2010/CVE-2010-2861.yaml @@ -27,6 +27,7 @@ info: vendor: adobe product: coldfusion shodan-query: + - http.component:"Adobe ColdFusion" - http.component:"adobe coldfusion" - http.title:"coldfusion administrator login" - cpe:"cpe:2.3:a:adobe:coldfusion" diff --git a/http/cves/2010/CVE-2010-2920.yaml b/http/cves/2010/CVE-2010-2920.yaml index 8d681972e62..c91863c8b9b 100644 --- a/http/cves/2010/CVE-2010-2920.yaml +++ b/http/cves/2010/CVE-2010-2920.yaml @@ -17,8 +17,8 @@ info: cvss-score: 6.8 cve-id: CVE-2010-2920 cwe-id: CWE-22 - epss-score: 0.01429 - epss-percentile: 0.79655 + epss-score: 0.03527 + epss-percentile: 0.91571 cpe: cpe:2.3:a:foobla:com_foobla_suggestions:1.5.1.2:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-3203.yaml b/http/cves/2010/CVE-2010-3203.yaml index 3f1a82450cb..2a6168cafaf 100644 --- a/http/cves/2010/CVE-2010-3203.yaml +++ b/http/cves/2010/CVE-2010-3203.yaml @@ -19,8 +19,8 @@ info: cvss-score: 5 cve-id: CVE-2010-3203 cwe-id: CWE-22 - epss-score: 0.0228 - epss-percentile: 0.83829 + epss-score: 0.02682 + epss-percentile: 0.90436 cpe: cpe:2.3:a:xmlswf:com_picsell:1.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-4231.yaml b/http/cves/2010/CVE-2010-4231.yaml index 16837f1b676..f7040dfc6e9 100644 --- a/http/cves/2010/CVE-2010-4231.yaml +++ b/http/cves/2010/CVE-2010-4231.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.8 cve-id: CVE-2010-4231 cwe-id: CWE-22 - epss-score: 0.03489 - epss-percentile: 0.86999 + epss-score: 0.01615 + epss-percentile: 0.87445 cpe: cpe:2.3:a:camtron:cmnc-200_firmware:1.102a-008:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-4239.yaml b/http/cves/2010/CVE-2010-4239.yaml index 8dbc68f52ed..76198933a2f 100644 --- a/http/cves/2010/CVE-2010-4239.yaml +++ b/http/cves/2010/CVE-2010-4239.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2010-4239 cwe-id: CWE-20 - epss-score: 0.45128 - epss-percentile: 0.97423 + epss-score: 0.02675 + epss-percentile: 0.90421 cpe: cpe:2.3:a:tiki:tikiwiki_cms\/groupware:5.2:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-4282.yaml b/http/cves/2010/CVE-2010-4282.yaml index a80e620476c..fda6b541837 100644 --- a/http/cves/2010/CVE-2010-4282.yaml +++ b/http/cves/2010/CVE-2010-4282.yaml @@ -19,19 +19,15 @@ info: cvss-score: 7.5 cve-id: CVE-2010-4282 cwe-id: CWE-22 - epss-score: 0.03744 - epss-percentile: 0.87435 + epss-score: 0.01214 + epss-percentile: 0.83767 cpe: cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: artica product: pandora_fms - shodan-query: - - http.title:"pandora fms" - - http.html:"pandora fms - installation wizard" - fofa-query: - - title="pandora fms" - - body="pandora fms - installation wizard" + shodan-query: http.title:"pandora fms" + fofa-query: title="pandora fms" google-query: intitle:"pandora fms" tags: cve,cve2010,seclists,phpshowtime,edb,lfi,joomla,artica diff --git a/http/cves/2010/CVE-2010-4617.yaml b/http/cves/2010/CVE-2010-4617.yaml index ca04a9d9267..7bcb287b6b4 100644 --- a/http/cves/2010/CVE-2010-4617.yaml +++ b/http/cves/2010/CVE-2010-4617.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.8 cve-id: CVE-2010-4617 cwe-id: CWE-22 - epss-score: 0.00327 - epss-percentile: 0.54923 + epss-score: 0.00826 + epss-percentile: 0.80104 cpe: cpe:2.3:a:kanich:com_jotloader:2.2.1:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-4719.yaml b/http/cves/2010/CVE-2010-4719.yaml index 5a6c42d4838..c91a4496490 100644 --- a/http/cves/2010/CVE-2010-4719.yaml +++ b/http/cves/2010/CVE-2010-4719.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.5 cve-id: CVE-2010-4719 cwe-id: CWE-22 - epss-score: 0.03407 - epss-percentile: 0.86839 + epss-score: 0.04503 + epss-percentile: 0.92461 cpe: cpe:2.3:a:fxwebdesign:com_jradio:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-5028.yaml b/http/cves/2010/CVE-2010-5028.yaml index 9cbbf6ebdae..2cbeec94b65 100644 --- a/http/cves/2010/CVE-2010-5028.yaml +++ b/http/cves/2010/CVE-2010-5028.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.5 cve-id: CVE-2010-5028 cwe-id: CWE-89 - epss-score: 0.17118 - epss-percentile: 0.94623 + epss-score: 0.00316 + epss-percentile: 0.70272 cpe: cpe:2.3:a:harmistechnology:com_jejob:1.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-5278.yaml b/http/cves/2010/CVE-2010-5278.yaml index 0cb5683bbf7..ecaedfa97bd 100644 --- a/http/cves/2010/CVE-2010-5278.yaml +++ b/http/cves/2010/CVE-2010-5278.yaml @@ -20,8 +20,8 @@ info: cvss-score: 4.3 cve-id: CVE-2010-5278 cwe-id: CWE-22 - epss-score: 0.23359 - epss-percentile: 0.95644 + epss-score: 0.06135 + epss-percentile: 0.93535 cpe: cpe:2.3:a:modx:modx_revolution:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2010/CVE-2010-5286.yaml b/http/cves/2010/CVE-2010-5286.yaml index bf172907c39..6365304bdaa 100644 --- a/http/cves/2010/CVE-2010-5286.yaml +++ b/http/cves/2010/CVE-2010-5286.yaml @@ -13,14 +13,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2010-5286 - http://packetstormsecurity.org/1010-exploits/joomlajstore-lfi.txt - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C cvss-score: 10 cve-id: CVE-2010-5286 cwe-id: CWE-22 - epss-score: 0.38443 - epss-percentile: 0.97041 + epss-score: 0.08973 + epss-percentile: 0.94583 cpe: cpe:2.3:a:joobi:com_jstore:-:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2011/CVE-2011-0049.yaml b/http/cves/2011/CVE-2011-0049.yaml index 7237265ba66..4f87b9ae932 100644 --- a/http/cves/2011/CVE-2011-0049.yaml +++ b/http/cves/2011/CVE-2011-0049.yaml @@ -19,8 +19,8 @@ info: cvss-score: 5 cve-id: CVE-2011-0049 cwe-id: CWE-22 - epss-score: 0.91269 - epss-percentile: 0.99622 + epss-score: 0.8814 + epss-percentile: 0.98672 cpe: cpe:2.3:a:mj2:majordomo_2:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2011/CVE-2011-2744.yaml b/http/cves/2011/CVE-2011-2744.yaml index 065fdd6123d..d36cadb9d3f 100644 --- a/http/cves/2011/CVE-2011-2744.yaml +++ b/http/cves/2011/CVE-2011-2744.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.8 cve-id: CVE-2011-2744 cwe-id: CWE-22 - epss-score: 0.09775 - epss-percentile: 0.92527 + epss-score: 0.01541 + epss-percentile: 0.87103 cpe: cpe:2.3:a:chyrp:chyrp:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2011/CVE-2011-2780.yaml b/http/cves/2011/CVE-2011-2780.yaml index e16b420c114..ca3717430d9 100644 --- a/http/cves/2011/CVE-2011-2780.yaml +++ b/http/cves/2011/CVE-2011-2780.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5 cve-id: CVE-2011-2780 cwe-id: CWE-22 - epss-score: 0.03603 - epss-percentile: 0.87201 + epss-score: 0.03327 + epss-percentile: 0.91341 cpe: cpe:2.3:a:chyrp:chyrp:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2011/CVE-2011-3315.yaml b/http/cves/2011/CVE-2011-3315.yaml index bfedcded226..4a7bdf2f497 100644 --- a/http/cves/2011/CVE-2011-3315.yaml +++ b/http/cves/2011/CVE-2011-3315.yaml @@ -13,14 +13,13 @@ info: - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-cucm - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N cvss-score: 7.8 cve-id: CVE-2011-3315 cwe-id: CWE-22 - epss-score: 0.73082 - epss-percentile: 0.98692 + epss-score: 0.72021 + epss-percentile: 0.97988 cpe: cpe:2.3:h:cisco:unified_ip_interactive_voice_response:-:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2011/CVE-2011-4336.yaml b/http/cves/2011/CVE-2011-4336.yaml index 49b786eacc7..7454d435a96 100644 --- a/http/cves/2011/CVE-2011-4336.yaml +++ b/http/cves/2011/CVE-2011-4336.yaml @@ -12,14 +12,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2011-4336 - https://seclists.org/bugtraq/2011/Nov/140 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2011-4336 cwe-id: CWE-79 - epss-score: 0.00927 - epss-percentile: 0.74919 + epss-score: 0.00255 + epss-percentile: 0.64746 cpe: cpe:2.3:a:tiki:tikiwiki_cms\/groupware:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2011/CVE-2011-4624.yaml b/http/cves/2011/CVE-2011-4624.yaml index d3b60d84aba..b1db01b442d 100644 --- a/http/cves/2011/CVE-2011-4624.yaml +++ b/http/cves/2011/CVE-2011-4624.yaml @@ -19,8 +19,8 @@ info: cvss-score: 4.3 cve-id: CVE-2011-4624 cwe-id: CWE-79 - epss-score: 0.05988 - epss-percentile: 0.90182 + epss-score: 0.00446 + epss-percentile: 0.74948 cpe: cpe:2.3:a:codeasily:grand_flagallery:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2011/CVE-2011-4640.yaml b/http/cves/2011/CVE-2011-4640.yaml index e6a0acf184d..cb71d12e608 100644 --- a/http/cves/2011/CVE-2011-4640.yaml +++ b/http/cves/2011/CVE-2011-4640.yaml @@ -22,8 +22,8 @@ info: vendor: spamtitan product: webtitan shodan-query: - - http.title:"webtitan" - - http.favicon.hash:"1090061843" + - title:"WebTitan" + - http.favicon.hash:1090061843 fofa-query: - icon_hash=1090061843 - title="webtitan" diff --git a/http/cves/2011/CVE-2011-4804.yaml b/http/cves/2011/CVE-2011-4804.yaml index 7a9671b97f0..6eac7df5041 100644 --- a/http/cves/2011/CVE-2011-4804.yaml +++ b/http/cves/2011/CVE-2011-4804.yaml @@ -13,14 +13,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2011-4804 - http://foobla.com/news/latest/obsuggest-1.8-security-release.html - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2011-4804 cwe-id: CWE-22 - epss-score: 0.36984 - epss-percentile: 0.96938 + epss-score: 0.44913 + epss-percentile: 0.97396 cpe: cpe:2.3:a:foobla:com_obsuggest:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2011/CVE-2011-4926.yaml b/http/cves/2011/CVE-2011-4926.yaml index c8a375ca25a..c3de22eee59 100644 --- a/http/cves/2011/CVE-2011-4926.yaml +++ b/http/cves/2011/CVE-2011-4926.yaml @@ -20,8 +20,8 @@ info: cvss-score: 4.3 cve-id: CVE-2011-4926 cwe-id: CWE-79 - epss-score: 0.06895 - epss-percentile: 0.90885 + epss-score: 0.01792 + epss-percentile: 0.88084 cpe: cpe:2.3:a:bueltge:adminimize:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2011/CVE-2011-5106.yaml b/http/cves/2011/CVE-2011-5106.yaml index 0ff61bdb040..44d07cf6349 100644 --- a/http/cves/2011/CVE-2011-5106.yaml +++ b/http/cves/2011/CVE-2011-5106.yaml @@ -20,8 +20,8 @@ info: cvss-score: 4.3 cve-id: CVE-2011-5106 cwe-id: CWE-79 - epss-score: 0.0154 - epss-percentile: 0.80428 + epss-score: 0.00434 + epss-percentile: 0.74554 cpe: cpe:2.3:a:fractalia:flexible_custom_post_type:0.1:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2011/CVE-2011-5107.yaml b/http/cves/2011/CVE-2011-5107.yaml index ddd6edfba6a..d9a181a2fc5 100644 --- a/http/cves/2011/CVE-2011-5107.yaml +++ b/http/cves/2011/CVE-2011-5107.yaml @@ -14,14 +14,13 @@ info: - https://exchange.xforce.ibmcloud.com/vulnerabilities/71413 - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/d4n-sec/d4n-sec.github.io - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2011-5107 cwe-id: CWE-79 - epss-score: 0.0196 - epss-percentile: 0.82553 + epss-score: 0.00232 + epss-percentile: 0.6058 cpe: cpe:2.3:a:wordpress:alert_before_you_post:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2011/CVE-2011-5179.yaml b/http/cves/2011/CVE-2011-5179.yaml index dabef8637f8..d324d0b2e3b 100644 --- a/http/cves/2011/CVE-2011-5179.yaml +++ b/http/cves/2011/CVE-2011-5179.yaml @@ -13,15 +13,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2011-5179 - https://exchange.xforce.ibmcloud.com/vulnerabilities/71486 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/d4n-sec/d4n-sec.github.io - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2011-5179 cwe-id: CWE-79 - epss-score: 0.0196 - epss-percentile: 0.82553 + epss-score: 0.00232 + epss-percentile: 0.61346 cpe: cpe:2.3:a:skysa:skysa_app_bar_integration_plugin:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2011/CVE-2011-5181.yaml b/http/cves/2011/CVE-2011-5181.yaml index c251b44a05b..6255a1acd6a 100644 --- a/http/cves/2011/CVE-2011-5181.yaml +++ b/http/cves/2011/CVE-2011-5181.yaml @@ -20,8 +20,8 @@ info: cvss-score: 4.3 cve-id: CVE-2011-5181 cwe-id: CWE-79 - epss-score: 0.0104 - epss-percentile: 0.76326 + epss-score: 0.00431 + epss-percentile: 0.74451 cpe: cpe:2.3:a:clickdesk:clickdesk_live_support-live_chat_plugin:2.0:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2011/CVE-2011-5252.yaml b/http/cves/2011/CVE-2011-5252.yaml index 04606512348..26faca17ba2 100644 --- a/http/cves/2011/CVE-2011-5252.yaml +++ b/http/cves/2011/CVE-2011-5252.yaml @@ -28,8 +28,6 @@ info: max-request: 1 vendor: orchardproject product: orchard - shodan-query: http.html:"orchard setup - get started" - fofa-query: body="orchard setup - get started" tags: cve,cve2011,redirect,orchard,orchardproject http: diff --git a/http/cves/2011/CVE-2011-5265.yaml b/http/cves/2011/CVE-2011-5265.yaml index 715637135e3..2973dad13b3 100644 --- a/http/cves/2011/CVE-2011-5265.yaml +++ b/http/cves/2011/CVE-2011-5265.yaml @@ -14,14 +14,13 @@ info: - https://exchange.xforce.ibmcloud.com/vulnerabilities/71468 - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/d4n-sec/d4n-sec.github.io - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2011-5265 cwe-id: CWE-79 - epss-score: 0.05708 - epss-percentile: 0.89941 + epss-score: 0.00478 + epss-percentile: 0.75781 cpe: cpe:2.3:a:featurific_for_wordpress_project:featurific-for-wordpress:1.6.2:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2012/CVE-2012-0392.yaml b/http/cves/2012/CVE-2012-0392.yaml index 411ac1e71ec..7a53ca2e6a1 100644 --- a/http/cves/2012/CVE-2012-0392.yaml +++ b/http/cves/2012/CVE-2012-0392.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.8 cve-id: CVE-2012-0392 cwe-id: NVD-CWE-noinfo - epss-score: 0.93052 - epss-percentile: 0.99769 + epss-score: 0.96232 + epss-percentile: 0.99521 cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2012/CVE-2012-0394.yaml b/http/cves/2012/CVE-2012-0394.yaml index a79ace09534..524a843887b 100644 --- a/http/cves/2012/CVE-2012-0394.yaml +++ b/http/cves/2012/CVE-2012-0394.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.8 cve-id: CVE-2012-0394 cwe-id: CWE-94 - epss-score: 0.93772 - epss-percentile: 0.99846 + epss-score: 0.94527 + epss-percentile: 0.99071 cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* metadata: verified: true @@ -30,8 +30,9 @@ info: vendor: apache product: struts shodan-query: - - http.html:"struts problem report" + - html:"Struts Problem Report" - http.title:"struts2 showcase" + - http.html:"struts problem report" - http.html:"apache struts" fofa-query: - body="struts problem report" diff --git a/http/cves/2012/CVE-2012-0896.yaml b/http/cves/2012/CVE-2012-0896.yaml index 40677a3b286..bb48f5d391c 100644 --- a/http/cves/2012/CVE-2012-0896.yaml +++ b/http/cves/2012/CVE-2012-0896.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5 cve-id: CVE-2012-0896 cwe-id: CWE-22 - epss-score: 0.1085 - epss-percentile: 0.92988 + epss-score: 0.01844 + epss-percentile: 0.883 cpe: cpe:2.3:a:count_per_day_project:count_per_day:2.2:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2012/CVE-2012-0991.yaml b/http/cves/2012/CVE-2012-0991.yaml index e0f8f32306f..31977793c7d 100644 --- a/http/cves/2012/CVE-2012-0991.yaml +++ b/http/cves/2012/CVE-2012-0991.yaml @@ -30,17 +30,13 @@ info: shodan-query: - http.html:"openemr" - http.title:"openemr" - - http.favicon.hash:"1971268439" - - http.title:"openemr setup tool" + - http.favicon.hash:1971268439 fofa-query: - icon_hash=1971268439 - body="openemr" - title="openemr" - app="openemr" - - title="openemr setup tool" - google-query: - - intitle:"openemr" - - intitle:"openemr setup tool" + google-query: intitle:"openemr" tags: cve,cve2012,lfi,openemr,traversal,edb http: diff --git a/http/cves/2012/CVE-2012-0996.yaml b/http/cves/2012/CVE-2012-0996.yaml index d236bbf59a7..328bcc850a7 100644 --- a/http/cves/2012/CVE-2012-0996.yaml +++ b/http/cves/2012/CVE-2012-0996.yaml @@ -13,14 +13,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2012-0996 - https://www.htbridge.ch/advisory/HTB23071 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2012-0996 cwe-id: CWE-22 - epss-score: 0.14497 - epss-percentile: 0.94072 + epss-score: 0.03648 + epss-percentile: 0.91695 cpe: cpe:2.3:a:11in1:11in1:1.2.1:stable_12-31-2011:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2012/CVE-2012-1226.yaml b/http/cves/2012/CVE-2012-1226.yaml index 7fdff21a6a8..10305fbdeff 100644 --- a/http/cves/2012/CVE-2012-1226.yaml +++ b/http/cves/2012/CVE-2012-1226.yaml @@ -26,7 +26,7 @@ info: max-request: 1 vendor: dolibarr product: dolibarr_erp\/crm - shodan-query: http.favicon.hash:"440258421" + shodan-query: http.favicon.hash:440258421 fofa-query: icon_hash=440258421 tags: cve,cve2012,lfi,dolibarr,traversal,edb diff --git a/http/cves/2012/CVE-2012-1823.yaml b/http/cves/2012/CVE-2012-1823.yaml index 419e83bd256..2ee5999be10 100644 --- a/http/cves/2012/CVE-2012-1823.yaml +++ b/http/cves/2012/CVE-2012-1823.yaml @@ -28,14 +28,7 @@ info: max-request: 1 vendor: php product: php - shodan-query: - - cpe:"cpe:2.3:a:php:php" - - http.title:"php warning" || "fatal error" - - php.ini - - the requested resource - - x-powered-by:"php" - fofa-query: title="php warning" || "fatal error" - google-query: intitle:"php warning" || "fatal error" + shodan-query: cpe:"cpe:2.3:a:php:php" tags: cve,cve2012,kev,vulhub,rce,php variables: string: "CVE-2012-1823" diff --git a/http/cves/2012/CVE-2012-4032.yaml b/http/cves/2012/CVE-2012-4032.yaml index 018732730f5..1ac8c061c6d 100644 --- a/http/cves/2012/CVE-2012-4032.yaml +++ b/http/cves/2012/CVE-2012-4032.yaml @@ -21,14 +21,16 @@ info: cvss-score: 5.8 cve-id: CVE-2012-4032 cwe-id: CWE-20 - epss-score: 0.22265 - epss-percentile: 0.9547 + epss-score: 0.00951 + epss-percentile: 0.81499 cpe: cpe:2.3:a:websitepanel:websitepanel:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: websitepanel product: websitepanel - shodan-query: http.title:"websitepanel" html:"login" + shodan-query: + - title:"WebsitePanel" html:"login" + - http.title:"websitepanel" html:"login" fofa-query: title="websitepanel" html:"login" google-query: intitle:"websitepanel" html:"login" tags: cve,cve2012,packetstorm,redirect,websitepanel,authenticated diff --git a/http/cves/2012/CVE-2012-4242.yaml b/http/cves/2012/CVE-2012-4242.yaml index 89e853b5be5..10ead87abca 100644 --- a/http/cves/2012/CVE-2012-4242.yaml +++ b/http/cves/2012/CVE-2012-4242.yaml @@ -14,14 +14,13 @@ info: - http://www.reactionpenetrationtesting.co.uk/mf-gig-calendar-xss.html - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/d4n-sec/d4n-sec.github.io - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2012-4242 cwe-id: CWE-79 - epss-score: 0.0432 - epss-percentile: 0.88305 + epss-score: 0.00216 + epss-percentile: 0.59564 cpe: cpe:2.3:a:mf_gig_calendar_project:mf_gig_calendar:0.9.2:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2012/CVE-2012-4547.yaml b/http/cves/2012/CVE-2012-4547.yaml index 09bbc3b2ee0..d70dc869e08 100644 --- a/http/cves/2012/CVE-2012-4547.yaml +++ b/http/cves/2012/CVE-2012-4547.yaml @@ -18,8 +18,8 @@ info: cvss-score: 4.3 cve-id: CVE-2012-4547 cwe-id: CWE-79 - epss-score: 0.43743 - epss-percentile: 0.97352 + epss-score: 0.0023 + epss-percentile: 0.61246 cpe: cpe:2.3:a:laurent_destailleur:awstats:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2012/CVE-2012-4768.yaml b/http/cves/2012/CVE-2012-4768.yaml index bba20a82840..52ef54e75ae 100644 --- a/http/cves/2012/CVE-2012-4768.yaml +++ b/http/cves/2012/CVE-2012-4768.yaml @@ -20,8 +20,8 @@ info: cvss-score: 4.3 cve-id: CVE-2012-4768 cwe-id: CWE-79 - epss-score: 0.01334 - epss-percentile: 0.78951 + epss-score: 0.00922 + epss-percentile: 0.82559 cpe: cpe:2.3:a:mikejolley:download_monitor:3.3.5.7:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2012/CVE-2012-4878.yaml b/http/cves/2012/CVE-2012-4878.yaml index af6fbf07036..18bd5efa08e 100644 --- a/http/cves/2012/CVE-2012-4878.yaml +++ b/http/cves/2012/CVE-2012-4878.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5 cve-id: CVE-2012-4878 cwe-id: CWE-22 - epss-score: 0.11255 - epss-percentile: 0.9314 + epss-score: 0.00537 + epss-percentile: 0.7717 cpe: cpe:2.3:a:flatnux:flatnux:2011-08-09-2:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2012/CVE-2012-4940.yaml b/http/cves/2012/CVE-2012-4940.yaml index 30bc37c4480..b55ec6f3d0d 100644 --- a/http/cves/2012/CVE-2012-4940.yaml +++ b/http/cves/2012/CVE-2012-4940.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2012-4940 - http://www.kb.cert.org/vuls/id/586556 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N cvss-score: 6.4 cve-id: CVE-2012-4940 cwe-id: CWE-22 - epss-score: 0.70615 - epss-percentile: 0.98586 + epss-score: 0.16414 + epss-percentile: 0.95998 cpe: cpe:2.3:a:gecad:axigen_free_mail_server:-:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2012/CVE-2012-4982.yaml b/http/cves/2012/CVE-2012-4982.yaml index 1d5a62c2ef7..661cdab9b18 100644 --- a/http/cves/2012/CVE-2012-4982.yaml +++ b/http/cves/2012/CVE-2012-4982.yaml @@ -21,8 +21,8 @@ info: cvss-score: 5.8 cve-id: CVE-2012-4982 cwe-id: CWE-20 - epss-score: 0.1931 - epss-percentile: 0.95039 + epss-score: 0.00357 + epss-percentile: 0.72078 cpe: cpe:2.3:a:forescout:counteract:6.3.4.10:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2012/CVE-2012-6499.yaml b/http/cves/2012/CVE-2012-6499.yaml index c4d08da6ef7..8b5429e5630 100644 --- a/http/cves/2012/CVE-2012-6499.yaml +++ b/http/cves/2012/CVE-2012-6499.yaml @@ -14,15 +14,13 @@ info: - https://www.exploit-db.com/exploits/18350 - https://wordpress.org/plugins/age-verification - https://nvd.nist.gov/vuln/detail/CVE-2012-6499 - - https://github.com/20142995/nuclei-templates - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N cvss-score: 5.8 cve-id: CVE-2012-6499 cwe-id: CWE-20 - epss-score: 0.39935 - epss-percentile: 0.9713 + epss-score: 0.03575 + epss-percentile: 0.91621 cpe: cpe:2.3:a:age_verification_project:age_verification:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2013/CVE-2013-1965.yaml b/http/cves/2013/CVE-2013-1965.yaml index b4d4c24029a..4fa7c374c0b 100644 --- a/http/cves/2013/CVE-2013-1965.yaml +++ b/http/cves/2013/CVE-2013-1965.yaml @@ -19,8 +19,8 @@ info: cvss-score: 9.3 cve-id: CVE-2013-1965 cwe-id: CWE-94 - epss-score: 0.92318 - epss-percentile: 0.99702 + epss-score: 0.00813 + epss-percentile: 0.79935 cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2013/CVE-2013-2248.yaml b/http/cves/2013/CVE-2013-2248.yaml index fe51b957557..7a6e19a9f5b 100644 --- a/http/cves/2013/CVE-2013-2248.yaml +++ b/http/cves/2013/CVE-2013-2248.yaml @@ -19,8 +19,8 @@ info: cvss-score: 5.8 cve-id: CVE-2013-2248 cwe-id: CWE-20 - epss-score: 0.93635 - epss-percentile: 0.99829 + epss-score: 0.97189 + epss-percentile: 0.99819 cpe: cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2013/CVE-2013-2251.yaml b/http/cves/2013/CVE-2013-2251.yaml index c0d331c4dfb..9ae83d1a30b 100644 --- a/http/cves/2013/CVE-2013-2251.yaml +++ b/http/cves/2013/CVE-2013-2251.yaml @@ -15,17 +15,17 @@ info: - http://archiva.apache.org/security.html - http://cxsecurity.com/issue/WLB-2014010087 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C + cvss-score: 9.3 cve-id: CVE-2013-2251 - cwe-id: CWE-74 - epss-score: 0.94328 - epss-percentile: 0.9994 - cpe: cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:* + cwe-id: CWE-20 + epss-score: 0.97432 + epss-percentile: 0.99936 + cpe: cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:* metadata: max-request: 9 vendor: apache - product: archiva + product: struts shodan-query: - http.html:"apache struts" - http.title:"struts2 showcase" diff --git a/http/cves/2013/CVE-2013-2287.yaml b/http/cves/2013/CVE-2013-2287.yaml index 81bb17a79e8..3eeed3b47ff 100644 --- a/http/cves/2013/CVE-2013-2287.yaml +++ b/http/cves/2013/CVE-2013-2287.yaml @@ -14,14 +14,13 @@ info: - https://www.dognaedis.com/vulns/DGS-SEC-16.html - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/d4n-sec/d4n-sec.github.io - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2013-2287 cwe-id: CWE-79 - epss-score: 0.10095 - epss-percentile: 0.92683 + epss-score: 0.00219 + epss-percentile: 0.59874 cpe: cpe:2.3:a:roberta_bramski:uploader:1.0.4:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2013/CVE-2013-2621.yaml b/http/cves/2013/CVE-2013-2621.yaml index 874cd206a36..adb292698e7 100644 --- a/http/cves/2013/CVE-2013-2621.yaml +++ b/http/cves/2013/CVE-2013-2621.yaml @@ -14,15 +14,13 @@ info: - https://www.exploit-db.com/exploits/38546 - https://exchange.xforce.ibmcloud.com/vulnerabilities/84683 - https://nvd.nist.gov/vuln/detail/CVE-2013-2621 - - https://github.com/dearestdoe/newclei - - https://github.com/tr3ss/newclei classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2013-2621 cwe-id: CWE-601 - epss-score: 0.09342 - epss-percentile: 0.92326 + epss-score: 0.03563 + epss-percentile: 0.90674 cpe: cpe:2.3:a:telaen_project:telaen:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2013/CVE-2013-4625.yaml b/http/cves/2013/CVE-2013-4625.yaml index 0071142c8ae..459bffe4c13 100644 --- a/http/cves/2013/CVE-2013-4625.yaml +++ b/http/cves/2013/CVE-2013-4625.yaml @@ -19,8 +19,8 @@ info: cvss-score: 4.3 cve-id: CVE-2013-4625 cwe-id: CWE-79 - epss-score: 0.08892 - epss-percentile: 0.92098 + epss-score: 0.01217 + epss-percentile: 0.85273 cpe: cpe:2.3:a:cory_lamle:duplicator:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2013/CVE-2013-5979.yaml b/http/cves/2013/CVE-2013-5979.yaml index 249e55aac30..7c732d981e3 100644 --- a/http/cves/2013/CVE-2013-5979.yaml +++ b/http/cves/2013/CVE-2013-5979.yaml @@ -20,15 +20,13 @@ info: cvss-score: 5 cve-id: CVE-2013-5979 cwe-id: CWE-22 - epss-score: 0.48856 - epss-percentile: 0.97605 + epss-score: 0.07984 + epss-percentile: 0.94272 cpe: cpe:2.3:a:springsignage:xibo:1.2.0:*:*:*:*:*:*:* metadata: max-request: 1 vendor: springsignage product: xibo - shodan-query: http.html:"/xibosignage/xibo-cms" - fofa-query: body="/xibosignage/xibo-cms" tags: cve2013,cve,lfi,edb,springsignage http: diff --git a/http/cves/2013/CVE-2013-7091.yaml b/http/cves/2013/CVE-2013-7091.yaml index 71b4d336aa0..3339c5f1fc3 100644 --- a/http/cves/2013/CVE-2013-7091.yaml +++ b/http/cves/2013/CVE-2013-7091.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5 cve-id: CVE-2013-7091 cwe-id: CWE-22 - epss-score: 0.91686 - epss-percentile: 0.99649 + epss-score: 0.97337 + epss-percentile: 0.99881 cpe: cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.0:*:*:*:*:*:*:* metadata: max-request: 2 @@ -30,11 +30,9 @@ info: shodan-query: - http.title:"zimbra collaboration suite" - http.title:"zimbra web client sign in" - - http.favicon.hash:"1624375939" fofa-query: - title="zimbra web client sign in" - title="zimbra collaboration suite" - - icon_hash=1624375939 google-query: - intitle:"zimbra collaboration suite" - intitle:"zimbra web client sign in" diff --git a/http/cves/2013/CVE-2013-7240.yaml b/http/cves/2013/CVE-2013-7240.yaml index 4df1902c9ef..6de4704ec6f 100644 --- a/http/cves/2013/CVE-2013-7240.yaml +++ b/http/cves/2013/CVE-2013-7240.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5 cve-id: CVE-2013-7240 cwe-id: CWE-22 - epss-score: 0.7781 - epss-percentile: 0.98933 + epss-score: 0.26523 + epss-percentile: 0.96738 cpe: cpe:2.3:a:westerndeal:advanced_dewplayer:1.2:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2013/CVE-2013-7285.yaml b/http/cves/2013/CVE-2013-7285.yaml index 725f13c6458..55fe76a72e9 100644 --- a/http/cves/2013/CVE-2013-7285.yaml +++ b/http/cves/2013/CVE-2013-7285.yaml @@ -21,13 +21,13 @@ info: cvss-score: 9.8 cve-id: CVE-2013-7285 cwe-id: CWE-78 - epss-score: 0.15054 - epss-percentile: 0.94205 - cpe: cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:* + epss-score: 0.55716 + epss-percentile: 0.97607 + cpe: cpe:2.3:a:xstream_project:xstream:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: oracle - product: endeca_information_discovery_studio + vendor: xstream_project + product: xstream tags: cve2013,cve,xstream,deserialization,rce,oast,xstream_project http: diff --git a/http/cves/2014/CVE-2014-2321.yaml b/http/cves/2014/CVE-2014-2321.yaml index dbe76494485..9f61eb2097f 100644 --- a/http/cves/2014/CVE-2014-2321.yaml +++ b/http/cves/2014/CVE-2014-2321.yaml @@ -21,8 +21,8 @@ info: cvss-score: 10 cve-id: CVE-2014-2321 cwe-id: CWE-264 - epss-score: 0.90027 - epss-percentile: 0.9955 + epss-score: 0.95464 + epss-percentile: 0.99375 cpe: cpe:2.3:h:zte:f460:-:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2014/CVE-2014-2323.yaml b/http/cves/2014/CVE-2014-2323.yaml index 9257090d534..aa14e784974 100644 --- a/http/cves/2014/CVE-2014-2323.yaml +++ b/http/cves/2014/CVE-2014-2323.yaml @@ -20,19 +20,14 @@ info: cvss-score: 9.8 cve-id: CVE-2014-2323 cwe-id: CWE-89 - epss-score: 0.926 - epss-percentile: 0.99725 + epss-score: 0.96033 + epss-percentile: 0.99481 cpe: cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: lighttpd product: lighttpd - shodan-query: - - cpe:"cpe:2.3:a:lighttpd:lighttpd" - - http.title:"powered by lighttpd" - - if you find a bug in this lighttpd package, or in lighttpd itself - fofa-query: title="powered by lighttpd" - google-query: intitle:"powered by lighttpd" + shodan-query: cpe:"cpe:2.3:a:lighttpd:lighttpd" tags: cve2014,cve,lighttpd,injection,seclists,sqli http: diff --git a/http/cves/2014/CVE-2014-2383.yaml b/http/cves/2014/CVE-2014-2383.yaml index 294d3d19dbd..1321a6d2742 100644 --- a/http/cves/2014/CVE-2014-2383.yaml +++ b/http/cves/2014/CVE-2014-2383.yaml @@ -21,15 +21,14 @@ info: cvss-score: 6.8 cve-id: CVE-2014-2383 cwe-id: CWE-200 - epss-score: 0.43309 - epss-percentile: 0.9733 + epss-score: 0.00363 + epss-percentile: 0.72296 cpe: cpe:2.3:a:dompdf:dompdf:*:beta3:*:*:*:*:*:* metadata: verified: true max-request: 11 vendor: dompdf product: dompdf - fofa-query: title="dompdf - the php 5 html to pdf converter" tags: cve2014,cve,lfi,wp-plugin,wpscan,dompdf,wordpress,wp,edb,seclists http: diff --git a/http/cves/2014/CVE-2014-2962.yaml b/http/cves/2014/CVE-2014-2962.yaml index 77c332356d4..a78b6ca80b9 100644 --- a/http/cves/2014/CVE-2014-2962.yaml +++ b/http/cves/2014/CVE-2014-2962.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.8 cve-id: CVE-2014-2962 cwe-id: CWE-22 - epss-score: 0.90047 - epss-percentile: 0.99551 + epss-score: 0.95717 + epss-percentile: 0.99419 cpe: cpe:2.3:o:belkin:n150_f9k1009_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2014/CVE-2014-3120.yaml b/http/cves/2014/CVE-2014-3120.yaml index 37965629c49..bc14ce3046c 100644 --- a/http/cves/2014/CVE-2014-3120.yaml +++ b/http/cves/2014/CVE-2014-3120.yaml @@ -3,7 +3,7 @@ id: CVE-2014-3120 info: name: ElasticSearch v1.1.1/1.2 RCE author: pikpikcu - severity: high + severity: medium description: | The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. Be aware this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine. impact: | @@ -17,12 +17,12 @@ info: - http://bouk.co/blog/elasticsearch-rce/ - https://www.elastic.co/community/security/ classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N - cvss-score: 8.1 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P + cvss-score: 6.8 cve-id: CVE-2014-3120 cwe-id: CWE-284 - epss-score: 0.79814 - epss-percentile: 0.99033 + epss-score: 0.53209 + epss-percentile: 0.97602 cpe: cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2014/CVE-2014-3704.yaml b/http/cves/2014/CVE-2014-3704.yaml index a1acd6ae2e9..5ed546d7cc7 100644 --- a/http/cves/2014/CVE-2014-3704.yaml +++ b/http/cves/2014/CVE-2014-3704.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2014-3704 cwe-id: CWE-89 - epss-score: 0.94222 - epss-percentile: 0.99913 + epss-score: 0.9753 + epss-percentile: 0.99992 cpe: cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2014/CVE-2014-3744.yaml b/http/cves/2014/CVE-2014-3744.yaml index eea95a8a319..fd4e77c1ea6 100644 --- a/http/cves/2014/CVE-2014-3744.yaml +++ b/http/cves/2014/CVE-2014-3744.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2014-3744 cwe-id: CWE-22 - epss-score: 0.48753 - epss-percentile: 0.97598 + epss-score: 0.00672 + epss-percentile: 0.79778 cpe: cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2014/CVE-2014-4210.yaml b/http/cves/2014/CVE-2014-4210.yaml index 8eb7a202971..b31bb0bda78 100644 --- a/http/cves/2014/CVE-2014-4210.yaml +++ b/http/cves/2014/CVE-2014-4210.yaml @@ -28,6 +28,7 @@ info: vendor: oracle product: fusion_middleware shodan-query: + - title:"Weblogic" - http.title:"weblogic" - http.html:"weblogic application server" fofa-query: diff --git a/http/cves/2014/CVE-2014-4535.yaml b/http/cves/2014/CVE-2014-4535.yaml index 11632291867..3c53c70f2f0 100644 --- a/http/cves/2014/CVE-2014-4535.yaml +++ b/http/cves/2014/CVE-2014-4535.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2014-4535 - http://codevigilant.com/disclosure/wp-plugin-import-legacy-media-a3-cross-site-scripting-xss - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2014-4535 cwe-id: CWE-79 - epss-score: 0.03802 - epss-percentile: 0.87535 + epss-score: 0.00135 + epss-percentile: 0.48664 cpe: cpe:2.3:a:import_legacy_media_project:import_legacy_media:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2014/CVE-2014-4536.yaml b/http/cves/2014/CVE-2014-4536.yaml index e783480284c..a135abeb64a 100644 --- a/http/cves/2014/CVE-2014-4536.yaml +++ b/http/cves/2014/CVE-2014-4536.yaml @@ -28,7 +28,9 @@ info: vendor: katz product: "infusionsoft_gravity_forms" framework: wordpress - google-query: inurl:"/wp-content/plugins/infusionsoft/infusionsoft/" + google-query: + - "inurl:\"/wp-content/plugins/infusionsoft/Infusionsoft/\"" + - inurl:"/wp-content/plugins/infusionsoft/infusionsoft/" tags: cve2014,cve,wpscan,wordpress,wp-plugin,xss,unauth,katz flow: http(1) && http(2) diff --git a/http/cves/2014/CVE-2014-4539.yaml b/http/cves/2014/CVE-2014-4539.yaml index 9007b13a0e8..499088d8338 100644 --- a/http/cves/2014/CVE-2014-4539.yaml +++ b/http/cves/2014/CVE-2014-4539.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2014-4539 - http://codevigilant.com/disclosure/wp-plugin-movies-a3-cross-site-scripting-xss - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2014-4539 cwe-id: CWE-79 - epss-score: 0.0161 - epss-percentile: 0.80843 + epss-score: 0.00135 + epss-percentile: 0.48718 cpe: cpe:2.3:a:movies_project:movies:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2014/CVE-2014-4550.yaml b/http/cves/2014/CVE-2014-4550.yaml index 12aee28ece2..d07c148dd00 100644 --- a/http/cves/2014/CVE-2014-4550.yaml +++ b/http/cves/2014/CVE-2014-4550.yaml @@ -13,15 +13,13 @@ info: - https://wpscan.com/vulnerability/c7c24c7d-5341-43a6-abea-4a50fce9aab0 - https://nvd.nist.gov/vuln/detail/CVE-2014-4550 - http://codevigilant.com/disclosure/wp-plugin-shortcode-ninja-a3-cross-site-scripting-xss - - https://github.com/20142995/nuclei-templates - - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2014-4550 cwe-id: CWE-79 - epss-score: 0.02712 - epss-percentile: 0.85188 + epss-score: 0.00135 + epss-percentile: 0.48556 cpe: cpe:2.3:a:visualshortcodes:ninja:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2014/CVE-2014-4558.yaml b/http/cves/2014/CVE-2014-4558.yaml index eba893780bc..957903ee12e 100644 --- a/http/cves/2014/CVE-2014-4558.yaml +++ b/http/cves/2014/CVE-2014-4558.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2014-4558 - http://codevigilant.com/disclosure/wp-plugin-swipehq-payment-gateway-woocommerce-a3-cross-site-scripting-xss - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2014-4558 cwe-id: CWE-79 - epss-score: 0.1064 - epss-percentile: 0.92904 + epss-score: 0.00135 + epss-percentile: 0.48718 cpe: cpe:2.3:a:cybercompany:swipehq-payment-gateway-woocommerce:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2014/CVE-2014-4577.yaml b/http/cves/2014/CVE-2014-4577.yaml index 1d251f99674..0962490ab86 100644 --- a/http/cves/2014/CVE-2014-4577.yaml +++ b/http/cves/2014/CVE-2014-4577.yaml @@ -10,24 +10,22 @@ info: - https://codevigilant.com/disclosure/wp-plugin-wp-amasin-the-amazon-affiliate-shop-local-file-inclusion/ - https://wpscan.com/plugin/wp-amasin-the-amazon-affiliate-shop/ - https://github.com/superlink996/chunqiuyunjingbachang - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2014-4577 cwe-id: CWE-22 - epss-score: 0.03228 - epss-percentile: 0.86448 + epss-score: 0.00847 + epss-percentile: 0.82512 cpe: cpe:2.3:a:websupporter:wp_amasin_-_the_amazon_affiliate_shop:*:*:*:*:*:wordpress:*:* metadata: - max-request: 2 + max-request: 1 vendor: websupporter - product: "wp_amasin_-_the_amazon_affiliate_shop" + product: wp_amasin_-_the_amazon_affiliate_shop framework: wordpress publicwww-query: "/wp-content/plugins/wp-amasin-the-amazon-affiliate-shop/" - shodan-query: http.html:"/wp-content/plugins/wp-amasin-the-amazon-affiliate-shop/" - fofa-query: body=/wp-content/plugins/wp-amasin-the-amazon-affiliate-shop/ - tags: cve,cve2014,wordpress,wpscan,wp-plugin,lfi,wp,wp-amasin-the-amazon-affiliate-shop,websupporter + tags: cve,cve2014,wordpress,wpscan,wp-plugin,lfi,wp,wp-amasin-the-amazon-affiliate-shop + flow: http(1) && http(2) http: diff --git a/http/cves/2014/CVE-2014-4592.yaml b/http/cves/2014/CVE-2014-4592.yaml index 11568a795e7..b5e8a1ca942 100644 --- a/http/cves/2014/CVE-2014-4592.yaml +++ b/http/cves/2014/CVE-2014-4592.yaml @@ -13,14 +13,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2014-4592 - http://codevigilant.com/disclosure/wp-plugin-wp-planet-a3-cross-site-scripting-xss - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2014-4592 cwe-id: CWE-79 - epss-score: 0.03802 - epss-percentile: 0.87535 + epss-score: 0.00135 + epss-percentile: 0.48718 cpe: cpe:2.3:a:czepol:wp-planet:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2014/CVE-2014-4941.yaml b/http/cves/2014/CVE-2014-4941.yaml index 36e907fa42b..167e7efca87 100644 --- a/http/cves/2014/CVE-2014-4941.yaml +++ b/http/cves/2014/CVE-2014-4941.yaml @@ -20,11 +20,12 @@ info: cpe: cpe:2.3:a:cross-rss_plugin_project:wp-cross-rss:1.7:*:*:*:*:wordpress:*:* metadata: verified: true - max-request: 2 - vendor: "cross-rss_plugin_project" - product: "wp-cross-rss" + max-request: 1 + vendor: cross-rss_plugin_project + product: wp-cross-rss framework: wordpress - tags: cve,cve2014,wp-cross-rss,wordpress,wp-plugin,lfi,wp,cross-rss_plugin_project + tags: cve,cve2014,wp-cross-rss,wordpress,wp-plugin,lfi,wp + flow: http(1) && http(2) http: diff --git a/http/cves/2014/CVE-2014-4942.yaml b/http/cves/2014/CVE-2014-4942.yaml index 5d8d1823266..19943e20636 100644 --- a/http/cves/2014/CVE-2014-4942.yaml +++ b/http/cves/2014/CVE-2014-4942.yaml @@ -21,8 +21,8 @@ info: cvss-score: 5 cve-id: CVE-2014-4942 cwe-id: CWE-200 - epss-score: 0.02447 - epss-percentile: 0.84376 + epss-score: 0.01024 + epss-percentile: 0.82199 cpe: cpe:2.3:a:levelfourdevelopment:wp-easycart:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2014/CVE-2014-5111.yaml b/http/cves/2014/CVE-2014-5111.yaml index fecc91d04a9..d4f5959985d 100644 --- a/http/cves/2014/CVE-2014-5111.yaml +++ b/http/cves/2014/CVE-2014-5111.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2014-5111 - http://packetstormsecurity.com/files/127522/Trixbox-XSS-LFI-SQL-Injection-Code-Execution.html - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2014-5111 cwe-id: CWE-22 - epss-score: 0.67826 - epss-percentile: 0.98464 + epss-score: 0.02194 + epss-percentile: 0.89179 cpe: cpe:2.3:a:netfortris:trixbox:-:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2014/CVE-2014-5181.yaml b/http/cves/2014/CVE-2014-5181.yaml index 2febc98108a..c240466bdc7 100644 --- a/http/cves/2014/CVE-2014-5181.yaml +++ b/http/cves/2014/CVE-2014-5181.yaml @@ -6,22 +6,20 @@ info: severity: medium description: | Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the snode parameter. - reference: - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2014-5181 cwe-id: CWE-22 - epss-score: 0.00514 - epss-percentile: 0.65461 + epss-score: 0.00845 + epss-percentile: 0.82498 cpe: cpe:2.3:a:last.fm_rotation_plugin_project:lastfm-rotation_plugin:1.0:*:*:*:*:wordpress:*:* metadata: - max-request: 2 - vendor: "last.fm_rotation_plugin_project" - product: "lastfm-rotation_plugin" + vendor: last.fm_rotation_plugin_project + product: lastfm-rotation_plugin framework: wordpress - tags: wpscan,cve,cve2014,wp-cross-rss,wordpress,wp-plugin,lfi,wp,lastfm-rotation,last.fm_rotation_plugin_project + tags: wpscan,cve,cve2014,wp-cross-rss,wordpress,wp-plugin,lfi,wp,lastfm-rotation + flow: http(1) && http(2) http: diff --git a/http/cves/2014/CVE-2014-5187.yaml b/http/cves/2014/CVE-2014-5187.yaml index c4865c463ab..a1da120521b 100644 --- a/http/cves/2014/CVE-2014-5187.yaml +++ b/http/cves/2014/CVE-2014-5187.yaml @@ -9,25 +9,23 @@ info: reference: - https://wpscan.com/vulnerability/3095c3f3-9cdc-49f8-8478-c2922f0a442a/ - https://codevigilant.com/disclosure/wp-plugin-tom-m8te-local-file-inclusion/ - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2014-5187 cwe-id: CWE-22 - epss-score: 0.00514 - epss-percentile: 0.65461 + epss-score: 0.00845 + epss-percentile: 0.82498 cpe: cpe:2.3:a:tom_m8te_plugin_project:tom-m8te_plugin:1.5.3:*:*:*:*:wordpress:*:* metadata: verified: true - max-request: 2 - vendor: "tom_m8te_plugin_project" - product: "tom-m8te_plugin" + max-request: 1 + vendor: tom_m8te_plugin_project + product: tom-m8te_plugin framework: wordpress publicwww-query: "/wp-content/plugins/tom-m8te/" - shodan-query: http.html:"/wp-content/plugins/tom-m8te/" - fofa-query: body=/wp-content/plugins/tom-m8te/ - tags: wpscan,cve,cve2014,wp-cross-rss,wordpress,wp-plugin,lfi,wp,tom-m8te,tom_m8te_plugin_project + tags: wpscan,cve,cve2014,wp-cross-rss,wordpress,wp-plugin,lfi,wp,tom-m8te + flow: http(1) && http(2) http: diff --git a/http/cves/2014/CVE-2014-5368.yaml b/http/cves/2014/CVE-2014-5368.yaml index ba4627bad37..5d99e1c180c 100644 --- a/http/cves/2014/CVE-2014-5368.yaml +++ b/http/cves/2014/CVE-2014-5368.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5 cve-id: CVE-2014-5368 cwe-id: CWE-22 - epss-score: 0.53297 - epss-percentile: 0.97805 + epss-score: 0.09191 + epss-percentile: 0.94648 cpe: cpe:2.3:a:wp_content_source_control_project:wp_content_source_control:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2014/CVE-2014-6271.yaml b/http/cves/2014/CVE-2014-6271.yaml index 6448c9ae998..6be68451106 100644 --- a/http/cves/2014/CVE-2014-6271.yaml +++ b/http/cves/2014/CVE-2014-6271.yaml @@ -24,7 +24,7 @@ info: epss-percentile: 0.99998 cpe: cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:* metadata: - max-request: 9 + max-request: 8 vendor: gnu product: bash tags: cve2014,cve,rce,shellshock,kev,gnu diff --git a/http/cves/2014/CVE-2014-6287.yaml b/http/cves/2014/CVE-2014-6287.yaml index 6a35ecdd17c..0ba2e73d371 100644 --- a/http/cves/2014/CVE-2014-6287.yaml +++ b/http/cves/2014/CVE-2014-6287.yaml @@ -21,21 +21,16 @@ info: cvss-score: 9.8 cve-id: 'CVE-2014-6287' cwe-id: CWE-94 - epss-score: 0.94229 - epss-percentile: 0.99915 + epss-score: 0.97341 + epss-percentile: 0.99889 cpe: cpe:2.3:a:rejetto:http_file_server:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: rejetto product: http_file_server - shodan-query: - - http.favicon.hash:"2124459909" - - http.title:"hfs /" - fofa-query: - - icon_hash=2124459909 - - title="hfs /" - google-query: intitle:"hfs /" + shodan-query: http.favicon.hash:2124459909 + fofa-query: icon_hash=2124459909 tags: cve2014,cve,packetstorm,msf,hfs,rce,kev,rejetto variables: str1: '{{rand_base(6)}}' diff --git a/http/cves/2014/CVE-2014-6308.yaml b/http/cves/2014/CVE-2014-6308.yaml index 4b9d6bf919f..315b88e772c 100644 --- a/http/cves/2014/CVE-2014-6308.yaml +++ b/http/cves/2014/CVE-2014-6308.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5 cve-id: CVE-2014-6308 cwe-id: CWE-22 - epss-score: 0.74135 - epss-percentile: 0.98747 + epss-score: 0.0922 + epss-percentile: 0.94654 cpe: cpe:2.3:a:osclass:osclass:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2014/CVE-2014-8676.yaml b/http/cves/2014/CVE-2014-8676.yaml index 8387ceb50a9..480b5517592 100644 --- a/http/cves/2014/CVE-2014-8676.yaml +++ b/http/cves/2014/CVE-2014-8676.yaml @@ -21,8 +21,8 @@ info: cvss-score: 5.3 cve-id: CVE-2014-8676 cwe-id: CWE-22 - epss-score: 0.74684 - epss-percentile: 0.98778 + epss-score: 0.00195 + epss-percentile: 0.56456 cpe: cpe:2.3:a:soplanning:soplanning:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2014/CVE-2014-8682.yaml b/http/cves/2014/CVE-2014-8682.yaml index c32e9260137..fe633a6991e 100644 --- a/http/cves/2014/CVE-2014-8682.yaml +++ b/http/cves/2014/CVE-2014-8682.yaml @@ -21,23 +21,19 @@ info: cvss-score: 7.5 cve-id: CVE-2014-8682 cwe-id: CWE-89 - epss-score: 0.64086 - epss-percentile: 0.98299 + epss-score: 0.00808 + epss-percentile: 0.79839 cpe: cpe:2.3:a:gogits:gogs:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: gogits product: gogs shodan-query: + - title:"Sign In - Gogs" - http.title:"sign in - gogs" - cpe:"cpe:2.3:a:gogs:gogs" - - http.title:"installation - gogs" - fofa-query: - - title="sign in - gogs" - - title="installation - gogs" - google-query: - - intitle:"sign in - gogs" - - intitle:"installation - gogs" + fofa-query: title="sign in - gogs" + google-query: intitle:"sign in - gogs" tags: cve2014,cve,gogs,seclists,packetstorm,edb,sqli,gogits http: diff --git a/http/cves/2014/CVE-2014-8799.yaml b/http/cves/2014/CVE-2014-8799.yaml index 2e08c380083..555228038d8 100644 --- a/http/cves/2014/CVE-2014-8799.yaml +++ b/http/cves/2014/CVE-2014-8799.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5 cve-id: CVE-2014-8799 cwe-id: CWE-22 - epss-score: 0.88094 - epss-percentile: 0.99435 + epss-score: 0.17844 + epss-percentile: 0.9615 cpe: cpe:2.3:a:dukapress:dukapress:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2014/CVE-2014-9094.yaml b/http/cves/2014/CVE-2014-9094.yaml index 3f71c9356ba..8a18cea996f 100644 --- a/http/cves/2014/CVE-2014-9094.yaml +++ b/http/cves/2014/CVE-2014-9094.yaml @@ -20,8 +20,8 @@ info: cvss-score: 4.3 cve-id: CVE-2014-9094 cwe-id: CWE-79 - epss-score: 0.12796 - epss-percentile: 0.93622 + epss-score: 0.32637 + epss-percentile: 0.96912 cpe: cpe:2.3:a:digitalzoomstudio:video_gallery:-:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2014/CVE-2014-9180.yaml b/http/cves/2014/CVE-2014-9180.yaml index 0a75b7bf7d0..e6ca9a5780c 100644 --- a/http/cves/2014/CVE-2014-9180.yaml +++ b/http/cves/2014/CVE-2014-9180.yaml @@ -25,6 +25,7 @@ info: vendor: eleanor-cms product: eleanor_cms shodan-query: + - html:"eleanor" - http.html:"eleanor" - cpe:"cpe:2.3:a:eleanor-cms:eleanor_cms" fofa-query: body="eleanor" diff --git a/http/cves/2014/CVE-2014-9444.yaml b/http/cves/2014/CVE-2014-9444.yaml index 0e1c8dd01d8..601da2ced99 100644 --- a/http/cves/2014/CVE-2014-9444.yaml +++ b/http/cves/2014/CVE-2014-9444.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2014-9444 - http://packetstormsecurity.com/files/129749/WordPress-Frontend-Uploader-0.9.2-Cross-Site-Scripting.html - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2014-9444 cwe-id: CWE-79 - epss-score: 0.03285 - epss-percentile: 0.86567 + epss-score: 0.00619 + epss-percentile: 0.78788 cpe: cpe:2.3:a:frontend_uploader_project:frontend_uploader:0.9.2:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2014/CVE-2014-9608.yaml b/http/cves/2014/CVE-2014-9608.yaml index d12ef960e82..99d4c822641 100644 --- a/http/cves/2014/CVE-2014-9608.yaml +++ b/http/cves/2014/CVE-2014-9608.yaml @@ -15,14 +15,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2014-9608 - http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2014-9608 cwe-id: CWE-79 - epss-score: 0.25742 - epss-percentile: 0.95939 + epss-score: 0.00102 + epss-percentile: 0.41716 cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2014/CVE-2014-9618.yaml b/http/cves/2014/CVE-2014-9618.yaml index e6df999958a..02a6a314596 100644 --- a/http/cves/2014/CVE-2014-9618.yaml +++ b/http/cves/2014/CVE-2014-9618.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2014-9618 cwe-id: CWE-287 - epss-score: 0.72519 - epss-percentile: 0.9867 + epss-score: 0.03433 + epss-percentile: 0.91476 cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2015/CVE-2015-0554.yaml b/http/cves/2015/CVE-2015-0554.yaml index dd2fa3d52a8..1e35752dcea 100644 --- a/http/cves/2015/CVE-2015-0554.yaml +++ b/http/cves/2015/CVE-2015-0554.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.4 cve-id: CVE-2015-0554 cwe-id: CWE-264 - epss-score: 0.38604 - epss-percentile: 0.9705 + epss-score: 0.0139 + epss-percentile: 0.86079 cpe: cpe:2.3:o:adb:p.dga4001n_firmware:pdg_tef_sp_4.06l.6:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2015/CVE-2015-1000005.yaml b/http/cves/2015/CVE-2015-1000005.yaml index 08098120b93..df87619465e 100644 --- a/http/cves/2015/CVE-2015-1000005.yaml +++ b/http/cves/2015/CVE-2015-1000005.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2015-1000005 cwe-id: CWE-22 - epss-score: 0.21197 - epss-percentile: 0.9533 + epss-score: 0.05258 + epss-percentile: 0.93027 cpe: cpe:2.3:a:candidate-application-form_project:candidate-application-form:1.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2015/CVE-2015-1000010.yaml b/http/cves/2015/CVE-2015-1000010.yaml index 45610a38e65..d1bf1c7055c 100644 --- a/http/cves/2015/CVE-2015-1000010.yaml +++ b/http/cves/2015/CVE-2015-1000010.yaml @@ -15,14 +15,13 @@ info: - https://wpscan.com/vulnerability/40e84e85-7176-4552-b021-6963d0396543 - https://nvd.nist.gov/vuln/detail/CVE-2015-1000010 - http://www.vapidlabs.com/advisory.php?v=147 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2015-1000010 cwe-id: CWE-284 - epss-score: 0.31974 - epss-percentile: 0.96557 + epss-score: 0.03171 + epss-percentile: 0.90143 cpe: cpe:2.3:a:simple-image-manipulator_project:simple-image-manipulator:1.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2015/CVE-2015-1503.yaml b/http/cves/2015/CVE-2015-1503.yaml index b11ffaf667b..83231ffd234 100644 --- a/http/cves/2015/CVE-2015-1503.yaml +++ b/http/cves/2015/CVE-2015-1503.yaml @@ -28,8 +28,9 @@ info: vendor: icewarp product: mail_server shodan-query: - - http.title:"icewarp" + - title:"icewarp" - http.title:"icewarp server administration" + - http.title:"icewarp" - cpe:"cpe:2.3:a:icewarp:mail_server" fofa-query: - title="icewarp server administration" @@ -38,7 +39,6 @@ info: - intitle:"icewarp server administration" - intitle:"icewarp" - powered by icewarp 10.4.4 - - powered by icewarp 10.2.1 tags: cve2015,cve,lfi,mail,packetstorm,icewarp http: diff --git a/http/cves/2015/CVE-2015-1579.yaml b/http/cves/2015/CVE-2015-1579.yaml index 2e455e92831..b68c11fb0d8 100644 --- a/http/cves/2015/CVE-2015-1579.yaml +++ b/http/cves/2015/CVE-2015-1579.yaml @@ -21,8 +21,8 @@ info: cvss-score: 5 cve-id: CVE-2015-1579 cwe-id: CWE-22 - epss-score: 0.7211 - epss-percentile: 0.98651 + epss-score: 0.82302 + epss-percentile: 0.98398 cpe: cpe:2.3:a:elegant_themes:divi:-:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2015/CVE-2015-1635.yaml b/http/cves/2015/CVE-2015-1635.yaml index a318db3310b..7e2ed09ec1e 100644 --- a/http/cves/2015/CVE-2015-1635.yaml +++ b/http/cves/2015/CVE-2015-1635.yaml @@ -13,12 +13,12 @@ info: - http://www.securitytracker.com/id/1032109 - https://github.com/b1gbroth3r/shoMe classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C + cvss-score: 10 cve-id: CVE-2015-1635 cwe-id: CWE-94 - epss-score: 0.9431 - epss-percentile: 0.99933 + epss-score: 0.9754 + epss-percentile: 0.99994 cpe: cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:* metadata: verified: true @@ -26,6 +26,7 @@ info: vendor: microsoft product: windows_7 shodan-query: + - '"Microsoft-IIS" "2015"' - '"microsoft-iis" "2015"' - cpe:"cpe:2.3:o:microsoft:windows_7" tags: cve,cve2015,kev,microsoft,iis,rce diff --git a/http/cves/2015/CVE-2015-1880.yaml b/http/cves/2015/CVE-2015-1880.yaml index 7140466a34b..95101b7f93c 100644 --- a/http/cves/2015/CVE-2015-1880.yaml +++ b/http/cves/2015/CVE-2015-1880.yaml @@ -20,8 +20,8 @@ info: cvss-score: 4.3 cve-id: CVE-2015-1880 cwe-id: CWE-79 - epss-score: 0.59363 - epss-percentile: 0.98095 + epss-score: 0.00201 + epss-percentile: 0.58077 cpe: cpe:2.3:o:fortinet:fortios:5.2.0:*:*:*:*:*:*:* metadata: max-request: 1 @@ -29,9 +29,9 @@ info: product: fortios shodan-query: - http.html:"/remote/login" "xxxxxxxx" - - http.favicon.hash:"945408572" + - http.favicon.hash:945408572 - cpe:"cpe:2.3:o:fortinet:fortios" - - port:"10443 http.favicon.hash945408572" + - port:10443 http.favicon.hash:945408572 fofa-query: - body="/remote/login" "xxxxxxxx" - icon_hash=945408572 diff --git a/http/cves/2015/CVE-2015-2067.yaml b/http/cves/2015/CVE-2015-2067.yaml index e7d6393bea5..4735e806a9c 100644 --- a/http/cves/2015/CVE-2015-2067.yaml +++ b/http/cves/2015/CVE-2015-2067.yaml @@ -27,7 +27,9 @@ info: vendor: magmi_project product: magmi framework: magento_server - shodan-query: http.component:"magento" + shodan-query: + - http.component:"Magento" + - http.component:"magento" tags: cve2015,cve,plugin,edb,packetstorm,lfi,magento,magmi,magmi_project,magento_server http: diff --git a/http/cves/2015/CVE-2015-2068.yaml b/http/cves/2015/CVE-2015-2068.yaml index 1ea1f287048..002224d417d 100644 --- a/http/cves/2015/CVE-2015-2068.yaml +++ b/http/cves/2015/CVE-2015-2068.yaml @@ -14,14 +14,13 @@ info: - http://packetstormsecurity.com/files/130250/Magento-Server-MAGMI-Cross-Site-Scripting-Local-File-Inclusion.html - https://nvd.nist.gov/vuln/detail/CVE-2015-2068 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2015-2068 cwe-id: CWE-79 - epss-score: 0.05406 - epss-percentile: 0.89612 + epss-score: 0.00146 + epss-percentile: 0.50455 cpe: cpe:2.3:a:magmi_project:magmi:-:*:*:*:*:magento_server:*:* metadata: verified: true @@ -29,7 +28,9 @@ info: vendor: magmi_project product: magmi framework: magento_server - shodan-query: http.component:"magento" + shodan-query: + - http.component:"Magento" + - http.component:"magento" tags: cve2015,cve,plugin,edb,packetstorm,magento,magmi,xss,magmi_project,magento_server http: diff --git a/http/cves/2015/CVE-2015-2080.yaml b/http/cves/2015/CVE-2015-2080.yaml index cc6d52ffba3..eb5be40c0ae 100644 --- a/http/cves/2015/CVE-2015-2080.yaml +++ b/http/cves/2015/CVE-2015-2080.yaml @@ -25,11 +25,7 @@ info: max-request: 1 vendor: fedoraproject product: fedora - shodan-query: - - cpe:"cpe:2.3:o:fedoraproject:fedora" - - http.title:"test page for the http server on fedora" - fofa-query: title="test page for the http server on fedora" - google-query: intitle:"test page for the http server on fedora" + shodan-query: cpe:"cpe:2.3:o:fedoraproject:fedora" tags: cve2015,cve,jetty,packetstorm,fedoraproject http: diff --git a/http/cves/2015/CVE-2015-2166.yaml b/http/cves/2015/CVE-2015-2166.yaml index 7ef67710698..41379ec4489 100644 --- a/http/cves/2015/CVE-2015-2166.yaml +++ b/http/cves/2015/CVE-2015-2166.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5 cve-id: CVE-2015-2166 cwe-id: CWE-22 - epss-score: 0.73601 - epss-percentile: 0.98719 + epss-score: 0.29639 + epss-percentile: 0.96917 cpe: cpe:2.3:a:ericsson:drutt_mobile_service_delivery_platform:4.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2015/CVE-2015-2755.yaml b/http/cves/2015/CVE-2015-2755.yaml index b0ae784866d..2a4a891d4a8 100644 --- a/http/cves/2015/CVE-2015-2755.yaml +++ b/http/cves/2015/CVE-2015-2755.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.8 cve-id: CVE-2015-2755 cwe-id: CWE-352 - epss-score: 0.00693 - epss-percentile: 0.70731 + epss-score: 0.01828 + epss-percentile: 0.88216 cpe: cpe:2.3:a:ab_google_map_travel_project:ab_google_map_travel:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2015/CVE-2015-2794.yaml b/http/cves/2015/CVE-2015-2794.yaml index e57b7bf96a9..872b04f6eeb 100644 --- a/http/cves/2015/CVE-2015-2794.yaml +++ b/http/cves/2015/CVE-2015-2794.yaml @@ -17,15 +17,17 @@ info: cvss-score: 9.8 cve-id: CVE-2015-2794 cwe-id: CWE-264 - epss-score: 0.92349 - epss-percentile: 0.99707 + epss-score: 0.9743 + epss-percentile: 0.99939 cpe: cpe:2.3:a:dotnetnuke:dotnetnuke:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: dotnetnuke product: dotnetnuke - fofa-query: app="dotnetnuke" + fofa-query: + - app="DotNetNuke" + - app="dotnetnuke" tags: cve2015,cve,dotnetnuke,auth-bypass,install http: diff --git a/http/cves/2015/CVE-2015-2807.yaml b/http/cves/2015/CVE-2015-2807.yaml index dbe37063be2..d348979b9ab 100644 --- a/http/cves/2015/CVE-2015-2807.yaml +++ b/http/cves/2015/CVE-2015-2807.yaml @@ -20,8 +20,8 @@ info: cvss-score: 4.3 cve-id: CVE-2015-2807 cwe-id: CWE-79 - epss-score: 0.12123 - epss-percentile: 0.93428 + epss-score: 0.00294 + epss-percentile: 0.69186 cpe: cpe:2.3:a:documentcloud:navis_documentcloud:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2015/CVE-2015-2996.yaml b/http/cves/2015/CVE-2015-2996.yaml index 92dd148c6bc..cb67922d525 100644 --- a/http/cves/2015/CVE-2015-2996.yaml +++ b/http/cves/2015/CVE-2015-2996.yaml @@ -28,10 +28,8 @@ info: max-request: 2 vendor: sysaid product: sysaid - shodan-query: http.favicon.hash:"1540720428" - fofa-query: - - icon_hash=1540720428 - - icon_hash="1540720428" + shodan-query: http.favicon.hash:1540720428 + fofa-query: icon_hash=1540720428 tags: cve2015,cve,sysaid,lfi,seclists http: diff --git a/http/cves/2015/CVE-2015-3035.yaml b/http/cves/2015/CVE-2015-3035.yaml index 1ac59b9f272..4b69f3ebbd7 100644 --- a/http/cves/2015/CVE-2015-3035.yaml +++ b/http/cves/2015/CVE-2015-3035.yaml @@ -17,19 +17,21 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2015-3035 - http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N + cvss-score: 7.8 cve-id: CVE-2015-3035 cwe-id: CWE-22 - epss-score: 0.93779 - epss-percentile: 0.99847 + epss-score: 0.58993 + epss-percentile: 0.97743 cpe: cpe:2.3:o:tp-link:tl-wr841n_\(9.0\)_firmware:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: tp-link product: tl-wr841n_\(9.0\)_firmware - shodan-query: http.title:"tp-link" + shodan-query: + - http.title:"TP-LINK" + - http.title:"tp-link" fofa-query: title="tp-link" google-query: intitle:"tp-link" tags: cve2015,cve,router,lfi,seclists,tplink,kev,tp-link diff --git a/http/cves/2015/CVE-2015-3648.yaml b/http/cves/2015/CVE-2015-3648.yaml index f0aab24c501..b5b529337d5 100644 --- a/http/cves/2015/CVE-2015-3648.yaml +++ b/http/cves/2015/CVE-2015-3648.yaml @@ -20,16 +20,13 @@ info: cvss-score: 7.5 cve-id: CVE-2015-3648 cwe-id: CWE-22 - epss-score: 0.50257 - epss-percentile: 0.97666 + epss-score: 0.02644 + epss-percentile: 0.90124 cpe: cpe:2.3:a:montala:resourcespace:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: montala product: resourcespace - fofa-query: title="resourcespace" - shodan-query: http.title:"resourcespace" - google-query: intitle:"resourcespace" tags: cve2015,cve,lfi,resourcespace,packetstorm,montala http: diff --git a/http/cves/2015/CVE-2015-3897.yaml b/http/cves/2015/CVE-2015-3897.yaml index 68ed2664b5b..e7f714652ef 100644 --- a/http/cves/2015/CVE-2015-3897.yaml +++ b/http/cves/2015/CVE-2015-3897.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5 cve-id: CVE-2015-3897 cwe-id: CWE-22 - epss-score: 0.68393 - epss-percentile: 0.98489 + epss-score: 0.74714 + epss-percentile: 0.98145 cpe: cpe:2.3:a:bonitasoft:bonita_bpm_portal:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2015/CVE-2015-4050.yaml b/http/cves/2015/CVE-2015-4050.yaml index 23d46883cd3..627776c9d8e 100644 --- a/http/cves/2015/CVE-2015-4050.yaml +++ b/http/cves/2015/CVE-2015-4050.yaml @@ -20,28 +20,14 @@ info: cvss-score: 4.3 cve-id: CVE-2015-4050 cwe-id: CWE-284 - epss-score: 0.76192 - epss-percentile: 0.9885 + epss-score: 0.00598 + epss-percentile: 0.78364 cpe: cpe:2.3:a:sensiolabs:symfony:2.3.19:*:*:*:*:*:*:* metadata: max-request: 1 vendor: sensiolabs product: symfony - shodan-query: - - cpe:"cpe:2.3:a:sensiolabs:symfony" - - http.html:"symfony profiler" - - http.title:"index of" "properties.ini" - - http.title:"index of" "security.yml" - - http.title:"welcome to symfony" - google-query: - - intitle:"index of" "properties.ini" - - intitle:"index of" "security.yml" - - intitle:"welcome to symfony" - fofa-query: - - body="symfony profiler" - - title="index of" "properties.ini" - - title="index of" "security.yml" - - title="welcome to symfony" + shodan-query: cpe:"cpe:2.3:a:sensiolabs:symfony" tags: cve2015,cve,symfony,rce,sensiolabs http: diff --git a/http/cves/2015/CVE-2015-4062.yaml b/http/cves/2015/CVE-2015-4062.yaml index 3c68e58daf0..289c44c5432 100644 --- a/http/cves/2015/CVE-2015-4062.yaml +++ b/http/cves/2015/CVE-2015-4062.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.5 cve-id: CVE-2015-4062 cwe-id: CWE-89 - epss-score: 0.25156 - epss-percentile: 0.95882 + epss-score: 0.0272 + epss-percentile: 0.90505 cpe: cpe:2.3:a:newstatpress_project:newstatpress:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2015/CVE-2015-4127.yaml b/http/cves/2015/CVE-2015-4127.yaml index ce50f312e6e..45c8777bad6 100644 --- a/http/cves/2015/CVE-2015-4127.yaml +++ b/http/cves/2015/CVE-2015-4127.yaml @@ -21,8 +21,8 @@ info: cvss-score: 4.3 cve-id: CVE-2015-4127 cwe-id: CWE-79 - epss-score: 0.01987 - epss-percentile: 0.82672 + epss-score: 0.0034 + epss-percentile: 0.71383 cpe: cpe:2.3:a:church_admin_project:church_admin:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2015/CVE-2015-4414.yaml b/http/cves/2015/CVE-2015-4414.yaml index c93a6c44c75..c16ba131032 100644 --- a/http/cves/2015/CVE-2015-4414.yaml +++ b/http/cves/2015/CVE-2015-4414.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5 cve-id: CVE-2015-4414 cwe-id: CWE-22 - epss-score: 0.13394 - epss-percentile: 0.93794 + epss-score: 0.12486 + epss-percentile: 0.95299 cpe: cpe:2.3:a:se_html5_album_audio_player_project:se_html5_album_audio_player:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2015/CVE-2015-4455.yaml b/http/cves/2015/CVE-2015-4455.yaml index 773cc1792ef..c1f295afb63 100644 --- a/http/cves/2015/CVE-2015-4455.yaml +++ b/http/cves/2015/CVE-2015-4455.yaml @@ -10,14 +10,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2015-4455 - http://packetstormsecurity.com/files/132256/WordPress-Aviary-Image-Editor-Add-On-For-Gravity-Forms-3.0-Beta-Shell-Upload.html - https://github.com/ARPSyndicate/cvemon - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2015-4455 cwe-id: CWE-434 - epss-score: 0.80327 - epss-percentile: 0.99059 + epss-score: 0.55856 + epss-percentile: 0.97673 cpe: cpe:2.3:a:aviary_image_editor_add-on_for_gravity_forms_project:aviary_image_editor_add-on_for_gravity_forms:*:beta:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2015/CVE-2015-4632.yaml b/http/cves/2015/CVE-2015-4632.yaml index 386b7aa9e4a..12e0cafa667 100644 --- a/http/cves/2015/CVE-2015-4632.yaml +++ b/http/cves/2015/CVE-2015-4632.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2015-4632 cwe-id: CWE-22 - epss-score: 0.81422 - epss-percentile: 0.99112 + epss-score: 0.02297 + epss-percentile: 0.88584 cpe: cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2015/CVE-2015-4668.yaml b/http/cves/2015/CVE-2015-4668.yaml index b6bb61d9b0c..be8fff5de2d 100644 --- a/http/cves/2015/CVE-2015-4668.yaml +++ b/http/cves/2015/CVE-2015-4668.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2015-4668 cwe-id: CWE-601 - epss-score: 0.04358 - epss-percentile: 0.88355 + epss-score: 0.00397 + epss-percentile: 0.73425 cpe: cpe:2.3:a:xceedium:xsuite:2.3.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2015/CVE-2015-4694.yaml b/http/cves/2015/CVE-2015-4694.yaml index d40888e8cb3..c5fb485ce4d 100644 --- a/http/cves/2015/CVE-2015-4694.yaml +++ b/http/cves/2015/CVE-2015-4694.yaml @@ -20,8 +20,8 @@ info: cvss-score: 8.6 cve-id: CVE-2015-4694 cwe-id: CWE-22 - epss-score: 0.28429 - epss-percentile: 0.96236 + epss-score: 0.02304 + epss-percentile: 0.89683 cpe: cpe:2.3:a:zip_attachments_project:zip_attachments:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2015/CVE-2015-5354.yaml b/http/cves/2015/CVE-2015-5354.yaml index c0a05960e51..f573b2869bc 100644 --- a/http/cves/2015/CVE-2015-5354.yaml +++ b/http/cves/2015/CVE-2015-5354.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5.8 cve-id: CVE-2015-5354 cwe-id: CWE-601 - epss-score: 0.24124 - epss-percentile: 0.95765 + epss-score: 0.00166 + epss-percentile: 0.53247 cpe: cpe:2.3:a:novius-os:novius_os:5.0.1:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2015/CVE-2015-5461.yaml b/http/cves/2015/CVE-2015-5461.yaml index 5697e5a745e..5b7502d7825 100644 --- a/http/cves/2015/CVE-2015-5461.yaml +++ b/http/cves/2015/CVE-2015-5461.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.4 cve-id: CVE-2015-5461 cwe-id: NVD-CWE-Other - epss-score: 0.19611 - epss-percentile: 0.95091 + epss-score: 0.0055 + epss-percentile: 0.77434 cpe: cpe:2.3:a:stageshow_project:stageshow:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2015/CVE-2015-5471.yaml b/http/cves/2015/CVE-2015-5471.yaml index 27a492965bf..3aa1ba283a7 100644 --- a/http/cves/2015/CVE-2015-5471.yaml +++ b/http/cves/2015/CVE-2015-5471.yaml @@ -19,8 +19,8 @@ info: cvss-score: 5.3 cve-id: CVE-2015-5471 cwe-id: CWE-22 - epss-score: 0.31147 - epss-percentile: 0.96493 + epss-score: 0.14014 + epss-percentile: 0.95676 cpe: cpe:2.3:a:swim_team_project:swim_team:1.44.10777:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2015/CVE-2015-5531.yaml b/http/cves/2015/CVE-2015-5531.yaml index f59d9f5de98..1138827dad4 100644 --- a/http/cves/2015/CVE-2015-5531.yaml +++ b/http/cves/2015/CVE-2015-5531.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5 cve-id: CVE-2015-5531 cwe-id: CWE-22 - epss-score: 0.85129 - epss-percentile: 0.99289 + epss-score: 0.97144 + epss-percentile: 0.99802 cpe: cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:*:*:* metadata: max-request: 3 diff --git a/http/cves/2015/CVE-2015-5688.yaml b/http/cves/2015/CVE-2015-5688.yaml index 62afaf9e390..24aedf8936e 100644 --- a/http/cves/2015/CVE-2015-5688.yaml +++ b/http/cves/2015/CVE-2015-5688.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5 cve-id: CVE-2015-5688 cwe-id: CWE-22 - epss-score: 0.75195 - epss-percentile: 0.98804 + epss-score: 0.01347 + epss-percentile: 0.86101 cpe: cpe:2.3:a:geddyjs:geddy:13.0.7:*:*:*:*:node.js:*:* metadata: max-request: 1 diff --git a/http/cves/2015/CVE-2015-6477.yaml b/http/cves/2015/CVE-2015-6477.yaml index b561a3bef41..a6f419af30a 100644 --- a/http/cves/2015/CVE-2015-6477.yaml +++ b/http/cves/2015/CVE-2015-6477.yaml @@ -20,8 +20,8 @@ info: cvss-score: 4.3 cve-id: CVE-2015-6477 cwe-id: CWE-79 - epss-score: 0.3338 - epss-percentile: 0.96674 + epss-score: 0.00277 + epss-percentile: 0.64954 cpe: cpe:2.3:o:nordex:nordex_control_2_scada:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2015/CVE-2015-6544.yaml b/http/cves/2015/CVE-2015-6544.yaml index 348fd3256c0..33db1c76ec7 100644 --- a/http/cves/2015/CVE-2015-6544.yaml +++ b/http/cves/2015/CVE-2015-6544.yaml @@ -15,27 +15,18 @@ info: - http://sourceforge.net/p/itop/tickets/1114/ - http://sourceforge.net/p/itop/code/3662/ - https://nvd.nist.gov/vuln/detail/CVE-2015-6544 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2015-6544 cwe-id: CWE-79 - epss-score: 0.51077 - epss-percentile: 0.97704 + epss-score: 0.00284 + epss-percentile: 0.65327 cpe: cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: combodo product: itop - shodan-query: - - http.html:" itop login" - - http.html:"installation" html:"itop" - - http.html:"itop login" - fofa-query: - - body=" itop login" - - body="installation" html:"itop" - - body="itop login" tags: cve2015,cve,xss,itop,combodo http: diff --git a/http/cves/2015/CVE-2015-6920.yaml b/http/cves/2015/CVE-2015-6920.yaml index 0857d92da92..9fc530db6e5 100644 --- a/http/cves/2015/CVE-2015-6920.yaml +++ b/http/cves/2015/CVE-2015-6920.yaml @@ -12,14 +12,13 @@ info: - https://wpvulndb.com/vulnerabilities/8169 - https://nvd.nist.gov/vuln/detail/CVE-2015-6920 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2015-6920 cwe-id: CWE-79 - epss-score: 0.03878 - epss-percentile: 0.87685 + epss-score: 0.0016 + epss-percentile: 0.52637 cpe: cpe:2.3:a:sourceafrica_project:sourceafrica:0.1.3:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2015/CVE-2015-7245.yaml b/http/cves/2015/CVE-2015-7245.yaml index ad334ff95b2..acef31bf5bc 100644 --- a/http/cves/2015/CVE-2015-7245.yaml +++ b/http/cves/2015/CVE-2015-7245.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2015-7245 cwe-id: CWE-22 - epss-score: 0.85375 - epss-percentile: 0.99305 + epss-score: 0.96378 + epss-percentile: 0.99562 cpe: cpe:2.3:o:d-link:dvg-n5402sp_firmware:w1000cn-00:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2015/CVE-2015-7297.yaml b/http/cves/2015/CVE-2015-7297.yaml index 835b4e56b68..b94a85d1290 100644 --- a/http/cves/2015/CVE-2015-7297.yaml +++ b/http/cves/2015/CVE-2015-7297.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2015-7297 cwe-id: CWE-89 - epss-score: 0.94209 - epss-percentile: 0.99911 + epss-score: 0.97553 + epss-percentile: 0.99997 cpe: cpe:2.3:a:joomla:joomla\!:3.2.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2015/CVE-2015-7377.yaml b/http/cves/2015/CVE-2015-7377.yaml index 7a0884409cd..c3558cef329 100644 --- a/http/cves/2015/CVE-2015-7377.yaml +++ b/http/cves/2015/CVE-2015-7377.yaml @@ -20,8 +20,8 @@ info: cvss-score: 4.3 cve-id: CVE-2015-7377 cwe-id: CWE-79 - epss-score: 0.08298 - epss-percentile: 0.91793 + epss-score: 0.00232 + epss-percentile: 0.61233 cpe: cpe:2.3:a:genetechsolutions:pie_register:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2015/CVE-2015-7450.yaml b/http/cves/2015/CVE-2015-7450.yaml index 1c4d0bc353d..80bb1cd0f98 100644 --- a/http/cves/2015/CVE-2015-7450.yaml +++ b/http/cves/2015/CVE-2015-7450.yaml @@ -16,17 +16,17 @@ info: - http://www-01.ibm.com/support/docview.wss?uid=swg21972799 - http://www-01.ibm.com/support/docview.wss?uid=swg21970575 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2015-7450 - cwe-id: CWE-502 - epss-score: 0.9405 - epss-percentile: 0.99886 - cpe: cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:* + cwe-id: CWE-94 + epss-score: 0.97122 + epss-percentile: 0.99794 + cpe: cpe:2.3:a:ibm:tivoli_common_reporting:2.1:*:*:*:*:*:*:* metadata: max-request: 1 vendor: ibm - product: sterling_b2b_integrator + product: tivoli_common_reporting shodan-query: - http.html:"IBM WebSphere Portal" - http.html:"ibm websphere portal" diff --git a/http/cves/2015/CVE-2015-7780.yaml b/http/cves/2015/CVE-2015-7780.yaml index 71ff3bfd492..5552776940c 100644 --- a/http/cves/2015/CVE-2015-7780.yaml +++ b/http/cves/2015/CVE-2015-7780.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.5 cve-id: CVE-2015-7780 cwe-id: CWE-22 - epss-score: 0.36216 - epss-percentile: 0.96896 + epss-score: 0.00151 + epss-percentile: 0.51315 cpe: cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2015/CVE-2015-7823.yaml b/http/cves/2015/CVE-2015-7823.yaml index 6fc75391b60..33b5be46343 100644 --- a/http/cves/2015/CVE-2015-7823.yaml +++ b/http/cves/2015/CVE-2015-7823.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2015-7823 - http://packetstormsecurity.com/files/133981/Kentico-CMS-8.2-Cross-Site-Scripting-Open-Redirect.html - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N cvss-score: 5.8 cve-id: CVE-2015-7823 cwe-id: NVD-CWE-Other - epss-score: 0.275 - epss-percentile: 0.96133 + epss-score: 0.00233 + epss-percentile: 0.6128 cpe: cpe:2.3:a:kentico:kentico_cms:8.2:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2015/CVE-2015-8349.yaml b/http/cves/2015/CVE-2015-8349.yaml index c2b24eeec87..9cf93412e69 100644 --- a/http/cves/2015/CVE-2015-8349.yaml +++ b/http/cves/2015/CVE-2015-8349.yaml @@ -13,14 +13,13 @@ info: - https://www.htbridge.com/advisory/HTB23273 - https://nvd.nist.gov/vuln/detail/CVE-2015-8349 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2015-8349 cwe-id: CWE-79 - epss-score: 0.09843 - epss-percentile: 0.92558 + epss-score: 0.0013 + epss-percentile: 0.46975 cpe: cpe:2.3:a:gameconnect:sourcebans:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2015/CVE-2015-8399.yaml b/http/cves/2015/CVE-2015-8399.yaml index 18d6ff784eb..85d9b8f13bc 100644 --- a/http/cves/2015/CVE-2015-8399.yaml +++ b/http/cves/2015/CVE-2015-8399.yaml @@ -26,8 +26,9 @@ info: vendor: atlassian product: confluence shodan-query: - - http.component:"atlassian confluence" + - http.component:"Atlassian Confluence" - cpe:"cpe:2.3:a:atlassian:confluence" + - http.component:"atlassian confluence" tags: cve2015,cve,edb,atlassian,confluence http: diff --git a/http/cves/2015/CVE-2015-8562.yaml b/http/cves/2015/CVE-2015-8562.yaml index 4d50a11aa4c..75be92df73c 100644 --- a/http/cves/2015/CVE-2015-8562.yaml +++ b/http/cves/2015/CVE-2015-8562.yaml @@ -3,9 +3,9 @@ id: CVE-2015-8562 info: name: Joomla HTTP Header Unauthenticated - Remote Code Execution author: kairos-hk,bolkv,n0ming,RoughBoy0723 - severity: high description: | Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015 + severity: high reference: - https://github.com/vulhub/vulhub/tree/master/joomla/CVE-2015-8562 - https://nvd.nist.gov/vuln/detail/CVE-2015-8562 @@ -23,6 +23,7 @@ info: - cpe:"cpe:2.3:a:joomla:joomla\!" fofa-query: body="joomla! - open source content management" tags: cve,cve2015,joomla,rce,unauth + flow: http(1) && http(2) http: diff --git a/http/cves/2015/CVE-2015-9312.yaml b/http/cves/2015/CVE-2015-9312.yaml index a018a531adc..fb2d28336e5 100644 --- a/http/cves/2015/CVE-2015-9312.yaml +++ b/http/cves/2015/CVE-2015-9312.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2015-9312 cwe-id: CWE-79 - epss-score: 0.04178 - epss-percentile: 0.88124 + epss-score: 0.00088 + epss-percentile: 0.3753 cpe: cpe:2.3:a:newstatpress_project:newstatpress:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2015/CVE-2015-9323.yaml b/http/cves/2015/CVE-2015-9323.yaml index 944578bfcdf..946cf431de7 100644 --- a/http/cves/2015/CVE-2015-9323.yaml +++ b/http/cves/2015/CVE-2015-9323.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2015-9323 cwe-id: CWE-89 - epss-score: 0.63264 - epss-percentile: 0.98265 + epss-score: 0.0071 + epss-percentile: 0.80421 cpe: cpe:2.3:a:duckdev:404_to_301:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2015/CVE-2015-9414.yaml b/http/cves/2015/CVE-2015-9414.yaml index 2b1e0e4aeac..c9321c4c7f4 100644 --- a/http/cves/2015/CVE-2015-9414.yaml +++ b/http/cves/2015/CVE-2015-9414.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2015-9414 cwe-id: CWE-79 - epss-score: 0.01759 - epss-percentile: 0.81655 + epss-score: 0.00111 + epss-percentile: 0.44236 cpe: cpe:2.3:a:wpsymposiumpro:wp-symposium:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2015/CVE-2015-9480.yaml b/http/cves/2015/CVE-2015-9480.yaml index 3aef2e13441..514fcafd1ee 100644 --- a/http/cves/2015/CVE-2015-9480.yaml +++ b/http/cves/2015/CVE-2015-9480.yaml @@ -13,14 +13,13 @@ info: - https://www.exploit-db.com/exploits/37252 - https://nvd.nist.gov/vuln/detail/CVE-2015-9480 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2015-9480 cwe-id: CWE-22 - epss-score: 0.2916 - epss-percentile: 0.96309 + epss-score: 0.35852 + epss-percentile: 0.97147 cpe: cpe:2.3:a:robot-cpa:robotcpa:5:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2016/CVE-2016-0957.yaml b/http/cves/2016/CVE-2016-0957.yaml index bd7638b048f..e9a68edc1b8 100644 --- a/http/cves/2016/CVE-2016-0957.yaml +++ b/http/cves/2016/CVE-2016-0957.yaml @@ -26,7 +26,9 @@ info: max-request: 1 vendor: adobe product: dispatcher - shodan-query: http.component:"adobe experience manager" + shodan-query: + - http.component:"Adobe Experience Manager" + - http.component:"adobe experience manager" tags: cve2016,cve,adobe,aem http: diff --git a/http/cves/2016/CVE-2016-1000129.yaml b/http/cves/2016/CVE-2016-1000129.yaml index ec61918a617..c2296dd68b1 100644 --- a/http/cves/2016/CVE-2016-1000129.yaml +++ b/http/cves/2016/CVE-2016-1000129.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2016-1000129 cwe-id: CWE-79 - epss-score: 0.02773 - epss-percentile: 0.85322 + epss-score: 0.00119 + epss-percentile: 0.4505 cpe: cpe:2.3:a:defa-online-image-protector_project:defa-online-image-protector:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2016/CVE-2016-1000130.yaml b/http/cves/2016/CVE-2016-1000130.yaml index a411a9561b9..51e281fe0bd 100644 --- a/http/cves/2016/CVE-2016-1000130.yaml +++ b/http/cves/2016/CVE-2016-1000130.yaml @@ -13,15 +13,13 @@ info: - https://wordpress.org/plugins/e-search - http://www.vapidlabs.com/wp/wp_advisory.php?v=394 - https://nvd.nist.gov/vuln/detail/CVE-2016-1000130 - - https://github.com/20142995/nuclei-templates - - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000130 cwe-id: CWE-79 - epss-score: 0.01668 - epss-percentile: 0.8118 + epss-score: 0.00093 + epss-percentile: 0.38905 cpe: cpe:2.3:a:e-search_project:e-search:1.0:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2016/CVE-2016-1000131.yaml b/http/cves/2016/CVE-2016-1000131.yaml index 9b04245c240..9a793e27af3 100644 --- a/http/cves/2016/CVE-2016-1000131.yaml +++ b/http/cves/2016/CVE-2016-1000131.yaml @@ -14,14 +14,13 @@ info: - https://wordpress.org/plugins/e-search - https://nvd.nist.gov/vuln/detail/CVE-2016-1000131 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000131 cwe-id: CWE-79 - epss-score: 0.02155 - epss-percentile: 0.83401 + epss-score: 0.00114 + epss-percentile: 0.44874 cpe: cpe:2.3:a:e-search_project:esearch:1.0:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2016/CVE-2016-1000133.yaml b/http/cves/2016/CVE-2016-1000133.yaml index 92b871d91b4..92e84483b28 100644 --- a/http/cves/2016/CVE-2016-1000133.yaml +++ b/http/cves/2016/CVE-2016-1000133.yaml @@ -14,14 +14,13 @@ info: - http://www.vapidlabs.com/wp/wp_advisory.php?v=602 - https://nvd.nist.gov/vuln/detail/CVE-2016-1000133 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000133 cwe-id: CWE-79 - epss-score: 0.02995 - epss-percentile: 0.85895 + epss-score: 0.00142 + epss-percentile: 0.4984 cpe: cpe:2.3:a:designsandcode:forget_about_shortcode_buttons:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2016/CVE-2016-1000134.yaml b/http/cves/2016/CVE-2016-1000134.yaml index 943c03b4fea..8e3c031e27a 100644 --- a/http/cves/2016/CVE-2016-1000134.yaml +++ b/http/cves/2016/CVE-2016-1000134.yaml @@ -14,14 +14,13 @@ info: - https://wordpress.org/plugins/hdw-tube - https://nvd.nist.gov/vuln/detail/CVE-2016-1000134 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000134 cwe-id: CWE-79 - epss-score: 0.02155 - epss-percentile: 0.83401 + epss-score: 0.00101 + epss-percentile: 0.41177 cpe: cpe:2.3:a:hdw-tube_project:hdw-tube:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2016/CVE-2016-1000135.yaml b/http/cves/2016/CVE-2016-1000135.yaml index 1e535a1785f..508c499b76d 100644 --- a/http/cves/2016/CVE-2016-1000135.yaml +++ b/http/cves/2016/CVE-2016-1000135.yaml @@ -14,14 +14,13 @@ info: - https://wordpress.org/plugins/hdw-tube - https://nvd.nist.gov/vuln/detail/CVE-2016-1000135 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000135 cwe-id: CWE-79 - epss-score: 0.02155 - epss-percentile: 0.83401 + epss-score: 0.00114 + epss-percentile: 0.44874 cpe: cpe:2.3:a:hdw-tube_project:hdw-tube:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2016/CVE-2016-1000136.yaml b/http/cves/2016/CVE-2016-1000136.yaml index d2a7349529d..1a24ba020ec 100644 --- a/http/cves/2016/CVE-2016-1000136.yaml +++ b/http/cves/2016/CVE-2016-1000136.yaml @@ -12,14 +12,13 @@ info: - https://wordpress.org/plugins/heat-trackr - https://nvd.nist.gov/vuln/detail/CVE-2016-1000136 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000136 cwe-id: CWE-79 - epss-score: 0.06584 - epss-percentile: 0.90653 + epss-score: 0.00119 + epss-percentile: 0.46028 cpe: cpe:2.3:a:heat-trackr_project:heat-trackr:1.0:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2016/CVE-2016-1000138.yaml b/http/cves/2016/CVE-2016-1000138.yaml index b1bd177e7bc..1ed2f6b2381 100644 --- a/http/cves/2016/CVE-2016-1000138.yaml +++ b/http/cves/2016/CVE-2016-1000138.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2016-1000138 cwe-id: CWE-79 - epss-score: 0.06584 - epss-percentile: 0.90653 + epss-score: 0.00119 + epss-percentile: 0.46028 cpe: cpe:2.3:a:indexisto_project:indexisto:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2016/CVE-2016-1000139.yaml b/http/cves/2016/CVE-2016-1000139.yaml index 4d494cc6b85..4c5cf4407ea 100644 --- a/http/cves/2016/CVE-2016-1000139.yaml +++ b/http/cves/2016/CVE-2016-1000139.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2016-1000139 cwe-id: CWE-79 - epss-score: 0.02927 - epss-percentile: 0.85749 + epss-score: 0.00116 + epss-percentile: 0.44389 cpe: cpe:2.3:a:infusionsoft_project:infusionsoft:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2016/CVE-2016-1000140.yaml b/http/cves/2016/CVE-2016-1000140.yaml index 26e25835cc1..39ca4463b43 100644 --- a/http/cves/2016/CVE-2016-1000140.yaml +++ b/http/cves/2016/CVE-2016-1000140.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2016-1000140 cwe-id: CWE-79 - epss-score: 0.06584 - epss-percentile: 0.90653 + epss-score: 0.00119 + epss-percentile: 0.45851 cpe: cpe:2.3:a:new-year-firework_project:new-year-firework:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2016/CVE-2016-1000141.yaml b/http/cves/2016/CVE-2016-1000141.yaml index 29c1f238245..0ded297da50 100644 --- a/http/cves/2016/CVE-2016-1000141.yaml +++ b/http/cves/2016/CVE-2016-1000141.yaml @@ -13,14 +13,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2016-1000141 - https://wordpress.org/plugins/page-layout-builder - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000141 cwe-id: CWE-79 - epss-score: 0.06584 - epss-percentile: 0.90653 + epss-score: 0.00142 + epss-percentile: 0.4984 cpe: cpe:2.3:a:page-layout-builder_project:page-layout-builder:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2016/CVE-2016-1000142.yaml b/http/cves/2016/CVE-2016-1000142.yaml index 538abede5d4..a481248601e 100644 --- a/http/cves/2016/CVE-2016-1000142.yaml +++ b/http/cves/2016/CVE-2016-1000142.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2016-1000142 cwe-id: CWE-79 - epss-score: 0.07251 - epss-percentile: 0.9113 + epss-score: 0.00103 + epss-percentile: 0.41915 cpe: cpe:2.3:a:parsi-font_project:parsi-font:4.2.5:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2016/CVE-2016-1000153.yaml b/http/cves/2016/CVE-2016-1000153.yaml index 19e044f356f..b439ac3e7e3 100644 --- a/http/cves/2016/CVE-2016-1000153.yaml +++ b/http/cves/2016/CVE-2016-1000153.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2016-1000153 cwe-id: CWE-79 - epss-score: 0.04568 - epss-percentile: 0.88634 + epss-score: 0.00114 + epss-percentile: 0.44874 cpe: cpe:2.3:a:tidio-gallery_project:tidio-gallery:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2016/CVE-2016-1000154.yaml b/http/cves/2016/CVE-2016-1000154.yaml index 292e981bd46..7a6b61d5234 100644 --- a/http/cves/2016/CVE-2016-1000154.yaml +++ b/http/cves/2016/CVE-2016-1000154.yaml @@ -14,14 +14,13 @@ info: - https://wordpress.org/plugins/whizz - https://nvd.nist.gov/vuln/detail/CVE-2016-1000154 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000154 cwe-id: CWE-79 - epss-score: 0.08648 - epss-percentile: 0.91973 + epss-score: 0.00142 + epss-percentile: 0.4984 cpe: cpe:2.3:a:browserweb:whizz:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2016/CVE-2016-10033.yaml b/http/cves/2016/CVE-2016-10033.yaml index 41bcb943500..1b871ac3424 100644 --- a/http/cves/2016/CVE-2016-10033.yaml +++ b/http/cves/2016/CVE-2016-10033.yaml @@ -20,16 +20,13 @@ info: cvss-score: 9.8 cve-id: CVE-2016-10033 cwe-id: CWE-88 - epss-score: 0.94458 - epss-percentile: 0.99991 + epss-score: 0.97129 + epss-percentile: 0.99797 cpe: cpe:2.3:a:phpmailer_project:phpmailer:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: phpmailer_project product: phpmailer - shodan-query: http.title:"php mailer" - fofa-query: title="php mailer" - google-query: intitle:"php mailer" tags: cve,cve2016,seclists,rce,edb,wordpress,phpmailer_project http: diff --git a/http/cves/2016/CVE-2016-10108.yaml b/http/cves/2016/CVE-2016-10108.yaml index d070da36c0e..3f721a06a2f 100644 --- a/http/cves/2016/CVE-2016-10108.yaml +++ b/http/cves/2016/CVE-2016-10108.yaml @@ -27,7 +27,7 @@ info: max-request: 1 vendor: western_digital product: mycloud_nas - shodan-query: http.favicon.hash:"-1074357885" + shodan-query: http.favicon.hash:-1074357885 fofa-query: icon_hash=-1074357885 tags: cve2016,cve,packetstorm,rce,oast,wdcloud,western_digital diff --git a/http/cves/2016/CVE-2016-10134.yaml b/http/cves/2016/CVE-2016-10134.yaml index f6d0d9d1545..d2575265f80 100644 --- a/http/cves/2016/CVE-2016-10134.yaml +++ b/http/cves/2016/CVE-2016-10134.yaml @@ -28,14 +28,13 @@ info: vendor: zabbix product: zabbix shodan-query: - - http.favicon.hash:"892542951" + - http.favicon.hash:892542951 - http.title:"zabbix-server" - cpe:"cpe:2.3:a:zabbix:zabbix" fofa-query: - icon_hash=892542951 - app="zabbix-监控系统" && body="saml" - title="zabbix-server" - - icon_hash="892542951" google-query: intitle:"zabbix-server" tags: cve2016,cve,zabbix,sqli,vulhub diff --git a/http/cves/2016/CVE-2016-10367.yaml b/http/cves/2016/CVE-2016-10367.yaml index f489c915bd0..56fd7a87a04 100644 --- a/http/cves/2016/CVE-2016-10367.yaml +++ b/http/cves/2016/CVE-2016-10367.yaml @@ -28,7 +28,9 @@ info: max-request: 1 vendor: opsview product: opsview - shodan-query: http.title:"opsview" + shodan-query: + - title:"Opsview" + - http.title:"opsview" fofa-query: title="opsview" google-query: intitle:"opsview" tags: cve2016,cve,opsview,lfi diff --git a/http/cves/2016/CVE-2016-10368.yaml b/http/cves/2016/CVE-2016-10368.yaml index c50eee27116..78e34b0cef3 100644 --- a/http/cves/2016/CVE-2016-10368.yaml +++ b/http/cves/2016/CVE-2016-10368.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2016-10368 cwe-id: CWE-601 - epss-score: 0.01027 - epss-percentile: 0.76174 + epss-score: 0.00204 + epss-percentile: 0.57743 cpe: cpe:2.3:a:opsview:opsview:4.5.0:*:*:*:pro:*:*:* metadata: max-request: 1 diff --git a/http/cves/2016/CVE-2016-10960.yaml b/http/cves/2016/CVE-2016-10960.yaml index c75db7b12c3..59f75d07dfb 100644 --- a/http/cves/2016/CVE-2016-10960.yaml +++ b/http/cves/2016/CVE-2016-10960.yaml @@ -20,8 +20,8 @@ info: cvss-score: 8.8 cve-id: CVE-2016-10960 cwe-id: CWE-20 - epss-score: 0.58125 - epss-percentile: 0.98035 + epss-score: 0.01469 + epss-percentile: 0.86457 cpe: cpe:2.3:a:joomlaserviceprovider:wsecure:*:*:*:*:lite:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2016/CVE-2016-10973.yaml b/http/cves/2016/CVE-2016-10973.yaml index fda5fe1fefc..1603bbc7050 100644 --- a/http/cves/2016/CVE-2016-10973.yaml +++ b/http/cves/2016/CVE-2016-10973.yaml @@ -14,14 +14,13 @@ info: - https://wpscan.com/vulnerability/93568433-0b63-4ea7-bbac-4323d3ee0abd - https://nvd.nist.gov/vuln/detail/CVE-2026-10973 - https://github.com/ARPSyndicate/cvemon - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-10973 cwe-id: CWE-79 - epss-score: 0.01324 - epss-percentile: 0.78882 + epss-score: 0.00177 + epss-percentile: 0.54797 cpe: cpe:2.3:a:brafton:brafton:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2016/CVE-2016-10976.yaml b/http/cves/2016/CVE-2016-10976.yaml index 2dc5c415979..aa86df5008d 100644 --- a/http/cves/2016/CVE-2016-10976.yaml +++ b/http/cves/2016/CVE-2016-10976.yaml @@ -12,21 +12,21 @@ info: - https://wordpress.org/plugins/safe-editor/#developers - https://github.com/ARPSyndicate/cvemon - https://nvd.nist.gov/vuln/detail/CVE-2016-10976 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-10976 cwe-id: CWE-79 - epss-score: 0.02444 - epss-percentile: 0.84372 + epss-score: 0.00096 + epss-percentile: 0.41555 cpe: cpe:2.3:a:kodebyraaet:safe_editor:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 vendor: kodebyraaet product: safe_editor framework: wordpress - tags: cve,cve2016,wordpress,wp,wp-plugin,xss,safe_editor,kodebyraaet + tags: cve,cve2016,wordpress,wp,wp-plugin,xss,safe_editor + flow: http(1) && http(2) http: diff --git a/http/cves/2016/CVE-2016-10993.yaml b/http/cves/2016/CVE-2016-10993.yaml index ee6a567318d..de0539ef133 100644 --- a/http/cves/2016/CVE-2016-10993.yaml +++ b/http/cves/2016/CVE-2016-10993.yaml @@ -6,29 +6,29 @@ info: severity: medium description: | WordPress ScoreMe theme through 2016-04-01 contains a reflected cross-site scripting vulnerability via the s parameter which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. - impact: | - Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. - remediation: | - Apply the latest security patch or update to the ScoreMe Theme to fix the XSS vulnerability. reference: - https://www.vulnerability-lab.com/get_content.php?id=1808 - https://wpvulndb.com/vulnerabilities/8431 - https://nvd.nist.gov/vuln/detail/CVE-2016-10993 - https://github.com/0xkucing/CVE-2016-10993 - https://github.com/ARPSyndicate/cvemon + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. + remediation: | + Apply the latest security patch or update to the ScoreMe Theme to fix the XSS vulnerability. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2016-10993 cwe-id: CWE-79 + cpe: cpe:2.3:a:scoreme_project:scoreme:*:*:*:*:*:wordpress:*:* epss-score: 0.00245 epss-percentile: 0.64569 - cpe: cpe:2.3:a:scoreme_project:scoreme:*:*:*:*:*:wordpress:*:* metadata: + framework: wordpress max-request: 2 vendor: "scoreme_project" product: scoreme - framework: wordpress tags: cve2016,cve,wordpress,wp-theme,xss,scoreme_project flow: http(1) && http(2) diff --git a/http/cves/2016/CVE-2016-1555.yaml b/http/cves/2016/CVE-2016-1555.yaml index 7aed117a3e4..a2612dede60 100644 --- a/http/cves/2016/CVE-2016-1555.yaml +++ b/http/cves/2016/CVE-2016-1555.yaml @@ -16,12 +16,12 @@ info: - http://seclists.org/fulldisclosure/2016/Feb/112 - http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2016-1555 cwe-id: CWE-77 - epss-score: 0.94152 - epss-percentile: 0.99901 + epss-score: 0.97373 + epss-percentile: 0.99904 cpe: cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2016/CVE-2016-2389.yaml b/http/cves/2016/CVE-2016-2389.yaml index dac52e7343b..b9b78ef0c7e 100644 --- a/http/cves/2016/CVE-2016-2389.yaml +++ b/http/cves/2016/CVE-2016-2389.yaml @@ -20,15 +20,15 @@ info: cvss-score: 7.5 cve-id: CVE-2016-2389 cwe-id: CWE-22 - epss-score: 0.8079 - epss-percentile: 0.99083 + epss-score: 0.24589 + epss-percentile: 0.96217 cpe: cpe:2.3:a:sap:netweaver:7.40:*:*:*:*:*:*:* metadata: max-request: 1 vendor: sap product: netweaver shodan-query: - - http.favicon.hash:"-266008933" + - http.favicon.hash:-266008933 - cpe:"cpe:2.3:a:sap:netweaver" fofa-query: icon_hash=-266008933 tags: cve2016,cve,packetstorm,seclists,lfi,sap,edb diff --git a/http/cves/2016/CVE-2016-3088.yaml b/http/cves/2016/CVE-2016-3088.yaml index e062c649988..dc39dc345f7 100644 --- a/http/cves/2016/CVE-2016-3088.yaml +++ b/http/cves/2016/CVE-2016-3088.yaml @@ -16,12 +16,12 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2016-3088 - http://rhn.redhat.com/errata/RHSA-2016-2036.html classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2016-3088 - cwe-id: CWE-434 - epss-score: 0.9429 - epss-percentile: 0.99928 + cwe-id: CWE-20 + epss-score: 0.83955 + epss-percentile: 0.98478 cpe: cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:* metadata: max-request: 2 @@ -30,9 +30,6 @@ info: shodan-query: - cpe:"cpe:2.3:a:apache:activemq" - product:"activemq openwire transport" - - http.title:"apache activemq" - fofa-query: title="apache activemq" - google-query: intitle:"apache activemq" tags: cve2016,cve,fileupload,kev,edb,apache,activemq,intrusive variables: rand1: '{{rand_int(11111111, 99999999)}}' diff --git a/http/cves/2016/CVE-2016-3978.yaml b/http/cves/2016/CVE-2016-3978.yaml index 36eaa7b4a74..4ef51f8b77c 100644 --- a/http/cves/2016/CVE-2016-3978.yaml +++ b/http/cves/2016/CVE-2016-3978.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2016-3978 - http://seclists.org/fulldisclosure/2016/Mar/68 - http://www.securitytracker.com/id/1035332 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-3978 cwe-id: CWE-79 - epss-score: 0.12521 - epss-percentile: 0.93551 + epss-score: 0.00217 + epss-percentile: 0.59667 cpe: cpe:2.3:o:fortinet:fortios:5.0.0:*:*:*:*:*:*:* metadata: max-request: 1 @@ -29,9 +28,9 @@ info: product: fortios shodan-query: - http.html:"/remote/login" "xxxxxxxx" - - http.favicon.hash:"945408572" + - http.favicon.hash:945408572 - cpe:"cpe:2.3:o:fortinet:fortios" - - port:"10443 http.favicon.hash945408572" + - port:10443 http.favicon.hash:945408572 fofa-query: - body="/remote/login" "xxxxxxxx" - icon_hash=945408572 diff --git a/http/cves/2016/CVE-2016-4437.yaml b/http/cves/2016/CVE-2016-4437.yaml index 58439a59f6a..54c6cf9216b 100644 --- a/http/cves/2016/CVE-2016-4437.yaml +++ b/http/cves/2016/CVE-2016-4437.yaml @@ -3,7 +3,7 @@ id: CVE-2016-4437 info: name: Apache Shiro 1.2.4 Cookie RememberME - Deserial Remote Code Execution Vulnerability author: iamnoooob,rootxharsh,pdresearch - severity: critical + severity: high description: | Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter. impact: | @@ -17,18 +17,17 @@ info: - http://packetstormsecurity.com/files/157497/Apache-Shiro-1.2.4-Remote-Code-Execution.html - http://rhn.redhat.com/errata/RHSA-2016-2035.html classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.1 cve-id: CVE-2016-4437 cwe-id: CWE-284 - epss-score: 0.94303 - epss-percentile: 0.99932 - cpe: cpe:2.3:a:apache:aurora:*:*:*:*:*:*:*:* + epss-score: 0.97507 + epss-percentile: 0.99981 + cpe: cpe:2.3:a:apache:shiro:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: apache - product: aurora - fofa-query: "x-server: afterlogicdavserver" + product: shiro tags: cve2016,cve,apache,rce,kev,packetstorm,shiro,deserialization,oast http: diff --git a/http/cves/2016/CVE-2016-4975.yaml b/http/cves/2016/CVE-2016-4975.yaml index 343d1abbe28..2efec573155 100644 --- a/http/cves/2016/CVE-2016-4975.yaml +++ b/http/cves/2016/CVE-2016-4975.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.1 cve-id: CVE-2016-4975 cwe-id: CWE-93 - epss-score: 0.78137 - epss-percentile: 0.98949 + epss-score: 0.00399 + epss-percentile: 0.73471 cpe: cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:* metadata: max-request: 1 @@ -29,20 +29,6 @@ info: shodan-query: - cpe:"cpe:2.3:a:apache:http_server" - apache 2.4.49 - - http.title:"apache http server test page powered by centos" - - http.title:"apache+default","apache+http+server+test","apache2+it+works" - - http.title:"apache2 debian default page:" - - http.title:"test page for the ssl/tls-aware apache installation on web site" - fofa-query: - - title="apache http server test page powered by centos" - - title="apache+default","apache+http+server+test","apache2+it+works" - - title="apache2 debian default page:" - - title="test page for the ssl/tls-aware apache installation on web site" - google-query: - - intitle:"apache http server test page powered by centos" - - intitle:"apache+default","apache+http+server+test","apache2+it+works" - - intitle:"apache2 debian default page:" - - intitle:"test page for the ssl/tls-aware apache installation on web site" tags: cve2016,cve,crlf,apache,xss http: diff --git a/http/cves/2016/CVE-2016-5674.yaml b/http/cves/2016/CVE-2016-5674.yaml index 8b15c4aaa3e..72a9061a906 100644 --- a/http/cves/2016/CVE-2016-5674.yaml +++ b/http/cves/2016/CVE-2016-5674.yaml @@ -14,15 +14,17 @@ info: cvss-score: 9.8 cve-id: CVE-2016-5674 cwe-id: CWE-20 - epss-score: 0.89376 - epss-percentile: 0.99508 + epss-score: 0.95793 + epss-percentile: 0.99431 cpe: cpe:2.3:a:netgear:readynas_surveillance:1.1.1:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: netgear product: "readynas_surveillance" - fofa-query: app="nuuo-nvrmini" || app="nuuo-nvr" || title="network video recorder login" + fofa-query: + - "app=\"NUUO-NVRmini\" || app=\"NUUO-NVR\" || title=\"Network Video Recorder Login\"" + - app="nuuo-nvrmini" || app="nuuo-nvr" || title="network video recorder login" tags: cve,cve2016,nuuo,rce,netgear variables: rand: "{{to_lower(rand_text_alpha(32))}}" diff --git a/http/cves/2016/CVE-2016-6195.yaml b/http/cves/2016/CVE-2016-6195.yaml index 26c90f40861..0ab6575ecf8 100644 --- a/http/cves/2016/CVE-2016-6195.yaml +++ b/http/cves/2016/CVE-2016-6195.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2016-6195 cwe-id: CWE-89 - epss-score: 0.83941 - epss-percentile: 0.99232 + epss-score: 0.00284 + epss-percentile: 0.68612 cpe: cpe:2.3:a:vbulletin:vbulletin:*:patch_level_4:*:*:*:*:*:* metadata: verified: "true" @@ -30,20 +30,17 @@ info: vendor: vbulletin product: vbulletin shodan-query: - - http.title:"powered by vbulletin" + - title:"Powered By vBulletin" - http.html:"powered by vbulletin" - http.component:"vbulletin" + - http.title:"powered by vbulletin" - cpe:"cpe:2.3:a:vbulletin:vbulletin" - - http.title:"vbulletin" fofa-query: - body="powered by vbulletin" - title="powered by vbulletin" - - app="vbulletin" - - title="vbulletin" google-query: - intext:"powered by vbulletin" - intitle:"powered by vbulletin" - - intitle:"vbulletin" tags: cve2016,cve,vbulletin,sqli,forum,edb http: diff --git a/http/cves/2016/CVE-2016-6277.yaml b/http/cves/2016/CVE-2016-6277.yaml index 3aaa5376079..abd9faf981b 100644 --- a/http/cves/2016/CVE-2016-6277.yaml +++ b/http/cves/2016/CVE-2016-6277.yaml @@ -16,12 +16,12 @@ info: - https://www.kb.cert.org/vuls/id/582384 - http://kb.netgear.com/000036386/CVE-2016-582384 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2016-6277 cwe-id: CWE-352 - epss-score: 0.94298 - epss-percentile: 0.99931 + epss-score: 0.97464 + epss-percentile: 0.9996 cpe: cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2016/CVE-2016-6601.yaml b/http/cves/2016/CVE-2016-6601.yaml index b56177cd727..32152fd612c 100644 --- a/http/cves/2016/CVE-2016-6601.yaml +++ b/http/cves/2016/CVE-2016-6601.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2016-6601 cwe-id: CWE-22 - epss-score: 0.9278 - epss-percentile: 0.99744 + epss-score: 0.97504 + epss-percentile: 0.99983 cpe: cpe:2.3:a:zohocorp:webnms_framework:5.2:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2016/CVE-2016-7552.yaml b/http/cves/2016/CVE-2016-7552.yaml index 4c13eb8a950..223d73e81e9 100644 --- a/http/cves/2016/CVE-2016-7552.yaml +++ b/http/cves/2016/CVE-2016-7552.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2016-7552 cwe-id: CWE-22 - epss-score: 0.92979 - epss-percentile: 0.99761 + epss-score: 0.96711 + epss-percentile: 0.99651 cpe: cpe:2.3:a:trendmicro:threat_discovery_appliance:2.6.1062:r1:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2016/CVE-2016-7834.yaml b/http/cves/2016/CVE-2016-7834.yaml index cb0ee2510c7..8a035c975d3 100644 --- a/http/cves/2016/CVE-2016-7834.yaml +++ b/http/cves/2016/CVE-2016-7834.yaml @@ -21,8 +21,8 @@ info: cvss-score: 8.8 cve-id: CVE-2016-7834 cwe-id: CWE-200 - epss-score: 0.35366 - epss-percentile: 0.96837 + epss-score: 0.00186 + epss-percentile: 0.55834 cpe: cpe:2.3:o:sony:snc_series_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2016/CVE-2016-7981.yaml b/http/cves/2016/CVE-2016-7981.yaml index 1cc59b7c340..3a5cd26496e 100644 --- a/http/cves/2016/CVE-2016-7981.yaml +++ b/http/cves/2016/CVE-2016-7981.yaml @@ -31,9 +31,7 @@ info: shodan-query: - http.html:"spip.php?page=backend" - cpe:"cpe:2.3:a:spip:spip" - fofa-query: - - body="spip.php?page=backend" - - app="spip" + fofa-query: body="spip.php?page=backend" tags: cve2016,cve,xss,spip http: diff --git a/http/cves/2016/CVE-2016-9299.yaml b/http/cves/2016/CVE-2016-9299.yaml index de87d85ded7..919b892bd41 100644 --- a/http/cves/2016/CVE-2016-9299.yaml +++ b/http/cves/2016/CVE-2016-9299.yaml @@ -22,7 +22,7 @@ info: product: jenkins shodan-query: product:"jenkins" fofa-query: icon_hash=81586312 - tags: cve,cve2016,rce,deserialization,jenkins + tags: cve,cve2016,rce,deserialization variables: oast: "{{interactsh-url}}" diff --git a/http/cves/2017/CVE-2017-0929.yaml b/http/cves/2017/CVE-2017-0929.yaml index 29cb801b973..8a786e24758 100644 --- a/http/cves/2017/CVE-2017-0929.yaml +++ b/http/cves/2017/CVE-2017-0929.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2017-0929 cwe-id: CWE-918 - epss-score: 0.91725 - epss-percentile: 0.99653 + epss-score: 0.00753 + epss-percentile: 0.80628 cpe: cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2017/CVE-2017-1000028.yaml b/http/cves/2017/CVE-2017-1000028.yaml index 52e2acd5502..3d1139937f4 100644 --- a/http/cves/2017/CVE-2017-1000028.yaml +++ b/http/cves/2017/CVE-2017-1000028.yaml @@ -25,11 +25,7 @@ info: max-request: 2 vendor: oracle product: glassfish_server - shodan-query: - - cpe:"cpe:2.3:a:oracle:glassfish_server" - - http.title:"glassfish server - server running" - fofa-query: title="glassfish server - server running" - google-query: intitle:"glassfish server - server running" + shodan-query: cpe:"cpe:2.3:a:oracle:glassfish_server" tags: cve,cve2017,oracle,glassfish,lfi,edb http: diff --git a/http/cves/2017/CVE-2017-1000029.yaml b/http/cves/2017/CVE-2017-1000029.yaml index 9de7037a8c5..cd7c92bc07d 100644 --- a/http/cves/2017/CVE-2017-1000029.yaml +++ b/http/cves/2017/CVE-2017-1000029.yaml @@ -13,25 +13,19 @@ info: - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18784 - https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037 - https://nvd.nist.gov/vuln/detail/CVE-2017-1000029 - - https://github.com/20142995/nuclei-templates - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2017-1000029 cwe-id: CWE-200 - epss-score: 0.72669 - epss-percentile: 0.9868 + epss-score: 0.00387 + epss-percentile: 0.70348 cpe: cpe:2.3:a:oracle:glassfish_server:3.0.1:*:*:*:open_source:*:*:* metadata: max-request: 1 vendor: oracle product: glassfish_server - shodan-query: - - cpe:"cpe:2.3:a:oracle:glassfish_server" - - http.title:"glassfish server - server running" - fofa-query: title="glassfish server - server running" - google-query: intitle:"glassfish server - server running" + shodan-query: cpe:"cpe:2.3:a:oracle:glassfish_server" tags: cve,cve2017,glassfish,oracle,lfi http: diff --git a/http/cves/2017/CVE-2017-1000163.yaml b/http/cves/2017/CVE-2017-1000163.yaml index b947d945696..0c110bc7ac0 100644 --- a/http/cves/2017/CVE-2017-1000163.yaml +++ b/http/cves/2017/CVE-2017-1000163.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.1 cve-id: CVE-2017-1000163 cwe-id: CWE-601 - epss-score: 0.02416 - epss-percentile: 0.84286 + epss-score: 0.00186 + epss-percentile: 0.55009 cpe: cpe:2.3:a:phoenixframework:phoenix:1.0.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2017/CVE-2017-1000486.yaml b/http/cves/2017/CVE-2017-1000486.yaml index 99b55014b8b..a5cc5a461c4 100644 --- a/http/cves/2017/CVE-2017-1000486.yaml +++ b/http/cves/2017/CVE-2017-1000486.yaml @@ -16,12 +16,12 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-1000486 - https://cryptosense.com/weak-encryption-flaw-in-primefaces/ classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2017-1000486 cwe-id: CWE-326 - epss-score: 0.94042 - epss-percentile: 0.99884 + epss-score: 0.97013 + epss-percentile: 0.99726 cpe: cpe:2.3:a:primetek:primefaces:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2017/CVE-2017-10075.yaml b/http/cves/2017/CVE-2017-10075.yaml index c9d02df9c8c..b6d031871a1 100644 --- a/http/cves/2017/CVE-2017-10075.yaml +++ b/http/cves/2017/CVE-2017-10075.yaml @@ -20,8 +20,8 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N cvss-score: 8.2 cve-id: CVE-2017-10075 - epss-score: 0.89472 - epss-percentile: 0.99513 + epss-score: 0.00451 + epss-percentile: 0.75082 cpe: cpe:2.3:a:oracle:webcenter_content:11.1.1.9.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2017/CVE-2017-10974.yaml b/http/cves/2017/CVE-2017-10974.yaml index 170ea441917..8fc6b2e044f 100644 --- a/http/cves/2017/CVE-2017-10974.yaml +++ b/http/cves/2017/CVE-2017-10974.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2017-10974 cwe-id: CWE-22 - epss-score: 0.91231 - epss-percentile: 0.9962 + epss-score: 0.96161 + epss-percentile: 0.9947 cpe: cpe:2.3:a:yaws:yaws:1.91:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2017/CVE-2017-11165.yaml b/http/cves/2017/CVE-2017-11165.yaml index 02647f1a2a4..15ad3e90cbd 100644 --- a/http/cves/2017/CVE-2017-11165.yaml +++ b/http/cves/2017/CVE-2017-11165.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2017-11165 cwe-id: CWE-200 - epss-score: 0.90726 - epss-percentile: 0.9959 + epss-score: 0.94336 + epss-percentile: 0.99189 cpe: cpe:2.3:o:datataker:dt80_dex_firmware:1.50.012:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2017/CVE-2017-11512.yaml b/http/cves/2017/CVE-2017-11512.yaml index 7ce53946a4f..2cdbed0db29 100644 --- a/http/cves/2017/CVE-2017-11512.yaml +++ b/http/cves/2017/CVE-2017-11512.yaml @@ -21,15 +21,17 @@ info: cvss-score: 7.5 cve-id: CVE-2017-11512 cwe-id: CWE-22 - epss-score: 0.8678 - epss-percentile: 0.99373 + epss-score: 0.97175 + epss-percentile: 0.99794 cpe: cpe:2.3:a:manageengine:servicedesk:9.3.9328:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: manageengine product: servicedesk - shodan-query: http.title:"manageengine" + shodan-query: + - http.title:"ManageEngine" + - http.title:"manageengine" fofa-query: title="manageengine" google-query: intitle:"manageengine" tags: cve,cve2017,manageengine,lfr,unauth,tenable diff --git a/http/cves/2017/CVE-2017-11586.yaml b/http/cves/2017/CVE-2017-11586.yaml index c3a36cf01e4..47c91bbbdee 100644 --- a/http/cves/2017/CVE-2017-11586.yaml +++ b/http/cves/2017/CVE-2017-11586.yaml @@ -13,16 +13,13 @@ info: reference: - http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#URL-Redirector-Abuse - https://nvd.nist.gov/vuln/detail/CVE-2017-11586 - - https://github.com/20142995/nuclei-templates - - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/LoRexxar/LoRexxar classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-11586 cwe-id: CWE-601 - epss-score: 0.06568 - epss-percentile: 0.9064 + epss-score: 0.00121 + epss-percentile: 0.46136 cpe: cpe:2.3:a:finecms:finecms:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2017/CVE-2017-11610.yaml b/http/cves/2017/CVE-2017-11610.yaml index 02b8914a928..5c083887202 100644 --- a/http/cves/2017/CVE-2017-11610.yaml +++ b/http/cves/2017/CVE-2017-11610.yaml @@ -20,14 +20,16 @@ info: cvss-score: 8.8 cve-id: CVE-2017-11610 cwe-id: CWE-276 - epss-score: 0.94218 - epss-percentile: 0.99912 + epss-score: 0.9745 + epss-percentile: 0.9995 cpe: cpe:2.3:a:supervisord:supervisor:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: supervisord product: supervisor - shodan-query: http.title:"supervisor status" + shodan-query: + - http.title:"Supervisor Status" + - http.title:"supervisor status" fofa-query: title="supervisor status" google-query: intitle:"supervisor status" tags: cve2017,cve,oast,xmlrpc,msf,rce,supervisor,supervisord diff --git a/http/cves/2017/CVE-2017-12138.yaml b/http/cves/2017/CVE-2017-12138.yaml index 603466728f4..95412cf6adb 100644 --- a/http/cves/2017/CVE-2017-12138.yaml +++ b/http/cves/2017/CVE-2017-12138.yaml @@ -27,7 +27,6 @@ info: max-request: 2 vendor: xoops product: xoops - fofa-query: title="xoops custom installation" tags: cve,cve2017,redirect,xoops,authenticated http: diff --git a/http/cves/2017/CVE-2017-12149.yaml b/http/cves/2017/CVE-2017-12149.yaml index 2495c6d5b9c..2656c3a0d0e 100644 --- a/http/cves/2017/CVE-2017-12149.yaml +++ b/http/cves/2017/CVE-2017-12149.yaml @@ -31,9 +31,7 @@ info: - http.title:"jboss" - cpe:"cpe:2.3:a:redhat:jboss_enterprise_application_platform" fofa-query: title="jboss" - google-query: - - intitle:"jboss" - - inurl:/web-console/serverinfo.jsp | inurl:/status?full=true + google-query: intitle:"jboss" tags: cve2017,cve,java,rce,deserialization,kev,vulhub,jboss,intrusive,redhat http: diff --git a/http/cves/2017/CVE-2017-12544.yaml b/http/cves/2017/CVE-2017-12544.yaml index 505779a1022..b1c38e40e16 100644 --- a/http/cves/2017/CVE-2017-12544.yaml +++ b/http/cves/2017/CVE-2017-12544.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5.4 cve-id: CVE-2017-12544 cwe-id: CWE-79 - epss-score: 0.72051 - epss-percentile: 0.98649 + epss-score: 0.96723 + epss-percentile: 0.99656 cpe: cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2017/CVE-2017-12583.yaml b/http/cves/2017/CVE-2017-12583.yaml index 55c80217fed..81b9ab59a5c 100644 --- a/http/cves/2017/CVE-2017-12583.yaml +++ b/http/cves/2017/CVE-2017-12583.yaml @@ -26,12 +26,10 @@ info: vendor: dokuwiki product: dokuwiki shodan-query: + - http.title:"DokuWiki" - http.title:"dokuwiki" - cpe:"cpe:2.3:a:dokuwiki:dokuwiki" - - http.html:"/dokuwiki/" - fofa-query: - - title="dokuwiki" - - body="/dokuwiki/" + fofa-query: title="dokuwiki" google-query: intitle:"dokuwiki" tags: cve,cve2017,xss,dokuwiki diff --git a/http/cves/2017/CVE-2017-12611.yaml b/http/cves/2017/CVE-2017-12611.yaml index ccf77f3427b..af544caa5bd 100644 --- a/http/cves/2017/CVE-2017-12611.yaml +++ b/http/cves/2017/CVE-2017-12611.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2017-12611 cwe-id: CWE-20 - epss-score: 0.94295 - epss-percentile: 0.99929 + epss-score: 0.97358 + epss-percentile: 0.99886 cpe: cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2017/CVE-2017-12615.yaml b/http/cves/2017/CVE-2017-12615.yaml index 1382db57efe..1904e82ad6f 100644 --- a/http/cves/2017/CVE-2017-12615.yaml +++ b/http/cves/2017/CVE-2017-12615.yaml @@ -17,32 +17,26 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-12615 - http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2017-12615 cwe-id: CWE-434 - epss-score: 0.9436 - epss-percentile: 0.9995 - cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* + epss-score: 0.96728 + epss-percentile: 0.99659 + cpe: cpe:2.3:a:apache:tomcat:7.0:*:*:*:*:*:*:* metadata: max-request: 2 vendor: apache product: tomcat shodan-query: + - title:"Apache Tomcat" - http.title:"apache tomcat" - http.html:"apache tomcat" - cpe:"cpe:2.3:a:apache:tomcat" - - http.component:"apache tomcat" - - http.html:"jk status manager" - - product:"tomcat" fofa-query: - body="apache tomcat" - title="apache tomcat" - - body="jk status manager" - - server=="apache tomcat" - google-query: - - intitle:"apache tomcat" - - site:*/examples/jsp/snp/snoop.jsp + google-query: intitle:"apache tomcat" tags: cve2017,cve,rce,tomcat,kev,vulhub,apache,fileupload,intrusive http: diff --git a/http/cves/2017/CVE-2017-12617.yaml b/http/cves/2017/CVE-2017-12617.yaml index 92d505e2728..2e8eddcf9a9 100644 --- a/http/cves/2017/CVE-2017-12617.yaml +++ b/http/cves/2017/CVE-2017-12617.yaml @@ -17,33 +17,27 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-12617 - http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: "CVE-2017-12617" cwe-id: CWE-434 - epss-score: 0.94394 - epss-percentile: 0.99965 - cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* + epss-score: 0.97533 + epss-percentile: 0.99992 + cpe: cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:* metadata: verified: "true" max-request: 2 vendor: apache product: tomcat shodan-query: - - http.html:"apache tomcat" + - html:"Apache Tomcat" - http.title:"apache tomcat" + - http.html:"apache tomcat" - cpe:"cpe:2.3:a:apache:tomcat" - - http.component:"apache tomcat" - - http.html:"jk status manager" - - product:"tomcat" fofa-query: - body="apache tomcat" - title="apache tomcat" - - body="jk status manager" - - server=="apache tomcat" - google-query: - - intitle:"apache tomcat" - - site:*/examples/jsp/snp/snoop.jsp + google-query: intitle:"apache tomcat" tags: cve2017,cve,tomcat,apache,rce,kev,intrusive http: diff --git a/http/cves/2017/CVE-2017-12629.yaml b/http/cves/2017/CVE-2017-12629.yaml index 50feb8ddc57..965d5a10bff 100644 --- a/http/cves/2017/CVE-2017-12629.yaml +++ b/http/cves/2017/CVE-2017-12629.yaml @@ -31,17 +31,12 @@ info: - cpe:"cpe:2.3:a:apache:solr" - http.title:"apache solr" - http.title:"solr admin" - - http.html:"apache solr" - - http.title:"solr" fofa-query: - title="solr admin" - title="apache solr" - - body="apache solr" - - title="solr" google-query: - intitle:"apache solr" - intitle:"solr admin" - - intitle:"solr" tags: cve2017,cve,oast,xxe,vulhub,solr,apache http: diff --git a/http/cves/2017/CVE-2017-12635.yaml b/http/cves/2017/CVE-2017-12635.yaml index 3598ccf1c99..872a3753428 100644 --- a/http/cves/2017/CVE-2017-12635.yaml +++ b/http/cves/2017/CVE-2017-12635.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2017-12635 cwe-id: CWE-269 - epss-score: 0.94148 - epss-percentile: 0.999 + epss-score: 0.97392 + epss-percentile: 0.99913 cpe: cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:* metadata: max-request: 1 @@ -30,7 +30,6 @@ info: shodan-query: - product:"couchdb" - cpe:"cpe:2.3:a:apache:couchdb" - fofa-query: app="apache-couchdb" tags: cve2017,cve,couchdb,apache,intrusive http: diff --git a/http/cves/2017/CVE-2017-12637.yaml b/http/cves/2017/CVE-2017-12637.yaml index 1c236a6cf1a..df321c9ce5f 100644 --- a/http/cves/2017/CVE-2017-12637.yaml +++ b/http/cves/2017/CVE-2017-12637.yaml @@ -27,7 +27,7 @@ info: max-request: 1 vendor: sap product: netweaver_application_server_java - shodan-query: http.favicon.hash:"-266008933" + shodan-query: http.favicon.hash:-266008933 fofa-query: icon_hash=-266008933 tags: cve2017,cve,sap,lfi,java,traversal diff --git a/http/cves/2017/CVE-2017-12794.yaml b/http/cves/2017/CVE-2017-12794.yaml index 20c8f3dde14..c1a5dfc6a20 100644 --- a/http/cves/2017/CVE-2017-12794.yaml +++ b/http/cves/2017/CVE-2017-12794.yaml @@ -28,15 +28,7 @@ info: max-request: 1 vendor: djangoproject product: django - shodan-query: - - cpe:"cpe:2.3:a:djangoproject:django" - - cpe:"cpe:2.3:a:djangoproject:django" || http.title:"django administration" - - http.html:"settings.py" - - http.title:"the install worked successfully! congratulations!" - fofa-query: - - body=settings.py - - title="the install worked successfully! congratulations!" - google-query: intitle:"the install worked successfully! congratulations!" + shodan-query: cpe:"cpe:2.3:a:djangoproject:django" tags: cve2017,cve,xss,django,djangoproject http: diff --git a/http/cves/2017/CVE-2017-14135.yaml b/http/cves/2017/CVE-2017-14135.yaml index 67ba1f579b4..d7266bce556 100644 --- a/http/cves/2017/CVE-2017-14135.yaml +++ b/http/cves/2017/CVE-2017-14135.yaml @@ -20,14 +20,16 @@ info: cvss-score: 9.8 cve-id: CVE-2017-14135 cwe-id: CWE-78 - epss-score: 0.86586 - epss-percentile: 0.99362 + epss-score: 0.96679 + epss-percentile: 0.99643 cpe: cpe:2.3:a:dreambox:opendreambox:2.0:*:*:*:*:*:*:* metadata: max-request: 1 vendor: dreambox product: opendreambox - shodan-query: http.title:"dreambox webcontrol" + shodan-query: + - title:"Dreambox WebControl" + - http.title:"dreambox webcontrol" fofa-query: title="dreambox webcontrol" google-query: intitle:"dreambox webcontrol" tags: cve,cve2017,dreambox,rce,oast,edb diff --git a/http/cves/2017/CVE-2017-14186.yaml b/http/cves/2017/CVE-2017-14186.yaml index 3156f794174..9dfbce9a1a5 100644 --- a/http/cves/2017/CVE-2017-14186.yaml +++ b/http/cves/2017/CVE-2017-14186.yaml @@ -21,8 +21,8 @@ info: cvss-score: 5.4 cve-id: CVE-2017-14186 cwe-id: CWE-79 - epss-score: 0.05402 - epss-percentile: 0.89606 + epss-score: 0.02948 + epss-percentile: 0.90833 cpe: cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* metadata: verified: true @@ -30,8 +30,8 @@ info: vendor: fortinet product: fortios shodan-query: - - port:"10443 http.favicon.hash945408572" - - http.favicon.hash:"945408572" + - port:10443 http.favicon.hash:945408572 + - http.favicon.hash:945408572 - cpe:"cpe:2.3:o:fortinet:fortios" - http.html:"/remote/login" "xxxxxxxx" fofa-query: diff --git a/http/cves/2017/CVE-2017-14535.yaml b/http/cves/2017/CVE-2017-14535.yaml index 4a8bfe10213..288b24907f7 100644 --- a/http/cves/2017/CVE-2017-14535.yaml +++ b/http/cves/2017/CVE-2017-14535.yaml @@ -20,8 +20,8 @@ info: cvss-score: 8.8 cve-id: CVE-2017-14535 cwe-id: CWE-78 - epss-score: 0.91393 - epss-percentile: 0.9963 + epss-score: 0.04456 + epss-percentile: 0.92413 cpe: cpe:2.3:a:netfortris:trixbox:2.8.0.4:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2017/CVE-2017-14537.yaml b/http/cves/2017/CVE-2017-14537.yaml index 5d05068dec1..106bbca9a71 100644 --- a/http/cves/2017/CVE-2017-14537.yaml +++ b/http/cves/2017/CVE-2017-14537.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-14537 - https://sourceforge.net/projects/asteriskathome/ - http://packetstormsecurity.com/files/162853/Trixbox-2.8.0.4-Path-Traversal.html - - https://github.com/merlinepedra/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N cvss-score: 6.5 cve-id: CVE-2017-14537 cwe-id: CWE-22 - epss-score: 0.92148 - epss-percentile: 0.9969 + epss-score: 0.01002 + epss-percentile: 0.81968 cpe: cpe:2.3:a:netfortris:trixbox:2.8.0.4:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2017/CVE-2017-14622.yaml b/http/cves/2017/CVE-2017-14622.yaml index c191ef150c0..cb595111a3f 100644 --- a/http/cves/2017/CVE-2017-14622.yaml +++ b/http/cves/2017/CVE-2017-14622.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2017-14622 cwe-id: CWE-79 - epss-score: 0.01184 - epss-percentile: 0.77719 + epss-score: 0.00135 + epss-percentile: 0.48695 cpe: cpe:2.3:a:2kblater:2kb_amazon_affiliates_store:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2017/CVE-2017-14651.yaml b/http/cves/2017/CVE-2017-14651.yaml index 4c6439f8de3..c17c9711e5b 100644 --- a/http/cves/2017/CVE-2017-14651.yaml +++ b/http/cves/2017/CVE-2017-14651.yaml @@ -27,7 +27,7 @@ info: max-request: 1 vendor: wso2 product: api_manager - shodan-query: http.favicon.hash:"1398055326" + shodan-query: http.favicon.hash:1398055326 fofa-query: icon_hash=1398055326 google-query: inurl:"carbon/admin/login" tags: cve,cve2017,wso2,xss diff --git a/http/cves/2017/CVE-2017-14849.yaml b/http/cves/2017/CVE-2017-14849.yaml index 0e9ca12b250..66cbd4a173d 100644 --- a/http/cves/2017/CVE-2017-14849.yaml +++ b/http/cves/2017/CVE-2017-14849.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2017-14849 cwe-id: CWE-22 - epss-score: 0.92237 - epss-percentile: 0.99695 + epss-score: 0.96684 + epss-percentile: 0.99644 cpe: cpe:2.3:a:nodejs:node.js:8.5.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2017/CVE-2017-15647.yaml b/http/cves/2017/CVE-2017-15647.yaml index 844a4e54051..57b49e7a956 100644 --- a/http/cves/2017/CVE-2017-15647.yaml +++ b/http/cves/2017/CVE-2017-15647.yaml @@ -13,15 +13,13 @@ info: - https://www.exploit-db.com/exploits/44054 - https://blogs.securiteam.com/index.php/archives/3472 - https://nvd.nist.gov/vuln/detail/CVE-2017-15647 - - https://github.com/20142995/nuclei-templates - - https://github.com/20142995/sectool classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2017-15647 cwe-id: CWE-22 - epss-score: 0.32685 - epss-percentile: 0.96622 + epss-score: 0.02013 + epss-percentile: 0.87655 cpe: cpe:2.3:o:fiberhome:routerfiberhome_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2017/CVE-2017-15715.yaml b/http/cves/2017/CVE-2017-15715.yaml index 58322140a0c..a185dc05690 100644 --- a/http/cves/2017/CVE-2017-15715.yaml +++ b/http/cves/2017/CVE-2017-15715.yaml @@ -30,20 +30,6 @@ info: shodan-query: - cpe:"cpe:2.3:a:apache:http_server" - apache 2.4.49 - - http.title:"apache http server test page powered by centos" - - http.title:"apache+default","apache+http+server+test","apache2+it+works" - - http.title:"apache2 debian default page:" - - http.title:"test page for the ssl/tls-aware apache installation on web site" - fofa-query: - - title="apache http server test page powered by centos" - - title="apache+default","apache+http+server+test","apache2+it+works" - - title="apache2 debian default page:" - - title="test page for the ssl/tls-aware apache installation on web site" - google-query: - - intitle:"apache http server test page powered by centos" - - intitle:"apache+default","apache+http+server+test","apache2+it+works" - - intitle:"apache2 debian default page:" - - intitle:"test page for the ssl/tls-aware apache installation on web site" tags: cve,cve2017,apache,httpd,fileupload,vulhub,intrusive http: diff --git a/http/cves/2017/CVE-2017-15944.yaml b/http/cves/2017/CVE-2017-15944.yaml index ff21f9279a0..802e15e4ee7 100644 --- a/http/cves/2017/CVE-2017-15944.yaml +++ b/http/cves/2017/CVE-2017-15944.yaml @@ -16,11 +16,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-15944 - http://www.securitytracker.com/id/1040007 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2017-15944 - epss-score: 0.94017 - epss-percentile: 0.99878 + epss-score: 0.97314 + epss-percentile: 0.99875 cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2017/CVE-2017-16877.yaml b/http/cves/2017/CVE-2017-16877.yaml index 04be5714516..ddd090d0fb0 100644 --- a/http/cves/2017/CVE-2017-16877.yaml +++ b/http/cves/2017/CVE-2017-16877.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2017-16877 cwe-id: CWE-22 - epss-score: 0.83603 - epss-percentile: 0.99218 + epss-score: 0.00337 + epss-percentile: 0.71295 cpe: cpe:2.3:a:zeit:next.js:*:*:*:*:*:*:*:* metadata: max-request: 1 @@ -30,10 +30,7 @@ info: shodan-query: - http.html:"/_next/static" - cpe:"cpe:2.3:a:zeit:next.js" - - x-middleware-rewrite - fofa-query: - - body="/_next/static" - - x-middleware-rewrite + fofa-query: body="/_next/static" tags: cve,cve2017,nextjs,lfi,traversal,zeit http: diff --git a/http/cves/2017/CVE-2017-16894.yaml b/http/cves/2017/CVE-2017-16894.yaml index 7ebda4fa7a7..32cdd97a381 100644 --- a/http/cves/2017/CVE-2017-16894.yaml +++ b/http/cves/2017/CVE-2017-16894.yaml @@ -30,9 +30,12 @@ info: vendor: laravel product: laravel shodan-query: - - laravel-framework + - Laravel-Framework - cpe:"cpe:2.3:a:laravel:laravel" - fofa-query: app="laravel-framework" + - laravel-framework + fofa-query: + - app="Laravel-Framework" + - app="laravel-framework" tags: cve,cve2017,laravel,exposure,packetstorm http: diff --git a/http/cves/2017/CVE-2017-17043.yaml b/http/cves/2017/CVE-2017-17043.yaml index aa2e5571267..bdbd24403cb 100644 --- a/http/cves/2017/CVE-2017-17043.yaml +++ b/http/cves/2017/CVE-2017-17043.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2017-17043 cwe-id: CWE-79 - epss-score: 0.05593 - epss-percentile: 0.89815 + epss-score: 0.00245 + epss-percentile: 0.64551 cpe: cpe:2.3:a:zitec:emag_marketplace_connector:1.0.0:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2017/CVE-2017-17059.yaml b/http/cves/2017/CVE-2017-17059.yaml index 5d75d4e4bd7..234d5481e04 100644 --- a/http/cves/2017/CVE-2017-17059.yaml +++ b/http/cves/2017/CVE-2017-17059.yaml @@ -14,14 +14,13 @@ info: - https://packetstormsecurity.com/files/145044/WordPress-amtyThumb-8.1.3-Cross-Site-Scripting.html - https://nvd.nist.gov/vuln/detail/CVE-2017-17059 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-17059 cwe-id: CWE-79 - epss-score: 0.00709 - epss-percentile: 0.71076 + epss-score: 0.00242 + epss-percentile: 0.642 cpe: cpe:2.3:a:amtythumb_project:amtythumb:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2017/CVE-2017-17562.yaml b/http/cves/2017/CVE-2017-17562.yaml index 9c19d25fe0a..b34a9a1d12c 100644 --- a/http/cves/2017/CVE-2017-17562.yaml +++ b/http/cves/2017/CVE-2017-17562.yaml @@ -17,12 +17,12 @@ info: - https://github.com/embedthis/goahead/issues/249 - https://nvd.nist.gov/vuln/detail/CVE-2017-17562 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2017-17562 cwe-id: CWE-20 - epss-score: 0.94053 - epss-percentile: 0.99887 + epss-score: 0.97436 + epss-percentile: 0.9994 cpe: cpe:2.3:a:embedthis:goahead:*:*:*:*:*:*:*:* metadata: max-request: 65 diff --git a/http/cves/2017/CVE-2017-17731.yaml b/http/cves/2017/CVE-2017-17731.yaml index 7f44c71c72b..a3eeb675e04 100644 --- a/http/cves/2017/CVE-2017-17731.yaml +++ b/http/cves/2017/CVE-2017-17731.yaml @@ -21,24 +21,21 @@ info: cvss-score: 9.8 cve-id: CVE-2017-17731 cwe-id: CWE-89 - epss-score: 0.85225 - epss-percentile: 0.99297 + epss-score: 0.04196 + epss-percentile: 0.92213 cpe: cpe:2.3:a:dedecms:dedecms:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: dedecms product: dedecms shodan-query: - - http.html:"dedecms" + - http.html:"DedeCms" - cpe:"cpe:2.3:a:dedecms:dedecms" - - http.html:"power by dedecms" || title:"dedecms" - - http.title:"dedecms" || http.html:"power by dedecms" + - http.html:"dedecms" fofa-query: + - app="DedeCMS" - app="dedecms" - body="dedecms" - - body="power by dedecms" || title:"dedecms" - - title="dedecms" || http.html:"power by dedecms" - google-query: intitle:"dedecms" || http.html:"power by dedecms" tags: cve,cve2017,sqli,dedecms variables: num: "999999999" diff --git a/http/cves/2017/CVE-2017-18487.yaml b/http/cves/2017/CVE-2017-18487.yaml index e61332b4ae5..3e47fb7625c 100644 --- a/http/cves/2017/CVE-2017-18487.yaml +++ b/http/cves/2017/CVE-2017-18487.yaml @@ -11,14 +11,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-18487 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18487 - https://wordpress.org/plugins/adsense-plugin/#developers - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-18487 cwe-id: CWE-79 - epss-score: 0.0048 - epss-percentile: 0.64006 + epss-score: 0.00088 + epss-percentile: 0.36245 cpe: cpe:2.3:a:google_adsense_project:google_adsense:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,7 +25,7 @@ info: vendor: google_adsense_project product: google_adsense framework: wordpress - shodan-query: http.html:"/wp-content/plugins/adsense-plugin/" + shodan-query: http.html:/wp-content/plugins/adsense-plugin/ fofa-query: body=/wp-content/plugins/adsense-plugin/ publicwww-query: "/wp-content/plugins/adsense-plugin/" tags: cve,cve2017,wordpress,wpscan,wp-plugin,xss,bws-adpush,authenticated,google_adsense_project diff --git a/http/cves/2017/CVE-2017-18490.yaml b/http/cves/2017/CVE-2017-18490.yaml index 418846d9094..c0c64996fcf 100644 --- a/http/cves/2017/CVE-2017-18490.yaml +++ b/http/cves/2017/CVE-2017-18490.yaml @@ -11,14 +11,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-18490 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18490 - https://wordpress.org/plugins/contact-form-multi/#developers - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-18490 cwe-id: CWE-79 - epss-score: 0.00104 - epss-percentile: 0.29554 + epss-score: 0.00088 + epss-percentile: 0.3753 cpe: cpe:2.3:a:bestwebsoft:contact_form_multi:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,7 +25,7 @@ info: vendor: bestwebsoft product: contact_form_multi framework: wordpress - shodan-query: http.html:"/wp-content/plugins/contact-form-multi/" + shodan-query: http.html:/wp-content/plugins/contact-form-multi/ fofa-query: body=/wp-content/plugins/contact-form-multi/ publicwww-query: "/wp-content/plugins/contact-form-multi/" tags: cve,cve2017,wordpress,bws-contact-form,wpscan,wp-plugin,xss,authenticated,contact-form-multi,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18491.yaml b/http/cves/2017/CVE-2017-18491.yaml index 27e68cf075a..a5509f42f2a 100644 --- a/http/cves/2017/CVE-2017-18491.yaml +++ b/http/cves/2017/CVE-2017-18491.yaml @@ -25,7 +25,7 @@ info: vendor: bestwebsoft product: contact_form framework: wordpress - shodan-query: http.html:"/wp-content/plugins/contact-form-plugin/" + shodan-query: http.html:/wp-content/plugins/contact-form-plugin/ fofa-query: body=/wp-content/plugins/contact-form-plugin/ publicwww-query: "/wp-content/plugins/contact-form-plugin/" tags: cve,cve2017,wordpress,bws,contact-form,wpscan,wp-plugin,xss,authenticated,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18492.yaml b/http/cves/2017/CVE-2017-18492.yaml index 027129440ae..0e08bebc957 100644 --- a/http/cves/2017/CVE-2017-18492.yaml +++ b/http/cves/2017/CVE-2017-18492.yaml @@ -11,14 +11,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-18492 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18492 - https://wordpress.org/plugins/contact-form-to-db/#developers - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-18492 cwe-id: CWE-79 - epss-score: 0.00104 - epss-percentile: 0.29554 + epss-score: 0.00088 + epss-percentile: 0.36245 cpe: cpe:2.3:a:bestwebsoft:contact_form_to_db:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,7 +25,7 @@ info: vendor: bestwebsoft product: contact_form_to_db framework: wordpress - shodan-query: http.html:"/wp-content/plugins/contact-form-to-db/" + shodan-query: http.html:/wp-content/plugins/contact-form-to-db/ fofa-query: body=/wp-content/plugins/contact-form-to-db/ publicwww-query: "/wp-content/plugins/contact-form-to-db/" tags: cve2017,cve,wordpress,wpscan,bws-contact-form,wp-plugin,xss,authenticated,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18493.yaml b/http/cves/2017/CVE-2017-18493.yaml index 79b16356338..333f1539fa3 100644 --- a/http/cves/2017/CVE-2017-18493.yaml +++ b/http/cves/2017/CVE-2017-18493.yaml @@ -11,14 +11,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-18493 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18493 - https://wordpress.org/plugins/custom-admin-page/#developers - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-18493 cwe-id: CWE-79 - epss-score: 0.00104 - epss-percentile: 0.29609 + epss-score: 0.00088 + epss-percentile: 0.3753 cpe: cpe:2.3:a:bestwebsoft:custom_admin_page:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,7 +25,7 @@ info: vendor: bestwebsoft product: custom_admin_page framework: wordpress - shodan-query: http.html:"/wp-content/plugins/custom-admin-page/" + shodan-query: http.html:/wp-content/plugins/custom-admin-page/ fofa-query: body=/wp-content/plugins/custom-admin-page/ publicwww-query: "/wp-content/plugins/custom-admin-page/" tags: cve,cve2017,wordpress,bws-adminpage,wpscan,wp-plugin,xss,authenticated,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18494.yaml b/http/cves/2017/CVE-2017-18494.yaml index bb6b77b3596..fe3e5e09861 100644 --- a/http/cves/2017/CVE-2017-18494.yaml +++ b/http/cves/2017/CVE-2017-18494.yaml @@ -11,14 +11,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-18494 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18494 - https://wordpress.org/plugins/custom-search-plugin/#developers - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-18494 cwe-id: CWE-79 - epss-score: 0.00104 - epss-percentile: 0.29609 + epss-score: 0.00088 + epss-percentile: 0.3753 cpe: cpe:2.3:a:bestwebsoft:custom_search:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,7 +25,7 @@ info: vendor: bestwebsoft product: custom_search framework: wordpress - shodan-query: http.html:"/wp-content/plugins/custom-search-plugin/" + shodan-query: http.html:/wp-content/plugins/custom-search-plugin/ fofa-query: body=/wp-content/plugins/custom-search-plugin/ publicwww-query: "/wp-content/plugins/custom-search-plugin/" tags: cve,cve2017,wordpress,bws-custom-search,wpscan,wp-plugin,xss,authenticated,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18496.yaml b/http/cves/2017/CVE-2017-18496.yaml index a786d2bce0d..71fedb31e63 100644 --- a/http/cves/2017/CVE-2017-18496.yaml +++ b/http/cves/2017/CVE-2017-18496.yaml @@ -25,7 +25,7 @@ info: vendor: bestwebsoft product: htaccess framework: wordpress - shodan-query: http.html:"/wp-content/plugins/htaccess/" + shodan-query: http.html:/wp-content/plugins/htaccess/ fofa-query: body=/wp-content/plugins/htaccess/ publicwww-query: "/wp-content/plugins/htaccess/" tags: cve,cve2017,wordpress,wpscan,bws-htaccess,wp-plugin,xss,authenticated,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18500.yaml b/http/cves/2017/CVE-2017-18500.yaml index 9adbd0587b5..2bf4852145b 100644 --- a/http/cves/2017/CVE-2017-18500.yaml +++ b/http/cves/2017/CVE-2017-18500.yaml @@ -11,14 +11,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-18500 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18500 - https://wordpress.org/plugins/social-buttons-pack/#developers - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-18500 cwe-id: CWE-79 - epss-score: 0.00385 - epss-percentile: 0.58854 + epss-score: 0.00231 + epss-percentile: 0.61183 cpe: cpe:2.3:a:bestwebsoft:social_buttons_pack:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,7 +25,7 @@ info: vendor: bestwebsoft product: social_buttons_pack framework: wordpress - shodan-query: http.html:"/wp-content/plugins/social-buttons-pack/" + shodan-query: http.html:/wp-content/plugins/social-buttons-pack/ fofa-query: body=/wp-content/plugins/social-buttons-pack/ publicwww-query: "/wp-content/plugins/social-buttons-pack/" tags: cve2017,cve,wordpress,wpscan,bws-social-buttons,wp-plugin,xss,authenticated,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18501.yaml b/http/cves/2017/CVE-2017-18501.yaml index 03c299aaef0..b95c31a82cb 100644 --- a/http/cves/2017/CVE-2017-18501.yaml +++ b/http/cves/2017/CVE-2017-18501.yaml @@ -11,14 +11,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-18501 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18501 - https://wordpress.org/plugins/social-login-bws/#developers - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-18501 cwe-id: CWE-79 - epss-score: 0.00385 - epss-percentile: 0.58854 + epss-score: 0.00231 + epss-percentile: 0.61183 cpe: cpe:2.3:a:bestwebsoft:social_login:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,7 +25,7 @@ info: vendor: bestwebsoft product: social_login framework: wordpress - shodan-query: http.html:"/wp-content/plugins/social-login-bws/" + shodan-query: http.html:/wp-content/plugins/social-login-bws/ fofa-query: body=/wp-content/plugins/social-login-bws/ publicwww-query: "/wp-content/plugins/social-login-bws/" tags: cve2017,cve,wordpress,wpscan,bws-social-login,wp-plugin,xss,authenticated,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18502.yaml b/http/cves/2017/CVE-2017-18502.yaml index 60ce4f54abc..0c30ecb98ae 100644 --- a/http/cves/2017/CVE-2017-18502.yaml +++ b/http/cves/2017/CVE-2017-18502.yaml @@ -11,14 +11,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-18502 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18502 - https://wordpress.org/plugins/subscriber/#developers - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-18502 cwe-id: CWE-79 - epss-score: 0.00314 - epss-percentile: 0.5394 + epss-score: 0.00231 + epss-percentile: 0.61183 cpe: cpe:2.3:a:bestwebsoft:subscriber:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,7 +25,7 @@ info: vendor: bestwebsoft product: subscriber framework: wordpress - shodan-query: http.html:"/wp-content/plugins/subscriber/" + shodan-query: http.html:/wp-content/plugins/subscriber/ fofa-query: body=/wp-content/plugins/subscriber/ publicwww-query: "/wp-content/plugins/subscriber/" tags: cve2017,cve,wordpress,wpscan,bws-subscribers,wp-plugin,xss,authenticated,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18505.yaml b/http/cves/2017/CVE-2017-18505.yaml index 746d15469c9..988c8080d32 100644 --- a/http/cves/2017/CVE-2017-18505.yaml +++ b/http/cves/2017/CVE-2017-18505.yaml @@ -25,7 +25,7 @@ info: vendor: bestwebsoft product: twitter_button framework: wordpress - shodan-query: http.html:"/wp-content/plugins/twitter-plugin/" + shodan-query: http.html:/wp-content/plugins/twitter-plugin/ fofa-query: body=/wp-content/plugins/twitter-plugin/ publicwww-query: "/wp-content/plugins/twitter-plugin/" tags: cve,cve2017,wordpress,wpscan,bws-twitter,wp-plugin,xss,authenticated,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18516.yaml b/http/cves/2017/CVE-2017-18516.yaml index 858ecbdaa0c..1331af5298b 100644 --- a/http/cves/2017/CVE-2017-18516.yaml +++ b/http/cves/2017/CVE-2017-18516.yaml @@ -12,14 +12,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-18516 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18516 - https://wordpress.org/plugins/bws-linkedin/#developers - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-18516 cwe-id: CWE-79 - epss-score: 0.00059 - epss-percentile: 0.18549 + epss-score: 0.00088 + epss-percentile: 0.3753 cpe: cpe:2.3:a:bestwebsoft:linkedin:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -27,7 +26,7 @@ info: vendor: bestwebsoft product: linkedin framework: wordpress - shodan-query: http.html:"/wp-content/plugins/bws-linkedin/" + shodan-query: http.html:/wp-content/plugins/bws-linkedin/ fofa-query: body=/wp-content/plugins/bws-linkedin/ publicwww-query: "/wp-content/plugins/bws-linkedin/" tags: cve2017,cve,wordpress,wp-plugin,wpscan,bws-linkedin,xss,authenticated,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18517.yaml b/http/cves/2017/CVE-2017-18517.yaml index 322ee33db54..91171b6d966 100644 --- a/http/cves/2017/CVE-2017-18517.yaml +++ b/http/cves/2017/CVE-2017-18517.yaml @@ -26,7 +26,7 @@ info: vendor: bestwebsoft product: pinterest framework: wordpress - shodan-query: http.html:"/wp-content/plugins/bws-pinterest/" + shodan-query: http.html:/wp-content/plugins/bws-pinterest/ fofa-query: body=/wp-content/plugins/bws-pinterest/ publicwww-query: /wp-content/plugins/bws-pinterest/ tags: cve,cve2017,wordpress,wpscan,bws-pinterest,wp-plugin,xss,authenticated,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18518.yaml b/http/cves/2017/CVE-2017-18518.yaml index 65d1255a627..b0bd11b4a3b 100644 --- a/http/cves/2017/CVE-2017-18518.yaml +++ b/http/cves/2017/CVE-2017-18518.yaml @@ -12,14 +12,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-18518 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18518 - https://wordpress.org/plugins/bws-smtp/#developers - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-18518 cwe-id: CWE-79 - epss-score: 0.00059 - epss-percentile: 0.18549 + epss-score: 0.00088 + epss-percentile: 0.3753 cpe: cpe:2.3:a:bestwebsoft:smtp:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -27,7 +26,7 @@ info: vendor: bestwebsoft product: smtp framework: wordpress - shodan-query: http.html:"/wp-content/plugins/bws-smtp/" + shodan-query: http.html:/wp-content/plugins/bws-smtp/ fofa-query: body=/wp-content/plugins/bws-smtp/ publicwww-query: /wp-content/plugins/bws-smtp/ tags: cve,cve2017,wordpress,wp-plugin,wpscan,bws-smtp,xss,authenticated,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18527.yaml b/http/cves/2017/CVE-2017-18527.yaml index f0919c666df..6be5f887739 100644 --- a/http/cves/2017/CVE-2017-18527.yaml +++ b/http/cves/2017/CVE-2017-18527.yaml @@ -11,14 +11,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-18527 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18527 - https://wordpress.org/plugins/pagination/#developers - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-18527 cwe-id: CWE-79 - epss-score: 0.00059 - epss-percentile: 0.18549 + epss-score: 0.00088 + epss-percentile: 0.3753 cpe: cpe:2.3:a:bestwebsoft:pagination:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,7 +25,7 @@ info: vendor: bestwebsoft product: pagination framework: wordpress - shodan-query: http.html:"/wp-content/plugins/pagination/" + shodan-query: http.html:/wp-content/plugins/pagination/ fofa-query: body=/wp-content/plugins/pagination/ publicwww-query: "/wp-content/plugins/pagination/" tags: cve2017,cve,wordpress,wp-plugin,wpscan,bws-pagination,bws-xss,authenticated,bestwebsoft,xss diff --git a/http/cves/2017/CVE-2017-18528.yaml b/http/cves/2017/CVE-2017-18528.yaml index ba3a7684f19..34683d7d5d9 100644 --- a/http/cves/2017/CVE-2017-18528.yaml +++ b/http/cves/2017/CVE-2017-18528.yaml @@ -11,14 +11,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-18528 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18528 - https://wordpress.org/plugins/pdf-print/#developers - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-18528 cwe-id: CWE-79 - epss-score: 0.00056 - epss-percentile: 0.17424 + epss-score: 0.00088 + epss-percentile: 0.36245 cpe: cpe:2.3:a:bestwebsoft:pdf_\&_print:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,7 +25,7 @@ info: vendor: bestwebsoft product: pdf_\&_print framework: wordpress - shodan-query: http.html:"/wp-content/plugins/pdf-print/" + shodan-query: http.html:/wp-content/plugins/pdf-print/ fofa-query: body=/wp-content/plugins/pdf-print/ publicwww-query: "/wp-content/plugins/pdf-print/" tags: cve,cve2017,wordpress,wp-plugin,bws-pdf-print,wpscan,xss,authenticated,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18529.yaml b/http/cves/2017/CVE-2017-18529.yaml index 62ed9beff6c..5b529122d51 100644 --- a/http/cves/2017/CVE-2017-18529.yaml +++ b/http/cves/2017/CVE-2017-18529.yaml @@ -11,14 +11,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-18529 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18529 - https://wordpress.org/plugins/promobar/#developers - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-18529 cwe-id: CWE-79 - epss-score: 0.00059 - epss-percentile: 0.18549 + epss-score: 0.00088 + epss-percentile: 0.3753 cpe: cpe:2.3:a:bestwebsoft:promobar:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,7 +25,7 @@ info: vendor: bestwebsoft product: promobar framework: wordpress - shodan-query: http.html:"/wp-content/plugins/promobar/" + shodan-query: http.html:/wp-content/plugins/promobar/ fofa-query: body=/wp-content/plugins/promobar/ publicwww-query: /wp-content/plugins/promobar/ tags: cve,cve2017,wordpress,wp-plugin,bws-promobar,wpscan,xss,authenticated,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18530.yaml b/http/cves/2017/CVE-2017-18530.yaml index 6180fb494b2..8f90d2ba2be 100644 --- a/http/cves/2017/CVE-2017-18530.yaml +++ b/http/cves/2017/CVE-2017-18530.yaml @@ -11,14 +11,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-18530 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18530 - https://wordpress.org/plugins/rating-bws/#developers - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-18530 cwe-id: CWE-79 - epss-score: 0.00098 - epss-percentile: 0.28439 + epss-score: 0.00088 + epss-percentile: 0.36836 cpe: cpe:2.3:a:bestwebsoft:rating:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,7 +25,7 @@ info: vendor: bestwebsoft product: rating framework: wordpress - shodan-query: http.html:"/wp-content/plugins/rating-bws/" + shodan-query: http.html:/wp-content/plugins/rating-bws/ fofa-query: body=/wp-content/plugins/rating-bws/ publicwww-query: "/wp-content/plugins/rating-bws/" tags: cve2017,cve,wordpress,wp-plugin,bws-rating,wpscan,xss,authenticated,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18532.yaml b/http/cves/2017/CVE-2017-18532.yaml index bba681231a1..9b17bb49add 100644 --- a/http/cves/2017/CVE-2017-18532.yaml +++ b/http/cves/2017/CVE-2017-18532.yaml @@ -11,14 +11,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-18532 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18532 - https://wordpress.org/plugins/realty/#developers - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-18532 cwe-id: CWE-79 - epss-score: 0.00098 - epss-percentile: 0.28439 + epss-score: 0.00088 + epss-percentile: 0.36245 cpe: cpe:2.3:a:bestwebsoft:realty:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,7 +25,7 @@ info: vendor: bestwebsoft product: realty framework: wordpress - shodan-query: http.html:"/wp-content/plugins/realty/" + shodan-query: http.html:/wp-content/plugins/realty/ fofa-query: body=/wp-content/plugins/realty/ publicwww-query: /wp-content/plugins/realty/ tags: cve,cve2017,wordpress,wp-plugin,bws-realty,wpscan,xss,authenticated,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18536.yaml b/http/cves/2017/CVE-2017-18536.yaml index 5fc347286a0..3f23d022651 100644 --- a/http/cves/2017/CVE-2017-18536.yaml +++ b/http/cves/2017/CVE-2017-18536.yaml @@ -14,14 +14,13 @@ info: - https://wordpress.org/plugins/stop-user-enumeration/#developers - https://nvd.nist.gov/vuln/detail/CVE-2017-18536 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-18536 cwe-id: CWE-79 - epss-score: 0.05223 - epss-percentile: 0.89425 + epss-score: 0.00088 + epss-percentile: 0.3753 cpe: cpe:2.3:a:fullworks:stop_user_enumeration:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2017/CVE-2017-18537.yaml b/http/cves/2017/CVE-2017-18537.yaml index 361f7419d40..b2b21bbd3a5 100644 --- a/http/cves/2017/CVE-2017-18537.yaml +++ b/http/cves/2017/CVE-2017-18537.yaml @@ -25,7 +25,7 @@ info: vendor: bestwebsoft product: visitors_online framework: wordpress - shodan-query: http.html:"/wp-content/plugins/visitors-online/" + shodan-query: http.html:/wp-content/plugins/visitors-online/ fofa-query: body=/wp-content/plugins/visitors-online/ publicwww-query: "/wp-content/plugins/visitors-online/" tags: cve,cve2017,wordpress,wp-plugin,bws-visitors-online,wpscan,xss,authenticated,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18542.yaml b/http/cves/2017/CVE-2017-18542.yaml index c22a78b8505..612494e919d 100644 --- a/http/cves/2017/CVE-2017-18542.yaml +++ b/http/cves/2017/CVE-2017-18542.yaml @@ -11,14 +11,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-18542 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18542 - https://wordpress.org/plugins/zendesk-help-center/#developers - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-18542 cwe-id: CWE-79 - epss-score: 0.00089 - epss-percentile: 0.26739 + epss-score: 0.00221 + epss-percentile: 0.60119 cpe: cpe:2.3:a:bestwebsoft:zendesk_help_center:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,7 +25,7 @@ info: vendor: bestwebsoft product: zendesk_help_center framework: wordpress - shodan-query: http.html:"/wp-content/plugins/zendesk-help-center/" + shodan-query: http.html:/wp-content/plugins/zendesk-help-center/ fofa-query: body=/wp-content/plugins/zendesk-help-center/ publicwww-query: "/wp-content/plugins/zendesk-help-center/" tags: cve,cve2017,wordpress,wp-plugin,bws-zendesk,wpscan,xss,authenticated,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18556.yaml b/http/cves/2017/CVE-2017-18556.yaml index b3be1e3c4ef..c2e87141068 100644 --- a/http/cves/2017/CVE-2017-18556.yaml +++ b/http/cves/2017/CVE-2017-18556.yaml @@ -12,14 +12,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-18556 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18556 - https://wordpress.org/plugins/bws-google-analytics/#developers - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-18556 cwe-id: CWE-79 - epss-score: 0.00098 - epss-percentile: 0.28439 + epss-score: 0.00088 + epss-percentile: 0.3753 cpe: cpe:2.3:a:bestwebsoft:google_analytics:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -27,7 +26,7 @@ info: vendor: bestwebsoft product: google_analytics framework: wordpress - shodan-query: http.html:"/wp-content/plugins/bws-google-analytics/" + shodan-query: http.html:/wp-content/plugins/bws-google-analytics/ fofa-query: body=/wp-content/plugins/bws-google-analytics/ publicwww-query: "/wp-content/plugins/bws-google-analytics/" tags: cve2017,cve,wordpress,wp-plugin,xss,bws-google-analytics,wpscan,authenticated,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18557.yaml b/http/cves/2017/CVE-2017-18557.yaml index b9fe2baf722..ec703fc1c68 100644 --- a/http/cves/2017/CVE-2017-18557.yaml +++ b/http/cves/2017/CVE-2017-18557.yaml @@ -26,7 +26,7 @@ info: vendor: bestwebsoft product: google_maps framework: wordpress - shodan-query: http.html:"/wp-content/plugins/bws-google-maps/" + shodan-query: http.html:/wp-content/plugins/bws-google-maps/ fofa-query: body=/wp-content/plugins/bws-google-maps/ publicwww-query: "/wp-content/plugins/bws-google-maps/" tags: cve,cve2017,wordpress,wp-plugin,xss,bws-google-maps,wpscan,authenticated,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18558.yaml b/http/cves/2017/CVE-2017-18558.yaml index 4f9cf7238d1..18e62f2e173 100644 --- a/http/cves/2017/CVE-2017-18558.yaml +++ b/http/cves/2017/CVE-2017-18558.yaml @@ -11,14 +11,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-18558 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18558 - https://wordpress.org/plugins/bws-testimonials/#developers - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-18558 cwe-id: CWE-79 - epss-score: 0.00097 - epss-percentile: 0.28338 + epss-score: 0.00088 + epss-percentile: 0.3753 cpe: cpe:2.3:a:bestwebsoft:testimonials:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,7 +25,7 @@ info: vendor: bestwebsoft product: testimonials framework: wordpress - shodan-query: http.html:"/wp-content/plugins/bws-testimonials/" + shodan-query: http.html:/wp-content/plugins/bws-testimonials/ fofa-query: body=/wp-content/plugins/bws-testimonials/ publicwww-query: "/wp-content/plugins/bws-testimonials/" tags: cve2017,cve,wordpress,wp-plugin,xss,bws-testimonials,wpscan,authenticated,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18562.yaml b/http/cves/2017/CVE-2017-18562.yaml index 859cdba072a..19485baf4ee 100644 --- a/http/cves/2017/CVE-2017-18562.yaml +++ b/http/cves/2017/CVE-2017-18562.yaml @@ -25,7 +25,7 @@ info: vendor: bestwebsoft product: error_log_viewer framework: wordpress - shodan-query: http.html:"/wp-content/plugins/error-log-viewer/" + shodan-query: http.html:/wp-content/plugins/error-log-viewer/ fofa-query: body=/wp-content/plugins/error-log-viewer/ publicwww-query: "/wp-content/plugins/error-log-viewer/" tags: cve,cve2017,wordpress,wp-plugin,xss,bws-error-log,wpscan,authenticated,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18564.yaml b/http/cves/2017/CVE-2017-18564.yaml index fe450ce10f9..b0c3cb4252b 100644 --- a/http/cves/2017/CVE-2017-18564.yaml +++ b/http/cves/2017/CVE-2017-18564.yaml @@ -11,14 +11,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-18564 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18564 - https://wordpress.org/plugins/sender/#developers - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-18564 cwe-id: CWE-79 - epss-score: 0.00097 - epss-percentile: 0.28338 + epss-score: 0.00088 + epss-percentile: 0.3753 cpe: cpe:2.3:a:bestwebsoft:sender:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,7 +25,7 @@ info: vendor: bestwebsoft product: sender framework: wordpress - shodan-query: http.html:"/wp-content/plugins/sender/" + shodan-query: http.html:/wp-content/plugins/sender/ fofa-query: body=/wp-content/plugins/sender/ publicwww-query: "/wp-content/plugins/sender/" tags: cve,cve2017,wordpress,wp-plugin,xss,bws-sender,wpscan,authenticated,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18565.yaml b/http/cves/2017/CVE-2017-18565.yaml index ff9635959a0..be2ff233a9d 100644 --- a/http/cves/2017/CVE-2017-18565.yaml +++ b/http/cves/2017/CVE-2017-18565.yaml @@ -11,14 +11,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2017-18565 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18565 - https://wordpress.org/plugins/updater/#developers - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-18565 cwe-id: CWE-79 - epss-score: 0.00097 - epss-percentile: 0.28338 + epss-score: 0.00088 + epss-percentile: 0.3753 cpe: cpe:2.3:a:bestwebsoft:updater:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,7 +25,7 @@ info: vendor: bestwebsoft product: updater framework: wordpress - shodan-query: http.html:"/wp-content/plugins/updater/" + shodan-query: http.html:/wp-content/plugins/updater/ fofa-query: body=/wp-content/plugins/updater/ publicwww-query: "/wp-content/plugins/updater/" tags: cve2017,cve,wordpress,wp-plugin,xss,bws-updater,wpscan,authenticated,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18566.yaml b/http/cves/2017/CVE-2017-18566.yaml index f4fbccae595..477b52612d3 100644 --- a/http/cves/2017/CVE-2017-18566.yaml +++ b/http/cves/2017/CVE-2017-18566.yaml @@ -25,7 +25,7 @@ info: vendor: bestwebsoft product: user_role framework: wordpress - shodan-query: http.html:"/wp-content/plugins/user-role/" + shodan-query: http.html:/wp-content/plugins/user-role/ fofa-query: body=/wp-content/plugins/user-role/ publicwww-query: "/wp-content/plugins/user-role/" tags: cve,cve2017,wordpress,wp-plugin,xss,bws-user-role,wpscan,authenticated,bestwebsoft diff --git a/http/cves/2017/CVE-2017-18590.yaml b/http/cves/2017/CVE-2017-18590.yaml index 374c4f5f96f..725b8dc2e26 100644 --- a/http/cves/2017/CVE-2017-18590.yaml +++ b/http/cves/2017/CVE-2017-18590.yaml @@ -10,23 +10,22 @@ info: - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694/ - https://nvd.nist.gov/vuln/detail/CVE-2017-18590 - https://downloads.wordpress.org/plugin/timesheet - - https://wordpress.org/plugins/timesheet/#developers - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-18590 cwe-id: CWE-79 - epss-score: 0.00075 - epss-percentile: 0.23505 - cpe: cpe:2.3:a:bestwebsoft:timesheet:*:*:*:*:*:wordpress:*:* + epss-score: 0.00088 + epss-percentile: 0.3753 + cpe: cpe:2.3:a:bestwebsoft:promobar:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 3 vendor: bestwebsoft product: timesheet framework: wordpress - tags: wpscan,cve,cve2017,wordpress,wp,wp-plugin,bws-promobar,xss,authenticated,timesheet,bestwebsoft + tags: cve,cve2017,wordpress,wp,wp-plugin,bws-promobar,xss,authenticated,timesheet + flow: http(1) && http(2) http: diff --git a/http/cves/2017/CVE-2017-18598.yaml b/http/cves/2017/CVE-2017-18598.yaml index 8ef6f0bb685..d39dacb0242 100644 --- a/http/cves/2017/CVE-2017-18598.yaml +++ b/http/cves/2017/CVE-2017-18598.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2017-18598 cwe-id: CWE-79 - epss-score: 0.02107 - epss-percentile: 0.83215 + epss-score: 0.00094 + epss-percentile: 0.39752 cpe: cpe:2.3:a:designmodo:qards:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2017/CVE-2017-18638.yaml b/http/cves/2017/CVE-2017-18638.yaml index cfe138a069e..9513b4794fb 100644 --- a/http/cves/2017/CVE-2017-18638.yaml +++ b/http/cves/2017/CVE-2017-18638.yaml @@ -21,16 +21,13 @@ info: cvss-score: 7.5 cve-id: CVE-2017-18638 cwe-id: CWE-918 - epss-score: 0.87481 - epss-percentile: 0.99409 + epss-score: 0.00827 + epss-percentile: 0.81931 cpe: cpe:2.3:a:graphite_project:graphite:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: graphite_project product: graphite - shodan-query: http.title:"graphite browser" - fofa-query: title="graphite browser" - google-query: intitle:"graphite browser" tags: cve,cve2017,graphite,ssrf,oast,graphite_project http: diff --git a/http/cves/2017/CVE-2017-3131.yaml b/http/cves/2017/CVE-2017-3131.yaml index b887eaf79ae..9384e93a510 100644 --- a/http/cves/2017/CVE-2017-3131.yaml +++ b/http/cves/2017/CVE-2017-3131.yaml @@ -22,18 +22,12 @@ info: epss-percentile: 0.15636 cpe: cpe:2.3:o:fortinet:fortios:5.4.0:*:*:*:*:*:*:* metadata: - max-request: 2 vendor: fortinet product: fortios shodan-query: - - '[http.html:"/remote/login" "xxxxxxxx" http.favicon.hash:945408572 cpe:"cpe:2.3:o:fortinet:fortios"]' - - cpe:"cpe:2.3:o:fortinet:fortios" - - http.favicon.hash:"945408572" - http.html:"/remote/login" "xxxxxxxx" - - port:"10443 http.favicon.hash945408572" - fofa-query: - - body="/remote/login" "xxxxxxxx" - - icon_hash=945408572 + - http.favicon.hash:945408572 + - cpe:"cpe:2.3:o:fortinet:fortios" tags: cve,cve2017,fortinet,fortios,xss,authenticated http: diff --git a/http/cves/2017/CVE-2017-3132.yaml b/http/cves/2017/CVE-2017-3132.yaml index 39b37fb75a8..8e2619337cd 100644 --- a/http/cves/2017/CVE-2017-3132.yaml +++ b/http/cves/2017/CVE-2017-3132.yaml @@ -22,18 +22,12 @@ info: epss-percentile: 0.15636 cpe: cpe:2.3:o:fortinet:fortios:5.4.0:*:*:*:*:*:*:* metadata: - max-request: 1 vendor: fortinet product: fortios shodan-query: - - '[http.html:"/remote/login" "xxxxxxxx" http.favicon.hash:945408572 cpe:"cpe:2.3:o:fortinet:fortios"]' - - cpe:"cpe:2.3:o:fortinet:fortios" - - http.favicon.hash:"945408572" - http.html:"/remote/login" "xxxxxxxx" - - port:"10443 http.favicon.hash945408572" - fofa-query: - - body="/remote/login" "xxxxxxxx" - - icon_hash=945408572 + - http.favicon.hash:945408572 + - cpe:"cpe:2.3:o:fortinet:fortios" tags: cve,cve2017,fortinet,fortios,xss http: diff --git a/http/cves/2017/CVE-2017-3133.yaml b/http/cves/2017/CVE-2017-3133.yaml index a1adc06cb4f..3d937ac5f5d 100644 --- a/http/cves/2017/CVE-2017-3133.yaml +++ b/http/cves/2017/CVE-2017-3133.yaml @@ -13,30 +13,21 @@ info: reference: - https://www.exploit-db.com/exploits/42388 - https://nvd.nist.gov/vuln/detail/CVE-2017-3133 - - http://www.securitytracker.com/id/1039020 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-3133 cwe-id: CWE-79 - epss-score: 0.0869 - epss-percentile: 0.92 - cpe: cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* + epss-score: 0.00046 + epss-percentile: 0.15636 + cpe: cpe:2.3:o:fortinet:fortios:5.4.0:*:*:*:*:*:*:* metadata: - max-request: 3 vendor: fortinet product: fortios shodan-query: - - '[http.html:"/remote/login" "xxxxxxxx" http.favicon.hash:945408572 cpe:"cpe:2.3:o:fortinet:fortios"]' - - cpe:"cpe:2.3:o:fortinet:fortios" - - http.favicon.hash:"945408572" - http.html:"/remote/login" "xxxxxxxx" - - port:"10443 http.favicon.hash945408572" - fofa-query: - - body="/remote/login" "xxxxxxxx" - - icon_hash=945408572 + - http.favicon.hash:945408572 + - cpe:"cpe:2.3:o:fortinet:fortios" tags: cve,cve2017,fortinet,fortios,xss,authenticated http: diff --git a/http/cves/2017/CVE-2017-3506.yaml b/http/cves/2017/CVE-2017-3506.yaml index 950e6b303e8..fd8242584dd 100644 --- a/http/cves/2017/CVE-2017-3506.yaml +++ b/http/cves/2017/CVE-2017-3506.yaml @@ -16,11 +16,11 @@ info: - http://www.securitytracker.com/id/1038296 - https://github.com/CVEDB/top classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 7.4 cve-id: CVE-2017-3506 - epss-score: 0.94409 - epss-percentile: 0.99971 + epss-score: 0.96935 + epss-percentile: 0.99702 cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* metadata: max-request: 1 @@ -31,7 +31,7 @@ info: - product:"oracle weblogic" fofa-query: title="oracle peoplesoft sign-in" google-query: intitle:"oracle peoplesoft sign-in" - tags: cve,cve2017,rce,oast,hackerone,weblogic,oracle,kev + tags: cve,cve2017,rce,oast,hackerone,weblogic,oracle http: - raw: diff --git a/http/cves/2017/CVE-2017-4011.yaml b/http/cves/2017/CVE-2017-4011.yaml index 5d2b8cdd0c3..8c013e08cdf 100644 --- a/http/cves/2017/CVE-2017-4011.yaml +++ b/http/cves/2017/CVE-2017-4011.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2017-4011 cwe-id: CWE-79 - epss-score: 0.1089 - epss-percentile: 0.9301 + epss-score: 0.00142 + epss-percentile: 0.49977 cpe: cpe:2.3:a:mcafee:network_data_loss_prevention:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2017/CVE-2017-5521.yaml b/http/cves/2017/CVE-2017-5521.yaml index 38ce2f6d94c..f50e2f465a7 100644 --- a/http/cves/2017/CVE-2017-5521.yaml +++ b/http/cves/2017/CVE-2017-5521.yaml @@ -17,12 +17,12 @@ info: - https://www.exploit-db.com/exploits/41205/ - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2017-5521 cwe-id: CWE-200 - epss-score: 0.94171 - epss-percentile: 0.99905 + epss-score: 0.97402 + epss-percentile: 0.99921 cpe: cpe:2.3:o:netgear:r6200_firmware:1.0.1.56_1.0.43:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2017/CVE-2017-5631.yaml b/http/cves/2017/CVE-2017-5631.yaml index b69ca9867d9..13599e4ce5a 100644 --- a/http/cves/2017/CVE-2017-5631.yaml +++ b/http/cves/2017/CVE-2017-5631.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2017-5631 cwe-id: CWE-79 - epss-score: 0.2527 - epss-percentile: 0.95891 + epss-score: 0.00286 + epss-percentile: 0.68687 cpe: cpe:2.3:a:kmc_information_systems:caseaware:-:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2017/CVE-2017-5638.yaml b/http/cves/2017/CVE-2017-5638.yaml index 1d0c71e4131..ddcfd4ac604 100644 --- a/http/cves/2017/CVE-2017-5638.yaml +++ b/http/cves/2017/CVE-2017-5638.yaml @@ -30,9 +30,10 @@ info: vendor: apache product: struts shodan-query: - - http.html:"apache struts" + - html:"Apache Struts" - http.title:"struts2 showcase" - http.html:"struts problem report" + - http.html:"apache struts" fofa-query: - body="struts problem report" - title="struts2 showcase" diff --git a/http/cves/2017/CVE-2017-5689.yaml b/http/cves/2017/CVE-2017-5689.yaml index 0e2df84d2b6..fbf55179b45 100644 --- a/http/cves/2017/CVE-2017-5689.yaml +++ b/http/cves/2017/CVE-2017-5689.yaml @@ -20,15 +20,14 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2017-5689 - cwe-id: CWE-269,NVD-CWE-noinfo - epss-score: 0.94315 - epss-percentile: 0.99936 - cpe: cpe:2.3:o:hpe:proliant_ml10_gen9_server_firmware:5.0:*:*:*:*:*:*:* + epss-score: 0.97395 + epss-percentile: 0.99912 + cpe: cpe:2.3:o:intel:active_management_technology_firmware:6.0:*:*:*:*:*:*:* metadata: verified: true max-request: 2 - vendor: hpe - product: proliant_ml10_gen9_server_firmware + vendor: intel + product: active_management_technology_firmware shodan-query: - title:"Active Management Technology" - http.title:"active management technology" diff --git a/http/cves/2017/CVE-2017-5871.yaml b/http/cves/2017/CVE-2017-5871.yaml index 7750d94abfa..86112892bf2 100644 --- a/http/cves/2017/CVE-2017-5871.yaml +++ b/http/cves/2017/CVE-2017-5871.yaml @@ -13,26 +13,18 @@ info: reference: - https://sysdream.com/cve-2017-5871-odoo-url-redirection-to/ - https://nvd.nist.gov/vuln/detail/CVE-2017-5871 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2017-5871 cwe-id: CWE-601 - epss-score: 0.02676 - epss-percentile: 0.85075 cpe: cpe:2.3:a:odoo:odoo:8.0:*:*:*:*:*:*:* metadata: verified: true - max-request: 3 - vendor: odoo + max-request: 1 + shodan-query: title:"Odoo" product: odoo - shodan-query: - - http.title:"odoo" - - cpe:"cpe:2.3:a:odoo:odoo" - fofa-query: title="odoo" - google-query: intitle:"odoo" + vendor: odoo tags: cve2017,cve,odoo,redirect http: diff --git a/http/cves/2017/CVE-2017-5982.yaml b/http/cves/2017/CVE-2017-5982.yaml index 8a93d73fdd8..6d89f3db446 100644 --- a/http/cves/2017/CVE-2017-5982.yaml +++ b/http/cves/2017/CVE-2017-5982.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.5 cve-id: CVE-2017-5982 cwe-id: CWE-22 - epss-score: 0.86875 - epss-percentile: 0.99378 + epss-score: 0.0372 + epss-percentile: 0.91582 cpe: cpe:2.3:a:kodi:kodi:17.1:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2017/CVE-2017-6090.yaml b/http/cves/2017/CVE-2017-6090.yaml index 75adca8ec4f..cbea7ece404 100644 --- a/http/cves/2017/CVE-2017-6090.yaml +++ b/http/cves/2017/CVE-2017-6090.yaml @@ -27,7 +27,9 @@ info: max-request: 2 vendor: phpcollab product: phpcollab - shodan-query: http.title:"phpcollab" + shodan-query: + - http.title:"PhpCollab" + - http.title:"phpcollab" fofa-query: title="phpcollab" google-query: intitle:"phpcollab" tags: cve,cve2017,phpcollab,rce,fileupload,edb,intrusive diff --git a/http/cves/2017/CVE-2017-7615.yaml b/http/cves/2017/CVE-2017-7615.yaml index 0f3ee2656a0..c62dfdcfe0d 100644 --- a/http/cves/2017/CVE-2017-7615.yaml +++ b/http/cves/2017/CVE-2017-7615.yaml @@ -25,23 +25,17 @@ info: cvss-score: 8.8 cve-id: CVE-2017-7615 cwe-id: CWE-640 - epss-score: 0.92741 - epss-percentile: 0.99739 + epss-score: 0.97404 + epss-percentile: 0.99923 cpe: cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:* metadata: max-request: 5 vendor: mantisbt product: mantisbt shodan-query: - - http.favicon.hash:"662709064" + - http.favicon.hash:662709064 - cpe:"cpe:2.3:a:mantisbt:mantisbt" - - http.html:"administration - installation - mantisbt" - - http.title:"mantisbt" - fofa-query: - - icon_hash=662709064 - - body="administration - installation - mantisbt" - - title="mantisbt" - google-query: intitle:"mantisbt" + fofa-query: icon_hash=662709064 tags: cve,cve2017,mantisbt,unauth,edb http: diff --git a/http/cves/2017/CVE-2017-7855.yaml b/http/cves/2017/CVE-2017-7855.yaml index 46caf75112f..15b0cdd6f53 100644 --- a/http/cves/2017/CVE-2017-7855.yaml +++ b/http/cves/2017/CVE-2017-7855.yaml @@ -15,8 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2017-7855 cwe-id: CWE-79 - epss-score: 0.00545 - epss-percentile: 0.66636 + epss-score: 0.0009 + epss-percentile: 0.37043 cpe: cpe:2.3:a:icewarp:server:11.3.1.5:*:*:*:*:*:*:* metadata: verified: true @@ -24,7 +24,7 @@ info: vendor: icewarp product: server shodan-query: - - http.title:"icewarp" + - title:"icewarp" - http.title:"gotify" fofa-query: title="gotify" google-query: intitle:"gotify" diff --git a/http/cves/2017/CVE-2017-7921.yaml b/http/cves/2017/CVE-2017-7921.yaml index acf85047509..38cf1b74ea7 100644 --- a/http/cves/2017/CVE-2017-7921.yaml +++ b/http/cves/2017/CVE-2017-7921.yaml @@ -20,8 +20,8 @@ info: cvss-score: 10 cve-id: CVE-2017-7921 cwe-id: CWE-287 - epss-score: 0.94145 - epss-percentile: 0.999 + epss-score: 0.01361 + epss-percentile: 0.86195 cpe: cpe:2.3:o:hikvision:ds-2cd2032-i_firmware:-:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2017/CVE-2017-7925.yaml b/http/cves/2017/CVE-2017-7925.yaml index 4ac3ace42db..6a2172f98b5 100644 --- a/http/cves/2017/CVE-2017-7925.yaml +++ b/http/cves/2017/CVE-2017-7925.yaml @@ -26,7 +26,7 @@ info: max-request: 1 vendor: dahuasecurity product: dh-ipc-hdbw23a0rn-zs_firmware - shodan-query: http.favicon.hash:"2019488876" + shodan-query: http.favicon.hash:2019488876 fofa-query: icon_hash=2019488876 tags: cve,cve2017,dahua,camera,dahuasecurity diff --git a/http/cves/2017/CVE-2017-8229.yaml b/http/cves/2017/CVE-2017-8229.yaml index e4693e62a89..51e98aba59f 100644 --- a/http/cves/2017/CVE-2017-8229.yaml +++ b/http/cves/2017/CVE-2017-8229.yaml @@ -29,8 +29,11 @@ info: max-request: 1 vendor: amcrest product: ipm-721s_firmware - shodan-query: http.html:"amcrest" + shodan-query: + - html:"Amcrest" + - http.html:"amcrest" fofa-query: + - "Amcrest" - amcrest - body="amcrest" tags: cve2017,cve,packetstorm,seclists,amcrest,iot diff --git a/http/cves/2017/CVE-2017-8917.yaml b/http/cves/2017/CVE-2017-8917.yaml index 965fba11ac3..3ce539c2a28 100644 --- a/http/cves/2017/CVE-2017-8917.yaml +++ b/http/cves/2017/CVE-2017-8917.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2017-8917 cwe-id: CWE-89 - epss-score: 0.94379 - epss-percentile: 0.99957 + epss-score: 0.97555 + epss-percentile: 0.99998 cpe: cpe:2.3:a:joomla:joomla\!:3.7.0:*:*:*:*:*:*:* metadata: verified: true @@ -30,8 +30,9 @@ info: vendor: joomla product: joomla\! shodan-query: - - http.component:"joomla" + - http.component:"Joomla" - http.html:"joomla! - open source content management" + - http.component:"joomla" - cpe:"cpe:2.3:a:joomla:joomla\!" fofa-query: body="joomla! - open source content management" tags: cve2017,cve,joomla,sqli diff --git a/http/cves/2017/CVE-2017-9140.yaml b/http/cves/2017/CVE-2017-9140.yaml index 750ec9a94e5..313d4e8835f 100644 --- a/http/cves/2017/CVE-2017-9140.yaml +++ b/http/cves/2017/CVE-2017-9140.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.1 cve-id: CVE-2017-9140 cwe-id: CWE-79 - epss-score: 0.05518 - epss-percentile: 0.89727 + epss-score: 0.00191 + epss-percentile: 0.56488 cpe: cpe:2.3:a:progress:telerik_reporting:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2017/CVE-2017-9288.yaml b/http/cves/2017/CVE-2017-9288.yaml index 824a84754cb..fc5705d59ac 100644 --- a/http/cves/2017/CVE-2017-9288.yaml +++ b/http/cves/2017/CVE-2017-9288.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2017-9288 cwe-id: CWE-79 - epss-score: 0.02863 - epss-percentile: 0.85582 + epss-score: 0.00168 + epss-percentile: 0.53673 cpe: cpe:2.3:a:raygun:raygun4wp:1.8.0:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2017/CVE-2017-9506.yaml b/http/cves/2017/CVE-2017-9506.yaml index 08166295452..3e799eb265f 100644 --- a/http/cves/2017/CVE-2017-9506.yaml +++ b/http/cves/2017/CVE-2017-9506.yaml @@ -20,14 +20,16 @@ info: cvss-score: 6.1 cve-id: CVE-2017-9506 cwe-id: CWE-918 - epss-score: 0.59792 - epss-percentile: 0.98119 + epss-score: 0.00575 + epss-percentile: 0.77897 cpe: cpe:2.3:a:atlassian:oauth:1.3.0:*:*:*:*:*:*:* metadata: max-request: 1 vendor: atlassian product: oauth - shodan-query: http.component:"atlassian jira" + shodan-query: + - http.component:"Atlassian Jira" + - http.component:"atlassian jira" tags: cve,cve2017,atlassian,jira,ssrf,oast http: diff --git a/http/cves/2017/CVE-2017-9791.yaml b/http/cves/2017/CVE-2017-9791.yaml index a41c2646864..372acec9ad6 100644 --- a/http/cves/2017/CVE-2017-9791.yaml +++ b/http/cves/2017/CVE-2017-9791.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2017-9791 cwe-id: CWE-20 - epss-score: 0.94263 - epss-percentile: 0.99923 + epss-score: 0.97448 + epss-percentile: 0.99947 cpe: cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:* metadata: verified: true @@ -30,10 +30,12 @@ info: vendor: apache product: struts shodan-query: + - title:"Struts2 Showcase" - http.title:"struts2 showcase" - http.html:"struts problem report" - http.html:"apache struts" fofa-query: + - title="Struts2 Showcase" - title="struts2 showcase" - body="apache struts" - body="struts problem report" diff --git a/http/cves/2017/CVE-2017-9805.yaml b/http/cves/2017/CVE-2017-9805.yaml index 73c58fc8c30..1a6b6b3aa63 100644 --- a/http/cves/2017/CVE-2017-9805.yaml +++ b/http/cves/2017/CVE-2017-9805.yaml @@ -16,13 +16,13 @@ info: - http://www.securitytracker.com/id/1039263 - https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2017-9805 cwe-id: CWE-502 - epss-score: 0.9439 - epss-percentile: 0.99963 - cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* + epss-score: 0.97541 + epss-percentile: 0.99994 + cpe: cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:* metadata: max-request: 2 vendor: apache diff --git a/http/cves/2017/CVE-2017-9822.yaml b/http/cves/2017/CVE-2017-9822.yaml index 4d925907916..a7894a1ff69 100644 --- a/http/cves/2017/CVE-2017-9822.yaml +++ b/http/cves/2017/CVE-2017-9822.yaml @@ -19,9 +19,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2017-9822 - cwe-id: CWE-94 - epss-score: 0.94348 - epss-percentile: 0.99945 + cwe-id: CWE-20 + epss-score: 0.96984 + epss-percentile: 0.99734 cpe: cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2017/CVE-2017-9833.yaml b/http/cves/2017/CVE-2017-9833.yaml index 1f9494b481b..cc16b182236 100644 --- a/http/cves/2017/CVE-2017-9833.yaml +++ b/http/cves/2017/CVE-2017-9833.yaml @@ -27,7 +27,6 @@ info: max-request: 1 vendor: boa product: boa - shodan-query: server:"boa/" tags: cve,cve2017,boa,lfr,lfi,edb http: diff --git a/http/cves/2017/CVE-2017-9841.yaml b/http/cves/2017/CVE-2017-9841.yaml index 396645560ac..1563bb37dfa 100644 --- a/http/cves/2017/CVE-2017-9841.yaml +++ b/http/cves/2017/CVE-2017-9841.yaml @@ -18,15 +18,15 @@ info: cvss-score: 9.8 cve-id: CVE-2017-9841 cwe-id: CWE-94 - epss-score: 0.94406 - epss-percentile: 0.9997 + epss-score: 0.97477 + epss-percentile: 0.99963 cpe: cpe:2.3:a:phpunit_project:phpunit:*:*:*:*:*:*:*:* metadata: max-request: 6 vendor: phpunit_project product: phpunit - shodan-query: .phpunit.result.cache tags: cve2017,cve,php,phpunit,rce,kev,phpunit_project + variables: string: "CVE-2017-9841" diff --git a/http/cves/2018/CVE-2018-0127.yaml b/http/cves/2018/CVE-2018-0127.yaml index b8600edee39..3040bc93505 100644 --- a/http/cves/2018/CVE-2018-0127.yaml +++ b/http/cves/2018/CVE-2018-0127.yaml @@ -19,9 +19,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-0127 - cwe-id: CWE-200,CWE-306 - epss-score: 0.90648 - epss-percentile: 0.99587 + cwe-id: CWE-306,CWE-200 + epss-score: 0.09982 + epss-percentile: 0.94853 cpe: cpe:2.3:o:cisco:rv132w_firmware:1.0.0.1:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-0296.yaml b/http/cves/2018/CVE-2018-0296.yaml index 0b14542b9a8..5135a046f11 100644 --- a/http/cves/2018/CVE-2018-0296.yaml +++ b/http/cves/2018/CVE-2018-0296.yaml @@ -20,9 +20,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H cvss-score: 7.5 cve-id: CVE-2018-0296 - cwe-id: CWE-20,CWE-22 - epss-score: 0.94436 - epss-percentile: 0.99984 + cwe-id: CWE-22,CWE-20 + epss-score: 0.97436 + epss-percentile: 0.99942 cpe: cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-1000129.yaml b/http/cves/2018/CVE-2018-1000129.yaml index 436dffb0bf5..27fd7db254a 100644 --- a/http/cves/2018/CVE-2018-1000129.yaml +++ b/http/cves/2018/CVE-2018-1000129.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2018-1000129 cwe-id: CWE-79 - epss-score: 0.72147 - epss-percentile: 0.98652 + epss-score: 0.00257 + epss-percentile: 0.65435 cpe: cpe:2.3:a:jolokia:jolokia:1.3.7:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2018/CVE-2018-1000533.yaml b/http/cves/2018/CVE-2018-1000533.yaml index af225ee8933..b8cd15e9282 100644 --- a/http/cves/2018/CVE-2018-1000533.yaml +++ b/http/cves/2018/CVE-2018-1000533.yaml @@ -20,18 +20,14 @@ info: cvss-score: 9.8 cve-id: CVE-2018-1000533 cwe-id: CWE-20 - epss-score: 0.9259 - epss-percentile: 0.99724 + epss-score: 0.97242 + epss-percentile: 0.99831 cpe: cpe:2.3:a:gitlist:gitlist:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: gitlist product: gitlist - shodan-query: - - cpe:"cpe:2.3:a:gitlist:gitlist" - - http.title:"gitlist" - fofa-query: title="gitlist" - google-query: intitle:"gitlist" + shodan-query: cpe:"cpe:2.3:a:gitlist:gitlist" tags: cve,cve2018,git,gitlist,vulhub,rce http: diff --git a/http/cves/2018/CVE-2018-1000600.yaml b/http/cves/2018/CVE-2018-1000600.yaml index 91ca2f8245c..cbc8c2c8cdd 100644 --- a/http/cves/2018/CVE-2018-1000600.yaml +++ b/http/cves/2018/CVE-2018-1000600.yaml @@ -29,9 +29,6 @@ info: vendor: jenkins product: github framework: jenkins - shodan-query: http.title:"github debug" - fofa-query: title="github debug" - google-query: intitle:"github debug" tags: cve,cve2018,jenkins,ssrf,oast,github http: diff --git a/http/cves/2018/CVE-2018-1000671.yaml b/http/cves/2018/CVE-2018-1000671.yaml index 82053ae59f4..105d531519a 100644 --- a/http/cves/2018/CVE-2018-1000671.yaml +++ b/http/cves/2018/CVE-2018-1000671.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2018-1000671 cwe-id: CWE-601 - epss-score: 0.02119 - epss-percentile: 0.83259 + epss-score: 0.00422 + epss-percentile: 0.74167 cpe: cpe:2.3:a:sympa:sympa:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2018/CVE-2018-1000856.yaml b/http/cves/2018/CVE-2018-1000856.yaml index 363993e3ea9..29cfa9ca716 100644 --- a/http/cves/2018/CVE-2018-1000856.yaml +++ b/http/cves/2018/CVE-2018-1000856.yaml @@ -14,14 +14,13 @@ info: - https://github.com/domainmod/domainmod/issues/80 - https://nvd.nist.gov/vuln/detail/CVE-2018-1000856 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N cvss-score: 4.8 cve-id: CVE-2018-1000856 cwe-id: CWE-79 - epss-score: 0.0121 - epss-percentile: 0.77973 + epss-score: 0.00069 + epss-percentile: 0.30035 cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2018/CVE-2018-1000861.yaml b/http/cves/2018/CVE-2018-1000861.yaml index 63e770c1428..d99b765ce5e 100644 --- a/http/cves/2018/CVE-2018-1000861.yaml +++ b/http/cves/2018/CVE-2018-1000861.yaml @@ -20,21 +20,18 @@ info: cvss-score: 9.8 cve-id: CVE-2018-1000861 cwe-id: CWE-502 - epss-score: 0.94487 - epss-percentile: 0.99999 + epss-score: 0.9732 + epss-percentile: 0.99878 cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:* metadata: max-request: 1 vendor: jenkins product: jenkins shodan-query: - - http.favicon.hash:"81586312" + - http.favicon.hash:81586312 - cpe:"cpe:2.3:a:jenkins:jenkins" - product:"jenkins" - - x-jenkins - fofa-query: - - icon_hash=81586312 - - icon_hash="81586312" + fofa-query: icon_hash=81586312 tags: cve2018,cve,packetstorm,kev,vulhub,rce,jenkins http: diff --git a/http/cves/2018/CVE-2018-10093.yaml b/http/cves/2018/CVE-2018-10093.yaml index 5b16cf1dda3..b2c881996aa 100644 --- a/http/cves/2018/CVE-2018-10093.yaml +++ b/http/cves/2018/CVE-2018-10093.yaml @@ -21,15 +21,13 @@ info: cvss-score: 8.8 cve-id: CVE-2018-10093 cwe-id: CWE-862 - epss-score: 0.6338 - epss-percentile: 0.98269 + epss-score: 0.06287 + epss-percentile: 0.92936 cpe: cpe:2.3:o:audiocodes:420hd_ip_phone_firmware:2.2.12.126:*:*:*:*:*:*:* metadata: max-request: 1 vendor: audiocodes product: 420hd_ip_phone_firmware - shodan-query: http.html:"audiocodes" - fofa-query: body="audiocodes" tags: cve,cve2018,rce,iot,audiocode,edb,seclists,audiocodes http: diff --git a/http/cves/2018/CVE-2018-10201.yaml b/http/cves/2018/CVE-2018-10201.yaml index 6d189a90b16..dd9f348ed58 100644 --- a/http/cves/2018/CVE-2018-10201.yaml +++ b/http/cves/2018/CVE-2018-10201.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2018-10201 cwe-id: CWE-22 - epss-score: 0.83024 - epss-percentile: 0.99186 + epss-score: 0.04525 + epss-percentile: 0.91637 cpe: cpe:2.3:a:ncomputing:vspace_pro:10:*:*:*:*:*:*:* metadata: max-request: 4 diff --git a/http/cves/2018/CVE-2018-10230.yaml b/http/cves/2018/CVE-2018-10230.yaml index 2b09ebd7d48..89b4817c89a 100644 --- a/http/cves/2018/CVE-2018-10230.yaml +++ b/http/cves/2018/CVE-2018-10230.yaml @@ -15,24 +15,19 @@ info: - https://www.zend.com/en/products/server/release-notes - https://nvd.nist.gov/vuln/detail/CVE-2018-10230 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-10230 cwe-id: CWE-79 - epss-score: 0.04499 - epss-percentile: 0.88548 + epss-score: 0.00106 + epss-percentile: 0.43069 cpe: cpe:2.3:a:zend:zend_server:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: zend product: zend_server - shodan-query: - - cpe:"cpe:2.3:a:zend:zend_server" - - http.title:"zend server test page" - fofa-query: title="zend server test page" - google-query: intitle:"zend server test page" + shodan-query: cpe:"cpe:2.3:a:zend:zend_server" tags: cve,cve2018,xss,zend http: diff --git a/http/cves/2018/CVE-2018-10383.yaml b/http/cves/2018/CVE-2018-10383.yaml index de189de2fca..8d0c7e23704 100644 --- a/http/cves/2018/CVE-2018-10383.yaml +++ b/http/cves/2018/CVE-2018-10383.yaml @@ -9,24 +9,21 @@ info: reference: - https://github.com/grymer/CVE/blob/master/CVE-2018-10383.md - https://nvd.nist.gov/vuln/detail/CVE-2018-10383 - - https://github.com/grymer/CVE classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-10383 cwe-id: CWE-79 - epss-score: 0.05855 - epss-percentile: 0.90069 cpe: cpe:2.3:o:lantronix:securelinx_spider_firmware:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 + max-request: 1 vendor: lantronix - product: "securelinx_spider_firmware" - shodan-query: http.title:"lantronix" - fofa-query: title="lantronix" - google-query: intitle:"lantronix" - tags: cve,lantronix,securelinx,sls,xss,cve2018 + product: securelinx_spider_firmware + shodan-query: title:"Lantronix" + fofa-query: title="Lantronix" + tags: cve,cve2022,lantronix,securelinx,sls,xss + flow: http(1) && http(2) http: diff --git a/http/cves/2018/CVE-2018-10562.yaml b/http/cves/2018/CVE-2018-10562.yaml index 45d1259bc3f..c86c7006b35 100644 --- a/http/cves/2018/CVE-2018-10562.yaml +++ b/http/cves/2018/CVE-2018-10562.yaml @@ -16,12 +16,12 @@ info: - https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/ - https://github.com/ethicalhackeragnidhra/GPON classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-10562 cwe-id: CWE-78 - epss-score: 0.9411 - epss-percentile: 0.99894 + epss-score: 0.97423 + epss-percentile: 0.99934 cpe: cpe:2.3:o:dasannetworks:gpon_router_firmware:-:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2018/CVE-2018-10735.yaml b/http/cves/2018/CVE-2018-10735.yaml index db38220028e..de00d57cd1e 100644 --- a/http/cves/2018/CVE-2018-10735.yaml +++ b/http/cves/2018/CVE-2018-10735.yaml @@ -14,21 +14,19 @@ info: cvss-score: 7.2 cve-id: CVE-2018-10735 cwe-id: CWE-89 - epss-score: 0.86568 - epss-percentile: 0.99362 + epss-score: 0.00403 + epss-percentile: 0.7323 cpe: cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: nagios product: nagios_xi - shodan-query: - - http.title:"nagios xi" - - http.favicon.hash:"1460499495" + shodan-query: http.title:"nagios xi" fofa-query: - - app="nagios-xi" + - app="Nagios-XI" - title="nagios xi" - - icon_hash="1460499495" + - app="nagios-xi" google-query: intitle:"nagios xi" tags: cve,cve2018,nagios,sqli variables: diff --git a/http/cves/2018/CVE-2018-10736.yaml b/http/cves/2018/CVE-2018-10736.yaml index 577c1da89cd..e3b4aa3d733 100644 --- a/http/cves/2018/CVE-2018-10736.yaml +++ b/http/cves/2018/CVE-2018-10736.yaml @@ -10,27 +10,24 @@ info: - https://github.com/0ps/pocassistdb - https://github.com/jweny/pocassistdb - https://vulners.com/seebug/SSV:97266 - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2018-10736 cwe-id: CWE-89 - epss-score: 0.83567 - epss-percentile: 0.99215 + epss-score: 0.01861 + epss-percentile: 0.88359 cpe: cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: nagios product: nagios_xi - shodan-query: - - http.title:"nagios xi" - - http.favicon.hash:"1460499495" + shodan-query: http.title:"nagios xi" fofa-query: - - app="nagios-xi" + - app="Nagios-XI" - title="nagios xi" - - icon_hash="1460499495" + - app="nagios-xi" google-query: intitle:"nagios xi" tags: cve,cve2018,nagios,sqli variables: diff --git a/http/cves/2018/CVE-2018-10737.yaml b/http/cves/2018/CVE-2018-10737.yaml index 8ea401d147a..b0fdcdc03a4 100644 --- a/http/cves/2018/CVE-2018-10737.yaml +++ b/http/cves/2018/CVE-2018-10737.yaml @@ -22,13 +22,11 @@ info: max-request: 1 vendor: nagios product: nagios_xi - shodan-query: - - http.title:"nagios xi" - - http.favicon.hash:"1460499495" + shodan-query: http.title:"nagios xi" fofa-query: - - app="nagios-xi" + - app="Nagios-XI" - title="nagios xi" - - icon_hash="1460499495" + - app="nagios-xi" google-query: intitle:"nagios xi" tags: cve,cve2018,nagios,sqli variables: diff --git a/http/cves/2018/CVE-2018-10738.yaml b/http/cves/2018/CVE-2018-10738.yaml index e0028faf79f..c2b3c9ed08b 100644 --- a/http/cves/2018/CVE-2018-10738.yaml +++ b/http/cves/2018/CVE-2018-10738.yaml @@ -9,27 +9,24 @@ info: reference: - https://qkl.seebug.org/vuldb/ssvid-97268 - https://vuldb.com/de/?id.117807 - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2018-10738 cwe-id: CWE-89 - epss-score: 0.83567 - epss-percentile: 0.99215 + epss-score: 0.01861 + epss-percentile: 0.88359 cpe: cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: nagios product: nagios_xi - shodan-query: - - http.title:"nagios xi" - - http.favicon.hash:"1460499495" + shodan-query: http.title:"nagios xi" fofa-query: - - app="nagios-xi" + - app="Nagios-XI" - title="nagios xi" - - icon_hash="1460499495" + - app="nagios-xi" google-query: intitle:"nagios xi" tags: cve,cve2018,nagios,sqli variables: diff --git a/http/cves/2018/CVE-2018-10822.yaml b/http/cves/2018/CVE-2018-10822.yaml index a1834aa16ed..dbb449b5854 100644 --- a/http/cves/2018/CVE-2018-10822.yaml +++ b/http/cves/2018/CVE-2018-10822.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2018-10822 cwe-id: CWE-22 - epss-score: 0.86187 - epss-percentile: 0.99343 + epss-score: 0.10309 + epss-percentile: 0.94824 cpe: cpe:2.3:o:dlink:dwr-116_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-10956.yaml b/http/cves/2018/CVE-2018-10956.yaml index 0f06db1d1f5..4214c19c827 100644 --- a/http/cves/2018/CVE-2018-10956.yaml +++ b/http/cves/2018/CVE-2018-10956.yaml @@ -28,7 +28,9 @@ info: max-request: 1 vendor: ipconfigure product: orchid_core_vms - shodan-query: http.title:"orchid core vms" + shodan-query: + - http.title:"Orchid Core VMS" + - http.title:"orchid core vms" fofa-query: title="orchid core vms" google-query: intitle:"orchid core vms" tags: cve2018,cve,orchid,vms,lfi,edb,ipconfigure diff --git a/http/cves/2018/CVE-2018-11222.yaml b/http/cves/2018/CVE-2018-11222.yaml index c5fc6c1918f..04c3d884768 100644 --- a/http/cves/2018/CVE-2018-11222.yaml +++ b/http/cves/2018/CVE-2018-11222.yaml @@ -10,14 +10,13 @@ info: - https://blog.hackercat.ninja/post/pandoras_box/ - https://github.com/pandorafms/pandorafms - https://nvd.nist.gov/vuln/detail/CVE-2018-11222 - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2018-11222 cwe-id: CWE-20 - epss-score: 0.18089 - epss-percentile: 0.94826 + epss-score: 0.00402 + epss-percentile: 0.59842 cpe: cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:* metadata: verified: true @@ -31,7 +30,8 @@ info: - body="pandora fms - installation wizard" - title="pandora fms" google-query: intitle:"pandora fms" - tags: cve,cve2018,rce,file-upload,lfi,pandora,intrusive,artica + tags: cve,cve2018,rce,file-upload,lfi,pandora,intrusive + variables: marker: "{{randstr}}" b64marker: "{{base64(marker)}}" diff --git a/http/cves/2018/CVE-2018-11227.yaml b/http/cves/2018/CVE-2018-11227.yaml index afccb0d9e41..c9fa0441b5b 100644 --- a/http/cves/2018/CVE-2018-11227.yaml +++ b/http/cves/2018/CVE-2018-11227.yaml @@ -21,21 +21,16 @@ info: cvss-score: 6.1 cve-id: CVE-2018-11227 cwe-id: CWE-79 - epss-score: 0.0737 - epss-percentile: 0.91222 + epss-score: 0.02135 + epss-percentile: 0.8903 cpe: cpe:2.3:a:monstra:monstra_cms:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: monstra product: monstra_cms - shodan-query: - - http.favicon.hash:"419828698" - - 'http.title:"monstra :: install"' - fofa-query: - - icon_hash=419828698 - - 'title="monstra :: install"' - google-query: 'intitle:"monstra :: install"' + shodan-query: http.favicon.hash:419828698 + fofa-query: icon_hash=419828698 tags: cve,cve2018,xss,mostra,mostracms,cms,edb,monstra http: diff --git a/http/cves/2018/CVE-2018-11231.yaml b/http/cves/2018/CVE-2018-11231.yaml index 54ebd752694..7f015047f78 100644 --- a/http/cves/2018/CVE-2018-11231.yaml +++ b/http/cves/2018/CVE-2018-11231.yaml @@ -15,14 +15,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2018-11231 - http://foreversong.cn/archives/1183 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2018-11231 cwe-id: CWE-89 - epss-score: 0.80753 - epss-percentile: 0.99081 + epss-score: 0.00903 + epss-percentile: 0.82368 cpe: cpe:2.3:a:divido:divido:-:*:*:*:*:opencart:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-11409.yaml b/http/cves/2018/CVE-2018-11409.yaml index d7704b4c6b6..33658e96331 100644 --- a/http/cves/2018/CVE-2018-11409.yaml +++ b/http/cves/2018/CVE-2018-11409.yaml @@ -20,22 +20,16 @@ info: cvss-score: 5.3 cve-id: CVE-2018-11409 cwe-id: CWE-200 - epss-score: 0.90924 - epss-percentile: 0.99601 + epss-score: 0.83856 + epss-percentile: 0.98466 cpe: cpe:2.3:a:splunk:splunk:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: splunk product: splunk - shodan-query: - - http.title:"login - splunk" - - http.title:"splunk" - fofa-query: - - title="login - splunk" - - title="splunk" - google-query: - - intitle:"login - splunk" - - intitle:"splunk" + shodan-query: http.title:"login - splunk" + fofa-query: title="login - splunk" + google-query: intitle:"login - splunk" tags: cve,cve2018,edb,splunk http: diff --git a/http/cves/2018/CVE-2018-11473.yaml b/http/cves/2018/CVE-2018-11473.yaml index 7fd9fb10943..978d51e75bb 100644 --- a/http/cves/2018/CVE-2018-11473.yaml +++ b/http/cves/2018/CVE-2018-11473.yaml @@ -20,15 +20,15 @@ info: cvss-score: 6.1 cve-id: CVE-2018-11473 cwe-id: CWE-79 - epss-score: 0.02077 - epss-percentile: 0.83077 + epss-score: 0.001 + epss-percentile: 0.4118 cpe: cpe:2.3:a:monstra:monstra:3.0.4:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: monstra product: monstra - shodan-query: http.favicon.hash:"419828698" + shodan-query: http.favicon.hash:419828698 fofa-query: icon_hash=419828698 tags: cve,cve2018,xss,mostra,mostracms,cms,monstra diff --git a/http/cves/2018/CVE-2018-11709.yaml b/http/cves/2018/CVE-2018-11709.yaml index 2e773049c7e..5ce6cb4935f 100644 --- a/http/cves/2018/CVE-2018-11709.yaml +++ b/http/cves/2018/CVE-2018-11709.yaml @@ -28,9 +28,6 @@ info: vendor: gvectors product: wpforo_forum framework: wordpress - publicwww-query: /wp-content/plugins/wpforo/ - shodan-query: http.html:"/wp-content/plugins/wpforo/" - fofa-query: body=/wp-content/plugins/wpforo/ tags: cve,cve2018,wordpress,xss,wp-plugin,gvectors http: diff --git a/http/cves/2018/CVE-2018-11759.yaml b/http/cves/2018/CVE-2018-11759.yaml index 7080fa09918..9f4bc4ea9cf 100644 --- a/http/cves/2018/CVE-2018-11759.yaml +++ b/http/cves/2018/CVE-2018-11759.yaml @@ -21,14 +21,16 @@ info: cvss-score: 7.5 cve-id: CVE-2018-11759 cwe-id: CWE-22 - epss-score: 0.94175 - epss-percentile: 0.99905 + epss-score: 0.96552 + epss-percentile: 0.99592 cpe: cpe:2.3:a:apache:tomcat_jk_connector:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: apache product: tomcat_jk_connector - shodan-query: http.title:"apache tomcat" + shodan-query: + - title:"Apache Tomcat" + - http.title:"apache tomcat" fofa-query: title="apache tomcat" google-query: intitle:"apache tomcat" tags: cve2018,cve,apache,tomcat,httpd,mod-jk diff --git a/http/cves/2018/CVE-2018-11776.yaml b/http/cves/2018/CVE-2018-11776.yaml index 4da5aabfb5b..65f85bb3072 100644 --- a/http/cves/2018/CVE-2018-11776.yaml +++ b/http/cves/2018/CVE-2018-11776.yaml @@ -17,12 +17,12 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2018-11776 - http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2018-11776 cwe-id: CWE-20 - epss-score: 0.94429 - epss-percentile: 0.99981 + epss-score: 0.97517 + epss-percentile: 0.99987 cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-11784.yaml b/http/cves/2018/CVE-2018-11784.yaml index 334eeb08ea0..839bd64628a 100644 --- a/http/cves/2018/CVE-2018-11784.yaml +++ b/http/cves/2018/CVE-2018-11784.yaml @@ -29,20 +29,14 @@ info: vendor: apache product: tomcat shodan-query: + - title:"Apache Tomcat" - http.title:"apache tomcat" - http.html:"apache tomcat" - cpe:"cpe:2.3:a:apache:tomcat" - - http.component:"apache tomcat" - - http.html:"jk status manager" - - product:"tomcat" fofa-query: - body="apache tomcat" - title="apache tomcat" - - body="jk status manager" - - server=="apache tomcat" - google-query: - - intitle:"apache tomcat" - - site:*/examples/jsp/snp/snoop.jsp + google-query: intitle:"apache tomcat" tags: cve,cve2018,packetstorm,tomcat,redirect,apache http: diff --git a/http/cves/2018/CVE-2018-12054.yaml b/http/cves/2018/CVE-2018-12054.yaml index 27ca3487af2..b26bd977742 100644 --- a/http/cves/2018/CVE-2018-12054.yaml +++ b/http/cves/2018/CVE-2018-12054.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2018-12054 cwe-id: CWE-22 - epss-score: 0.69597 - epss-percentile: 0.98548 + epss-score: 0.32403 + epss-percentile: 0.97019 cpe: cpe:2.3:a:schools_alert_management_script_project:schools_alert_management_script:-:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-12095.yaml b/http/cves/2018/CVE-2018-12095.yaml index c9dcea85e98..cddb51f8894 100644 --- a/http/cves/2018/CVE-2018-12095.yaml +++ b/http/cves/2018/CVE-2018-12095.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5.4 cve-id: CVE-2018-12095 cwe-id: CWE-79 - epss-score: 0.37781 - epss-percentile: 0.96997 + epss-score: 0.00333 + epss-percentile: 0.70604 cpe: cpe:2.3:a:oecms_project:oecms:3.1:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-12296.yaml b/http/cves/2018/CVE-2018-12296.yaml index 0321097203a..6f95a7554e1 100644 --- a/http/cves/2018/CVE-2018-12296.yaml +++ b/http/cves/2018/CVE-2018-12296.yaml @@ -13,14 +13,13 @@ info: - https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170 - https://nvd.nist.gov/vuln/detail/CVE-2018-12296 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2018-12296 cwe-id: CWE-732 - epss-score: 0.59806 - epss-percentile: 0.98121 + epss-score: 0.01442 + epss-percentile: 0.866 cpe: cpe:2.3:o:seagate:nas_os:4.3.15.1:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-12300.yaml b/http/cves/2018/CVE-2018-12300.yaml index 1b5c4f89cd8..c6daa1f569f 100644 --- a/http/cves/2018/CVE-2018-12300.yaml +++ b/http/cves/2018/CVE-2018-12300.yaml @@ -12,15 +12,13 @@ info: reference: - https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170 - https://nvd.nist.gov/vuln/detail/CVE-2018-12300 - - https://github.com/20142995/nuclei-templates - - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-12300 cwe-id: CWE-601 - epss-score: 0.25376 - epss-percentile: 0.95902 + epss-score: 0.00118 + epss-percentile: 0.45685 cpe: cpe:2.3:o:seagate:nas_os:4.3.15.1:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-12613.yaml b/http/cves/2018/CVE-2018-12613.yaml index 36e39278a27..ab1ea7c6caf 100644 --- a/http/cves/2018/CVE-2018-12613.yaml +++ b/http/cves/2018/CVE-2018-12613.yaml @@ -20,8 +20,8 @@ info: cvss-score: 8.8 cve-id: CVE-2018-12613 cwe-id: CWE-287 - epss-score: 0.94017 - epss-percentile: 0.99878 + epss-score: 0.97369 + epss-percentile: 0.99902 cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:* metadata: max-request: 1 @@ -31,13 +31,9 @@ info: - http.title:"phpmyadmin" - http.component:"phpmyadmin" - cpe:"cpe:2.3:a:phpmyadmin:phpmyadmin" - - http.html:"phpmyadmin" - - http.html:"server_databases.php" fofa-query: - title="phpmyadmin" - body="pma_servername" && body="4.8.4" - - body="phpmyadmin" - - body="server_databases.php" google-query: intitle:"phpmyadmin" hunter-query: app.name="phpmyadmin"&&web.body="pma_servername"&&web.body="4.8.4" tags: cve,cve2018,vulhub,edb,phpmyadmin,lfi diff --git a/http/cves/2018/CVE-2018-12634.yaml b/http/cves/2018/CVE-2018-12634.yaml index f515726c810..4631f15994d 100644 --- a/http/cves/2018/CVE-2018-12634.yaml +++ b/http/cves/2018/CVE-2018-12634.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2018-12634 cwe-id: CWE-200 - epss-score: 0.88322 - epss-percentile: 0.99445 + epss-score: 0.94448 + epss-percentile: 0.99209 cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-12675.yaml b/http/cves/2018/CVE-2018-12675.yaml index c19cbb822cf..a5c257d6517 100644 --- a/http/cves/2018/CVE-2018-12675.yaml +++ b/http/cves/2018/CVE-2018-12675.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2018-12675 cwe-id: CWE-601 - epss-score: 0.19683 - epss-percentile: 0.95104 + epss-score: 0.00118 + epss-percentile: 0.45948 cpe: cpe:2.3:o:sv3c:h.264_poe_ip_camera_firmware:v2.3.4.2103-s50-ntd-b20170508b:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2018/CVE-2018-1271.yaml b/http/cves/2018/CVE-2018-1271.yaml index fef6723e184..0456684810f 100644 --- a/http/cves/2018/CVE-2018-1271.yaml +++ b/http/cves/2018/CVE-2018-1271.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5.9 cve-id: CVE-2018-1271 cwe-id: CWE-22 - epss-score: 0.921 - epss-percentile: 0.99687 + epss-score: 0.004 + epss-percentile: 0.73504 cpe: cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2018/CVE-2018-12909.yaml b/http/cves/2018/CVE-2018-12909.yaml index 028be61eb34..4468c8e64ac 100644 --- a/http/cves/2018/CVE-2018-12909.yaml +++ b/http/cves/2018/CVE-2018-12909.yaml @@ -27,7 +27,9 @@ info: max-request: 1 vendor: webgrind_project product: webgrind - fofa-query: app="webgrind" + fofa-query: + - app="Webgrind" + - app="webgrind" tags: cve,cve2018,lfi,webgrind,webgrind_project http: diff --git a/http/cves/2018/CVE-2018-1335.yaml b/http/cves/2018/CVE-2018-1335.yaml index 4df803c717b..7e52a29020e 100644 --- a/http/cves/2018/CVE-2018-1335.yaml +++ b/http/cves/2018/CVE-2018-1335.yaml @@ -18,8 +18,8 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2018-1335 - epss-score: 0.93645 - epss-percentile: 0.9983 + epss-score: 0.96745 + epss-percentile: 0.99664 cpe: cpe:2.3:a:apache:tika:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-13379.yaml b/http/cves/2018/CVE-2018-13379.yaml index 51ccdefd337..9feb6220e3b 100644 --- a/http/cves/2018/CVE-2018-13379.yaml +++ b/http/cves/2018/CVE-2018-13379.yaml @@ -13,21 +13,19 @@ info: - https://fortiguard.com/advisory/FG-IR-18-384 - https://www.fortiguard.com/psirt/FG-IR-20-233 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13379 - - https://github.com/retr0-13/Goby - - https://github.com/sobinge/nuclei-templates classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H - cvss-score: 9.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2018-13379 cwe-id: CWE-22 - epss-score: 0.94473 - epss-percentile: 0.99995 - cpe: cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* + epss-score: 0.97305 + epss-percentile: 0.99854 + cpe: cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: fortinet - product: fortiproxy + product: fortios shodan-query: - http.html:"/remote/login" "xxxxxxxx" - http.favicon.hash:945408572 diff --git a/http/cves/2018/CVE-2018-13380.yaml b/http/cves/2018/CVE-2018-13380.yaml index 08baaae212b..2f09fd2cbaa 100644 --- a/http/cves/2018/CVE-2018-13380.yaml +++ b/http/cves/2018/CVE-2018-13380.yaml @@ -16,12 +16,12 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2018-13380 - https://github.com/merlinepedra25/nuclei-templates classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N - cvss-score: 4.7 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2018-13380 cwe-id: CWE-79 - epss-score: 0.34693 - epss-percentile: 0.96789 + epss-score: 0.00122 + epss-percentile: 0.46539 cpe: cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* metadata: max-request: 2 @@ -29,9 +29,9 @@ info: product: fortios shodan-query: - http.html:"/remote/login" "xxxxxxxx" - - http.favicon.hash:"945408572" + - http.favicon.hash:945408572 - cpe:"cpe:2.3:o:fortinet:fortios" - - port:"10443 http.favicon.hash945408572" + - port:10443 http.favicon.hash:945408572 fofa-query: - body="/remote/login" "xxxxxxxx" - icon_hash=945408572 diff --git a/http/cves/2018/CVE-2018-13980.yaml b/http/cves/2018/CVE-2018-13980.yaml index b434c981fee..f4b0c5c076a 100644 --- a/http/cves/2018/CVE-2018-13980.yaml +++ b/http/cves/2018/CVE-2018-13980.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5.5 cve-id: CVE-2018-13980 cwe-id: CWE-22 - epss-score: 0.1094 - epss-percentile: 0.93029 + epss-score: 0.0018 + epss-percentile: 0.55107 cpe: cpe:2.3:a:zeta-producer:zeta_producer:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-14013.yaml b/http/cves/2018/CVE-2018-14013.yaml index ec1a15411b2..53a2fff1b1e 100644 --- a/http/cves/2018/CVE-2018-14013.yaml +++ b/http/cves/2018/CVE-2018-14013.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2018-14013 cwe-id: CWE-79 - epss-score: 0.39816 - epss-percentile: 0.97122 + epss-score: 0.0065 + epss-percentile: 0.7936 cpe: cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:* metadata: max-request: 1 @@ -30,11 +30,9 @@ info: shodan-query: - http.title:"zimbra collaboration suite" - http.title:"zimbra web client sign in" - - http.favicon.hash:"1624375939" fofa-query: - title="zimbra web client sign in" - title="zimbra collaboration suite" - - icon_hash=1624375939 google-query: - intitle:"zimbra collaboration suite" - intitle:"zimbra web client sign in" diff --git a/http/cves/2018/CVE-2018-14474.yaml b/http/cves/2018/CVE-2018-14474.yaml index d78617d8061..fe4a9735089 100644 --- a/http/cves/2018/CVE-2018-14474.yaml +++ b/http/cves/2018/CVE-2018-14474.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2018-14474 cwe-id: CWE-601 - epss-score: 0.02192 - epss-percentile: 0.83566 + epss-score: 0.00063 + epss-percentile: 0.26641 cpe: cpe:2.3:a:goodoldweb:orange_forum:1.4.0:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2018/CVE-2018-14574.yaml b/http/cves/2018/CVE-2018-14574.yaml index 366f64e1b13..5115082d324 100644 --- a/http/cves/2018/CVE-2018-14574.yaml +++ b/http/cves/2018/CVE-2018-14574.yaml @@ -28,15 +28,7 @@ info: max-request: 1 vendor: djangoproject product: django - shodan-query: - - cpe:"cpe:2.3:a:djangoproject:django" - - cpe:"cpe:2.3:a:djangoproject:django" || http.title:"django administration" - - http.html:"settings.py" - - http.title:"the install worked successfully! congratulations!" - fofa-query: - - body=settings.py - - title="the install worked successfully! congratulations!" - google-query: intitle:"the install worked successfully! congratulations!" + shodan-query: cpe:"cpe:2.3:a:djangoproject:django" tags: cve,cve2018,django,redirect,djangoproject http: diff --git a/http/cves/2018/CVE-2018-14728.yaml b/http/cves/2018/CVE-2018-14728.yaml index 62dff88212a..84859322ab8 100644 --- a/http/cves/2018/CVE-2018-14728.yaml +++ b/http/cves/2018/CVE-2018-14728.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2018-14728 cwe-id: CWE-918 - epss-score: 0.92876 - epss-percentile: 0.99752 + epss-score: 0.96369 + epss-percentile: 0.99525 cpe: cpe:2.3:a:tecrail:responsive_filemanager:9.13.1:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-14912.yaml b/http/cves/2018/CVE-2018-14912.yaml index 58cb15f7d30..16a4b4cdd5f 100644 --- a/http/cves/2018/CVE-2018-14912.yaml +++ b/http/cves/2018/CVE-2018-14912.yaml @@ -18,8 +18,8 @@ info: cvss-score: 7.5 cve-id: CVE-2018-14912 cwe-id: CWE-22 - epss-score: 0.91334 - epss-percentile: 0.99627 + epss-score: 0.96192 + epss-percentile: 0.99513 cpe: cpe:2.3:a:cgit_project:cgit:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-14916.yaml b/http/cves/2018/CVE-2018-14916.yaml index f802b25f1f8..a2beb839c44 100644 --- a/http/cves/2018/CVE-2018-14916.yaml +++ b/http/cves/2018/CVE-2018-14916.yaml @@ -20,15 +20,13 @@ info: cvss-score: 9.1 cve-id: CVE-2018-14916 cwe-id: CWE-732 - epss-score: 0.68248 - epss-percentile: 0.98481 - cpe: cpe:2.3:o:loytec:lgate-902_firmware:*:*:*:*:*:*:*:* + epss-score: 0.00644 + epss-percentile: 0.79217 + cpe: cpe:2.3:h:loytec:lgate-902:-:*:*:*:*:*:*:* metadata: max-request: 1 vendor: loytec - product: lgate-902_firmware - shodan-query: http.html:"lgate-902" - fofa-query: body="lgate-902" + product: lgate-902 tags: cve2018,cve,loytec,lfi,packetstorm,seclists,xss http: diff --git a/http/cves/2018/CVE-2018-14918.yaml b/http/cves/2018/CVE-2018-14918.yaml index 2256376390e..0e975dea29c 100644 --- a/http/cves/2018/CVE-2018-14918.yaml +++ b/http/cves/2018/CVE-2018-14918.yaml @@ -21,15 +21,17 @@ info: cvss-score: 7.5 cve-id: CVE-2018-14918 cwe-id: CWE-22 - epss-score: 0.73138 - epss-percentile: 0.98696 + epss-score: 0.43288 + epss-percentile: 0.97355 cpe: cpe:2.3:o:loytec:lgate-902_firmware:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: loytec product: lgate-902_firmware - shodan-query: http.html:"lgate-902" + shodan-query: + - http.html:"LGATE-902" + - http.html:"lgate-902" fofa-query: body="lgate-902" tags: cve,cve2018,loytec,lfi,seclists,packetstorm,lgate,xss diff --git a/http/cves/2018/CVE-2018-14931.yaml b/http/cves/2018/CVE-2018-14931.yaml index 2270b510c60..3730cc334b3 100644 --- a/http/cves/2018/CVE-2018-14931.yaml +++ b/http/cves/2018/CVE-2018-14931.yaml @@ -13,14 +13,13 @@ info: - https://neetech18.blogspot.com/2019/03/polaris-intellect-core-banking-software_31.html - https://nvd.nist.gov/vuln/detail/CVE-2018-14931 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-14931 cwe-id: CWE-601 - epss-score: 0.10712 - epss-percentile: 0.92926 + epss-score: 0.00118 + epss-percentile: 0.45948 cpe: cpe:2.3:a:polarisft:intellect_core_banking:9.7.1:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-15517.yaml b/http/cves/2018/CVE-2018-15517.yaml index b913374a9d7..b84aee8f444 100644 --- a/http/cves/2018/CVE-2018-15517.yaml +++ b/http/cves/2018/CVE-2018-15517.yaml @@ -20,8 +20,8 @@ info: cvss-score: 8.6 cve-id: CVE-2018-15517 cwe-id: CWE-918 - epss-score: 0.7459 - epss-percentile: 0.98773 + epss-score: 0.01001 + epss-percentile: 0.83597 cpe: cpe:2.3:a:dlink:central_wifimanager:1.03:r0098:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-15535.yaml b/http/cves/2018/CVE-2018-15535.yaml index bf8dde68fed..37e381cbd74 100644 --- a/http/cves/2018/CVE-2018-15535.yaml +++ b/http/cves/2018/CVE-2018-15535.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2018-15535 cwe-id: CWE-22 - epss-score: 0.81247 - epss-percentile: 0.99104 + epss-score: 0.9704 + epss-percentile: 0.99756 cpe: cpe:2.3:a:tecrail:responsive_filemanager:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-15745.yaml b/http/cves/2018/CVE-2018-15745.yaml index 84866161b73..d1a56658ad2 100644 --- a/http/cves/2018/CVE-2018-15745.yaml +++ b/http/cves/2018/CVE-2018-15745.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2018-15745 cwe-id: CWE-22 - epss-score: 0.89162 - epss-percentile: 0.99497 + epss-score: 0.92562 + epss-percentile: 0.98989 cpe: cpe:2.3:a:argussurveillance:dvr:4.0.0.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-15917.yaml b/http/cves/2018/CVE-2018-15917.yaml index 46a4a8b0d60..db2f77c3077 100644 --- a/http/cves/2018/CVE-2018-15917.yaml +++ b/http/cves/2018/CVE-2018-15917.yaml @@ -18,8 +18,8 @@ info: cvss-score: 5.4 cve-id: CVE-2018-15917 cwe-id: CWE-79 - epss-score: 0.01823 - epss-percentile: 0.81966 + epss-score: 0.02648 + epss-percentile: 0.90369 cpe: cpe:2.3:a:jorani_project:jorani:0.6.5:*:*:*:*:*:*:* metadata: verified: true @@ -27,12 +27,9 @@ info: vendor: jorani_project product: jorani shodan-query: - - http.title:"login - jorani" - - http.favicon.hash:"-2032163853" - - http.html:"login - jorani" - fofa-query: - - icon_hash=-2032163853 - - body="login - jorani" + - title:"Login - Jorani" + - http.favicon.hash:-2032163853 + fofa-query: icon_hash=-2032163853 tags: cve,cve2018,jorani,xss,jorani_project http: diff --git a/http/cves/2018/CVE-2018-15961.yaml b/http/cves/2018/CVE-2018-15961.yaml index e4670b22013..cb424a80e5a 100644 --- a/http/cves/2018/CVE-2018-15961.yaml +++ b/http/cves/2018/CVE-2018-15961.yaml @@ -16,18 +16,19 @@ info: - http://web.archive.org/web/20220309060906/http://www.securitytracker.com/id/1041621 - http://www.securitytracker.com/id/1041621 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-15961 cwe-id: CWE-434 - epss-score: 0.94396 - epss-percentile: 0.99966 + epss-score: 0.97436 + epss-percentile: 0.99942 cpe: cpe:2.3:a:adobe:coldfusion:11.0:-:*:*:*:*:*:* metadata: max-request: 2 vendor: adobe product: coldfusion shodan-query: + - http.component:"Adobe ColdFusion" - http.component:"adobe coldfusion" - http.title:"coldfusion administrator login" - cpe:"cpe:2.3:a:adobe:coldfusion" diff --git a/http/cves/2018/CVE-2018-16059.yaml b/http/cves/2018/CVE-2018-16059.yaml index 32df59e2ff7..eb5278d33d5 100644 --- a/http/cves/2018/CVE-2018-16059.yaml +++ b/http/cves/2018/CVE-2018-16059.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5.3 cve-id: CVE-2018-16059 cwe-id: CWE-22 - epss-score: 0.44803 - epss-percentile: 0.97408 + epss-score: 0.32871 + epss-percentile: 0.96924 cpe: cpe:2.3:o:endress:wirelesshart_fieldgate_swg70_firmware:3.00.07:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-16133.yaml b/http/cves/2018/CVE-2018-16133.yaml index 02b1d4bbb4d..2020f08e742 100644 --- a/http/cves/2018/CVE-2018-16133.yaml +++ b/http/cves/2018/CVE-2018-16133.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5.3 cve-id: CVE-2018-16133 cwe-id: CWE-22 - epss-score: 0.64413 - epss-percentile: 0.98314 + epss-score: 0.03629 + epss-percentile: 0.91461 cpe: cpe:2.3:a:cybrotech:cybrohttpserver:1.0.3:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-16139.yaml b/http/cves/2018/CVE-2018-16139.yaml index b6be33667fe..ea943409df8 100644 --- a/http/cves/2018/CVE-2018-16139.yaml +++ b/http/cves/2018/CVE-2018-16139.yaml @@ -28,7 +28,9 @@ info: max-request: 1 vendor: bibliosoft product: bibliopac - shodan-query: http.title:"bibliopac" + shodan-query: + - title:"Bibliopac" + - http.title:"bibliopac" fofa-query: title="bibliopac" google-query: intitle:"bibliopac" tags: cve,cve2018,xss,bibliopac,bibliosoft diff --git a/http/cves/2018/CVE-2018-16167.yaml b/http/cves/2018/CVE-2018-16167.yaml index f13b4bc5e2e..cbdb2500b6f 100644 --- a/http/cves/2018/CVE-2018-16167.yaml +++ b/http/cves/2018/CVE-2018-16167.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2018-16167 cwe-id: CWE-78 - epss-score: 0.87026 - epss-percentile: 0.99386 + epss-score: 0.27457 + epss-percentile: 0.96794 cpe: cpe:2.3:a:jpcert:logontracer:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-16283.yaml b/http/cves/2018/CVE-2018-16283.yaml index 1a5a93984de..2660d02eac0 100644 --- a/http/cves/2018/CVE-2018-16283.yaml +++ b/http/cves/2018/CVE-2018-16283.yaml @@ -18,8 +18,8 @@ info: cvss-score: 9.8 cve-id: CVE-2018-16283 cwe-id: CWE-22 - epss-score: 0.85591 - epss-percentile: 0.99316 + epss-score: 0.25721 + epss-percentile: 0.96702 cpe: cpe:2.3:a:wechat_brodcast_project:wechat_brodcast:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-16288.yaml b/http/cves/2018/CVE-2018-16288.yaml index 5ef5975f283..f7d65418ee9 100644 --- a/http/cves/2018/CVE-2018-16288.yaml +++ b/http/cves/2018/CVE-2018-16288.yaml @@ -21,8 +21,8 @@ info: cvss-score: 8.6 cve-id: CVE-2018-16288 cwe-id: CWE-200 - epss-score: 0.6366 - epss-percentile: 0.98279 + epss-score: 0.12055 + epss-percentile: 0.95357 cpe: cpe:2.3:a:lg:supersign_cms:2.5:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-16299.yaml b/http/cves/2018/CVE-2018-16299.yaml index 70243faac3b..f8f69b55601 100644 --- a/http/cves/2018/CVE-2018-16299.yaml +++ b/http/cves/2018/CVE-2018-16299.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2018-16299 cwe-id: CWE-22 - epss-score: 0.83946 - epss-percentile: 0.99233 + epss-score: 0.02738 + epss-percentile: 0.89516 cpe: cpe:2.3:a:localize_my_post_project:localize_my_post:1.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-16668.yaml b/http/cves/2018/CVE-2018-16668.yaml index 5998c2b5680..b54d285b23f 100644 --- a/http/cves/2018/CVE-2018-16668.yaml +++ b/http/cves/2018/CVE-2018-16668.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5.3 cve-id: CVE-2018-16668 cwe-id: CWE-287 - epss-score: 0.48794 - epss-percentile: 0.976 + epss-score: 0.00189 + epss-percentile: 0.56242 cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-16716.yaml b/http/cves/2018/CVE-2018-16716.yaml index 980e13faeb1..01c74f21988 100644 --- a/http/cves/2018/CVE-2018-16716.yaml +++ b/http/cves/2018/CVE-2018-16716.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2018-16716 - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/grymer/CVE - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 9.1 cve-id: CVE-2018-16716 cwe-id: CWE-22 - epss-score: 0.44536 - epss-percentile: 0.97395 + epss-score: 0.0045 + epss-percentile: 0.75058 cpe: cpe:2.3:a:nih:ncbi_toolbox:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-16761.yaml b/http/cves/2018/CVE-2018-16761.yaml index e3840d59f99..6ea0a13d5f6 100644 --- a/http/cves/2018/CVE-2018-16761.yaml +++ b/http/cves/2018/CVE-2018-16761.yaml @@ -27,7 +27,7 @@ info: max-request: 2 vendor: eventum_project product: eventum - shodan-query: http.favicon.hash:"305412257" + shodan-query: http.favicon.hash:305412257 fofa-query: icon_hash=305412257 tags: cve,cve2018,redirect,eventum,oss,eventum_project diff --git a/http/cves/2018/CVE-2018-16836.yaml b/http/cves/2018/CVE-2018-16836.yaml index 09dca4f091c..468e1c73aee 100644 --- a/http/cves/2018/CVE-2018-16836.yaml +++ b/http/cves/2018/CVE-2018-16836.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2018-16836 cwe-id: CWE-22 - epss-score: 0.88257 - epss-percentile: 0.99441 + epss-score: 0.26631 + epss-percentile: 0.96743 cpe: cpe:2.3:a:rubedo_project:rubedo:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-16979.yaml b/http/cves/2018/CVE-2018-16979.yaml index 072d0da4716..d0ee126478f 100644 --- a/http/cves/2018/CVE-2018-16979.yaml +++ b/http/cves/2018/CVE-2018-16979.yaml @@ -19,15 +19,15 @@ info: cvss-score: 6.1 cve-id: CVE-2018-16979 cwe-id: CWE-113 - epss-score: 0.19962 - epss-percentile: 0.95148 + epss-score: 0.00141 + epss-percentile: 0.48943 cpe: cpe:2.3:a:monstra:monstra:3.0.4:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: monstra product: monstra - shodan-query: http.favicon.hash:"419828698" + shodan-query: http.favicon.hash:419828698 fofa-query: icon_hash=419828698 tags: cve2018,cve,crlf,mostra,mostracms,cms,monstra,xss diff --git a/http/cves/2018/CVE-2018-17153.yaml b/http/cves/2018/CVE-2018-17153.yaml index e0818dade5c..6e43e266e79 100644 --- a/http/cves/2018/CVE-2018-17153.yaml +++ b/http/cves/2018/CVE-2018-17153.yaml @@ -29,7 +29,7 @@ info: max-request: 1 vendor: western_digital product: my_cloud_wdbctl0020hwt_firmware - shodan-query: http.favicon.hash:"-1074357885" + shodan-query: http.favicon.hash:-1074357885 fofa-query: icon_hash=-1074357885 tags: cve2018,cve,packetstorm,auth-bypass,rce,wdcloud,western_digital diff --git a/http/cves/2018/CVE-2018-17246.yaml b/http/cves/2018/CVE-2018-17246.yaml index 7769f830082..6494cc561af 100644 --- a/http/cves/2018/CVE-2018-17246.yaml +++ b/http/cves/2018/CVE-2018-17246.yaml @@ -19,9 +19,9 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-17246 - cwe-id: CWE-73,CWE-829 - epss-score: 0.93865 - epss-percentile: 0.99857 + cwe-id: CWE-829,CWE-73 + epss-score: 0.96638 + epss-percentile: 0.99612 cpe: cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-17254.yaml b/http/cves/2018/CVE-2018-17254.yaml index 6a634c8253b..cd946266343 100644 --- a/http/cves/2018/CVE-2018-17254.yaml +++ b/http/cves/2018/CVE-2018-17254.yaml @@ -19,8 +19,8 @@ info: cvss-score: 9.8 cve-id: CVE-2018-17254 cwe-id: CWE-89 - epss-score: 0.87333 - epss-percentile: 0.99401 + epss-score: 0.81623 + epss-percentile: 0.9836 cpe: cpe:2.3:a:arkextensions:jck_editor:6.4.4:*:*:*:*:joomla\!:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-17283.yaml b/http/cves/2018/CVE-2018-17283.yaml index 08751f0408d..48c9831cc62 100644 --- a/http/cves/2018/CVE-2018-17283.yaml +++ b/http/cves/2018/CVE-2018-17283.yaml @@ -6,32 +6,24 @@ info: severity: high description: | Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter. - reference: - - https://github.com/x-f1v3/forcve/issues/4 - - https://nvd.nist.gov/vuln/detail/CVE-2018-17283 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2018-17283 cwe-id: CWE-89 - epss-score: 0.69262 - epss-percentile: 0.98529 + epss-score: 0.66731 + epss-percentile: 0.9842 cpe: cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:* + reference: + - https://github.com/x-f1v3/forcve/issues/4 + - https://nvd.nist.gov/vuln/detail/CVE-2018-17283 metadata: verified: true - max-request: 2 vendor: zohocorp - product: "manageengine_opmanager" - shodan-query: - - http.title:"opmanager" - - http.title:"opmanager plus" - fofa-query: - - title="opmanager" - - title="opmanager plus" - google-query: - - intitle:"opmanager plus" - - intitle:"opmanager" - tags: cve,cve2018,oputils,zoho,opmanager,sqli,time-based-sqli,kev,zohocorp + product: manageengine_opmanager + shodan-query: http.title:"OpManager" + fofa-query: title="OpManager" + tags: cve,cve2018,oputils,zoho,opmanager,sqli,time-based-sqli,kev http: - raw: diff --git a/http/cves/2018/CVE-2018-17422.yaml b/http/cves/2018/CVE-2018-17422.yaml index c0e21dc5fcb..a3117496a98 100644 --- a/http/cves/2018/CVE-2018-17422.yaml +++ b/http/cves/2018/CVE-2018-17422.yaml @@ -14,21 +14,22 @@ info: - https://github.com/dotCMS/core/issues/15286 - https://nvd.nist.gov/vuln/detail/CVE-2018-17422 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-17422 cwe-id: CWE-601 - epss-score: 0.06141 - epss-percentile: 0.90314 + epss-score: 0.00118 + epss-percentile: 0.45948 cpe: cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: dotcms product: dotcms - shodan-query: http.title:"dotcms" + shodan-query: + - http.title:"dotCMS" + - http.title:"dotcms" fofa-query: title="dotcms" google-query: intitle:"dotcms" tags: cve2018,cve,redirect,dotcms diff --git a/http/cves/2018/CVE-2018-17431.yaml b/http/cves/2018/CVE-2018-17431.yaml index 015b456e8e6..2138ae5c2ca 100644 --- a/http/cves/2018/CVE-2018-17431.yaml +++ b/http/cves/2018/CVE-2018-17431.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2018-17431 cwe-id: CWE-287 - epss-score: 0.92116 - epss-percentile: 0.99688 + epss-score: 0.11416 + epss-percentile: 0.95098 cpe: cpe:2.3:a:comodo:unified_threat_management_firewall:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2018/CVE-2018-18069.yaml b/http/cves/2018/CVE-2018-18069.yaml index 17292a8fe35..5a906a75c1f 100644 --- a/http/cves/2018/CVE-2018-18069.yaml +++ b/http/cves/2018/CVE-2018-18069.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2018-18069 cwe-id: CWE-79 - epss-score: 0.214 - epss-percentile: 0.95356 + epss-score: 0.00092 + epss-percentile: 0.38026 cpe: cpe:2.3:a:wpml:wpml:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-18264.yaml b/http/cves/2018/CVE-2018-18264.yaml index feaed5c4a27..2986febe590 100644 --- a/http/cves/2018/CVE-2018-18264.yaml +++ b/http/cves/2018/CVE-2018-18264.yaml @@ -21,14 +21,16 @@ info: cvss-score: 7.5 cve-id: CVE-2018-18264 cwe-id: CWE-306 - epss-score: 0.91697 - epss-percentile: 0.99651 + epss-score: 0.95251 + epss-percentile: 0.9934 cpe: cpe:2.3:a:kubernetes:dashboard:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: kubernetes product: dashboard - shodan-query: product:"kubernetes" + shodan-query: + - product:"Kubernetes" + - product:"kubernetes" tags: cve,cve2018,kubernetes,k8s,auth-bypass http: diff --git a/http/cves/2018/CVE-2018-18323.yaml b/http/cves/2018/CVE-2018-18323.yaml index 03045767f37..f9e9fa482b5 100644 --- a/http/cves/2018/CVE-2018-18323.yaml +++ b/http/cves/2018/CVE-2018-18323.yaml @@ -29,9 +29,7 @@ info: vendor: control-webpanel product: webpanel shodan-query: http.title:"login | control webpanel" - fofa-query: - - title="login | control webpanel" - - title=="cwp |用户" || title=="login | centos webpanel" || body="centos webpanel" + fofa-query: title="login | control webpanel" google-query: intitle:"login | control webpanel" tags: cve2018,cve,centos,lfi,packetstorm,control-webpanel,xss diff --git a/http/cves/2018/CVE-2018-18570.yaml b/http/cves/2018/CVE-2018-18570.yaml index 606a65e6ef6..d22f2ff64cb 100644 --- a/http/cves/2018/CVE-2018-18570.yaml +++ b/http/cves/2018/CVE-2018-18570.yaml @@ -13,14 +13,13 @@ info: - https://www2.deloitte.com/de/de/pages/risk/articles/planon-cross-site-scripting.html - https://nvd.nist.gov/vuln/detail/CVE-2018-18570 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-18570 cwe-id: CWE-79 - epss-score: 0.11047 - epss-percentile: 0.93068 + epss-score: 0.00098 + epss-percentile: 0.40792 cpe: cpe:2.3:a:planonsoftware:planon:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-18608.yaml b/http/cves/2018/CVE-2018-18608.yaml index c00b6f8d302..71a5b060cbe 100644 --- a/http/cves/2018/CVE-2018-18608.yaml +++ b/http/cves/2018/CVE-2018-18608.yaml @@ -15,14 +15,13 @@ info: - https://github.com/ky-j/dedecms/files/2504649/Reflected.XSS.Vulnerability.exists.in.the.file.of.DedeCMS.V5.7.SP2.docx - https://nvd.nist.gov/vuln/detail/CVE-2018-18608 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-18608 cwe-id: CWE-79 - epss-score: 0.17188 - epss-percentile: 0.94639 + epss-score: 0.001 + epss-percentile: 0.41301 cpe: cpe:2.3:a:dedecms:dedecms:5.7:sp2:*:*:*:*:*:* metadata: verified: true @@ -30,16 +29,12 @@ info: vendor: dedecms product: dedecms shodan-query: - - http.html:"dedecms" + - http.html:"DedeCms" - cpe:"cpe:2.3:a:dedecms:dedecms" - - http.html:"power by dedecms" || title:"dedecms" - - http.title:"dedecms" || http.html:"power by dedecms" + - http.html:"dedecms" fofa-query: - body="dedecms" - app="dedecms" - - body="power by dedecms" || title:"dedecms" - - title="dedecms" || http.html:"power by dedecms" - google-query: intitle:"dedecms" || http.html:"power by dedecms" tags: cve2018,cve,dedecms,xss http: diff --git a/http/cves/2018/CVE-2018-18777.yaml b/http/cves/2018/CVE-2018-18777.yaml index fed039e1eae..7f53459ddec 100644 --- a/http/cves/2018/CVE-2018-18777.yaml +++ b/http/cves/2018/CVE-2018-18777.yaml @@ -21,8 +21,8 @@ info: cvss-score: 4.3 cve-id: CVE-2018-18777 cwe-id: CWE-22 - epss-score: 0.69525 - epss-percentile: 0.98543 + epss-score: 0.00185 + epss-percentile: 0.5564 cpe: cpe:2.3:a:microstrategy:microstrategy_web:7:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-18778.yaml b/http/cves/2018/CVE-2018-18778.yaml index ef622ed97f0..1b5da0a76c1 100644 --- a/http/cves/2018/CVE-2018-18778.yaml +++ b/http/cves/2018/CVE-2018-18778.yaml @@ -28,9 +28,11 @@ info: vendor: acme product: mini-httpd shodan-query: - - server:"mini_httpd && 200" + - 'Server: mini_httpd && 200' - cpe:"cpe:2.3:a:acme:mini-httpd" + - "server: mini_httpd && 200" tags: cve,cve2018,lfi,mini_httpd,acme + flow: http(1) && http(2) http: diff --git a/http/cves/2018/CVE-2018-18809.yaml b/http/cves/2018/CVE-2018-18809.yaml index aa5ad4911ba..5b645372b1e 100644 --- a/http/cves/2018/CVE-2018-18809.yaml +++ b/http/cves/2018/CVE-2018-18809.yaml @@ -21,15 +21,17 @@ info: cvss-score: 6.5 cve-id: CVE-2018-18809 cwe-id: CWE-22 - epss-score: 0.94093 - epss-percentile: 0.99892 + epss-score: 0.50316 + epss-percentile: 0.97524 cpe: cpe:2.3:a:tibco:jasperreports_library:*:*:*:*:activematrix_bpm:*:*:* metadata: verified: true max-request: 1 vendor: tibco product: jasperreports_library - shodan-query: http.html:"jasperserver-pro" + shodan-query: + - html:"jasperserver-pro" + - http.html:"jasperserver-pro" fofa-query: body="jasperserver-pro" tags: cve2018,cve,packetstorm,seclists,lfi,kev,jasperserver,jasperreport,tibco diff --git a/http/cves/2018/CVE-2018-18925.yaml b/http/cves/2018/CVE-2018-18925.yaml index 8d0294a5c27..2f753bcbe08 100644 --- a/http/cves/2018/CVE-2018-18925.yaml +++ b/http/cves/2018/CVE-2018-18925.yaml @@ -19,8 +19,8 @@ info: cvss-score: 9.8 cve-id: CVE-2018-18925 cwe-id: CWE-384 - epss-score: 0.93675 - epss-percentile: 0.99833 + epss-score: 0.09538 + epss-percentile: 0.94736 cpe: cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:* metadata: max-request: 2 @@ -29,13 +29,8 @@ info: shodan-query: - cpe:"cpe:2.3:a:gogs:gogs" - http.title:"sign in - gogs" - - http.title:"installation - gogs" - fofa-query: - - title="sign in - gogs" - - title="installation - gogs" - google-query: - - intitle:"sign in - gogs" - - intitle:"installation - gogs" + fofa-query: title="sign in - gogs" + google-query: intitle:"sign in - gogs" tags: cve,cve2018,gogs,lfi,rce,vulhub http: diff --git a/http/cves/2018/CVE-2018-19276.yaml b/http/cves/2018/CVE-2018-19276.yaml index ed2cce8013b..d1e96b28f27 100644 --- a/http/cves/2018/CVE-2018-19276.yaml +++ b/http/cves/2018/CVE-2018-19276.yaml @@ -10,23 +10,21 @@ info: - http://packetstormsecurity.com/files/155691/OpenMRS-Java-Deserialization-Remote-Code-Execution.html - https://know.bishopfox.com/advisories/news/2019/02/openmrs-insecure-object-deserialization - https://nvd.nist.gov/vuln/detail/CVE-2018-19276 - - https://github.com/xbl3/awesome-cve-poc_qazbnm456 - - https://github.com/0xT11/CVE-POC classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-19276 cwe-id: CWE-502 - epss-score: 0.92083 - epss-percentile: 0.99684 + epss-score: 0.92949 + epss-percentile: 0.9976 cpe: cpe:2.3:a:openmrs:openmrs:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: openmrs product: openmrs - shodan-query: http.html:"openmrs" - tags: packetstorm,cve,openmrs,deserialization,rce,kev,cve2018 + shodan-query: html:"OpenMRS" + tags: cve,cve20218,openmrs,deserialization,rce,kev http: - raw: diff --git a/http/cves/2018/CVE-2018-19287.yaml b/http/cves/2018/CVE-2018-19287.yaml index 445c158b8ca..2e047f36bf0 100644 --- a/http/cves/2018/CVE-2018-19287.yaml +++ b/http/cves/2018/CVE-2018-19287.yaml @@ -30,13 +30,8 @@ info: vendor: ninjaforma product: ninja_forms framework: wordpress - shodan-query: - - http.html:"/wp-content/plugins/ninja-forms/" - - http.html:"/wp-content/plugins/ninja-forms" - fofa-query: - - body=/wp-content/plugins/ninja-forms/ - - body="/wp-content/plugins/ninja-forms" - - body="/wp-content/plugins/ninja-forms/" + shodan-query: http.html:/wp-content/plugins/ninja-forms/ + fofa-query: body=/wp-content/plugins/ninja-forms/ publicwww-query: /wp-content/plugins/ninja-forms/ tags: cve,cve2018,wp-plugin,wp,xss,authenticated,wpscan,edb,ninja-forms,wordpress,ninjaforma diff --git a/http/cves/2018/CVE-2018-19326.yaml b/http/cves/2018/CVE-2018-19326.yaml index 117107ef494..176417a716a 100644 --- a/http/cves/2018/CVE-2018-19326.yaml +++ b/http/cves/2018/CVE-2018-19326.yaml @@ -29,7 +29,9 @@ info: max-request: 1 vendor: zyxel product: vmg1312-b10d_firmware - shodan-query: http.html:"vmg1312-b10d" + shodan-query: + - http.html:"VMG1312-B10D" + - http.html:"vmg1312-b10d" fofa-query: body="vmg1312-b10d" tags: cve2018,cve,lfi,modem,router,edb,zyxel diff --git a/http/cves/2018/CVE-2018-19365.yaml b/http/cves/2018/CVE-2018-19365.yaml index d88a1ae0933..4747eeab1f6 100644 --- a/http/cves/2018/CVE-2018-19365.yaml +++ b/http/cves/2018/CVE-2018-19365.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2018-19365 - https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2018-19365.txt - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H cvss-score: 9.1 cve-id: CVE-2018-19365 cwe-id: CWE-22 - epss-score: 0.81755 - epss-percentile: 0.99128 + epss-score: 0.01354 + epss-percentile: 0.8589 cpe: cpe:2.3:a:wowza:streaming_engine:4.7.4.0.1:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-19386.yaml b/http/cves/2018/CVE-2018-19386.yaml index 5b23498dac4..4719fce15f9 100644 --- a/http/cves/2018/CVE-2018-19386.yaml +++ b/http/cves/2018/CVE-2018-19386.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2018-19386 cwe-id: CWE-79 - epss-score: 0.23271 - epss-percentile: 0.9563 + epss-score: 0.00177 + epss-percentile: 0.54797 cpe: cpe:2.3:a:solarwinds:database_performance_analyzer:11.1.457:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-19410.yaml b/http/cves/2018/CVE-2018-19410.yaml index 9f7fc1bfe61..772630bdd0a 100644 --- a/http/cves/2018/CVE-2018-19410.yaml +++ b/http/cves/2018/CVE-2018-19410.yaml @@ -9,31 +9,26 @@ info: reference: - https://global.ptsecurity.com/analytics/threatscape/pt-2018-24 - https://github.com/himash/CVE-2018-19410-POC - - https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2018-24/ - - https://github.com/A1vinSmith/CVE-2018-9276 - - https://github.com/Ostorlab/KEV classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-19410 - epss-score: 0.91484 - epss-percentile: 0.99636 + epss-score: 0.83361 + epss-percentile: 0.99201 cpe: cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 1 vendor: paessler - product: "prtg_network_monitor" + product: prtg_network_monitor shodan-query: - - '[http.favicon.hash:"-655683626" http.title:"prtg"]' - http.favicon.hash:"-655683626" - http.title:"prtg" fofa-query: - - '[icon_hash=-655683626 title="prtg"]' - - icon_hash="-655683626" + - icon_hash=-655683626 - title="prtg" google-query: intitle:"prtg" - tags: cve,cve2018,prtg,lfi,kev,paessler + tags: cve,cve2018,prtg,lfi,kev + variables: username: "{{rand_base(6)}}" diff --git a/http/cves/2018/CVE-2018-19439.yaml b/http/cves/2018/CVE-2018-19439.yaml index 75c65a67b51..0acf789162c 100644 --- a/http/cves/2018/CVE-2018-19439.yaml +++ b/http/cves/2018/CVE-2018-19439.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.1 cve-id: CVE-2018-19439 cwe-id: CWE-79 - epss-score: 0.62764 - epss-percentile: 0.98245 + epss-score: 0.0038 + epss-percentile: 0.72872 cpe: cpe:2.3:a:oracle:secure_global_desktop:4.4:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-19458.yaml b/http/cves/2018/CVE-2018-19458.yaml index ba7d039027d..95290df43c5 100644 --- a/http/cves/2018/CVE-2018-19458.yaml +++ b/http/cves/2018/CVE-2018-19458.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2018-19458 cwe-id: CWE-287 - epss-score: 0.79968 - epss-percentile: 0.99042 + epss-score: 0.03301 + epss-percentile: 0.91309 cpe: cpe:2.3:a:php-proxy:php-proxy:3.0.3:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-19751.yaml b/http/cves/2018/CVE-2018-19751.yaml index 70218d0d03c..786b1a86650 100644 --- a/http/cves/2018/CVE-2018-19751.yaml +++ b/http/cves/2018/CVE-2018-19751.yaml @@ -15,14 +15,13 @@ info: - https://github.com/domainmod/domainmod/issues/83 - https://nvd.nist.gov/vuln/detail/CVE-2018-19751 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N cvss-score: 4.8 cve-id: CVE-2018-19751 cwe-id: CWE-79 - epss-score: 0.00236 - epss-percentile: 0.46657 + epss-score: 0.00078 + epss-percentile: 0.33785 cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2018/CVE-2018-19914.yaml b/http/cves/2018/CVE-2018-19914.yaml index 8db7cfad4ef..e5a37bf4598 100644 --- a/http/cves/2018/CVE-2018-19914.yaml +++ b/http/cves/2018/CVE-2018-19914.yaml @@ -21,8 +21,8 @@ info: cvss-score: 4.8 cve-id: CVE-2018-19914 cwe-id: CWE-79 - epss-score: 0.00255 - epss-percentile: 0.48887 + epss-score: 0.00126 + epss-percentile: 0.47199 cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2018/CVE-2018-19915.yaml b/http/cves/2018/CVE-2018-19915.yaml index a5e20f8c400..78ce875d944 100644 --- a/http/cves/2018/CVE-2018-19915.yaml +++ b/http/cves/2018/CVE-2018-19915.yaml @@ -21,8 +21,8 @@ info: cvss-score: 4.8 cve-id: CVE-2018-19915 cwe-id: CWE-79 - epss-score: 0.00392 - epss-percentile: 0.59321 + epss-score: 0.00126 + epss-percentile: 0.47199 cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2018/CVE-2018-20010.yaml b/http/cves/2018/CVE-2018-20010.yaml index f80666f7e31..aae698a5e87 100644 --- a/http/cves/2018/CVE-2018-20010.yaml +++ b/http/cves/2018/CVE-2018-20010.yaml @@ -15,14 +15,13 @@ info: - https://github.com/domainmod/domainmod/issues/88 - https://nvd.nist.gov/vuln/detail/CVE-2018-20010 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N cvss-score: 4.8 cve-id: CVE-2018-20010 cwe-id: CWE-79 - epss-score: 0.00377 - epss-percentile: 0.58359 + epss-score: 0.00126 + epss-percentile: 0.47199 cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2018/CVE-2018-20011.yaml b/http/cves/2018/CVE-2018-20011.yaml index 83f663e5723..b322d947367 100644 --- a/http/cves/2018/CVE-2018-20011.yaml +++ b/http/cves/2018/CVE-2018-20011.yaml @@ -15,14 +15,13 @@ info: - https://github.com/domainmod/domainmod/issues/88 - https://nvd.nist.gov/vuln/detail/CVE-2018-20011 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N cvss-score: 4.8 cve-id: CVE-2018-20011 cwe-id: CWE-79 - epss-score: 0.00377 - epss-percentile: 0.58359 + epss-score: 0.00153 + epss-percentile: 0.50703 cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2018/CVE-2018-20062.yaml b/http/cves/2018/CVE-2018-20062.yaml index 5f60b4f1060..ced38a6a741 100644 --- a/http/cves/2018/CVE-2018-20062.yaml +++ b/http/cves/2018/CVE-2018-20062.yaml @@ -10,22 +10,20 @@ info: - https://github.com/yilin1203/CVE-2018-20062/blob/main/CVE-2018-20062.py - https://github.com/yilin1203/CVE-2018-20062 - https://github.com/vulhub/vulhub/tree/master/thinkphp/5-rce - - https://github.com/0xT11/CVE-POC - - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-20062 - epss-score: 0.94048 - epss-percentile: 0.99886 + epss-score: 0.93427 + epss-percentile: 0.99807 cpe: cpe:2.3:a:5none:nonecms:1.3.0:*:*:*:*:*:*:* metadata: - verified: true - max-request: 1 vendor: 5none product: nonecms - fofa-query: app="thinkphp" - tags: cve,cve2018,kev,thinkphp,rce,5none + fofa-query: app="ThinkPHP" + verified: true + max-request: 1 + tags: cve,cve2018,kev,thinkphp,rce http: - method: GET diff --git a/http/cves/2018/CVE-2018-20462.yaml b/http/cves/2018/CVE-2018-20462.yaml index d380c85bd6f..decc41f76e4 100644 --- a/http/cves/2018/CVE-2018-20462.yaml +++ b/http/cves/2018/CVE-2018-20462.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2018-20462 cwe-id: CWE-79 - epss-score: 0.03546 - epss-percentile: 0.87109 + epss-score: 0.00245 + epss-percentile: 0.64545 cpe: cpe:2.3:a:jsmol2wp_project:jsmol2wp:1.07:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2018/CVE-2018-20463.yaml b/http/cves/2018/CVE-2018-20463.yaml index 0036ce4132b..c134643aabf 100644 --- a/http/cves/2018/CVE-2018-20463.yaml +++ b/http/cves/2018/CVE-2018-20463.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2018-20463 cwe-id: CWE-22 - epss-score: 0.73137 - epss-percentile: 0.98696 + epss-score: 0.01939 + epss-percentile: 0.88381 cpe: cpe:2.3:a:jsmol2wp_project:jsmol2wp:1.07:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2018/CVE-2018-20470.yaml b/http/cves/2018/CVE-2018-20470.yaml index 22793ea5ae9..06ba309c339 100644 --- a/http/cves/2018/CVE-2018-20470.yaml +++ b/http/cves/2018/CVE-2018-20470.yaml @@ -15,14 +15,13 @@ info: - http://packetstormsecurity.com/files/153330/Sahi-Pro-7.x-8.x-Directory-Traversal.html - https://nvd.nist.gov/vuln/detail/CVE-2018-20470 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2018-20470 cwe-id: CWE-22 - epss-score: 0.86701 - epss-percentile: 0.9937 + epss-score: 0.2652 + epss-percentile: 0.96738 cpe: cpe:2.3:a:sahipro:sahi_pro:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-20526.yaml b/http/cves/2018/CVE-2018-20526.yaml index dfb23600d8a..dd94cbf5d72 100644 --- a/http/cves/2018/CVE-2018-20526.yaml +++ b/http/cves/2018/CVE-2018-20526.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2018-20526 cwe-id: CWE-434 - epss-score: 0.83406 - epss-percentile: 0.99204 + epss-score: 0.00666 + epss-percentile: 0.79658 cpe: cpe:2.3:a:roxyfileman:roxy_fileman:1.4.5:*:*:*:*:*:*:* metadata: verified: true @@ -31,7 +31,9 @@ info: product: roxy_fileman shodan-query: http.title:"roxy file manager" fofa-query: title="roxy file manager" - google-query: intitle:"roxy file manager" + google-query: + - intitle:"Roxy file manager" + - intitle:"roxy file manager" tags: cve,cve2018,roxy,fileman,rce,fileupload,intrusive,packetstorm,edb,roxyfileman http: diff --git a/http/cves/2018/CVE-2018-20824.yaml b/http/cves/2018/CVE-2018-20824.yaml index 0fd12730547..d8e152ed924 100644 --- a/http/cves/2018/CVE-2018-20824.yaml +++ b/http/cves/2018/CVE-2018-20824.yaml @@ -20,20 +20,18 @@ info: cvss-score: 6.1 cve-id: CVE-2018-20824 cwe-id: CWE-79 - epss-score: 0.46129 - epss-percentile: 0.97474 + epss-score: 0.00203 + epss-percentile: 0.58262 cpe: cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: atlassian product: jira shodan-query: + - http.component:"Atlassian Jira" - http.component:"atlassian jira" - http.component:"atlassian confluence" - cpe:"cpe:2.3:a:atlassian:jira" - - http.title:"jira - jira setup" - fofa-query: title="jira - jira setup" - google-query: intitle:"jira - jira setup" tags: cve2018,cve,atlassian,jira,xss http: diff --git a/http/cves/2018/CVE-2018-20985.yaml b/http/cves/2018/CVE-2018-20985.yaml index a9f80ebb80a..00ee7d58818 100644 --- a/http/cves/2018/CVE-2018-20985.yaml +++ b/http/cves/2018/CVE-2018-20985.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2018-20985 cwe-id: CWE-20 - epss-score: 0.44217 - epss-percentile: 0.97379 + epss-score: 0.01061 + epss-percentile: 0.84101 cpe: cpe:2.3:a:payeezy:wp_payeezy_pay:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-2791.yaml b/http/cves/2018/CVE-2018-2791.yaml index 683198b31f4..ef27dc90772 100644 --- a/http/cves/2018/CVE-2018-2791.yaml +++ b/http/cves/2018/CVE-2018-2791.yaml @@ -19,15 +19,13 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N cvss-score: 8.2 cve-id: CVE-2018-2791 - epss-score: 0.87953 - epss-percentile: 0.99429 + epss-score: 0.02132 + epss-percentile: 0.89226 cpe: cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:* metadata: max-request: 2 vendor: oracle product: webcenter_sites - shodan-query: http.html:"webcenter" - fofa-query: body="webcenter" tags: cve2018,cve,edb,oracle,xss,wcs http: diff --git a/http/cves/2018/CVE-2018-3167.yaml b/http/cves/2018/CVE-2018-3167.yaml index 61691da15a5..3ac66a46ca0 100644 --- a/http/cves/2018/CVE-2018-3167.yaml +++ b/http/cves/2018/CVE-2018-3167.yaml @@ -19,8 +19,8 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2018-3167 - epss-score: 0.88236 - epss-percentile: 0.9944 + epss-score: 0.00519 + epss-percentile: 0.76719 cpe: cpe:2.3:a:oracle:application_management_pack:12.1.3:*:*:*:*:e-business_suite:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-3238.yaml b/http/cves/2018/CVE-2018-3238.yaml index 0aa02a6f95b..52c536f1f2e 100644 --- a/http/cves/2018/CVE-2018-3238.yaml +++ b/http/cves/2018/CVE-2018-3238.yaml @@ -19,15 +19,13 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N cvss-score: 6.9 cve-id: CVE-2018-3238 - epss-score: 0.30846 - epss-percentile: 0.96467 + epss-score: 0.00471 + epss-percentile: 0.75585 cpe: cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:* metadata: max-request: 3 vendor: oracle product: webcenter_sites - shodan-query: http.html:"webcenter" - fofa-query: body="webcenter" tags: cve2018,cve,oracle,wcs,xss http: diff --git a/http/cves/2018/CVE-2018-3760.yaml b/http/cves/2018/CVE-2018-3760.yaml index 7a8fc2df41d..47556c054c0 100644 --- a/http/cves/2018/CVE-2018-3760.yaml +++ b/http/cves/2018/CVE-2018-3760.yaml @@ -20,9 +20,9 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2018-3760 - cwe-id: CWE-22,CWE-200 - epss-score: 0.93599 - epss-percentile: 0.99826 + cwe-id: CWE-200,CWE-22 + epss-score: 0.02274 + epss-percentile: 0.88524 cpe: cpe:2.3:a:redhat:cloudforms:4.5:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2018/CVE-2018-5230.yaml b/http/cves/2018/CVE-2018-5230.yaml index fd71db9a9b0..2236d829c86 100644 --- a/http/cves/2018/CVE-2018-5230.yaml +++ b/http/cves/2018/CVE-2018-5230.yaml @@ -29,12 +29,10 @@ info: vendor: atlassian product: jira shodan-query: - - http.component:"atlassian confluence" + - http.component:"Atlassian Confluence" - http.component:"atlassian jira" + - http.component:"atlassian confluence" - cpe:"cpe:2.3:a:atlassian:jira" - - http.title:"jira - jira setup" - fofa-query: title="jira - jira setup" - google-query: intitle:"jira - jira setup" tags: cve,cve2018,atlassian,confluence,xss http: diff --git a/http/cves/2018/CVE-2018-5233.yaml b/http/cves/2018/CVE-2018-5233.yaml index 05ae1d93310..24e3a95c077 100644 --- a/http/cves/2018/CVE-2018-5233.yaml +++ b/http/cves/2018/CVE-2018-5233.yaml @@ -25,7 +25,9 @@ info: max-request: 1 vendor: getgrav product: grav_cms - shodan-query: http.html:"grav cms" + shodan-query: + - html:"Grav CMS" + - http.html:"grav cms" fofa-query: body="grav cms" tags: cve,cve2018,xss,grav,getgrav diff --git a/http/cves/2018/CVE-2018-5316.yaml b/http/cves/2018/CVE-2018-5316.yaml index 399c5f95cbd..de100d9c51e 100644 --- a/http/cves/2018/CVE-2018-5316.yaml +++ b/http/cves/2018/CVE-2018-5316.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2018-5316 cwe-id: CWE-79 - epss-score: 0.03142 - epss-percentile: 0.86239 + epss-score: 0.00175 + epss-percentile: 0.54749 cpe: cpe:2.3:a:patsatech:sagepay_server_gateway_for_woocommerce:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2018/CVE-2018-5715.yaml b/http/cves/2018/CVE-2018-5715.yaml index 6f79861c024..ad7ad608a93 100644 --- a/http/cves/2018/CVE-2018-5715.yaml +++ b/http/cves/2018/CVE-2018-5715.yaml @@ -28,19 +28,16 @@ info: vendor: sugarcrm product: sugarcrm shodan-query: + - http.html:"SugarCRM Inc. All Rights Reserved" + - http.title:sugarcrm - http.html:"sugarcrm inc. all rights reserved" - - http.title:"sugarcrm" - - http.title:"sugar setup wizard" fofa-query: - body="sugarcrm inc. all rights reserved" - title=sugarcrm - - title="sugar setup wizard" - - title="sugarcrm" google-query: - - intext:"sugarcrm inc. all rights reserved" + - intext:"SugarCRM Inc. All Rights Reserved" - intitle:sugarcrm - - intitle:"sugar setup wizard" - - intitle:"sugarcrm" + - intext:"sugarcrm inc. all rights reserved" tags: cve2018,cve,sugarcrm,xss,edb http: diff --git a/http/cves/2018/CVE-2018-6008.yaml b/http/cves/2018/CVE-2018-6008.yaml index eacc95ea2dd..e2019810dbd 100644 --- a/http/cves/2018/CVE-2018-6008.yaml +++ b/http/cves/2018/CVE-2018-6008.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2018-6008 cwe-id: CWE-200 - epss-score: 0.84059 - epss-percentile: 0.99239 + epss-score: 0.3768 + epss-percentile: 0.97202 cpe: cpe:2.3:a:joomlatag:jtag_members_directory:5.3.7:*:*:*:*:joomla\!:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-6184.yaml b/http/cves/2018/CVE-2018-6184.yaml index 0d1b543d30d..7be6c5158ea 100644 --- a/http/cves/2018/CVE-2018-6184.yaml +++ b/http/cves/2018/CVE-2018-6184.yaml @@ -29,12 +29,10 @@ info: vendor: zeit product: next.js shodan-query: + - html:"/_next/static" - http.html:"/_next/static" - cpe:"cpe:2.3:a:zeit:next.js" - - x-middleware-rewrite - fofa-query: - - body="/_next/static" - - x-middleware-rewrite + fofa-query: body="/_next/static" tags: cve2018,cve,nextjs,lfi,traversal,zeit http: diff --git a/http/cves/2018/CVE-2018-6200.yaml b/http/cves/2018/CVE-2018-6200.yaml index c617668c727..6eefbb89630 100644 --- a/http/cves/2018/CVE-2018-6200.yaml +++ b/http/cves/2018/CVE-2018-6200.yaml @@ -14,15 +14,13 @@ info: - https://cxsecurity.com/issue/WLB-2018010251 - https://nvd.nist.gov/vuln/detail/CVE-2018-6200 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-6200 cwe-id: CWE-601 - epss-score: 0.15384 - epss-percentile: 0.94274 + epss-score: 0.00106 + epss-percentile: 0.43227 cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:* metadata: verified: true @@ -34,16 +32,12 @@ info: - http.html:"powered by vbulletin" - http.component:"vbulletin" - cpe:"cpe:2.3:a:vbulletin:vbulletin" - - http.title:"vbulletin" fofa-query: - body="powered by vbulletin" - title="powered by vbulletin" - - app="vbulletin" - - title="vbulletin" google-query: - intext:"powered by vbulletin" - intitle:"powered by vbulletin" - - intitle:"vbulletin" tags: cve,cve2018,redirect,vbulletin http: diff --git a/http/cves/2018/CVE-2018-6530.yaml b/http/cves/2018/CVE-2018-6530.yaml index ce6e01f86e3..213022b03a9 100644 --- a/http/cves/2018/CVE-2018-6530.yaml +++ b/http/cves/2018/CVE-2018-6530.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2018-6530 cwe-id: CWE-78 - epss-score: 0.9376 - epss-percentile: 0.99845 + epss-score: 0.93644 + epss-percentile: 0.99102 cpe: cpe:2.3:o:dlink:dir-860l_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-6605.yaml b/http/cves/2018/CVE-2018-6605.yaml index c777527b8e3..4f18f599f61 100644 --- a/http/cves/2018/CVE-2018-6605.yaml +++ b/http/cves/2018/CVE-2018-6605.yaml @@ -23,7 +23,9 @@ info: vendor: zh_baidumap_project product: zh_baidumap framework: joomla\! - fofa-query: app="joomla!-网站安装" + fofa-query: + - app="Joomla!-网站安装" + - app="joomla!-网站安装" tags: cve,cve2018,joomla,sqli,joomla\!,zh_baidumap_project variables: num: "{{rand_int(2000000000, 2100000000)}}" diff --git a/http/cves/2018/CVE-2018-6910.yaml b/http/cves/2018/CVE-2018-6910.yaml index 89ab1510a5c..4952a12de7c 100644 --- a/http/cves/2018/CVE-2018-6910.yaml +++ b/http/cves/2018/CVE-2018-6910.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2018-6910 cwe-id: CWE-668 - epss-score: 0.91381 - epss-percentile: 0.99629 + epss-score: 0.02422 + epss-percentile: 0.89709 cpe: cpe:2.3:a:dedecms:dedecms:5.7:*:*:*:*:*:*:* metadata: max-request: 1 @@ -30,14 +30,9 @@ info: shodan-query: - http.html:"dedecms" - cpe:"cpe:2.3:a:dedecms:dedecms" - - http.html:"power by dedecms" || title:"dedecms" - - http.title:"dedecms" || http.html:"power by dedecms" fofa-query: - body="dedecms" - app="dedecms" - - body="power by dedecms" || title:"dedecms" - - title="dedecms" || http.html:"power by dedecms" - google-query: intitle:"dedecms" || http.html:"power by dedecms" tags: cve,cve2018,dedecms http: diff --git a/http/cves/2018/CVE-2018-7192.yaml b/http/cves/2018/CVE-2018-7192.yaml index 10d97e48166..8f0594cdf90 100644 --- a/http/cves/2018/CVE-2018-7192.yaml +++ b/http/cves/2018/CVE-2018-7192.yaml @@ -13,32 +13,23 @@ info: reference: - https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c - https://nvd.nist.gov/vuln/detail/CVE-2018-7192 - - https://github.com/cyb3r-w0lf/nuclei-template-collection - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-7192 cwe-id: CWE-79 - epss-score: 0.00759 - epss-percentile: 0.72128 + epss-score: 0.00172 + epss-percentile: 0.54693 cpe: cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:* metadata: max-request: 3 vendor: osticket product: osticket - shodan-query: - - http.title:"osticket" - - http.html:"powered by osticket" - - http.title:"osticket installer" - fofa-query: - - title="osticket" - - body="powered by osticket" - - title="osticket installer" - google-query: - - intitle:"osticket" - - intitle:"osticket installer" + shodan-query: title:"osTicket" + fofa-query: title="osticket" + google-query: intitle:"osticket" tags: cve,cve2018,osticket,xss,authenticated + flow: http(1) && http(2) http: diff --git a/http/cves/2018/CVE-2018-7193.yaml b/http/cves/2018/CVE-2018-7193.yaml index c30b3aa3709..14a0042974d 100644 --- a/http/cves/2018/CVE-2018-7193.yaml +++ b/http/cves/2018/CVE-2018-7193.yaml @@ -25,18 +25,11 @@ info: max-request: 3 vendor: osticket product: osticket - shodan-query: - - http.title:"osticket" - - http.html:"powered by osticket" - - http.title:"osticket installer" - fofa-query: - - title="osticket" - - body="powered by osticket" - - title="osticket installer" - google-query: - - intitle:"osticket" - - intitle:"osticket installer" + shodan-query: title:"osTicket" + fofa-query: title="osticket" + google-query: intitle:"osticket" tags: cve,cve2018,osticket,xss,authenticated + flow: http(1) && http(2) http: diff --git a/http/cves/2018/CVE-2018-7196.yaml b/http/cves/2018/CVE-2018-7196.yaml index aa2b10100a7..e64ae00d21c 100644 --- a/http/cves/2018/CVE-2018-7196.yaml +++ b/http/cves/2018/CVE-2018-7196.yaml @@ -23,18 +23,11 @@ info: max-request: 3 vendor: osticket product: osticket - shodan-query: - - http.title:"osticket" - - http.html:"powered by osticket" - - http.title:"osticket installer" - fofa-query: - - title="osticket" - - body="powered by osticket" - - title="osticket installer" - google-query: - - intitle:"osticket" - - intitle:"osticket installer" + shodan-query: title:"osTicket" + fofa-query: title="osticket" + google-query: intitle:"osticket" tags: cve,cve2018,osticket,xss,authenticated + flow: http(1) && http(2) http: diff --git a/http/cves/2018/CVE-2018-7251.yaml b/http/cves/2018/CVE-2018-7251.yaml index 0ca8edda408..a1363a8127c 100644 --- a/http/cves/2018/CVE-2018-7251.yaml +++ b/http/cves/2018/CVE-2018-7251.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2018-7251 cwe-id: CWE-200 - epss-score: 0.92871 - epss-percentile: 0.99752 + epss-score: 0.06473 + epss-percentile: 0.93709 cpe: cpe:2.3:a:anchorcms:anchor:0.12.3:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-7282.yaml b/http/cves/2018/CVE-2018-7282.yaml index 8ee506abe7b..ece7c02638f 100644 --- a/http/cves/2018/CVE-2018-7282.yaml +++ b/http/cves/2018/CVE-2018-7282.yaml @@ -12,21 +12,22 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2018-7282 - http://print.com - http://ti-tool.com - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-7282 cwe-id: CWE-89 - epss-score: 0.74238 - epss-percentile: 0.98756 + epss-score: 0.1391 + epss-percentile: 0.95658 cpe: cpe:2.3:a:titool:printmonitor:*:*:*:*:*:*:*:* metadata: verified: "true" max-request: 1 vendor: titool product: printmonitor - shodan-query: http.title:"printmonitor" + shodan-query: + - title:"PrintMonitor" + - http.title:"printmonitor" fofa-query: title="printmonitor" google-query: intitle:"printmonitor" product": printmonitor diff --git a/http/cves/2018/CVE-2018-7314.yaml b/http/cves/2018/CVE-2018-7314.yaml index b701f2f5b7f..18416eaa2a5 100644 --- a/http/cves/2018/CVE-2018-7314.yaml +++ b/http/cves/2018/CVE-2018-7314.yaml @@ -24,8 +24,10 @@ info: vendor: mlwebtechnologies product: prayercenter framework: joomla\! - fofa-query: app="joomla!-网站安装" - tags: cve,cve2018,joomla,sqli,mlwebtechnologies,joomla\! + fofa-query: + - app="Joomla!-网站安装" + - app="joomla!-网站安装" + tags: cve,cve2018,joomla,sqli,mlwebtechnologies variables: num: "{{rand_int(800000000, 1000000000)}}" diff --git a/http/cves/2018/CVE-2018-7422.yaml b/http/cves/2018/CVE-2018-7422.yaml index a34f931cdd1..c1ee2dce18a 100644 --- a/http/cves/2018/CVE-2018-7422.yaml +++ b/http/cves/2018/CVE-2018-7422.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2018-7422 cwe-id: CWE-22 - epss-score: 0.91593 - epss-percentile: 0.99644 + epss-score: 0.94711 + epss-percentile: 0.99255 cpe: cpe:2.3:a:siteeditor:site_editor:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2018/CVE-2018-7467.yaml b/http/cves/2018/CVE-2018-7467.yaml index 4381e24621b..bc5979b5f17 100644 --- a/http/cves/2018/CVE-2018-7467.yaml +++ b/http/cves/2018/CVE-2018-7467.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2018-7467 cwe-id: CWE-22 - epss-score: 0.11195 - epss-percentile: 0.93115 + epss-score: 0.00396 + epss-percentile: 0.73405 cpe: cpe:2.3:a:axxonsoft:next:-:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-7490.yaml b/http/cves/2018/CVE-2018-7490.yaml index 2008c4c0a94..ebdb26788f5 100644 --- a/http/cves/2018/CVE-2018-7490.yaml +++ b/http/cves/2018/CVE-2018-7490.yaml @@ -27,8 +27,6 @@ info: max-request: 1 vendor: unbit product: uwsgi - shodan-query: http.html:"uwsgi.ini" - fofa-query: body="uwsgi.ini" tags: cve2018,cve,uwsgi,php,lfi,plugin,edb,unbit http: diff --git a/http/cves/2018/CVE-2018-7600.yaml b/http/cves/2018/CVE-2018-7600.yaml index 258b5523d9d..d997f1a346c 100644 --- a/http/cves/2018/CVE-2018-7600.yaml +++ b/http/cves/2018/CVE-2018-7600.yaml @@ -16,12 +16,12 @@ info: - https://groups.drupal.org/security/faq-2018-002 - http://www.securitytracker.com/id/1040598 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-7600 cwe-id: CWE-20 - epss-score: 0.94489 - epss-percentile: 0.99999 + epss-score: 0.97566 + epss-percentile: 1 cpe: cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-7653.yaml b/http/cves/2018/CVE-2018-7653.yaml index 31ed435923f..13be0cccb6e 100644 --- a/http/cves/2018/CVE-2018-7653.yaml +++ b/http/cves/2018/CVE-2018-7653.yaml @@ -25,8 +25,12 @@ info: max-request: 1 vendor: yzmcms product: yzmcms - shodan-query: http.title:"yzmcms" - fofa-query: title="yzmcms" + shodan-query: + - title:"YzmCMS" + - http.title:"yzmcms" + fofa-query: + - title="YzmCMS" + - title="yzmcms" google-query: intitle:"yzmcms" tags: cve,cve2018,packetstorm,yzmcms,cms,xss diff --git a/http/cves/2018/CVE-2018-7662.yaml b/http/cves/2018/CVE-2018-7662.yaml index 7aa0482622b..16945b54de3 100644 --- a/http/cves/2018/CVE-2018-7662.yaml +++ b/http/cves/2018/CVE-2018-7662.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5.3 cve-id: CVE-2018-7662 cwe-id: CWE-200 - epss-score: 0.63484 - epss-percentile: 0.98272 + epss-score: 0.00225 + epss-percentile: 0.60692 cpe: cpe:2.3:a:couchcms:couch:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2018/CVE-2018-7700.yaml b/http/cves/2018/CVE-2018-7700.yaml index ffa3a2095bf..dd486150fba 100644 --- a/http/cves/2018/CVE-2018-7700.yaml +++ b/http/cves/2018/CVE-2018-7700.yaml @@ -21,8 +21,8 @@ info: cvss-score: 8.8 cve-id: CVE-2018-7700 cwe-id: CWE-352 - epss-score: 0.93158 - epss-percentile: 0.99781 + epss-score: 0.50599 + epss-percentile: 0.97528 cpe: cpe:2.3:a:dedecms:dedecms:5.7:*:*:*:*:*:*:* metadata: max-request: 1 @@ -31,14 +31,9 @@ info: shodan-query: - http.html:"dedecms" - cpe:"cpe:2.3:a:dedecms:dedecms" - - http.html:"power by dedecms" || title:"dedecms" - - http.title:"dedecms" || http.html:"power by dedecms" fofa-query: - body="dedecms" - app="dedecms" - - body="power by dedecms" || title:"dedecms" - - title="dedecms" || http.html:"power by dedecms" - google-query: intitle:"dedecms" || http.html:"power by dedecms" tags: cve,cve2018,dedecms,rce http: diff --git a/http/cves/2018/CVE-2018-7719.yaml b/http/cves/2018/CVE-2018-7719.yaml index 24622917245..9d72bfc6adb 100644 --- a/http/cves/2018/CVE-2018-7719.yaml +++ b/http/cves/2018/CVE-2018-7719.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2018-7719 cwe-id: CWE-22 - epss-score: 0.72605 - epss-percentile: 0.98676 + epss-score: 0.09221 + epss-percentile: 0.94118 cpe: cpe:2.3:a:acrolinx:acrolinx_server:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-8006.yaml b/http/cves/2018/CVE-2018-8006.yaml index 95eac99aeea..bc47fa7523c 100644 --- a/http/cves/2018/CVE-2018-8006.yaml +++ b/http/cves/2018/CVE-2018-8006.yaml @@ -35,9 +35,6 @@ info: shodan-query: - cpe:"cpe:2.3:a:apache:activemq" - product:"activemq openwire transport" - - http.title:"apache activemq" - fofa-query: title="apache activemq" - google-query: intitle:"apache activemq" tags: cve2018,cve,apache,activemq,xss http: diff --git a/http/cves/2018/CVE-2018-8033.yaml b/http/cves/2018/CVE-2018-8033.yaml index 05a00b895fb..f4a227b0e14 100644 --- a/http/cves/2018/CVE-2018-8033.yaml +++ b/http/cves/2018/CVE-2018-8033.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2018-8033 cwe-id: CWE-200 - epss-score: 0.91967 - epss-percentile: 0.99674 + epss-score: 0.04526 + epss-percentile: 0.92473 cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* metadata: max-request: 1 @@ -31,11 +31,9 @@ info: shodan-query: - http.html:"ofbiz" - ofbiz.visitor= - - http.html:"apache ofbiz" fofa-query: - body="ofbiz" - app="apache_ofbiz" - - body="apache ofbiz" tags: cve,cve2018,apache,ofbiz,xxe http: diff --git a/http/cves/2018/CVE-2018-8719.yaml b/http/cves/2018/CVE-2018-8719.yaml index b6745d9ac6f..ce19995c764 100644 --- a/http/cves/2018/CVE-2018-8719.yaml +++ b/http/cves/2018/CVE-2018-8719.yaml @@ -21,8 +21,8 @@ info: cvss-score: 5.3 cve-id: CVE-2018-8719 cwe-id: CWE-532 - epss-score: 0.11069 - epss-percentile: 0.93077 + epss-score: 0.03177 + epss-percentile: 0.91151 cpe: cpe:2.3:a:wpsecurityauditlog:wp_security_audit_log:3.1.1:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-8770.yaml b/http/cves/2018/CVE-2018-8770.yaml index 786d664c773..9243dc4037f 100644 --- a/http/cves/2018/CVE-2018-8770.yaml +++ b/http/cves/2018/CVE-2018-8770.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5.3 cve-id: CVE-2018-8770 cwe-id: CWE-200 - epss-score: 0.58047 - epss-percentile: 0.9803 + epss-score: 0.00196 + epss-percentile: 0.57017 cpe: cpe:2.3:a:cobub:razor:0.8.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-8823.yaml b/http/cves/2018/CVE-2018-8823.yaml index f148b856403..ce6c83c5a1e 100644 --- a/http/cves/2018/CVE-2018-8823.yaml +++ b/http/cves/2018/CVE-2018-8823.yaml @@ -17,8 +17,8 @@ info: cvss-score: 9.8 cve-id: CVE-2018-8823 cwe-id: CWE-94 - epss-score: 0.84593 - epss-percentile: 0.99261 + epss-score: 0.24062 + epss-percentile: 0.96593 cpe: cpe:2.3:a:responsive_mega_menu_pro_project:responsive_mega_menu_pro:1.0.32:*:*:*:*:prestashop:*:* metadata: verified: true diff --git a/http/cves/2018/CVE-2018-9118.yaml b/http/cves/2018/CVE-2018-9118.yaml index 92a65598877..b903da41c5a 100644 --- a/http/cves/2018/CVE-2018-9118.yaml +++ b/http/cves/2018/CVE-2018-9118.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2018-9118 cwe-id: CWE-22 - epss-score: 0.72821 - epss-percentile: 0.98683 + epss-score: 0.07018 + epss-percentile: 0.93949 cpe: cpe:2.3:a:99robots:wp_background_takeover_advertisements:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-9161.yaml b/http/cves/2018/CVE-2018-9161.yaml index 1bbc0a06a4e..94db0edde17 100644 --- a/http/cves/2018/CVE-2018-9161.yaml +++ b/http/cves/2018/CVE-2018-9161.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2018-9161 - https://www.exploit-db.com/exploits/44276/ - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-9161 cwe-id: CWE-798 - epss-score: 0.64007 - epss-percentile: 0.98294 + epss-score: 0.12574 + epss-percentile: 0.95318 cpe: cpe:2.3:a:prismaindustriale:checkweigher_prismaweb:1.21:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-9845.yaml b/http/cves/2018/CVE-2018-9845.yaml index ebc1c2e1054..bd455e147a7 100644 --- a/http/cves/2018/CVE-2018-9845.yaml +++ b/http/cves/2018/CVE-2018-9845.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2018-9845 cwe-id: CWE-178 - epss-score: 0.69404 - epss-percentile: 0.98537 + epss-score: 0.01393 + epss-percentile: 0.86371 cpe: cpe:2.3:a:etherpad:etherpad_lite:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-9995.yaml b/http/cves/2018/CVE-2018-9995.yaml index e63f94c7308..681d7120dc3 100644 --- a/http/cves/2018/CVE-2018-9995.yaml +++ b/http/cves/2018/CVE-2018-9995.yaml @@ -22,8 +22,8 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-9995 - epss-score: 0.94138 - epss-percentile: 0.99898 + epss-score: 0.90006 + epss-percentile: 0.98565 cpe: cpe:2.3:o:tbkvision:tbk-dvr4216_firmware:-:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-0192.yaml b/http/cves/2019/CVE-2019-0192.yaml index 516c871dc8f..87838239722 100644 --- a/http/cves/2019/CVE-2019-0192.yaml +++ b/http/cves/2019/CVE-2019-0192.yaml @@ -9,38 +9,22 @@ info: reference: - https://github.com/Imanfeng/Apache-Solr-RCE - https://nvd.nist.gov/vuln/detail/CVE-2019-0192 - - https://access.redhat.com/errata/RHSA-2019:2413 - - https://lists.apache.org/thread.html/42c5682f4acd1d03bd963e4f47ae448d7cff66c16b19142773818892%40%3Cdev.lucene.apache.org%3E - - https://lists.apache.org/thread.html/53e4744b14fb7f1810405f8ff5531ab0953a23dd09ce8071ce87e00d%40%3Cdev.lucene.apache.org%3E classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2019-0192 cwe-id: CWE-502 - epss-score: 0.92931 - epss-percentile: 0.99757 + epss-score: 0.94754 + epss-percentile: 0.99337 cpe: cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: apache product: solr - shodan-query: - - http.title:"solr" - - cpe:"cpe:2.3:a:apache:solr" - - http.html:"apache solr" - - http.title:"apache solr" - - http.title:"solr admin" - fofa-query: - - title="solr - - body="apache solr" - - title="apache solr" - - title="solr admin" - - title="solr" - google-query: - - intitle:"apache solr" - - intitle:"solr admin" - - intitle:"solr" + shodan-query: title:"Solr" + fofa-query: title="Solr tags: cve,cve2019,apache,solr,deserialization,rce,oast + flow: http(1) && http(2) http: diff --git a/http/cves/2019/CVE-2019-0193.yaml b/http/cves/2019/CVE-2019-0193.yaml index fc223a66554..7bfcd2b946f 100644 --- a/http/cves/2019/CVE-2019-0193.yaml +++ b/http/cves/2019/CVE-2019-0193.yaml @@ -32,17 +32,12 @@ info: - cpe:"cpe:2.3:a:apache:solr" - http.title:"apache solr" - http.title:"solr admin" - - http.html:"apache solr" - - http.title:"solr" fofa-query: - title="solr admin" - title="apache solr" - - body="apache solr" - - title="solr" google-query: - intitle:"apache solr" - intitle:"solr admin" - - intitle:"solr" tags: cve2019,cve,apache,rce,solr,oast,kev,vulhub http: diff --git a/http/cves/2019/CVE-2019-0221.yaml b/http/cves/2019/CVE-2019-0221.yaml index 2d3e49d7d9c..7770c0ccef0 100644 --- a/http/cves/2019/CVE-2019-0221.yaml +++ b/http/cves/2019/CVE-2019-0221.yaml @@ -29,20 +29,14 @@ info: vendor: apache product: tomcat shodan-query: + - title:"Apache Tomcat" - http.title:"apache tomcat" - http.html:"apache tomcat" - cpe:"cpe:2.3:a:apache:tomcat" - - http.component:"apache tomcat" - - http.html:"jk status manager" - - product:"tomcat" fofa-query: - body="apache tomcat" - title="apache tomcat" - - body="jk status manager" - - server=="apache tomcat" - google-query: - - intitle:"apache tomcat" - - site:*/examples/jsp/snp/snoop.jsp + google-query: intitle:"apache tomcat" tags: cve2019,cve,apache,xss,tomcat,seclists,edb variables: payload: "" diff --git a/http/cves/2019/CVE-2019-0230.yaml b/http/cves/2019/CVE-2019-0230.yaml index 7086e535f7b..5958319ad6a 100644 --- a/http/cves/2019/CVE-2019-0230.yaml +++ b/http/cves/2019/CVE-2019-0230.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2019-0230 cwe-id: CWE-1321 - epss-score: 0.93837 - epss-percentile: 0.99854 + epss-score: 0.95364 + epss-percentile: 0.99359 cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-0232.yaml b/http/cves/2019/CVE-2019-0232.yaml index 0f56911f264..24836a5f670 100644 --- a/http/cves/2019/CVE-2019-0232.yaml +++ b/http/cves/2019/CVE-2019-0232.yaml @@ -17,31 +17,24 @@ info: cvss-score: 8.1 cve-id: CVE-2019-0232 cwe-id: CWE-78 - epss-score: 0.94225 - epss-percentile: 0.99914 + epss-score: 0.97373 + epss-percentile: 0.99927 cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* metadata: - max-request: 1 vendor: apache product: tomcat shodan-query: - - '[http.html:"apache tomcat" http.title:"apache tomcat" http.html:"jk status manager" cpe:"cpe:2.3:a:apache:tomcat"]' - - cpe:"cpe:2.3:a:apache:tomcat" - - http.component:"apache tomcat" - http.html:"apache tomcat" - - http.html:"jk status manager" - http.title:"apache tomcat" - - product:"tomcat" + - http.html:"jk status manager" + - cpe:"cpe:2.3:a:apache:tomcat" fofa-query: - - '[body="jk status manager" body="apache tomcat" title="apache tomcat"]' - - body="apache tomcat" - body="jk status manager" - - server=="apache tomcat" + - body="apache tomcat" - title="apache tomcat" - google-query: - - intitle:"apache tomcat" - - site:*/examples/jsp/snp/snoop.jsp + google-query: intitle:"apache tomcat" tags: cve,cve2019,packetstorm,seclists,apache,tomcat + variables: sid: "{{rand_text_alpha(10)}}" diff --git a/http/cves/2019/CVE-2019-1003000.yaml b/http/cves/2019/CVE-2019-1003000.yaml index b0cf69c52ca..90436eaa776 100644 --- a/http/cves/2019/CVE-2019-1003000.yaml +++ b/http/cves/2019/CVE-2019-1003000.yaml @@ -6,6 +6,11 @@ info: severity: high description: | A sandbox bypass vulnerability exists in the Jenkins Script Security Plugin (versions 1.49 and earlier) within src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java. This flaw allows attackers with permission to submit sandboxed scripts to execute arbitrary code on the Jenkins master JVM, potentially compromising the entire Jenkins environment. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2019-1003000 + cpe: cpe:2.3:a:jenkins:script_security::::::jenkins::* reference: - https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266 - http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_metaprogramming @@ -13,20 +18,13 @@ info: - https://github.com/1NTheKut/CVE-2019-1003000_RCE-DETECTION - https://github.com/purple-WL/Jenkins_CVE-2019-1003000 - https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 - cve-id: CVE-2019-1003000 - epss-score: 0.94235 - epss-percentile: 0.99916 - cpe: cpe:2.3:a:jenkins:script_security:*:*:*:*:*:jenkins:*:* metadata: verified: true max-request: 6 vendor: jenkins product: script_security - framework: jenkins tags: cve,cve2019,jenkins,oast,bypass,sandbox-bypass,authenticated + variables: username: admin vendor_name: "{{rand_text_alpha(3)}}.{{rand_text_alpha(5)}}" diff --git a/http/cves/2019/CVE-2019-10068.yaml b/http/cves/2019/CVE-2019-10068.yaml index 56fcfdbf8f9..a70cfa9be18 100644 --- a/http/cves/2019/CVE-2019-10068.yaml +++ b/http/cves/2019/CVE-2019-10068.yaml @@ -16,12 +16,12 @@ info: - https://github.com/rapid7/metasploit-framework/pull/13107 - http://packetstormsecurity.com/files/157588/Kentico-CMS-12.0.14-Remote-Command-Execution.html classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2019-10068 cwe-id: CWE-502 - epss-score: 0.94068 - epss-percentile: 0.99888 + epss-score: 0.97344 + epss-percentile: 0.99887 cpe: cpe:2.3:a:kentico:kentico:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-10092.yaml b/http/cves/2019/CVE-2019-10092.yaml index 50a911ef100..5a793b612c3 100644 --- a/http/cves/2019/CVE-2019-10092.yaml +++ b/http/cves/2019/CVE-2019-10092.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2019-10092 cwe-id: CWE-79 - epss-score: 0.8415 - epss-percentile: 0.99243 + epss-score: 0.07116 + epss-percentile: 0.93987 cpe: cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* metadata: max-request: 1 @@ -30,20 +30,6 @@ info: shodan-query: - cpe:"cpe:2.3:a:apache:http_server" - apache 2.4.49 - - http.title:"apache http server test page powered by centos" - - http.title:"apache+default","apache+http+server+test","apache2+it+works" - - http.title:"apache2 debian default page:" - - http.title:"test page for the ssl/tls-aware apache installation on web site" - fofa-query: - - title="apache http server test page powered by centos" - - title="apache+default","apache+http+server+test","apache2+it+works" - - title="apache2 debian default page:" - - title="test page for the ssl/tls-aware apache installation on web site" - google-query: - - intitle:"apache http server test page powered by centos" - - intitle:"apache+default","apache+http+server+test","apache2+it+works" - - intitle:"apache2 debian default page:" - - intitle:"test page for the ssl/tls-aware apache installation on web site" tags: cve,cve2019,apache,htmli,injection http: diff --git a/http/cves/2019/CVE-2019-10098.yaml b/http/cves/2019/CVE-2019-10098.yaml index 93b60493f69..aa3b9fca528 100644 --- a/http/cves/2019/CVE-2019-10098.yaml +++ b/http/cves/2019/CVE-2019-10098.yaml @@ -32,20 +32,6 @@ info: shodan-query: - cpe:"cpe:2.3:a:apache:http_server" - apache 2.4.49 - - http.title:"apache http server test page powered by centos" - - http.title:"apache+default","apache+http+server+test","apache2+it+works" - - http.title:"apache2 debian default page:" - - http.title:"test page for the ssl/tls-aware apache installation on web site" - fofa-query: - - title="apache http server test page powered by centos" - - title="apache+default","apache+http+server+test","apache2+it+works" - - title="apache2 debian default page:" - - title="test page for the ssl/tls-aware apache installation on web site" - google-query: - - intitle:"apache http server test page powered by centos" - - intitle:"apache+default","apache+http+server+test","apache2+it+works" - - intitle:"apache2 debian default page:" - - intitle:"test page for the ssl/tls-aware apache installation on web site" tags: cve,cve2019,redirect,apache,server http: diff --git a/http/cves/2019/CVE-2019-1010290.yaml b/http/cves/2019/CVE-2019-1010290.yaml index 09f1fb0bbe7..28cf62e4cdf 100644 --- a/http/cves/2019/CVE-2019-1010290.yaml +++ b/http/cves/2019/CVE-2019-1010290.yaml @@ -14,14 +14,13 @@ info: - http://dev.cmsmadesimple.org/project/files/729 - https://nvd.nist.gov/vuln/detail/CVE-2019-1010290 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2019-1010290 cwe-id: CWE-601 - epss-score: 0.21947 - epss-percentile: 0.95436 + epss-score: 0.00215 + epss-percentile: 0.59555 cpe: cpe:2.3:a:cmsmadesimple:bable\:multilingual_site:*:*:*:*:*:cms_made_simple:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-10405.yaml b/http/cves/2019/CVE-2019-10405.yaml index 6e950d4da02..1cce2a0083e 100644 --- a/http/cves/2019/CVE-2019-10405.yaml +++ b/http/cves/2019/CVE-2019-10405.yaml @@ -14,27 +14,23 @@ info: - http://www.openwall.com/lists/oss-security/2019/09/25/3 - https://nvd.nist.gov/vuln/detail/CVE-2019-10405 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2019-10405 cwe-id: CWE-79 - epss-score: 0.62468 - epss-percentile: 0.98237 + epss-score: 0.00572 + epss-percentile: 0.77427 cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:* metadata: max-request: 2 vendor: jenkins product: jenkins shodan-query: - - http.favicon.hash:"81586312" + - http.favicon.hash:81586312 - cpe:"cpe:2.3:a:jenkins:jenkins" - product:"jenkins" - - x-jenkins - fofa-query: - - icon_hash=81586312 - - icon_hash="81586312" + fofa-query: icon_hash=81586312 tags: cve,cve2019,jenkins http: diff --git a/http/cves/2019/CVE-2019-10475.yaml b/http/cves/2019/CVE-2019-10475.yaml index 25ebd8ea46a..c759e5d1a47 100644 --- a/http/cves/2019/CVE-2019-10475.yaml +++ b/http/cves/2019/CVE-2019-10475.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2019-10475 cwe-id: CWE-79 - epss-score: 0.91969 - epss-percentile: 0.99674 + epss-score: 0.97319 + epss-percentile: 0.99877 cpe: cpe:2.3:a:jenkins:build-metrics:*:*:*:*:*:jenkins:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-10692.yaml b/http/cves/2019/CVE-2019-10692.yaml index 5d7b374cb68..e29e864276f 100644 --- a/http/cves/2019/CVE-2019-10692.yaml +++ b/http/cves/2019/CVE-2019-10692.yaml @@ -30,8 +30,6 @@ info: vendor: codecabin product: wp_go_maps framework: wordpress - fofa-query: body="/wp-content/plugins/wp-google-maps" - shodan-query: http.html:"/wp-content/plugins/wp-google-maps" tags: cve2019,cve,wp,wp-plugin,unauth,sqli,wordpress,googlemaps,wpscan,codecabin http: diff --git a/http/cves/2019/CVE-2019-10717.yaml b/http/cves/2019/CVE-2019-10717.yaml index 0c29fbb213a..b63aebb8e04 100644 --- a/http/cves/2019/CVE-2019-10717.yaml +++ b/http/cves/2019/CVE-2019-10717.yaml @@ -21,15 +21,17 @@ info: cvss-score: 7.1 cve-id: CVE-2019-10717 cwe-id: CWE-22 - epss-score: 0.1493 - epss-percentile: 0.94173 + epss-score: 0.00351 + epss-percentile: 0.71813 cpe: cpe:2.3:a:dotnetblogengine:blogengine.net:3.3.7.0:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: dotnetblogengine product: blogengine.net - shodan-query: http.html:"blogengine.net" + shodan-query: + - http.html:"Blogengine.net" + - http.html:"blogengine.net" fofa-query: body="blogengine.net" tags: cve,cve2019,seclists,blogengine,lfi,traversal,dotnetblogengine diff --git a/http/cves/2019/CVE-2019-10758.yaml b/http/cves/2019/CVE-2019-10758.yaml index b551d922bd5..f67721b52ec 100644 --- a/http/cves/2019/CVE-2019-10758.yaml +++ b/http/cves/2019/CVE-2019-10758.yaml @@ -18,8 +18,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H cvss-score: 9.9 cve-id: CVE-2019-10758 - epss-score: 0.94361 - epss-percentile: 0.9995 + epss-score: 0.97459 + epss-percentile: 0.99955 cpe: cpe:2.3:a:mongo-express_project:mongo-express:*:*:*:*:*:node.js:*:* metadata: max-request: 1 @@ -27,14 +27,10 @@ info: product: mongo-express framework: node.js shodan-query: + - http.title:"Mongo Express" - http.title:"mongo express" - - http.title:"home - mongo express" - fofa-query: - - title="mongo express" - - title="home - mongo express" - google-query: - - intitle:"mongo express" - - intitle:"home - mongo express" + fofa-query: title="mongo express" + google-query: intitle:"mongo express" tags: cve,cve2019,vulhub,mongo,mongo-express,kev,mongo-express_project,node.js http: diff --git a/http/cves/2019/CVE-2019-11013.yaml b/http/cves/2019/CVE-2019-11013.yaml index b961a43e483..e91567583a0 100644 --- a/http/cves/2019/CVE-2019-11013.yaml +++ b/http/cves/2019/CVE-2019-11013.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.5 cve-id: CVE-2019-11013 cwe-id: CWE-22 - epss-score: 0.87607 - epss-percentile: 0.99415 + epss-score: 0.01775 + epss-percentile: 0.87745 cpe: cpe:2.3:a:softvelum:nimble_streamer:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-11370.yaml b/http/cves/2019/CVE-2019-11370.yaml index ff3d26f51f0..f925106e7b2 100644 --- a/http/cves/2019/CVE-2019-11370.yaml +++ b/http/cves/2019/CVE-2019-11370.yaml @@ -15,21 +15,22 @@ info: - https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2019-11370 - https://nvd.nist.gov/vuln/detail/CVE-2019-11370 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2019-11370 cwe-id: CWE-79 - epss-score: 0.11427 - epss-percentile: 0.93198 + epss-score: 0.17043 + epss-percentile: 0.96067 cpe: cpe:2.3:o:carel:pcoweb_card_firmware:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: carel product: pcoweb_card_firmware - shodan-query: http.html:"pcoweb" + shodan-query: + - http.html:"pCOWeb" + - http.html:"pcoweb" fofa-query: body="pcoweb" tags: cve,cve2019,pcoweb,xss,carel,edb diff --git a/http/cves/2019/CVE-2019-11510.yaml b/http/cves/2019/CVE-2019-11510.yaml index 314af51ccb4..dd811a090a0 100644 --- a/http/cves/2019/CVE-2019-11510.yaml +++ b/http/cves/2019/CVE-2019-11510.yaml @@ -20,9 +20,9 @@ info: cvss-score: 10 cve-id: CVE-2019-11510 cwe-id: CWE-22 - epss-score: 0.94479 - epss-percentile: 0.99997 - cpe: cpe:2.3:a:ivanti:connect_secure:8.2:r1.0:*:*:*:*:*:* + epss-score: 0.97267 + epss-percentile: 0.99828 + cpe: cpe:2.3:a:ivanti:connect_secure:9.0:r1:*:*:*:*:*:* metadata: max-request: 1 vendor: ivanti diff --git a/http/cves/2019/CVE-2019-11580.yaml b/http/cves/2019/CVE-2019-11580.yaml index 73837b6e458..eddf562e44c 100644 --- a/http/cves/2019/CVE-2019-11580.yaml +++ b/http/cves/2019/CVE-2019-11580.yaml @@ -19,14 +19,16 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2019-11580 - epss-score: 0.94375 - epss-percentile: 0.99955 + epss-score: 0.97441 + epss-percentile: 0.99946 cpe: cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: atlassian product: crowd - shodan-query: http.component:"atlassian jira" + shodan-query: + - http.component:"Atlassian Jira" + - http.component:"atlassian jira" tags: cve,cve2019,packetstorm,kev,atlassian,rce,intrusive,unauth variables: plugin: '{{hex_decode("504b0304140000000800033f2557544c2527eb0000000402000014001c0061746c61737369616e2d706c7567696e2e786d6c555409000316dff66410e4f66475780b000104e803000004e80300007d91416ec3201045d7ce29107b20c91a23e50039c4044f53140c16e0a8bd7d260527ae5595dd7c66febc0f1a8a879c1d0431f9f9ea02bbe177cf6d1ca51dbccc9fe8bdc4af89b30023f6fcb4b4b33304b862e2acce6571c7945d0c3d3f72669f5d7fd9981da3a3eb8c70e12356a5aa90606c8bde5c0314101643c124c87082e22e1eb9296946ad7e66561e03669bdc5488c46c61473269b85aad1bdfe32d8439c8bddc6bb594955afdc2de753a63ba7b2c0d99f2f9e80aaf4ff8aafe798beee93a272f2814c50b4691aed55aa93d6bd80bd8db106362505823caaa9128dab089d6e9e59290b5dafe37890f504b03040a0000000000033f255700000000000000000000000004001c00636f6d2f555409000316dff664bae3f66475780b000104e803000004e8030000504b03040a0000000000033f255700000000000000000000000008001c00636f6d2f63646c2f555409000316dff664bae3f66475780b000104e803000004e8030000504b03040a0000000000854225570000000000000000000000000e001c00636f6d2f63646c2f7368656c6c2f5554090003b9e4f664b9e4f66475780b000104e803000004e8030000504b0304140000000800bd422557a3de4c61670100004602000017001c00636f6d2f63646c2f7368656c6c2f6578702e636c617373555409000326e5f664b9e4f66475780b000104e803000004e80300008d51c94e0241107d25cb208c22e2bea05e0c18b1c1c4a8c17821b824440d183c237470cc3883330df25b5e347af003fc2863b5b870523be95a5ebfeaaa7efdfaf6fc02601bcb51849188611cc90826a298c4948169033384f09ee5586a9f1048676a8460d16d4a42bc6c39f2a4737329bdf3faa5cd48a8e91e4a45a8a4cbd7f56ebd277ce9756da9c495526d71c4a6da072af2b6237d55f893e6b75dc79705dd355aea35645b590c1898e5bcea76bc863cb074e788ecb537f465260c440ccc9998c70261b4582b653773f9dd6c3ebfb59333b06822852542a2e1de8846d316fe95b46dc1e584d4efd310929a202c571c9f7e0f4358fddf2308c32da92e3c4b498f309dce94bf6e3bf32ce7f3a030d064006669ef744098ec4b2becbad31255c59416ab831584f8f7f41a026909d80e73b6c89ed887d61e41f71cb06e6cc31fa0b631985ca2a969f601f6e6fa138608e38107047f2aa27c0ae6c5381ae128c8f828eff847cbb177504b03041400000008003a422557483e79dabf0000000f01000016001c00636f6d2f63646c2f7368656c6c2f6578702e6a617661555409000330e4f66430e4f66475780b000104e803000004e8030000558e416bc3300c85effe15a2a7642ca2290c36721c61eda9d0417bf61cd1787363d75293c0c87fafdbf5903d1008bdf73d14b4f9d14702e34f681a87dc92739552f6147c14f8d6bd1e9129f68e045b91804fd5dc44eb71b3ad474341acef12192e5fce1a304e33038d218d50d730ac13fdf9d704bf4a41d223db7bdb40e33f48b2596847e70bb140a4f333fcbb73f01d5332380769a31f18663fa472782825f0487288562866390eb7255bbcefeb62b52cdf8ab27c795d2ef2ea0e4c6a5257504b01021e03140000000800033f2557544c2527eb00000004020000140018000000000001000000fd810000000061746c61737369616e2d706c7567696e2e786d6c555405000316dff66475780b000104e803000004e8030000504b01021e030a0000000000033f2557000000000000000000000000040018000000000000001000fd4139010000636f6d2f555405000316dff66475780b000104e803000004e8030000504b01021e030a0000000000033f2557000000000000000000000000080018000000000000001000fd4177010000636f6d2f63646c2f555405000316dff66475780b000104e803000004e8030000504b01021e030a0000000000854225570000000000000000000000000e0018000000000000001000fd41b9010000636f6d2f63646c2f7368656c6c2f5554050003b9e4f66475780b000104e803000004e8030000504b01021e03140000000800bd422557a3de4c616701000046020000170018000000000000000000b48101020000636f6d2f63646c2f7368656c6c2f6578702e636c617373555405000326e5f66475780b000104e803000004e8030000504b01021e031400000008003a422557483e79dabf0000000f010000160018000000000001000000b481b9030000636f6d2f63646c2f7368656c6c2f6578702e6a617661555405000330e4f66475780b000104e803000004e8030000504b05060000000006000600ff010000c80400000000")}}' diff --git a/http/cves/2019/CVE-2019-11581.yaml b/http/cves/2019/CVE-2019-11581.yaml index a7c71742c6c..d19da6cca84 100644 --- a/http/cves/2019/CVE-2019-11581.yaml +++ b/http/cves/2019/CVE-2019-11581.yaml @@ -16,18 +16,19 @@ info: - https://github.com/0x48piraj/jiraffe - https://github.com/bakery312/Vulhub-Reproduce classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2019-11581 cwe-id: CWE-74 - epss-score: 0.94377 - epss-percentile: 0.99956 - cpe: cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:* + epss-score: 0.9725 + epss-percentile: 0.99846 + cpe: cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: atlassian - product: jira_server + product: jira shodan-query: + - http.component:"Atlassian Jira" - http.component:"atlassian jira" - http.component:"atlassian confluence" - cpe:"cpe:2.3:a:atlassian:jira" diff --git a/http/cves/2019/CVE-2019-12276.yaml b/http/cves/2019/CVE-2019-12276.yaml index 081d299ddc2..25c994b552d 100644 --- a/http/cves/2019/CVE-2019-12276.yaml +++ b/http/cves/2019/CVE-2019-12276.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2019-12276 cwe-id: CWE-22 - epss-score: 0.89074 - epss-percentile: 0.99491 + epss-score: 0.95661 + epss-percentile: 0.99411 cpe: cpe:2.3:a:grandnode:grandnode:4.40:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-12314.yaml b/http/cves/2019/CVE-2019-12314.yaml index a35d18655b6..a2e9b8f0253 100644 --- a/http/cves/2019/CVE-2019-12314.yaml +++ b/http/cves/2019/CVE-2019-12314.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2019-12314 cwe-id: CWE-22 - epss-score: 0.92321 - epss-percentile: 0.99703 + epss-score: 0.16359 + epss-percentile: 0.95995 cpe: cpe:2.3:a:deltek:maconomy:2.2.5:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-12461.yaml b/http/cves/2019/CVE-2019-12461.yaml index d64c3bd37cf..5d81490a8ec 100644 --- a/http/cves/2019/CVE-2019-12461.yaml +++ b/http/cves/2019/CVE-2019-12461.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2019-12461 cwe-id: CWE-79 - epss-score: 0.55026 - epss-percentile: 0.97886 + epss-score: 0.0035 + epss-percentile: 0.71796 cpe: cpe:2.3:a:webport:web_port:1.19.1:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-12581.yaml b/http/cves/2019/CVE-2019-12581.yaml index dcce915c5ac..46347174f23 100644 --- a/http/cves/2019/CVE-2019-12581.yaml +++ b/http/cves/2019/CVE-2019-12581.yaml @@ -27,7 +27,7 @@ info: max-request: 1 vendor: zyxel product: uag2100 - shodan-query: http.title:"zywall" + shodan-query: http.title:"ZyWall" fofa-query: title="zywall" google-query: intitle:"zywall" tags: cve,cve2019,zyxel,zywall,xss diff --git a/http/cves/2019/CVE-2019-12593.yaml b/http/cves/2019/CVE-2019-12593.yaml index 516d1927e82..db920455a2e 100644 --- a/http/cves/2019/CVE-2019-12593.yaml +++ b/http/cves/2019/CVE-2019-12593.yaml @@ -21,25 +21,26 @@ info: cvss-score: 7.5 cve-id: CVE-2019-12593 cwe-id: CWE-22 - epss-score: 0.75901 - epss-percentile: 0.98837 + epss-score: 0.07016 + epss-percentile: 0.93948 cpe: cpe:2.3:a:icewarp:mail_server:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: icewarp product: mail_server shodan-query: - - http.title:"icewarp" + - title:"icewarp" - http.title:"icewarp server administration" + - http.title:"icewarp" - cpe:"cpe:2.3:a:icewarp:mail_server" fofa-query: - title="icewarp server administration" - title="icewarp" google-query: - - powered by icewarp 10.4.4 + - Powered By IceWarp 10.4.4 - intitle:"icewarp" + - powered by icewarp 10.4.4 - intitle:"icewarp server administration" - - powered by icewarp 10.2.1 tags: cve,cve2019,packetstorm,lfi,icewarp http: diff --git a/http/cves/2019/CVE-2019-12725.yaml b/http/cves/2019/CVE-2019-12725.yaml index acae0269051..15cd5498f23 100644 --- a/http/cves/2019/CVE-2019-12725.yaml +++ b/http/cves/2019/CVE-2019-12725.yaml @@ -19,8 +19,8 @@ info: cvss-score: 9.8 cve-id: CVE-2019-12725 cwe-id: CWE-78 - epss-score: 0.94316 - epss-percentile: 0.99936 + epss-score: 0.96341 + epss-percentile: 0.99549 cpe: cpe:2.3:o:zeroshell:zeroshell:3.9.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-12962.yaml b/http/cves/2019/CVE-2019-12962.yaml index 2d88d87c433..2740e5eed4f 100644 --- a/http/cves/2019/CVE-2019-12962.yaml +++ b/http/cves/2019/CVE-2019-12962.yaml @@ -19,15 +19,17 @@ info: cvss-score: 6.1 cve-id: CVE-2019-12962 cwe-id: CWE-79 - epss-score: 0.06302 - epss-percentile: 0.90437 + epss-score: 0.15911 + epss-percentile: 0.95954 cpe: cpe:2.3:a:livezilla:livezilla:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: livezilla product: livezilla - shodan-query: http.html:"livezilla" + shodan-query: + - http.html:LiveZilla + - http.html:livezilla fofa-query: body=livezilla tags: cve,cve2019,xss,edb,packetstorm,livezilla diff --git a/http/cves/2019/CVE-2019-12985.yaml b/http/cves/2019/CVE-2019-12985.yaml index cefb231966f..0a9b320b241 100644 --- a/http/cves/2019/CVE-2019-12985.yaml +++ b/http/cves/2019/CVE-2019-12985.yaml @@ -26,7 +26,9 @@ info: max-request: 2 vendor: citrix product: netscaler_sd-wan - shodan-query: http.title:"citrix sd-wan" + shodan-query: + - http.title:"Citrix SD-WAN" + - http.title:"citrix sd-wan" fofa-query: title="citrix sd-wan" google-query: intitle:"citrix sd-wan" tags: cve,cve2019,citrix,rce,unauth,oast,tenable diff --git a/http/cves/2019/CVE-2019-12986.yaml b/http/cves/2019/CVE-2019-12986.yaml index 81608a663a9..e15f04ca114 100644 --- a/http/cves/2019/CVE-2019-12986.yaml +++ b/http/cves/2019/CVE-2019-12986.yaml @@ -19,14 +19,16 @@ info: cvss-score: 9.8 cve-id: CVE-2019-12986 cwe-id: CWE-78 - epss-score: 0.9225 - epss-percentile: 0.99696 + epss-score: 0.97203 + epss-percentile: 0.99825 cpe: cpe:2.3:a:citrix:netscaler_sd-wan:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: citrix product: netscaler_sd-wan - shodan-query: http.title:"citrix sd-wan" + shodan-query: + - http.title:"Citrix SD-WAN" + - http.title:"citrix sd-wan" fofa-query: title="citrix sd-wan" google-query: intitle:"citrix sd-wan" tags: cve2019,cve,unauth,oast,tenable,citrix,rce diff --git a/http/cves/2019/CVE-2019-12987.yaml b/http/cves/2019/CVE-2019-12987.yaml index ad9d8bc86f8..6fc8b936b09 100644 --- a/http/cves/2019/CVE-2019-12987.yaml +++ b/http/cves/2019/CVE-2019-12987.yaml @@ -26,7 +26,9 @@ info: max-request: 2 vendor: citrix product: netscaler_sd-wan - shodan-query: http.title:"citrix sd-wan" + shodan-query: + - http.title:"Citrix SD-WAN" + - http.title:"citrix sd-wan" fofa-query: title="citrix sd-wan" google-query: intitle:"citrix sd-wan" tags: cve,cve2019,citrix,rce,unauth,oast,tenable diff --git a/http/cves/2019/CVE-2019-12988.yaml b/http/cves/2019/CVE-2019-12988.yaml index 27482a210df..e04b938bc51 100644 --- a/http/cves/2019/CVE-2019-12988.yaml +++ b/http/cves/2019/CVE-2019-12988.yaml @@ -19,14 +19,16 @@ info: cvss-score: 9.8 cve-id: CVE-2019-12988 cwe-id: CWE-78 - epss-score: 0.92511 - epss-percentile: 0.99719 + epss-score: 0.97276 + epss-percentile: 0.99843 cpe: cpe:2.3:a:citrix:netscaler_sd-wan:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: citrix product: netscaler_sd-wan - shodan-query: http.title:"citrix sd-wan" + shodan-query: + - http.title:"Citrix SD-WAN" + - http.title:"citrix sd-wan" fofa-query: title="citrix sd-wan" google-query: intitle:"citrix sd-wan" tags: cve,cve2019,rce,unauth,oast,tenable,citrix diff --git a/http/cves/2019/CVE-2019-12990.yaml b/http/cves/2019/CVE-2019-12990.yaml index 66ce0521677..50dbfaa94d9 100644 --- a/http/cves/2019/CVE-2019-12990.yaml +++ b/http/cves/2019/CVE-2019-12990.yaml @@ -27,7 +27,9 @@ info: max-request: 3 vendor: citrix product: netscaler_sd-wan - shodan-query: http.title:"citrix sd-wan" + shodan-query: + - http.title:"Citrix SD-WAN" + - http.title:"citrix sd-wan" fofa-query: title="citrix sd-wan" google-query: intitle:"citrix sd-wan" tags: cve,cve2019,citrix,rce,unauth,tenable,intrusive diff --git a/http/cves/2019/CVE-2019-13101.yaml b/http/cves/2019/CVE-2019-13101.yaml index 83b3755a46b..cd6e175496f 100644 --- a/http/cves/2019/CVE-2019-13101.yaml +++ b/http/cves/2019/CVE-2019-13101.yaml @@ -20,13 +20,13 @@ info: cvss-score: 9.8 cve-id: CVE-2019-13101 cwe-id: CWE-306 - epss-score: 0.73292 - epss-percentile: 0.98702 - cpe: cpe:2.3:o:dlink:dir-600m_firmware:3.02:*:*:*:*:*:*:* + epss-score: 0.06909 + epss-percentile: 0.93911 + cpe: cpe:2.3:h:dlink:dir-600m:-:*:*:*:*:*:*:* metadata: max-request: 1 vendor: dlink - product: dir-600m_firmware + product: dir-600m tags: cve2019,cve,packetstorm,edb,dlink,router,iot http: diff --git a/http/cves/2019/CVE-2019-13396.yaml b/http/cves/2019/CVE-2019-13396.yaml index 89c1f3409fe..49f846831c1 100644 --- a/http/cves/2019/CVE-2019-13396.yaml +++ b/http/cves/2019/CVE-2019-13396.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5.3 cve-id: CVE-2019-13396 cwe-id: CWE-22 - epss-score: 0.55014 - epss-percentile: 0.97886 + epss-score: 0.0288 + epss-percentile: 0.9075 cpe: cpe:2.3:a:getflightpath:flightpath:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2019/CVE-2019-13462.yaml b/http/cves/2019/CVE-2019-13462.yaml index 912972945b5..d525653d046 100644 --- a/http/cves/2019/CVE-2019-13462.yaml +++ b/http/cves/2019/CVE-2019-13462.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2019-13462 - https://www.nccgroup.trust/uk/our-research/technical-advisory-unauthenticated-sql-injection-in-lansweeper/ - https://www.lansweeper.com/forum/yaf_topics33_Announcements.aspx - - https://github.com/Elsfa7-110/kenzer-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 9.1 cve-id: CVE-2019-13462 cwe-id: CWE-89 - epss-score: 0.53411 - epss-percentile: 0.97807 + epss-score: 0.47505 + epss-percentile: 0.97151 cpe: cpe:2.3:a:lansweeper:lansweeper:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-14205.yaml b/http/cves/2019/CVE-2019-14205.yaml index a7f3c3100ae..e48fc127a31 100644 --- a/http/cves/2019/CVE-2019-14205.yaml +++ b/http/cves/2019/CVE-2019-14205.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2019-14205 cwe-id: CWE-22 - epss-score: 0.67086 - epss-percentile: 0.98432 + epss-score: 0.06233 + epss-percentile: 0.93579 cpe: cpe:2.3:a:nevma:adaptive_images:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-14251.yaml b/http/cves/2019/CVE-2019-14251.yaml index cd4923add0b..7a0cbd5f8d9 100644 --- a/http/cves/2019/CVE-2019-14251.yaml +++ b/http/cves/2019/CVE-2019-14251.yaml @@ -14,22 +14,18 @@ info: - https://vuldb.com/?id.146815 - https://nvd.nist.gov/vuln/detail/CVE-2019-14251 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2019-14251 cwe-id: CWE-22 - epss-score: 0.64701 - epss-percentile: 0.98329 + epss-score: 0.02152 + epss-percentile: 0.89306 cpe: cpe:2.3:a:temenos:t24:r15.01:*:*:*:*:*:*:* metadata: max-request: 2 vendor: temenos product: t24 - shodan-query: http.title:"t24 sign in" - fofa-query: title="t24 sign in" - google-query: intitle:"t24 sign in" tags: cve,cve2019,temenos,lfi,unauth http: diff --git a/http/cves/2019/CVE-2019-14312.yaml b/http/cves/2019/CVE-2019-14312.yaml index 0aadd5c01fe..94437eba194 100644 --- a/http/cves/2019/CVE-2019-14312.yaml +++ b/http/cves/2019/CVE-2019-14312.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.5 cve-id: CVE-2019-14312 cwe-id: CWE-22 - epss-score: 0.40875 - epss-percentile: 0.97192 + epss-score: 0.02466 + epss-percentile: 0.90034 cpe: cpe:2.3:a:aptana:jaxer:1.0.3.4547:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-14322.yaml b/http/cves/2019/CVE-2019-14322.yaml index bff5786774a..75caee20d39 100644 --- a/http/cves/2019/CVE-2019-14322.yaml +++ b/http/cves/2019/CVE-2019-14322.yaml @@ -28,11 +28,7 @@ info: max-request: 3 vendor: microsoft product: windows - shodan-query: - - cpe:"cpe:2.3:o:microsoft:windows" - - http.title:"filemage" - fofa-query: title="filemage" - google-query: intitle:"filemage" + shodan-query: cpe:"cpe:2.3:o:microsoft:windows" tags: cve,cve2019,lfi,odoo,packetstorm,palletsprojects,microsoft http: diff --git a/http/cves/2019/CVE-2019-14470.yaml b/http/cves/2019/CVE-2019-14470.yaml index 6803b231bb2..515a1784b7b 100644 --- a/http/cves/2019/CVE-2019-14470.yaml +++ b/http/cves/2019/CVE-2019-14470.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2019-14470 cwe-id: CWE-79 - epss-score: 0.41233 - epss-percentile: 0.97211 + epss-score: 0.75122 + epss-percentile: 0.98153 cpe: cpe:2.3:a:instagram-php-api_project:instagram-php-api:-:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2019/CVE-2019-14530.yaml b/http/cves/2019/CVE-2019-14530.yaml index 753de9e5776..0da21280210 100644 --- a/http/cves/2019/CVE-2019-14530.yaml +++ b/http/cves/2019/CVE-2019-14530.yaml @@ -21,8 +21,8 @@ info: cvss-score: 8.8 cve-id: CVE-2019-14530 cwe-id: CWE-22 - epss-score: 0.79098 - epss-percentile: 0.98997 + epss-score: 0.80535 + epss-percentile: 0.98316 cpe: cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:* metadata: verified: true @@ -32,17 +32,13 @@ info: shodan-query: - http.html:"openemr" - http.title:"openemr" - - http.favicon.hash:"1971268439" - - http.title:"openemr setup tool" + - http.favicon.hash:1971268439 fofa-query: - icon_hash=1971268439 - body="openemr" - title="openemr" - app="openemr" - - title="openemr setup tool" - google-query: - - intitle:"openemr" - - intitle:"openemr setup tool" + google-query: intitle:"openemr" tags: cve2019,cve,lfi,authenticated,edb,openemr,open-emr http: diff --git a/http/cves/2019/CVE-2019-14750.yaml b/http/cves/2019/CVE-2019-14750.yaml index fb4cf726f11..b4f396dff0b 100644 --- a/http/cves/2019/CVE-2019-14750.yaml +++ b/http/cves/2019/CVE-2019-14750.yaml @@ -29,6 +29,7 @@ info: vendor: osticket product: osticket shodan-query: + - title:"osTicket" - http.title:"osticket" - http.html:"powered by osticket" - http.title:"osticket installer" diff --git a/http/cves/2019/CVE-2019-14789.yaml b/http/cves/2019/CVE-2019-14789.yaml index 69b81b467e7..fae7b995292 100644 --- a/http/cves/2019/CVE-2019-14789.yaml +++ b/http/cves/2019/CVE-2019-14789.yaml @@ -15,14 +15,13 @@ info: - https://wordpress.org/plugins/custom-404-pro/advanced/ - https://nvd.nist.gov/vuln/detail/CVE-2019-14789 - https://wordpress.org/plugins/custom-404-pro/#developers - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2019-14789 cwe-id: CWE-79 - epss-score: 0.00851 - epss-percentile: 0.73779 + epss-score: 0.00125 + epss-percentile: 0.46981 cpe: cpe:2.3:a:kunalnagar:custom_404_pro:3.2.8:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2019/CVE-2019-14974.yaml b/http/cves/2019/CVE-2019-14974.yaml index 83719265e11..4d9556e70f9 100644 --- a/http/cves/2019/CVE-2019-14974.yaml +++ b/http/cves/2019/CVE-2019-14974.yaml @@ -29,18 +29,13 @@ info: product: sugarcrm shodan-query: - http.html:"sugarcrm inc. all rights reserved" - - http.title:"sugarcrm" - - http.title:"sugar setup wizard" + - http.title:sugarcrm fofa-query: - body="sugarcrm inc. all rights reserved" - title=sugarcrm - - title="sugar setup wizard" - - title="sugarcrm" google-query: - intitle:sugarcrm - intext:"sugarcrm inc. all rights reserved" - - intitle:"sugar setup wizard" - - intitle:"sugarcrm" tags: cve,cve2019,xss,sugarcrm,edb http: diff --git a/http/cves/2019/CVE-2019-15043.yaml b/http/cves/2019/CVE-2019-15043.yaml index 04198fe98ff..e8a01e0ae73 100644 --- a/http/cves/2019/CVE-2019-15043.yaml +++ b/http/cves/2019/CVE-2019-15043.yaml @@ -30,8 +30,9 @@ info: vendor: grafana product: grafana shodan-query: - - http.title:"grafana" + - title:"Grafana" - cpe:"cpe:2.3:a:grafana:grafana" + - http.title:"grafana" fofa-query: - title="grafana" - app="grafana" diff --git a/http/cves/2019/CVE-2019-15107.yaml b/http/cves/2019/CVE-2019-15107.yaml index 17c9b002865..35e757d2f05 100644 --- a/http/cves/2019/CVE-2019-15107.yaml +++ b/http/cves/2019/CVE-2019-15107.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2019-15107 cwe-id: CWE-78 - epss-score: 0.94461 - epss-percentile: 0.99992 + epss-score: 0.97494 + epss-percentile: 0.99975 cpe: cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-15501.yaml b/http/cves/2019/CVE-2019-15501.yaml index caff63b98e0..b623be6f884 100644 --- a/http/cves/2019/CVE-2019-15501.yaml +++ b/http/cves/2019/CVE-2019-15501.yaml @@ -15,21 +15,22 @@ info: - http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018a_WhatsNew.pdf - https://nvd.nist.gov/vuln/detail/CVE-2019-15501 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2019-15501 cwe-id: CWE-79 - epss-score: 0.15178 - epss-percentile: 0.94236 + epss-score: 0.00303 + epss-percentile: 0.69634 cpe: cpe:2.3:a:lsoft:listserv:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: lsoft product: listserv - shodan-query: http.html:"listserv" + shodan-query: + - http.html:"LISTSERV" + - http.html:"listserv" fofa-query: body="listserv" tags: cve2019,cve,xss,listserv,edb,lsoft diff --git a/http/cves/2019/CVE-2019-15642.yaml b/http/cves/2019/CVE-2019-15642.yaml index 852301e14e2..3bb390b1a42 100644 --- a/http/cves/2019/CVE-2019-15642.yaml +++ b/http/cves/2019/CVE-2019-15642.yaml @@ -21,15 +21,17 @@ info: cvss-score: 8.8 cve-id: CVE-2019-15642 cwe-id: CWE-94 - epss-score: 0.91534 - epss-percentile: 0.9964 + epss-score: 0.22278 + epss-percentile: 0.9605 cpe: cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:* metadata: verified: true max-request: 4 vendor: webmin product: webmin - shodan-query: http.title:"webmin" + shodan-query: + - title:"Webmin" + - http.title:"webmin" fofa-query: title="webmin" google-query: intitle:"webmin" tags: cve,cve2019,webmin,rce diff --git a/http/cves/2019/CVE-2019-15713.yaml b/http/cves/2019/CVE-2019-15713.yaml index 8a6b04f65ab..653f0c14a92 100644 --- a/http/cves/2019/CVE-2019-15713.yaml +++ b/http/cves/2019/CVE-2019-15713.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2019-15713 cwe-id: CWE-79 - epss-score: 0.04716 - epss-percentile: 0.88826 + epss-score: 0.00101 + epss-percentile: 0.41606 cpe: cpe:2.3:a:my_calendar_project:my_calendar:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2019/CVE-2019-15811.yaml b/http/cves/2019/CVE-2019-15811.yaml index 3a77b1237ce..78a8bbc51ac 100644 --- a/http/cves/2019/CVE-2019-15811.yaml +++ b/http/cves/2019/CVE-2019-15811.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2019-15811 cwe-id: CWE-79 - epss-score: 0.05244 - epss-percentile: 0.89451 + epss-score: 0.00269 + epss-percentile: 0.6713 cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2019/CVE-2019-15829.yaml b/http/cves/2019/CVE-2019-15829.yaml index 7d677edaed8..4c8028f8155 100644 --- a/http/cves/2019/CVE-2019-15829.yaml +++ b/http/cves/2019/CVE-2019-15829.yaml @@ -27,7 +27,7 @@ info: vendor: greentreelabs product: gallery_photoblocks framework: wordpress - shodan-query: http.html:"/wp-content/plugins/photoblocks-grid-gallery/" + shodan-query: http.html:/wp-content/plugins/photoblocks-grid-gallery/ fofa-query: body=/wp-content/plugins/photoblocks-grid-gallery/ publicwww-query: "/wp-content/plugins/photoblocks-grid-gallery/" tags: cve,cve2019,wp,wordpress,wp-plugin,photoblocks-gallery,xss,authenticated,wpscan,greentreelabs diff --git a/http/cves/2019/CVE-2019-15858.yaml b/http/cves/2019/CVE-2019-15858.yaml index e16eb4f6c85..127df0e0c5f 100644 --- a/http/cves/2019/CVE-2019-15858.yaml +++ b/http/cves/2019/CVE-2019-15858.yaml @@ -21,8 +21,8 @@ info: cvss-score: 8.8 cve-id: CVE-2019-15858 cwe-id: CWE-306 - epss-score: 0.59563 - epss-percentile: 0.98104 + epss-score: 0.02804 + epss-percentile: 0.90638 cpe: cpe:2.3:a:webcraftic:woody_ad_snippets:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-16057.yaml b/http/cves/2019/CVE-2019-16057.yaml index 504a41e91eb..5d5f234981d 100644 --- a/http/cves/2019/CVE-2019-16057.yaml +++ b/http/cves/2019/CVE-2019-16057.yaml @@ -21,15 +21,17 @@ info: cvss-score: 9.8 cve-id: CVE-2019-16057 cwe-id: CWE-78 - epss-score: 0.94047 - epss-percentile: 0.99885 + epss-score: 0.9754 + epss-percentile: 0.99994 cpe: cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: dlink product: dns-320_firmware - shodan-query: http.html:"sharecenter" + shodan-query: + - html:"ShareCenter" + - http.html:"sharecenter" fofa-query: body="sharecenter" tags: cve,cve2019,lfi,rce,kev,sharecenter,dlink diff --git a/http/cves/2019/CVE-2019-16097.yaml b/http/cves/2019/CVE-2019-16097.yaml index eb2cf0420b0..95c89178f41 100644 --- a/http/cves/2019/CVE-2019-16097.yaml +++ b/http/cves/2019/CVE-2019-16097.yaml @@ -19,14 +19,14 @@ info: cvss-score: 6.5 cve-id: CVE-2019-16097 cwe-id: CWE-862 - epss-score: 0.92614 - epss-percentile: 0.99728 + epss-score: 0.96492 + epss-percentile: 0.99563 cpe: cpe:2.3:a:linuxfoundation:harbor:1.7.0:-:*:*:*:*:*:* metadata: max-request: 1 vendor: linuxfoundation product: harbor - shodan-query: http.favicon.hash:"657337228" + shodan-query: http.favicon.hash:657337228 fofa-query: icon_hash=657337228 tags: cve,cve2019,intrusive,harbor,linuxfoundation diff --git a/http/cves/2019/CVE-2019-16123.yaml b/http/cves/2019/CVE-2019-16123.yaml index 38e34031e86..9f7e9afffed 100644 --- a/http/cves/2019/CVE-2019-16123.yaml +++ b/http/cves/2019/CVE-2019-16123.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2019-16123 cwe-id: CWE-22 - epss-score: 0.36652 - epss-percentile: 0.9692 + epss-score: 0.67812 + epss-percentile: 0.97877 cpe: cpe:2.3:a:kartatopia:piluscart:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-16278.yaml b/http/cves/2019/CVE-2019-16278.yaml index fdcd97b17ce..7101d57ad58 100644 --- a/http/cves/2019/CVE-2019-16278.yaml +++ b/http/cves/2019/CVE-2019-16278.yaml @@ -20,14 +20,14 @@ info: cvss-score: 9.8 cve-id: CVE-2019-16278 cwe-id: CWE-22 - epss-score: 0.9439 - epss-percentile: 0.99963 + epss-score: 0.97408 + epss-percentile: 0.99926 cpe: cpe:2.3:a:nazgul:nostromo_nhttpd:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: nazgul product: nostromo_nhttpd - tags: cve,cve2019,edb,rce,packetstorm,nazgul,kev + tags: cve,cve2019,edb,rce,packetstorm,nazgul http: - raw: diff --git a/http/cves/2019/CVE-2019-16313.yaml b/http/cves/2019/CVE-2019-16313.yaml index 86aa4d3183c..f3094e298e3 100644 --- a/http/cves/2019/CVE-2019-16313.yaml +++ b/http/cves/2019/CVE-2019-16313.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2019-16313 cwe-id: CWE-798 - epss-score: 0.93949 - epss-percentile: 0.99868 + epss-score: 0.04059 + epss-percentile: 0.91911 cpe: cpe:2.3:o:ifw8:fr6_firmware:4.31:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-16469.yaml b/http/cves/2019/CVE-2019-16469.yaml index 604fc04486a..784884f4cec 100644 --- a/http/cves/2019/CVE-2019-16469.yaml +++ b/http/cves/2019/CVE-2019-16469.yaml @@ -28,6 +28,7 @@ info: vendor: adobe product: experience_manager shodan-query: + - http.component:"Adobe Experience Manager" - http.component:"adobe experience manager" - http.title:"aem sign in" - cpe:"cpe:2.3:a:adobe:experience_manager" diff --git a/http/cves/2019/CVE-2019-1653.yaml b/http/cves/2019/CVE-2019-1653.yaml index 90d4897306a..f9845595f2a 100644 --- a/http/cves/2019/CVE-2019-1653.yaml +++ b/http/cves/2019/CVE-2019-1653.yaml @@ -20,9 +20,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2019-1653 - cwe-id: CWE-284,NVD-CWE-noinfo - epss-score: 0.94389 - epss-percentile: 0.99962 + cwe-id: CWE-200,CWE-284 + epss-score: 0.97565 + epss-percentile: 0.99999 cpe: cpe:2.3:o:cisco:rv320_firmware:1.4.2.15:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-16759.yaml b/http/cves/2019/CVE-2019-16759.yaml index db428ce2ae5..c37f7a68e09 100644 --- a/http/cves/2019/CVE-2019-16759.yaml +++ b/http/cves/2019/CVE-2019-16759.yaml @@ -29,20 +29,17 @@ info: vendor: vbulletin product: vbulletin shodan-query: - - http.component:"vbulletin" + - http.component:"vBulletin" - http.html:"powered by vbulletin" + - http.component:"vbulletin" - http.title:"powered by vbulletin" - cpe:"cpe:2.3:a:vbulletin:vbulletin" - - http.title:"vbulletin" fofa-query: - body="powered by vbulletin" - title="powered by vbulletin" - - app="vbulletin" - - title="vbulletin" google-query: - intext:"powered by vbulletin" - intitle:"powered by vbulletin" - - intitle:"vbulletin" tags: cve,cve2019,rce,kev,seclists,vbulletin http: diff --git a/http/cves/2019/CVE-2019-16920.yaml b/http/cves/2019/CVE-2019-16920.yaml index 5daf0f49976..a4e0991afd7 100644 --- a/http/cves/2019/CVE-2019-16920.yaml +++ b/http/cves/2019/CVE-2019-16920.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2019-16920 cwe-id: CWE-78 - epss-score: 0.94343 - epss-percentile: 0.99943 + epss-score: 0.96307 + epss-percentile: 0.99507 cpe: cpe:2.3:o:dlink:dir-655_firmware:*:*:*:*:*:*:*:* metadata: max-request: 3 diff --git a/http/cves/2019/CVE-2019-16931.yaml b/http/cves/2019/CVE-2019-16931.yaml index de4eb1c0c3c..4b5eda793a8 100644 --- a/http/cves/2019/CVE-2019-16931.yaml +++ b/http/cves/2019/CVE-2019-16931.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2019-16931 cwe-id: CWE-79 - epss-score: 0.01991 - epss-percentile: 0.82692 + epss-score: 0.0016 + epss-percentile: 0.52613 cpe: cpe:2.3:a:themeisle:visualizer:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2019/CVE-2019-16932.yaml b/http/cves/2019/CVE-2019-16932.yaml index d639040f5b8..80d47f58d10 100644 --- a/http/cves/2019/CVE-2019-16932.yaml +++ b/http/cves/2019/CVE-2019-16932.yaml @@ -21,8 +21,8 @@ info: cvss-score: 10 cve-id: CVE-2019-16932 cwe-id: CWE-918 - epss-score: 0.8125 - epss-percentile: 0.99105 + epss-score: 0.37504 + epss-percentile: 0.97194 cpe: cpe:2.3:a:themeisle:visualizer:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2019/CVE-2019-16996.yaml b/http/cves/2019/CVE-2019-16996.yaml index 71260b2b32d..e39a21c5bcd 100644 --- a/http/cves/2019/CVE-2019-16996.yaml +++ b/http/cves/2019/CVE-2019-16996.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.2 cve-id: CVE-2019-16996 cwe-id: CWE-89 - epss-score: 0.92323 - epss-percentile: 0.99704 + epss-score: 0.33595 + epss-percentile: 0.96956 cpe: cpe:2.3:a:metinfo:metinfo:7.0.0:beta:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-16997.yaml b/http/cves/2019/CVE-2019-16997.yaml index 66778106b6f..e7e8f79c96d 100644 --- a/http/cves/2019/CVE-2019-16997.yaml +++ b/http/cves/2019/CVE-2019-16997.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.2 cve-id: CVE-2019-16997 cwe-id: CWE-89 - epss-score: 0.92932 - epss-percentile: 0.99757 + epss-score: 0.21998 + epss-percentile: 0.9646 cpe: cpe:2.3:a:metinfo:metinfo:7.0.0:beta:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-17270.yaml b/http/cves/2019/CVE-2019-17270.yaml index 1b7b84e0950..7c47c295ae4 100644 --- a/http/cves/2019/CVE-2019-17270.yaml +++ b/http/cves/2019/CVE-2019-17270.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2019-17270 cwe-id: CWE-78 - epss-score: 0.93129 - epss-percentile: 0.99779 + epss-score: 0.93892 + epss-percentile: 0.99085 cpe: cpe:2.3:a:yachtcontrol:yachtcontrol:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-17382.yaml b/http/cves/2019/CVE-2019-17382.yaml index d9419a370d9..e60d92d45cb 100644 --- a/http/cves/2019/CVE-2019-17382.yaml +++ b/http/cves/2019/CVE-2019-17382.yaml @@ -24,21 +24,20 @@ info: epss-percentile: 0.97136 cpe: cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* metadata: - max-request: 203 + max-request: 100 vendor: zabbix product: zabbix shodan-query: - - '[http.favicon.hash:"892542951 http.title"zabbix-server" cpe"cpe2.3azabbixzabbix"]"' - - cpe:"cpe:2.3:a:zabbix:zabbix" - - http.favicon.hash:"892542951" + - http.favicon.hash:892542951 - http.title:"zabbix-server" + - cpe:"cpe:2.3:a:zabbix:zabbix" fofa-query: - - '[icon_hash=892542951 app="zabbix-监控系统" && body="saml" title="zabbix-server"]' + - icon_hash=892542951 - app="zabbix-监控系统" && body="saml" - - icon_hash="892542951" - title="zabbix-server" google-query: intitle:"zabbix-server" tags: cve2019,cve,auth-bypass,login,edb,zabbix + flow: http(1) && http(2) http: diff --git a/http/cves/2019/CVE-2019-17418.yaml b/http/cves/2019/CVE-2019-17418.yaml index e2382c74bf5..6888817545d 100644 --- a/http/cves/2019/CVE-2019-17418.yaml +++ b/http/cves/2019/CVE-2019-17418.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.2 cve-id: CVE-2019-17418 cwe-id: CWE-89 - epss-score: 0.92822 - epss-percentile: 0.99746 + epss-score: 0.54908 + epss-percentile: 0.97587 cpe: cpe:2.3:a:metinfo:metinfo:7.0.0:beta:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-17444.yaml b/http/cves/2019/CVE-2019-17444.yaml index 4ab3420498b..0f567d489f5 100644 --- a/http/cves/2019/CVE-2019-17444.yaml +++ b/http/cves/2019/CVE-2019-17444.yaml @@ -24,16 +24,12 @@ info: epss-percentile: 0.93079 cpe: cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:-:*:* metadata: + max-request: 1 verified: true - max-request: 2 vendor: jfrog product: artifactory framework: "-" - shodan-query: - - cpe:"cpe:2.3:a:jfrog:artifactory" - - http.title:"jfrog" - fofa-query: title="jfrog" - google-query: intitle:"jfrog" + shodan-query: cpe:"cpe:2.3:a:jfrog:artifactory" tags: cve,cve2019,jfrog,default-login,- http: diff --git a/http/cves/2019/CVE-2019-17503.yaml b/http/cves/2019/CVE-2019-17503.yaml index 14fa6d6f85c..820382b24ba 100644 --- a/http/cves/2019/CVE-2019-17503.yaml +++ b/http/cves/2019/CVE-2019-17503.yaml @@ -12,14 +12,13 @@ info: - https://github.com/Ramikan/Vulnerabilities/blob/master/Kirona-DRS%205.5.3.5%20Multiple%20Vulnerabilities - http://packetstormsecurity.com/files/154838/Kirona-DRS-5.5.3.5-Information-Disclosure.html - https://nvd.nist.gov/vuln/detail/CVE-2019-17503 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2019-17503 cwe-id: CWE-425 - epss-score: 0.9022 - epss-percentile: 0.99561 + epss-score: 0.00433 + epss-percentile: 0.71885 cpe: cpe:2.3:a:kirona:dynamic_resource_scheduling:5.5.3.5:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2019/CVE-2019-17506.yaml b/http/cves/2019/CVE-2019-17506.yaml index dab0f25715d..b81e711f75f 100644 --- a/http/cves/2019/CVE-2019-17506.yaml +++ b/http/cves/2019/CVE-2019-17506.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2019-17506 cwe-id: CWE-306 - epss-score: 0.92617 - epss-percentile: 0.99729 + epss-score: 0.90196 + epss-percentile: 0.98577 cpe: cpe:2.3:o:dlink:dir-868l_b1_firmware:2.03:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-17558.yaml b/http/cves/2019/CVE-2019-17558.yaml index 5fad401384d..cd71f4c056d 100644 --- a/http/cves/2019/CVE-2019-17558.yaml +++ b/http/cves/2019/CVE-2019-17558.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2019-17558 cwe-id: CWE-74 - epss-score: 0.94474 - epss-percentile: 0.99996 + epss-score: 0.97517 + epss-percentile: 0.99985 cpe: cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:* metadata: max-request: 3 @@ -31,17 +31,12 @@ info: - cpe:"cpe:2.3:a:apache:solr" - http.title:"apache solr" - http.title:"solr admin" - - http.html:"apache solr" - - http.title:"solr" fofa-query: - title="solr admin" - title="apache solr" - - body="apache solr" - - title="solr" google-query: - intitle:"apache solr" - intitle:"solr admin" - - intitle:"solr" tags: cve,cve2019,kev,packetstorm,apache,rce,solr,oast http: diff --git a/http/cves/2019/CVE-2019-17574.yaml b/http/cves/2019/CVE-2019-17574.yaml index 7ee2292aec1..3b8428edf4f 100644 --- a/http/cves/2019/CVE-2019-17574.yaml +++ b/http/cves/2019/CVE-2019-17574.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.1 cve-id: 'CVE-2019-17574' cwe-id: CWE-639 - epss-score: 0.74244 - epss-percentile: 0.98757 + epss-score: 0.11202 + epss-percentile: 0.95166 cpe: cpe:2.3:a:code-atlantic:popup_maker:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -30,7 +30,7 @@ info: vendor: code-atlantic product: popup_maker framework: wordpress - shodan-query: http.html:"/wp-content/plugins/popup-maker/" + shodan-query: http.html:/wp-content/plugins/popup-maker/ fofa-query: body=/wp-content/plugins/popup-maker/ publicwww-query: "/wp-content/plugins/popup-maker/" tags: cve,cve2019,wpscan,wp,wordpress,wp-plugin,disclosure,popup-maker,auth-bypass,code-atlantic diff --git a/http/cves/2019/CVE-2019-17662.yaml b/http/cves/2019/CVE-2019-17662.yaml index cf7fbd85cbd..887e5b864a8 100644 --- a/http/cves/2019/CVE-2019-17662.yaml +++ b/http/cves/2019/CVE-2019-17662.yaml @@ -21,20 +21,16 @@ info: cvss-score: 9.8 cve-id: CVE-2019-17662 cwe-id: CWE-22 - epss-score: 0.933 - epss-percentile: 0.99795 + epss-score: 0.64941 + epss-percentile: 0.97813 cpe: cpe:2.3:a:cybelsoft:thinvnc:1.0:b1:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: cybelsoft product: thinvnc - shodan-query: - - http.favicon.hash:"-1414548363" - - http.favicon.hash:"571240285" - fofa-query: - - icon_hash=-1414548363 - - icon_hash="571240285" + shodan-query: http.favicon.hash:-1414548363 + fofa-query: icon_hash=-1414548363 tags: cve,cve2019,packetstorm,auth-bypass,thinvnc,intrusive,cybelsoft http: diff --git a/http/cves/2019/CVE-2019-1821.yaml b/http/cves/2019/CVE-2019-1821.yaml index 5abe5711e46..73213ae1006 100644 --- a/http/cves/2019/CVE-2019-1821.yaml +++ b/http/cves/2019/CVE-2019-1821.yaml @@ -3,7 +3,7 @@ id: CVE-2019-1821 info: name: Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager - Remote Code Execution author: _0xf4n9x_ - severity: high + severity: critical description: Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system. remediation: | Apply the latest security patches provided by Cisco to mitigate this vulnerability. @@ -14,12 +14,12 @@ info: - http://packetstormsecurity.com/files/153350/Cisco-Prime-Infrastructure-Health-Monitor-TarArchive-Directory-Traversal.html - https://github.com/ARPSyndicate/kenzer-templates classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2019-1821 cwe-id: CWE-20 - epss-score: 0.93014 - epss-percentile: 0.99764 + epss-score: 0.96792 + epss-percentile: 0.99681 cpe: cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2019/CVE-2019-18371.yaml b/http/cves/2019/CVE-2019-18371.yaml index 1a1143116db..1e79da0eded 100644 --- a/http/cves/2019/CVE-2019-18371.yaml +++ b/http/cves/2019/CVE-2019-18371.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.5 cve-id: CVE-2019-18371 cwe-id: CWE-22 - epss-score: 0.90631 - epss-percentile: 0.99585 + epss-score: 0.02789 + epss-percentile: 0.90617 cpe: cpe:2.3:o:mi:millet_router_3g_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-18393.yaml b/http/cves/2019/CVE-2019-18393.yaml index 94b90660ad4..e229b27c98e 100644 --- a/http/cves/2019/CVE-2019-18393.yaml +++ b/http/cves/2019/CVE-2019-18393.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5.3 cve-id: CVE-2019-18393 cwe-id: CWE-22 - epss-score: 0.83848 - epss-percentile: 0.99229 + epss-score: 0.00161 + epss-percentile: 0.52637 cpe: cpe:2.3:a:igniterealtime:openfire:*:*:*:*:*:*:*:* metadata: max-request: 1 @@ -30,11 +30,9 @@ info: shodan-query: - http.title:"openfire admin console" - http.title:"openfire" - - http.html:"welcome to openfire setup" fofa-query: - title="openfire" - title="openfire admin console" - - body="welcome to openfire setup" google-query: - intitle:"openfire" - intitle:"openfire admin console" diff --git a/http/cves/2019/CVE-2019-18394.yaml b/http/cves/2019/CVE-2019-18394.yaml index 5c39af5c7bd..0a41aa36cae 100644 --- a/http/cves/2019/CVE-2019-18394.yaml +++ b/http/cves/2019/CVE-2019-18394.yaml @@ -20,22 +20,20 @@ info: cvss-score: 9.8 cve-id: CVE-2019-18394 cwe-id: CWE-918 - epss-score: 0.93793 - epss-percentile: 0.99848 + epss-score: 0.70889 + epss-percentile: 0.98041 cpe: cpe:2.3:a:igniterealtime:openfire:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 1 + verified: true vendor: igniterealtime product: openfire shodan-query: - http.title:"openfire admin console" - http.title:"openfire" - - http.html:"welcome to openfire setup" fofa-query: - title="openfire" - title="openfire admin console" - - body="welcome to openfire setup" google-query: - intitle:"openfire" - intitle:"openfire admin console" diff --git a/http/cves/2019/CVE-2019-18665.yaml b/http/cves/2019/CVE-2019-18665.yaml index 88273d7b1b9..81ed80bbedc 100644 --- a/http/cves/2019/CVE-2019-18665.yaml +++ b/http/cves/2019/CVE-2019-18665.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2019-18665 cwe-id: CWE-22 - epss-score: 0.57184 - epss-percentile: 0.97988 + epss-score: 0.08504 + epss-percentile: 0.93861 cpe: cpe:2.3:a:secudos:domos:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-18818.yaml b/http/cves/2019/CVE-2019-18818.yaml index 09d98dc7972..241f49d1d38 100644 --- a/http/cves/2019/CVE-2019-18818.yaml +++ b/http/cves/2019/CVE-2019-18818.yaml @@ -20,25 +20,13 @@ info: cvss-score: 9.8 cve-id: CVE-2019-18818 cwe-id: CWE-640 - epss-score: 0.94006 - epss-percentile: 0.99876 + epss-score: 0.89613 + epss-percentile: 0.98691 cpe: cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: strapi product: strapi - fofa-query: - - app="strapi-headless-cms" - - body="welcome to your strapi app" - - title="strapi" - - title="welcome to your strapi app" - shodan-query: - - http.html:"welcome to your strapi app" - - http.title:"strapi" - - http.title:"welcome to your strapi app" - google-query: - - intitle:"strapi" - - intitle:"welcome to your strapi app" tags: cve,cve2019,strapi,auth-bypass,intrusive,edb http: diff --git a/http/cves/2019/CVE-2019-18922.yaml b/http/cves/2019/CVE-2019-18922.yaml index 064faf755aa..1743f0f6a28 100644 --- a/http/cves/2019/CVE-2019-18922.yaml +++ b/http/cves/2019/CVE-2019-18922.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2019-18922 cwe-id: CWE-22 - epss-score: 0.91607 - epss-percentile: 0.99645 + epss-score: 0.14866 + epss-percentile: 0.95795 cpe: cpe:2.3:o:alliedtelesis:at-gs950\/8_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-18957.yaml b/http/cves/2019/CVE-2019-18957.yaml index 77d1934449b..2e431cbcc0b 100644 --- a/http/cves/2019/CVE-2019-18957.yaml +++ b/http/cves/2019/CVE-2019-18957.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2019-18957 cwe-id: CWE-79 - epss-score: 0.07117 - epss-percentile: 0.9104 + epss-score: 0.00375 + epss-percentile: 0.72231 cpe: cpe:2.3:a:microstrategy:microstrategy_library:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-1898.yaml b/http/cves/2019/CVE-2019-1898.yaml index a9dc7500e42..c222ce3edb5 100644 --- a/http/cves/2019/CVE-2019-1898.yaml +++ b/http/cves/2019/CVE-2019-1898.yaml @@ -18,9 +18,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2019-1898 - cwe-id: CWE-285,CWE-425 - epss-score: 0.73548 - epss-percentile: 0.98716 + cwe-id: CWE-425,CWE-285 + epss-score: 0.06856 + epss-percentile: 0.93891 cpe: cpe:2.3:o:cisco:rv110w_firmware:-:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2019/CVE-2019-19134.yaml b/http/cves/2019/CVE-2019-19134.yaml index 67c3d821607..2f1bc77e116 100644 --- a/http/cves/2019/CVE-2019-19134.yaml +++ b/http/cves/2019/CVE-2019-19134.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2019-19134 cwe-id: CWE-79 - epss-score: 0.10483 - epss-percentile: 0.92831 + epss-score: 0.00203 + epss-percentile: 0.58276 cpe: cpe:2.3:a:heroplugins:hero_maps_premium:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-19411.yaml b/http/cves/2019/CVE-2019-19411.yaml index d62293a3824..aeba0f99e54 100644 --- a/http/cves/2019/CVE-2019-19411.yaml +++ b/http/cves/2019/CVE-2019-19411.yaml @@ -8,21 +8,19 @@ info: USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished. reference: - https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-firewall-en - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 3.7 cve-id: CVE-2019-19411 cwe-id: CWE-665 - epss-score: 0.02952 - epss-percentile: 0.85799 - cpe: cpe:2.3:o:huawei:usg9500_firmware:v500r001c30spc100:*:*:*:*:*:*:* + epss-score: 0.00078 + epss-percentile: 0.34692 + cpe: cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: huawei - product: usg9500_firmware + product: usg9500 shodan-query: title:"HUAWEI" tags: cve,cve2019,huawei,firewall,lfi diff --git a/http/cves/2019/CVE-2019-1943.yaml b/http/cves/2019/CVE-2019-1943.yaml index 1c4a79f4123..d5fbfbfab86 100644 --- a/http/cves/2019/CVE-2019-1943.yaml +++ b/http/cves/2019/CVE-2019-1943.yaml @@ -16,12 +16,12 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2019-1943 - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-sbss-redirect classification: - cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 4.7 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2019-1943 cwe-id: CWE-601 - epss-score: 0.22946 - epss-percentile: 0.95583 + epss-score: 0.05334 + epss-percentile: 0.93073 cpe: cpe:2.3:o:cisco:sg200-50_firmware:-:*:*:*:*:*:*:* metadata: verified: "true" diff --git a/http/cves/2019/CVE-2019-19824.yaml b/http/cves/2019/CVE-2019-19824.yaml index 98c7369d688..ec06caa59e2 100644 --- a/http/cves/2019/CVE-2019-19824.yaml +++ b/http/cves/2019/CVE-2019-19824.yaml @@ -21,8 +21,8 @@ info: cvss-score: 8.8 cve-id: CVE-2019-19824 cwe-id: CWE-78 - epss-score: 0.93652 - epss-percentile: 0.99832 + epss-score: 0.96343 + epss-percentile: 0.99519 cpe: cpe:2.3:o:totolink:a3002ru_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-19908.yaml b/http/cves/2019/CVE-2019-19908.yaml index b31b53d50b3..3c57de30c9f 100644 --- a/http/cves/2019/CVE-2019-19908.yaml +++ b/http/cves/2019/CVE-2019-19908.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2019-19908 cwe-id: CWE-79 - epss-score: 0.41864 - epss-percentile: 0.9724 + epss-score: 0.00673 + epss-percentile: 0.79388 cpe: cpe:2.3:a:ciprianmp:phpmychat-plus:1.98:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2019/CVE-2019-19985.yaml b/http/cves/2019/CVE-2019-19985.yaml index 080e8cedcfe..a59b11d6046 100644 --- a/http/cves/2019/CVE-2019-19985.yaml +++ b/http/cves/2019/CVE-2019-19985.yaml @@ -28,9 +28,6 @@ info: vendor: icegram product: email_subscribers_\&_newsletters framework: wordpress - fofa-query: body="/wp-content/plugins/email-subscribers/" - shodan-query: http.html:"/wp-content/plugins/email-subscribers/" - publicwww-query: /wp-content/plugins/email-subscribers/ tags: cve,cve2019,wordpress,wp-plugin,edb,packetstorm,icegram http: diff --git a/http/cves/2019/CVE-2019-20224.yaml b/http/cves/2019/CVE-2019-20224.yaml index 4a68bf0faa0..5dc78cd3bbc 100644 --- a/http/cves/2019/CVE-2019-20224.yaml +++ b/http/cves/2019/CVE-2019-20224.yaml @@ -27,12 +27,8 @@ info: max-request: 2 vendor: artica product: pandora_fms - shodan-query: - - http.title:"pandora fms" - - http.html:"pandora fms - installation wizard" - fofa-query: - - title="pandora fms" - - body="pandora fms - installation wizard" + shodan-query: http.title:"pandora fms" + fofa-query: title="pandora fms" google-query: intitle:"pandora fms" tags: cve,cve2019,pandorafms,rce,authenticated,oast,artica diff --git a/http/cves/2019/CVE-2019-20504.yaml b/http/cves/2019/CVE-2019-20504.yaml index 0300a44790f..5a1cc53e75e 100644 --- a/http/cves/2019/CVE-2019-20504.yaml +++ b/http/cves/2019/CVE-2019-20504.yaml @@ -23,8 +23,9 @@ info: max-request: 2 vendor: quest product: kace_systems_management - shodan-query: http.html:"k1000 logo" - tags: cve,cve2019,k1000,kace,rce,kev,quest + shodan-query: html:"K1000 Logo" + tags: cve,cve2019,k1000,kace,rce,kev + flow: http(1) && http(2) http: diff --git a/http/cves/2019/CVE-2019-20933.yaml b/http/cves/2019/CVE-2019-20933.yaml index 8f1bd8145cd..c94e16b05b7 100644 --- a/http/cves/2019/CVE-2019-20933.yaml +++ b/http/cves/2019/CVE-2019-20933.yaml @@ -19,8 +19,8 @@ info: cvss-score: 9.8 cve-id: CVE-2019-20933 cwe-id: CWE-287 - epss-score: 0.93976 - epss-percentile: 0.99872 + epss-score: 0.04237 + epss-percentile: 0.92253 cpe: cpe:2.3:a:influxdata:influxdb:*:*:*:*:*:*:*:* metadata: verified: true @@ -28,9 +28,9 @@ info: vendor: influxdata product: influxdb shodan-query: - - influxdb + - InfluxDB - http.title:"influxdb - admin interface" - - x-influxdb- + - influxdb fofa-query: title="influxdb - admin interface" google-query: intitle:"influxdb - admin interface" tags: cve,cve2019,unauth,db,influxdb,misconfig,influxdata diff --git a/http/cves/2019/CVE-2019-2578.yaml b/http/cves/2019/CVE-2019-2578.yaml index 87fbd51f354..5dee2c4cf1f 100644 --- a/http/cves/2019/CVE-2019-2578.yaml +++ b/http/cves/2019/CVE-2019-2578.yaml @@ -19,15 +19,13 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N cvss-score: 8.6 cve-id: CVE-2019-2578 - epss-score: 0.70535 - epss-percentile: 0.98583 + epss-score: 0.00623 + epss-percentile: 0.78436 cpe: cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* metadata: max-request: 2 vendor: oracle product: webcenter_sites - shodan-query: http.html:"webcenter" - fofa-query: body="webcenter" tags: cve,cve2019,oracle,wcs,auth-bypass http: diff --git a/http/cves/2019/CVE-2019-2579.yaml b/http/cves/2019/CVE-2019-2579.yaml index e0542f8eab3..5acddc82799 100644 --- a/http/cves/2019/CVE-2019-2579.yaml +++ b/http/cves/2019/CVE-2019-2579.yaml @@ -19,15 +19,13 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N cvss-score: 4.3 cve-id: CVE-2019-2579 - epss-score: 0.58255 - epss-percentile: 0.98041 + epss-score: 0.00493 + epss-percentile: 0.75701 cpe: cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* metadata: max-request: 2 vendor: oracle product: webcenter_sites - shodan-query: http.html:"webcenter" - fofa-query: body="webcenter" tags: cve,cve2019,oracle,wcs,sqli http: diff --git a/http/cves/2019/CVE-2019-2588.yaml b/http/cves/2019/CVE-2019-2588.yaml index d11d9f9ffe9..c0f3f230024 100644 --- a/http/cves/2019/CVE-2019-2588.yaml +++ b/http/cves/2019/CVE-2019-2588.yaml @@ -20,8 +20,8 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N cvss-score: 4.9 cve-id: CVE-2019-2588 - epss-score: 0.8193 - epss-percentile: 0.9914 + epss-score: 0.13765 + epss-percentile: 0.955 cpe: cpe:2.3:a:oracle:business_intelligence_publisher:11.1.1.9.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-2616.yaml b/http/cves/2019/CVE-2019-2616.yaml index 45cd40ad837..db232bbf056 100644 --- a/http/cves/2019/CVE-2019-2616.yaml +++ b/http/cves/2019/CVE-2019-2616.yaml @@ -16,11 +16,11 @@ info: - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Ostorlab/KEV classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N cvss-score: 7.2 cve-id: CVE-2019-2616 - epss-score: 0.94361 - epss-percentile: 0.99951 + epss-score: 0.94801 + epss-percentile: 0.99268 cpe: cpe:2.3:a:oracle:business_intelligence_publisher:11.1.1.9.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-2725.yaml b/http/cves/2019/CVE-2019-2725.yaml index c816e76babb..5ad76eaeba0 100644 --- a/http/cves/2019/CVE-2019-2725.yaml +++ b/http/cves/2019/CVE-2019-2725.yaml @@ -19,8 +19,8 @@ info: cvss-score: 9.8 cve-id: CVE-2019-2725 cwe-id: CWE-74 - epss-score: 0.9447 - epss-percentile: 0.99994 + epss-score: 0.97573 + epss-percentile: 1 cpe: cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2019/CVE-2019-3396.yaml b/http/cves/2019/CVE-2019-3396.yaml index 282a089edc3..1061d16e879 100644 --- a/http/cves/2019/CVE-2019-3396.yaml +++ b/http/cves/2019/CVE-2019-3396.yaml @@ -26,8 +26,9 @@ info: vendor: atlassian product: confluence shodan-query: - - http.component:"atlassian confluence" + - http.component:"Atlassian Confluence" - cpe:"cpe:2.3:a:atlassian:confluence" + - http.component:"atlassian confluence" tags: cve,cve2019,atlassian,confluence,lfi,rce,kev,packetstorm http: diff --git a/http/cves/2019/CVE-2019-3401.yaml b/http/cves/2019/CVE-2019-3401.yaml index 12482f5bdb7..9cf508882d4 100644 --- a/http/cves/2019/CVE-2019-3401.yaml +++ b/http/cves/2019/CVE-2019-3401.yaml @@ -24,12 +24,10 @@ info: vendor: atlassian product: jira shodan-query: + - http.component:"Atlassian Jira" - http.component:"atlassian jira" - http.component:"atlassian confluence" - cpe:"cpe:2.3:a:atlassian:jira" - - http.title:"jira - jira setup" - fofa-query: title="jira - jira setup" - google-query: intitle:"jira - jira setup" tags: cve,cve2019,jira,atlassian,exposure http: diff --git a/http/cves/2019/CVE-2019-3402.yaml b/http/cves/2019/CVE-2019-3402.yaml index 6f66eb93980..b35ab03ad5f 100644 --- a/http/cves/2019/CVE-2019-3402.yaml +++ b/http/cves/2019/CVE-2019-3402.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2019-3402 cwe-id: CWE-79 - epss-score: 0.33441 - epss-percentile: 0.96682 + epss-score: 0.00238 + epss-percentile: 0.61128 cpe: cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:* metadata: verified: true @@ -30,12 +30,10 @@ info: vendor: atlassian product: jira shodan-query: + - http.component:"Atlassian Jira" - http.component:"atlassian jira" - http.component:"atlassian confluence" - cpe:"cpe:2.3:a:atlassian:jira" - - http.title:"jira - jira setup" - fofa-query: title="jira - jira setup" - google-query: intitle:"jira - jira setup" tags: cve,cve2019,atlassian,jira,xss http: diff --git a/http/cves/2019/CVE-2019-3403.yaml b/http/cves/2019/CVE-2019-3403.yaml index 21701219d57..6b34e4e1b20 100644 --- a/http/cves/2019/CVE-2019-3403.yaml +++ b/http/cves/2019/CVE-2019-3403.yaml @@ -28,12 +28,10 @@ info: vendor: atlassian product: jira shodan-query: + - http.component:"Atlassian Jira" - http.component:"atlassian jira" - http.component:"atlassian confluence" - cpe:"cpe:2.3:a:atlassian:jira" - - http.title:"jira - jira setup" - fofa-query: title="jira - jira setup" - google-query: intitle:"jira - jira setup" tags: cve,cve2019,atlassian,jira,enumeration http: diff --git a/http/cves/2019/CVE-2019-3799.yaml b/http/cves/2019/CVE-2019-3799.yaml index 654f6487fb6..b092bf2ff9a 100644 --- a/http/cves/2019/CVE-2019-3799.yaml +++ b/http/cves/2019/CVE-2019-3799.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.5 cve-id: CVE-2019-3799 cwe-id: CWE-22 - epss-score: 0.9117 - epss-percentile: 0.99618 + epss-score: 0.02947 + epss-percentile: 0.90832 cpe: cpe:2.3:a:vmware:spring_cloud_config:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-3911.yaml b/http/cves/2019/CVE-2019-3911.yaml index 0e8b967c967..4b366e036dd 100644 --- a/http/cves/2019/CVE-2019-3911.yaml +++ b/http/cves/2019/CVE-2019-3911.yaml @@ -13,22 +13,22 @@ info: - https://www.tenable.com/security/research/tra-2019-03 - https://nvd.nist.gov/vuln/detail/CVE-2019-3911 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2019-3911 cwe-id: CWE-79 - epss-score: 0.07752 - epss-percentile: 0.91469 + epss-score: 0.00195 + epss-percentile: 0.56966 cpe: cpe:2.3:a:labkey:labkey_server:*:*:community:*:*:*:*:* metadata: max-request: 1 vendor: labkey product: labkey_server shodan-query: - - server:"labkey" + - 'Server: Labkey' - 'http.title:"sign in: /home"' + - "server: labkey" fofa-query: 'title="sign in: /home"' google-query: 'intitle:"sign in: /home"' tags: cve,cve2019,xss,labkey,tenable diff --git a/http/cves/2019/CVE-2019-3912.yaml b/http/cves/2019/CVE-2019-3912.yaml index 6e3f5a6f5c9..49ef62e41c1 100644 --- a/http/cves/2019/CVE-2019-3912.yaml +++ b/http/cves/2019/CVE-2019-3912.yaml @@ -20,16 +20,17 @@ info: cvss-score: 6.1 cve-id: CVE-2019-3912 cwe-id: CWE-601 - epss-score: 0.16842 - epss-percentile: 0.9458 + epss-score: 0.0016 + epss-percentile: 0.51564 cpe: cpe:2.3:a:labkey:labkey_server:*:*:*:*:community:*:*:* metadata: max-request: 1 vendor: labkey product: labkey_server shodan-query: - - server:"labkey" + - 'Server: Labkey' - 'http.title:"sign in: /home"' + - "server: labkey" fofa-query: 'title="sign in: /home"' google-query: 'intitle:"sign in: /home"' tags: cve2019,cve,tenable,redirect,labkey diff --git a/http/cves/2019/CVE-2019-5127.yaml b/http/cves/2019/CVE-2019-5127.yaml index 047a5c4b178..f45b774ffc0 100644 --- a/http/cves/2019/CVE-2019-5127.yaml +++ b/http/cves/2019/CVE-2019-5127.yaml @@ -20,15 +20,13 @@ info: cvss-score: 9.8 cve-id: CVE-2019-5127 cwe-id: CWE-78 - epss-score: 0.93074 - epss-percentile: 0.99773 + epss-score: 0.97409 + epss-percentile: 0.99928 cpe: cpe:2.3:a:youphptube:youphptube_encoder:2.3:*:*:*:*:*:*:* metadata: max-request: 4 vendor: youphptube product: youphptube_encoder - fofa-query: icon_hash="-276846707" - shodan-query: http.favicon.hash:"-276846707" tags: cve,cve2019,rce,youphptube variables: filename: "{{to_lower(rand_text_alpha(5))}}" diff --git a/http/cves/2019/CVE-2019-5128.yaml b/http/cves/2019/CVE-2019-5128.yaml index 7658eebc669..56d8abdf825 100644 --- a/http/cves/2019/CVE-2019-5128.yaml +++ b/http/cves/2019/CVE-2019-5128.yaml @@ -18,12 +18,11 @@ info: cpe: cpe:2.3:a:youphptube:youphptube_encoder:2.3:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 vendor: youphptube - product: "youphptube_encoder" + product: youphptube_encoder fofa-query: icon_hash="-276846707" - shodan-query: http.favicon.hash:"-276846707" tags: cve,cve2019,kev,youphptube,intrusive,encoder + variables: file_name: "{{rand_text_alpha(4)}}.txt" content: "id" diff --git a/http/cves/2019/CVE-2019-5129.yaml b/http/cves/2019/CVE-2019-5129.yaml index 3a91c979002..31f0fc417c2 100644 --- a/http/cves/2019/CVE-2019-5129.yaml +++ b/http/cves/2019/CVE-2019-5129.yaml @@ -8,26 +8,21 @@ info: Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube.The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack. reference: - https://xz.aliyun.com/news/6312 - - https://github.com/20142995/nuclei-templates - - https://github.com/amcai/myscan - - https://github.com/cyb3r-w0lf/nuclei-template-collection - - https://github.com/n3th4ck3rx/cvequery classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2019-5129 cwe-id: CWE-78 - epss-score: 0.91393 - epss-percentile: 0.9963 + epss-score: 0.8734 + epss-percentile: 0.99401 cpe: cpe:2.3:a:youphptube:youphptube_encoder:2.3:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 vendor: youphptube - product: "youphptube_encoder" + product: youphptube_encoder fofa-query: icon_hash="-276846707" - shodan-query: http.favicon.hash:"-276846707" tags: cve,cve2019,kev,youphptube,rce,encoder + variables: file_name: "{{rand_text_alpha(4)}}.txt" content: "id" diff --git a/http/cves/2019/CVE-2019-5418.yaml b/http/cves/2019/CVE-2019-5418.yaml index b55e57c8935..b227abf84e6 100644 --- a/http/cves/2019/CVE-2019-5418.yaml +++ b/http/cves/2019/CVE-2019-5418.yaml @@ -20,26 +20,14 @@ info: cvss-score: 7.5 cve-id: CVE-2019-5418 cwe-id: CWE-22,NVD-CWE-noinfo - epss-score: 0.94231 - epss-percentile: 0.99916 + epss-score: 0.97426 + epss-percentile: 0.99937 cpe: cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: rubyonrails product: rails - shodan-query: - - cpe:"cpe:2.3:a:rubyonrails:rails" - - http.title:"index of" "secret_token.rb" - - http.title:"index of" "secrets.yml" - - http.title:"index of" storage.yml - google-query: - - intitle:"index of" "secret_token.rb" - - intitle:"index of" "secrets.yml" - - intitle:"index of" storage.yml - fofa-query: - - title="index of" "secret_token.rb" - - title="index of" "secrets.yml" - - title="index of" storage.yml + shodan-query: cpe:"cpe:2.3:a:rubyonrails:rails" tags: cve,cve2019,rails,lfi,disclosure,edb,rubyonrails http: diff --git a/http/cves/2019/CVE-2019-5434.yaml b/http/cves/2019/CVE-2019-5434.yaml index 6676f73abc6..b996993533b 100644 --- a/http/cves/2019/CVE-2019-5434.yaml +++ b/http/cves/2019/CVE-2019-5434.yaml @@ -30,12 +30,11 @@ info: vendor: revive-sas product: revive_adserver shodan-query: - - http.favicon.hash:"106844876" + - http.favicon.hash:106844876 - http.title:"revive adserver" fofa-query: - icon_hash=106844876 - title="revive adserver" - - icon_hash="106844876" google-query: intitle:"revive adserver" tags: cve,cve2019,edb,packetstorm,revive,adserver,rce,revive-sas diff --git a/http/cves/2019/CVE-2019-6340.yaml b/http/cves/2019/CVE-2019-6340.yaml index ae4b5f95dff..c966e065fbd 100644 --- a/http/cves/2019/CVE-2019-6340.yaml +++ b/http/cves/2019/CVE-2019-6340.yaml @@ -16,12 +16,12 @@ info: - https://www.exploit-db.com/exploits/46452/ - https://github.com/CVEDB/PoC-List classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2019-6340 cwe-id: CWE-502 - epss-score: 0.94438 - epss-percentile: 0.99985 + epss-score: 0.97451 + epss-percentile: 0.9995 cpe: cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-6715.yaml b/http/cves/2019/CVE-2019-6715.yaml index ce3d96a05ec..6ca75c8f2fe 100644 --- a/http/cves/2019/CVE-2019-6715.yaml +++ b/http/cves/2019/CVE-2019-6715.yaml @@ -20,8 +20,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2019-6715 - epss-score: 0.92206 - epss-percentile: 0.99694 + epss-score: 0.3388 + epss-percentile: 0.97075 cpe: cpe:2.3:a:boldgrid:w3_total_cache:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-6793.yaml b/http/cves/2019/CVE-2019-6793.yaml index 75183b6a431..f13a496c699 100644 --- a/http/cves/2019/CVE-2019-6793.yaml +++ b/http/cves/2019/CVE-2019-6793.yaml @@ -9,30 +9,18 @@ info: reference: - https://gitlab.com/gitlab-org/gitlab-foss/-/issues/50748 - https://nvd.nist.gov/vuln/detail/CVE-2019-6793 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L - cvss-score: 7 + cvss-score: 7.0 cve-id: CVE-2019-6793 cwe-id: CWE-918 - epss-score: 0.01966 - epss-percentile: 0.8258 cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* metadata: max-request: 1 vendor: gitlab product: gitlab - shodan-query: - - http.html:"gitlab enterprise edition" - - cpe:"cpe:2.3:a:gitlab:gitlab" - - http.html:"gitlab-ci.yml" - - http.title:"gitlab" - fofa-query: - - body="gitlab enterprise edition" - - body="gitlab-ci.yml" - - title="gitlab" - google-query: intitle:"gitlab" + shodan-query: html:"GitLab Enterprise Edition" + fofa-query: body="GitLab Enterprise Edition" tags: cve,cve2019,gitlab,enterprise,ssrf,blind http: diff --git a/http/cves/2019/CVE-2019-6799.yaml b/http/cves/2019/CVE-2019-6799.yaml index 86cf13f2a1f..3e2f8fb7681 100644 --- a/http/cves/2019/CVE-2019-6799.yaml +++ b/http/cves/2019/CVE-2019-6799.yaml @@ -30,18 +30,17 @@ info: vendor: phpmyadmin product: phpmyadmin shodan-query: + - title:"phpmyadmin" - http.title:"phpmyadmin" - http.component:"phpmyadmin" - cpe:"cpe:2.3:a:phpmyadmin:phpmyadmin" - - http.html:"phpmyadmin" - - http.html:"server_databases.php" fofa-query: - body="pma_servername" && body="4.8.4" - title="phpmyadmin" - - body="phpmyadmin" - - body="server_databases.php" google-query: intitle:"phpmyadmin" - hunter-query: app.name="phpmyadmin"&&web.body="pma_servername"&&web.body="4.8.4" + hunter-query: + - app.name="phpMyAdmin"&&web.body="pma_servername"&&web.body="4.8.4" + - app.name="phpmyadmin"&&web.body="pma_servername"&&web.body="4.8.4" tags: cve,cve2019,phpmyadmin,mysql,lfr,intrusive,sqli http: diff --git a/http/cves/2019/CVE-2019-6802.yaml b/http/cves/2019/CVE-2019-6802.yaml index 102f077a2a9..93bd18304e8 100644 --- a/http/cves/2019/CVE-2019-6802.yaml +++ b/http/cves/2019/CVE-2019-6802.yaml @@ -19,15 +19,17 @@ info: cvss-score: 6.1 cve-id: CVE-2019-6802 cwe-id: CWE-74 - epss-score: 0.01042 - epss-percentile: 0.7635 + epss-score: 0.00113 + epss-percentile: 0.43845 cpe: cpe:2.3:a:python:pypiserver:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: python product: pypiserver - shodan-query: http.html:"pypiserver" + shodan-query: + - html:"pypiserver" + - http.html:"pypiserver" fofa-query: body="pypiserver" tags: cve,cve2019,crlf,pypiserver,python diff --git a/http/cves/2019/CVE-2019-7139.yaml b/http/cves/2019/CVE-2019-7139.yaml index 82422c28199..5f26954bbd4 100644 --- a/http/cves/2019/CVE-2019-7139.yaml +++ b/http/cves/2019/CVE-2019-7139.yaml @@ -29,11 +29,11 @@ info: product: magento framework: magento shodan-query: - - http.component:"magento" + - http.component:"Magento" - cpe:"cpe:2.3:a:magento:magento" - - http.html:"magento installation" - fofa-query: body="magento installation" + - http.component:"magento" tags: time-based-sqli,cve,cve2019,sqli,magento + flow: http(1) && http(2) http: diff --git a/http/cves/2019/CVE-2019-7192.yaml b/http/cves/2019/CVE-2019-7192.yaml index 4309052afab..5dda97e654e 100644 --- a/http/cves/2019/CVE-2019-7192.yaml +++ b/http/cves/2019/CVE-2019-7192.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2019-7192 cwe-id: CWE-863 - epss-score: 0.94298 - epss-percentile: 0.9993 + epss-score: 0.96341 + epss-percentile: 0.99549 cpe: cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:* metadata: verified: true @@ -30,9 +30,10 @@ info: vendor: qnap product: photo_station shodan-query: - - content-length:"580 "http server 1.0"" + - 'Content-Length: 580 "http server 1.0"' - http.title:"photo station" - http.title:"qnap" + - 'content-length: 580 "http server 1.0"' fofa-query: - title="photo station" - title="qnap" diff --git a/http/cves/2019/CVE-2019-7219.yaml b/http/cves/2019/CVE-2019-7219.yaml index 57dd56edaaf..ffc1a4156ec 100644 --- a/http/cves/2019/CVE-2019-7219.yaml +++ b/http/cves/2019/CVE-2019-7219.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2019-7219 cwe-id: CWE-79 - epss-score: 0.31243 - epss-percentile: 0.96501 + epss-score: 0.00113 + epss-percentile: 0.44665 cpe: cpe:2.3:a:zarafa:webaccess:7.2.0-48204:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-7254.yaml b/http/cves/2019/CVE-2019-7254.yaml index 4ff2cff8e1a..aabfb8bfe1a 100644 --- a/http/cves/2019/CVE-2019-7254.yaml +++ b/http/cves/2019/CVE-2019-7254.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2019-7254 cwe-id: CWE-22 - epss-score: 0.85158 - epss-percentile: 0.99291 + epss-score: 0.85153 + epss-percentile: 0.9853 cpe: cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2019/CVE-2019-7255.yaml b/http/cves/2019/CVE-2019-7255.yaml index 5ccd34bc25c..3eac612ceee 100644 --- a/http/cves/2019/CVE-2019-7255.yaml +++ b/http/cves/2019/CVE-2019-7255.yaml @@ -29,7 +29,9 @@ info: max-request: 1 vendor: nortekcontrol product: linear_emerge_essential_firmware - shodan-query: http.title:"emerge" + shodan-query: + - http.title:"eMerge" + - http.title:"emerge" fofa-query: title="emerge" google-query: intitle:"emerge" tags: cve,cve2019,emerge,xss,packetstorm,nortek,nortekcontrol diff --git a/http/cves/2019/CVE-2019-7256.yaml b/http/cves/2019/CVE-2019-7256.yaml index 7830aacf492..8665eb05bea 100644 --- a/http/cves/2019/CVE-2019-7256.yaml +++ b/http/cves/2019/CVE-2019-7256.yaml @@ -29,7 +29,9 @@ info: max-request: 2 vendor: nortekcontrol product: linear_emerge_essential_firmware - shodan-query: http.title:"emerge" + shodan-query: + - title:"eMerge" + - http.title:"emerge" fofa-query: title="emerge" google-query: intitle:"emerge" tags: cve,cve2019,emerge,rce,edb,nortekcontrol,kev diff --git a/http/cves/2019/CVE-2019-7481.yaml b/http/cves/2019/CVE-2019-7481.yaml index 9b0a645b6e2..2fd448bcc08 100644 --- a/http/cves/2019/CVE-2019-7481.yaml +++ b/http/cves/2019/CVE-2019-7481.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2019-7481 cwe-id: CWE-89 - epss-score: 0.9438 - epss-percentile: 0.99958 + epss-score: 0.93107 + epss-percentile: 0.99046 cpe: cpe:2.3:o:sonicwall:sma_100_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-7543.yaml b/http/cves/2019/CVE-2019-7543.yaml index d8afe7b5ccf..99a919bf19d 100644 --- a/http/cves/2019/CVE-2019-7543.yaml +++ b/http/cves/2019/CVE-2019-7543.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2019-7543 cwe-id: CWE-79 - epss-score: 0.09011 - epss-percentile: 0.92166 + epss-score: 0.00135 + epss-percentile: 0.47935 cpe: cpe:2.3:a:kindsoft:kindeditor:4.1.11:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2019/CVE-2019-7609.yaml b/http/cves/2019/CVE-2019-7609.yaml index d5a957d5cde..6d9b0ddc874 100644 --- a/http/cves/2019/CVE-2019-7609.yaml +++ b/http/cves/2019/CVE-2019-7609.yaml @@ -20,8 +20,8 @@ info: cvss-score: 10 cve-id: CVE-2019-7609 cwe-id: CWE-94 - epss-score: 0.94448 - epss-percentile: 0.99989 + epss-score: 0.96778 + epss-percentile: 0.99656 cpe: cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-8086.yaml b/http/cves/2019/CVE-2019-8086.yaml index 8d8f75adea1..956ad77e0f4 100644 --- a/http/cves/2019/CVE-2019-8086.yaml +++ b/http/cves/2019/CVE-2019-8086.yaml @@ -20,16 +20,18 @@ info: cvss-score: 7.5 cve-id: CVE-2019-8086 cwe-id: CWE-611 - epss-score: 0.54798 - epss-percentile: 0.97874 + epss-score: 0.13896 + epss-percentile: 0.95652 cpe: cpe:2.3:a:adobe:experience_manager:6.2:*:*:*:*:*:*:* metadata: max-request: 2 vendor: adobe product: experience_manager shodan-query: - - http.title:"aem sign in" + - http.title:"AEM Sign In" + - http.component:"Adobe Experience Manager" - http.component:"adobe experience manager" + - http.title:"aem sign in" - cpe:"cpe:2.3:a:adobe:experience_manager" fofa-query: title="aem sign in" google-query: intitle:"aem sign in" diff --git a/http/cves/2019/CVE-2019-8390.yaml b/http/cves/2019/CVE-2019-8390.yaml index da0cc378371..8e0ea1cad9f 100644 --- a/http/cves/2019/CVE-2019-8390.yaml +++ b/http/cves/2019/CVE-2019-8390.yaml @@ -29,7 +29,7 @@ info: max-request: 3 vendor: qdpm product: qdpm - shodan-query: http.favicon.hash:"762074255" + shodan-query: http.favicon.hash:762074255 fofa-query: icon_hash=762074255 tags: cve,cve2019,xss,qdpm,authenticated,edb diff --git a/http/cves/2019/CVE-2019-8442.yaml b/http/cves/2019/CVE-2019-8442.yaml index 60618d0469d..db7785c86ac 100644 --- a/http/cves/2019/CVE-2019-8442.yaml +++ b/http/cves/2019/CVE-2019-8442.yaml @@ -27,12 +27,10 @@ info: vendor: atlassian product: jira shodan-query: + - http.component:"Atlassian Jira" - http.component:"atlassian jira" - http.component:"atlassian confluence" - cpe:"cpe:2.3:a:atlassian:jira" - - http.title:"jira - jira setup" - fofa-query: title="jira - jira setup" - google-query: intitle:"jira - jira setup" tags: cve,cve2019,atlassian,jira,lfi,intrusive http: diff --git a/http/cves/2019/CVE-2019-8446.yaml b/http/cves/2019/CVE-2019-8446.yaml index 6bab61fc248..90901607b90 100644 --- a/http/cves/2019/CVE-2019-8446.yaml +++ b/http/cves/2019/CVE-2019-8446.yaml @@ -20,14 +20,16 @@ info: cvss-score: 5.3 cve-id: CVE-2019-8446 cwe-id: CWE-863 - epss-score: 0.70181 - epss-percentile: 0.9857 + epss-score: 0.15691 + epss-percentile: 0.95925 cpe: cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: atlassian product: jira_server - shodan-query: http.component:"atlassian jira" + shodan-query: + - http.component:"Atlassian Jira" + - http.component:"atlassian jira" tags: cve,cve2019,jira,atlassian http: diff --git a/http/cves/2019/CVE-2019-8449.yaml b/http/cves/2019/CVE-2019-8449.yaml index 514eb8ea788..d0a431c85b7 100644 --- a/http/cves/2019/CVE-2019-8449.yaml +++ b/http/cves/2019/CVE-2019-8449.yaml @@ -20,20 +20,18 @@ info: cvss-score: 5.3 cve-id: CVE-2019-8449 cwe-id: CWE-306 - epss-score: 0.68722 - epss-percentile: 0.98507 + epss-score: 0.29471 + epss-percentile: 0.96907 cpe: cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: atlassian product: jira shodan-query: + - http.component:"Atlassian Jira" - http.component:"atlassian jira" - http.component:"atlassian confluence" - cpe:"cpe:2.3:a:atlassian:jira" - - http.title:"jira - jira setup" - fofa-query: title="jira - jira setup" - google-query: intitle:"jira - jira setup" tags: cve,cve2019,atlassian,jira,disclosure,packetstorm http: diff --git a/http/cves/2019/CVE-2019-8451.yaml b/http/cves/2019/CVE-2019-8451.yaml index 4609eed3b0f..a9ade8642ef 100644 --- a/http/cves/2019/CVE-2019-8451.yaml +++ b/http/cves/2019/CVE-2019-8451.yaml @@ -27,7 +27,9 @@ info: max-request: 1 vendor: atlassian product: jira_server - shodan-query: http.component:"atlassian jira" + shodan-query: + - http.component:"Atlassian Jira" + - http.component:"atlassian jira" tags: cve,cve2019,atlassian,jira,ssrf,oast,tenable,hackerone http: diff --git a/http/cves/2019/CVE-2019-8937.yaml b/http/cves/2019/CVE-2019-8937.yaml index 444d1814ffb..72b3931caac 100644 --- a/http/cves/2019/CVE-2019-8937.yaml +++ b/http/cves/2019/CVE-2019-8937.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2019-8937 cwe-id: CWE-79 - epss-score: 0.50859 - epss-percentile: 0.97693 + epss-score: 0.00477 + epss-percentile: 0.75729 cpe: cpe:2.3:a:digitaldruid:hoteldruid:2.3.0:*:*:*:*:*:*:* metadata: verified: true @@ -30,7 +30,7 @@ info: product: hoteldruid shodan-query: - http.title:"hoteldruid" - - http.favicon.hash:"-1521640213" + - http.favicon.hash:-1521640213 fofa-query: - title="hoteldruid" - icon_hash=-1521640213 diff --git a/http/cves/2019/CVE-2019-8943.yaml b/http/cves/2019/CVE-2019-8943.yaml index 75b7aa8f6ac..83b2489811d 100644 --- a/http/cves/2019/CVE-2019-8943.yaml +++ b/http/cves/2019/CVE-2019-8943.yaml @@ -22,15 +22,14 @@ info: cpe: cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 18 vendor: wordpress product: wordpress shodan-query: - - '[http.component:"wordpress" cpe:"cpe:2.3:a:wordpress:wordpress"]' - - cpe:"cpe:2.3:a:wordpress:wordpress" - http.component:"wordpress" + - cpe:"cpe:2.3:a:wordpress:wordpress" fofa-query: body="oembed" && body="wp-" tags: cve,cve2019,wordpress,rce,intrusive,authenticated,packetstorm,wp-theme + variables: image_filename: "{{rand_text_alpha(10)}}" string: "{{to_lower(rand_text_alpha(5))}}" diff --git a/http/cves/2019/CVE-2019-8982.yaml b/http/cves/2019/CVE-2019-8982.yaml index 777f694dcff..cdab6df3124 100644 --- a/http/cves/2019/CVE-2019-8982.yaml +++ b/http/cves/2019/CVE-2019-8982.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.6 cve-id: CVE-2019-8982 cwe-id: CWE-918 - epss-score: 0.81061 - epss-percentile: 0.99094 + epss-score: 0.01814 + epss-percentile: 0.88158 cpe: cpe:2.3:a:wavemaker:wavemarker_studio:6.6:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-9618.yaml b/http/cves/2019/CVE-2019-9618.yaml index 8664b522316..bc7045cf733 100644 --- a/http/cves/2019/CVE-2019-9618.yaml +++ b/http/cves/2019/CVE-2019-9618.yaml @@ -18,8 +18,8 @@ info: cvss-score: 9.8 cve-id: CVE-2019-9618 cwe-id: CWE-22 - epss-score: 0.8082 - epss-percentile: 0.99084 + epss-score: 0.03376 + epss-percentile: 0.91411 cpe: cpe:2.3:a:gracemedia_media_player_project:gracemedia_media_player:1.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2019/CVE-2019-9632.yaml b/http/cves/2019/CVE-2019-9632.yaml index d15151fce88..88a17ade484 100644 --- a/http/cves/2019/CVE-2019-9632.yaml +++ b/http/cves/2019/CVE-2019-9632.yaml @@ -9,23 +9,18 @@ info: reference: - https://github.com/HimmelAward/Goby_POC - https://github.com/Z0fhack/Goby_POC - - https://github.com/NyxAzrael/Goby_POC - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2019-9632 - epss-score: 0.23329 - epss-percentile: 0.95638 + epss-score: 0.05368 + epss-percentile: 0.93097 cpe: cpe:2.3:a:esafenet:electronic_document_security_management_system:v3:*:*:*:*:*:*:* metadata: max-request: 1 vendor: esafenet product: "electronic_document_security_management_system" - fofa-query: - - "title=\"电子文档安全管理系统\"" - - title="电子文档安全管理系统",body="cdgserver3/" - hunter-query: web.title="电子文档安全管理系统",web.body="cdgserver3/" + fofa-query: "title=\"电子文档安全管理系统\"" tags: cve,cve2019,esafenet,lfi http: diff --git a/http/cves/2019/CVE-2019-9670.yaml b/http/cves/2019/CVE-2019-9670.yaml index 0b109ad21eb..766c813e517 100644 --- a/http/cves/2019/CVE-2019-9670.yaml +++ b/http/cves/2019/CVE-2019-9670.yaml @@ -32,11 +32,9 @@ info: shodan-query: - http.title:"zimbra collaboration suite" - http.title:"zimbra web client sign in" - - http.favicon.hash:"1624375939" fofa-query: - title="zimbra web client sign in" - title="zimbra collaboration suite" - - icon_hash=1624375939 google-query: - intitle:"zimbra collaboration suite" - intitle:"zimbra web client sign in" diff --git a/http/cves/2019/CVE-2019-9733.yaml b/http/cves/2019/CVE-2019-9733.yaml index ac9025cae1d..f4cbb2438f8 100644 --- a/http/cves/2019/CVE-2019-9733.yaml +++ b/http/cves/2019/CVE-2019-9733.yaml @@ -26,11 +26,7 @@ info: max-request: 1 vendor: jfrog product: artifactory - shodan-query: - - cpe:"cpe:2.3:a:jfrog:artifactory" - - http.title:"jfrog" - fofa-query: title="jfrog" - google-query: intitle:"jfrog" + shodan-query: cpe:"cpe:2.3:a:jfrog:artifactory" tags: cve,cve2019,packetstorm,artifactory,login,jfrog http: diff --git a/http/cves/2019/CVE-2019-9912.yaml b/http/cves/2019/CVE-2019-9912.yaml index 5d9641144c7..aac08b5c819 100644 --- a/http/cves/2019/CVE-2019-9912.yaml +++ b/http/cves/2019/CVE-2019-9912.yaml @@ -10,25 +10,20 @@ info: - https://lists.openwall.net/full-disclosure/2019/02/05/13 - https://security-consulting.icu/blog/2019/02/wordpress-wpgooglemaps-xss/ - https://nvd.nist.gov/vuln/detail/CVE-2019-9912 - - http://seclists.org/fulldisclosure/2019/Mar/41 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2019-9912 cwe-id: CWE-79 - epss-score: 0.00846 - epss-percentile: 0.73694 - cpe: cpe:2.3:a:codecabin:wp_go_maps:*:*:*:*:*:wordpress:*:* + cpe: cpe:2.3:a:wpgmaps:wp_go_maps:*:*:*:*:*:wordpress:*:* metadata: verified: true - max-request: 2 - vendor: codecabin - product: "wp_go_maps" - framework: wordpress + max-request: 1 fofa-query: body="/wp-content/plugins/wp-google-maps" - shodan-query: http.html:"/wp-content/plugins/wp-google-maps" - tags: cve,cve2019,wp,wp-plugin,wordpress,xss,wp-go-maps,codecabin + vendor: codecabin + product: wp_go_maps + tags: cve,cve2019,wp,wp-plugin,wordpress,xss,wp-go-maps + flow: http(1) && http(2) http: diff --git a/http/cves/2019/CVE-2019-9922.yaml b/http/cves/2019/CVE-2019-9922.yaml index e4db793c854..f8771a79e56 100644 --- a/http/cves/2019/CVE-2019-9922.yaml +++ b/http/cves/2019/CVE-2019-9922.yaml @@ -20,15 +20,15 @@ info: cvss-score: 7.5 cve-id: CVE-2019-9922 cwe-id: CWE-22 - epss-score: 0.84884 - epss-percentile: 0.99275 + epss-score: 0.00972 + epss-percentile: 0.83335 cpe: cpe:2.3:a:harmistechnology:je_messenger:1.2.2:*:*:*:*:joomla\!:*:* metadata: max-request: 1 vendor: harmistechnology product: je_messenger framework: joomla\! - tags: cve,joomla,messenger,lfi,harmistechnology,cve2019,joomla\! + tags: cve2019,cve,joomla,messenger,lfi,harmistechnology,joomla http: - method: GET diff --git a/http/cves/2019/CVE-2019-9978.yaml b/http/cves/2019/CVE-2019-9978.yaml index b56f5b723aa..f780ddb6631 100644 --- a/http/cves/2019/CVE-2019-9978.yaml +++ b/http/cves/2019/CVE-2019-9978.yaml @@ -26,11 +26,7 @@ info: vendor: warfareplugins product: social_warfare framework: wordpress - fofa-query: - - body="social-warfare" && body="wp-" - - body=/wp-content/plugins/social-warfare/ - publicwww-query: /wp-content/plugins/social-warfare/ - shodan-query: http.html:"/wp-content/plugins/social-warfare/" + fofa-query: body="social-warfare" && body="wp-" tags: cve,cve2019,wordpress,wp-plugin,ssrf,kev,warfareplugins,xss flow: http(1) && http(2) diff --git a/http/cves/2020/CVE-2020-0618.yaml b/http/cves/2020/CVE-2020-0618.yaml index cbe1b387572..26265b71720 100644 --- a/http/cves/2020/CVE-2020-0618.yaml +++ b/http/cves/2020/CVE-2020-0618.yaml @@ -27,7 +27,6 @@ info: max-request: 1 vendor: microsoft product: sql_server - google-query: inurl:"/reports/pages/folder.aspx" tags: cve,cve2020,rce,packetstorm,microsoft,kev http: diff --git a/http/cves/2020/CVE-2020-10148.yaml b/http/cves/2020/CVE-2020-10148.yaml index 3bcff4d6d43..52405a03933 100644 --- a/http/cves/2020/CVE-2020-10148.yaml +++ b/http/cves/2020/CVE-2020-10148.yaml @@ -20,9 +20,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-10148 - cwe-id: CWE-288,CWE-306 - epss-score: 0.94345 - epss-percentile: 0.99945 + cwe-id: CWE-287,CWE-288 + epss-score: 0.97265 + epss-percentile: 0.99853 cpe: cpe:2.3:a:solarwinds:orion_platform:2019.4:hotfix5:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2020/CVE-2020-10189.yaml b/http/cves/2020/CVE-2020-10189.yaml index d2683d33481..299381ccd4b 100644 --- a/http/cves/2020/CVE-2020-10189.yaml +++ b/http/cves/2020/CVE-2020-10189.yaml @@ -19,28 +19,22 @@ info: cvss-score: 9.8 cve-id: CVE-2020-10189 cwe-id: CWE-502 - epss-score: 0.94248 - epss-percentile: 0.99919 + epss-score: 0.97206 + epss-percentile: 0.99826 cpe: cpe:2.3:a:zohocorp:manageengine_desktop_central:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 + max-request: 1 vendor: zohocorp - product: "manageengine_desktop_central" - shodan-query: - - http.title:"manageengine desktop central 10" - - http.html:"manageengine desktop central 10" - - http.title:"manageengine desktop central" + product: manageengine_desktop_central fofa-query: - - '[body="manageengine desktop central 10" title="manageengine desktop central 10" app="zoho-manageengine-desktop"]' - - app="zoho-manageengine-desktop" - body="manageengine desktop central 10" - title="manageengine desktop central 10" - - title="manageengine desktop central" - google-query: - - intitle:"manageengine desktop central 10" - - intitle:"manageengine desktop central" - tags: cve,cve2020,kev,zoho,manageengine,deserialization,intrusive,zohocorp + - app="zoho-manageengine-desktop" + shodan-query: http.title:"manageengine desktop central 10" + google-query: intitle:"manageengine desktop central 10" + tags: cve,cve2020,kev,zoho,manageengine,deserialization,intrusive + flow: http(1) && http(2) http: diff --git a/http/cves/2020/CVE-2020-10199.yaml b/http/cves/2020/CVE-2020-10199.yaml index 3c473a21b15..054c5e43cb8 100644 --- a/http/cves/2020/CVE-2020-10199.yaml +++ b/http/cves/2020/CVE-2020-10199.yaml @@ -20,8 +20,8 @@ info: cvss-score: 8.8 cve-id: CVE-2020-10199 cwe-id: CWE-917 - epss-score: 0.94379 - epss-percentile: 0.99958 + epss-score: 0.97327 + epss-percentile: 0.99883 cpe: cpe:2.3:a:sonatype:nexus:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2020/CVE-2020-10220.yaml b/http/cves/2020/CVE-2020-10220.yaml index 9c5f2af8a2a..3d32f45e369 100644 --- a/http/cves/2020/CVE-2020-10220.yaml +++ b/http/cves/2020/CVE-2020-10220.yaml @@ -21,15 +21,17 @@ info: cvss-score: 9.8 cve-id: CVE-2020-10220 cwe-id: CWE-89 - epss-score: 0.94024 - epss-percentile: 0.9988 + epss-score: 0.03051 + epss-percentile: 0.90974 cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: rconfig product: rconfig - shodan-query: http.title:"rconfig" + shodan-query: + - title:"rConfig" + - http.title:"rconfig" fofa-query: title="rconfig" google-query: intitle:"rconfig" tags: cve,cve2020,packetstorm,rconfig,sqli diff --git a/http/cves/2020/CVE-2020-10546.yaml b/http/cves/2020/CVE-2020-10546.yaml index 5c7dfb8946b..8e9c5cf74ce 100644 --- a/http/cves/2020/CVE-2020-10546.yaml +++ b/http/cves/2020/CVE-2020-10546.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-10546 cwe-id: CWE-89 - epss-score: 0.92924 - epss-percentile: 0.99756 + epss-score: 0.38355 + epss-percentile: 0.97221 cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-10547.yaml b/http/cves/2020/CVE-2020-10547.yaml index 143d209b088..a9df26ef73f 100644 --- a/http/cves/2020/CVE-2020-10547.yaml +++ b/http/cves/2020/CVE-2020-10547.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-10547 cwe-id: CWE-89 - epss-score: 0.89969 - epss-percentile: 0.99546 + epss-score: 0.38355 + epss-percentile: 0.97128 cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-10548.yaml b/http/cves/2020/CVE-2020-10548.yaml index 95db8fac344..1b5cf47bfff 100644 --- a/http/cves/2020/CVE-2020-10548.yaml +++ b/http/cves/2020/CVE-2020-10548.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-10548 cwe-id: CWE-89 - epss-score: 0.89969 - epss-percentile: 0.99546 + epss-score: 0.38355 + epss-percentile: 0.97221 cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-10549.yaml b/http/cves/2020/CVE-2020-10549.yaml index 212b8d1dbaa..bd056839231 100644 --- a/http/cves/2020/CVE-2020-10549.yaml +++ b/http/cves/2020/CVE-2020-10549.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-10549 cwe-id: CWE-89 - epss-score: 0.91617 - epss-percentile: 0.99646 + epss-score: 0.38355 + epss-percentile: 0.97221 cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-10770.yaml b/http/cves/2020/CVE-2020-10770.yaml index 65b76bd57f1..8a07f183fe1 100644 --- a/http/cves/2020/CVE-2020-10770.yaml +++ b/http/cves/2020/CVE-2020-10770.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5.3 cve-id: CVE-2020-10770 cwe-id: CWE-918 - epss-score: 0.92282 - epss-percentile: 0.99699 + epss-score: 0.16545 + epss-percentile: 0.96007 cpe: cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* metadata: max-request: 1 @@ -30,12 +30,11 @@ info: shodan-query: - http.html:"keycloak" - http.title:"keycloak" - - http.favicon.hash:"-1105083093" + - http.favicon.hash:-1105083093 fofa-query: - title="keycloak" - icon_hash=-1105083093 - body="keycloak" - - icon_hash="-1105083093" google-query: intitle:"keycloak" tags: cve,cve2020,keycloak,ssrf,oast,blind,packetstorm,edb,redhat diff --git a/http/cves/2020/CVE-2020-10973.yaml b/http/cves/2020/CVE-2020-10973.yaml index 3a9c0872358..6657eecb6a9 100644 --- a/http/cves/2020/CVE-2020-10973.yaml +++ b/http/cves/2020/CVE-2020-10973.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-10973 cwe-id: CWE-306 - epss-score: 0.37288 - epss-percentile: 0.96961 + epss-score: 0.02524 + epss-percentile: 0.90149 cpe: cpe:2.3:o:wavlink:wn530hg4_firmware:m30hg4.v5030.191116:*:*:*:*:*:*:* metadata: verified: true @@ -30,11 +30,9 @@ info: vendor: wavlink product: wn530hg4_firmware shodan-query: + - http.html:"Wavlink" - http.html:"wavlink" - - http.html:"wn530hg4" - fofa-query: - - body="wavlink" - - body="wn530hg4" + fofa-query: body="wavlink" tags: cve,cve2020,exposure,wavlink http: diff --git a/http/cves/2020/CVE-2020-11034.yaml b/http/cves/2020/CVE-2020-11034.yaml index 5183314ba2f..68b171bb3f3 100644 --- a/http/cves/2020/CVE-2020-11034.yaml +++ b/http/cves/2020/CVE-2020-11034.yaml @@ -29,11 +29,9 @@ info: shodan-query: - http.title:"glpi" - http.favicon.hash:"-1474875778" - - http.html:"setup glpi" fofa-query: - icon_hash="-1474875778" - title="glpi" - - body="setup glpi" google-query: intitle:"glpi" tags: cve,cve2020,redirect,glpi,glpi-project diff --git a/http/cves/2020/CVE-2020-11110.yaml b/http/cves/2020/CVE-2020-11110.yaml index cee6cfc3adf..f46d8e0485d 100644 --- a/http/cves/2020/CVE-2020-11110.yaml +++ b/http/cves/2020/CVE-2020-11110.yaml @@ -19,16 +19,17 @@ info: cvss-score: 5.4 cve-id: CVE-2020-11110 cwe-id: CWE-79 - epss-score: 0.67637 - epss-percentile: 0.98456 + epss-score: 0.00512 + epss-percentile: 0.76553 cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: grafana product: grafana shodan-query: - - http.title:"grafana" + - title:"Grafana" - cpe:"cpe:2.3:a:grafana:grafana" + - http.title:"grafana" fofa-query: - title="grafana" - app="grafana" diff --git a/http/cves/2020/CVE-2020-11441.yaml b/http/cves/2020/CVE-2020-11441.yaml index 694dd3f0907..812be258d51 100644 --- a/http/cves/2020/CVE-2020-11441.yaml +++ b/http/cves/2020/CVE-2020-11441.yaml @@ -9,33 +9,18 @@ info: reference: - https://github.com/phpmyadmin/phpmyadmin/issues/16056 - https://nvd.nist.gov/vuln/detail/CVE-2020-11441 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 6.1 cve-id: CVE-2020-11441 - cwe-id: CWE-74 - epss-score: 0.02343 - epss-percentile: 0.8406 + cwe-id: CWE-93 cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:5.0.2:*:*:*:*:*:*:* metadata: max-request: 2 vendor: phpmyadmin product: phpmyadmin - shodan-query: - - http.title:"phpmyadmin" - - cpe:"cpe:2.3:a:phpmyadmin:phpmyadmin" - - http.component:"phpmyadmin" - - http.html:"phpmyadmin" - - http.html:"server_databases.php" - fofa-query: - - title="phpmyadmin" - - body="phpmyadmin" - - body="pma_servername" && body="4.8.4" - - body="server_databases.php" - google-query: intitle:"phpmyadmin" - hunter-query: app.name="phpmyadmin"&&web.body="pma_servername"&&web.body="4.8.4" + shodan-query: title:"phpmyadmin" + fofa-query: title="phpmyadmin" tags: cve,crlf,phpmyadmin,cve2020 http: diff --git a/http/cves/2020/CVE-2020-11455.yaml b/http/cves/2020/CVE-2020-11455.yaml index b71a6cfe8d2..d1d26321363 100644 --- a/http/cves/2020/CVE-2020-11455.yaml +++ b/http/cves/2020/CVE-2020-11455.yaml @@ -20,19 +20,13 @@ info: cvss-score: 9.8 cve-id: CVE-2020-11455 cwe-id: CWE-22 - epss-score: 0.92774 - epss-percentile: 0.99743 + epss-score: 0.87845 + epss-percentile: 0.98577 cpe: cpe:2.3:a:limesurvey:limesurvey:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: limesurvey product: limesurvey - shodan-query: - - http.favicon.hash:"1781653957" - - http.html:"limesurvey installer" - fofa-query: - - body="limesurvey installer" - - icon_hash=1781653957 tags: cve2020,cve,lfi,edb,packetstorm,limesurvey http: diff --git a/http/cves/2020/CVE-2020-11529.yaml b/http/cves/2020/CVE-2020-11529.yaml index 239764e07c5..ebf8039029f 100644 --- a/http/cves/2020/CVE-2020-11529.yaml +++ b/http/cves/2020/CVE-2020-11529.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-11529 cwe-id: CWE-601 - epss-score: 0.67395 - epss-percentile: 0.98442 + epss-score: 0.00417 + epss-percentile: 0.7148 cpe: cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-11530.yaml b/http/cves/2020/CVE-2020-11530.yaml index 21e363303cf..5b2d7fb7e34 100644 --- a/http/cves/2020/CVE-2020-11530.yaml +++ b/http/cves/2020/CVE-2020-11530.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-11530 cwe-id: CWE-89 - epss-score: 0.92116 - epss-percentile: 0.99688 + epss-score: 0.83664 + epss-percentile: 0.98459 cpe: cpe:2.3:a:idangero:chop_slider:3.0:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2020/CVE-2020-11546.yaml b/http/cves/2020/CVE-2020-11546.yaml index 0ba74e3edbf..c64c03d7d95 100644 --- a/http/cves/2020/CVE-2020-11546.yaml +++ b/http/cves/2020/CVE-2020-11546.yaml @@ -27,7 +27,9 @@ info: max-request: 1 vendor: superwebmailer product: superwebmailer - shodan-query: http.title:"superwebmailer" + shodan-query: + - title:"SuperWebMailer" + - http.title:"superwebmailer" fofa-query: title="superwebmailer" google-query: intitle:"superwebmailer" tags: cve,cve2020,rce,superwebmailer diff --git a/http/cves/2020/CVE-2020-11547.yaml b/http/cves/2020/CVE-2020-11547.yaml index 4ed3b186bd9..6d16e00f1f2 100644 --- a/http/cves/2020/CVE-2020-11547.yaml +++ b/http/cves/2020/CVE-2020-11547.yaml @@ -29,11 +29,9 @@ info: vendor: paessler product: prtg_network_monitor shodan-query: + - title:"prtg" - http.title:"prtg" - - http.favicon.hash:"-655683626" - fofa-query: - - title="prtg" - - icon_hash="-655683626" + fofa-query: title="prtg" google-query: intitle:"prtg" tags: cve2020,cve,prtg,disclosure,paessler diff --git a/http/cves/2020/CVE-2020-11710.yaml b/http/cves/2020/CVE-2020-11710.yaml index 1bea669666f..45aeb945016 100644 --- a/http/cves/2020/CVE-2020-11710.yaml +++ b/http/cves/2020/CVE-2020-11710.yaml @@ -19,13 +19,13 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-11710 - epss-score: 0.93384 - epss-percentile: 0.99801 + epss-score: 0.02642 + epss-percentile: 0.90121 cpe: cpe:2.3:a:konghq:docker-kong:*:*:*:*:*:kong:*:* metadata: - max-request: 2 + max-request: 1 vendor: konghq - product: "docker-kong" + product: docker-kong framework: kong shodan-query: cpe:"cpe:2.3:a:konghq:docker-kong" tags: cve,cve2020,kong,konghq diff --git a/http/cves/2020/CVE-2020-11798.yaml b/http/cves/2020/CVE-2020-11798.yaml index 607d30a3880..662b95b1712 100644 --- a/http/cves/2020/CVE-2020-11798.yaml +++ b/http/cves/2020/CVE-2020-11798.yaml @@ -21,8 +21,8 @@ info: cvss-score: 5.3 cve-id: CVE-2020-11798 cwe-id: CWE-22 - epss-score: 0.85152 - epss-percentile: 0.9929 + epss-score: 0.82302 + epss-percentile: 0.98125 cpe: cpe:2.3:a:mitel:micollab_audio\,_web_\&_video_conferencing:*:*:*:*:*:*:*:* metadata: verified: true @@ -30,11 +30,9 @@ info: vendor: mitel product: micollab_audio\,_web_\&_video_conferencing shodan-query: + - html:"Mitel" html:"MiCollab" - http.html:"mitel" html:"micollab" - - http.html:"micollab" - fofa-query: - - body="mitel" html:"micollab" - - body="micollab" + fofa-query: body="mitel" html:"micollab" tags: cve,cve2020,packetstorm,mitel,micollab,lfi http: diff --git a/http/cves/2020/CVE-2020-11853.yaml b/http/cves/2020/CVE-2020-11853.yaml index 253b871a749..e404e3eb0c7 100644 --- a/http/cves/2020/CVE-2020-11853.yaml +++ b/http/cves/2020/CVE-2020-11853.yaml @@ -20,8 +20,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2020-11853 - epss-score: 0.90263 - epss-percentile: 0.99563 + epss-score: 0.83699 + epss-percentile: 0.98462 cpe: cpe:2.3:a:microfocus:operation_bridge_manager:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-11854.yaml b/http/cves/2020/CVE-2020-11854.yaml index d09f2a5ac32..7fb9623aa41 100644 --- a/http/cves/2020/CVE-2020-11854.yaml +++ b/http/cves/2020/CVE-2020-11854.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-11854 cwe-id: CWE-798 - epss-score: 0.91159 - epss-percentile: 0.99617 + epss-score: 0.23333 + epss-percentile: 0.96551 cpe: cpe:2.3:a:microfocus:application_performance_management:9.50:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-11930.yaml b/http/cves/2020/CVE-2020-11930.yaml index af132497786..e97101f215d 100644 --- a/http/cves/2020/CVE-2020-11930.yaml +++ b/http/cves/2020/CVE-2020-11930.yaml @@ -19,15 +19,15 @@ info: cvss-score: 6.1 cve-id: CVE-2020-11930 cwe-id: CWE-79 - epss-score: 0.10758 - epss-percentile: 0.92941 + epss-score: 0.00303 + epss-percentile: 0.69597 cpe: cpe:2.3:a:gtranslate:translate_wordpress_with_gtranslate:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 vendor: gtranslate product: translate_wordpress_with_gtranslate framework: wordpress - shodan-query: http.html:"/wp-content/plugins/gtranslate" + shodan-query: http.html:/wp-content/plugins/gtranslate fofa-query: body=/wp-content/plugins/gtranslate publicwww-query: "/wp-content/plugins/gtranslate" tags: cve2020,cve,wordpress,wp,xss,wp-plugin,wpscan,gtranslate diff --git a/http/cves/2020/CVE-2020-11978.yaml b/http/cves/2020/CVE-2020-11978.yaml index 8ccf8b654ff..be0f27c7b1f 100644 --- a/http/cves/2020/CVE-2020-11978.yaml +++ b/http/cves/2020/CVE-2020-11978.yaml @@ -19,8 +19,8 @@ info: cvss-score: 8.8 cve-id: CVE-2020-11978 cwe-id: CWE-78 - epss-score: 0.94378 - epss-percentile: 0.99957 + epss-score: 0.97444 + epss-percentile: 0.99947 cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:* metadata: verified: true @@ -28,21 +28,17 @@ info: vendor: apache product: airflow shodan-query: + - title:"Airflow - DAGs" || http.html:"Apache Airflow" - http.title:"airflow - dags" || http.html:"apache airflow" - http.title:"sign in - airflow" - product:"redis" - - http.html:"apache airflow" - - http.title:"airflow - dags" fofa-query: - title="sign in - airflow" - apache airflow - title="airflow - dags" || http.html:"apache airflow" - - body="apache airflow" - - title="airflow - dags" google-query: - intitle:"sign in - airflow" - intitle:"airflow - dags" || http.html:"apache airflow" - - intitle:"airflow - dags" tags: cve2020,cve,packetstorm,apache,airflow,rce,kev http: diff --git a/http/cves/2020/CVE-2020-11991.yaml b/http/cves/2020/CVE-2020-11991.yaml index 89d749b9cde..22e93b9d140 100644 --- a/http/cves/2020/CVE-2020-11991.yaml +++ b/http/cves/2020/CVE-2020-11991.yaml @@ -19,17 +19,17 @@ info: cvss-score: 7.5 cve-id: CVE-2020-11991 cwe-id: CWE-611 - epss-score: 0.92403 - epss-percentile: 0.99711 + epss-score: 0.81306 + epss-percentile: 0.98339 cpe: cpe:2.3:a:apache:cocoon:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: apache product: cocoon - shodan-query: http.html:"apache cocoon" - fofa-query: - - body="apache cocoon" - - app="apache-cocoon" + shodan-query: + - http.html:"Apache Cocoon" + - http.html:"apache cocoon" + fofa-query: body="apache cocoon" tags: cve,cve2020,apache,xml,cocoon,xxe http: diff --git a/http/cves/2020/CVE-2020-12054.yaml b/http/cves/2020/CVE-2020-12054.yaml index 6846f23156f..a5f31100b56 100644 --- a/http/cves/2020/CVE-2020-12054.yaml +++ b/http/cves/2020/CVE-2020-12054.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-12054 cwe-id: CWE-79 - epss-score: 0.09174 - epss-percentile: 0.9225 + epss-score: 0.00129 + epss-percentile: 0.47703 cpe: cpe:2.3:a:catchplugins:catch_breadcrumb:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-12116.yaml b/http/cves/2020/CVE-2020-12116.yaml index 32f5b1c97b2..3d3613d261b 100644 --- a/http/cves/2020/CVE-2020-12116.yaml +++ b/http/cves/2020/CVE-2020-12116.yaml @@ -20,22 +20,16 @@ info: cvss-score: 7.5 cve-id: CVE-2020-12116 cwe-id: CWE-22 - epss-score: 0.90527 - epss-percentile: 0.99577 + epss-score: 0.97317 + epss-percentile: 0.99876 cpe: cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: zohocorp product: manageengine_opmanager - shodan-query: - - http.title:"opmanager plus" - - http.title:"opmanager" - fofa-query: - - title="opmanager plus" - - title="opmanager" - google-query: - - intitle:"opmanager plus" - - intitle:"opmanager" + shodan-query: http.title:"opmanager plus" + fofa-query: title="opmanager plus" + google-query: intitle:"opmanager plus" tags: cve,cve2020,zoho,lfi,manageengine,zohocorp http: diff --git a/http/cves/2020/CVE-2020-12124.yaml b/http/cves/2020/CVE-2020-12124.yaml index 5830020312a..6c780fc4015 100644 --- a/http/cves/2020/CVE-2020-12124.yaml +++ b/http/cves/2020/CVE-2020-12124.yaml @@ -11,14 +11,13 @@ info: - https://cerne.xyz/bugs/CVE-2020-12124 - https://www.wavlink.com/en_us/product/WL-WN530H4.html - https://github.com/Scorpion-Security-Labs/CVE-2020-12124 - - https://github.com/nomi-sec/PoC-in-GitHub classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-12124 cwe-id: CWE-78 - epss-score: 0.91674 - epss-percentile: 0.99649 + epss-score: 0.94551 + epss-percentile: 0.99227 cpe: cpe:2.3:o:wavlink:wn530h4_firmware:m30h4.v5030.190403:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-12127.yaml b/http/cves/2020/CVE-2020-12127.yaml index 93a178f9f86..dec183d14b5 100644 --- a/http/cves/2020/CVE-2020-12127.yaml +++ b/http/cves/2020/CVE-2020-12127.yaml @@ -21,15 +21,17 @@ info: cvss-score: 7.5 cve-id: CVE-2020-12127 cwe-id: CWE-306 - epss-score: 0.30273 - epss-percentile: 0.96415 + epss-score: 0.06164 + epss-percentile: 0.93545 cpe: cpe:2.3:o:wavlink:wn530h4_firmware:m30h4.v5030.190403:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: wavlink product: wn530h4_firmware - shodan-query: http.html:"wavlink" + shodan-query: + - http.html:"Wavlink" + - http.html:"wavlink" fofa-query: body="wavlink" tags: cve,cve2020,wavlink,exposure diff --git a/http/cves/2020/CVE-2020-12256.yaml b/http/cves/2020/CVE-2020-12256.yaml index 25b3cbcb942..560a1432026 100644 --- a/http/cves/2020/CVE-2020-12256.yaml +++ b/http/cves/2020/CVE-2020-12256.yaml @@ -25,7 +25,9 @@ info: max-request: 3 vendor: rconfig product: rconfig - shodan-query: http.title:"rconfig" + shodan-query: + - http.title:"rConfig" + - http.title:"rconfig" fofa-query: title="rconfig" google-query: intitle:"rconfig" tags: cve,cve2020,rconfig,authenticated,xss diff --git a/http/cves/2020/CVE-2020-12259.yaml b/http/cves/2020/CVE-2020-12259.yaml index 73d4df1df46..40c3efa6305 100644 --- a/http/cves/2020/CVE-2020-12259.yaml +++ b/http/cves/2020/CVE-2020-12259.yaml @@ -25,7 +25,9 @@ info: max-request: 3 vendor: rconfig product: rconfig - shodan-query: http.title:"rconfig" + shodan-query: + - http.title:"rConfig" + - http.title:"rconfig" fofa-query: title="rconfig" google-query: intitle:"rconfig" tags: cve2020,cve,rconfig,authenticated,xss diff --git a/http/cves/2020/CVE-2020-12478.yaml b/http/cves/2020/CVE-2020-12478.yaml index 14a3e9a3dcd..1e8fe32e930 100644 --- a/http/cves/2020/CVE-2020-12478.yaml +++ b/http/cves/2020/CVE-2020-12478.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-12478 cwe-id: CWE-306 - epss-score: 0.14586 - epss-percentile: 0.94096 + epss-score: 0.01338 + epss-percentile: 0.86048 cpe: cpe:2.3:a:teampass:teampass:2.1.27.36:*:*:*:*:*:*:* metadata: verified: true @@ -30,9 +30,7 @@ info: vendor: teampass product: teampass shodan-query: http.html:"teampass" - fofa-query: - - body="teampass" - - app="teampass" + fofa-query: body="teampass" tags: cve2020,cve,teampass,exposure,unauth http: diff --git a/http/cves/2020/CVE-2020-12720.yaml b/http/cves/2020/CVE-2020-12720.yaml index 141e21e0033..52959653b97 100644 --- a/http/cves/2020/CVE-2020-12720.yaml +++ b/http/cves/2020/CVE-2020-12720.yaml @@ -19,9 +19,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-12720 - cwe-id: CWE-89 - epss-score: 0.9382 - epss-percentile: 0.99852 + cwe-id: CWE-306 + epss-score: 0.88621 + epss-percentile: 0.98693 cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:* metadata: max-request: 1 @@ -32,16 +32,12 @@ info: - http.html:"powered by vbulletin" - http.component:"vbulletin" - cpe:"cpe:2.3:a:vbulletin:vbulletin" - - http.title:"vbulletin" fofa-query: - body="powered by vbulletin" - title="powered by vbulletin" - - app="vbulletin" - - title="vbulletin" google-query: - intext:"powered by vbulletin" - intitle:"powered by vbulletin" - - intitle:"vbulletin" tags: cve2020,cve,vbulletin,sqli,packetstorm http: diff --git a/http/cves/2020/CVE-2020-13117.yaml b/http/cves/2020/CVE-2020-13117.yaml index 0928b611e62..b4ec357d87b 100644 --- a/http/cves/2020/CVE-2020-13117.yaml +++ b/http/cves/2020/CVE-2020-13117.yaml @@ -28,9 +28,7 @@ info: max-request: 1 vendor: wavlink product: wn575a4 - shodan-query: http.title:"wi-fi app login" - fofa-query: title="wi-fi app login" - google-query: intitle:"wi-fi app login" + shodan-query: http.title:"Wi-Fi APP Login" tags: cve,cve2020,wavlink,rce,oast,router http: diff --git a/http/cves/2020/CVE-2020-13121.yaml b/http/cves/2020/CVE-2020-13121.yaml index 6b85ae1a6ea..8b6aa2963b8 100644 --- a/http/cves/2020/CVE-2020-13121.yaml +++ b/http/cves/2020/CVE-2020-13121.yaml @@ -13,14 +13,13 @@ info: - https://github.com/Submitty/Submitty/issues/5265 - https://nvd.nist.gov/vuln/detail/CVE-2020-13121 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-13121 cwe-id: CWE-601 - epss-score: 0.1521 - epss-percentile: 0.94243 + epss-score: 0.00235 + epss-percentile: 0.61592 cpe: cpe:2.3:a:rcos:submitty:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-13158.yaml b/http/cves/2020/CVE-2020-13158.yaml index a26bbb6de75..f29d25f4094 100644 --- a/http/cves/2020/CVE-2020-13158.yaml +++ b/http/cves/2020/CVE-2020-13158.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-13158 cwe-id: CWE-22 - epss-score: 0.91826 - epss-percentile: 0.99662 + epss-score: 0.96791 + epss-percentile: 0.99659 cpe: cpe:2.3:a:articatech:artica_proxy:*:*:*:*:community:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-13379.yaml b/http/cves/2020/CVE-2020-13379.yaml index 0e2a44cbf99..ff0b9c5393f 100644 --- a/http/cves/2020/CVE-2020-13379.yaml +++ b/http/cves/2020/CVE-2020-13379.yaml @@ -20,8 +20,8 @@ info: cvss-score: 8.2 cve-id: CVE-2020-13379 cwe-id: CWE-918 - epss-score: 0.92676 - epss-percentile: 0.99733 + epss-score: 0.71681 + epss-percentile: 0.98063 cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:* metadata: verified: true @@ -29,8 +29,9 @@ info: vendor: grafana product: grafana shodan-query: - - http.title:"grafana" + - title:"Grafana" - cpe:"cpe:2.3:a:grafana:grafana" + - http.title:"grafana" fofa-query: - title="grafana" - app="grafana" diff --git a/http/cves/2020/CVE-2020-13405.yaml b/http/cves/2020/CVE-2020-13405.yaml index 5f99b048169..6850c557c8d 100644 --- a/http/cves/2020/CVE-2020-13405.yaml +++ b/http/cves/2020/CVE-2020-13405.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-13405 cwe-id: CWE-306 - epss-score: 0.25825 - epss-percentile: 0.95946 + epss-score: 0.01002 + epss-percentile: 0.83607 cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* metadata: verified: true @@ -31,7 +31,7 @@ info: product: microweber shodan-query: - http.html:"microweber" - - http.favicon.hash:"780351152" + - http.favicon.hash:780351152 fofa-query: - body="microweber" - icon_hash=780351152 diff --git a/http/cves/2020/CVE-2020-13483.yaml b/http/cves/2020/CVE-2020-13483.yaml index 757f6c9cf7f..df72995adbc 100644 --- a/http/cves/2020/CVE-2020-13483.yaml +++ b/http/cves/2020/CVE-2020-13483.yaml @@ -20,19 +20,15 @@ info: cvss-score: 6.1 cve-id: CVE-2020-13483 cwe-id: CWE-79 - epss-score: 0.17784 - epss-percentile: 0.94764 + epss-score: 0.00113 + epss-percentile: 0.44743 cpe: cpe:2.3:a:bitrix24:bitrix24:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: bitrix24 product: bitrix24 - shodan-query: - - http.html:"/bitrix/" - - http.favicon.hash:"-2115208104" - fofa-query: - - body="/bitrix/" - - icon_hash=-2115208104 + shodan-query: http.html:"/bitrix/" + fofa-query: body="/bitrix/" tags: cve2020,cve,xss,bitrix,bitrix24 http: diff --git a/http/cves/2020/CVE-2020-13638.yaml b/http/cves/2020/CVE-2020-13638.yaml index 434f9e8703d..ec1fa148036 100644 --- a/http/cves/2020/CVE-2020-13638.yaml +++ b/http/cves/2020/CVE-2020-13638.yaml @@ -23,7 +23,9 @@ info: max-request: 3 vendor: rconfig product: rconfig - shodan-query: http.title:"rconfig" + shodan-query: + - http.title:"rConfig" + - http.title:"rconfig" fofa-query: title="rconfig" google-query: intitle:"rconfig" tags: cve,cve2020,rconfig,auth-bypass,intrusive diff --git a/http/cves/2020/CVE-2020-13700.yaml b/http/cves/2020/CVE-2020-13700.yaml index 35ef4a515f5..d02eaac5dcd 100644 --- a/http/cves/2020/CVE-2020-13700.yaml +++ b/http/cves/2020/CVE-2020-13700.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-13700 cwe-id: CWE-639 - epss-score: 0.90784 - epss-percentile: 0.99594 + epss-score: 0.01831 + epss-percentile: 0.88233 cpe: cpe:2.3:a:acf_to_rest_api_project:acf_to_rest_api:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-13820.yaml b/http/cves/2020/CVE-2020-13820.yaml index 5492f19fd4e..68d1bcaa34c 100644 --- a/http/cves/2020/CVE-2020-13820.yaml +++ b/http/cves/2020/CVE-2020-13820.yaml @@ -21,15 +21,17 @@ info: cvss-score: 6.1 cve-id: CVE-2020-13820 cwe-id: CWE-79 - epss-score: 0.30254 - epss-percentile: 0.96413 + epss-score: 0.00289 + epss-percentile: 0.68885 cpe: cpe:2.3:a:extremenetworks:extreme_management_center:8.4.1.24:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: extremenetworks product: extreme_management_center - shodan-query: http.title:"extreme management center" + shodan-query: + - title:"Extreme Management Center" + - http.title:"extreme management center" fofa-query: title="extreme management center" google-query: intitle:"extreme management center" tags: cve2020,cve,xss,extremenetworks diff --git a/http/cves/2020/CVE-2020-13851.yaml b/http/cves/2020/CVE-2020-13851.yaml index 910de21af38..8d40eb4f885 100644 --- a/http/cves/2020/CVE-2020-13851.yaml +++ b/http/cves/2020/CVE-2020-13851.yaml @@ -25,11 +25,9 @@ info: vendor: pandorafms product: pandora_fms shodan-query: + - title:"Pandora FMS" - http.title:"pandora fms" - - http.html:"pandora fms - installation wizard" - fofa-query: - - title="pandora fms" - - body="pandora fms - installation wizard" + fofa-query: title="pandora fms" google-query: intitle:"pandora fms" tags: cve2020,cve,packetstorm,rce,pandora,unauth,artica,pandorafms diff --git a/http/cves/2020/CVE-2020-13927.yaml b/http/cves/2020/CVE-2020-13927.yaml index bc82af03579..924f7e853e7 100644 --- a/http/cves/2020/CVE-2020-13927.yaml +++ b/http/cves/2020/CVE-2020-13927.yaml @@ -20,9 +20,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-13927 - cwe-id: CWE-306 - epss-score: 0.94159 - epss-percentile: 0.99902 + cwe-id: CWE-1188 + epss-score: 0.96667 + epss-percentile: 0.99637 cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:* metadata: verified: true @@ -30,21 +30,17 @@ info: vendor: apache product: airflow shodan-query: + - title:"Airflow - DAGs" || http.html:"Apache Airflow" - http.title:"airflow - dags" || http.html:"apache airflow" - http.title:"sign in - airflow" - product:"redis" - - http.html:"apache airflow" - - http.title:"airflow - dags" fofa-query: - title="sign in - airflow" - apache airflow - title="airflow - dags" || http.html:"apache airflow" - - body="apache airflow" - - title="airflow - dags" google-query: - intitle:"sign in - airflow" - intitle:"airflow - dags" || http.html:"apache airflow" - - intitle:"airflow - dags" tags: cve2020,cve,packetstorm,apache,airflow,unauth,auth-bypass,kev http: diff --git a/http/cves/2020/CVE-2020-13937.yaml b/http/cves/2020/CVE-2020-13937.yaml index 8d1e401432b..8d6a4cd6443 100644 --- a/http/cves/2020/CVE-2020-13937.yaml +++ b/http/cves/2020/CVE-2020-13937.yaml @@ -20,17 +20,15 @@ info: cvss-score: 5.3 cve-id: CVE-2020-13937 cwe-id: CWE-922 - epss-score: 0.93221 - epss-percentile: 0.99788 + epss-score: 0.97421 + epss-percentile: 0.99929 cpe: cpe:2.3:a:apache:kylin:2.0.0:*:*:*:*:*:*:* metadata: max-request: 1 vendor: apache product: kylin - shodan-query: http.favicon.hash:"-186961397" - fofa-query: - - icon_hash=-186961397 - - app="apache-kylin" + shodan-query: http.favicon.hash:-186961397 + fofa-query: icon_hash=-186961397 tags: cve,cve2020,apache http: diff --git a/http/cves/2020/CVE-2020-13942.yaml b/http/cves/2020/CVE-2020-13942.yaml index eed64cc52f0..142ea893578 100644 --- a/http/cves/2020/CVE-2020-13942.yaml +++ b/http/cves/2020/CVE-2020-13942.yaml @@ -22,9 +22,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-13942 - cwe-id: CWE-20,CWE-74 - epss-score: 0.94047 - epss-percentile: 0.99885 + cwe-id: CWE-74,CWE-20 + epss-score: 0.97256 + epss-percentile: 0.99818 cpe: cpe:2.3:a:apache:unomi:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-13945.yaml b/http/cves/2020/CVE-2020-13945.yaml index 19e18da0f02..5800ff4aca1 100644 --- a/http/cves/2020/CVE-2020-13945.yaml +++ b/http/cves/2020/CVE-2020-13945.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.5 cve-id: CVE-2020-13945 cwe-id: CWE-522 - epss-score: 0.94009 - epss-percentile: 0.99877 + epss-score: 0.00838 + epss-percentile: 0.81705 cpe: cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2020/CVE-2020-14144.yaml b/http/cves/2020/CVE-2020-14144.yaml index 0e0a22c2dea..30527e6b047 100644 --- a/http/cves/2020/CVE-2020-14144.yaml +++ b/http/cves/2020/CVE-2020-14144.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.2 cve-id: CVE-2020-14144 cwe-id: CWE-78 - epss-score: 0.9342 - epss-percentile: 0.99805 + epss-score: 0.97279 + epss-percentile: 0.9986 cpe: cpe:2.3:a:gitea:gitea:*:*:*:*:*:*:*:* metadata: verified: true @@ -29,19 +29,14 @@ info: vendor: gitea product: gitea shodan-query: + - html:"Powered by Gitea Version" - http.html:"powered by gitea version" - http.title:"gitea" - cpe:"cpe:2.3:a:gitea:gitea" - - http.html:"powered by gitea" - - 'http.title:"installation - gitea: git with a cup of tea"' fofa-query: - body="powered by gitea version" - title="gitea" - - body="powered by gitea" - - 'title="installation - gitea: git with a cup of tea"' - google-query: - - intitle:"gitea" - - 'intitle:"installation - gitea: git with a cup of tea"' + google-query: intitle:"gitea" tags: cve2020,cve,rce,gitea,authenticated,git,intrusive http: diff --git a/http/cves/2020/CVE-2020-14179.yaml b/http/cves/2020/CVE-2020-14179.yaml index b74912fddb0..9fe8ff41557 100644 --- a/http/cves/2020/CVE-2020-14179.yaml +++ b/http/cves/2020/CVE-2020-14179.yaml @@ -26,7 +26,9 @@ info: max-request: 1 vendor: atlassian product: jira_data_center - shodan-query: http.component:"atlassian jira" + shodan-query: + - http.component:"Atlassian Jira" + - http.component:"atlassian jira" tags: cve,cve2020,atlassian,jira,exposure,disclosure http: diff --git a/http/cves/2020/CVE-2020-14181.yaml b/http/cves/2020/CVE-2020-14181.yaml index 6aec7206090..f74ec22c226 100644 --- a/http/cves/2020/CVE-2020-14181.yaml +++ b/http/cves/2020/CVE-2020-14181.yaml @@ -20,14 +20,16 @@ info: cvss-score: 5.3 cve-id: CVE-2020-14181 cwe-id: CWE-200 - epss-score: 0.94055 - epss-percentile: 0.99887 + epss-score: 0.9645 + epss-percentile: 0.99579 cpe: cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: atlassian product: data_center - shodan-query: http.component:"atlassian jira" + shodan-query: + - http.component:"Atlassian Jira" + - http.component:"atlassian jira" tags: cve,cve2020,atlassian,jira,packetstorm http: diff --git a/http/cves/2020/CVE-2020-14408.yaml b/http/cves/2020/CVE-2020-14408.yaml index 9240fe76c0f..bc246bd36a4 100644 --- a/http/cves/2020/CVE-2020-14408.yaml +++ b/http/cves/2020/CVE-2020-14408.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-14408 cwe-id: CWE-79 - epss-score: 0.01606 - epss-percentile: 0.80822 + epss-score: 0.00113 + epss-percentile: 0.44743 cpe: cpe:2.3:a:agentejo:cockpit:0.10.2:*:*:*:*:*:*:* metadata: verified: true @@ -29,7 +29,7 @@ info: vendor: agentejo product: cockpit shodan-query: - - http.favicon.hash:"688609340" + - http.favicon.hash:688609340 - http.html:"cockpit" fofa-query: - icon_hash=688609340 diff --git a/http/cves/2020/CVE-2020-14413.yaml b/http/cves/2020/CVE-2020-14413.yaml index 13fcfd2cd09..83a61ba2807 100644 --- a/http/cves/2020/CVE-2020-14413.yaml +++ b/http/cves/2020/CVE-2020-14413.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2020-14413 - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-14413 cwe-id: CWE-79 - epss-score: 0.15743 - epss-percentile: 0.94352 + epss-score: 0.00095 + epss-percentile: 0.40142 cpe: cpe:2.3:a:nedi:nedi:1.9c:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-14750.yaml b/http/cves/2020/CVE-2020-14750.yaml index 4b1a987923c..00b188f18d5 100644 --- a/http/cves/2020/CVE-2020-14750.yaml +++ b/http/cves/2020/CVE-2020-14750.yaml @@ -20,26 +20,22 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-14750 - epss-score: 0.94435 - epss-percentile: 0.99983 - cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* + epss-score: 0.97546 + epss-percentile: 0.99996 + cpe: cpe:2.3:a:oracle:fusion_middleware:10.3.6.0:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: oracle - product: weblogic_server + product: fusion_middleware shodan-query: - - http.html:"weblogic application server" + - http.html:"Weblogic Application Server" - http.title:"weblogic" - - http.title:"oracle peoplesoft sign-in" - - product:"oracle weblogic" + - http.html:"weblogic application server" fofa-query: - title="weblogic" - body="weblogic application server" - - title="oracle peoplesoft sign-in" - google-query: - - intitle:"weblogic" - - intitle:"oracle peoplesoft sign-in" + google-query: intitle:"weblogic" tags: cve2020,cve,rce,oracle,weblogic,unauth,kev,packetstorm http: diff --git a/http/cves/2020/CVE-2020-14882.yaml b/http/cves/2020/CVE-2020-14882.yaml index 0bfe4d36e13..de49f064b70 100644 --- a/http/cves/2020/CVE-2020-14882.yaml +++ b/http/cves/2020/CVE-2020-14882.yaml @@ -20,8 +20,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-14882 - epss-score: 0.94454 - epss-percentile: 0.9999 + epss-score: 0.9739 + epss-percentile: 0.99906 cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-14883.yaml b/http/cves/2020/CVE-2020-14883.yaml index edb57b7a773..6a7f70c1624 100644 --- a/http/cves/2020/CVE-2020-14883.yaml +++ b/http/cves/2020/CVE-2020-14883.yaml @@ -29,8 +29,9 @@ info: vendor: oracle product: weblogic_server shodan-query: - - http.title:"oracle peoplesoft sign-in" + - title:"Oracle PeopleSoft Sign-in" - product:"oracle weblogic" + - http.title:"oracle peoplesoft sign-in" fofa-query: title="oracle peoplesoft sign-in" google-query: intitle:"oracle peoplesoft sign-in" tags: cve,cve2020,oracle,rce,weblogic,kev,packetstorm diff --git a/http/cves/2020/CVE-2020-15050.yaml b/http/cves/2020/CVE-2020-15050.yaml index c01a92c676f..cd2f1f555a8 100644 --- a/http/cves/2020/CVE-2020-15050.yaml +++ b/http/cves/2020/CVE-2020-15050.yaml @@ -14,22 +14,18 @@ info: - https://www.supremainc.com/en/support/biostar-2-pakage.asp - https://nvd.nist.gov/vuln/detail/CVE-2020-15050 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-15050 cwe-id: CWE-22 - epss-score: 0.79206 - epss-percentile: 0.99001 + epss-score: 0.55214 + epss-percentile: 0.9766 cpe: cpe:2.3:a:supremainc:biostar_2:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: supremainc product: biostar_2 - shodan-query: http.title:"biostar" - fofa-query: title="biostar" - google-query: intitle:"biostar" tags: cve,cve2020,suprema,biostar2,packetstorm,lfi,supremainc http: diff --git a/http/cves/2020/CVE-2020-15129.yaml b/http/cves/2020/CVE-2020-15129.yaml index 7945616d447..49b4f3da76c 100644 --- a/http/cves/2020/CVE-2020-15129.yaml +++ b/http/cves/2020/CVE-2020-15129.yaml @@ -16,12 +16,12 @@ info: - https://github.com/containous/traefik/security/advisories/GHSA-6qq8-5wq3-86rp - https://nvd.nist.gov/vuln/detail/CVE-2020-15129 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N - cvss-score: 6.1 + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 4.7 cve-id: CVE-2020-15129 cwe-id: CWE-601 - epss-score: 0.77532 - epss-percentile: 0.98915 + epss-score: 0.01168 + epss-percentile: 0.84908 cpe: cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-15148.yaml b/http/cves/2020/CVE-2020-15148.yaml index 23a5c894a1c..0eaab421ebb 100644 --- a/http/cves/2020/CVE-2020-15148.yaml +++ b/http/cves/2020/CVE-2020-15148.yaml @@ -3,7 +3,7 @@ id: CVE-2020-15148 info: name: Yii 2 < 2.0.38 - Remote Code Execution author: pikpikcu - severity: high + severity: critical description: Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. @@ -15,24 +15,17 @@ info: - https://github.com/yiisoft/yii2/security/advisories/GHSA-699q-wcff-g9mj - https://github.com/20142995/sectool classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H - cvss-score: 8.9 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 cve-id: CVE-2020-15148 cwe-id: CWE-502 - epss-score: 0.917 - epss-percentile: 0.99652 + epss-score: 0.02822 + epss-percentile: 0.90667 cpe: cpe:2.3:a:yiiframework:yii:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: yiiframework product: yii - shodan-query: - - http.html:"yii\base\errorexception" - - http.title:"yii debugger" - fofa-query: - - body="yii\base\errorexception" - - title="yii debugger" - google-query: intitle:"yii debugger" tags: cve,cve2020,rce,yii,yiiframework http: diff --git a/http/cves/2020/CVE-2020-15227.yaml b/http/cves/2020/CVE-2020-15227.yaml index 9313ffa3865..26821a11d7a 100644 --- a/http/cves/2020/CVE-2020-15227.yaml +++ b/http/cves/2020/CVE-2020-15227.yaml @@ -3,7 +3,7 @@ id: CVE-2020-15227 info: name: Nette Framework - Remote Code Execution author: becivells - severity: high + severity: critical description: Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. @@ -16,19 +16,21 @@ info: - https://lists.debian.org/debian-lts-announce/2021/04/msg00003.html - https://packagist.org/packages/nette/application classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N - cvss-score: 8.7 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2020-15227 cwe-id: CWE-94,CWE-74 - epss-score: 0.93716 - epss-percentile: 0.99838 + epss-score: 0.97285 + epss-percentile: 0.99862 cpe: cpe:2.3:a:nette:application:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: nette product: application - fofa-query: app="nette-framework" + fofa-query: + - app="nette-Framework" + - app="nette-framework" tags: cve2020,cve,nette,rce http: diff --git a/http/cves/2020/CVE-2020-15415.yaml b/http/cves/2020/CVE-2020-15415.yaml index 3e0ec4ffe1c..318c9ea325e 100644 --- a/http/cves/2020/CVE-2020-15415.yaml +++ b/http/cves/2020/CVE-2020-15415.yaml @@ -11,24 +11,19 @@ info: reference: - https://github.com/CLP-team/Vigor-Commond-Injection - https://nvd.nist.gov/vuln/detail/CVE-2020-15415 - - https://github.com/20142995/pocsuite3 - - https://github.com/ARPSyndicate/cve-scores - - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-15415 cwe-id: CWE-78 - epss-score: 0.93463 - epss-percentile: 0.99811 - cpe: cpe:2.3:o:draytek:vigor3900_firmware:*:*:*:*:*:*:*:* + cpe: cpe:2.3:h:draytek:vigor:-:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: draytek - product: vigor3900_firmware + product: vigor fofa-query: '"excanvas.js" && "lang == \"zh-cn\"" && "detectLang" && server=="DWS"' - tags: cve,cve2020,draytek,rce,router,kev,intrusive + tags: cve,cve2020,draytek,rce,router,kev http: - raw: diff --git a/http/cves/2020/CVE-2020-15500.yaml b/http/cves/2020/CVE-2020-15500.yaml index a10e8898ac9..d0c718cc441 100644 --- a/http/cves/2020/CVE-2020-15500.yaml +++ b/http/cves/2020/CVE-2020-15500.yaml @@ -27,9 +27,6 @@ info: max-request: 1 vendor: tileserver product: tileservergl - google-query: intitle:"tileserver gl - server for vector and raster maps with gl styles" - shodan-query: http.title:"tileserver gl - server for vector and raster maps with gl styles" - fofa-query: title="tileserver gl - server for vector and raster maps with gl styles" tags: cve,cve2020,xss,tileserver,packetstorm http: diff --git a/http/cves/2020/CVE-2020-15867.yaml b/http/cves/2020/CVE-2020-15867.yaml index d803e0a0120..325573976af 100644 --- a/http/cves/2020/CVE-2020-15867.yaml +++ b/http/cves/2020/CVE-2020-15867.yaml @@ -15,13 +15,12 @@ info: - https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-3-schwachstelle-in-gitea-1125-und-gogs-0122-ermoeglicht-ausfuehrung-von-code-nach-authent/ - http://packetstormsecurity.com/files/162123/Gogs-Git-Hooks-Remote-Code-Execution.html - https://nvd.nist.gov/vuln/detail/CVE-2020-15867 - - https://github.com/tzwlhack/Vulnerability classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2020-15867 - epss-score: 0.92615 - epss-percentile: 0.99728 + epss-score: 0.96659 + epss-percentile: 0.99554 cpe: cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:* metadata: verified: true @@ -31,13 +30,8 @@ info: shodan-query: - cpe:"cpe:2.3:a:gogs:gogs" - http.title:"sign in - gogs" - - http.title:"installation - gogs" - fofa-query: - - title="sign in - gogs" - - title="installation - gogs" - google-query: - - intitle:"sign in - gogs" - - intitle:"installation - gogs" + fofa-query: title="sign in - gogs" + google-query: intitle:"sign in - gogs" tags: cve,cve2020,rce,gogs,git,authenticated,packetstorm,intrusive http: diff --git a/http/cves/2020/CVE-2020-15895.yaml b/http/cves/2020/CVE-2020-15895.yaml index eac8b10f202..3b91f7bba77 100644 --- a/http/cves/2020/CVE-2020-15895.yaml +++ b/http/cves/2020/CVE-2020-15895.yaml @@ -20,14 +20,16 @@ info: cvss-score: 6.1 cve-id: CVE-2020-15895 cwe-id: CWE-79 - epss-score: 0.41498 - epss-percentile: 0.97224 + epss-score: 0.00187 + epss-percentile: 0.55848 cpe: cpe:2.3:o:dlink:dir-816l_firmware:2.06:*:*:*:*:*:*:* metadata: max-request: 1 vendor: dlink product: dir-816l_firmware - shodan-query: http.html:"dir-816l" + shodan-query: + - html:"DIR-816L" + - http.html:"dir-816l" fofa-query: body="dir-816l" tags: cve2020,cve,dlink,xss diff --git a/http/cves/2020/CVE-2020-15906.yaml b/http/cves/2020/CVE-2020-15906.yaml index ba1cd4d3570..7dae30039e4 100644 --- a/http/cves/2020/CVE-2020-15906.yaml +++ b/http/cves/2020/CVE-2020-15906.yaml @@ -17,16 +17,15 @@ info: cvss-score: 9.8 cve-id: CVE-2020-15906 cwe-id: CWE-307 - epss-score: 0.91138 - epss-percentile: 0.99615 + epss-score: 0.02136 + epss-percentile: 0.88924 cpe: cpe:2.3:a:tiki:tiki:*:*:*:*:*:*:*:* metadata: - max-request: 54 vendor: tiki product: tiki - shodan-query: http.title:"tiki wiki cms" - fofa-query: title="tiki wiki cms" - google-query: intitle:"tiki wiki cms + shodan-query: title:"Tiki Wiki CMS" + fofa-query: title="Tiki Wiki CMS" + google-query: intitle:"Tiki Wiki CMS tags: packetstorm,cve,cve2020,tiki,wiki,auth-bypass http: diff --git a/http/cves/2020/CVE-2020-17362.yaml b/http/cves/2020/CVE-2020-17362.yaml index 5ce3241c185..ea8b6d7b8e4 100644 --- a/http/cves/2020/CVE-2020-17362.yaml +++ b/http/cves/2020/CVE-2020-17362.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2020-17362 - https://themes.trac.wordpress.org/browser/nova-lite/1.3.9/readme.txt?rev=134076 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-17362 cwe-id: CWE-79 - epss-score: 0.03781 - epss-percentile: 0.87493 + epss-score: 0.00101 + epss-percentile: 0.41606 cpe: cpe:2.3:a:themeinprogress:nova_lite:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-17453.yaml b/http/cves/2020/CVE-2020-17453.yaml index 8d4bf1c4e15..cc3f2e7ba7c 100644 --- a/http/cves/2020/CVE-2020-17453.yaml +++ b/http/cves/2020/CVE-2020-17453.yaml @@ -20,14 +20,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-17453 cwe-id: CWE-79 - epss-score: 0.76253 - epss-percentile: 0.98853 + epss-score: 0.00845 + epss-percentile: 0.82114 cpe: cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: wso2 product: api_manager - shodan-query: http.favicon.hash:"1398055326" + shodan-query: http.favicon.hash:1398055326 fofa-query: icon_hash=1398055326 google-query: inurl:"carbon/admin/login" tags: cve2020,cve,xss,wso2 diff --git a/http/cves/2020/CVE-2020-17456.yaml b/http/cves/2020/CVE-2020-17456.yaml index c6f76c5dc04..8edf722cdb1 100644 --- a/http/cves/2020/CVE-2020-17456.yaml +++ b/http/cves/2020/CVE-2020-17456.yaml @@ -20,13 +20,13 @@ info: cvss-score: 9.8 cve-id: CVE-2020-17456 cwe-id: CWE-78 - epss-score: 0.91563 - epss-percentile: 0.99642 - cpe: cpe:2.3:o:seowonintech:slc-130_firmware:-:*:*:*:*:*:*:* + epss-score: 0.96253 + epss-percentile: 0.99525 + cpe: cpe:2.3:h:seowonintech:slc-130:-:*:*:*:*:*:*:* metadata: max-request: 2 vendor: seowonintech - product: slc-130_firmware + product: slc-130 tags: cve,cve2020,seowon,oast,packetstorm,rce,router,unauth,iot,seowonintech variables: useragent: '{{rand_base(6)}}' diff --git a/http/cves/2020/CVE-2020-17463.yaml b/http/cves/2020/CVE-2020-17463.yaml index 66a158df15e..4203b96487d 100644 --- a/http/cves/2020/CVE-2020-17463.yaml +++ b/http/cves/2020/CVE-2020-17463.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-17463 cwe-id: CWE-89 - epss-score: 0.11837 - epss-percentile: 0.93326 + epss-score: 0.94399 + epss-percentile: 0.99154 cpe: cpe:2.3:a:thedaylightstudio:fuel_cms:1.4.7:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2020/CVE-2020-17496.yaml b/http/cves/2020/CVE-2020-17496.yaml index da522b58d1f..a7e1d42a152 100644 --- a/http/cves/2020/CVE-2020-17496.yaml +++ b/http/cves/2020/CVE-2020-17496.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-17496 cwe-id: CWE-74 - epss-score: 0.94357 - epss-percentile: 0.99949 + epss-score: 0.97461 + epss-percentile: 0.99957 cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:* metadata: max-request: 1 @@ -32,16 +32,12 @@ info: - http.html:"powered by vbulletin" - http.component:"vbulletin" - cpe:"cpe:2.3:a:vbulletin:vbulletin" - - http.title:"vbulletin" fofa-query: - body="powered by vbulletin" - title="powered by vbulletin" - - app="vbulletin" - - title="vbulletin" google-query: - intext:"powered by vbulletin" - intitle:"powered by vbulletin" - - intitle:"vbulletin" tags: cve2020,cve,vbulletin,rce,kev,tenable,seclists http: diff --git a/http/cves/2020/CVE-2020-17505.yaml b/http/cves/2020/CVE-2020-17505.yaml index c53e50dd430..8d1b97c7e62 100644 --- a/http/cves/2020/CVE-2020-17505.yaml +++ b/http/cves/2020/CVE-2020-17505.yaml @@ -20,8 +20,8 @@ info: cvss-score: 8.8 cve-id: CVE-2020-17505 cwe-id: CWE-78 - epss-score: 0.90192 - epss-percentile: 0.99559 + epss-score: 0.95924 + epss-percentile: 0.99459 cpe: cpe:2.3:a:articatech:web_proxy:4.30.000000:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2020/CVE-2020-17506.yaml b/http/cves/2020/CVE-2020-17506.yaml index be3fbfb7a3a..9947ad673b8 100644 --- a/http/cves/2020/CVE-2020-17506.yaml +++ b/http/cves/2020/CVE-2020-17506.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-17506 cwe-id: CWE-89 - epss-score: 0.92247 - epss-percentile: 0.99696 + epss-score: 0.96009 + epss-percentile: 0.99439 cpe: cpe:2.3:a:articatech:web_proxy:4.30.000000:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-17519.yaml b/http/cves/2020/CVE-2020-17519.yaml index 860e401da96..c2eb9d63838 100644 --- a/http/cves/2020/CVE-2020-17519.yaml +++ b/http/cves/2020/CVE-2020-17519.yaml @@ -18,8 +18,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-17519 cwe-id: CWE-552 - epss-score: 0.94413 - epss-percentile: 0.99973 + epss-score: 0.97141 + epss-percentile: 0.99802 cpe: cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-17526.yaml b/http/cves/2020/CVE-2020-17526.yaml index 4ac78ce5aeb..8ed8e040d04 100644 --- a/http/cves/2020/CVE-2020-17526.yaml +++ b/http/cves/2020/CVE-2020-17526.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.7 cve-id: CVE-2020-17526 cwe-id: CWE-287 - epss-score: 0.91001 - epss-percentile: 0.99606 + epss-score: 0.06442 + epss-percentile: 0.9369 cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:* metadata: verified: true @@ -32,18 +32,14 @@ info: - http.title:"airflow - dags" || http.html:"apache airflow" - http.title:"sign in - airflow" - product:"redis" - - http.html:"apache airflow" - - http.title:"airflow - dags" fofa-query: + - Apache Airflow - apache airflow - title="airflow - dags" || http.html:"apache airflow" - title="sign in - airflow" - - body="apache airflow" - - title="airflow - dags" google-query: - intitle:"sign in - airflow" - intitle:"airflow - dags" || http.html:"apache airflow" - - intitle:"airflow - dags" tags: cve,cve2020,apache,airflow,auth-bypass http: diff --git a/http/cves/2020/CVE-2020-19282.yaml b/http/cves/2020/CVE-2020-19282.yaml index 05fb148ad5f..335cf4d7e13 100644 --- a/http/cves/2020/CVE-2020-19282.yaml +++ b/http/cves/2020/CVE-2020-19282.yaml @@ -14,14 +14,13 @@ info: - https://www.seebug.org/vuldb/ssvid-97940 - https://nvd.nist.gov/vuln/detail/CVE-2020-19282 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-19282 cwe-id: CWE-79 - epss-score: 0.02572 - epss-percentile: 0.84782 + epss-score: 0.00135 + epss-percentile: 0.48691 cpe: cpe:2.3:a:jeesns:jeesns:1.4.2:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-19283.yaml b/http/cves/2020/CVE-2020-19283.yaml index 61c18101d0f..3bd59a2e9de 100644 --- a/http/cves/2020/CVE-2020-19283.yaml +++ b/http/cves/2020/CVE-2020-19283.yaml @@ -14,14 +14,13 @@ info: - https://www.seebug.org/vuldb/ssvid-97939 - https://nvd.nist.gov/vuln/detail/CVE-2020-19283 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-19283 cwe-id: CWE-79 - epss-score: 0.05661 - epss-percentile: 0.89894 + epss-score: 0.00135 + epss-percentile: 0.48691 cpe: cpe:2.3:a:jeesns:jeesns:1.4.2:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-19295.yaml b/http/cves/2020/CVE-2020-19295.yaml index 0907dfdc40b..74c13645e02 100644 --- a/http/cves/2020/CVE-2020-19295.yaml +++ b/http/cves/2020/CVE-2020-19295.yaml @@ -26,7 +26,9 @@ info: max-request: 1 vendor: jeesns product: jeesns - fofa-query: title="jeesns" + fofa-query: + - title="Jeesns" + - title="jeesns" tags: cve,cve2020,jeesns,xss http: diff --git a/http/cves/2020/CVE-2020-19360.yaml b/http/cves/2020/CVE-2020-19360.yaml index 9b431ee79de..6b4bec95c16 100644 --- a/http/cves/2020/CVE-2020-19360.yaml +++ b/http/cves/2020/CVE-2020-19360.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-19360 cwe-id: CWE-22 - epss-score: 0.87099 - epss-percentile: 0.99389 + epss-score: 0.05104 + epss-percentile: 0.92929 cpe: cpe:2.3:a:fhem:fhem:6.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-1943.yaml b/http/cves/2020/CVE-2020-1943.yaml index 14b719e15df..2986fbb2600 100644 --- a/http/cves/2020/CVE-2020-1943.yaml +++ b/http/cves/2020/CVE-2020-1943.yaml @@ -30,11 +30,9 @@ info: shodan-query: - http.html:"ofbiz" - ofbiz.visitor= - - http.html:"apache ofbiz" fofa-query: - body="ofbiz" - app="apache_ofbiz" - - body="apache ofbiz" tags: cve2020,cve,apache,xss,ofbiz http: diff --git a/http/cves/2020/CVE-2020-19515.yaml b/http/cves/2020/CVE-2020-19515.yaml index 01adafbbe44..f9966f51892 100644 --- a/http/cves/2020/CVE-2020-19515.yaml +++ b/http/cves/2020/CVE-2020-19515.yaml @@ -19,15 +19,15 @@ info: cvss-score: 6.1 cve-id: CVE-2020-19515 cwe-id: CWE-79 - epss-score: 0.04606 - epss-percentile: 0.88685 + epss-score: 0.00106 + epss-percentile: 0.43259 cpe: cpe:2.3:a:qdpm:qdpm:9.1:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: qdpm product: qdpm - shodan-query: http.favicon.hash:"762074255" + shodan-query: http.favicon.hash:762074255 fofa-query: icon_hash=762074255 tags: cve2020,cve,xss,qdpm,unauth diff --git a/http/cves/2020/CVE-2020-1956.yaml b/http/cves/2020/CVE-2020-1956.yaml index 077516bc1d8..ac0421ee774 100644 --- a/http/cves/2020/CVE-2020-1956.yaml +++ b/http/cves/2020/CVE-2020-1956.yaml @@ -29,10 +29,8 @@ info: max-request: 2 vendor: apache product: kylin - shodan-query: http.favicon.hash:"-186961397" - fofa-query: - - icon_hash=-186961397 - - app="apache-kylin" + shodan-query: http.favicon.hash:-186961397 + fofa-query: icon_hash=-186961397 tags: cve,cve2020,apache,kylin,rce,oast,kev variables: username: "{{username}}:" diff --git a/http/cves/2020/CVE-2020-19625.yaml b/http/cves/2020/CVE-2020-19625.yaml index 866d465c9f2..6de512f1372 100644 --- a/http/cves/2020/CVE-2020-19625.yaml +++ b/http/cves/2020/CVE-2020-19625.yaml @@ -20,8 +20,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-19625 - epss-score: 0.85769 - epss-percentile: 0.99322 + epss-score: 0.83118 + epss-percentile: 0.98347 cpe: cpe:2.3:a:gridx_project:gridx:1.3:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-20285.yaml b/http/cves/2020/CVE-2020-20285.yaml index 59a1c5fe473..dc8cf873709 100644 --- a/http/cves/2020/CVE-2020-20285.yaml +++ b/http/cves/2020/CVE-2020-20285.yaml @@ -19,18 +19,15 @@ info: cvss-score: 5.4 cve-id: CVE-2020-20285 cwe-id: CWE-79 - epss-score: 0.06066 - epss-percentile: 0.90257 + epss-score: 0.00182 + epss-percentile: 0.55354 cpe: cpe:2.3:a:zzcms:zzcms:2019:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: zzcms product: zzcms - fofa-query: - - zzcms - - body="zzcms" - shodan-query: http.html:"zzcms" + fofa-query: zzcms tags: cve2020,cve,zzcms,xss http: diff --git a/http/cves/2020/CVE-2020-20300.yaml b/http/cves/2020/CVE-2020-20300.yaml index 6b713f019d8..a2538608222 100644 --- a/http/cves/2020/CVE-2020-20300.yaml +++ b/http/cves/2020/CVE-2020-20300.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-20300 cwe-id: CWE-89 - epss-score: 0.58993 - epss-percentile: 0.98079 + epss-score: 0.17677 + epss-percentile: 0.96134 cpe: cpe:2.3:a:weiphp:weiphp:5.0:*:*:*:*:*:*:* metadata: verified: true @@ -29,8 +29,9 @@ info: vendor: weiphp product: weiphp shodan-query: - - http.html:"weiphp5.0" + - http.html:"WeiPHP5.0" - http.html:"weiphp" + - http.html:"weiphp5.0" fofa-query: - body="weiphp" - body="weiphp5.0" diff --git a/http/cves/2020/CVE-2020-2036.yaml b/http/cves/2020/CVE-2020-2036.yaml index 2ceed0246cd..e3960b2726a 100644 --- a/http/cves/2020/CVE-2020-2036.yaml +++ b/http/cves/2020/CVE-2020-2036.yaml @@ -25,15 +25,15 @@ info: epss-percentile: 0.91222 cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* metadata: - max-request: 4 + max-request: 3 vendor: paloaltonetworks - product: "pan-os" + product: pan-os shodan-query: - - '[http.favicon.hash:"-631559155" cpe:"cpe:2.3:o:paloaltonetworks:pan-os"]' - - cpe:"cpe:2.3:o:paloaltonetworks:pan-os" - http.favicon.hash:"-631559155" + - cpe:"cpe:2.3:o:paloaltonetworks:pan-os" fofa-query: icon_hash="-631559155" tags: cve2020,cve,vpn,xss,paloaltonetworks + flow: http(1) && http(2) http: diff --git a/http/cves/2020/CVE-2020-2096.yaml b/http/cves/2020/CVE-2020-2096.yaml index db35b89685c..ee44e55ffa4 100644 --- a/http/cves/2020/CVE-2020-2096.yaml +++ b/http/cves/2020/CVE-2020-2096.yaml @@ -28,7 +28,9 @@ info: vendor: jenkins product: gitlab_hook framework: jenkins - shodan-query: http.title:"gitlab" + shodan-query: + - http.title:"GitLab" + - http.title:"gitlab" fofa-query: title="gitlab" google-query: intitle:"gitlab" tags: cve2020,cve,jenkins,xss,gitlab,plugin,packetstorm diff --git a/http/cves/2020/CVE-2020-2103.yaml b/http/cves/2020/CVE-2020-2103.yaml index 2a94a67ff7c..93b47ebc822 100644 --- a/http/cves/2020/CVE-2020-2103.yaml +++ b/http/cves/2020/CVE-2020-2103.yaml @@ -28,13 +28,10 @@ info: vendor: jenkins product: jenkins shodan-query: - - http.favicon.hash:"81586312" + - http.favicon.hash:81586312 - cpe:"cpe:2.3:a:jenkins:jenkins" - product:"jenkins" - - x-jenkins - fofa-query: - - icon_hash=81586312 - - icon_hash="81586312" + fofa-query: icon_hash=81586312 tags: cve,cve2020,jenkins http: diff --git a/http/cves/2020/CVE-2020-21224.yaml b/http/cves/2020/CVE-2020-21224.yaml index df0c5822a26..942e017b18f 100644 --- a/http/cves/2020/CVE-2020-21224.yaml +++ b/http/cves/2020/CVE-2020-21224.yaml @@ -27,7 +27,6 @@ info: max-request: 1 vendor: inspur product: clusterengine - fofa-query: title="tscev4.0" tags: cve2020,cve,clusterengine,rce,inspur http: diff --git a/http/cves/2020/CVE-2020-2140.yaml b/http/cves/2020/CVE-2020-2140.yaml index dd6011e06e4..d5ab5926b86 100644 --- a/http/cves/2020/CVE-2020-2140.yaml +++ b/http/cves/2020/CVE-2020-2140.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-2140 cwe-id: CWE-79 - epss-score: 0.51031 - epss-percentile: 0.97701 + epss-score: 0.00181 + epss-percentile: 0.55271 cpe: cpe:2.3:a:jenkins:audit_trail:*:*:*:*:*:jenkins:*:* metadata: max-request: 2 diff --git a/http/cves/2020/CVE-2020-22208.yaml b/http/cves/2020/CVE-2020-22208.yaml index 57c601f24a0..0d56d8c76b8 100644 --- a/http/cves/2020/CVE-2020-22208.yaml +++ b/http/cves/2020/CVE-2020-22208.yaml @@ -14,14 +14,13 @@ info: - https://github.com/blindkey/cve_like/issues/10 - https://nvd.nist.gov/vuln/detail/CVE-2020-22208 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-22208 cwe-id: CWE-89 - epss-score: 0.34679 - epss-percentile: 0.96788 + epss-score: 0.18558 + epss-percentile: 0.96216 cpe: cpe:2.3:a:74cms:74cms:3.2.0:*:*:*:*:*:*:* metadata: max-request: 1 @@ -31,7 +30,6 @@ info: fofa-query: - app="74cms" - body="74cms" - - app="骑士-74cms" tags: cve2020,cve,74cms,sqli variables: num: "999999999" diff --git a/http/cves/2020/CVE-2020-22209.yaml b/http/cves/2020/CVE-2020-22209.yaml index b2c59654656..b1660a912c9 100644 --- a/http/cves/2020/CVE-2020-22209.yaml +++ b/http/cves/2020/CVE-2020-22209.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-22209 cwe-id: CWE-89 - epss-score: 0.45915 - epss-percentile: 0.97455 + epss-score: 0.18558 + epss-percentile: 0.96216 cpe: cpe:2.3:a:74cms:74cms:3.2.0:*:*:*:*:*:*:* metadata: max-request: 1 @@ -32,7 +32,6 @@ info: fofa-query: - app="74cms" - body="74cms" - - app="骑士-74cms" tags: cve,cve2020,74cms,sqli variables: num: "999999999" diff --git a/http/cves/2020/CVE-2020-22210.yaml b/http/cves/2020/CVE-2020-22210.yaml index 630f08a4a2c..e1583f46a21 100644 --- a/http/cves/2020/CVE-2020-22210.yaml +++ b/http/cves/2020/CVE-2020-22210.yaml @@ -14,14 +14,13 @@ info: - https://github.com/blindkey/cve_like/issues/11 - https://nvd.nist.gov/vuln/detail/CVE-2020-22210 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-22210 cwe-id: CWE-89 - epss-score: 0.45915 - epss-percentile: 0.97455 + epss-score: 0.18558 + epss-percentile: 0.96216 cpe: cpe:2.3:a:74cms:74cms:3.2.0:*:*:*:*:*:*:* metadata: max-request: 1 @@ -31,7 +30,6 @@ info: fofa-query: - app="74cms" - body="74cms" - - app="骑士-74cms" tags: cve,cve2020,74cms,sqli variables: num: "999999999" diff --git a/http/cves/2020/CVE-2020-22211.yaml b/http/cves/2020/CVE-2020-22211.yaml index dfe814d0cee..73ffb66d5a4 100644 --- a/http/cves/2020/CVE-2020-22211.yaml +++ b/http/cves/2020/CVE-2020-22211.yaml @@ -14,14 +14,13 @@ info: - https://github.com/blindkey/cve_like/issues/13 - https://nvd.nist.gov/vuln/detail/CVE-2020-22211 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-22211 cwe-id: CWE-89 - epss-score: 0.37126 - epss-percentile: 0.96948 + epss-score: 0.18558 + epss-percentile: 0.96216 cpe: cpe:2.3:a:74cms:74cms:3.2.0:*:*:*:*:*:*:* metadata: max-request: 1 @@ -31,7 +30,6 @@ info: fofa-query: - app="74cms" - body="74cms" - - app="骑士-74cms" tags: cve,cve2020,74cms,sqli variables: num: "999999999" diff --git a/http/cves/2020/CVE-2020-23517.yaml b/http/cves/2020/CVE-2020-23517.yaml index 57c04e1992f..e38b8f7a8c6 100644 --- a/http/cves/2020/CVE-2020-23517.yaml +++ b/http/cves/2020/CVE-2020-23517.yaml @@ -20,16 +20,20 @@ info: cvss-score: 6.1 cve-id: CVE-2020-23517 cwe-id: CWE-79 - epss-score: 0.06369 - epss-percentile: 0.90488 + epss-score: 0.00135 + epss-percentile: 0.48718 cpe: cpe:2.3:a:aryanic:high_cms:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: aryanic product: high_cms - shodan-query: http.title:"highmail" - fofa-query: title="highmail" + shodan-query: + - title:"HighMail" + - http.title:"highmail" + fofa-query: + - title="HighMail" + - title="highmail" google-query: intitle:"highmail" tags: cve,cve2020,xss,cms,highmail,aryanic diff --git a/http/cves/2020/CVE-2020-23575.yaml b/http/cves/2020/CVE-2020-23575.yaml index c47e11b0ba5..5a58b65bd75 100644 --- a/http/cves/2020/CVE-2020-23575.yaml +++ b/http/cves/2020/CVE-2020-23575.yaml @@ -14,20 +14,19 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2020-23575 - https://www.kyoceradocumentsolutions.com.tr/tr.html - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-23575 cwe-id: CWE-22 - epss-score: 0.64772 - epss-percentile: 0.98332 + epss-score: 0.01689 + epss-percentile: 0.87694 cpe: cpe:2.3:o:kyocera:d-copia253mf_plus_firmware:-:*:*:*:*:*:*:* metadata: max-request: 1 vendor: kyocera product: d-copia253mf_plus_firmware - shodan-query: http.favicon.hash:"-50306417" + shodan-query: http.favicon.hash:-50306417 fofa-query: icon_hash=-50306417 tags: cve2020,cve,printer,iot,lfi,edb,kyocera diff --git a/http/cves/2020/CVE-2020-23697.yaml b/http/cves/2020/CVE-2020-23697.yaml index 53a28cd5581..2e371fac618 100644 --- a/http/cves/2020/CVE-2020-23697.yaml +++ b/http/cves/2020/CVE-2020-23697.yaml @@ -19,21 +19,16 @@ info: cvss-score: 5.4 cve-id: CVE-2020-23697 cwe-id: CWE-79 - epss-score: 0.12211 - epss-percentile: 0.93468 + epss-score: 0.0009 + epss-percentile: 0.38392 cpe: cpe:2.3:a:monstra:monstra_cms:3.0.4:*:*:*:*:*:*:* metadata: verified: true max-request: 4 vendor: monstra product: monstra_cms - shodan-query: - - http.favicon.hash:"419828698" - - 'http.title:"monstra :: install"' - fofa-query: - - icon_hash=419828698 - - 'title="monstra :: install"' - google-query: 'intitle:"monstra :: install"' + shodan-query: http.favicon.hash:419828698 + fofa-query: icon_hash=419828698 tags: cve,cve2020,xss,mostra,mostracms,cms,authenticated,monstra variables: string: "{{to_lower('{{randstr}}')}}" diff --git a/http/cves/2020/CVE-2020-24223.yaml b/http/cves/2020/CVE-2020-24223.yaml index ae2a8112d43..cbb85dc8773 100644 --- a/http/cves/2020/CVE-2020-24223.yaml +++ b/http/cves/2020/CVE-2020-24223.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-24223 cwe-id: CWE-79 - epss-score: 0.20818 - epss-percentile: 0.95268 + epss-score: 0.0069 + epss-percentile: 0.79693 cpe: cpe:2.3:a:mara_cms_project:mara_cms:7.5:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-24312.yaml b/http/cves/2020/CVE-2020-24312.yaml index 646375baea7..636083f3160 100644 --- a/http/cves/2020/CVE-2020-24312.yaml +++ b/http/cves/2020/CVE-2020-24312.yaml @@ -21,17 +21,14 @@ info: cvss-score: 7.5 cve-id: CVE-2020-24312 cwe-id: CWE-552 - epss-score: 0.45699 - epss-percentile: 0.97445 - cpe: cpe:2.3:a:filemanagerpro:file_manager:*:*:*:*:*:wordpress:*:* + epss-score: 0.01622 + epss-percentile: 0.87473 + cpe: cpe:2.3:a:webdesi9:file_manager:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 - vendor: filemanagerpro + vendor: webdesi9 product: file_manager framework: wordpress - shodan-query: http.title:"web file manager" - fofa-query: title="web file manager" - google-query: intitle:"web file manager" tags: cve,cve2020,wordpress,backups,plugin,webdesi9 http: diff --git a/http/cves/2020/CVE-2020-24391.yaml b/http/cves/2020/CVE-2020-24391.yaml index fbbca2512a7..cbdd961e7d0 100644 --- a/http/cves/2020/CVE-2020-24391.yaml +++ b/http/cves/2020/CVE-2020-24391.yaml @@ -19,23 +19,17 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-24391 - epss-score: 0.90637 - epss-percentile: 0.99586 + epss-score: 0.55667 + epss-percentile: 0.97606 cpe: cpe:2.3:a:mongo-express_project:mongo-express:*:*:*:*:*:node.js:*:* metadata: max-request: 3 vendor: mongo-express_project product: mongo-express framework: node.js - shodan-query: - - http.title:"mongo express" - - http.title:"home - mongo express" - fofa-query: - - title="mongo express" - - title="home - mongo express" - google-query: - - intitle:"mongo express" - - intitle:"home - mongo express" + shodan-query: http.title:"mongo express" + fofa-query: title="mongo express" + google-query: intitle:"mongo express" tags: cve,cve2020,mongo,express,rce,intrusive,mongo-express_project,node.js http: diff --git a/http/cves/2020/CVE-2020-24589.yaml b/http/cves/2020/CVE-2020-24589.yaml index 9e916564e06..c008687cb93 100644 --- a/http/cves/2020/CVE-2020-24589.yaml +++ b/http/cves/2020/CVE-2020-24589.yaml @@ -14,20 +14,19 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2020-24589 - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/athiththan11/WSO2-CVE-Extractor - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H cvss-score: 9.1 cve-id: CVE-2020-24589 cwe-id: CWE-611 - epss-score: 0.89784 - epss-percentile: 0.99532 + epss-score: 0.64778 + epss-percentile: 0.97891 cpe: cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: wso2 product: api_manager - shodan-query: http.favicon.hash:"1398055326" + shodan-query: http.favicon.hash:1398055326 fofa-query: icon_hash=1398055326 google-query: inurl:"carbon/admin/login" tags: cve2020,cve,wso2,xxe,oast,blind diff --git a/http/cves/2020/CVE-2020-24701.yaml b/http/cves/2020/CVE-2020-24701.yaml index 313f7f6d226..d67349b0297 100644 --- a/http/cves/2020/CVE-2020-24701.yaml +++ b/http/cves/2020/CVE-2020-24701.yaml @@ -17,15 +17,17 @@ info: cvss-score: 6.1 cve-id: CVE-2020-24701 cwe-id: CWE-79 - epss-score: 0.35513 - epss-percentile: 0.96851 + epss-score: 0.00816 + epss-percentile: 0.8179 cpe: cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: open-xchange product: open-xchange_appsuite - shodan-query: http.html:"appsuite" + shodan-query: + - html:"Appsuite" + - http.html:"appsuite" fofa-query: body="appsuite" tags: cve,cve2020,packetstorm,seclists,appsuite,xss,open-xchange diff --git a/http/cves/2020/CVE-2020-24881.yaml b/http/cves/2020/CVE-2020-24881.yaml index f01634cd071..5cc0ce54ff8 100644 --- a/http/cves/2020/CVE-2020-24881.yaml +++ b/http/cves/2020/CVE-2020-24881.yaml @@ -20,18 +20,9 @@ info: max-request: 6 vendor: osticket product: osticket - shodan-query: - - http.title:"osticket" - - http.html:"powered by osticket" - - http.title:"osticket installer" - fofa-query: - - body="powered by osticket" - - title="osticket installer" - - title="osticket" - google-query: - - intitle:"osticket installer" - - intitle:"osticket" - tags: cve,cve2020,osticket,ssrf,authenticated,intrusive + shodan-query: title:"osticket" + tags: cve,cve2020,osticket,ssrf,authenticated + flow: http(1) && http(2) && http(3) && http(4) http: diff --git a/http/cves/2020/CVE-2020-24902.yaml b/http/cves/2020/CVE-2020-24902.yaml index 7ed6ed41529..9a2559370f1 100644 --- a/http/cves/2020/CVE-2020-24902.yaml +++ b/http/cves/2020/CVE-2020-24902.yaml @@ -27,9 +27,13 @@ info: max-request: 1 vendor: quixplorer_project product: quixplorer - shodan-query: http.title:"my download server" + shodan-query: + - http.title:"My Download Server" + - http.title:"my download server" fofa-query: title="my download server" - google-query: intitle:"my download server" + google-query: + - intitle:"My Download Server" + - intitle:"my download server" tags: cve,cve2020,quixplorer,xss,quixplorer_project http: diff --git a/http/cves/2020/CVE-2020-24903.yaml b/http/cves/2020/CVE-2020-24903.yaml index 6b3bc34da8b..3c771efc7f1 100644 --- a/http/cves/2020/CVE-2020-24903.yaml +++ b/http/cves/2020/CVE-2020-24903.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-24903 cwe-id: CWE-79 - epss-score: 0.01865 - epss-percentile: 0.82144 + epss-score: 0.00269 + epss-percentile: 0.67701 cpe: cpe:2.3:a:cutesoft:cute_editor:6.4:*:*:*:*:asp.net:*:* metadata: verified: true @@ -28,7 +28,9 @@ info: vendor: cutesoft product: cute_editor framework: asp.net - shodan-query: http.component:"asp.net" + shodan-query: + - http.component:"ASP.NET" + - http.component:"asp.net" tags: cve,cve2020,cuteeditor,xss,seclists,cutesoft,asp.net http: diff --git a/http/cves/2020/CVE-2020-24912.yaml b/http/cves/2020/CVE-2020-24912.yaml index 5537acc3b6f..0a3bb402ad1 100644 --- a/http/cves/2020/CVE-2020-24912.yaml +++ b/http/cves/2020/CVE-2020-24912.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-24912 cwe-id: CWE-79 - epss-score: 0.21045 - epss-percentile: 0.95311 + epss-score: 0.00346 + epss-percentile: 0.71607 cpe: cpe:2.3:a:qcubed:qcubed:*:*:*:*:*:*:*:* metadata: max-request: 3 diff --git a/http/cves/2020/CVE-2020-24949.yaml b/http/cves/2020/CVE-2020-24949.yaml index 999ea414edf..55b58dd9378 100644 --- a/http/cves/2020/CVE-2020-24949.yaml +++ b/http/cves/2020/CVE-2020-24949.yaml @@ -20,14 +20,13 @@ info: cvss-score: 8.8 cve-id: CVE-2020-24949 cwe-id: CWE-77 - epss-score: 0.8889 - epss-percentile: 0.99483 + epss-score: 0.95694 + epss-percentile: 0.99372 cpe: cpe:2.3:a:php-fusion:php-fusion:9.03.50:*:*:*:*:*:*:* metadata: max-request: 1 vendor: php-fusion product: php-fusion - fofa-query: title="php-fusion" tags: cve,cve2020,rce,php,packetstorm,phpfusion,php-fusion http: diff --git a/http/cves/2020/CVE-2020-25213.yaml b/http/cves/2020/CVE-2020-25213.yaml index 32b411ae62b..0deebba35c9 100644 --- a/http/cves/2020/CVE-2020-25213.yaml +++ b/http/cves/2020/CVE-2020-25213.yaml @@ -18,21 +18,18 @@ info: - http://packetstormsecurity.com/files/160003/WordPress-File-Manager-6.8-Remote-Code-Execution.html - http://packetstormsecurity.com/files/171650/WordPress-File-Manager-6.9-Shell-Upload.html classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2020-25213 cwe-id: CWE-434 - epss-score: 0.94401 - epss-percentile: 0.99968 + epss-score: 0.97395 + epss-percentile: 0.99916 cpe: cpe:2.3:a:webdesi9:file_manager:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 vendor: webdesi9 product: file_manager framework: wordpress - shodan-query: http.title:"web file manager" - fofa-query: title="web file manager" - google-query: intitle:"web file manager" tags: cve,cve2020,wordpress,rce,kev,fileupload,intrusive,packetstorm,webdesi9 http: diff --git a/http/cves/2020/CVE-2020-25223.yaml b/http/cves/2020/CVE-2020-25223.yaml index 21238f74483..abe6fcfd81d 100644 --- a/http/cves/2020/CVE-2020-25223.yaml +++ b/http/cves/2020/CVE-2020-25223.yaml @@ -28,9 +28,7 @@ info: vendor: sophos product: unified_threat_management shodan-query: http.title:"securepoint utm" - fofa-query: - - title="securepoint utm" - - app="securepoint-utm-v11-admin-interface-11.8.8.8" + fofa-query: title="securepoint utm" google-query: intitle:"securepoint utm" tags: cve,cve2020,sophos,rce,oast,unauth,kev diff --git a/http/cves/2020/CVE-2020-25495.yaml b/http/cves/2020/CVE-2020-25495.yaml index 2ab75d6894b..5ea4d5f5520 100644 --- a/http/cves/2020/CVE-2020-25495.yaml +++ b/http/cves/2020/CVE-2020-25495.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-25495 cwe-id: CWE-79 - epss-score: 0.0792 - epss-percentile: 0.91571 + epss-score: 0.0025 + epss-percentile: 0.64924 cpe: cpe:2.3:a:xinuos:openserver:5.0.7:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-25506.yaml b/http/cves/2020/CVE-2020-25506.yaml index 2291e22f2cf..39d5ba46d60 100644 --- a/http/cves/2020/CVE-2020-25506.yaml +++ b/http/cves/2020/CVE-2020-25506.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-25506 cwe-id: CWE-78 - epss-score: 0.93863 - epss-percentile: 0.99856 + epss-score: 0.97383 + epss-percentile: 0.99903 cpe: cpe:2.3:o:dlink:dns-320_firmware:2.06b01:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2020/CVE-2020-2551.yaml b/http/cves/2020/CVE-2020-2551.yaml index 29c0e1d4495..9c9822f8e2c 100644 --- a/http/cves/2020/CVE-2020-2551.yaml +++ b/http/cves/2020/CVE-2020-2551.yaml @@ -20,8 +20,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-2551 - epss-score: 0.94393 - epss-percentile: 0.99964 + epss-score: 0.97537 + epss-percentile: 0.99993 cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-26153.yaml b/http/cves/2020/CVE-2020-26153.yaml index 8cb31ad21c8..1ffb1ab9ec9 100644 --- a/http/cves/2020/CVE-2020-26153.yaml +++ b/http/cves/2020/CVE-2020-26153.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-26153 cwe-id: CWE-79 - epss-score: 0.34637 - epss-percentile: 0.96783 + epss-score: 0.00141 + epss-percentile: 0.4979 cpe: cpe:2.3:a:eventespresso:event_espresso:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2020/CVE-2020-26214.yaml b/http/cves/2020/CVE-2020-26214.yaml index 44b44bbf416..e559f0fc296 100644 --- a/http/cves/2020/CVE-2020-26214.yaml +++ b/http/cves/2020/CVE-2020-26214.yaml @@ -16,12 +16,12 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2020-26214 - https://github.com/alerta/alerta/commit/2bfa31779a4c9df2fa68fa4d0c5c909698c5ef65 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N - cvss-score: 9.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2020-26214 cwe-id: CWE-287 - epss-score: 0.84892 - epss-percentile: 0.99276 + epss-score: 0.01324 + epss-percentile: 0.85971 cpe: cpe:2.3:a:alerta_project:alerta:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-26413.yaml b/http/cves/2020/CVE-2020-26413.yaml index 556c39a10d3..a186fce4cff 100644 --- a/http/cves/2020/CVE-2020-26413.yaml +++ b/http/cves/2020/CVE-2020-26413.yaml @@ -20,22 +20,18 @@ info: cvss-score: 5.3 cve-id: CVE-2020-26413 cwe-id: CWE-200 - epss-score: 0.91122 - epss-percentile: 0.99613 + epss-score: 0.78637 + epss-percentile: 0.9826 cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* metadata: max-request: 1 vendor: gitlab product: gitlab shodan-query: - - http.title:"gitlab" + - http.title:"GitLab" - cpe:"cpe:2.3:a:gitlab:gitlab" - - http.html:"gitlab enterprise edition" - - http.html:"gitlab-ci.yml" - fofa-query: - - title="gitlab" - - body="gitlab enterprise edition" - - body="gitlab-ci.yml" + - http.title:"gitlab" + fofa-query: title="gitlab" google-query: intitle:"gitlab" tags: cve,cve2020,hackerone,gitlab,exposure,enum,graphql diff --git a/http/cves/2020/CVE-2020-26876.yaml b/http/cves/2020/CVE-2020-26876.yaml index b097bfabd8e..9263547279a 100644 --- a/http/cves/2020/CVE-2020-26876.yaml +++ b/http/cves/2020/CVE-2020-26876.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-26876 cwe-id: CWE-306 - epss-score: 0.61499 - epss-percentile: 0.982 + epss-score: 0.01988 + epss-percentile: 0.8756 cpe: cpe:2.3:a:wpcoursesplugin:wp-courses:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-26948.yaml b/http/cves/2020/CVE-2020-26948.yaml index ab96a06af11..0a99f950a27 100644 --- a/http/cves/2020/CVE-2020-26948.yaml +++ b/http/cves/2020/CVE-2020-26948.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-26948 cwe-id: CWE-918 - epss-score: 0.89973 - epss-percentile: 0.99546 + epss-score: 0.1449 + epss-percentile: 0.95606 cpe: cpe:2.3:a:emby:emby:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-2733.yaml b/http/cves/2020/CVE-2020-2733.yaml index 4b19575f229..9aa0bd442f8 100644 --- a/http/cves/2020/CVE-2020-2733.yaml +++ b/http/cves/2020/CVE-2020-2733.yaml @@ -20,15 +20,17 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-2733 - epss-score: 0.88882 - epss-percentile: 0.99483 + epss-score: 0.19944 + epss-percentile: 0.96328 cpe: cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: oracle product: jd_edwards_enterpriseone_tools - shodan-query: port:"8999 product"oracle weblogic server"" + shodan-query: + - port:8999 product:"Oracle WebLogic Server" + - port:8999 product:"oracle weblogic server" tags: cve2020,cve,oracle,weblogic,disclosure,exposure http: diff --git a/http/cves/2020/CVE-2020-27361.yaml b/http/cves/2020/CVE-2020-27361.yaml index 9077f4b4857..1e7b1287e14 100644 --- a/http/cves/2020/CVE-2020-27361.yaml +++ b/http/cves/2020/CVE-2020-27361.yaml @@ -11,17 +11,13 @@ info: Apply the latest patch or upgrade to a newer version of Akkadian Provisioning Manager to fix the vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2020-27191 - - https://github.com/youcans896768/APIV_Tool - - https://github.com/20142995/nuclei-templates - - https://github.com/ARPSyndicate/cvemon - - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-27361 cwe-id: CWE-668 - epss-score: 0.85457 - epss-percentile: 0.99309 + epss-score: 0.0314 + epss-percentile: 0.90098 cpe: cpe:2.3:a:akkadianlabs:akkadian_provisioning_manager:4.50.02:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-27467.yaml b/http/cves/2020/CVE-2020-27467.yaml index 3b8f8c3ceb1..1e20c00029a 100644 --- a/http/cves/2020/CVE-2020-27467.yaml +++ b/http/cves/2020/CVE-2020-27467.yaml @@ -27,13 +27,8 @@ info: max-request: 1 vendor: processwire product: processwire - shodan-query: - - http.html:"processwire" - - http.title:"processwire 3.x installer" - fofa-query: - - body="processwire" - - title="processwire 3.x installer" - google-query: intitle:"processwire 3.x installer" + shodan-query: http.html:"processwire" + fofa-query: body="processwire" tags: cve,cve2020,processwire,lfi,cms,oss http: diff --git a/http/cves/2020/CVE-2020-27481.yaml b/http/cves/2020/CVE-2020-27481.yaml index fa5075444b9..d8773f0df0c 100644 --- a/http/cves/2020/CVE-2020-27481.yaml +++ b/http/cves/2020/CVE-2020-27481.yaml @@ -14,14 +14,13 @@ info: - https://wpscan.com/vulnerability/652eaef8-5a3c-4a2d-ac60-b5414565c397 - https://gist.github.com/0xx7/a7aaa8b0515139cf7e30c808c8d54070 - https://nvd.nist.gov/vuln/detail/CVE-2020-27481 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-27481 cwe-id: CWE-89 - epss-score: 0.51483 - epss-percentile: 0.97727 + epss-score: 0.11692 + epss-percentile: 0.95277 cpe: cpe:2.3:a:goodlayers:good_learning_management_system:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-27735.yaml b/http/cves/2020/CVE-2020-27735.yaml index ecb66cd4b0b..a83a69e81f4 100644 --- a/http/cves/2020/CVE-2020-27735.yaml +++ b/http/cves/2020/CVE-2020-27735.yaml @@ -28,8 +28,6 @@ info: max-request: 1 vendor: wftpserver product: wing_ftp_server - google-query: inurl:"/ftpsync.settings" - shodan-query: wing ftp server tags: cve,cve2020,xss,wing-ftp,wftpserver http: diff --git a/http/cves/2020/CVE-2020-27838.yaml b/http/cves/2020/CVE-2020-27838.yaml index 5569d5af0cb..fe3e036edbb 100644 --- a/http/cves/2020/CVE-2020-27838.yaml +++ b/http/cves/2020/CVE-2020-27838.yaml @@ -15,28 +15,27 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2020-27838 - https://github.com/muneebaashiq/MBProjects - https://github.com/j4k0m/godkiller - - https://github.com/Cappricio-Securities/CVE-2020-27838 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N cvss-score: 6.5 cve-id: CVE-2020-27838 cwe-id: CWE-287 - epss-score: 0.89101 - epss-percentile: 0.99493 + epss-score: 0.08135 + epss-percentile: 0.93734 cpe: cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: redhat product: keycloak shodan-query: + - "title:\"keycloak\"" - http.title:"keycloak" - http.html:"keycloak" - - http.favicon.hash:"-1105083093" + - http.favicon.hash:-1105083093 fofa-query: - title="keycloak" - icon_hash=-1105083093 - body="keycloak" - - icon_hash="-1105083093" google-query: intitle:"keycloak" tags: cve,cve2020,keycloak,exposure,redhat diff --git a/http/cves/2020/CVE-2020-27866.yaml b/http/cves/2020/CVE-2020-27866.yaml index f28fdbc8e31..8f3b8efe068 100644 --- a/http/cves/2020/CVE-2020-27866.yaml +++ b/http/cves/2020/CVE-2020-27866.yaml @@ -20,8 +20,8 @@ info: cvss-score: 8.8 cve-id: CVE-2020-27866 cwe-id: CWE-288,CWE-287 - epss-score: 0.85467 - epss-percentile: 0.9931 + epss-score: 0.0045 + epss-percentile: 0.75056 cpe: cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-27982.yaml b/http/cves/2020/CVE-2020-27982.yaml index 296bc7dae44..de4cb07b2d2 100644 --- a/http/cves/2020/CVE-2020-27982.yaml +++ b/http/cves/2020/CVE-2020-27982.yaml @@ -20,16 +20,17 @@ info: cvss-score: 6.1 cve-id: CVE-2020-27982 cwe-id: CWE-79 - epss-score: 0.07869 - epss-percentile: 0.91538 + epss-score: 0.00252 + epss-percentile: 0.65095 cpe: cpe:2.3:a:icewarp:mail_server:11.4.5:*:*:*:*:*:*:* metadata: max-request: 1 vendor: icewarp product: mail_server shodan-query: - - http.title:"icewarp" + - title:"icewarp" - http.title:"icewarp server administration" + - http.title:"icewarp" - cpe:"cpe:2.3:a:icewarp:mail_server" fofa-query: - title="icewarp server administration" @@ -38,7 +39,6 @@ info: - intitle:"icewarp server administration" - intitle:"icewarp" - powered by icewarp 10.4.4 - - powered by icewarp 10.2.1 tags: cve,cve2020,xss,icewarp,packetstorm http: diff --git a/http/cves/2020/CVE-2020-27986.yaml b/http/cves/2020/CVE-2020-27986.yaml index 50ae17b6651..89aebc014e8 100644 --- a/http/cves/2020/CVE-2020-27986.yaml +++ b/http/cves/2020/CVE-2020-27986.yaml @@ -28,11 +28,6 @@ info: max-request: 1 vendor: sonarsource product: sonarqube - shodan-query: http.title:"sonarqube" - fofa-query: - - app="sonarqube-代码管理" - - title="sonarqube" - google-query: intitle:"sonarqube" tags: cve,cve2020,sonarqube,sonarsource http: diff --git a/http/cves/2020/CVE-2020-28185.yaml b/http/cves/2020/CVE-2020-28185.yaml index a351b5c5992..8a9803ce8b7 100644 --- a/http/cves/2020/CVE-2020-28185.yaml +++ b/http/cves/2020/CVE-2020-28185.yaml @@ -20,15 +20,17 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2020-28185 - epss-score: 0.88628 - epss-percentile: 0.99464 + epss-score: 0.00465 + epss-percentile: 0.75439 cpe: cpe:2.3:o:terra-master:tos:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: terra-master product: tos - fofa-query: '"terramaster" && header="tos"' + fofa-query: + - '"TerraMaster" && header="TOS"' + - '"terramaster" && header="tos"' tags: cve2020,cve,terramaster,enum,tos,terra-master http: diff --git a/http/cves/2020/CVE-2020-28188.yaml b/http/cves/2020/CVE-2020-28188.yaml index c3e554ef377..804ea9e8d8d 100644 --- a/http/cves/2020/CVE-2020-28188.yaml +++ b/http/cves/2020/CVE-2020-28188.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-28188 cwe-id: CWE-78 - epss-score: 0.93178 - epss-percentile: 0.99783 + epss-score: 0.97298 + epss-percentile: 0.99867 cpe: cpe:2.3:o:terra-master:tos:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2020/CVE-2020-28208.yaml b/http/cves/2020/CVE-2020-28208.yaml index d0d031f2e7c..1901048f388 100644 --- a/http/cves/2020/CVE-2020-28208.yaml +++ b/http/cves/2020/CVE-2020-28208.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5.3 cve-id: CVE-2020-28208 cwe-id: CWE-203 - epss-score: 0.33825 - epss-percentile: 0.96716 + epss-score: 0.01197 + epss-percentile: 0.84869 cpe: cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-28351.yaml b/http/cves/2020/CVE-2020-28351.yaml index bb539e54d4d..498486a3115 100644 --- a/http/cves/2020/CVE-2020-28351.yaml +++ b/http/cves/2020/CVE-2020-28351.yaml @@ -25,11 +25,12 @@ info: epss-percentile: 0.72145 cpe: cpe:2.3:h:mitel:shoretel:-:*:*:*:*:*:*:* metadata: - max-request: 3 + max-request: 1 vendor: mitel product: shoretel - fofa-query: body="shoretel" && icon_hash="268280373" - tags: packetstorm,cve,cve2020,shoretel,xss,mitel + fofa-query: body="ShoreTel" && icon_hash="268280373" + tags: cve,cve2020,shoretel,xss,mitel + flow: http(1) && http(2) http: diff --git a/http/cves/2020/CVE-2020-28429.yaml b/http/cves/2020/CVE-2020-28429.yaml index d5fc4a5b5c1..ad0628f74cc 100644 --- a/http/cves/2020/CVE-2020-28429.yaml +++ b/http/cves/2020/CVE-2020-28429.yaml @@ -23,11 +23,12 @@ info: epss-percentile: 0.8876 cpe: cpe:2.3:a:geojson2kml_project:geojson2kml:*:*:*:*:*:node.js:*:* metadata: - max-request: 2 - vendor: "geojson2kml_project" + max-request: 1 + vendor: geojson2kml_project product: geojson2kml - framework: "node.js" - tags: cve,cve2020,rce,geojson2kml,file-upload,intrusive,node.js,geojson2kml_project + framework: node.js + tags: cve,cve2020,rce,geojson2kml,file-upload,intrusive + variables: filename: '{{rand_base(6)}}' diff --git a/http/cves/2020/CVE-2020-28871.yaml b/http/cves/2020/CVE-2020-28871.yaml index 94953421ee3..caf0ccf7a59 100644 --- a/http/cves/2020/CVE-2020-28871.yaml +++ b/http/cves/2020/CVE-2020-28871.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-28871 cwe-id: CWE-434 - epss-score: 0.92596 - epss-percentile: 0.99725 + epss-score: 0.96887 + epss-percentile: 0.99706 cpe: cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2020/CVE-2020-28976.yaml b/http/cves/2020/CVE-2020-28976.yaml index d9bbec8ac87..74d61916a2f 100644 --- a/http/cves/2020/CVE-2020-28976.yaml +++ b/http/cves/2020/CVE-2020-28976.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5.3 cve-id: CVE-2020-28976 cwe-id: CWE-918 - epss-score: 0.145 - epss-percentile: 0.94077 + epss-score: 0.00616 + epss-percentile: 0.78728 cpe: cpe:2.3:a:canto:canto:1.3.0:*:*:*:*:wordpress:*:* metadata: max-request: 4 diff --git a/http/cves/2020/CVE-2020-29227.yaml b/http/cves/2020/CVE-2020-29227.yaml index 0d3f87a17b1..7983a0fbac2 100644 --- a/http/cves/2020/CVE-2020-29227.yaml +++ b/http/cves/2020/CVE-2020-29227.yaml @@ -19,8 +19,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-29227 - epss-score: 0.72044 - epss-percentile: 0.98648 + epss-score: 0.01244 + epss-percentile: 0.85477 cpe: cpe:2.3:a:car_rental_management_system_project:car_rental_management_system:1.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-29395.yaml b/http/cves/2020/CVE-2020-29395.yaml index 86c4606d88c..1c5d13fb287 100644 --- a/http/cves/2020/CVE-2020-29395.yaml +++ b/http/cves/2020/CVE-2020-29395.yaml @@ -29,9 +29,8 @@ info: product: eventon framework: wordpress shodan-query: - - http.html:"/wp-content/plugins/eventon/" - - http.html:"/wp-content/plugins/eventon-lite/" - - vuln:"cve-2023-2796" + - "http.html:/wp-content/plugins/eventon/" + - http.html:/wp-content/plugins/eventon-lite/ fofa-query: - "wp-content/plugins/eventon/" - body=/wp-content/plugins/eventon/ diff --git a/http/cves/2020/CVE-2020-29453.yaml b/http/cves/2020/CVE-2020-29453.yaml index c37addfda51..53218221aa2 100644 --- a/http/cves/2020/CVE-2020-29453.yaml +++ b/http/cves/2020/CVE-2020-29453.yaml @@ -20,14 +20,16 @@ info: cvss-score: 5.3 cve-id: CVE-2020-29453 cwe-id: CWE-22 - epss-score: 0.82633 - epss-percentile: 0.99171 + epss-score: 0.01696 + epss-percentile: 0.86435 cpe: cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: atlassian product: data_center - shodan-query: http.component:"atlassian jira" + shodan-query: + - http.component:"Atlassian Jira" + - http.component:"atlassian jira" tags: cve,cve2020,atlassian,jira,lfi,intrusive http: diff --git a/http/cves/2020/CVE-2020-29583.yaml b/http/cves/2020/CVE-2020-29583.yaml index 34b6ec95266..23346b28296 100644 --- a/http/cves/2020/CVE-2020-29583.yaml +++ b/http/cves/2020/CVE-2020-29583.yaml @@ -21,15 +21,17 @@ info: cvss-score: 9.8 cve-id: CVE-2020-29583 cwe-id: CWE-522 - epss-score: 0.9433 - epss-percentile: 0.9994 + epss-score: 0.96125 + epss-percentile: 0.995 cpe: cpe:2.3:o:zyxel:usg20-vpn_firmware:4.60:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: zyxel product: usg20-vpn_firmware - shodan-query: http.title:"usg flex 100" + shodan-query: + - title:"USG FLEX 100" + - http.title:"usg flex 100" fofa-query: title="usg flex 100" google-query: intitle:"usg flex 100" tags: cve,cve2020,ftp-backdoor,zyxel,bypass,kev diff --git a/http/cves/2020/CVE-2020-29597.yaml b/http/cves/2020/CVE-2020-29597.yaml index cc6a256ff0e..0d117b01091 100644 --- a/http/cves/2020/CVE-2020-29597.yaml +++ b/http/cves/2020/CVE-2020-29597.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-29597 cwe-id: CWE-434 - epss-score: 0.73783 - epss-percentile: 0.98728 + epss-score: 0.78448 + epss-percentile: 0.9817 cpe: cpe:2.3:a:incomcms_project:incomcms:2.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2020/CVE-2020-3452.yaml b/http/cves/2020/CVE-2020-3452.yaml index 75394b18b38..6a43864ba6e 100644 --- a/http/cves/2020/CVE-2020-3452.yaml +++ b/http/cves/2020/CVE-2020-3452.yaml @@ -22,14 +22,14 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-3452 - cwe-id: CWE-20,CWE-22 - epss-score: 0.94452 - epss-percentile: 0.99989 - cpe: cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:* + cwe-id: CWE-22,CWE-20 + epss-score: 0.97484 + epss-percentile: 0.99971 + cpe: cpe:2.3:h:cisco:asa_5505:-:*:*:*:*:*:*:* metadata: max-request: 2 vendor: cisco - product: adaptive_security_appliance_software + product: asa_5505 tags: cve,cve2020,lfi,kev,packetstorm,cisco http: diff --git a/http/cves/2020/CVE-2020-35476.yaml b/http/cves/2020/CVE-2020-35476.yaml index 5706745855d..65fb8274820 100644 --- a/http/cves/2020/CVE-2020-35476.yaml +++ b/http/cves/2020/CVE-2020-35476.yaml @@ -28,11 +28,9 @@ info: vendor: opentsdb product: opentsdb shodan-query: + - html:"OpenTSDB" - http.html:"opentsdb" - - http.favicon.hash:"407286339" - fofa-query: - - body="opentsdb" - - icon_hash=407286339 + fofa-query: body="opentsdb" tags: cve,cve2020,opentsdb,rce,packetstorm http: diff --git a/http/cves/2020/CVE-2020-35598.yaml b/http/cves/2020/CVE-2020-35598.yaml index 414958657a5..4e2faf319f9 100644 --- a/http/cves/2020/CVE-2020-35598.yaml +++ b/http/cves/2020/CVE-2020-35598.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-35598 cwe-id: CWE-22 - epss-score: 0.74425 - epss-percentile: 0.98767 + epss-score: 0.10057 + epss-percentile: 0.94902 cpe: cpe:2.3:a:advanced_comment_system_project:advanced_comment_system:1.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-35713.yaml b/http/cves/2020/CVE-2020-35713.yaml index df28769051b..453cfc22653 100644 --- a/http/cves/2020/CVE-2020-35713.yaml +++ b/http/cves/2020/CVE-2020-35713.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-35713 cwe-id: CWE-78 - epss-score: 0.91806 - epss-percentile: 0.99661 + epss-score: 0.96521 + epss-percentile: 0.99601 cpe: cpe:2.3:o:linksys:re6500_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-35736.yaml b/http/cves/2020/CVE-2020-35736.yaml index b80e607bf31..5935beab8ba 100644 --- a/http/cves/2020/CVE-2020-35736.yaml +++ b/http/cves/2020/CVE-2020-35736.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-35736 cwe-id: CWE-22 - epss-score: 0.82358 - epss-percentile: 0.99161 + epss-score: 0.01204 + epss-percentile: 0.85176 cpe: cpe:2.3:a:liftoffsoftware:gateone:1.1:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-35749.yaml b/http/cves/2020/CVE-2020-35749.yaml index 68077489e06..f2248d41703 100644 --- a/http/cves/2020/CVE-2020-35749.yaml +++ b/http/cves/2020/CVE-2020-35749.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.7 cve-id: CVE-2020-35749 cwe-id: CWE-22 - epss-score: 0.76788 - epss-percentile: 0.98878 + epss-score: 0.0312 + epss-percentile: 0.91079 cpe: cpe:2.3:a:presstigers:simple_board_job:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2020/CVE-2020-35774.yaml b/http/cves/2020/CVE-2020-35774.yaml index 1e483c45311..377d571b8f4 100644 --- a/http/cves/2020/CVE-2020-35774.yaml +++ b/http/cves/2020/CVE-2020-35774.yaml @@ -21,8 +21,8 @@ info: cvss-score: 5.4 cve-id: CVE-2020-35774 cwe-id: CWE-79 - epss-score: 0.81158 - epss-percentile: 0.99097 + epss-score: 0.97225 + epss-percentile: 0.99823 cpe: cpe:2.3:a:twitter:twitter-server:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-3580.yaml b/http/cves/2020/CVE-2020-3580.yaml index cd8ab4a8b83..f32b00127ce 100644 --- a/http/cves/2020/CVE-2020-3580.yaml +++ b/http/cves/2020/CVE-2020-3580.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-3580 cwe-id: CWE-79 - epss-score: 0.93247 - epss-percentile: 0.9979 + epss-score: 0.97074 + epss-percentile: 0.99768 cpe: cpe:2.3:o:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-35846.yaml b/http/cves/2020/CVE-2020-35846.yaml index ff3f3a629d9..a481d321c63 100644 --- a/http/cves/2020/CVE-2020-35846.yaml +++ b/http/cves/2020/CVE-2020-35846.yaml @@ -20,15 +20,15 @@ info: cvss-score: 9.8 cve-id: CVE-2020-35846 cwe-id: CWE-89 - epss-score: 0.93094 - epss-percentile: 0.99774 + epss-score: 0.82607 + epss-percentile: 0.98409 cpe: cpe:2.3:a:agentejo:cockpit:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: agentejo product: cockpit shodan-query: - - http.favicon.hash:"688609340" + - http.favicon.hash:688609340 - http.html:"cockpit" fofa-query: - icon_hash=688609340 diff --git a/http/cves/2020/CVE-2020-35847.yaml b/http/cves/2020/CVE-2020-35847.yaml index 4459e427d50..5fa72198676 100644 --- a/http/cves/2020/CVE-2020-35847.yaml +++ b/http/cves/2020/CVE-2020-35847.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-35847 cwe-id: CWE-89 - epss-score: 0.93582 - epss-percentile: 0.99825 + epss-score: 0.79056 + epss-percentile: 0.98269 cpe: cpe:2.3:a:agentejo:cockpit:*:*:*:*:*:*:*:* metadata: verified: true @@ -30,7 +30,7 @@ info: vendor: agentejo product: cockpit shodan-query: - - http.favicon.hash:"688609340" + - http.favicon.hash:688609340 - http.html:"cockpit" fofa-query: - icon_hash=688609340 diff --git a/http/cves/2020/CVE-2020-35848.yaml b/http/cves/2020/CVE-2020-35848.yaml index 9fd4c2c6184..6d829e6bf3b 100644 --- a/http/cves/2020/CVE-2020-35848.yaml +++ b/http/cves/2020/CVE-2020-35848.yaml @@ -28,7 +28,7 @@ info: vendor: agentejo product: cockpit shodan-query: - - http.favicon.hash:"688609340" + - http.favicon.hash:688609340 - http.html:"cockpit" fofa-query: - icon_hash=688609340 diff --git a/http/cves/2020/CVE-2020-35951.yaml b/http/cves/2020/CVE-2020-35951.yaml index c1314a97f86..98a9e130890 100644 --- a/http/cves/2020/CVE-2020-35951.yaml +++ b/http/cves/2020/CVE-2020-35951.yaml @@ -13,15 +13,13 @@ info: - https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/ - https://nvd.nist.gov/vuln/detail/CVE-2020-35951 - https://wpscan.com/vulnerability/10348 - - https://github.com/20142995/nuclei-templates - - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H cvss-score: 9.9 cve-id: CVE-2020-35951 cwe-id: CWE-306 - epss-score: 0.61219 - epss-percentile: 0.98185 + epss-score: 0.00174 + epss-percentile: 0.54591 cpe: cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:* metadata: max-request: 4 diff --git a/http/cves/2020/CVE-2020-35984.yaml b/http/cves/2020/CVE-2020-35984.yaml index 5cf4a543c0d..29b07898993 100644 --- a/http/cves/2020/CVE-2020-35984.yaml +++ b/http/cves/2020/CVE-2020-35984.yaml @@ -27,7 +27,7 @@ info: max-request: 3 vendor: rukovoditel product: rukovoditel - shodan-query: http.favicon.hash:"-1499940355" + shodan-query: http.favicon.hash:-1499940355 fofa-query: icon_hash=-1499940355 tags: cve,cve2020,rukovoditel,stored-xss,xss,authenticated diff --git a/http/cves/2020/CVE-2020-35985.yaml b/http/cves/2020/CVE-2020-35985.yaml index 17ae1077aaf..dc5efca0b3b 100644 --- a/http/cves/2020/CVE-2020-35985.yaml +++ b/http/cves/2020/CVE-2020-35985.yaml @@ -19,15 +19,15 @@ info: cvss-score: 5.4 cve-id: CVE-2020-35985 cwe-id: CWE-79 - epss-score: 0.05134 - epss-percentile: 0.89328 + epss-score: 0.00127 + epss-percentile: 0.47399 cpe: cpe:2.3:a:rukovoditel:rukovoditel:2.7.2:*:*:*:*:*:*:* metadata: verified: true max-request: 3 vendor: rukovoditel product: rukovoditel - shodan-query: http.favicon.hash:"-1499940355" + shodan-query: http.favicon.hash:-1499940355 fofa-query: icon_hash=-1499940355 tags: cve2020,cve,rukovoditel,stored-xss,xss,authenticated diff --git a/http/cves/2020/CVE-2020-35986.yaml b/http/cves/2020/CVE-2020-35986.yaml index 221a4bd92e2..f8d7ff17459 100644 --- a/http/cves/2020/CVE-2020-35986.yaml +++ b/http/cves/2020/CVE-2020-35986.yaml @@ -19,15 +19,15 @@ info: cvss-score: 5.4 cve-id: CVE-2020-35986 cwe-id: CWE-79 - epss-score: 0.02223 - epss-percentile: 0.83668 + epss-score: 0.00127 + epss-percentile: 0.47399 cpe: cpe:2.3:a:rukovoditel:rukovoditel:2.7.2:*:*:*:*:*:*:* metadata: verified: "true" max-request: 3 vendor: rukovoditel product: rukovoditel - shodan-query: http.favicon.hash:"-1499940355" + shodan-query: http.favicon.hash:-1499940355 fofa-query: icon_hash=-1499940355 tags: cve,cve2020,rukovoditel,stored-xss,xss,authenticated diff --git a/http/cves/2020/CVE-2020-35987.yaml b/http/cves/2020/CVE-2020-35987.yaml index 6342145c7e3..c51f94637ca 100644 --- a/http/cves/2020/CVE-2020-35987.yaml +++ b/http/cves/2020/CVE-2020-35987.yaml @@ -27,7 +27,7 @@ info: max-request: 3 vendor: rukovoditel product: rukovoditel - shodan-query: http.favicon.hash:"-1499940355" + shodan-query: http.favicon.hash:-1499940355 fofa-query: icon_hash=-1499940355 tags: cve,cve2020,rukovoditel,xss,stored-xss,authenticated diff --git a/http/cves/2020/CVE-2020-36289.yaml b/http/cves/2020/CVE-2020-36289.yaml index d1fcdee705a..5b727575b73 100644 --- a/http/cves/2020/CVE-2020-36289.yaml +++ b/http/cves/2020/CVE-2020-36289.yaml @@ -27,7 +27,9 @@ info: max-request: 2 vendor: atlassian product: data_center - shodan-query: http.component:"atlassian jira" + shodan-query: + - http.component:"Atlassian Jira" + - http.component:"atlassian jira" tags: cve,cve2020,jira,atlassian,unauth http: diff --git a/http/cves/2020/CVE-2020-36365.yaml b/http/cves/2020/CVE-2020-36365.yaml index 333ae664b10..464d4373e93 100644 --- a/http/cves/2020/CVE-2020-36365.yaml +++ b/http/cves/2020/CVE-2020-36365.yaml @@ -20,14 +20,16 @@ info: cvss-score: 6.1 cve-id: CVE-2020-36365 cwe-id: CWE-601 - epss-score: 0.03727 - epss-percentile: 0.87408 + epss-score: 0.00244 + epss-percentile: 0.62379 cpe: cpe:2.3:a:smartstore:smartstorenet:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: smartstore product: smartstorenet - shodan-query: http.html:'content="smartstore' + shodan-query: + - http.html:'content="Smartstore' + - http.html:'content="smartstore' fofa-query: body='content="smartstore' tags: cve2020,cve,redirect,smartstore diff --git a/http/cves/2020/CVE-2020-36510.yaml b/http/cves/2020/CVE-2020-36510.yaml index 8e4d57cf3c2..5ff88c5fb5f 100644 --- a/http/cves/2020/CVE-2020-36510.yaml +++ b/http/cves/2020/CVE-2020-36510.yaml @@ -14,14 +14,13 @@ info: - https://wpscan.com/vulnerability/d1dbc6d7-7488-40c2-bc38-0674ea5b3c95 - https://nvd.nist.gov/vuln/detail/CVE-2020-36510 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-36510 cwe-id: CWE-79 - epss-score: 0.03365 - epss-percentile: 0.86738 + epss-score: 0.00106 + epss-percentile: 0.42122 cpe: cpe:2.3:a:codetipi:15zine:*:*:*:*:*:wordpress:*:* metadata: verified: "false" diff --git a/http/cves/2020/CVE-2020-4463.yaml b/http/cves/2020/CVE-2020-4463.yaml index ad0279bbb7d..b19e372eba8 100644 --- a/http/cves/2020/CVE-2020-4463.yaml +++ b/http/cves/2020/CVE-2020-4463.yaml @@ -24,14 +24,14 @@ info: cvss-score: 8.2 cve-id: CVE-2020-4463 cwe-id: CWE-611 - epss-score: 0.89673 - epss-percentile: 0.99525 + epss-score: 0.76538 + epss-percentile: 0.97916 cpe: cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:* metadata: max-request: 2 vendor: ibm product: maximo_asset_management - shodan-query: http.favicon.hash:"-399298961" + shodan-query: http.favicon.hash:-399298961 fofa-query: icon_hash=-399298961 tags: cve,cve2020,ibm,xxe,disclosure diff --git a/http/cves/2020/CVE-2020-5192.yaml b/http/cves/2020/CVE-2020-5192.yaml index 6d0d16a2294..045a987885e 100644 --- a/http/cves/2020/CVE-2020-5192.yaml +++ b/http/cves/2020/CVE-2020-5192.yaml @@ -21,8 +21,8 @@ info: cvss-score: 8.8 cve-id: CVE-2020-5192 cwe-id: CWE-89 - epss-score: 0.26212 - epss-percentile: 0.95993 + epss-score: 0.38401 + epss-percentile: 0.97221 cpe: cpe:2.3:a:phpgurukul:hospital_management_system:4.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2020/CVE-2020-5284.yaml b/http/cves/2020/CVE-2020-5284.yaml index 2eca6b48a41..9e34b68bb30 100644 --- a/http/cves/2020/CVE-2020-5284.yaml +++ b/http/cves/2020/CVE-2020-5284.yaml @@ -15,12 +15,12 @@ info: - https://github.com/Z0fhack/Goby_POC - https://github.com/merlinepedra/nuclei-templates classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N - cvss-score: 4.4 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.3 cve-id: CVE-2020-5284 - cwe-id: CWE-23,CWE-22 - epss-score: 0.77318 - epss-percentile: 0.98906 + cwe-id: CWE-22,CWE-23 + epss-score: 0.00213 + epss-percentile: 0.5933 cpe: cpe:2.3:a:zeit:next.js:*:*:*:*:*:*:*:* metadata: max-request: 1 @@ -29,10 +29,7 @@ info: shodan-query: - http.html:"/_next/static" - cpe:"cpe:2.3:a:zeit:next.js" - - x-middleware-rewrite - fofa-query: - - body="/_next/static" - - x-middleware-rewrite + fofa-query: body="/_next/static" tags: cve,cve2020,nextjs,lfi,zeit http: diff --git a/http/cves/2020/CVE-2020-5405.yaml b/http/cves/2020/CVE-2020-5405.yaml index 2d847f0525a..15f49cded93 100644 --- a/http/cves/2020/CVE-2020-5405.yaml +++ b/http/cves/2020/CVE-2020-5405.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.5 cve-id: CVE-2020-5405 cwe-id: CWE-22,CWE-23 - epss-score: 0.71984 - epss-percentile: 0.98646 + epss-score: 0.00258 + epss-percentile: 0.64891 cpe: cpe:2.3:a:vmware:spring_cloud_config:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-5410.yaml b/http/cves/2020/CVE-2020-5410.yaml index 7a96e72d718..d5574bd8fa6 100644 --- a/http/cves/2020/CVE-2020-5410.yaml +++ b/http/cves/2020/CVE-2020-5410.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-5410 cwe-id: CWE-23,CWE-22 - epss-score: 0.94305 - epss-percentile: 0.99933 + epss-score: 0.97175 + epss-percentile: 0.99813 cpe: cpe:2.3:a:vmware:spring_cloud_config:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-5775.yaml b/http/cves/2020/CVE-2020-5775.yaml index a43e85d3461..2be700567f5 100644 --- a/http/cves/2020/CVE-2020-5775.yaml +++ b/http/cves/2020/CVE-2020-5775.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2020-5775 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N cvss-score: 5.8 cve-id: CVE-2020-5775 cwe-id: CWE-918 - epss-score: 0.5613 - epss-percentile: 0.97943 + epss-score: 0.00194 + epss-percentile: 0.57293 cpe: cpe:2.3:a:instructure:canvas_learning_management_service:2020-07-29:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-5776.yaml b/http/cves/2020/CVE-2020-5776.yaml index d83ac91dba2..139daa0edb1 100644 --- a/http/cves/2020/CVE-2020-5776.yaml +++ b/http/cves/2020/CVE-2020-5776.yaml @@ -20,14 +20,16 @@ info: cvss-score: 8.8 cve-id: CVE-2020-5776 cwe-id: CWE-352 - epss-score: 0.70989 - epss-percentile: 0.986 + epss-score: 0.42595 + epss-percentile: 0.97329 cpe: cpe:2.3:a:magmi_project:magmi:*:*:*:*:*:*:*:* metadata: max-request: 3 vendor: magmi_project product: magmi - shodan-query: http.component:"magento" + shodan-query: + - http.component:"Magento" + - http.component:"magento" tags: cve,cve2020,magmi,magento,tenable,magmi_project http: diff --git a/http/cves/2020/CVE-2020-5777.yaml b/http/cves/2020/CVE-2020-5777.yaml index c7dd510fa3b..e953a63439e 100644 --- a/http/cves/2020/CVE-2020-5777.yaml +++ b/http/cves/2020/CVE-2020-5777.yaml @@ -20,14 +20,16 @@ info: cvss-score: 9.8 cve-id: CVE-2020-5777 cwe-id: CWE-287 - epss-score: 0.89849 - epss-percentile: 0.99537 + epss-score: 0.05608 + epss-percentile: 0.93255 cpe: cpe:2.3:a:magmi_project:magmi:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: magmi_project product: magmi - shodan-query: http.component:"magento" + shodan-query: + - http.component:"Magento" + - http.component:"magento" tags: cve,cve2020,plugin,tenable,magmi,magento,auth,bypass,magmi_project http: diff --git a/http/cves/2020/CVE-2020-5902.yaml b/http/cves/2020/CVE-2020-5902.yaml index 99fc12d07ee..3809952f370 100644 --- a/http/cves/2020/CVE-2020-5902.yaml +++ b/http/cves/2020/CVE-2020-5902.yaml @@ -34,12 +34,8 @@ info: max-request: 8 vendor: f5 product: big-ip_access_policy_manager - shodan-query: - - http.title:"big-ip®-+redirect" +"server" - - http.html:"big-ip apm" - fofa-query: - - title="big-ip®-+redirect" +"server" - - body="big-ip apm" + shodan-query: http.title:"big-ip®-+redirect" +"server" + fofa-query: title="big-ip®-+redirect" +"server" google-query: intitle:"big-ip®-+redirect" +"server" tags: cve,cve2020,bigip,rce,kev,packetstorm,f5 diff --git a/http/cves/2020/CVE-2020-6171.yaml b/http/cves/2020/CVE-2020-6171.yaml index 9d4fea89cf1..4e78cf0b1a5 100644 --- a/http/cves/2020/CVE-2020-6171.yaml +++ b/http/cves/2020/CVE-2020-6171.yaml @@ -15,14 +15,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2020-6171 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-6171 cwe-id: CWE-79 - epss-score: 0.05369 - epss-percentile: 0.89571 + epss-score: 0.00135 + epss-percentile: 0.48718 cpe: cpe:2.3:a:communilink:clink_office:2.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-6207.yaml b/http/cves/2020/CVE-2020-6207.yaml index c7e3e3101f5..7ed8850e0ce 100644 --- a/http/cves/2020/CVE-2020-6207.yaml +++ b/http/cves/2020/CVE-2020-6207.yaml @@ -22,8 +22,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-6207 cwe-id: CWE-306 - epss-score: 0.94274 - epss-percentile: 0.99925 + epss-score: 0.97439 + epss-percentile: 0.99945 cpe: cpe:2.3:a:sap:solution_manager:7.20:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-6287.yaml b/http/cves/2020/CVE-2020-6287.yaml index 8487aa0d89d..d4faee07420 100644 --- a/http/cves/2020/CVE-2020-6287.yaml +++ b/http/cves/2020/CVE-2020-6287.yaml @@ -20,14 +20,14 @@ info: cvss-score: 10 cve-id: CVE-2020-6287 cwe-id: CWE-306 - epss-score: 0.94395 - epss-percentile: 0.99966 + epss-score: 0.97502 + epss-percentile: 0.99982 cpe: cpe:2.3:a:sap:netweaver_application_server_java:7.30:*:*:*:*:*:*:* metadata: max-request: 1 vendor: sap product: netweaver_application_server_java - shodan-query: http.favicon.hash:"-266008933" + shodan-query: http.favicon.hash:-266008933 fofa-query: icon_hash=-266008933 tags: cve,cve2020,sap,kev diff --git a/http/cves/2020/CVE-2020-6308.yaml b/http/cves/2020/CVE-2020-6308.yaml index aa345e4b775..4f55bcaf970 100644 --- a/http/cves/2020/CVE-2020-6308.yaml +++ b/http/cves/2020/CVE-2020-6308.yaml @@ -21,8 +21,8 @@ info: cvss-score: 5.3 cve-id: CVE-2020-6308 cwe-id: CWE-918 - epss-score: 0.84438 - epss-percentile: 0.99257 + epss-score: 0.004 + epss-percentile: 0.73121 cpe: cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.1:-:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-6637.yaml b/http/cves/2020/CVE-2020-6637.yaml index 56f3c9b60eb..7f25f5b281a 100644 --- a/http/cves/2020/CVE-2020-6637.yaml +++ b/http/cves/2020/CVE-2020-6637.yaml @@ -27,7 +27,9 @@ info: max-request: 3 vendor: os4ed product: opensis - shodan-query: http.title:"opensis" + shodan-query: + - http.title:"openSIS" + - http.title:"opensis" fofa-query: title="opensis" google-query: intitle:"opensis" tags: cve,cve2020,sqli,opensis,os4ed diff --git a/http/cves/2020/CVE-2020-6950.yaml b/http/cves/2020/CVE-2020-6950.yaml index f52df851563..d47a8239afc 100644 --- a/http/cves/2020/CVE-2020-6950.yaml +++ b/http/cves/2020/CVE-2020-6950.yaml @@ -17,8 +17,8 @@ info: cvss-score: 6.5 cve-id: CVE-2020-6950 cwe-id: CWE-22 - epss-score: 0.57917 - epss-percentile: 0.98023 + epss-score: 0.03924 + epss-percentile: 0.91979 cpe: cpe:2.3:a:eclipse:mojarra:*:*:*:*:*:*:*:* metadata: verified: true @@ -26,9 +26,11 @@ info: vendor: eclipse product: mojarra shodan-query: - - http.html:"javax.faces.resource" + - html:"javax.faces.resource" - http.html:"javax.faces.viewstate" + - http.html:"javax.faces.resource" fofa-query: + - body="javax.faces.ViewState" - body="javax.faces.viewstate" - body="javax.faces.resource" tags: cve,cve2020,mojarra,lfi,eclipse diff --git a/http/cves/2020/CVE-2020-7209.yaml b/http/cves/2020/CVE-2020-7209.yaml index 5aa7ba13c89..34d9c6a2620 100644 --- a/http/cves/2020/CVE-2020-7209.yaml +++ b/http/cves/2020/CVE-2020-7209.yaml @@ -19,8 +19,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-7209 - epss-score: 0.93309 - epss-percentile: 0.99796 + epss-score: 0.97227 + epss-percentile: 0.99837 cpe: cpe:2.3:a:hp:linuxki:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-7318.yaml b/http/cves/2020/CVE-2020-7318.yaml index a9a0e39dcb0..ade63691e62 100644 --- a/http/cves/2020/CVE-2020-7318.yaml +++ b/http/cves/2020/CVE-2020-7318.yaml @@ -21,12 +21,12 @@ info: - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/merlinepedra/nuclei-templates classification: - cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N - cvss-score: 4.6 + cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N + cvss-score: 4.3 cve-id: CVE-2020-7318 cwe-id: CWE-79 - epss-score: 0.12599 - epss-percentile: 0.93573 + epss-score: 0.00065 + epss-percentile: 0.28395 cpe: cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-7796.yaml b/http/cves/2020/CVE-2020-7796.yaml index 7c1182bf5b0..1a22492c095 100644 --- a/http/cves/2020/CVE-2020-7796.yaml +++ b/http/cves/2020/CVE-2020-7796.yaml @@ -30,11 +30,9 @@ info: shodan-query: - http.title:"zimbra collaboration suite" - http.title:"zimbra web client sign in" - - http.favicon.hash:"1624375939" fofa-query: - title="zimbra web client sign in" - title="zimbra collaboration suite" - - icon_hash=1624375939 google-query: - intitle:"zimbra collaboration suite" - intitle:"zimbra web client sign in" diff --git a/http/cves/2020/CVE-2020-7943.yaml b/http/cves/2020/CVE-2020-7943.yaml index 19255646386..43d80805aab 100644 --- a/http/cves/2020/CVE-2020-7943.yaml +++ b/http/cves/2020/CVE-2020-7943.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-7943 cwe-id: CWE-276,NVD-CWE-noinfo - epss-score: 0.65366 - epss-percentile: 0.98358 + epss-score: 0.06791 + epss-percentile: 0.93863 cpe: cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-7961.yaml b/http/cves/2020/CVE-2020-7961.yaml index af8308960bb..f0a118b8038 100644 --- a/http/cves/2020/CVE-2020-7961.yaml +++ b/http/cves/2020/CVE-2020-7961.yaml @@ -18,23 +18,17 @@ info: cvss-score: 9.8 cve-id: CVE-2020-7961 cwe-id: CWE-502 - epss-score: 0.94412 - epss-percentile: 0.99972 + epss-score: 0.97342 + epss-percentile: 0.99876 cpe: cpe:2.3:a:liferay:liferay_portal:*:*:*:*:community:*:*:* metadata: max-request: 2 vendor: liferay product: liferay_portal shodan-query: - - http.favicon.hash:"129457226" + - http.favicon.hash:129457226 - cpe:"cpe:2.3:a:liferay:liferay_portal" - - http.html:"var liferay" - - http.title:"liferay" - fofa-query: - - icon_hash=129457226 - - body="var liferay" - - title="liferay" - google-query: intitle:"liferay" + fofa-query: icon_hash=129457226 tags: cve2020,cve,packetstorm,rce,liferay,kev http: diff --git a/http/cves/2020/CVE-2020-7980.yaml b/http/cves/2020/CVE-2020-7980.yaml index a4612789124..a6dad5de47a 100644 --- a/http/cves/2020/CVE-2020-7980.yaml +++ b/http/cves/2020/CVE-2020-7980.yaml @@ -27,7 +27,9 @@ info: max-request: 1 vendor: intelliantech product: aptus_web - shodan-query: http.title:"intellian aptus web" + shodan-query: + - http.title:"Intellian Aptus Web" + - http.title:"intellian aptus web" fofa-query: title="intellian aptus web" google-query: intitle:"intellian aptus web" tags: cve2020,cve,intellian,aptus,packetstorm,satellian,rce,intelliantech diff --git a/http/cves/2020/CVE-2020-8115.yaml b/http/cves/2020/CVE-2020-8115.yaml index 7e54ffe24d3..141a29fcd96 100644 --- a/http/cves/2020/CVE-2020-8115.yaml +++ b/http/cves/2020/CVE-2020-8115.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-8115 cwe-id: CWE-79 - epss-score: 0.55788 - epss-percentile: 0.97927 + epss-score: 0.0187 + epss-percentile: 0.88393 cpe: cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:* metadata: max-request: 1 @@ -29,11 +29,10 @@ info: product: revive_adserver shodan-query: - http.title:"revive adserver" - - http.favicon.hash:"106844876" + - http.favicon.hash:106844876 fofa-query: - icon_hash=106844876 - title="revive adserver" - - icon_hash="106844876" google-query: intitle:"revive adserver" tags: cve,cve2020,xss,hackerone,revive-adserver diff --git a/http/cves/2020/CVE-2020-8163.yaml b/http/cves/2020/CVE-2020-8163.yaml index d9f4d61daf1..c47d72ff2fe 100644 --- a/http/cves/2020/CVE-2020-8163.yaml +++ b/http/cves/2020/CVE-2020-8163.yaml @@ -14,32 +14,19 @@ info: - https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0 - https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html - https://nvd.nist.gov/vuln/detail/CVE-2020-8163 - - https://github.com/password520/Penetration_PoC classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2020-8163 cwe-id: CWE-94 - epss-score: 0.87317 - epss-percentile: 0.99401 + epss-score: 0.97016 + epss-percentile: 0.99691 cpe: cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: rubyonrails product: rails - shodan-query: - - cpe:"cpe:2.3:a:rubyonrails:rails" - - http.title:"index of" "secret_token.rb" - - http.title:"index of" "secrets.yml" - - http.title:"index of" storage.yml - google-query: - - intitle:"index of" "secret_token.rb" - - intitle:"index of" "secrets.yml" - - intitle:"index of" storage.yml - fofa-query: - - title="index of" "secret_token.rb" - - title="index of" "secrets.yml" - - title="index of" storage.yml + shodan-query: cpe:"cpe:2.3:a:rubyonrails:rails" tags: cve,cve2020,rails,rce,hackerone,rubyonrails http: diff --git a/http/cves/2020/CVE-2020-8193.yaml b/http/cves/2020/CVE-2020-8193.yaml index f6b99e2eb48..9fda25b063b 100644 --- a/http/cves/2020/CVE-2020-8193.yaml +++ b/http/cves/2020/CVE-2020-8193.yaml @@ -19,9 +19,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N cvss-score: 6.5 cve-id: CVE-2020-8193 - cwe-id: CWE-284,CWE-287 - epss-score: 0.94349 - epss-percentile: 0.99946 + cwe-id: CWE-287,CWE-284 + epss-score: 0.97463 + epss-percentile: 0.99959 cpe: cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:* metadata: max-request: 6 diff --git a/http/cves/2020/CVE-2020-8194.yaml b/http/cves/2020/CVE-2020-8194.yaml index 2fb02c1ce09..6a4244164eb 100644 --- a/http/cves/2020/CVE-2020-8194.yaml +++ b/http/cves/2020/CVE-2020-8194.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.5 cve-id: CVE-2020-8194 cwe-id: CWE-94 - epss-score: 0.79516 - epss-percentile: 0.99018 + epss-score: 0.97364 + epss-percentile: 0.999 cpe: cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-8209.yaml b/http/cves/2020/CVE-2020-8209.yaml index 80469cd8240..7a0cfd05346 100644 --- a/http/cves/2020/CVE-2020-8209.yaml +++ b/http/cves/2020/CVE-2020-8209.yaml @@ -25,22 +25,13 @@ info: cvss-score: 7.5 cve-id: CVE-2020-8209 cwe-id: CWE-22 - epss-score: 0.92543 - epss-percentile: 0.99721 + epss-score: 0.96834 + epss-percentile: 0.9967 cpe: cpe:2.3:a:citrix:xenmobile_server:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: citrix product: xenmobile_server - shodan-query: - - http.title:"xenmobile - console" - - http.title:"xenmobile" - fofa-query: - - title="xenmobile - console" - - title="xenmobile" - google-query: - - intitle:"xenmobile - console" - - intitle:"xenmobile" tags: cve2020,cve,citrix,lfi,xenmobile http: diff --git a/http/cves/2020/CVE-2020-8497.yaml b/http/cves/2020/CVE-2020-8497.yaml index 055eca845fc..6ae2ce583ed 100644 --- a/http/cves/2020/CVE-2020-8497.yaml +++ b/http/cves/2020/CVE-2020-8497.yaml @@ -14,25 +14,20 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2020-8497 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2020-8497 cwe-id: CWE-306 - epss-score: 0.27615 - epss-percentile: 0.96143 + epss-score: 0.002 + epss-percentile: 0.56881 cpe: cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: artica product: pandora_fms - shodan-query: - - http.title:"pandora fms" - - http.html:"pandora fms - installation wizard" - fofa-query: - - title="pandora fms" - - body="pandora fms - installation wizard" + shodan-query: http.title:"pandora fms" + fofa-query: title="pandora fms" google-query: intitle:"pandora fms" tags: cve,cve2020,fms,artica diff --git a/http/cves/2020/CVE-2020-8512.yaml b/http/cves/2020/CVE-2020-8512.yaml index 4294070adb4..6d40a3dd7aa 100644 --- a/http/cves/2020/CVE-2020-8512.yaml +++ b/http/cves/2020/CVE-2020-8512.yaml @@ -20,14 +20,16 @@ info: cvss-score: 6.1 cve-id: CVE-2020-8512 cwe-id: CWE-79 - epss-score: 0.34596 - epss-percentile: 0.96781 + epss-score: 0.00692 + epss-percentile: 0.80113 cpe: cpe:2.3:a:icewarp:icewarp_server:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: icewarp product: icewarp_server - shodan-query: http.title:"icewarp" + shodan-query: + - title:"icewarp" + - http.title:"icewarp" fofa-query: title="icewarp" google-query: intitle:"icewarp" tags: cve,cve2020,edb,packetstorm,xss,icewarp diff --git a/http/cves/2020/CVE-2020-8515.yaml b/http/cves/2020/CVE-2020-8515.yaml index 877492a99ff..e463b3e5a4d 100644 --- a/http/cves/2020/CVE-2020-8515.yaml +++ b/http/cves/2020/CVE-2020-8515.yaml @@ -19,8 +19,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-8515 cwe-id: CWE-78 - epss-score: 0.94357 - epss-percentile: 0.99949 + epss-score: 0.97079 + epss-percentile: 0.9977 cpe: cpe:2.3:o:draytek:vigor2960_firmware:1.3.1:beta:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-8615.yaml b/http/cves/2020/CVE-2020-8615.yaml index f8f7f2662df..2e223368b6b 100644 --- a/http/cves/2020/CVE-2020-8615.yaml +++ b/http/cves/2020/CVE-2020-8615.yaml @@ -18,8 +18,8 @@ info: cvss-score: 6.5 cve-id: CVE-2020-8615 cwe-id: CWE-352 - epss-score: 0.03545 - epss-percentile: 0.87108 + epss-score: 0.00867 + epss-percentile: 0.82331 cpe: cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -27,10 +27,8 @@ info: vendor: themeum product: tutor_lms framework: wordpress - shodan-query: http.html:"/wp-content/plugins/tutor/" - fofa-query: - - body=/wp-content/plugins/tutor/ - - body="/wp-content/plugins/tutor/" + shodan-query: http.html:/wp-content/plugins/tutor/ + fofa-query: body=/wp-content/plugins/tutor/ publicwww-query: /wp-content/plugins/tutor/ tags: cve,cve2020,wpscan,packetstorm,csrf,wp-plugin,wp,tutor,wordpress,themeum variables: diff --git a/http/cves/2020/CVE-2020-8641.yaml b/http/cves/2020/CVE-2020-8641.yaml index 42be48ecb92..04799d06370 100644 --- a/http/cves/2020/CVE-2020-8641.yaml +++ b/http/cves/2020/CVE-2020-8641.yaml @@ -20,8 +20,8 @@ info: cvss-score: 8.8 cve-id: CVE-2020-8641 cwe-id: CWE-22 - epss-score: 0.72626 - epss-percentile: 0.98678 + epss-score: 0.0071 + epss-percentile: 0.8041 cpe: cpe:2.3:a:lotus_core_cms_project:lotus_core_cms:1.0.1:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-8654.yaml b/http/cves/2020/CVE-2020-8654.yaml index fcf86eaa539..e6bfaee4e38 100644 --- a/http/cves/2020/CVE-2020-8654.yaml +++ b/http/cves/2020/CVE-2020-8654.yaml @@ -20,8 +20,8 @@ info: cvss-score: 8.8 cve-id: CVE-2020-8654 cwe-id: CWE-78 - epss-score: 0.89898 - epss-percentile: 0.99539 + epss-score: 0.04806 + epss-percentile: 0.92702 cpe: cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-8772.yaml b/http/cves/2020/CVE-2020-8772.yaml index b2c6fcf5383..c4494cc38a5 100644 --- a/http/cves/2020/CVE-2020-8772.yaml +++ b/http/cves/2020/CVE-2020-8772.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-8772 cwe-id: CWE-862 - epss-score: 0.93221 - epss-percentile: 0.99788 + epss-score: 0.96539 + epss-percentile: 0.99607 cpe: cpe:2.3:a:revmakx:infinitewp_client:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2020/CVE-2020-8813.yaml b/http/cves/2020/CVE-2020-8813.yaml index e9da625e228..cb9ae618dab 100644 --- a/http/cves/2020/CVE-2020-8813.yaml +++ b/http/cves/2020/CVE-2020-8813.yaml @@ -20,8 +20,8 @@ info: cvss-score: 8.8 cve-id: CVE-2020-8813 cwe-id: CWE-78 - epss-score: 0.94187 - epss-percentile: 0.99907 + epss-score: 0.95033 + epss-percentile: 0.9913 cpe: cpe:2.3:a:cacti:cacti:1.2.8:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-8982.yaml b/http/cves/2020/CVE-2020-8982.yaml index 2dad35c3e9b..197adcc98c1 100644 --- a/http/cves/2020/CVE-2020-8982.yaml +++ b/http/cves/2020/CVE-2020-8982.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-8982 cwe-id: CWE-22 - epss-score: 0.74622 - epss-percentile: 0.98776 + epss-score: 0.79607 + epss-percentile: 0.98287 cpe: cpe:2.3:a:citrix:sharefile_storagezones_controller:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-9047.yaml b/http/cves/2020/CVE-2020-9047.yaml index a544e612800..399f63cc83d 100644 --- a/http/cves/2020/CVE-2020-9047.yaml +++ b/http/cves/2020/CVE-2020-9047.yaml @@ -3,7 +3,7 @@ id: CVE-2020-9047 info: name: exacqVision Web Service - Remote Code Execution author: dwisiswant0 - severity: medium + severity: high description: | exacqVision Web Service is susceptible to remote code execution which could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentiallydownload and run a malicious executable that could allow OS command injection on the system. impact: | @@ -17,12 +17,12 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2020-9047 - https://github.com/hectorgie/PoC-in-GitHub classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L - cvss-score: 6.8 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.2 cve-id: CVE-2020-9047 cwe-id: CWE-347 - epss-score: 0.17828 - epss-percentile: 0.94773 + epss-score: 0.00782 + epss-percentile: 0.81009 cpe: cpe:2.3:a:johnsoncontrols:exacqvision_enterprise_manager:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-9054.yaml b/http/cves/2020/CVE-2020-9054.yaml index 8913d40b499..6ab3674a78c 100644 --- a/http/cves/2020/CVE-2020-9054.yaml +++ b/http/cves/2020/CVE-2020-9054.yaml @@ -27,7 +27,6 @@ info: max-request: 1 vendor: zyxel product: nas326_firmware - fofa-query: app="zyxel-nas326" tags: cve2020,cve,rce,zyxel,injection,kev http: diff --git a/http/cves/2020/CVE-2020-9315.yaml b/http/cves/2020/CVE-2020-9315.yaml index ea254f735d6..710fb58a942 100644 --- a/http/cves/2020/CVE-2020-9315.yaml +++ b/http/cves/2020/CVE-2020-9315.yaml @@ -29,7 +29,6 @@ info: vendor: oracle product: iplanet_web_server shodan-query: cpe:"cpe:2.3:a:oracle:iplanet_web_server" - fofa-query: app="oracle-iplanet-web-server tags: cve,cve2020,oracle,auth-bypass,iplanet http: diff --git a/http/cves/2020/CVE-2020-9344.yaml b/http/cves/2020/CVE-2020-9344.yaml index 2fac8f195a0..8b1efcc2e6f 100644 --- a/http/cves/2020/CVE-2020-9344.yaml +++ b/http/cves/2020/CVE-2020-9344.yaml @@ -20,15 +20,17 @@ info: cvss-score: 6.1 cve-id: CVE-2020-9344 cwe-id: CWE-79 - epss-score: 0.39837 - epss-percentile: 0.97124 + epss-score: 0.00205 + epss-percentile: 0.58449 cpe: cpe:2.3:a:atlassian:subversion_application_lifecycle_management:*:*:*:*:*:*:*:* metadata: verified: true max-request: 5 vendor: atlassian product: subversion_application_lifecycle_management - shodan-query: http.component:"atlassian jira" + shodan-query: + - http.component:"Atlassian Jira" + - http.component:"atlassian jira" tags: cve2020,cve,atlassian,jira,xss http: diff --git a/http/cves/2020/CVE-2020-9376.yaml b/http/cves/2020/CVE-2020-9376.yaml index 764bd85732e..24362ec987a 100644 --- a/http/cves/2020/CVE-2020-9376.yaml +++ b/http/cves/2020/CVE-2020-9376.yaml @@ -22,8 +22,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-9376 cwe-id: CWE-74 - epss-score: 0.92486 - epss-percentile: 0.99717 + epss-score: 0.96966 + epss-percentile: 0.99728 cpe: cpe:2.3:o:dlink:dir-610_firmware:-:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-9402.yaml b/http/cves/2020/CVE-2020-9402.yaml index b4395a4b758..730a3ff2591 100644 --- a/http/cves/2020/CVE-2020-9402.yaml +++ b/http/cves/2020/CVE-2020-9402.yaml @@ -19,22 +19,14 @@ info: cvss-score: 8.8 cve-id: CVE-2020-9402 cwe-id: CWE-89 - epss-score: 0.54822 - epss-percentile: 0.97874 + epss-score: 0.14117 + epss-percentile: 0.95552 cpe: cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: djangoproject product: django - shodan-query: - - cpe:"cpe:2.3:a:djangoproject:django" - - cpe:"cpe:2.3:a:djangoproject:django" || http.title:"django administration" - - http.html:"settings.py" - - http.title:"the install worked successfully! congratulations!" - fofa-query: - - body=settings.py - - title="the install worked successfully! congratulations!" - google-query: intitle:"the install worked successfully! congratulations!" + shodan-query: cpe:"cpe:2.3:a:djangoproject:django" tags: cve,cve2020,django,sqli,vulhub,djangoproject http: diff --git a/http/cves/2020/CVE-2020-9425.yaml b/http/cves/2020/CVE-2020-9425.yaml index abcd175e741..adb2e4933e1 100644 --- a/http/cves/2020/CVE-2020-9425.yaml +++ b/http/cves/2020/CVE-2020-9425.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-9425 cwe-id: CWE-670 - epss-score: 0.23546 - epss-percentile: 0.95669 + epss-score: 0.01336 + epss-percentile: 0.86037 cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-9483.yaml b/http/cves/2020/CVE-2020-9483.yaml index 680ff02b316..a904215c7fa 100644 --- a/http/cves/2020/CVE-2020-9483.yaml +++ b/http/cves/2020/CVE-2020-9483.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2020-9483 cwe-id: CWE-89 - epss-score: 0.9238 - epss-percentile: 0.99709 + epss-score: 0.0522 + epss-percentile: 0.92833 cpe: cpe:2.3:a:apache:skywalking:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2020/CVE-2020-9484.yaml b/http/cves/2020/CVE-2020-9484.yaml index dd8bb7877af..28cebf27794 100644 --- a/http/cves/2020/CVE-2020-9484.yaml +++ b/http/cves/2020/CVE-2020-9484.yaml @@ -26,28 +26,22 @@ info: cvss-score: 7 cve-id: CVE-2020-9484 cwe-id: CWE-502 - epss-score: 0.93261 - epss-percentile: 0.99792 + epss-score: 0.92247 + epss-percentile: 0.98942 cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: apache product: tomcat shodan-query: + - title:"Apache Tomcat" - http.title:"apache tomcat" - http.html:"apache tomcat" - cpe:"cpe:2.3:a:apache:tomcat" - - http.component:"apache tomcat" - - http.html:"jk status manager" - - product:"tomcat" fofa-query: - body="apache tomcat" - title="apache tomcat" - - body="jk status manager" - - server=="apache tomcat" - google-query: - - intitle:"apache tomcat" - - site:*/examples/jsp/snp/snoop.jsp + google-query: intitle:"apache tomcat" tags: cve2020,cve,rce,packetstorm,apache,tomcat http: diff --git a/http/cves/2020/CVE-2020-9496.yaml b/http/cves/2020/CVE-2020-9496.yaml index 22dd99dd69d..3545cc15dfa 100644 --- a/http/cves/2020/CVE-2020-9496.yaml +++ b/http/cves/2020/CVE-2020-9496.yaml @@ -19,9 +19,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-9496 - cwe-id: CWE-79 - epss-score: 0.93987 - epss-percentile: 0.99874 + cwe-id: CWE-502 + epss-score: 0.89561 + epss-percentile: 0.98689 cpe: cpe:2.3:a:apache:ofbiz:17.12.03:*:*:*:*:*:*:* metadata: max-request: 1 @@ -30,11 +30,9 @@ info: shodan-query: - http.html:"ofbiz" - ofbiz.visitor= - - http.html:"apache ofbiz" fofa-query: - body="ofbiz" - app="apache_ofbiz" - - body="apache ofbiz" tags: cve,cve2020,ofbiz,packetstorm,apache,java http: diff --git a/http/cves/2020/CVE-2020-9757.yaml b/http/cves/2020/CVE-2020-9757.yaml index 0c58d79a1b0..eaa7a6f793d 100644 --- a/http/cves/2020/CVE-2020-9757.yaml +++ b/http/cves/2020/CVE-2020-9757.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-9757 cwe-id: CWE-74 - epss-score: 0.93409 - epss-percentile: 0.99803 + epss-score: 0.96294 + epss-percentile: 0.99536 cpe: cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:* metadata: max-request: 2 @@ -29,14 +29,11 @@ info: product: craft_cms shodan-query: - cpe:"cpe:2.3:a:craftcms:craft_cms" - - http.html:"craftcms" - - http.favicon.hash:"-47932290" - - x-powered-by:"craft cms" + - http.html:craftcms + - http.favicon.hash:-47932290 fofa-query: - icon_hash=-47932290 - body=craftcms - - body="craftcms" - - icon_hash="-47932290" publicwww-query: craftcms tags: cve,cve2020,ssti,craftcms diff --git a/http/cves/2021/CVE-2021-1472.yaml b/http/cves/2021/CVE-2021-1472.yaml index 3b81d64eb0f..ba3bfc1ec5b 100644 --- a/http/cves/2021/CVE-2021-1472.yaml +++ b/http/cves/2021/CVE-2021-1472.yaml @@ -3,7 +3,7 @@ id: CVE-2021-1472 info: name: Cisco Small Business RV Series - OS Command Injection author: gy741 - severity: medium + severity: critical description: | Cisco Small Business RV Series routers RV16X/RV26X versions 1.0.01.02 and before and RV34X versions 1.0.03.20 and before contain multiple OS command injection vulnerabilities in the web-based management interface. A remote attacker can execute arbitrary OS commands via the sessionid cookie or bypass authentication and upload files on an affected device. impact: | @@ -17,19 +17,21 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-1473 - http://seclists.org/fulldisclosure/2021/Apr/39 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2021-1472 - cwe-id: CWE-119,CWE-287 - epss-score: 0.89809 - epss-percentile: 0.99533 + cwe-id: CWE-287,CWE-119 + epss-score: 0.97174 + epss-percentile: 0.99793 cpe: cpe:2.3:o:cisco:rv160_firmware:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: cisco product: rv160_firmware - shodan-query: http.html:"cisco rv340" + shodan-query: + - http.html:"Cisco rv340" + - http.html:"cisco rv340" fofa-query: body="cisco rv340" tags: cve2021,cve,packetstorm,seclists,auth-bypass,injection,cisco,rce,intrusive diff --git a/http/cves/2021/CVE-2021-1498.yaml b/http/cves/2021/CVE-2021-1498.yaml index c74288c0401..31c75f401dd 100644 --- a/http/cves/2021/CVE-2021-1498.yaml +++ b/http/cves/2021/CVE-2021-1498.yaml @@ -21,9 +21,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-1498 - cwe-id: CWE-78,CWE-77 - epss-score: 0.94059 - epss-percentile: 0.99887 + cwe-id: CWE-78 + epss-score: 0.97528 + epss-percentile: 0.99991 cpe: cpe:2.3:o:cisco:hyperflex_hx_data_platform:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-20031.yaml b/http/cves/2021/CVE-2021-20031.yaml index f8b328e98f8..beb589bc18a 100644 --- a/http/cves/2021/CVE-2021-20031.yaml +++ b/http/cves/2021/CVE-2021-20031.yaml @@ -18,14 +18,14 @@ info: cvss-score: 6.1 cve-id: CVE-2021-20031 cwe-id: CWE-601 - epss-score: 0.41298 - epss-percentile: 0.97213 - cpe: cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:* + epss-score: 0.01452 + epss-percentile: 0.86646 + cpe: cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:* metadata: max-request: 1 vendor: sonicwall - product: sonicos - google-query: inurl:"auth.html" intitle:"sonicwall" + product: nsa_2650 + google-query: inurl:"auth.html" intitle:"SonicWall" tags: cve,cve2021,sonicwall,redirect,edb,packetstorm http: diff --git a/http/cves/2021/CVE-2021-20091.yaml b/http/cves/2021/CVE-2021-20091.yaml index 8e7a6014821..853933aceec 100644 --- a/http/cves/2021/CVE-2021-20091.yaml +++ b/http/cves/2021/CVE-2021-20091.yaml @@ -20,13 +20,13 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2021-20091 - epss-score: 0.8599 - epss-percentile: 0.99332 - cpe: cpe:2.3:o:buffalo:wsr-2533dhpl2-bk_firmware:*:*:*:*:*:*:*:* + epss-score: 0.00928 + epss-percentile: 0.8296 + cpe: cpe:2.3:h:buffalo:wsr-2533dhpl2-bk:-:*:*:*:*:*:*:* metadata: max-request: 2 vendor: buffalo - product: wsr-2533dhpl2-bk_firmware + product: wsr-2533dhpl2-bk tags: cve2021,cve,buffalo,firmware,iot,tenable http: diff --git a/http/cves/2021/CVE-2021-20092.yaml b/http/cves/2021/CVE-2021-20092.yaml index 77ffa16f91a..fce223105ea 100644 --- a/http/cves/2021/CVE-2021-20092.yaml +++ b/http/cves/2021/CVE-2021-20092.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-20092 cwe-id: CWE-287 - epss-score: 0.79494 - epss-percentile: 0.99015 + epss-score: 0.01583 + epss-percentile: 0.87312 cpe: cpe:2.3:o:buffalo:wsr-2533dhpl2-bk_firmware:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2021/CVE-2021-20123.yaml b/http/cves/2021/CVE-2021-20123.yaml index dcc4d2d2c3b..9d83db2699b 100644 --- a/http/cves/2021/CVE-2021-20123.yaml +++ b/http/cves/2021/CVE-2021-20123.yaml @@ -27,7 +27,9 @@ info: max-request: 2 vendor: draytek product: vigorconnect - shodan-query: http.html:"vigorconnect" + shodan-query: + - http.html:"VigorConnect" + - http.html:"vigorconnect" fofa-query: body="vigorconnect" tags: cve2021,cve,draytek,lfi,vigorconnect,tenable,kev diff --git a/http/cves/2021/CVE-2021-20124.yaml b/http/cves/2021/CVE-2021-20124.yaml index 533c6e37896..4d6205ba10b 100644 --- a/http/cves/2021/CVE-2021-20124.yaml +++ b/http/cves/2021/CVE-2021-20124.yaml @@ -14,21 +14,22 @@ info: - https://www.draytek.com/products/vigorconnect/ - https://nvd.nist.gov/vuln/detail/CVE-2021-20124 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-20124 cwe-id: CWE-22 - epss-score: 0.93733 - epss-percentile: 0.9984 + epss-score: 0.01224 + epss-percentile: 0.85337 cpe: cpe:2.3:a:draytek:vigorconnect:1.6.0:beta3:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: draytek product: vigorconnect - shodan-query: http.html:"vigorconnect" + shodan-query: + - http.html:"VigorConnect" + - http.html:"vigorconnect" fofa-query: body="vigorconnect" tags: cve2021,cve,draytek,lfi,vigorconnect,tenable,kev diff --git a/http/cves/2021/CVE-2021-20150.yaml b/http/cves/2021/CVE-2021-20150.yaml index f5abc7c878f..2ee7e0a0761 100644 --- a/http/cves/2021/CVE-2021-20150.yaml +++ b/http/cves/2021/CVE-2021-20150.yaml @@ -24,7 +24,9 @@ info: max-request: 1 vendor: trendnet product: tew-827dru_firmware - shodan-query: http.html:"tew-827dru" + shodan-query: + - http.html:"TEW-827DRU" + - http.html:"tew-827dru" fofa-query: body="tew-827dru" tags: cve2021,cve,disclosure,router,tenable,trendnet diff --git a/http/cves/2021/CVE-2021-20158.yaml b/http/cves/2021/CVE-2021-20158.yaml index 99717f383d2..0754cfefdc1 100644 --- a/http/cves/2021/CVE-2021-20158.yaml +++ b/http/cves/2021/CVE-2021-20158.yaml @@ -26,7 +26,9 @@ info: max-request: 2 vendor: trendnet product: tew-827dru_firmware - shodan-query: http.html:"tew-827dru" + shodan-query: + - http.html:"TEW-827DRU" + - http.html:"tew-827dru" fofa-query: body="tew-827dru" tags: cve2021,cve,disclosure,router,intrusive,tenable,trendnet variables: diff --git a/http/cves/2021/CVE-2021-20167.yaml b/http/cves/2021/CVE-2021-20167.yaml index 340d21e817c..d109fe6d6f1 100644 --- a/http/cves/2021/CVE-2021-20167.yaml +++ b/http/cves/2021/CVE-2021-20167.yaml @@ -17,8 +17,8 @@ info: cvss-score: 8 cve-id: CVE-2021-20167 cwe-id: CWE-77 - epss-score: 0.8301 - epss-percentile: 0.99186 + epss-score: 0.94822 + epss-percentile: 0.99273 cpe: cpe:2.3:o:netgear:rax43_firmware:1.0.3.96:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-20323.yaml b/http/cves/2021/CVE-2021-20323.yaml index 26792725606..14e0a00765c 100644 --- a/http/cves/2021/CVE-2021-20323.yaml +++ b/http/cves/2021/CVE-2021-20323.yaml @@ -22,8 +22,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-20323 cwe-id: CWE-79 - epss-score: 0.73157 - epss-percentile: 0.98697 + epss-score: 0.00173 + epss-percentile: 0.54333 cpe: cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* metadata: verified: true @@ -31,14 +31,14 @@ info: vendor: redhat product: keycloak shodan-query: - - http.html:"keycloak" + - html:"Keycloak" - http.title:"keycloak" - - http.favicon.hash:"-1105083093" + - http.html:"keycloak" + - http.favicon.hash:-1105083093 fofa-query: - title="keycloak" - icon_hash=-1105083093 - body="keycloak" - - icon_hash="-1105083093" google-query: intitle:"keycloak" tags: cve2021,cve,keycloak,xss,redhat diff --git a/http/cves/2021/CVE-2021-20837.yaml b/http/cves/2021/CVE-2021-20837.yaml index b9c0739ca94..c382dc93f36 100644 --- a/http/cves/2021/CVE-2021-20837.yaml +++ b/http/cves/2021/CVE-2021-20837.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-20837 cwe-id: CWE-78 - epss-score: 0.93758 - epss-percentile: 0.99845 + epss-score: 0.96998 + epss-percentile: 0.99738 cpe: cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:* metadata: max-request: 1 @@ -30,13 +30,8 @@ info: shodan-query: - http.title:"サインイン | movable type pro" - cpe:"cpe:2.3:a:sixapart:movable_type" - - http.title:"welcome to movable type" - fofa-query: - - title="サインイン | movable type pro" - - title="welcome to movable type" - google-query: - - intitle:"サインイン | movable type pro" - - intitle:"welcome to movable type" + fofa-query: title="サインイン | movable type pro" + google-query: intitle:"サインイン | movable type pro" tags: cve2021,cve,packetstorm,rce,movable,sixapart http: diff --git a/http/cves/2021/CVE-2021-21087.yaml b/http/cves/2021/CVE-2021-21087.yaml index d65567dd32c..dc87ab65e08 100644 --- a/http/cves/2021/CVE-2021-21087.yaml +++ b/http/cves/2021/CVE-2021-21087.yaml @@ -21,14 +21,15 @@ info: cvss-score: 5.4 cve-id: CVE-2021-21087 cwe-id: CWE-79 - epss-score: 0.82538 - epss-percentile: 0.99167 + epss-score: 0.00179 + epss-percentile: 0.54989 cpe: cpe:2.3:a:adobe:coldfusion:2016:-:*:*:*:*:*:* metadata: max-request: 7 vendor: adobe product: coldfusion shodan-query: + - http.component:"Adobe ColdFusion" - http.component:"adobe coldfusion" - http.title:"coldfusion administrator login" - cpe:"cpe:2.3:a:adobe:coldfusion" diff --git a/http/cves/2021/CVE-2021-21287.yaml b/http/cves/2021/CVE-2021-21287.yaml index af9d178b74c..e0e09eea740 100644 --- a/http/cves/2021/CVE-2021-21287.yaml +++ b/http/cves/2021/CVE-2021-21287.yaml @@ -31,12 +31,10 @@ info: - http.title:"minio browser" - cpe:"cpe:2.3:a:minio:minio" - http.title:"minio console" - - http.html:"symfony profiler" fofa-query: - title="minio console" - app="minio" - title="minio browser" - - body="symfony profiler" google-query: - intitle:"minio browser" - intitle:"minio console" diff --git a/http/cves/2021/CVE-2021-21311.yaml b/http/cves/2021/CVE-2021-21311.yaml index da37744fee6..9ec5d8923e2 100644 --- a/http/cves/2021/CVE-2021-21311.yaml +++ b/http/cves/2021/CVE-2021-21311.yaml @@ -19,21 +19,25 @@ info: cvss-score: 7.2 cve-id: CVE-2021-21311 cwe-id: CWE-918 - epss-score: 0.886 - epss-percentile: 0.99462 + epss-score: 0.02092 + epss-percentile: 0.89083 cpe: cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* metadata: max-request: 6 vendor: adminer product: adminer shodan-query: - - http.title:"login - adminer" + - title:"Login - Adminer" - cpe:"cpe:2.3:a:adminer:adminer" + - http.title:"login - adminer" fofa-query: - - app="adminer" && body="4.7.8" + - app="Adminer" && body="4.7.8" - title="login - adminer" + - app="adminer" && body="4.7.8" google-query: intitle:"login - adminer" - hunter-query: app.name="adminer"&&web.body="4.7.8" + hunter-query: + - app.name="Adminer"&&web.body="4.7.8" + - app.name="adminer"&&web.body="4.7.8" tags: cve2021,cve,adminer,ssrf http: diff --git a/http/cves/2021/CVE-2021-21345.yaml b/http/cves/2021/CVE-2021-21345.yaml index a0fbf309c40..c717b51b22d 100644 --- a/http/cves/2021/CVE-2021-21345.yaml +++ b/http/cves/2021/CVE-2021-21345.yaml @@ -3,7 +3,7 @@ id: CVE-2021-21345 info: name: XStream <1.4.16 - Remote Code Execution author: pwnhxl,vicrack - severity: medium + severity: critical description: | XStream before 1.4.16 is susceptible to remote code execution. An attacker who has sufficient rights can execute host commands via manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations. impact: | @@ -16,17 +16,17 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-21345 - https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N - cvss-score: 5.8 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H + cvss-score: 9.9 cve-id: CVE-2021-21345 - cwe-id: CWE-78,CWE-94 - epss-score: 0.86687 - epss-percentile: 0.99369 - cpe: cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* + cwe-id: CWE-78,CWE-502 + epss-score: 0.4876 + epss-percentile: 0.9721 + cpe: cpe:2.3:a:xstream_project:xstream:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: netapp - product: oncommand_insight + vendor: xstream_project + product: xstream tags: cve2021,cve,xstream,deserialization,rce,oast,xstream_project http: diff --git a/http/cves/2021/CVE-2021-21351.yaml b/http/cves/2021/CVE-2021-21351.yaml index 42afb1212c8..a4e2f0b2e80 100644 --- a/http/cves/2021/CVE-2021-21351.yaml +++ b/http/cves/2021/CVE-2021-21351.yaml @@ -3,7 +3,7 @@ id: CVE-2021-21351 info: name: XStream <1.4.16 - Remote Code Execution author: pwnhxl - severity: medium + severity: critical description: | XStream before 1.4.16 is susceptible to remote code execution. An attacker can load and execute arbitrary code from a remote host via manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations. impact: | @@ -16,17 +16,17 @@ info: - http://x-stream.github.io/changes.html#1.4.16 - https://nvd.nist.gov/vuln/detail/CVE-2021-21351 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N - cvss-score: 5.4 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H + cvss-score: 9.1 cve-id: CVE-2021-21351 - cwe-id: CWE-434,NVD-CWE-noinfo - epss-score: 0.91097 - epss-percentile: 0.99612 - cpe: cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* + cwe-id: CWE-434 + epss-score: 0.64386 + epss-percentile: 0.97882 + cpe: cpe:2.3:a:xstream_project:xstream:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: netapp - product: oncommand_insight + vendor: xstream_project + product: xstream tags: cve2021,cve,xstream,deserialization,rce,oast,vulhub,xstream_project http: diff --git a/http/cves/2021/CVE-2021-21389.yaml b/http/cves/2021/CVE-2021-21389.yaml index 3e884b33e1e..7c45c44d711 100644 --- a/http/cves/2021/CVE-2021-21389.yaml +++ b/http/cves/2021/CVE-2021-21389.yaml @@ -15,12 +15,12 @@ info: - https://github.com/buddypress/BuddyPress/security/advisories/GHSA-m6j4-8r7p-wpp3 - https://nvd.nist.gov/vuln/detail/CVE-2021-21389 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N - cvss-score: 8.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 cve-id: CVE-2021-21389 cwe-id: CWE-863 - epss-score: 0.9334 - epss-percentile: 0.99798 + epss-score: 0.83143 + epss-percentile: 0.98426 cpe: cpe:2.3:a:buddypress:buddypress:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-21402.yaml b/http/cves/2021/CVE-2021-21402.yaml index 36fef79bcf8..1d606857669 100644 --- a/http/cves/2021/CVE-2021-21402.yaml +++ b/http/cves/2021/CVE-2021-21402.yaml @@ -29,12 +29,14 @@ info: vendor: jellyfin product: jellyfin shodan-query: + - http.html:"Jellyfin" - http.html:"jellyfin" - http.title:"jellyfin" fofa-query: - - title="jellyfin" || body="http://jellyfin.media" + - title="Jellyfin" || body="http://jellyfin.media" - title="jellyfin" - body="jellyfin" + - title="jellyfin" || body="http://jellyfin.media" google-query: intitle:"jellyfin" tags: cve,cve2021,jellyfin,lfi diff --git a/http/cves/2021/CVE-2021-21745.yaml b/http/cves/2021/CVE-2021-21745.yaml index 81b62483b74..2114953bd8e 100644 --- a/http/cves/2021/CVE-2021-21745.yaml +++ b/http/cves/2021/CVE-2021-21745.yaml @@ -16,14 +16,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-21745 - https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1019764 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N cvss-score: 4.3 cve-id: CVE-2021-21745 cwe-id: CWE-352 - epss-score: 0.40585 - epss-percentile: 0.97172 + epss-score: 0.26168 + epss-percentile: 0.96722 cpe: cpe:2.3:o:zte:mf971r_firmware:v1.0.0b05:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-21799.yaml b/http/cves/2021/CVE-2021-21799.yaml index e9fb91de31c..da30480aec5 100644 --- a/http/cves/2021/CVE-2021-21799.yaml +++ b/http/cves/2021/CVE-2021-21799.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-21799 cwe-id: CWE-79 - epss-score: 0.75981 - epss-percentile: 0.98842 + epss-score: 0.80194 + epss-percentile: 0.98308 cpe: cpe:2.3:a:advantech:r-seenet:2.4.12:*:*:*:*:*:*:* metadata: verified: true @@ -30,12 +30,9 @@ info: vendor: advantech product: r-seenet shodan-query: + - http.html:"R-SeeNet" - http.html:"r-seenet" - - http.title:"r-seenet" - fofa-query: - - body="r-seenet" - - title="r-seenet" - google-query: intitle:"r-seenet" + fofa-query: body="r-seenet" tags: cve2021,cve,xss,r-seenet,advantech http: diff --git a/http/cves/2021/CVE-2021-21800.yaml b/http/cves/2021/CVE-2021-21800.yaml index 2118b7bb800..f3f66420b71 100644 --- a/http/cves/2021/CVE-2021-21800.yaml +++ b/http/cves/2021/CVE-2021-21800.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-21800 cwe-id: CWE-79 - epss-score: 0.72461 - epss-percentile: 0.98667 + epss-score: 0.80194 + epss-percentile: 0.98308 cpe: cpe:2.3:a:advantech:r-seenet:2.4.12:*:*:*:*:*:*:* metadata: verified: true @@ -28,12 +28,9 @@ info: vendor: advantech product: r-seenet shodan-query: + - http.html:"R-SeeNet" - http.html:"r-seenet" - - http.title:"r-seenet" - fofa-query: - - body="r-seenet" - - title="r-seenet" - google-query: intitle:"r-seenet" + fofa-query: body="r-seenet" tags: cve2021,cve,xss,r-seenet,advantech http: diff --git a/http/cves/2021/CVE-2021-21801.yaml b/http/cves/2021/CVE-2021-21801.yaml index 857688b92f3..318557d2ed5 100644 --- a/http/cves/2021/CVE-2021-21801.yaml +++ b/http/cves/2021/CVE-2021-21801.yaml @@ -14,26 +14,20 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-21801 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-21801 cwe-id: CWE-79 - epss-score: 0.85223 - epss-percentile: 0.99297 + epss-score: 0.83144 + epss-percentile: 0.98185 cpe: cpe:2.3:a:advantech:r-seenet:2.4.12:*:*:*:*:*:*:* metadata: max-request: 1 vendor: advantech product: r-seenet - shodan-query: - - http.html:"r-seenet" - - http.title:"r-seenet" - fofa-query: - - body="r-seenet" - - title="r-seenet" - google-query: intitle:"r-seenet" + shodan-query: http.html:"r-seenet" + fofa-query: body="r-seenet" tags: cve2021,cve,rseenet,xss,graph,advantech http: diff --git a/http/cves/2021/CVE-2021-21802.yaml b/http/cves/2021/CVE-2021-21802.yaml index a13bc0b8658..202a99240bc 100644 --- a/http/cves/2021/CVE-2021-21802.yaml +++ b/http/cves/2021/CVE-2021-21802.yaml @@ -14,26 +14,20 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-21801 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-21802 cwe-id: CWE-79 - epss-score: 0.79333 - epss-percentile: 0.9901 + epss-score: 0.80194 + epss-percentile: 0.98308 cpe: cpe:2.3:a:advantech:r-seenet:2.4.12:*:*:*:*:*:*:* metadata: max-request: 1 vendor: advantech product: r-seenet - shodan-query: - - http.html:"r-seenet" - - http.title:"r-seenet" - fofa-query: - - body="r-seenet" - - title="r-seenet" - google-query: intitle:"r-seenet" + shodan-query: http.html:"r-seenet" + fofa-query: body="r-seenet" tags: cve2021,cve,rseenet,xss,advantech http: diff --git a/http/cves/2021/CVE-2021-21803.yaml b/http/cves/2021/CVE-2021-21803.yaml index 42cc28b5dc0..3f35e35eb50 100644 --- a/http/cves/2021/CVE-2021-21803.yaml +++ b/http/cves/2021/CVE-2021-21803.yaml @@ -26,13 +26,8 @@ info: max-request: 1 vendor: advantech product: r-seenet - shodan-query: - - http.html:"r-seenet" - - http.title:"r-seenet" - fofa-query: - - body="r-seenet" - - title="r-seenet" - google-query: intitle:"r-seenet" + shodan-query: http.html:"r-seenet" + fofa-query: body="r-seenet" tags: cve2021,cve,rseenet,xss,advantech http: diff --git a/http/cves/2021/CVE-2021-21805.yaml b/http/cves/2021/CVE-2021-21805.yaml index ce6726bb4b6..c78df922937 100644 --- a/http/cves/2021/CVE-2021-21805.yaml +++ b/http/cves/2021/CVE-2021-21805.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-21805 cwe-id: CWE-78 - epss-score: 0.92742 - epss-percentile: 0.9974 + epss-score: 0.97374 + epss-percentile: 0.99895 cpe: cpe:2.3:a:advantech:r-seenet:2.4.12:*:*:*:*:*:*:* metadata: verified: true @@ -30,12 +30,9 @@ info: vendor: advantech product: r-seenet shodan-query: + - http.html:"R-SeeNet" - http.html:"r-seenet" - - http.title:"r-seenet" - fofa-query: - - body="r-seenet" - - title="r-seenet" - google-query: intitle:"r-seenet" + fofa-query: body="r-seenet" tags: cve2021,cve,rce,r-seenet,advantech http: diff --git a/http/cves/2021/CVE-2021-21816.yaml b/http/cves/2021/CVE-2021-21816.yaml index db19e7ad5ea..4ba25317ac2 100644 --- a/http/cves/2021/CVE-2021-21816.yaml +++ b/http/cves/2021/CVE-2021-21816.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-21816 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N cvss-score: 4.3 cve-id: CVE-2021-21816 cwe-id: CWE-200 - epss-score: 0.79551 - epss-percentile: 0.99021 + epss-score: 0.00229 + epss-percentile: 0.60334 cpe: cpe:2.3:o:dlink:dir-3040_firmware:1.13b03:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-21881.yaml b/http/cves/2021/CVE-2021-21881.yaml index 314b9090768..018d46b886e 100644 --- a/http/cves/2021/CVE-2021-21881.yaml +++ b/http/cves/2021/CVE-2021-21881.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-21881 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H cvss-score: 9.9 cve-id: CVE-2021-21881 cwe-id: CWE-78 - epss-score: 0.9271 - epss-percentile: 0.99735 + epss-score: 0.97001 + epss-percentile: 0.99723 cpe: cpe:2.3:o:lantronix:premierwave_2050_firmware:8.9.0.0:r4:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2021/CVE-2021-21972.yaml b/http/cves/2021/CVE-2021-21972.yaml index 21dbfd2bda8..ba67d6193c2 100644 --- a/http/cves/2021/CVE-2021-21972.yaml +++ b/http/cves/2021/CVE-2021-21972.yaml @@ -20,16 +20,13 @@ info: cvss-score: 9.8 cve-id: CVE-2021-21972 cwe-id: CWE-22 - epss-score: 0.93738 - epss-percentile: 0.99842 + epss-score: 0.97299 + epss-percentile: 0.99858 cpe: cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: vmware product: cloud_foundation - shodan-query: http.title:"vmware cloud" - fofa-query: title="vmware cloud" - google-query: intitle:"vmware cloud" tags: cve2021,cve,vmware,rce,vcenter,kev,packetstorm http: diff --git a/http/cves/2021/CVE-2021-21973.yaml b/http/cves/2021/CVE-2021-21973.yaml index eef1ad2bc86..d436b58f2a8 100644 --- a/http/cves/2021/CVE-2021-21973.yaml +++ b/http/cves/2021/CVE-2021-21973.yaml @@ -27,9 +27,6 @@ info: max-request: 1 vendor: vmware product: cloud_foundation - shodan-query: http.title:"vmware cloud" - fofa-query: title="vmware cloud" - google-query: intitle:"vmware cloud" tags: cve2021,cve,vmware,ssrf,vcenter,oast,kev http: diff --git a/http/cves/2021/CVE-2021-21975.yaml b/http/cves/2021/CVE-2021-21975.yaml index e7693eec30e..d4a058c45e1 100644 --- a/http/cves/2021/CVE-2021-21975.yaml +++ b/http/cves/2021/CVE-2021-21975.yaml @@ -25,9 +25,6 @@ info: max-request: 1 vendor: vmware product: cloud_foundation - shodan-query: http.title:"vmware cloud" - fofa-query: title="vmware cloud" - google-query: intitle:"vmware cloud" tags: cve2021,cve,kev,packetstorm,ssrf,vmware,vrealize http: diff --git a/http/cves/2021/CVE-2021-21978.yaml b/http/cves/2021/CVE-2021-21978.yaml index 338648c7755..2af6bfbb4c0 100644 --- a/http/cves/2021/CVE-2021-21978.yaml +++ b/http/cves/2021/CVE-2021-21978.yaml @@ -23,8 +23,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-21978 cwe-id: CWE-20 - epss-score: 0.9339 - epss-percentile: 0.99801 + epss-score: 0.97475 + epss-percentile: 0.99967 cpe: cpe:2.3:a:vmware:view_planner:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-21985.yaml b/http/cves/2021/CVE-2021-21985.yaml index 5a3af38165a..ba1835d521f 100644 --- a/http/cves/2021/CVE-2021-21985.yaml +++ b/http/cves/2021/CVE-2021-21985.yaml @@ -28,9 +28,6 @@ info: max-request: 1 vendor: vmware product: vcenter_server - shodan-query: http.title:"vmware vcenter" - fofa-query: title="vmware vcenter" - google-query: intitle:"vmware vcenter" tags: cve2021,cve,packetstorm,rce,vsphere,vmware,kev http: diff --git a/http/cves/2021/CVE-2021-22005.yaml b/http/cves/2021/CVE-2021-22005.yaml index 451481da4a0..2c2cfb848d5 100644 --- a/http/cves/2021/CVE-2021-22005.yaml +++ b/http/cves/2021/CVE-2021-22005.yaml @@ -20,16 +20,13 @@ info: cvss-score: 9.8 cve-id: CVE-2021-22005 cwe-id: CWE-22 - epss-score: 0.94455 - epss-percentile: 0.99991 + epss-score: 0.97396 + epss-percentile: 0.99916 cpe: cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: vmware product: cloud_foundation - shodan-query: http.title:"vmware cloud" - fofa-query: title="vmware cloud" - google-query: intitle:"vmware cloud" tags: cve2021,cve,vmware,vcenter,fileupload,kev,intrusive http: diff --git a/http/cves/2021/CVE-2021-22054.yaml b/http/cves/2021/CVE-2021-22054.yaml index 7238182098c..246a622809b 100644 --- a/http/cves/2021/CVE-2021-22054.yaml +++ b/http/cves/2021/CVE-2021-22054.yaml @@ -20,14 +20,16 @@ info: cvss-score: 7.5 cve-id: CVE-2021-22054 cwe-id: CWE-918 - epss-score: 0.89114 - epss-percentile: 0.99493 + epss-score: 0.7582 + epss-percentile: 0.98174 cpe: cpe:2.3:a:vmware:workspace_one_uem_console:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: vmware product: workspace_one_uem_console - fofa-query: banner="/airwatch/default.aspx" || header="/airwatch/default.aspx" + fofa-query: + - banner="/AirWatch/default.aspx" || header="/AirWatch/default.aspx" + - banner="/airwatch/default.aspx" || header="/airwatch/default.aspx" tags: cve2021,cve,vmware,workspace,ssrf http: diff --git a/http/cves/2021/CVE-2021-22205.yaml b/http/cves/2021/CVE-2021-22205.yaml index 7aa1dfda232..09b939a7881 100644 --- a/http/cves/2021/CVE-2021-22205.yaml +++ b/http/cves/2021/CVE-2021-22205.yaml @@ -22,22 +22,18 @@ info: cvss-score: 10 cve-id: CVE-2021-22205 cwe-id: CWE-94 - epss-score: 0.94479 - epss-percentile: 0.99997 + epss-score: 0.97463 + epss-percentile: 0.99959 cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* metadata: max-request: 1 vendor: gitlab product: gitlab shodan-query: - - http.title:"gitlab" + - http.title:"GitLab" - cpe:"cpe:2.3:a:gitlab:gitlab" - - http.html:"gitlab enterprise edition" - - http.html:"gitlab-ci.yml" - fofa-query: - - title="gitlab" - - body="gitlab enterprise edition" - - body="gitlab-ci.yml" + - http.title:"gitlab" + fofa-query: title="gitlab" google-query: intitle:"gitlab" tags: cve2021,cve,kev,hackerone,gitlab,rce diff --git a/http/cves/2021/CVE-2021-22214.yaml b/http/cves/2021/CVE-2021-22214.yaml index c8bfc1f1122..25eb34a5dee 100644 --- a/http/cves/2021/CVE-2021-22214.yaml +++ b/http/cves/2021/CVE-2021-22214.yaml @@ -3,7 +3,7 @@ id: CVE-2021-22214 info: name: Gitlab CE/EE 10.5 - Server-Side Request Forgery author: Suman_Kar,GitLab Red Team - severity: medium + severity: high description: | GitLab CE/EE versions starting from 10.5 are susceptible to a server-side request forgery vulnerability when requests to the internal network for webhooks are enabled, even on a GitLab instance where registration is limited. The same vulnerability actually spans multiple CVEs, due to similar reports that were fixed across separate patches. These CVEs are: - CVE-2021-39935 @@ -20,26 +20,22 @@ info: - https://vin01.github.io/piptagole/gitlab/ssrf/security/2021/06/15/gitlab-ssrf.html - https://docs.gitlab.com/ee/api/lint.html classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 6.8 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 8.6 cve-id: CVE-2021-22214 cwe-id: CWE-918 - epss-score: 0.93001 - epss-percentile: 0.99763 + epss-score: 0.09317 + epss-percentile: 0.94683 cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: gitlab product: gitlab shodan-query: - - http.title:"gitlab" + - http.title:"GitLab" - cpe:"cpe:2.3:a:gitlab:gitlab" - - http.html:"gitlab enterprise edition" - - http.html:"gitlab-ci.yml" - fofa-query: - - title="gitlab" - - body="gitlab enterprise edition" - - body="gitlab-ci.yml" + - http.title:"gitlab" + fofa-query: title="gitlab" google-query: intitle:"gitlab" tags: cve2021,cve,gitlab,ssrf diff --git a/http/cves/2021/CVE-2021-22502.yaml b/http/cves/2021/CVE-2021-22502.yaml index 41358db2e93..6ad116e7b2d 100644 --- a/http/cves/2021/CVE-2021-22502.yaml +++ b/http/cves/2021/CVE-2021-22502.yaml @@ -19,8 +19,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-22502 cwe-id: CWE-78 - epss-score: 0.93981 - epss-percentile: 0.99873 + epss-score: 0.96085 + epss-percentile: 0.99492 cpe: cpe:2.3:a:microfocus:operation_bridge_reporter:10.40:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-22707.yaml b/http/cves/2021/CVE-2021-22707.yaml index 053f4cd56c0..829fabbdad9 100644 --- a/http/cves/2021/CVE-2021-22707.yaml +++ b/http/cves/2021/CVE-2021-22707.yaml @@ -25,8 +25,12 @@ info: max-request: 1 vendor: schneider-electric product: evlink_city_evc1s22p4_firmware - shodan-query: http.title:"evse web interface" - fofa-query: title="evse web interface" + shodan-query: + - title:"EVSE web interface" + - http.title:"evse web interface" + fofa-query: + - title="EVSE web interface" + - title="evse web interface" google-query: intitle:"evse web interface" tags: cve2021,cve,evlink,auth-bypass,schneider-electric diff --git a/http/cves/2021/CVE-2021-22873.yaml b/http/cves/2021/CVE-2021-22873.yaml index b45528fda2f..a590101b052 100644 --- a/http/cves/2021/CVE-2021-22873.yaml +++ b/http/cves/2021/CVE-2021-22873.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-22873 cwe-id: CWE-601 - epss-score: 0.66609 - epss-percentile: 0.98415 + epss-score: 0.00922 + epss-percentile: 0.82899 cpe: cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:* metadata: verified: true @@ -29,12 +29,11 @@ info: vendor: revive-adserver product: revive_adserver shodan-query: - - http.favicon.hash:"106844876" + - http.favicon.hash:106844876 - http.title:"revive adserver" fofa-query: - icon_hash=106844876 - title="revive adserver" - - icon_hash="106844876" google-query: intitle:"revive adserver" tags: cve2021,cve,hackerone,seclists,packetstorm,redirect,revive,revive-adserver diff --git a/http/cves/2021/CVE-2021-22911.yaml b/http/cves/2021/CVE-2021-22911.yaml index 7d4bf36c3ae..2e30c9e7eea 100644 --- a/http/cves/2021/CVE-2021-22911.yaml +++ b/http/cves/2021/CVE-2021-22911.yaml @@ -29,7 +29,9 @@ info: max-request: 1 vendor: rocket.chat product: rocket.chat - shodan-query: http.title:"rocket.chat" + shodan-query: + - http.title:"Rocket.Chat" + - http.title:"rocket.chat" fofa-query: title="rocket.chat" google-query: intitle:"rocket.chat" tags: cve2021,cve,rocketchat,nosqli,packetstorm,vulhub,hackerone,rocket.chat,sqli diff --git a/http/cves/2021/CVE-2021-22986.yaml b/http/cves/2021/CVE-2021-22986.yaml index 97ceef05b55..22e2536489e 100644 --- a/http/cves/2021/CVE-2021-22986.yaml +++ b/http/cves/2021/CVE-2021-22986.yaml @@ -20,19 +20,15 @@ info: cvss-score: 9.8 cve-id: CVE-2021-22986 cwe-id: CWE-918 - epss-score: 0.94485 - epss-percentile: 0.99998 + epss-score: 0.97449 + epss-percentile: 0.99948 cpe: cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: f5 product: big-ip_access_policy_manager - shodan-query: - - http.title:"big-ip®-+redirect" +"server" - - http.html:"big-ip apm" - fofa-query: - - title="big-ip®-+redirect" +"server" - - body="big-ip apm" + shodan-query: http.title:"big-ip®-+redirect" +"server" + fofa-query: title="big-ip®-+redirect" +"server" google-query: intitle:"big-ip®-+redirect" +"server" tags: cve,cve2021,bigip,rce,kev,packetstorm,f5 diff --git a/http/cves/2021/CVE-2021-24145.yaml b/http/cves/2021/CVE-2021-24145.yaml index b69d02b6950..061e47251b8 100644 --- a/http/cves/2021/CVE-2021-24145.yaml +++ b/http/cves/2021/CVE-2021-24145.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.2 cve-id: CVE-2021-24145 cwe-id: CWE-434 - epss-score: 0.91047 - epss-percentile: 0.99607 + epss-score: 0.96351 + epss-percentile: 0.99553 cpe: cpe:2.3:a:webnus:modern_events_calendar_lite:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-24165.yaml b/http/cves/2021/CVE-2021-24165.yaml index c90454325d8..82220999181 100644 --- a/http/cves/2021/CVE-2021-24165.yaml +++ b/http/cves/2021/CVE-2021-24165.yaml @@ -29,13 +29,8 @@ info: vendor: ninjaforms product: ninja_forms framework: wordpress - shodan-query: - - http.html:"/wp-content/plugins/ninja-forms/" - - http.html:"/wp-content/plugins/ninja-forms" - fofa-query: - - body=/wp-content/plugins/ninja-forms/ - - body="/wp-content/plugins/ninja-forms" - - body="/wp-content/plugins/ninja-forms/" + shodan-query: http.html:/wp-content/plugins/ninja-forms/ + fofa-query: body=/wp-content/plugins/ninja-forms/ publicwww-query: /wp-content/plugins/ninja-forms/ tags: cve2021,cve,wordpress,redirect,wp-plugin,authenticated,wp,wpscan,ninjaforms diff --git a/http/cves/2021/CVE-2021-24169.yaml b/http/cves/2021/CVE-2021-24169.yaml index 50d1fd4740a..bf9645bec5e 100644 --- a/http/cves/2021/CVE-2021-24169.yaml +++ b/http/cves/2021/CVE-2021-24169.yaml @@ -20,14 +20,14 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24169 cwe-id: CWE-79 - epss-score: 0.03829 - epss-percentile: 0.8758 - cpe: cpe:2.3:a:algolplus:advanced_order_export_for_woocommerce:*:*:*:*:*:wordpress:*:* + epss-score: 0.0021 + epss-percentile: 0.5893 + cpe: cpe:2.3:a:algolplus:advanced_order_export:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 2 vendor: algolplus - product: advanced_order_export_for_woocommerce + product: advanced_order_export framework: wordpress tags: cve2021,cve,wordpress,authenticated,wpscan,xss,wp-plugin,wp,woo-order-export-lite,edb,algolplus diff --git a/http/cves/2021/CVE-2021-24176.yaml b/http/cves/2021/CVE-2021-24176.yaml index afd2a9cac42..7ea8676e9ea 100644 --- a/http/cves/2021/CVE-2021-24176.yaml +++ b/http/cves/2021/CVE-2021-24176.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5.4 cve-id: CVE-2021-24176 cwe-id: CWE-79 - epss-score: 0.21335 - epss-percentile: 0.9535 + epss-score: 0.00186 + epss-percentile: 0.55717 cpe: cpe:2.3:a:jh_404_logger_project:jh_404_logger:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-24214.yaml b/http/cves/2021/CVE-2021-24214.yaml index 30054456b52..7f54b473a10 100644 --- a/http/cves/2021/CVE-2021-24214.yaml +++ b/http/cves/2021/CVE-2021-24214.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24214 cwe-id: CWE-79 - epss-score: 0.04044 - epss-percentile: 0.87928 + epss-score: 0.00337 + epss-percentile: 0.71271 cpe: cpe:2.3:a:daggerhartlab:openid_connect_generic_client:3.8.0:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-24215.yaml b/http/cves/2021/CVE-2021-24215.yaml index ff689f3c3eb..995ca0b43f8 100644 --- a/http/cves/2021/CVE-2021-24215.yaml +++ b/http/cves/2021/CVE-2021-24215.yaml @@ -17,9 +17,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-24215 - cwe-id: CWE-284,CWE-425 - epss-score: 0.37383 - epss-percentile: 0.96971 + cwe-id: CWE-425,CWE-284 + epss-score: 0.30288 + epss-percentile: 0.96943 cpe: cpe:2.3:a:wpruby:controlled_admin_access:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -27,7 +27,7 @@ info: vendor: wpruby product: controlled_admin_access framework: wordpress - shodan-query: http.html:"/wp-content/plugins/controlled-admin-access/" + shodan-query: http.html:/wp-content/plugins/controlled-admin-access/ fofa-query: body=/wp-content/plugins/controlled-admin-access/ publicwww-query: /wp-content/plugins/controlled-admin-access/ tags: cve2021,cve,authenticated,wpscan,wordpress,wp-plugin,wp,controlled-admin-access,wpruby diff --git a/http/cves/2021/CVE-2021-24226.yaml b/http/cves/2021/CVE-2021-24226.yaml index f829b3a2734..8f627ecbe17 100644 --- a/http/cves/2021/CVE-2021-24226.yaml +++ b/http/cves/2021/CVE-2021-24226.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-24226 - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/ARPSyndicate/cvemon - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-24226 cwe-id: CWE-200 - epss-score: 0.25403 - epss-percentile: 0.95904 + epss-score: 0.03058 + epss-percentile: 0.90986 cpe: cpe:2.3:a:accessally:accessally:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-24227.yaml b/http/cves/2021/CVE-2021-24227.yaml index 756eb8485f7..7e12b18a08e 100644 --- a/http/cves/2021/CVE-2021-24227.yaml +++ b/http/cves/2021/CVE-2021-24227.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-24227 cwe-id: CWE-200 - epss-score: 0.33001 - epss-percentile: 0.96649 + epss-score: 0.02607 + epss-percentile: 0.90292 cpe: cpe:2.3:a:patreon:patreon_wordpress:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-24235.yaml b/http/cves/2021/CVE-2021-24235.yaml index 9a12c4eaa4a..1ade4e7cb2a 100644 --- a/http/cves/2021/CVE-2021-24235.yaml +++ b/http/cves/2021/CVE-2021-24235.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24235 cwe-id: CWE-79 - epss-score: 0.26734 - epss-percentile: 0.96056 + epss-score: 0.00119 + epss-percentile: 0.46103 cpe: cpe:2.3:a:boostifythemes:goto:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-24237.yaml b/http/cves/2021/CVE-2021-24237.yaml index 2adf0bc7062..fbc3d8631b0 100644 --- a/http/cves/2021/CVE-2021-24237.yaml +++ b/http/cves/2021/CVE-2021-24237.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24237 cwe-id: CWE-79 - epss-score: 0.63261 - epss-percentile: 0.98264 + epss-score: 0.00265 + epss-percentile: 0.66138 cpe: cpe:2.3:a:purethemes:findeo:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-24274.yaml b/http/cves/2021/CVE-2021-24274.yaml index be0038c0c6b..e1947fc8dec 100644 --- a/http/cves/2021/CVE-2021-24274.yaml +++ b/http/cves/2021/CVE-2021-24274.yaml @@ -24,11 +24,12 @@ info: epss-percentile: 0.56972 cpe: cpe:2.3:a:supsystic:ultimate_maps:*:*:*:*:*:wordpress:*:* metadata: - max-request: 2 + max-request: 1 vendor: supsystic - product: "ultimate_maps" + product: ultimate_maps framework: wordpress tags: cve2021,cve,wpscan,packetstorm,wordpress,wp-plugin,maps,supsystic,xss + flow: http(1) && http(2) http: diff --git a/http/cves/2021/CVE-2021-24275.yaml b/http/cves/2021/CVE-2021-24275.yaml index 388e3c136d9..3530342f702 100644 --- a/http/cves/2021/CVE-2021-24275.yaml +++ b/http/cves/2021/CVE-2021-24275.yaml @@ -28,7 +28,7 @@ info: vendor: supsystic product: popup framework: wordpress - shodan-query: http.html:"/wp-content/plugins/popup-by-supsystic" + shodan-query: http.html:/wp-content/plugins/popup-by-supsystic fofa-query: body=/wp-content/plugins/popup-by-supsystic publicwww-query: /wp-content/plugins/popup-by-supsystic tags: cve2021,cve,wpscan,packetstorm,wordpress,wp-plugin,supsystic diff --git a/http/cves/2021/CVE-2021-24276.yaml b/http/cves/2021/CVE-2021-24276.yaml index a37279929c3..3a8d93d0d79 100644 --- a/http/cves/2021/CVE-2021-24276.yaml +++ b/http/cves/2021/CVE-2021-24276.yaml @@ -20,15 +20,15 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24276 cwe-id: CWE-79 - epss-score: 0.08366 - epss-percentile: 0.91825 + epss-score: 0.00231 + epss-percentile: 0.61154 cpe: cpe:2.3:a:supsystic:contact_form:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 vendor: supsystic product: contact_form framework: wordpress - shodan-query: http.html:"/wp-content/plugins/contact-form-plugin/" + shodan-query: http.html:/wp-content/plugins/contact-form-plugin/ fofa-query: body=/wp-content/plugins/contact-form-plugin/ publicwww-query: /wp-content/plugins/contact-form-plugin/ tags: cve2021,cve,wordpress,wp-plugin,wpscan,packetstorm,supsystic diff --git a/http/cves/2021/CVE-2021-24278.yaml b/http/cves/2021/CVE-2021-24278.yaml index 0e712ce8ce1..dc5b8bd4a7b 100644 --- a/http/cves/2021/CVE-2021-24278.yaml +++ b/http/cves/2021/CVE-2021-24278.yaml @@ -28,8 +28,6 @@ info: vendor: querysol product: redirection_for_contact_form_7 framework: wordpress - fofa-query: body="/wp-content/plugins/wpcf7-redirect" - shodan-query: http.html:"/wp-content/plugins/wpcf7-redirect" tags: cve2021,cve,wordpress,wp-plugin,wpscan,querysol http: diff --git a/http/cves/2021/CVE-2021-24285.yaml b/http/cves/2021/CVE-2021-24285.yaml index 9a2abc86d59..e8b179518a1 100644 --- a/http/cves/2021/CVE-2021-24285.yaml +++ b/http/cves/2021/CVE-2021-24285.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-24285 cwe-id: CWE-89 - epss-score: 0.85674 - epss-percentile: 0.99319 + epss-score: 0.11694 + epss-percentile: 0.95278 cpe: cpe:2.3:a:cars-seller-auto-classifieds-script_project:cars-seller-auto-classifieds-script:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-24286.yaml b/http/cves/2021/CVE-2021-24286.yaml index d11fba50177..893c97c29ff 100644 --- a/http/cves/2021/CVE-2021-24286.yaml +++ b/http/cves/2021/CVE-2021-24286.yaml @@ -18,8 +18,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24286 cwe-id: CWE-79 - epss-score: 0.34428 - epss-percentile: 0.96765 + epss-score: 0.00231 + epss-percentile: 0.61154 cpe: cpe:2.3:a:mooveagency:redirect_404_to_parent:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-24291.yaml b/http/cves/2021/CVE-2021-24291.yaml index b602d227c8b..4cc2ce98337 100644 --- a/http/cves/2021/CVE-2021-24291.yaml +++ b/http/cves/2021/CVE-2021-24291.yaml @@ -27,7 +27,7 @@ info: vendor: 10web product: photo_gallery framework: wordpress - shodan-query: http.html:"/wp-content/plugins/photo-gallery" + shodan-query: http.html:/wp-content/plugins/photo-gallery fofa-query: body=/wp-content/plugins/photo-gallery publicwww-query: /wp-content/plugins/photo-gallery tags: cve2021,cve,photo,wpscan,packetstorm,xss,wordpress,wp-plugin,10web diff --git a/http/cves/2021/CVE-2021-24298.yaml b/http/cves/2021/CVE-2021-24298.yaml index 5d3d9684693..9409512a7d6 100644 --- a/http/cves/2021/CVE-2021-24298.yaml +++ b/http/cves/2021/CVE-2021-24298.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24298 cwe-id: CWE-79 - epss-score: 0.13939 - epss-percentile: 0.9394 + epss-score: 0.00123 + epss-percentile: 0.45761 cpe: cpe:2.3:a:ibenic:simple_giveaways:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2021/CVE-2021-24320.yaml b/http/cves/2021/CVE-2021-24320.yaml index 74d4e90e39c..c7e79143604 100644 --- a/http/cves/2021/CVE-2021-24320.yaml +++ b/http/cves/2021/CVE-2021-24320.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24320 cwe-id: CWE-79 - epss-score: 0.50348 - epss-percentile: 0.97669 + epss-score: 0.00123 + epss-percentile: 0.46682 cpe: cpe:2.3:a:bold-themes:bello:*:*:*:*:*:wordpress:*:* metadata: max-request: 3 diff --git a/http/cves/2021/CVE-2021-24340.yaml b/http/cves/2021/CVE-2021-24340.yaml index d73716de1c6..a4b2836a2f8 100644 --- a/http/cves/2021/CVE-2021-24340.yaml +++ b/http/cves/2021/CVE-2021-24340.yaml @@ -18,15 +18,15 @@ info: cvss-score: 7.5 cve-id: CVE-2021-24340 cwe-id: CWE-89 - epss-score: 0.83207 - epss-percentile: 0.99197 + epss-score: 0.01606 + epss-percentile: 0.8741 cpe: cpe:2.3:a:veronalabs:wp_statistics:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 vendor: veronalabs product: wp_statistics framework: wordpress - shodan-query: http.html:"/wp-content/plugins/wp-statistics/" + shodan-query: http.html:/wp-content/plugins/wp-statistics/ fofa-query: body=/wp-content/plugins/wp-statistics/ publicwww-query: /wp-content/plugins/wp-statistics/ google-query: inurl:/wp-content/plugins/wp-statistics diff --git a/http/cves/2021/CVE-2021-24364.yaml b/http/cves/2021/CVE-2021-24364.yaml index 0ac60d9c0b0..d2f88ce3baa 100644 --- a/http/cves/2021/CVE-2021-24364.yaml +++ b/http/cves/2021/CVE-2021-24364.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24364 cwe-id: CWE-79 - epss-score: 0.02314 - epss-percentile: 0.83967 + epss-score: 0.00113 + epss-percentile: 0.43845 cpe: cpe:2.3:a:tielabs:jannah:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2021/CVE-2021-24370.yaml b/http/cves/2021/CVE-2021-24370.yaml index f8ede0d7b2f..dd5e517cd2b 100644 --- a/http/cves/2021/CVE-2021-24370.yaml +++ b/http/cves/2021/CVE-2021-24370.yaml @@ -21,17 +21,15 @@ info: cvss-score: 9.8 cve-id: CVE-2021-24370 cwe-id: CWE-434 - epss-score: 0.8345 - epss-percentile: 0.99208 + epss-score: 0.11015 + epss-percentile: 0.95013 cpe: cpe:2.3:a:radykal:fancy_product_designer:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 vendor: radykal product: fancy_product_designer framework: wordpress - google-query: - - inurl:“/wp-content/plugins/fancy-product-designer” - - inurl:"/wp-content/plugins/fancy-product-designer" + google-query: inurl:“/wp-content/plugins/fancy-product-designer” tags: cve2021,cve,wordpress,wp,seclists,wpscan,rce,wp-plugin,fancyproduct,radykal http: diff --git a/http/cves/2021/CVE-2021-24387.yaml b/http/cves/2021/CVE-2021-24387.yaml index 4a8d43556cc..768c06060f5 100644 --- a/http/cves/2021/CVE-2021-24387.yaml +++ b/http/cves/2021/CVE-2021-24387.yaml @@ -29,9 +29,6 @@ info: vendor: contempothemes product: real_estate_7 framework: wordpress - publicwww-query: /wp-content/themes/realestate-7/ - shodan-query: http.html:"/wp-content/themes/realestate-7/" - fofa-query: body=/wp-content/themes/realestate-7/ tags: cve,cve2021,xss,wordpress,wpscan,contempothemes http: diff --git a/http/cves/2021/CVE-2021-24389.yaml b/http/cves/2021/CVE-2021-24389.yaml index d81b3007a28..ee1179ca4da 100644 --- a/http/cves/2021/CVE-2021-24389.yaml +++ b/http/cves/2021/CVE-2021-24389.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-24389 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-24389 cwe-id: CWE-79 - epss-score: 0.13968 - epss-percentile: 0.93946 + epss-score: 0.00168 + epss-percentile: 0.526 cpe: cpe:2.3:a:chimpgroup:foodbakery:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-24406.yaml b/http/cves/2021/CVE-2021-24406.yaml index 653c29ff2f0..0d72140f40d 100644 --- a/http/cves/2021/CVE-2021-24406.yaml +++ b/http/cves/2021/CVE-2021-24406.yaml @@ -14,23 +14,19 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-24406 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-24406 cwe-id: CWE-601 - epss-score: 0.08523 - epss-percentile: 0.91906 + epss-score: 0.00137 + epss-percentile: 0.48279 cpe: cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 vendor: gvectors product: wpforo_forum framework: wordpress - publicwww-query: /wp-content/plugins/wpforo/ - shodan-query: http.html:"/wp-content/plugins/wpforo/" - fofa-query: body=/wp-content/plugins/wpforo/ tags: cve2021,cve,wpscan,wordpress,redirect,gvectors http: diff --git a/http/cves/2021/CVE-2021-24407.yaml b/http/cves/2021/CVE-2021-24407.yaml index 1ecc3c9294e..6b7c76d9ddf 100644 --- a/http/cves/2021/CVE-2021-24407.yaml +++ b/http/cves/2021/CVE-2021-24407.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-24407 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-24407 cwe-id: CWE-79 - epss-score: 0.26081 - epss-percentile: 0.95976 + epss-score: 0.00207 + epss-percentile: 0.58055 cpe: cpe:2.3:a:tielabs:jannah:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2021/CVE-2021-24409.yaml b/http/cves/2021/CVE-2021-24409.yaml index fa4bd1a8b4a..5a558f04b47 100644 --- a/http/cves/2021/CVE-2021-24409.yaml +++ b/http/cves/2021/CVE-2021-24409.yaml @@ -12,14 +12,13 @@ info: reference: - https://wpscan.com/vulnerability/ae3cd3ed-aecd-4d8c-8a2b-2936aaaef0cf - https://nvd.nist.gov/vuln/detail/CVE-2021-24409 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-24409 cwe-id: CWE-79 - epss-score: 0.13254 - epss-percentile: 0.93761 + epss-score: 0.00171 + epss-percentile: 0.54048 cpe: cpe:2.3:a:plugin-planet:prismatic:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -27,7 +26,7 @@ info: vendor: plugin-planet product: prismatic framework: wordpress - shodan-query: http.html:"/wp-content/plugins/prismatic" + shodan-query: http.html:/wp-content/plugins/prismatic fofa-query: body=/wp-content/plugins/prismatic publicwww-query: "/wp-content/plugins/prismatic" tags: cve2021,cve,wpscan,wordpress,wp,wp-plugin,xss,prismatic,authenticated,plugin-planet diff --git a/http/cves/2021/CVE-2021-24435.yaml b/http/cves/2021/CVE-2021-24435.yaml index a2b057cce2c..2f6c35b56dd 100644 --- a/http/cves/2021/CVE-2021-24435.yaml +++ b/http/cves/2021/CVE-2021-24435.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24435 cwe-id: CWE-79 - epss-score: 0.13254 - epss-percentile: 0.93761 + epss-score: 0.00172 + epss-percentile: 0.54295 cpe: cpe:2.3:a:gambit:titan_framework:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-24436.yaml b/http/cves/2021/CVE-2021-24436.yaml index a7ec34e340e..775d577b115 100644 --- a/http/cves/2021/CVE-2021-24436.yaml +++ b/http/cves/2021/CVE-2021-24436.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24436 cwe-id: CWE-79 - epss-score: 0.05838 - epss-percentile: 0.90056 + epss-score: 0.001 + epss-percentile: 0.4009 cpe: cpe:2.3:a:boldgrid:w3_total_cache:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-24442.yaml b/http/cves/2021/CVE-2021-24442.yaml index 68cb00121e4..1779c8bab87 100644 --- a/http/cves/2021/CVE-2021-24442.yaml +++ b/http/cves/2021/CVE-2021-24442.yaml @@ -25,7 +25,7 @@ info: vendor: wpdevart product: poll\,_survey\,_questionnaire_and_voting_system framework: wordpress - shodan-query: http.html:"/wp-content/plugins/polls-widget/" + shodan-query: http.html:/wp-content/plugins/polls-widget/ fofa-query: body=/wp-content/plugins/polls-widget/ publicwww-query: "/wp-content/plugins/polls-widget/" tags: time-based-sqli,wpscan,cve,cve2021,wp,wp-plugin,wordpress,polls-widget,sqli,wpdevart diff --git a/http/cves/2021/CVE-2021-24452.yaml b/http/cves/2021/CVE-2021-24452.yaml index 79edbea3d21..cefba30afde 100644 --- a/http/cves/2021/CVE-2021-24452.yaml +++ b/http/cves/2021/CVE-2021-24452.yaml @@ -13,15 +13,13 @@ info: - https://wpscan.com/vulnerability/3e855e09-056f-45b5-89a9-d644b7d8c9d0 - https://wordpress.org/plugins/w3-total-cache/ - https://nvd.nist.gov/vuln/detail/CVE-2021-24452 - - https://github.com/20142995/nuclei-templates - - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-24452 cwe-id: CWE-79 - epss-score: 0.09627 - epss-percentile: 0.92459 + epss-score: 0.001 + epss-percentile: 0.4078 cpe: cpe:2.3:a:boldgrid:w3_total_cache:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-24472.yaml b/http/cves/2021/CVE-2021-24472.yaml index 07e83783288..cb761b724c1 100644 --- a/http/cves/2021/CVE-2021-24472.yaml +++ b/http/cves/2021/CVE-2021-24472.yaml @@ -15,14 +15,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-24472 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-24472 cwe-id: CWE-918 - epss-score: 0.8982 - epss-percentile: 0.99534 + epss-score: 0.03231 + epss-percentile: 0.91221 cpe: cpe:2.3:a:qantumthemes:kentharadio:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -30,7 +29,7 @@ info: vendor: qantumthemes product: kentharadio framework: wordpress - shodan-query: http.html:"/wp-content/plugins/qt-kentharadio" + shodan-query: http.html:/wp-content/plugins/qt-kentharadio fofa-query: body=/wp-content/plugins/qt-kentharadio publicwww-query: "/wp-content/plugins/qt-kentharadio" tags: cve2021,cve,wordpress,lfi,ssrf,wp,wp-plugin,wpscan,qantumthemes diff --git a/http/cves/2021/CVE-2021-24498.yaml b/http/cves/2021/CVE-2021-24498.yaml index acab8412467..aa0ca46b88c 100644 --- a/http/cves/2021/CVE-2021-24498.yaml +++ b/http/cves/2021/CVE-2021-24498.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-24498 - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/ARPSyndicate/cvemon - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-24498 cwe-id: CWE-79 - epss-score: 0.25938 - epss-percentile: 0.95961 + epss-score: 0.00171 + epss-percentile: 0.54048 cpe: cpe:2.3:a:dwbooster:calendar_event_multi_view:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-24554.yaml b/http/cves/2021/CVE-2021-24554.yaml index 3ac18ce0eb1..50993e951cf 100644 --- a/http/cves/2021/CVE-2021-24554.yaml +++ b/http/cves/2021/CVE-2021-24554.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.2 cve-id: CVE-2021-24554 cwe-id: CWE-89 - epss-score: 0.20841 - epss-percentile: 0.95275 + epss-score: 0.3323 + epss-percentile: 0.97049 cpe: cpe:2.3:a:freelancetoindia:paytm-pay:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-24627.yaml b/http/cves/2021/CVE-2021-24627.yaml index 7676bc02a78..702665c30df 100644 --- a/http/cves/2021/CVE-2021-24627.yaml +++ b/http/cves/2021/CVE-2021-24627.yaml @@ -11,14 +11,13 @@ info: - https://wpscan.com/vulnerability/c04ea768-150f-41b8-b08c-78d1ae006bbb - https://nvd.nist.gov/vuln/detail/CVE-2021-24627 - https://github.com/ARPSyndicate/cvemon - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2021-24627 cwe-id: CWE-89 - epss-score: 0.11666 - epss-percentile: 0.93282 + epss-score: 0.30355 + epss-percentile: 0.96947 cpe: cpe:2.3:a:g_auto-hyperlink_project:g_auto-hyperlink:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,7 +25,7 @@ info: vendor: g_auto-hyperlink_project product: g_auto-hyperlink framework: wordpress - shodan-query: http.html:"/wp-content/plugins/g-auto-hyperlink/" + shodan-query: http.html:/wp-content/plugins/g-auto-hyperlink/ fofa-query: body=/wp-content/plugins/g-auto-hyperlink/ publicwww-query: /wp-content/plugins/g-auto-hyperlink/ tags: cve2021,cve,sqli,wpscan,wordpress,wp-plugin,wp,g-auto-hyperlink,authenticated,g_auto-hyperlink_project diff --git a/http/cves/2021/CVE-2021-24666.yaml b/http/cves/2021/CVE-2021-24666.yaml index 556fe4199a5..18fe88be3f0 100644 --- a/http/cves/2021/CVE-2021-24666.yaml +++ b/http/cves/2021/CVE-2021-24666.yaml @@ -14,14 +14,13 @@ info: - https://wordpress.org/plugins/podlove-podcasting-plugin-for-wordpress/ - https://github.com/podlove/podlove-publisher/commit/aa8a343a2e2333b34a422f801adee09b020c6d76 - https://nvd.nist.gov/vuln/detail/CVE-2021-24666 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-24666 cwe-id: CWE-89 - epss-score: 0.86466 - epss-percentile: 0.99357 + epss-score: 0.28174 + epss-percentile: 0.96727 cpe: cpe:2.3:a:podlove:podlove_podcast_publisher:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-24731.yaml b/http/cves/2021/CVE-2021-24731.yaml index 9385f37d445..7c9d321941f 100644 --- a/http/cves/2021/CVE-2021-24731.yaml +++ b/http/cves/2021/CVE-2021-24731.yaml @@ -13,14 +13,13 @@ info: - https://wpscan.com/vulnerability/6bed00e4-b363-43b8-a392-d068d342151a - https://wordpress.org/plugins/pie-register/ - https://nvd.nist.gov/vuln/detail/CVE-2021-24731 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-24731 cwe-id: CWE-89 - epss-score: 0.53132 - epss-percentile: 0.97793 + epss-score: 0.25417 + epss-percentile: 0.96689 cpe: cpe:2.3:a:genetechsolutions:pie_register:*:*:*:*:*:wordpress:*:* metadata: verified: "true" diff --git a/http/cves/2021/CVE-2021-24762.yaml b/http/cves/2021/CVE-2021-24762.yaml index a067353a55f..dcb90e44f53 100644 --- a/http/cves/2021/CVE-2021-24762.yaml +++ b/http/cves/2021/CVE-2021-24762.yaml @@ -15,14 +15,13 @@ info: - https://github.com/cckuailong/reapoc/tree/main/2021/CVE-2021-24762/vultarget - https://wpscan.com/vulnerability/c1620905-7c31-4e62-80f5-1d9635be11ad - https://nvd.nist.gov/vuln/detail/CVE-2021-24762 - - https://github.com/MalekAlthubiany/WordPressShell-OSCP classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-24762 cwe-id: CWE-89 - epss-score: 0.83577 - epss-percentile: 0.99216 + epss-score: 0.33888 + epss-percentile: 0.96671 cpe: cpe:2.3:a:getperfectsurvey:perfect_survey:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-24791.yaml b/http/cves/2021/CVE-2021-24791.yaml index 3fb81b75e68..ba1caed8d0a 100644 --- a/http/cves/2021/CVE-2021-24791.yaml +++ b/http/cves/2021/CVE-2021-24791.yaml @@ -11,14 +11,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-24791 - https://wpscan.com/vulnerability/d55caa9b-d50f-4c13-bc69-dc475641735f - https://wordpress.org/plugins/header-footer-code-manager/ - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2021-24791 cwe-id: CWE-89 - epss-score: 0.06508 - epss-percentile: 0.906 + epss-score: 0.10363 + epss-percentile: 0.94849 cpe: cpe:2.3:a:draftpress:header_footer_code_manager:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-24838.yaml b/http/cves/2021/CVE-2021-24838.yaml index bf8d6431474..9657ee820cb 100644 --- a/http/cves/2021/CVE-2021-24838.yaml +++ b/http/cves/2021/CVE-2021-24838.yaml @@ -15,14 +15,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-24838 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-24838 cwe-id: CWE-601 - epss-score: 0.02345 - epss-percentile: 0.84066 + epss-score: 0.00106 + epss-percentile: 0.43227 cpe: cpe:2.3:a:bologer:anycomment:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-24849.yaml b/http/cves/2021/CVE-2021-24849.yaml index 9350173ab60..b228ea94438 100644 --- a/http/cves/2021/CVE-2021-24849.yaml +++ b/http/cves/2021/CVE-2021-24849.yaml @@ -11,14 +11,13 @@ info: - https://wpscan.com/vulnerability/763c08a0-4b2b-4487-b91c-be6cc2b9322e/ - https://nvd.nist.gov/vuln/detail/CVE-2021-24849 - https://wordpress.org/plugins/wc-multivendor-marketplace/ - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-24849 cwe-id: CWE-89 - epss-score: 0.69933 - epss-percentile: 0.98561 + epss-score: 0.02367 + epss-percentile: 0.89814 cpe: cpe:2.3:a:wclovers:frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,7 +25,7 @@ info: vendor: wclovers product: frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible framework: wordpress - shodan-query: http.html:"/wp-content/plugins/wc-multivendor-marketplace" + shodan-query: http.html:/wp-content/plugins/wc-multivendor-marketplace fofa-query: body=/wp-content/plugins/wc-multivendor-marketplace publicwww-query: "/wp-content/plugins/wc-multivendor-marketplace" tags: time-based-sqli,wpscan,cve,cve2021,wp,wp-plugin,wordpress,wc-multivendor-marketplace,sqli,wclovers diff --git a/http/cves/2021/CVE-2021-24875.yaml b/http/cves/2021/CVE-2021-24875.yaml index e24e9ebe5da..fbfdd095161 100644 --- a/http/cves/2021/CVE-2021-24875.yaml +++ b/http/cves/2021/CVE-2021-24875.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-24875 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-24875 cwe-id: CWE-79 - epss-score: 0.16493 - epss-percentile: 0.94521 + epss-score: 0.00143 + epss-percentile: 0.50073 cpe: cpe:2.3:a:implecode:ecommerce_product_catalog:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-24891.yaml b/http/cves/2021/CVE-2021-24891.yaml index b8cb3d680da..873900624e8 100644 --- a/http/cves/2021/CVE-2021-24891.yaml +++ b/http/cves/2021/CVE-2021-24891.yaml @@ -24,13 +24,10 @@ info: epss-percentile: 0.45236 cpe: cpe:2.3:a:elementor:website_builder:*:*:*:*:*:wordpress:*:* metadata: - max-request: 2 + max-request: 3 vendor: elementor product: "website_builder" framework: wordpress - publicwww-query: /wp-content/plugins/elementor/ - shodan-query: http.html:"/wp-content/plugins/elementor/" - fofa-query: body=/wp-content/plugins/elementor/ tags: cve2021,cve,wordpress,wp-plugin,elementor,wpscan,dom,xss flow: http(1) && http(2) diff --git a/http/cves/2021/CVE-2021-24910.yaml b/http/cves/2021/CVE-2021-24910.yaml index 737e8108eb0..c24829be6cc 100644 --- a/http/cves/2021/CVE-2021-24910.yaml +++ b/http/cves/2021/CVE-2021-24910.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24910 cwe-id: CWE-79 - epss-score: 0.27186 - epss-percentile: 0.96099 + epss-score: 0.00086 + epss-percentile: 0.35299 cpe: cpe:2.3:a:transposh:transposh_wordpress_translation:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-24915.yaml b/http/cves/2021/CVE-2021-24915.yaml index 4c5739230dd..7fdc4b2ca18 100644 --- a/http/cves/2021/CVE-2021-24915.yaml +++ b/http/cves/2021/CVE-2021-24915.yaml @@ -11,14 +11,13 @@ info: - https://wpscan.com/vulnerability/45ee86a7-1497-4c81-98b8-9a8e5b3d4fac - https://gist.github.com/tpmiller87/6c05596fe27dd6f69f1aaba4cbb9c917 - https://wordpress.org/plugins/contest-gallery/ - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-24915 cwe-id: CWE-89 - epss-score: 0.74556 - epss-percentile: 0.98771 + epss-score: 0.25422 + epss-percentile: 0.9669 cpe: cpe:2.3:a:contest_gallery:contest_gallery:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,7 +25,7 @@ info: vendor: contest_gallery product: contest_gallery framework: wordpress - shodan-query: http.html:"/wp-content/plugins/contest-gallery/" + shodan-query: http.html:/wp-content/plugins/contest-gallery/ fofa-query: body=/wp-content/plugins/contest-gallery/ publicwww-query: "/wp-content/plugins/contest-gallery/" tags: cve2021,cve,wordpress,wp-plugin,wpscan,wp,contest-gallery,contest_gallery,sqli diff --git a/http/cves/2021/CVE-2021-24917.yaml b/http/cves/2021/CVE-2021-24917.yaml index a89121bab7e..dafba1553a3 100644 --- a/http/cves/2021/CVE-2021-24917.yaml +++ b/http/cves/2021/CVE-2021-24917.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-24917 cwe-id: CWE-863 - epss-score: 0.84821 - epss-percentile: 0.99272 + epss-score: 0.04098 + epss-percentile: 0.92139 cpe: cpe:2.3:a:wpserveur:wps_hide_login:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -28,9 +28,6 @@ info: vendor: wpserveur product: wps_hide_login framework: wordpress - publicwww-query: /wp-content/plugins/wps-hide-login/ - shodan-query: http.html:"/wp-content/plugins/wps-hide-login/" - fofa-query: body=/wp-content/plugins/wps-hide-login/ tags: cve2021,cve,wp,wordpress,wp-plugin,unauth,wpscan,wpserveur http: diff --git a/http/cves/2021/CVE-2021-24926.yaml b/http/cves/2021/CVE-2021-24926.yaml index 23af7e744e0..12839bef4da 100644 --- a/http/cves/2021/CVE-2021-24926.yaml +++ b/http/cves/2021/CVE-2021-24926.yaml @@ -12,14 +12,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-24926 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-24926 cwe-id: CWE-79 - epss-score: 0.06294 - epss-percentile: 0.9043 + epss-score: 0.00171 + epss-percentile: 0.54011 cpe: cpe:2.3:a:domaincheckplugin:domain_check:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2021/CVE-2021-24934.yaml b/http/cves/2021/CVE-2021-24934.yaml index 0d6f85d9bf5..6b3719ca346 100644 --- a/http/cves/2021/CVE-2021-24934.yaml +++ b/http/cves/2021/CVE-2021-24934.yaml @@ -25,9 +25,7 @@ info: product: visual_css_style_editor framework: wordpress publicwww-query: "/wp-content/plugins/yellow-pencil-visual-theme-customizer" - shodan-query: http.html:"/wp-content/plugins/yellow-pencil-visual-theme-customizer" - fofa-query: body=/wp-content/plugins/yellow-pencil-visual-theme-customizer - tags: wpscan,cve,cve2021,wordpress,wp,wp-plugin,yellowpencil,xss,authenticated + tags: cve,cve2021,wordpress,wp,wp-plugin,yellowpencil,xss,authenticated http: - raw: diff --git a/http/cves/2021/CVE-2021-24940.yaml b/http/cves/2021/CVE-2021-24940.yaml index 6bebacb528f..fc49c623b31 100644 --- a/http/cves/2021/CVE-2021-24940.yaml +++ b/http/cves/2021/CVE-2021-24940.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-24940 cwe-id: CWE-79 - epss-score: 0.01887 - epss-percentile: 0.82251 + epss-score: 0.00106 + epss-percentile: 0.43227 cpe: cpe:2.3:a:woocommerce:persian-woocommerce:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-24943.yaml b/http/cves/2021/CVE-2021-24943.yaml index 91db468bbed..42a29868e03 100644 --- a/http/cves/2021/CVE-2021-24943.yaml +++ b/http/cves/2021/CVE-2021-24943.yaml @@ -11,14 +11,13 @@ info: - https://wpscan.com/vulnerability/ba50c590-42ee-4523-8aa0-87ac644b77ed/ - https://nvd.nist.gov/vuln/detail/CVE-2021-24943 - https://wordpress.org/plugins/registrations-for-the-events-calendar/ - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-24943 cwe-id: CWE-89 - epss-score: 0.52737 - epss-percentile: 0.97776 + epss-score: 0.20551 + epss-percentile: 0.96367 cpe: cpe:2.3:a:roundupwp:registrations_for_the_events_calendar:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,7 +25,7 @@ info: vendor: roundupwp product: registrations_for_the_events_calendar framework: wordpress - shodan-query: http.html:"/wp-content/plugins/registrations-for-the-events-calendar/" + shodan-query: http.html:/wp-content/plugins/registrations-for-the-events-calendar/ fofa-query: body=/wp-content/plugins/registrations-for-the-events-calendar/ publicwww-query: "/wp-content/plugins/registrations-for-the-events-calendar/" tags: time-based-sqli,wpscan,cve,cve2021,wp,wp-plugin,wordpress,sqli,registrations-for-the-events-calendar,roundupwp diff --git a/http/cves/2021/CVE-2021-24970.yaml b/http/cves/2021/CVE-2021-24970.yaml index eb59e309931..6a1fed78698 100644 --- a/http/cves/2021/CVE-2021-24970.yaml +++ b/http/cves/2021/CVE-2021-24970.yaml @@ -14,14 +14,13 @@ info: - https://wordpress.org/plugins/all-in-one-video-gallery - https://nvd.nist.gov/vuln/detail/CVE-2021-24970 - https://github.com/ARPSyndicate/cvemon - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2021-24970 cwe-id: CWE-22 - epss-score: 0.19736 - epss-percentile: 0.95114 + epss-score: 0.0297 + epss-percentile: 0.90861 cpe: cpe:2.3:a:plugins360:all-in-one_video_gallery:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-24979.yaml b/http/cves/2021/CVE-2021-24979.yaml index 7b3f0f56d0c..b31d4715ed7 100644 --- a/http/cves/2021/CVE-2021-24979.yaml +++ b/http/cves/2021/CVE-2021-24979.yaml @@ -25,7 +25,7 @@ info: vendor: strangerstudios product: paid_memberships_pro framework: wordpress - shodan-query: http.html:"/wp-content/plugins/paid-memberships-pro/" + shodan-query: http.html:/wp-content/plugins/paid-memberships-pro/ fofa-query: body=/wp-content/plugins/paid-memberships-pro/ publicwww-query: /wp-content/plugins/paid-memberships-pro/ google-query: inurl:"/wp-content/plugins/paid-memberships-pro" diff --git a/http/cves/2021/CVE-2021-25003.yaml b/http/cves/2021/CVE-2021-25003.yaml index e1353b7ba49..6103ec8a7b7 100644 --- a/http/cves/2021/CVE-2021-25003.yaml +++ b/http/cves/2021/CVE-2021-25003.yaml @@ -20,9 +20,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-25003 - cwe-id: CWE-94,CWE-434 - epss-score: 0.91304 - epss-percentile: 0.99623 + cwe-id: CWE-434,CWE-94 + epss-score: 0.61181 + epss-percentile: 0.97795 cpe: cpe:2.3:a:wptaskforce:wpcargo_track_\&_trace:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-25016.yaml b/http/cves/2021/CVE-2021-25016.yaml index b81f9143060..80874bda15b 100644 --- a/http/cves/2021/CVE-2021-25016.yaml +++ b/http/cves/2021/CVE-2021-25016.yaml @@ -11,14 +11,13 @@ info: - https://wpscan.com/vulnerability/b5035987-6227-4fc6-bc45-1e8016e5c4c0 - https://nvd.nist.gov/vuln/detail/CVE-2021-25016 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25016 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-25016 cwe-id: CWE-79 - epss-score: 0.1346 - epss-percentile: 0.9381 + epss-score: 0.00106 + epss-percentile: 0.43227 cpe: cpe:2.3:a:premio:chaty:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,7 +25,7 @@ info: vendor: premio product: chaty framework: wordpress - shodan-query: http.html:"/wp-content/plugins/chaty/" + shodan-query: http.html:/wp-content/plugins/chaty/ fofa-query: body=/wp-content/plugins/chaty/ publicwww-query: "/wp-content/plugins/chaty/" tags: cve2021,cve,wpscan,wordpress,wp-plugin,xss,authenticated,chaty,premio diff --git a/http/cves/2021/CVE-2021-25065.yaml b/http/cves/2021/CVE-2021-25065.yaml index 67daff8b518..c182445aeae 100644 --- a/http/cves/2021/CVE-2021-25065.yaml +++ b/http/cves/2021/CVE-2021-25065.yaml @@ -12,14 +12,13 @@ info: reference: - https://wpscan.com/vulnerability/ae1aab4e-b00a-458b-a176-85761655bdcc - https://wordpress.org/plugins/custom-facebook-feed/ - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2021-25065 cwe-id: CWE-79 - epss-score: 0.02416 - epss-percentile: 0.84282 + epss-score: 0.00069 + epss-percentile: 0.29862 cpe: cpe:2.3:a:smashballoon:smash_balloon_social_post_feed:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -27,7 +26,7 @@ info: vendor: smashballoon product: smash_balloon_social_post_feed framework: wordpress - shodan-query: http.html:"/wp-content/plugins/custom-facebook-feed/" + shodan-query: http.html:/wp-content/plugins/custom-facebook-feed/ fofa-query: body=/wp-content/plugins/custom-facebook-feed/ publicwww-query: "/wp-content/plugins/custom-facebook-feed/" tags: cve2021,cve,wpscan,wordpress,wp-plugin,xss,wp,authenticated,smashballoon diff --git a/http/cves/2021/CVE-2021-25067.yaml b/http/cves/2021/CVE-2021-25067.yaml index c80d15b7ea9..035370285c0 100644 --- a/http/cves/2021/CVE-2021-25067.yaml +++ b/http/cves/2021/CVE-2021-25067.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5.4 cve-id: CVE-2021-25067 cwe-id: CWE-79 - epss-score: 0.04863 - epss-percentile: 0.89011 + epss-score: 0.00069 + epss-percentile: 0.29862 cpe: cpe:2.3:a:pluginops:landing_page:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-25074.yaml b/http/cves/2021/CVE-2021-25074.yaml index 33a53bc4aad..d048638533b 100644 --- a/http/cves/2021/CVE-2021-25074.yaml +++ b/http/cves/2021/CVE-2021-25074.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-25074 - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/ARPSyndicate/cvemon - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-25074 cwe-id: CWE-601 - epss-score: 0.01001 - epss-percentile: 0.75867 + epss-score: 0.00106 + epss-percentile: 0.43227 cpe: cpe:2.3:a:webp_converter_for_media_project:webp_converter_for_media:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-25078.yaml b/http/cves/2021/CVE-2021-25078.yaml index c1375093f46..cb309b508fa 100644 --- a/http/cves/2021/CVE-2021-25078.yaml +++ b/http/cves/2021/CVE-2021-25078.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-25078 - https://plugins.trac.wordpress.org/changeset/2648196 - https://github.com/ARPSyndicate/cvemon - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-25078 cwe-id: CWE-79 - epss-score: 0.05997 - epss-percentile: 0.90187 + epss-score: 0.00382 + epss-percentile: 0.72963 cpe: cpe:2.3:a:wpaffiliatemanager:affiliates_manager:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-25079.yaml b/http/cves/2021/CVE-2021-25079.yaml index 44f8ff7ebdf..1b9d34473eb 100644 --- a/http/cves/2021/CVE-2021-25079.yaml +++ b/http/cves/2021/CVE-2021-25079.yaml @@ -12,14 +12,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-25079 - https://wordpress.org/plugins/contact-form-entries/ - https://plugins.trac.wordpress.org/changeset/2629442 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-25079 cwe-id: CWE-79 - epss-score: 0.01946 - epss-percentile: 0.82502 + epss-score: 0.001 + epss-percentile: 0.41295 cpe: cpe:2.3:a:crmperks:contact_form_entries:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-25094.yaml b/http/cves/2021/CVE-2021-25094.yaml index 9abfab3ee88..89b762becfe 100644 --- a/http/cves/2021/CVE-2021-25094.yaml +++ b/http/cves/2021/CVE-2021-25094.yaml @@ -11,24 +11,18 @@ info: - https://darkpills.com/wordpress-tatsu-builder-preauth-rce-cve-2021-25094/ - https://wpscan.com/vulnerability/fb0097a0-5d7b-4e5b-97de-aacafa8fffcd/ - https://nvd.nist.gov/vuln/detail/CVE-2021-25094 - - https://packetstorm.news/files/id/190566/ - - https://www.exploit-db.com/exploits/52260 classification: cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2021-25094 cwe-id: CWE-306 - epss-score: 0.88477 - epss-percentile: 0.99455 cpe: cpe:2.3:a:brandexponents:tatsu:*:*:*:*:*:wordpress:*:* metadata: - verified: true max-request: 2 - vendor: brandexponents - product: tatsu - framework: wordpress + verified: true publicwww-query: "/wp-content/plugins/tatsu/" - tags: wpscan,cve,cve2021,wp,wp-plugin,wordpress,tatsu,rce,intrusive + tags: cve,cve2021,wp,wp-plugin,wordpress,tatsu,rce + variables: marker: "{{randstr}}" b64marker: "{{base64(marker)}}" diff --git a/http/cves/2021/CVE-2021-25099.yaml b/http/cves/2021/CVE-2021-25099.yaml index ebc2aac9103..840d0bb5f51 100644 --- a/http/cves/2021/CVE-2021-25099.yaml +++ b/http/cves/2021/CVE-2021-25099.yaml @@ -30,9 +30,6 @@ info: vendor: givewp product: givewp framework: wordpress - publicwww-query: /wp-content/plugins/give/ - shodan-query: http.html:"/wp-content/plugins/give/" - fofa-query: body=/wp-content/plugins/give/ tags: cve2021,cve,xss,wp,give,wordpress,wp-plugin,unauth,wpscan,givewp http: diff --git a/http/cves/2021/CVE-2021-25104.yaml b/http/cves/2021/CVE-2021-25104.yaml index b73eadf9dbe..5d60460a4c0 100644 --- a/http/cves/2021/CVE-2021-25104.yaml +++ b/http/cves/2021/CVE-2021-25104.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-25104 cwe-id: CWE-79 - epss-score: 0.10163 - epss-percentile: 0.92713 + epss-score: 0.00106 + epss-percentile: 0.42122 cpe: cpe:2.3:a:oceanwp:ocean_extra:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-25111.yaml b/http/cves/2021/CVE-2021-25111.yaml index ea9828f2379..794be5d0b96 100644 --- a/http/cves/2021/CVE-2021-25111.yaml +++ b/http/cves/2021/CVE-2021-25111.yaml @@ -13,14 +13,13 @@ info: - https://wpscan.com/vulnerability/af548fab-96c2-4129-b609-e24aad0b1fc4 - https://nvd.nist.gov/vuln/detail/CVE-2021-25111 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-25111 cwe-id: CWE-601 - epss-score: 0.01767 - epss-percentile: 0.81702 + epss-score: 0.00106 + epss-percentile: 0.43227 cpe: cpe:2.3:a:english_wordpress_admin_project:english_wordpress_admin:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-25112.yaml b/http/cves/2021/CVE-2021-25112.yaml index 40d708fe9b6..1158163eaba 100644 --- a/http/cves/2021/CVE-2021-25112.yaml +++ b/http/cves/2021/CVE-2021-25112.yaml @@ -15,14 +15,13 @@ info: - https://plugins.trac.wordpress.org/changeset/2659751 - https://nvd.nist.gov/vuln/detail/CVE-2021-25112 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-25112 cwe-id: CWE-79 - epss-score: 0.05226 - epss-percentile: 0.89429 + epss-score: 0.001 + epss-percentile: 0.40139 cpe: cpe:2.3:a:i-plugins:whmcs_bridge:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2021/CVE-2021-25114.yaml b/http/cves/2021/CVE-2021-25114.yaml index 1e1ad6a9575..a65282781a9 100644 --- a/http/cves/2021/CVE-2021-25114.yaml +++ b/http/cves/2021/CVE-2021-25114.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-25114 cwe-id: CWE-89 - epss-score: 0.73547 - epss-percentile: 0.98715 + epss-score: 0.03548 + epss-percentile: 0.91594 cpe: cpe:2.3:a:strangerstudios:paid_memberships_pro:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -30,7 +30,7 @@ info: vendor: strangerstudios product: paid_memberships_pro framework: wordpress - shodan-query: http.html:"/wp-content/plugins/paid-memberships-pro/" + shodan-query: http.html:/wp-content/plugins/paid-memberships-pro/ fofa-query: body=/wp-content/plugins/paid-memberships-pro/ publicwww-query: /wp-content/plugins/paid-memberships-pro/ google-query: inurl:"/wp-content/plugins/paid-memberships-pro" diff --git a/http/cves/2021/CVE-2021-25118.yaml b/http/cves/2021/CVE-2021-25118.yaml index fb99d254376..48d008379ee 100644 --- a/http/cves/2021/CVE-2021-25118.yaml +++ b/http/cves/2021/CVE-2021-25118.yaml @@ -19,15 +19,14 @@ info: cvss-score: 5.3 cve-id: CVE-2021-25118 cwe-id: CWE-200 - epss-score: 0.07846 - epss-percentile: 0.91519 + epss-score: 0.00173 + epss-percentile: 0.5348 cpe: cpe:2.3:a:yoast:yoast_seo:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 vendor: yoast product: yoast_seo framework: wordpress - google-query: inurl:"/author-sitemap.xml" tags: cve2021,cve,wpscan,wordpress,wp-plugin,fpd,wp,yoast http: diff --git a/http/cves/2021/CVE-2021-25120.yaml b/http/cves/2021/CVE-2021-25120.yaml index 520da8e36df..de859bbb2d0 100644 --- a/http/cves/2021/CVE-2021-25120.yaml +++ b/http/cves/2021/CVE-2021-25120.yaml @@ -18,8 +18,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-25120 cwe-id: CWE-79 - epss-score: 0.34938 - epss-percentile: 0.96806 + epss-score: 0.00106 + epss-percentile: 0.43227 cpe: cpe:2.3:a:easysocialfeed:easy_social_feed:*:*:*:*:pro:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2021/CVE-2021-25161.yaml b/http/cves/2021/CVE-2021-25161.yaml index 50658d7ccae..3d9c7b46582 100644 --- a/http/cves/2021/CVE-2021-25161.yaml +++ b/http/cves/2021/CVE-2021-25161.yaml @@ -11,20 +11,16 @@ info: reference: - https://alephsecurity.com/2021/07/15/aruba-instant/?utm_source=feedly - https://nvd.nist.gov/vuln/detail/CVE-2021-25161 - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-25161 cwe-id: CWE-79 - epss-score: 0.13961 - epss-percentile: 0.93944 - cpe: cpe:2.3:o:arubanetworks:instant:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 - vendor: arubanetworks - product: instant + vendor: aruba + product: aruba-instant-access-point shodan-query: title:"Aruba" fofa-query: body="jscripts/third_party/raphael-treemap.min.js" || body="jscripts/third_party/highcharts.src.js" tags: cve,cve2021,xss,aruba,web diff --git a/http/cves/2021/CVE-2021-25281.yaml b/http/cves/2021/CVE-2021-25281.yaml index a5e823bac8c..6f0055c3599 100644 --- a/http/cves/2021/CVE-2021-25281.yaml +++ b/http/cves/2021/CVE-2021-25281.yaml @@ -18,8 +18,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-25281 cwe-id: CWE-287 - epss-score: 0.94078 - epss-percentile: 0.9989 + epss-score: 0.87406 + epss-percentile: 0.98631 cpe: cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-25296.yaml b/http/cves/2021/CVE-2021-25296.yaml index 93ba6a0d22f..2189987c6ad 100644 --- a/http/cves/2021/CVE-2021-25296.yaml +++ b/http/cves/2021/CVE-2021-25296.yaml @@ -21,21 +21,20 @@ info: cvss-score: 8.8 cve-id: CVE-2021-25296 cwe-id: CWE-78 - epss-score: 0.93482 - epss-percentile: 0.99814 - cpe: cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* + epss-score: 0.89037 + epss-percentile: 0.98721 + cpe: cpe:2.3:a:nagios:nagios_xi:5.7.5:*:*:*:*:*:*:* metadata: verified: true max-request: 4 vendor: nagios product: nagios_xi shodan-query: + - title:"Nagios XI" - http.title:"nagios xi" - - http.favicon.hash:"1460499495" fofa-query: - title="nagios xi" - app="nagios-xi" - - icon_hash="1460499495" google-query: intitle:"nagios xi" tags: cve,cve2021,packetstorm,rce,oast,authenticated,msf,nagiosxi,kev,nagios diff --git a/http/cves/2021/CVE-2021-25297.yaml b/http/cves/2021/CVE-2021-25297.yaml index 6295c072853..b811116dc94 100644 --- a/http/cves/2021/CVE-2021-25297.yaml +++ b/http/cves/2021/CVE-2021-25297.yaml @@ -30,12 +30,11 @@ info: vendor: nagios product: nagios_xi shodan-query: + - title:"Nagios XI" - http.title:"nagios xi" - - http.favicon.hash:"1460499495" fofa-query: - title="nagios xi" - app="nagios-xi" - - icon_hash="1460499495" google-query: intitle:"nagios xi" tags: cve2021,cve,packetstorm,rce,oast,authenticated,msf,nagiosxi,kev,nagios diff --git a/http/cves/2021/CVE-2021-25298.yaml b/http/cves/2021/CVE-2021-25298.yaml index b26d02ccf2f..9dbd1509d68 100644 --- a/http/cves/2021/CVE-2021-25298.yaml +++ b/http/cves/2021/CVE-2021-25298.yaml @@ -21,21 +21,20 @@ info: cvss-score: 8.8 cve-id: CVE-2021-25298 cwe-id: CWE-78 - epss-score: 0.77096 - epss-percentile: 0.98898 - cpe: cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* + epss-score: 0.97349 + epss-percentile: 0.9988 + cpe: cpe:2.3:a:nagios:nagios_xi:5.7.5:*:*:*:*:*:*:* metadata: verified: true max-request: 4 vendor: nagios product: nagios_xi shodan-query: + - title:"Nagios XI" - http.title:"nagios xi" - - http.favicon.hash:"1460499495" fofa-query: - title="nagios xi" - app="nagios-xi" - - icon_hash="1460499495" google-query: intitle:"nagios xi" tags: cve2021,cve,packetstorm,oast,authenticated,msf,nagiosxi,rce,kev,nagios diff --git a/http/cves/2021/CVE-2021-25299.yaml b/http/cves/2021/CVE-2021-25299.yaml index 8a3c8ed7076..7189be5a026 100644 --- a/http/cves/2021/CVE-2021-25299.yaml +++ b/http/cves/2021/CVE-2021-25299.yaml @@ -28,12 +28,11 @@ info: vendor: nagios product: nagios_xi shodan-query: + - title:"Nagios XI" - http.title:"nagios xi" - - http.favicon.hash:"1460499495" fofa-query: - title="nagios xi" - app="nagios-xi" - - icon_hash="1460499495" google-query: intitle:"nagios xi" tags: cve2021,cve,nagios,nagiosxi,xss,authenticated diff --git a/http/cves/2021/CVE-2021-25646.yaml b/http/cves/2021/CVE-2021-25646.yaml index ab368aa18c5..caeef14bc8b 100644 --- a/http/cves/2021/CVE-2021-25646.yaml +++ b/http/cves/2021/CVE-2021-25646.yaml @@ -28,9 +28,6 @@ info: max-request: 1 vendor: apache product: druid - shodan-query: http.title:"apache druid" - fofa-query: title="apache druid" - google-query: intitle:"apache druid" tags: cve2021,cve,apache,rce,druid http: diff --git a/http/cves/2021/CVE-2021-25864.yaml b/http/cves/2021/CVE-2021-25864.yaml index 1e92396a348..0398d253ef5 100644 --- a/http/cves/2021/CVE-2021-25864.yaml +++ b/http/cves/2021/CVE-2021-25864.yaml @@ -14,21 +14,22 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-25864 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-25864 cwe-id: CWE-22 - epss-score: 0.88447 - epss-percentile: 0.99454 + epss-score: 0.29108 + epss-percentile: 0.96881 cpe: cpe:2.3:a:dgtl:huemagic:3.0.0:*:*:*:*:node.js:*:* metadata: max-request: 1 vendor: dgtl product: huemagic framework: node.js - shodan-query: http.title:"node-red" + shodan-query: + - title:"NODE-RED" + - http.title:"node-red" fofa-query: title="node-red" google-query: intitle:"node-red" tags: cve2021,cve,huemagic,lfi,dgtl,node.js diff --git a/http/cves/2021/CVE-2021-25899.yaml b/http/cves/2021/CVE-2021-25899.yaml index 68bde3c9e8e..4c48057dd7e 100644 --- a/http/cves/2021/CVE-2021-25899.yaml +++ b/http/cves/2021/CVE-2021-25899.yaml @@ -27,7 +27,9 @@ info: max-request: 1 vendor: void product: aurall_rec_monitor - shodan-query: http.html:"aurall" + shodan-query: + - html:"AURALL" + - http.html:"aurall" fofa-query: body="aurall" tags: time-based-sqli,cve2021,cve,sqli,void,aurall diff --git a/http/cves/2021/CVE-2021-26084.yaml b/http/cves/2021/CVE-2021-26084.yaml index 343ae7bc30e..75ae8e4fa8c 100644 --- a/http/cves/2021/CVE-2021-26084.yaml +++ b/http/cves/2021/CVE-2021-26084.yaml @@ -20,14 +20,16 @@ info: cvss-score: 9.8 cve-id: CVE-2021-26084 cwe-id: CWE-917 - epss-score: 0.94437 - epss-percentile: 0.99985 + epss-score: 0.97447 + epss-percentile: 0.99948 cpe: cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* metadata: max-request: 13 vendor: atlassian product: confluence_data_center - shodan-query: http.component:"atlassian confluence" + shodan-query: + - http.component:"Atlassian Confluence" + - http.component:"atlassian confluence" fofa-query: app="atlassian-confluence" tags: cve2021,cve,rce,confluence,injection,ognl,kev,atlassian diff --git a/http/cves/2021/CVE-2021-26085.yaml b/http/cves/2021/CVE-2021-26085.yaml index 42f109ef77d..05d350799ce 100644 --- a/http/cves/2021/CVE-2021-26085.yaml +++ b/http/cves/2021/CVE-2021-26085.yaml @@ -20,14 +20,16 @@ info: cvss-score: 5.3 cve-id: CVE-2021-26085 cwe-id: CWE-425 - epss-score: 0.94328 - epss-percentile: 0.9994 + epss-score: 0.95896 + epss-percentile: 0.9945 cpe: cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: atlassian product: confluence_data_center - shodan-query: http.component:"atlassian confluence" + shodan-query: + - http.component:"Atlassian Confluence" + - http.component:"atlassian confluence" fofa-query: app="atlassian-confluence" tags: cve2021,cve,kev,packetstorm,confluence,atlassian,lfi,intrusive diff --git a/http/cves/2021/CVE-2021-26086.yaml b/http/cves/2021/CVE-2021-26086.yaml index a20a2645e45..6d0efb1ba68 100644 --- a/http/cves/2021/CVE-2021-26086.yaml +++ b/http/cves/2021/CVE-2021-26086.yaml @@ -20,14 +20,16 @@ info: cvss-score: 5.3 cve-id: CVE-2021-26086 cwe-id: CWE-22 - epss-score: 0.94247 - epss-percentile: 0.99918 + epss-score: 0.91202 + epss-percentile: 0.98861 cpe: cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: atlassian product: jira_data_center - shodan-query: http.component:"atlassian jira" + shodan-query: + - http.component:"Atlassian Jira" + - http.component:"atlassian jira" tags: cve2021,cve,lfi,packetstorm,jira,intrusive,atlassian,kev http: diff --git a/http/cves/2021/CVE-2021-26292.yaml b/http/cves/2021/CVE-2021-26292.yaml index 0aa5070eef4..e559eb41536 100644 --- a/http/cves/2021/CVE-2021-26292.yaml +++ b/http/cves/2021/CVE-2021-26292.yaml @@ -16,7 +16,9 @@ info: max-request: 1 vendor: AfterLogic product: AfterLogic Aurora & WebMail - fofa-query: "x-server: afterlogicdavserver" + fofa-query: + - "X-Server: AfterlogicDAVServer" + - "x-server: afterlogicdavserver" tags: cve2021,cve,afterlogic,path,disclosure,AfterLogic http: diff --git a/http/cves/2021/CVE-2021-26294.yaml b/http/cves/2021/CVE-2021-26294.yaml index fe9ff73475c..0bb0084a798 100644 --- a/http/cves/2021/CVE-2021-26294.yaml +++ b/http/cves/2021/CVE-2021-26294.yaml @@ -17,15 +17,17 @@ info: cvss-score: 7.5 cve-id: CVE-2021-26294 cwe-id: CWE-22 - epss-score: 0.87923 - epss-percentile: 0.99428 + epss-score: 0.21969 + epss-percentile: 0.96457 cpe: cpe:2.3:a:afterlogic:aurora:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: afterlogic product: aurora - fofa-query: "x-server: afterlogicdavserver" + fofa-query: + - "X-Server: AfterlogicDAVServer" + - "x-server: afterlogicdavserver" tags: cve2021,cve,afterlogic,exposure,AfterLogic http: diff --git a/http/cves/2021/CVE-2021-26295.yaml b/http/cves/2021/CVE-2021-26295.yaml index bd11b33abbd..8792074e338 100644 --- a/http/cves/2021/CVE-2021-26295.yaml +++ b/http/cves/2021/CVE-2021-26295.yaml @@ -22,8 +22,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-26295 cwe-id: CWE-502 - epss-score: 0.94314 - epss-percentile: 0.99936 + epss-score: 0.97465 + epss-percentile: 0.99956 cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* metadata: verified: true @@ -31,13 +31,12 @@ info: vendor: apache product: ofbiz shodan-query: - - ofbiz.visitor= + - "OFBiz.Visitor=" - http.html:"ofbiz" - - http.html:"apache ofbiz" + - ofbiz.visitor= fofa-query: - body="ofbiz" - app="apache_ofbiz" - - body="apache ofbiz" ysoserial-payload: java -jar ysoserial.jar URLDNS https://oob-url-to-request.tld | hex tags: cve2021,cve,packetstorm,apache,ofbiz,deserialization,rce diff --git a/http/cves/2021/CVE-2021-26598.yaml b/http/cves/2021/CVE-2021-26598.yaml index 8fa6ad6be0a..96208e200ef 100644 --- a/http/cves/2021/CVE-2021-26598.yaml +++ b/http/cves/2021/CVE-2021-26598.yaml @@ -28,8 +28,9 @@ info: vendor: impresscms product: impresscms shodan-query: - - http.html:"impresscms" + - http.html:"ImpressCMS" - cpe:"cpe:2.3:a:impresscms:impresscms" + - http.html:"impresscms" fofa-query: body="impresscms" tags: cve,cve2021,hackerone,impresscms,unauth,cms diff --git a/http/cves/2021/CVE-2021-26702.yaml b/http/cves/2021/CVE-2021-26702.yaml index 1c4456a73a1..b1e63b02023 100644 --- a/http/cves/2021/CVE-2021-26702.yaml +++ b/http/cves/2021/CVE-2021-26702.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-26702 cwe-id: CWE-79 - epss-score: 0.06987 - epss-percentile: 0.90946 + epss-score: 0.00187 + epss-percentile: 0.55848 cpe: cpe:2.3:a:eprints:eprints:3.4.2:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-26723.yaml b/http/cves/2021/CVE-2021-26723.yaml index 49afaa654d6..2cff2812c4c 100644 --- a/http/cves/2021/CVE-2021-26723.yaml +++ b/http/cves/2021/CVE-2021-26723.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-26723 cwe-id: CWE-79 - epss-score: 0.65283 - epss-percentile: 0.98355 + epss-score: 0.07461 + epss-percentile: 0.94099 cpe: cpe:2.3:a:jenzabar:jenzabar:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-26812.yaml b/http/cves/2021/CVE-2021-26812.yaml index e6326976040..4e591e715c7 100644 --- a/http/cves/2021/CVE-2021-26812.yaml +++ b/http/cves/2021/CVE-2021-26812.yaml @@ -27,9 +27,6 @@ info: vendor: jitsi product: meet framework: moodle - shodan-query: http.title:"jitsi meet" - fofa-query: title="jitsi meet" - google-query: intitle:"jitsi meet" tags: cve2021,cve,moodle,jitsi,xss,plugin http: diff --git a/http/cves/2021/CVE-2021-26855.yaml b/http/cves/2021/CVE-2021-26855.yaml index 7492ac24a71..31259658675 100644 --- a/http/cves/2021/CVE-2021-26855.yaml +++ b/http/cves/2021/CVE-2021-26855.yaml @@ -27,18 +27,14 @@ info: vendor: microsoft product: exchange_server shodan-query: - - vuln:"cve-2021-26855" - - http.favicon.hash:"1768726119" + - vuln:CVE-2021-26855 + - http.favicon.hash:1768726119 - http.title:"outlook" - cpe:"cpe:2.3:a:microsoft:exchange_server" - - http.title:"outlook exchange" fofa-query: - title="outlook" - icon_hash=1768726119 - - title=outlook exchange - google-query: - - intitle:"outlook" - - intitle:outlook exchange + google-query: intitle:"outlook" tags: cve2021,cve,ssrf,rce,exchange,oast,microsoft,kev http: diff --git a/http/cves/2021/CVE-2021-27124.yaml b/http/cves/2021/CVE-2021-27124.yaml index 4b3b9b4f5eb..3e8af60e98e 100644 --- a/http/cves/2021/CVE-2021-27124.yaml +++ b/http/cves/2021/CVE-2021-27124.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.5 cve-id: CVE-2021-27124 cwe-id: CWE-89 - epss-score: 0.22289 - epss-percentile: 0.95475 + epss-score: 0.01991 + epss-percentile: 0.88786 cpe: cpe:2.3:a:doctor_appointment_system_project:doctor_appointment_system:1.0:*:*:*:*:*:*:* metadata: verified: "true" diff --git a/http/cves/2021/CVE-2021-27132.yaml b/http/cves/2021/CVE-2021-27132.yaml index 4c1bf977ab1..f5fd65534cc 100644 --- a/http/cves/2021/CVE-2021-27132.yaml +++ b/http/cves/2021/CVE-2021-27132.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-27132 cwe-id: CWE-74 - epss-score: 0.79529 - epss-percentile: 0.99019 + epss-score: 0.04569 + epss-percentile: 0.92334 cpe: cpe:2.3:o:sercomm:agcombo_vd625_firmware:agsot_2.1.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-27309.yaml b/http/cves/2021/CVE-2021-27309.yaml index 8af7cec5b67..48b1e3d4e7e 100644 --- a/http/cves/2021/CVE-2021-27309.yaml +++ b/http/cves/2021/CVE-2021-27309.yaml @@ -15,14 +15,13 @@ info: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27309 - https://nvd.nist.gov/vuln/detail/CVE-2021-27309 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-27309 cwe-id: CWE-79 - epss-score: 0.00874 - epss-percentile: 0.74129 + epss-score: 0.00106 + epss-percentile: 0.43249 cpe: cpe:2.3:a:csphere:clansphere:2011.4:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-27310.yaml b/http/cves/2021/CVE-2021-27310.yaml index 244547495ed..aa6dc7ca339 100644 --- a/http/cves/2021/CVE-2021-27310.yaml +++ b/http/cves/2021/CVE-2021-27310.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-27310 cwe-id: CWE-79 - epss-score: 0.04092 - epss-percentile: 0.87998 + epss-score: 0.00106 + epss-percentile: 0.43249 cpe: cpe:2.3:a:csphere:clansphere:2011.4:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-27315.yaml b/http/cves/2021/CVE-2021-27315.yaml index 635409a201d..a75f9714985 100644 --- a/http/cves/2021/CVE-2021-27315.yaml +++ b/http/cves/2021/CVE-2021-27315.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-27315 cwe-id: CWE-89 - epss-score: 0.73547 - epss-percentile: 0.98715 + epss-score: 0.07849 + epss-percentile: 0.94222 cpe: cpe:2.3:a:doctor_appointment_system_project:doctor_appointment_system:1.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-27319.yaml b/http/cves/2021/CVE-2021-27319.yaml index bc4602d14c7..4f17829fa04 100644 --- a/http/cves/2021/CVE-2021-27319.yaml +++ b/http/cves/2021/CVE-2021-27319.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-27319 cwe-id: CWE-89 - epss-score: 0.74323 - epss-percentile: 0.9876 + epss-score: 0.07849 + epss-percentile: 0.94222 cpe: cpe:2.3:a:doctor_appointment_system_project:doctor_appointment_system:1.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-27330.yaml b/http/cves/2021/CVE-2021-27330.yaml index ce5481f238b..d779863cc12 100644 --- a/http/cves/2021/CVE-2021-27330.yaml +++ b/http/cves/2021/CVE-2021-27330.yaml @@ -21,17 +21,19 @@ info: cvss-score: 6.1 cve-id: CVE-2021-27330 cwe-id: CWE-79 - epss-score: 0.22381 - epss-percentile: 0.95489 + epss-score: 0.00437 + epss-percentile: 0.74717 cpe: cpe:2.3:a:triconsole:datepicker_calendar:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: triconsole product: datepicker_calendar - shodan-query: http.title:"triconsole.com - php calendar date picker" + shodan-query: http.title:triconsole.com - php calendar date picker fofa-query: title=triconsole.com - php calendar date picker - google-query: intitle:triconsole.com - php calendar date picker + google-query: + - intitle:TriConsole.com - PHP Calendar Date Picker + - intitle:triconsole.com - php calendar date picker tags: cve2021,cve,xss,edb,triconsole http: diff --git a/http/cves/2021/CVE-2021-27358.yaml b/http/cves/2021/CVE-2021-27358.yaml index fb52401e9a8..93ad30385fc 100644 --- a/http/cves/2021/CVE-2021-27358.yaml +++ b/http/cves/2021/CVE-2021-27358.yaml @@ -20,16 +20,17 @@ info: cvss-score: 7.5 cve-id: CVE-2021-27358 cwe-id: CWE-306 - epss-score: 0.77442 - epss-percentile: 0.98913 + epss-score: 0.02415 + epss-percentile: 0.89689 cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: grafana product: grafana shodan-query: - - http.title:"grafana" + - title:"Grafana" - cpe:"cpe:2.3:a:grafana:grafana" + - http.title:"grafana" fofa-query: - title="grafana" - app="grafana" diff --git a/http/cves/2021/CVE-2021-27519.yaml b/http/cves/2021/CVE-2021-27519.yaml index 06d78e4ee09..2f9962b8ea9 100644 --- a/http/cves/2021/CVE-2021-27519.yaml +++ b/http/cves/2021/CVE-2021-27519.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-27519 cwe-id: CWE-79 - epss-score: 0.0383 - epss-percentile: 0.87581 + epss-score: 0.00217 + epss-percentile: 0.59671 cpe: cpe:2.3:a:fudforum:fudforum:3.1.0:*:*:*:*:*:*:* metadata: verified: true @@ -30,8 +30,9 @@ info: vendor: fudforum product: fudforum shodan-query: - - 'http.html:"powered by: fudforum"' + - 'http.html:"Powered by: FUDforum"' - http.html:"fudforum" + - 'http.html:"powered by: fudforum"' fofa-query: - 'body="powered by: fudforum"' - body="fudforum" diff --git a/http/cves/2021/CVE-2021-27520.yaml b/http/cves/2021/CVE-2021-27520.yaml index b5e729b65ae..47b62349fc0 100644 --- a/http/cves/2021/CVE-2021-27520.yaml +++ b/http/cves/2021/CVE-2021-27520.yaml @@ -30,6 +30,7 @@ info: vendor: fudforum product: fudforum shodan-query: + - html:"FUDforum" - http.html:"fudforum" - 'http.html:"powered by: fudforum"' fofa-query: diff --git a/http/cves/2021/CVE-2021-27670.yaml b/http/cves/2021/CVE-2021-27670.yaml index 25a0b90a39c..eb40cd49058 100644 --- a/http/cves/2021/CVE-2021-27670.yaml +++ b/http/cves/2021/CVE-2021-27670.yaml @@ -20,15 +20,17 @@ info: cvss-score: 9.8 cve-id: CVE-2021-27670 cwe-id: CWE-918 - epss-score: 0.92356 - epss-percentile: 0.99708 + epss-score: 0.61228 + epss-percentile: 0.97796 cpe: cpe:2.3:a:appspace:appspace:6.2.4:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: appspace product: appspace - shodan-query: http.title:"appspace" + shodan-query: + - title:"Appspace" + - http.title:"appspace" fofa-query: title="appspace" google-query: intitle:"appspace" tags: cve,cve2021,appspace,ssrf diff --git a/http/cves/2021/CVE-2021-27748.yaml b/http/cves/2021/CVE-2021-27748.yaml index e5fb09e1d88..db1683ece86 100644 --- a/http/cves/2021/CVE-2021-27748.yaml +++ b/http/cves/2021/CVE-2021-27748.yaml @@ -20,13 +20,11 @@ info: metadata: verified: true max-request: 3 - vendor: ibm + shodan-query: http.html:"IBM WebSphere Portal" product: websphere - shodan-query: - - http.html:"ibm websphere portal" - - cpe:"cpe:2.3:a:ibm:websphere" - fofa-query: body="ibm websphere portal" + vendor: ibm tags: cve2021,cve,hcl,ibm,ssrf,websphere + flow: http(1) && http(2) http: diff --git a/http/cves/2021/CVE-2021-27850.yaml b/http/cves/2021/CVE-2021-27850.yaml index 121b16048cb..9894929785a 100644 --- a/http/cves/2021/CVE-2021-27850.yaml +++ b/http/cves/2021/CVE-2021-27850.yaml @@ -28,7 +28,6 @@ info: max-request: 2 vendor: apache product: tapestry - fofa-query: app="apache-tapestry" tags: cve,cve2021,apache,tapestry http: diff --git a/http/cves/2021/CVE-2021-27905.yaml b/http/cves/2021/CVE-2021-27905.yaml index 4d14f2e4754..aa7ec193971 100644 --- a/http/cves/2021/CVE-2021-27905.yaml +++ b/http/cves/2021/CVE-2021-27905.yaml @@ -30,17 +30,12 @@ info: - cpe:"cpe:2.3:a:apache:solr" - http.title:"apache solr" - http.title:"solr admin" - - http.html:"apache solr" - - http.title:"solr" fofa-query: - title="solr admin" - title="apache solr" - - body="apache solr" - - title="solr" google-query: - intitle:"apache solr" - intitle:"solr admin" - - intitle:"solr" tags: cve2021,cve,apache,solr,ssrf http: diff --git a/http/cves/2021/CVE-2021-27909.yaml b/http/cves/2021/CVE-2021-27909.yaml index 16f52373389..499b0639d4d 100644 --- a/http/cves/2021/CVE-2021-27909.yaml +++ b/http/cves/2021/CVE-2021-27909.yaml @@ -28,11 +28,9 @@ info: vendor: acquia product: mautic shodan-query: + - title:"Mautic" - http.title:"mautic" - - http.html:"mautic installation" - fofa-query: - - title="mautic" - - body="mautic installation" + fofa-query: title="mautic" google-query: intitle:"mautic" tags: cve2021,cve,mautic,xss,acquia diff --git a/http/cves/2021/CVE-2021-27931.yaml b/http/cves/2021/CVE-2021-27931.yaml index 783276b6fe9..92b00a2e19d 100644 --- a/http/cves/2021/CVE-2021-27931.yaml +++ b/http/cves/2021/CVE-2021-27931.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-27931 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H cvss-score: 9.1 cve-id: CVE-2021-27931 cwe-id: CWE-611 - epss-score: 0.88479 - epss-percentile: 0.99456 + epss-score: 0.60102 + epss-percentile: 0.97771 cpe: cpe:2.3:a:lumis:lumis_experience_platform:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-28150.yaml b/http/cves/2021/CVE-2021-28150.yaml index d968843b95d..8d9b9a8937c 100644 --- a/http/cves/2021/CVE-2021-28150.yaml +++ b/http/cves/2021/CVE-2021-28150.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5.5 cve-id: CVE-2021-28150 cwe-id: CWE-425 - epss-score: 0.43963 - epss-percentile: 0.97365 + epss-score: 0.00253 + epss-percentile: 0.6512 cpe: cpe:2.3:o:hongdian:h8922_firmware:3.0.5:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2021/CVE-2021-28151.yaml b/http/cves/2021/CVE-2021-28151.yaml index 56d3a31f697..a80028e13cf 100644 --- a/http/cves/2021/CVE-2021-28151.yaml +++ b/http/cves/2021/CVE-2021-28151.yaml @@ -21,8 +21,8 @@ info: cvss-score: 8.8 cve-id: CVE-2021-28151 cwe-id: CWE-78 - epss-score: 0.92677 - epss-percentile: 0.99733 + epss-score: 0.96385 + epss-percentile: 0.99564 cpe: cpe:2.3:o:hongdian:h8922_firmware:3.0.5:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2021/CVE-2021-28164.yaml b/http/cves/2021/CVE-2021-28164.yaml index 3e4ad9e5131..ac88dd05411 100644 --- a/http/cves/2021/CVE-2021-28164.yaml +++ b/http/cves/2021/CVE-2021-28164.yaml @@ -21,21 +21,14 @@ info: cvss-score: 5.3 cve-id: CVE-2021-28164 cwe-id: CWE-200,NVD-CWE-Other - epss-score: 0.93519 - epss-percentile: 0.99818 + epss-score: 0.04765 + epss-percentile: 0.92672 cpe: cpe:2.3:a:eclipse:jetty:9.4.37:20210219:*:*:*:*:*:* metadata: max-request: 2 vendor: eclipse product: jetty - shodan-query: - - cpe:"cpe:2.3:a:eclipse:jetty" - - http.html:"contexts known to this" - - http.title:"powered by jetty" - fofa-query: - - body="contexts known to this" - - title="powered by jetty" - google-query: intitle:"powered by jetty" + shodan-query: cpe:"cpe:2.3:a:eclipse:jetty" tags: cve2021,cve,packetstorm,vulhub,jetty,exposure,eclipse flow: http(1) && http(2) diff --git a/http/cves/2021/CVE-2021-28169.yaml b/http/cves/2021/CVE-2021-28169.yaml index fe871f4556e..ac5f6421ca7 100644 --- a/http/cves/2021/CVE-2021-28169.yaml +++ b/http/cves/2021/CVE-2021-28169.yaml @@ -21,21 +21,14 @@ info: cvss-score: 5.3 cve-id: CVE-2021-28169 cwe-id: CWE-200,NVD-CWE-Other - epss-score: 0.92424 - epss-percentile: 0.99713 + epss-score: 0.00618 + epss-percentile: 0.78767 cpe: cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: eclipse product: jetty - shodan-query: - - cpe:"cpe:2.3:a:eclipse:jetty" - - http.html:"contexts known to this" - - http.title:"powered by jetty" - fofa-query: - - body="contexts known to this" - - title="powered by jetty" - google-query: intitle:"powered by jetty" + shodan-query: cpe:"cpe:2.3:a:eclipse:jetty" tags: cve2021,cve,jetty,eclipse http: diff --git a/http/cves/2021/CVE-2021-28377.yaml b/http/cves/2021/CVE-2021-28377.yaml index acf45dfa7c7..27b81f78d28 100644 --- a/http/cves/2021/CVE-2021-28377.yaml +++ b/http/cves/2021/CVE-2021-28377.yaml @@ -13,15 +13,13 @@ info: - https://herolab.usd.de/en/security-advisories/usd-2021-0007/ - https://nvd.nist.gov/vuln/detail/CVE-2021-28377 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/goranc/codegraph - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2021-28377 cwe-id: CWE-22 - epss-score: 0.4612 - epss-percentile: 0.97473 + epss-score: 0.00106 + epss-percentile: 0.43237 cpe: cpe:2.3:a:chronoengine:chronoforums:2.0.11:*:*:*:*:joomla:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-28918.yaml b/http/cves/2021/CVE-2021-28918.yaml index a7bf513efda..ffcbfb32de6 100644 --- a/http/cves/2021/CVE-2021-28918.yaml +++ b/http/cves/2021/CVE-2021-28918.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.1 cve-id: CVE-2021-28918 cwe-id: CWE-704 - epss-score: 0.85896 - epss-percentile: 0.99327 + epss-score: 0.02704 + epss-percentile: 0.89404 cpe: cpe:2.3:a:netmask_project:netmask:*:*:*:*:*:node.js:*:* metadata: max-request: 3 diff --git a/http/cves/2021/CVE-2021-29006.yaml b/http/cves/2021/CVE-2021-29006.yaml index 025df38eb22..0d76c82ffc7 100644 --- a/http/cves/2021/CVE-2021-29006.yaml +++ b/http/cves/2021/CVE-2021-29006.yaml @@ -15,15 +15,17 @@ info: cvss-score: 6.5 cve-id: CVE-2021-29006 cwe-id: CWE-22 - epss-score: 0.30402 - epss-percentile: 0.96429 + epss-score: 0.09465 + epss-percentile: 0.94172 cpe: cpe:2.3:a:rconfig:rconfig:3.9.6:*:*:*:*:*:*:* metadata: verified: true max-request: 3 vendor: rconfig product: rconfig - shodan-query: http.title:"rconfig" + shodan-query: + - http.title:"rConfig" + - http.title:"rconfig" fofa-query: title="rconfig" google-query: intitle:"rconfig" tags: cve2021,cve,rconfig,authenticated,lfi diff --git a/http/cves/2021/CVE-2021-29156.yaml b/http/cves/2021/CVE-2021-29156.yaml index a10b2da06a8..9c07898bae0 100644 --- a/http/cves/2021/CVE-2021-29156.yaml +++ b/http/cves/2021/CVE-2021-29156.yaml @@ -19,14 +19,16 @@ info: cvss-score: 7.5 cve-id: CVE-2021-29156 cwe-id: CWE-74 - epss-score: 0.92185 - epss-percentile: 0.99693 + epss-score: 0.29536 + epss-percentile: 0.96913 cpe: cpe:2.3:a:forgerock:openam:*:*:*:*:*:*:*:* metadata: max-request: 3 vendor: forgerock product: openam - shodan-query: http.title:"openam" + shodan-query: + - http.title:"OpenAM" + - http.title:"openam" fofa-query: title="openam" google-query: intitle:"openam" tags: cve2021,cve,openam,ldap,injection,forgerock diff --git a/http/cves/2021/CVE-2021-29200.yaml b/http/cves/2021/CVE-2021-29200.yaml index f05f008c9b1..a8af10f7da0 100644 --- a/http/cves/2021/CVE-2021-29200.yaml +++ b/http/cves/2021/CVE-2021-29200.yaml @@ -25,13 +25,13 @@ info: vendor: apache product: ofbiz shodan-query: + - html:"OFBiz" - http.html:"ofbiz" - ofbiz.visitor= - - http.html:"apache ofbiz" fofa-query: - - app="apache_ofbiz" + - app="Apache_OFBiz" - body="ofbiz" - - body="apache ofbiz" + - app="apache_ofbiz" tags: cve2021,cve,apache,ofbiz,deserialization,rce http: diff --git a/http/cves/2021/CVE-2021-29203.yaml b/http/cves/2021/CVE-2021-29203.yaml index b52c86bc1f2..2d6acc03b67 100644 --- a/http/cves/2021/CVE-2021-29203.yaml +++ b/http/cves/2021/CVE-2021-29203.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-29203 cwe-id: CWE-306 - epss-score: 0.86798 - epss-percentile: 0.99374 + epss-score: 0.95563 + epss-percentile: 0.99393 cpe: cpe:2.3:a:hp:edgeline_infrastructure_manager:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2021/CVE-2021-29441.yaml b/http/cves/2021/CVE-2021-29441.yaml index dbe8a772eeb..d9bfc3f4270 100644 --- a/http/cves/2021/CVE-2021-29441.yaml +++ b/http/cves/2021/CVE-2021-29441.yaml @@ -34,12 +34,6 @@ info: max-request: 2 vendor: alibaba product: nacos - fofa-query: - - app="nacos" - - title="nacos" - - title=="nacos" - shodan-query: http.title:"nacos" - google-query: intitle:"nacos" tags: cve2021,cve,nacos,auth-bypass,alibaba http: diff --git a/http/cves/2021/CVE-2021-29442.yaml b/http/cves/2021/CVE-2021-29442.yaml index 7c58bdf55b9..54df8654974 100644 --- a/http/cves/2021/CVE-2021-29442.yaml +++ b/http/cves/2021/CVE-2021-29442.yaml @@ -28,12 +28,6 @@ info: max-request: 1 vendor: alibaba product: nacos - fofa-query: - - app="nacos" - - title="nacos" - - title=="nacos" - shodan-query: http.title:"nacos" - google-query: intitle:"nacos" tags: cve2021,cve,nacos,auth-bypass,alibaba http: diff --git a/http/cves/2021/CVE-2021-29484.yaml b/http/cves/2021/CVE-2021-29484.yaml index 559957427ea..7cf39b09476 100644 --- a/http/cves/2021/CVE-2021-29484.yaml +++ b/http/cves/2021/CVE-2021-29484.yaml @@ -30,7 +30,6 @@ info: product: ghost framework: node.js shodan-query: http.component:"ghost" - fofa-query: app="ghost" tags: cve2021,cve,xss,ghost,node.js http: diff --git a/http/cves/2021/CVE-2021-29490.yaml b/http/cves/2021/CVE-2021-29490.yaml index eae7212d555..974722bf608 100644 --- a/http/cves/2021/CVE-2021-29490.yaml +++ b/http/cves/2021/CVE-2021-29490.yaml @@ -28,13 +28,8 @@ info: max-request: 2 vendor: jellyfin product: jellyfin - shodan-query: - - http.title:"jellyfin" - - http.html:"jellyfin" - fofa-query: - - body="jellyfin" - - title="jellyfin" - - title="jellyfin" || body="http://jellyfin.media" + shodan-query: http.title:"Jellyfin" + fofa-query: body="jellyfin" google-query: intitle:"jellyfin" tags: cve,cve2021,ssrf,jellyfin,oast diff --git a/http/cves/2021/CVE-2021-29505.yaml b/http/cves/2021/CVE-2021-29505.yaml index 96e22c18aeb..a260fbf60f8 100644 --- a/http/cves/2021/CVE-2021-29505.yaml +++ b/http/cves/2021/CVE-2021-29505.yaml @@ -16,16 +16,16 @@ info: - https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc - https://nvd.nist.gov/vuln/detail/cve-2021-29505 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 7.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 cve-id: CVE-2021-29505 - cwe-id: CWE-94,CWE-502 - epss-score: 0.91964 - epss-percentile: 0.99673 - cpe: cpe:2.3:a:xstream:xstream:*:*:*:*:*:*:*:* + cwe-id: CWE-502 + epss-score: 0.04677 + epss-percentile: 0.91814 + cpe: cpe:2.3:a:xstream_project:xstream:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: xstream + vendor: xstream_project product: xstream tags: cve2021,cve,oast,vulhub,xstream,deserialization,rce,xstream_project diff --git a/http/cves/2021/CVE-2021-29625.yaml b/http/cves/2021/CVE-2021-29625.yaml index fbfdaee15b5..e0a411df09d 100644 --- a/http/cves/2021/CVE-2021-29625.yaml +++ b/http/cves/2021/CVE-2021-29625.yaml @@ -3,7 +3,7 @@ id: CVE-2021-29625 info: name: Adminer <=4.8.0 - Cross-Site Scripting author: daffainfo - severity: high + severity: medium description: Adminer 4.6.1 to 4.8.0 contains a cross-site scripting vulnerability which affects users of MySQL, MariaDB, PgSQL, and SQLite in browsers without CSP when Adminer uses a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled). impact: | Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the Adminer interface, potentially leading to session hijacking, defacement, or theft of sensitive information. @@ -15,12 +15,12 @@ info: - https://github.com/vrana/adminer/security/advisories/GHSA-2v82-5746-vwqc - https://github.com/ARPSyndicate/cvemon classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H - cvss-score: 7.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2021-29625 cwe-id: CWE-79 - epss-score: 0.71909 - epss-percentile: 0.98642 + epss-score: 0.00236 + epss-percentile: 0.61643 cpe: cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-3002.yaml b/http/cves/2021/CVE-2021-3002.yaml index 49fe33638dc..6de3a4ea382 100644 --- a/http/cves/2021/CVE-2021-3002.yaml +++ b/http/cves/2021/CVE-2021-3002.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-3002 cwe-id: CWE-79 - epss-score: 0.22726 - epss-percentile: 0.95547 + epss-score: 0.00143 + epss-percentile: 0.50121 cpe: cpe:2.3:a:seopanel:seo_panel:4.8.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-30049.yaml b/http/cves/2021/CVE-2021-30049.yaml index 9ab821129ca..1b3f28344c6 100644 --- a/http/cves/2021/CVE-2021-30049.yaml +++ b/http/cves/2021/CVE-2021-30049.yaml @@ -14,23 +14,20 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-30049 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-30049 cwe-id: CWE-79 - epss-score: 0.10567 - epss-percentile: 0.92858 + epss-score: 0.00113 + epss-percentile: 0.44743 cpe: cpe:2.3:a:sysaid:sysaid:20.3.64:b14:*:*:*:*:*:* metadata: max-request: 1 vendor: sysaid product: sysaid - shodan-query: http.favicon.hash:"1540720428" - fofa-query: - - icon_hash=1540720428 - - icon_hash="1540720428" + shodan-query: http.favicon.hash:1540720428 + fofa-query: icon_hash=1540720428 tags: cve2021,cve,xss,sysaid http: diff --git a/http/cves/2021/CVE-2021-30128.yaml b/http/cves/2021/CVE-2021-30128.yaml index 875ef9a0a09..35f448bdd99 100644 --- a/http/cves/2021/CVE-2021-30128.yaml +++ b/http/cves/2021/CVE-2021-30128.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-30128 cwe-id: CWE-502 - epss-score: 0.94067 - epss-percentile: 0.99888 + epss-score: 0.59411 + epss-percentile: 0.97756 cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* metadata: verified: true @@ -31,11 +31,10 @@ info: shodan-query: - http.html:"ofbiz" - ofbiz.visitor= - - http.html:"apache ofbiz" fofa-query: - - app="apache_ofbiz" + - app="Apache_OFBiz" - body="ofbiz" - - body="apache ofbiz" + - app="apache_ofbiz" tags: cve2021,cve,apache,ofbiz,deserialization,rce http: diff --git a/http/cves/2021/CVE-2021-30134.yaml b/http/cves/2021/CVE-2021-30134.yaml index 1fa192ea142..c1813a5ed8a 100644 --- a/http/cves/2021/CVE-2021-30134.yaml +++ b/http/cves/2021/CVE-2021-30134.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-30134 cwe-id: CWE-79 - epss-score: 0.08836 - epss-percentile: 0.92067 + epss-score: 0.00099 + epss-percentile: 0.41025 cpe: cpe:2.3:a:php_curl_class_project:php_curl_class:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-30151.yaml b/http/cves/2021/CVE-2021-30151.yaml index 8ccb8ec7ba3..f4d28a73657 100644 --- a/http/cves/2021/CVE-2021-30151.yaml +++ b/http/cves/2021/CVE-2021-30151.yaml @@ -27,7 +27,9 @@ info: max-request: 2 vendor: contribsys product: sidekiq - shodan-query: http.title:"sidekiq" + shodan-query: + - title:"Sidekiq" + - http.title:"sidekiq" fofa-query: title="sidekiq" google-query: intitle:"sidekiq" tags: cve2021,cve,xss,sidekiq,authenticated,contribsys diff --git a/http/cves/2021/CVE-2021-3017.yaml b/http/cves/2021/CVE-2021-3017.yaml index 2088b5d7fe8..aee47c2f591 100644 --- a/http/cves/2021/CVE-2021-3017.yaml +++ b/http/cves/2021/CVE-2021-3017.yaml @@ -19,13 +19,13 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-3017 - epss-score: 0.68784 - epss-percentile: 0.9851 - cpe: cpe:2.3:o:intelbras:win_300_firmware:*:*:*:*:*:*:*:* + epss-score: 0.01563 + epss-percentile: 0.87211 + cpe: cpe:2.3:h:intelbras:win_300:-:*:*:*:*:*:*:* metadata: max-request: 1 vendor: intelbras - product: win_300_firmware + product: win_300 tags: cve2021,cve,exposure,router,intelbras http: diff --git a/http/cves/2021/CVE-2021-30175.yaml b/http/cves/2021/CVE-2021-30175.yaml index f648398e3d5..b80ec5bd376 100644 --- a/http/cves/2021/CVE-2021-30175.yaml +++ b/http/cves/2021/CVE-2021-30175.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-30175 cwe-id: CWE-89 - epss-score: 0.7447 - epss-percentile: 0.98767 + epss-score: 0.06252 + epss-percentile: 0.93587 cpe: cpe:2.3:a:zerof:web_server:1.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-3019.yaml b/http/cves/2021/CVE-2021-3019.yaml index 6a992aaf4f2..b677c63a9cf 100644 --- a/http/cves/2021/CVE-2021-3019.yaml +++ b/http/cves/2021/CVE-2021-3019.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-3019 cwe-id: CWE-22 - epss-score: 0.92357 - epss-percentile: 0.99708 + epss-score: 0.01119 + epss-percentile: 0.84553 cpe: cpe:2.3:a:lanproxy_project:lanproxy:0.1:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-30213.yaml b/http/cves/2021/CVE-2021-30213.yaml index 0baf7dbe63f..d69943d9629 100644 --- a/http/cves/2021/CVE-2021-30213.yaml +++ b/http/cves/2021/CVE-2021-30213.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-30213 cwe-id: CWE-79 - epss-score: 0.02977 - epss-percentile: 0.8585 + epss-score: 0.00106 + epss-percentile: 0.43249 cpe: cpe:2.3:a:eng:knowage:7.3.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-30461.yaml b/http/cves/2021/CVE-2021-30461.yaml index bd40e68f64f..fc5d7ea76df 100644 --- a/http/cves/2021/CVE-2021-30461.yaml +++ b/http/cves/2021/CVE-2021-30461.yaml @@ -21,14 +21,16 @@ info: cvss-score: 9.8 cve-id: CVE-2021-30461 cwe-id: CWE-94 - epss-score: 0.93253 - epss-percentile: 0.99791 + epss-score: 0.95518 + epss-percentile: 0.99386 cpe: cpe:2.3:a:voipmonitor:voipmonitor:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: voipmonitor product: voipmonitor - shodan-query: http.title:"voipmonitor" + shodan-query: + - http.title:"VoIPmonitor" + - http.title:"voipmonitor" fofa-query: title="voipmonitor" google-query: intitle:"voipmonitor" tags: cve2021,cve,rce,voipmonitor diff --git a/http/cves/2021/CVE-2021-3110.yaml b/http/cves/2021/CVE-2021-3110.yaml index 1e60c94388d..24725edb74b 100644 --- a/http/cves/2021/CVE-2021-3110.yaml +++ b/http/cves/2021/CVE-2021-3110.yaml @@ -21,20 +21,14 @@ info: cvss-score: 9.8 cve-id: CVE-2021-3110 cwe-id: CWE-89 - epss-score: 0.68646 - epss-percentile: 0.98504 + epss-score: 0.83896 + epss-percentile: 0.98474 cpe: cpe:2.3:a:prestashop:prestashop:1.7.7.0:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 vendor: prestashop product: prestashop - shodan-query: - - cpe:"cpe:2.3:a:prestashop:prestashop" - - http.component:"prestashop" - - http.title:"prestashop installation assistant" - fofa-query: title="prestashop installation assistant" - google-query: intitle:"prestashop installation assistant" + shodan-query: cpe:"cpe:2.3:a:prestashop:prestashop" tags: time-based-sqli,cve,cve2021,sqli,prestshop,edb,prestashop http: diff --git a/http/cves/2021/CVE-2021-31195.yaml b/http/cves/2021/CVE-2021-31195.yaml index dd7b7c358bb..a959c3986c1 100644 --- a/http/cves/2021/CVE-2021-31195.yaml +++ b/http/cves/2021/CVE-2021-31195.yaml @@ -19,27 +19,23 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N cvss-score: 6.5 cve-id: CVE-2021-31195 - cwe-id: CWE-290,NVD-CWE-noinfo - epss-score: 0.72621 - epss-percentile: 0.98677 + cwe-id: CWE-79 + epss-score: 0.92082 + epss-percentile: 0.98927 cpe: cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* metadata: max-request: 1 vendor: microsoft product: exchange_server shodan-query: + - http.title:"Outlook" + - http.favicon.hash:1768726119 - http.title:"outlook" - - http.favicon.hash:"1768726119" - cpe:"cpe:2.3:a:microsoft:exchange_server" - - http.title:"outlook exchange" - - vuln:"cve-2021-26855" fofa-query: - title="outlook" - icon_hash=1768726119 - - title=outlook exchange - google-query: - - intitle:"outlook" - - intitle:outlook exchange + google-query: intitle:"outlook" tags: cve2021,cve,microsoft,exchange,owa,xss http: diff --git a/http/cves/2021/CVE-2021-31250.yaml b/http/cves/2021/CVE-2021-31250.yaml index 4465bf6b17f..6fe2084f4a1 100644 --- a/http/cves/2021/CVE-2021-31250.yaml +++ b/http/cves/2021/CVE-2021-31250.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5.4 cve-id: CVE-2021-31250 cwe-id: CWE-79 - epss-score: 0.85009 - epss-percentile: 0.99283 + epss-score: 0.97029 + epss-percentile: 0.9975 cpe: cpe:2.3:o:chiyu-tech:bf-430_firmware:-:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-3129.yaml b/http/cves/2021/CVE-2021-3129.yaml index 214d0c82a93..adcc38c8850 100644 --- a/http/cves/2021/CVE-2021-3129.yaml +++ b/http/cves/2021/CVE-2021-3129.yaml @@ -19,8 +19,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-3129 - epss-score: 0.94287 - epss-percentile: 0.99928 + epss-score: 0.97461 + epss-percentile: 0.99957 cpe: cpe:2.3:a:facade:ignition:*:*:*:*:*:laravel:*:* metadata: max-request: 6 diff --git a/http/cves/2021/CVE-2021-31316.yaml b/http/cves/2021/CVE-2021-31316.yaml index 9653e6fff34..01f10bd2852 100644 --- a/http/cves/2021/CVE-2021-31316.yaml +++ b/http/cves/2021/CVE-2021-31316.yaml @@ -9,26 +9,19 @@ info: reference: - https://www.shielder.com/advisories/centos-web-panel-idsession-root-rce/ - https://nvd.nist.gov/vuln/detail/CVE-2021-31316 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 - cve-id: CVE-2021-31316 + cve-id: CVE-2021-31324 cwe-id: CWE-89 - epss-score: 0.48957 - epss-percentile: 0.97609 cpe: cpe:2.3:a:control-webpanel:webpanel:-:*:*:*:*:*:*:* metadata: - max-request: 2 - vendor: "control-webpanel" + vendor: control-webpanel product: webpanel - shodan-query: http.title:"login | control webpanel" - fofa-query: - - title="login | control webpanel" - - title=="cwp |用户" || title=="login | centos webpanel" || body="centos webpanel" - google-query: intitle:"login | control webpanel" - tags: cve,cve2021,centos,cwpsrv,sqli,control-webpanel + shodan-query: title:"Login | Control WebPanel" + fofa-query: title="Login | Control WebPanel" + tags: cve,cve2021,centos,cwpsrv,sqli + flow: http(1) && http(2) http: diff --git a/http/cves/2021/CVE-2021-31324.yaml b/http/cves/2021/CVE-2021-31324.yaml index b3c7d25e85f..1d588d42894 100644 --- a/http/cves/2021/CVE-2021-31324.yaml +++ b/http/cves/2021/CVE-2021-31324.yaml @@ -16,15 +16,12 @@ info: cwe-id: CWE-78 cpe: cpe:2.3:a:control-webpanel:webpanel:-:*:*:*:*:*:*:* metadata: - max-request: 2 - vendor: "control-webpanel" + vendor: control-webpanel product: webpanel - shodan-query: http.title:"login | control webpanel" - fofa-query: - - title="login | control webpanel" - - title=="cwp |用户" || title=="login | centos webpanel" || body="centos webpanel" - google-query: intitle:"login | control webpanel" - tags: cve,cve2021,centos,cwpsrv,os,rce,control-webpanel + shodan-query: title:"Login | Control WebPanel" + fofa-query: title="Login | Control WebPanel" + tags: cve,cve2021,centos,cwpsrv,os,rce + flow: http(1) && http(2) http: diff --git a/http/cves/2021/CVE-2021-31537.yaml b/http/cves/2021/CVE-2021-31537.yaml index e161d49fc26..19cca79fdb5 100644 --- a/http/cves/2021/CVE-2021-31537.yaml +++ b/http/cves/2021/CVE-2021-31537.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-31537 cwe-id: CWE-79 - epss-score: 0.73811 - epss-percentile: 0.98729 + epss-score: 0.00355 + epss-percentile: 0.71969 cpe: cpe:2.3:a:sisinformatik:sis-rewe_go:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-31581.yaml b/http/cves/2021/CVE-2021-31581.yaml index 1378dc5595d..f63577aa452 100644 --- a/http/cves/2021/CVE-2021-31581.yaml +++ b/http/cves/2021/CVE-2021-31581.yaml @@ -3,7 +3,7 @@ id: CVE-2021-31581 info: name: Akkadian Provisioning Manager - Information Disclosure author: geeknik - severity: high + severity: medium description: Akkadian Provisioning Manager is susceptible to information disclosure. The restricted shell provided can be escaped by abusing the Edit MySQL Configuration command. This command launches a standard VI editor interface which can then be escaped. impact: | An attacker can exploit this vulnerability to access sensitive information, such as user credentials or system configuration details. @@ -15,12 +15,12 @@ info: - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/ARPSyndicate/cvemon classification: - cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N - cvss-score: 7.9 + cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N + cvss-score: 4.4 cve-id: CVE-2021-31581 cwe-id: CWE-269,CWE-312 - epss-score: 0.05024 - epss-percentile: 0.89199 + epss-score: 0.00213 + epss-percentile: 0.59248 cpe: cpe:2.3:a:akkadianlabs:ova_appliance:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-31589.yaml b/http/cves/2021/CVE-2021-31589.yaml index abacf1a9715..c4b2ab43c6e 100644 --- a/http/cves/2021/CVE-2021-31589.yaml +++ b/http/cves/2021/CVE-2021-31589.yaml @@ -20,15 +20,17 @@ info: cvss-score: 6.1 cve-id: CVE-2021-31589 cwe-id: CWE-79 - epss-score: 0.20133 - epss-percentile: 0.95169 + epss-score: 0.00286 + epss-percentile: 0.68716 cpe: cpe:2.3:o:beyondtrust:appliance_base_software:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: beyondtrust product: appliance_base_software - shodan-query: set-cookie:"nsbase_session" - google-query: '"beyondtrust" "redistribution prohibited"' + shodan-query: 'set-cookie: nsbase_session' + google-query: + - '"BeyondTrust" "Redistribution Prohibited"' + - '"beyondtrust" "redistribution prohibited"' tags: cve,cve2021,xss,packetstorm,beyondtrust,bomgar http: diff --git a/http/cves/2021/CVE-2021-31602.yaml b/http/cves/2021/CVE-2021-31602.yaml index 993be82bce7..6d4d7cf5eb7 100644 --- a/http/cves/2021/CVE-2021-31602.yaml +++ b/http/cves/2021/CVE-2021-31602.yaml @@ -3,7 +3,7 @@ id: CVE-2021-31602 info: name: Hitachi Vantara Pentaho/Business Intelligence Server - Authentication Bypass author: pussycat0x - severity: medium + severity: high description: Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x are vulnerable to authentication bypass. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml file. The default configuration allows an unauthenticated user with no previous knowledge of the platform settings to extract pieces of information without possessing valid credentials. impact: | Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the server. @@ -16,18 +16,20 @@ info: - https://www.hitachi.com/hirt/security/index.html - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31602 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 cve-id: CVE-2021-31602 cwe-id: CWE-287 - epss-score: 0.93108 - epss-percentile: 0.99775 + epss-score: 0.25923 + epss-percentile: 0.9671 cpe: cpe:2.3:a:hitachi:vantara_pentaho:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: hitachi product: vantara_pentaho - shodan-query: pentaho + shodan-query: + - Pentaho + - pentaho tags: cve2021,cve,spring,seclists,pentaho,auth-bypass,hitachi http: diff --git a/http/cves/2021/CVE-2021-31682.yaml b/http/cves/2021/CVE-2021-31682.yaml index ca564428022..0ba7828ad28 100644 --- a/http/cves/2021/CVE-2021-31682.yaml +++ b/http/cves/2021/CVE-2021-31682.yaml @@ -27,7 +27,9 @@ info: max-request: 1 vendor: automatedlogic product: webctrl - shodan-query: http.html:"/_common/lvl5/dologin.jsp" + shodan-query: + - html:"/_common/lvl5/dologin.jsp" + - http.html:"/_common/lvl5/dologin.jsp" fofa-query: body="/_common/lvl5/dologin.jsp" tags: cve2021,cve,webctrl,xss,packetstorm,automatedlogic diff --git a/http/cves/2021/CVE-2021-31755.yaml b/http/cves/2021/CVE-2021-31755.yaml index 5759b48e652..abf36357045 100644 --- a/http/cves/2021/CVE-2021-31755.yaml +++ b/http/cves/2021/CVE-2021-31755.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-31755 cwe-id: CWE-787 - epss-score: 0.9423 - epss-percentile: 0.99915 + epss-score: 0.97104 + epss-percentile: 0.99781 cpe: cpe:2.3:o:tenda:ac11_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-31856.yaml b/http/cves/2021/CVE-2021-31856.yaml index ff113279475..b6842aadaf6 100644 --- a/http/cves/2021/CVE-2021-31856.yaml +++ b/http/cves/2021/CVE-2021-31856.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-31856 cwe-id: CWE-89 - epss-score: 0.83467 - epss-percentile: 0.99209 + epss-score: 0.03274 + epss-percentile: 0.91056 cpe: cpe:2.3:a:layer5:meshery:0.5.2:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-31862.yaml b/http/cves/2021/CVE-2021-31862.yaml index 39cfcdc2f49..27d3f81f4ae 100644 --- a/http/cves/2021/CVE-2021-31862.yaml +++ b/http/cves/2021/CVE-2021-31862.yaml @@ -20,17 +20,15 @@ info: cvss-score: 6.1 cve-id: CVE-2021-31862 cwe-id: CWE-79 - epss-score: 0.41302 - epss-percentile: 0.97213 + epss-score: 0.00141 + epss-percentile: 0.48947 cpe: cpe:2.3:a:sysaid:sysaid:20.4.74:*:*:*:*:*:*:* metadata: max-request: 1 vendor: sysaid product: sysaid - shodan-query: http.favicon.hash:"1540720428" - fofa-query: - - icon_hash=1540720428 - - icon_hash="1540720428" + shodan-query: http.favicon.hash:1540720428 + fofa-query: icon_hash=1540720428 tags: cve2021,cve,xss,sysaid http: diff --git a/http/cves/2021/CVE-2021-32030.yaml b/http/cves/2021/CVE-2021-32030.yaml index 16465da5153..c309d61fe89 100644 --- a/http/cves/2021/CVE-2021-32030.yaml +++ b/http/cves/2021/CVE-2021-32030.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-32030 cwe-id: CWE-287 - epss-score: 0.93443 - epss-percentile: 0.99806 + epss-score: 0.48092 + epss-percentile: 0.9739 cpe: cpe:2.3:o:asus:gt-ac2900_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-32172.yaml b/http/cves/2021/CVE-2021-32172.yaml index aa8f45b1b5b..d16392210d2 100644 --- a/http/cves/2021/CVE-2021-32172.yaml +++ b/http/cves/2021/CVE-2021-32172.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-32172 cwe-id: CWE-862 - epss-score: 0.70441 - epss-percentile: 0.98579 + epss-score: 0.26906 + epss-percentile: 0.9666 cpe: cpe:2.3:a:maianscriptworld:maian_cart:3.8:*:*:*:*:*:*:* metadata: max-request: 3 diff --git a/http/cves/2021/CVE-2021-3223.yaml b/http/cves/2021/CVE-2021-3223.yaml index dc6e48c25a4..51cdee986da 100644 --- a/http/cves/2021/CVE-2021-3223.yaml +++ b/http/cves/2021/CVE-2021-3223.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-3223 cwe-id: CWE-22 - epss-score: 0.88649 - epss-percentile: 0.99465 + epss-score: 0.09614 + epss-percentile: 0.94637 cpe: cpe:2.3:a:nodered:node-red-dashboard:*:*:*:*:*:node.js:*:* metadata: verified: true @@ -29,8 +29,12 @@ info: vendor: nodered product: node-red-dashboard framework: node.js - shodan-query: http.title:"node-red" - fofa-query: title="node-red" + shodan-query: + - title:"Node-RED" + - http.title:"node-red" + fofa-query: + - title="Node-RED" + - title="node-red" google-query: intitle:"node-red" tags: cve,cve2021,node-red-dashboard,lfi,nodered,node.js diff --git a/http/cves/2021/CVE-2021-32305.yaml b/http/cves/2021/CVE-2021-32305.yaml index 56ee33dc034..61a1830c549 100644 --- a/http/cves/2021/CVE-2021-32305.yaml +++ b/http/cves/2021/CVE-2021-32305.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-32305 cwe-id: CWE-78 - epss-score: 0.93293 - epss-percentile: 0.99794 + epss-score: 0.96624 + epss-percentile: 0.99551 cpe: cpe:2.3:a:websvn:websvn:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-32618.yaml b/http/cves/2021/CVE-2021-32618.yaml index 7d9e5e9c472..376ed49c5b7 100644 --- a/http/cves/2021/CVE-2021-32618.yaml +++ b/http/cves/2021/CVE-2021-32618.yaml @@ -3,7 +3,7 @@ id: CVE-2021-32618 info: name: Python Flask-Security - Open Redirect author: 0x_Akoko - severity: low + severity: medium description: Python Flask-Security contains an open redirect vulnerability. Existing code validates that the URL specified in the next parameter is either relative or has the same network location as the requesting URL. Certain browsers accept and fill in the blanks of possibly incomplete or malformed URLs. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. impact: | An attacker can craft a malicious URL that redirects users to a malicious website, leading to potential phishing attacks or the exploitation of other vulnerabilities. @@ -16,12 +16,12 @@ info: - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N - cvss-score: 3.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2021-32618 cwe-id: CWE-601 - epss-score: 0.17163 - epss-percentile: 0.94636 + epss-score: 0.00113 + epss-percentile: 0.44665 cpe: cpe:2.3:a:flask-security_project:flask-security:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-32682.yaml b/http/cves/2021/CVE-2021-32682.yaml index 4a6b724f54d..2dc6f435f14 100644 --- a/http/cves/2021/CVE-2021-32682.yaml +++ b/http/cves/2021/CVE-2021-32682.yaml @@ -27,9 +27,6 @@ info: vendor: std42 product: elfinder github: https://github.com/Studio-42/elFinder - shodan-query: http.title:"elfinder" - fofa-query: title="elfinder" - google-query: intitle:"elfinder" tags: cve2021,cve,elfinder,misconfig,rce,oss,std42 http: diff --git a/http/cves/2021/CVE-2021-32789.yaml b/http/cves/2021/CVE-2021-32789.yaml index c34c87765aa..dfccb53bf35 100644 --- a/http/cves/2021/CVE-2021-32789.yaml +++ b/http/cves/2021/CVE-2021-32789.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-32789 cwe-id: CWE-89 - epss-score: 0.91703 - epss-percentile: 0.99652 + epss-score: 0.09336 + epss-percentile: 0.94559 cpe: cpe:2.3:a:automattic:woocommerce_blocks:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-32819.yaml b/http/cves/2021/CVE-2021-32819.yaml index d6f3907cead..075a7364ab6 100644 --- a/http/cves/2021/CVE-2021-32819.yaml +++ b/http/cves/2021/CVE-2021-32819.yaml @@ -17,12 +17,12 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-32819 - https://github.com/squirrellyjs/squirrelly/commit/c12418a026f73df645ba927fd29358efe02fed1e classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N - cvss-score: 8 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H + cvss-score: 8.8 cve-id: CVE-2021-32819 cwe-id: CWE-200,NVD-CWE-noinfo - epss-score: 0.88891 - epss-percentile: 0.99484 + epss-score: 0.79486 + epss-percentile: 0.98284 cpe: cpe:2.3:a:squirrelly:squirrelly:8.0.8:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-32820.yaml b/http/cves/2021/CVE-2021-32820.yaml index cf61c5c0a05..806c0fa55d0 100644 --- a/http/cves/2021/CVE-2021-32820.yaml +++ b/http/cves/2021/CVE-2021-32820.yaml @@ -19,9 +19,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N cvss-score: 8.6 cve-id: CVE-2021-32820 - cwe-id: CWE-200,CWE-94 - epss-score: 0.91326 - epss-percentile: 0.99626 + cwe-id: CWE-94,CWE-200 + epss-score: 0.01756 + epss-percentile: 0.8795 cpe: cpe:2.3:a:express_handlebars_project:express_handlebars:*:*:*:*:*:node.js:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-3293.yaml b/http/cves/2021/CVE-2021-3293.yaml index 831cd493396..b107922c8bd 100644 --- a/http/cves/2021/CVE-2021-3293.yaml +++ b/http/cves/2021/CVE-2021-3293.yaml @@ -27,7 +27,6 @@ info: max-request: 1 vendor: emlog product: emlog - fofa-query: title="emlog" tags: cve2021,cve,emlog,fpd http: diff --git a/http/cves/2021/CVE-2021-3297.yaml b/http/cves/2021/CVE-2021-3297.yaml index 5a852d8a50a..23ca206ea93 100644 --- a/http/cves/2021/CVE-2021-3297.yaml +++ b/http/cves/2021/CVE-2021-3297.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.8 cve-id: CVE-2021-3297 cwe-id: CWE-287 - epss-score: 0.80018 - epss-percentile: 0.99044 + epss-score: 0.26301 + epss-percentile: 0.96731 cpe: cpe:2.3:o:zyxel:nbg2105_firmware:v1.00\(aagu.2\)c0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-33357.yaml b/http/cves/2021/CVE-2021-33357.yaml index 9e334267ce1..4e20635d44e 100644 --- a/http/cves/2021/CVE-2021-33357.yaml +++ b/http/cves/2021/CVE-2021-33357.yaml @@ -21,14 +21,14 @@ info: cvss-score: 9.8 cve-id: CVE-2021-33357 cwe-id: CWE-78 - epss-score: 0.91769 - epss-percentile: 0.99657 + epss-score: 0.96707 + epss-percentile: 0.99648 cpe: cpe:2.3:a:raspap:raspap:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: raspap product: raspap - shodan-query: http.favicon.hash:"-1465760059" + shodan-query: http.favicon.hash:-1465760059 fofa-query: icon_hash=-1465760059 tags: cve2021,cve,rce,raspap,oast diff --git a/http/cves/2021/CVE-2021-33690.yaml b/http/cves/2021/CVE-2021-33690.yaml index 5b9f51e5577..0dcd37e4a84 100644 --- a/http/cves/2021/CVE-2021-33690.yaml +++ b/http/cves/2021/CVE-2021-33690.yaml @@ -18,15 +18,17 @@ info: cvss-score: 9.9 cve-id: CVE-2021-33690 cwe-id: CWE-918 - epss-score: 0.92317 - epss-percentile: 0.99702 + epss-score: 0.3856 + epss-percentile: 0.97133 cpe: cpe:2.3:a:sap:netweaver_development_infrastructure:7.11:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: sap product: netweaver_development_infrastructure - shodan-query: http.html:"sap netweaver" + shodan-query: + - html:"SAP NetWeaver" + - http.html:"sap netweaver" fofa-query: body="sap netweaver" tags: cve2021,cve,oast,ssrf,sap diff --git a/http/cves/2021/CVE-2021-3374.yaml b/http/cves/2021/CVE-2021-3374.yaml index 784e8e4ecdb..6f8dd34d569 100644 --- a/http/cves/2021/CVE-2021-3374.yaml +++ b/http/cves/2021/CVE-2021-3374.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5.3 cve-id: CVE-2021-3374 cwe-id: CWE-22 - epss-score: 0.74626 - epss-percentile: 0.98776 + epss-score: 0.00235 + epss-percentile: 0.61494 cpe: cpe:2.3:a:rstudio:shiny_server:*:*:*:*:pro:*:*:* metadata: max-request: 2 diff --git a/http/cves/2021/CVE-2021-3377.yaml b/http/cves/2021/CVE-2021-3377.yaml index 4461cf6664d..7ec66a40c1f 100644 --- a/http/cves/2021/CVE-2021-3377.yaml +++ b/http/cves/2021/CVE-2021-3377.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-3377 cwe-id: CWE-79 - epss-score: 0.30992 - epss-percentile: 0.96478 + epss-score: 0.00129 + epss-percentile: 0.47703 cpe: cpe:2.3:a:ansi_up_project:ansi_up:*:*:*:*:*:node.js:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-33807.yaml b/http/cves/2021/CVE-2021-33807.yaml index 4b7fb5d3662..66595c68472 100644 --- a/http/cves/2021/CVE-2021-33807.yaml +++ b/http/cves/2021/CVE-2021-33807.yaml @@ -27,7 +27,6 @@ info: max-request: 1 vendor: gespage product: gespage - shodan-query: path=/gespage tags: cve2021,cve,lfi,gespage http: diff --git a/http/cves/2021/CVE-2021-33851.yaml b/http/cves/2021/CVE-2021-33851.yaml index 4576d80782b..d7a90de173d 100644 --- a/http/cves/2021/CVE-2021-33851.yaml +++ b/http/cves/2021/CVE-2021-33851.yaml @@ -21,8 +21,8 @@ info: cvss-score: 5.4 cve-id: CVE-2021-33851 cwe-id: CWE-79 - epss-score: 0.06206 - epss-percentile: 0.90361 + epss-score: 0.00069 + epss-percentile: 0.29862 cpe: cpe:2.3:a:apasionados:customize_login_image:3.4:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-33904.yaml b/http/cves/2021/CVE-2021-33904.yaml index 08d138a9bc1..8507cf6862d 100644 --- a/http/cves/2021/CVE-2021-33904.yaml +++ b/http/cves/2021/CVE-2021-33904.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-33904 cwe-id: CWE-79 - epss-score: 0.06903 - epss-percentile: 0.9089 + epss-score: 0.00182 + epss-percentile: 0.55425 cpe: cpe:2.3:a:accela:civic_platform:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-34370.yaml b/http/cves/2021/CVE-2021-34370.yaml index 5be100d2243..4fa89fe1b49 100644 --- a/http/cves/2021/CVE-2021-34370.yaml +++ b/http/cves/2021/CVE-2021-34370.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-34370 cwe-id: CWE-79 - epss-score: 0.05475 - epss-percentile: 0.89683 + epss-score: 0.00183 + epss-percentile: 0.55682 cpe: cpe:2.3:a:accela:civic_platform:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-34429.yaml b/http/cves/2021/CVE-2021-34429.yaml index a6cb255e0b0..9b2ef78d210 100644 --- a/http/cves/2021/CVE-2021-34429.yaml +++ b/http/cves/2021/CVE-2021-34429.yaml @@ -21,21 +21,14 @@ info: cvss-score: 5.3 cve-id: CVE-2021-34429 cwe-id: CWE-200,NVD-CWE-Other - epss-score: 0.93804 - epss-percentile: 0.9985 + epss-score: 0.45704 + epss-percentile: 0.97324 cpe: cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: eclipse product: jetty - shodan-query: - - cpe:"cpe:2.3:a:eclipse:jetty" - - http.html:"contexts known to this" - - http.title:"powered by jetty" - fofa-query: - - body="contexts known to this" - - title="powered by jetty" - google-query: intitle:"powered by jetty" + shodan-query: cpe:"cpe:2.3:a:eclipse:jetty" tags: cve2021,cve,jetty,eclipse http: diff --git a/http/cves/2021/CVE-2021-34473.yaml b/http/cves/2021/CVE-2021-34473.yaml index 928ffd94cee..979ee865343 100644 --- a/http/cves/2021/CVE-2021-34473.yaml +++ b/http/cves/2021/CVE-2021-34473.yaml @@ -20,26 +20,22 @@ info: cvss-score: 9.1 cve-id: CVE-2021-34473 cwe-id: CWE-918 - epss-score: 0.94302 - epss-percentile: 0.99932 + epss-score: 0.97285 + epss-percentile: 0.99848 cpe: cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* metadata: max-request: 2 vendor: microsoft product: exchange_server shodan-query: - - vuln:"cve-2021-26855" - - http.favicon.hash:"1768726119" + - vuln:cve-2021-26855 + - http.favicon.hash:1768726119 - http.title:"outlook" - cpe:"cpe:2.3:a:microsoft:exchange_server" - - http.title:"outlook exchange" fofa-query: - title="outlook" - icon_hash=1768726119 - - title=outlook exchange - google-query: - - intitle:"outlook" - - intitle:outlook exchange + google-query: intitle:"outlook" tags: cve2021,cve,ssrf,rce,exchange,kev,microsoft http: diff --git a/http/cves/2021/CVE-2021-34630.yaml b/http/cves/2021/CVE-2021-34630.yaml index 42dc0914fd2..57d00cbf7b7 100644 --- a/http/cves/2021/CVE-2021-34630.yaml +++ b/http/cves/2021/CVE-2021-34630.yaml @@ -22,14 +22,13 @@ info: epss-percentile: 0.39315 cpe: cpe:2.3:a:gtranslate:gtranslate:*:*:*:*:enterprise:wordpress:*:* metadata: + verifiedl: true max-request: 1 vendor: gtranslate product: gtranslate framework: wordpress fofa-query: body="/wp-content/plugins/gtranslate" - verifiedl: true - shodan-query: http.html:"/wp-content/plugins/gtranslate" - tags: wpscan,cve,wordpress,wp,wp-plugin,gtranslate,xss,cve2021 + tags: cve,cve2022,wordpress,wp,wp-plugin,gtranslate,xss http: - method: GET diff --git a/http/cves/2021/CVE-2021-34643.yaml b/http/cves/2021/CVE-2021-34643.yaml index d98b9601a23..3818b53e37f 100644 --- a/http/cves/2021/CVE-2021-34643.yaml +++ b/http/cves/2021/CVE-2021-34643.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-34643 cwe-id: CWE-79 - epss-score: 0.23353 - epss-percentile: 0.95641 + epss-score: 0.00123 + epss-percentile: 0.46682 cpe: cpe:2.3:a:skaut-bazar_project:skaut-bazar:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2021/CVE-2021-35250.yaml b/http/cves/2021/CVE-2021-35250.yaml index 07fa362c834..1e3831a8dcb 100644 --- a/http/cves/2021/CVE-2021-35250.yaml +++ b/http/cves/2021/CVE-2021-35250.yaml @@ -20,19 +20,16 @@ info: cvss-score: 7.5 cve-id: CVE-2021-35250 cwe-id: CWE-22 - epss-score: 0.91387 - epss-percentile: 0.9963 + epss-score: 0.05835 + epss-percentile: 0.93393 cpe: cpe:2.3:a:solarwinds:serv-u:15.3:-:*:*:*:*:*:* metadata: max-request: 1 vendor: solarwinds product: serv-u shodan-query: + - product:"Rhinosoft Serv-U httpd" - product:"rhinosoft serv-u httpd" - - http.html:"serv-u" - fofa-query: - - body="serv-u" - - server="serv-u" tags: cve2021,cve,solarwinds,traversal http: diff --git a/http/cves/2021/CVE-2021-35265.yaml b/http/cves/2021/CVE-2021-35265.yaml index 8554501d603..27212ced5a4 100644 --- a/http/cves/2021/CVE-2021-35265.yaml +++ b/http/cves/2021/CVE-2021-35265.yaml @@ -21,14 +21,16 @@ info: cvss-score: 6.1 cve-id: CVE-2021-35265 cwe-id: CWE-79 - epss-score: 0.05313 - epss-percentile: 0.89516 + epss-score: 0.00141 + epss-percentile: 0.4979 cpe: cpe:2.3:a:maxsite:maxsite_cms:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: maxsite product: maxsite_cms - shodan-query: http.html:'content="maxsite cms' + shodan-query: + - html:'content="MaxSite CMS' + - http.html:'content="maxsite cms' fofa-query: body='content="maxsite cms' tags: cve2021,cve,maxsite,xss diff --git a/http/cves/2021/CVE-2021-35323.yaml b/http/cves/2021/CVE-2021-35323.yaml index 3a3682aa4ec..4081543e272 100644 --- a/http/cves/2021/CVE-2021-35323.yaml +++ b/http/cves/2021/CVE-2021-35323.yaml @@ -16,15 +16,17 @@ info: cvss-score: 6.1 cve-id: CVE-2021-35323 cwe-id: CWE-79 - epss-score: 0.03031 - epss-percentile: 0.85977 + epss-score: 0.00183 + epss-percentile: 0.55471 cpe: cpe:2.3:a:bludit:bludit:3.13.1:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: bludit product: bludit - shodan-query: http.title:"bludit" + shodan-query: + - title:"Bludit" + - http.title:"bludit" fofa-query: title="bludit" google-query: intitle:"bludit" tags: cve2021,cve,bludit,xss diff --git a/http/cves/2021/CVE-2021-35380.yaml b/http/cves/2021/CVE-2021-35380.yaml index 0a2d254887a..9469bbc89dd 100644 --- a/http/cves/2021/CVE-2021-35380.yaml +++ b/http/cves/2021/CVE-2021-35380.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-35380 cwe-id: CWE-22 - epss-score: 0.73487 - epss-percentile: 0.98712 + epss-score: 0.45222 + epss-percentile: 0.97404 cpe: cpe:2.3:a:solari:termtalk_server:3.24.0.2:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-35395.yaml b/http/cves/2021/CVE-2021-35395.yaml index 99d44b4b83f..5e5c4b50dc4 100644 --- a/http/cves/2021/CVE-2021-35395.yaml +++ b/http/cves/2021/CVE-2021-35395.yaml @@ -17,8 +17,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-35395 - epss-score: 0.93834 - epss-percentile: 0.99854 + epss-score: 0.96911 + epss-percentile: 0.99713 cpe: cpe:2.3:a:realtek:realtek_jungle_sdk:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-35464.yaml b/http/cves/2021/CVE-2021-35464.yaml index 120c8e58825..b2bfd7def2c 100644 --- a/http/cves/2021/CVE-2021-35464.yaml +++ b/http/cves/2021/CVE-2021-35464.yaml @@ -24,13 +24,13 @@ info: cvss-score: 9.8 cve-id: CVE-2021-35464 cwe-id: CWE-502 - epss-score: 0.94386 - epss-percentile: 0.9996 - cpe: cpe:2.3:a:forgerock:access_management:*:*:*:*:*:*:*:* + epss-score: 0.97398 + epss-percentile: 0.99918 + cpe: cpe:2.3:a:forgerock:am:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: forgerock - product: access_management + product: am shodan-query: - http.title:"OpenAM" - http.title:"openam" diff --git a/http/cves/2021/CVE-2021-35488.yaml b/http/cves/2021/CVE-2021-35488.yaml index 98bff916282..39ae3528229 100644 --- a/http/cves/2021/CVE-2021-35488.yaml +++ b/http/cves/2021/CVE-2021-35488.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-35488 cwe-id: CWE-79 - epss-score: 0.16437 - epss-percentile: 0.9451 + epss-score: 0.00145 + epss-percentile: 0.50266 cpe: cpe:2.3:a:thruk:thruk:2.40-2:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-35587.yaml b/http/cves/2021/CVE-2021-35587.yaml index 70a6a1af192..14f474b8b1f 100644 --- a/http/cves/2021/CVE-2021-35587.yaml +++ b/http/cves/2021/CVE-2021-35587.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-35587 cwe-id: CWE-502 - epss-score: 0.94235 - epss-percentile: 0.99917 + epss-score: 0.95643 + epss-percentile: 0.99283 cpe: cpe:2.3:a:oracle:access_manager:11.1.2.3.0:*:*:*:*:*:*:* metadata: verified: true @@ -30,6 +30,7 @@ info: vendor: oracle product: access_manager shodan-query: + - http.title:"Oracle Access Management" - http.title:"oracle access management" - http.html:"/oam/pages/css/login_page.css" fofa-query: diff --git a/http/cves/2021/CVE-2021-36260.yaml b/http/cves/2021/CVE-2021-36260.yaml index bd0ff7a1aa3..fb73de73716 100644 --- a/http/cves/2021/CVE-2021-36260.yaml +++ b/http/cves/2021/CVE-2021-36260.yaml @@ -20,14 +20,14 @@ info: cvss-score: 9.8 cve-id: CVE-2021-36260 cwe-id: CWE-78 - epss-score: 0.94436 - epss-percentile: 0.99983 + epss-score: 0.97484 + epss-percentile: 0.99965 cpe: cpe:2.3:o:hikvision:ds-2cd2026g2-iu\/sl_firmware:-:*:*:*:*:*:*:* metadata: max-request: 2 vendor: hikvision product: ds-2cd2026g2-iu\/sl_firmware - shodan-query: http.favicon.hash:"999357577" + shodan-query: http.favicon.hash:999357577 fofa-query: icon_hash=999357577 tags: cve2021,cve,hikvision,rce,iot,intrusive,kev variables: diff --git a/http/cves/2021/CVE-2021-36356.yaml b/http/cves/2021/CVE-2021-36356.yaml index 9784187dc84..b7edcb8c297 100644 --- a/http/cves/2021/CVE-2021-36356.yaml +++ b/http/cves/2021/CVE-2021-36356.yaml @@ -18,8 +18,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-36356 cwe-id: CWE-434 - epss-score: 0.9238 - epss-percentile: 0.99709 + epss-score: 0.88569 + epss-percentile: 0.98691 cpe: cpe:2.3:a:kramerav:viaware:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2021/CVE-2021-36450.yaml b/http/cves/2021/CVE-2021-36450.yaml index 0a7565d3a0e..e3af588973c 100644 --- a/http/cves/2021/CVE-2021-36450.yaml +++ b/http/cves/2021/CVE-2021-36450.yaml @@ -20,15 +20,17 @@ info: cvss-score: 6.1 cve-id: CVE-2021-36450 cwe-id: CWE-79 - epss-score: 0.25054 - epss-percentile: 0.95869 + epss-score: 0.00229 + epss-percentile: 0.61052 cpe: cpe:2.3:a:verint:workforce_optimization:15.2.8.10048:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: verint product: workforce_optimization - shodan-query: http.title:"verint sign-in" + shodan-query: + - title:"Verint Sign-in" + - http.title:"verint sign-in" fofa-query: title="verint sign-in" google-query: intitle:"verint sign-in" tags: cve2021,cve,xss,verint diff --git a/http/cves/2021/CVE-2021-36580.yaml b/http/cves/2021/CVE-2021-36580.yaml index 62a6ea8b422..13feb14ea8b 100644 --- a/http/cves/2021/CVE-2021-36580.yaml +++ b/http/cves/2021/CVE-2021-36580.yaml @@ -21,15 +21,17 @@ info: cvss-score: 6.1 cve-id: CVE-2021-36580 cwe-id: CWE-601 - epss-score: 0.12735 - epss-percentile: 0.93608 + epss-score: 0.00233 + epss-percentile: 0.6129 cpe: cpe:2.3:a:icewarp:icewarp_server:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: icewarp product: icewarp_server - shodan-query: http.title:"icewarp" + shodan-query: + - title:"icewarp" + - http.title:"icewarp" fofa-query: title="icewarp" google-query: intitle:"icewarp" tags: cve2021,cve,icewarp,redirect diff --git a/http/cves/2021/CVE-2021-36646.yaml b/http/cves/2021/CVE-2021-36646.yaml index 14fef712df5..eb892d66227 100644 --- a/http/cves/2021/CVE-2021-36646.yaml +++ b/http/cves/2021/CVE-2021-36646.yaml @@ -20,8 +20,9 @@ info: max-request: 2 vendor: kalcaddle product: kod-explorer - fofa-query: app="powered-by-kodexplorer" - tags: cve,cve2021,xss,kodexplorer,kalcaddle + fofa-query: app="Powered-by-KodExplorer" + tags: cve,cve2021,xss,kodexplorer + flow: http(1) && http(2) http: diff --git a/http/cves/2021/CVE-2021-36749.yaml b/http/cves/2021/CVE-2021-36749.yaml index 539a57ce29b..7f58fe88c84 100644 --- a/http/cves/2021/CVE-2021-36749.yaml +++ b/http/cves/2021/CVE-2021-36749.yaml @@ -27,9 +27,6 @@ info: max-request: 1 vendor: apache product: druid - shodan-query: http.title:"apache druid" - fofa-query: title="apache druid" - google-query: intitle:"apache druid" tags: cve2021,cve,apache,lfi,auth-bypass,druid http: diff --git a/http/cves/2021/CVE-2021-36873.yaml b/http/cves/2021/CVE-2021-36873.yaml index d5b1c9ac120..34601158648 100644 --- a/http/cves/2021/CVE-2021-36873.yaml +++ b/http/cves/2021/CVE-2021-36873.yaml @@ -15,12 +15,12 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-36873 - https://wordpress.org/plugins/iq-block-country/#developers classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N - cvss-score: 5.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.4 cve-id: CVE-2021-36873 cwe-id: CWE-79 - epss-score: 0.02396 - epss-percentile: 0.84224 + epss-score: 0.00131 + epss-percentile: 0.47179 cpe: cpe:2.3:a:webence:iq_block_country:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-37304.yaml b/http/cves/2021/CVE-2021-37304.yaml index 85cc0314d33..1407e8a0089 100644 --- a/http/cves/2021/CVE-2021-37304.yaml +++ b/http/cves/2021/CVE-2021-37304.yaml @@ -18,18 +18,21 @@ info: cvss-score: 7.5 cve-id: CVE-2021-37304 cwe-id: CWE-732 - epss-score: 0.49385 - epss-percentile: 0.97631 + epss-score: 0.00703 + epss-percentile: 0.80284 cpe: cpe:2.3:a:jeecg:jeecg:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: jeecg product: jeecg - shodan-query: http.title:"jeecg-boot" + shodan-query: + - title:"Jeecg-Boot" + - http.title:"jeecg-boot" fofa-query: - - title="jeecgboot 企业级低代码平台" + - title="JeecgBoot 企业级低代码平台" - title="jeecg-boot" + - title="jeecgboot 企业级低代码平台" google-query: intitle:"jeecg-boot" tags: cve2021,cve,jeecg,exposure diff --git a/http/cves/2021/CVE-2021-37305.yaml b/http/cves/2021/CVE-2021-37305.yaml index 44d1d1e5474..5a6a093d43f 100644 --- a/http/cves/2021/CVE-2021-37305.yaml +++ b/http/cves/2021/CVE-2021-37305.yaml @@ -18,18 +18,21 @@ info: cvss-score: 7.5 cve-id: CVE-2021-37305 cwe-id: CWE-732 - epss-score: 0.46796 - epss-percentile: 0.97508 + epss-score: 0.00416 + epss-percentile: 0.73616 cpe: cpe:2.3:a:jeecg:jeecg:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: jeecg product: jeecg - shodan-query: http.title:"jeecg-boot" + shodan-query: + - title:"Jeecg-Boot" + - http.title:"jeecg-boot" fofa-query: - - title="jeecgboot 企业级低代码平台" + - title="JeecgBoot 企业级低代码平台" - title="jeecg-boot" + - title="jeecgboot 企业级低代码平台" google-query: intitle:"jeecg-boot" tags: cve2021,cve,jeecg,exposure diff --git a/http/cves/2021/CVE-2021-37416.yaml b/http/cves/2021/CVE-2021-37416.yaml index d11b2abff3a..86e6e0ebcf4 100644 --- a/http/cves/2021/CVE-2021-37416.yaml +++ b/http/cves/2021/CVE-2021-37416.yaml @@ -14,14 +14,13 @@ info: - https://blog.stmcyber.com/vulns/cve-2021-37416/ - https://nvd.nist.gov/vuln/detail/CVE-2021-37416 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-37416 cwe-id: CWE-79 - epss-score: 0.07115 - epss-percentile: 0.91039 + epss-score: 0.00149 + epss-percentile: 0.51001 cpe: cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:* metadata: verified: true @@ -29,8 +28,9 @@ info: vendor: zohocorp product: manageengine_adselfservice_plus shodan-query: - - http.title:"manageengine" + - http.title:"ManageEngine" - http.title:"adselfservice plus" + - http.title:"manageengine" fofa-query: - title="manageengine" - title="adselfservice plus" diff --git a/http/cves/2021/CVE-2021-37573.yaml b/http/cves/2021/CVE-2021-37573.yaml index c9102aada4c..d74888b6e7c 100644 --- a/http/cves/2021/CVE-2021-37573.yaml +++ b/http/cves/2021/CVE-2021-37573.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-37573 cwe-id: CWE-79 - epss-score: 0.1516 - epss-percentile: 0.94231 + epss-score: 0.00303 + epss-percentile: 0.69609 cpe: cpe:2.3:a:tiny_java_web_server_project:tiny_java_web_server:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-37580.yaml b/http/cves/2021/CVE-2021-37580.yaml index 4a8c98ef4dd..612f066f53c 100644 --- a/http/cves/2021/CVE-2021-37580.yaml +++ b/http/cves/2021/CVE-2021-37580.yaml @@ -20,16 +20,13 @@ info: cvss-score: 9.8 cve-id: CVE-2021-37580 cwe-id: CWE-287 - epss-score: 0.94035 - epss-percentile: 0.99882 + epss-score: 0.92774 + epss-percentile: 0.99015 cpe: cpe:2.3:a:apache:shenyu:2.3.0:*:*:*:*:*:*:* metadata: max-request: 1 vendor: apache product: shenyu - shodan-query: http.title:"shenyu" - fofa-query: title="shenyu" - google-query: intitle:"shenyu" tags: cve2021,cve,apache,jwt,shenyu http: diff --git a/http/cves/2021/CVE-2021-37589.yaml b/http/cves/2021/CVE-2021-37589.yaml index c5b544d8d50..ded89091757 100644 --- a/http/cves/2021/CVE-2021-37589.yaml +++ b/http/cves/2021/CVE-2021-37589.yaml @@ -29,7 +29,7 @@ info: max-request: 3 vendor: virtuasoftware product: cobranca - shodan-query: http.favicon.hash:"876876147" + shodan-query: http.favicon.hash:876876147 fofa-query: icon_hash=876876147 tags: cve,cve2021,virtua,sqli,virtuasoftware diff --git a/http/cves/2021/CVE-2021-37704.yaml b/http/cves/2021/CVE-2021-37704.yaml index 1a32e78a603..315109abb33 100644 --- a/http/cves/2021/CVE-2021-37704.yaml +++ b/http/cves/2021/CVE-2021-37704.yaml @@ -16,12 +16,12 @@ info: - https://github.com/PHPSocialNetwork/phpfastcache/blob/master/CHANGELOG.md#807 - https://github.com/PHPSocialNetwork/phpfastcache/commit/41a77d0d8f126dbd6fbedcd9e6a82e86cdaafa51 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L - cvss-score: 5.4 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-score: 4.3 cve-id: CVE-2021-37704 cwe-id: CWE-668,CWE-200 - epss-score: 0.47802 - epss-percentile: 0.97547 + epss-score: 0.0062 + epss-percentile: 0.78796 cpe: cpe:2.3:a:phpfastcache:phpfastcache:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2021/CVE-2021-37833.yaml b/http/cves/2021/CVE-2021-37833.yaml index 523ea12e6b0..72ac2d583b9 100644 --- a/http/cves/2021/CVE-2021-37833.yaml +++ b/http/cves/2021/CVE-2021-37833.yaml @@ -29,7 +29,7 @@ info: product: hoteldruid shodan-query: - http.title:"hoteldruid" - - http.favicon.hash:"-1521640213" + - http.favicon.hash:-1521640213 fofa-query: - title="hoteldruid" - icon_hash=-1521640213 diff --git a/http/cves/2021/CVE-2021-38146.yaml b/http/cves/2021/CVE-2021-38146.yaml index afd80b76f89..12c31b58954 100644 --- a/http/cves/2021/CVE-2021-38146.yaml +++ b/http/cves/2021/CVE-2021-38146.yaml @@ -24,10 +24,8 @@ info: max-request: 1 vendor: wipro product: holmes - fofa-query: - - title="wipro holmes orchestrator" - - title="holmes orchestrator" - tags: packetstorm,cve,cve2021,wipro,holmes,lfi + fofa-query: title="Wipro Holmes Orchestrator" + tags: cve,cve2021,wipro,holmes,lfi http: - method: POST diff --git a/http/cves/2021/CVE-2021-38147.yaml b/http/cves/2021/CVE-2021-38147.yaml index 102bced243a..86ccebe2444 100644 --- a/http/cves/2021/CVE-2021-38147.yaml +++ b/http/cves/2021/CVE-2021-38147.yaml @@ -24,10 +24,8 @@ info: max-request: 4 vendor: wipro product: holmes - fofa-query: - - title="holmes orchestrator" - - title="wipro holmes orchestrator" - tags: packetstorm,cve,cve2021,wipro,holmes,orchestrator + fofa-query: title="Holmes Orchestrator" + tags: cve,cve2021,wipro,holmes,orchestrator http: - method: GET diff --git a/http/cves/2021/CVE-2021-38156.yaml b/http/cves/2021/CVE-2021-38156.yaml index 4e8c766d3ba..0092ab2eb2b 100644 --- a/http/cves/2021/CVE-2021-38156.yaml +++ b/http/cves/2021/CVE-2021-38156.yaml @@ -18,17 +18,12 @@ info: epss-percentile: 0.94141 cpe: cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 5 + verified: true vendor: nagios product: nagios_xi - shodan-query: - - http.title:"nagios xi" - - http.favicon.hash:"1460499495" - fofa-query: - - app="nagios-xi" - - icon_hash="1460499495" - - title="nagios xi" + shodan-query: http.title:"nagios xi" + fofa-query: app="nagios-xi" google-query: intitle:"nagios xi" tags: cve,cve2021,nagios,nagiosxi,xss,authenticated diff --git a/http/cves/2021/CVE-2021-38540.yaml b/http/cves/2021/CVE-2021-38540.yaml index eada418b39a..d473793c680 100644 --- a/http/cves/2021/CVE-2021-38540.yaml +++ b/http/cves/2021/CVE-2021-38540.yaml @@ -28,21 +28,17 @@ info: vendor: apache product: airflow shodan-query: - - http.title:"sign in - airflow" + - title:"Sign In - Airflow" - http.title:"airflow - dags" || http.html:"apache airflow" + - http.title:"sign in - airflow" - product:"redis" - - http.html:"apache airflow" - - http.title:"airflow - dags" fofa-query: - title="sign in - airflow" - apache airflow - title="airflow - dags" || http.html:"apache airflow" - - body="apache airflow" - - title="airflow - dags" google-query: - intitle:"sign in - airflow" - intitle:"airflow - dags" || http.html:"apache airflow" - - intitle:"airflow - dags" tags: cve2021,cve,apache,airflow,rce,intrusive http: diff --git a/http/cves/2021/CVE-2021-38702.yaml b/http/cves/2021/CVE-2021-38702.yaml index 4ef0a65bd4b..f24b0efcb87 100644 --- a/http/cves/2021/CVE-2021-38702.yaml +++ b/http/cves/2021/CVE-2021-38702.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-38702 cwe-id: CWE-79 - epss-score: 0.469 - epss-percentile: 0.97512 + epss-score: 0.01053 + epss-percentile: 0.84023 cpe: cpe:2.3:o:cyberoamworks:netgenie_c0101b1-20141120-ng11vo_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-38704.yaml b/http/cves/2021/CVE-2021-38704.yaml index bdfa9da677c..8da6c1987c3 100644 --- a/http/cves/2021/CVE-2021-38704.yaml +++ b/http/cves/2021/CVE-2021-38704.yaml @@ -27,7 +27,9 @@ info: max-request: 1 vendor: cliniccases product: cliniccases - shodan-query: http.title:"cliniccases",html:"/cliniccases/" + shodan-query: + - http.title:"ClinicCases",html:"/cliniccases/" + - http.title:"cliniccases",html:"/cliniccases/" fofa-query: title="cliniccases",html:"/cliniccases/" google-query: intitle:"cliniccases",html:"/cliniccases/" tags: cve,cve2021,xss,cliniccases diff --git a/http/cves/2021/CVE-2021-39141.yaml b/http/cves/2021/CVE-2021-39141.yaml index 301c97c0de5..949be369fc8 100644 --- a/http/cves/2021/CVE-2021-39141.yaml +++ b/http/cves/2021/CVE-2021-39141.yaml @@ -19,12 +19,12 @@ info: cvss-score: 8.5 cve-id: CVE-2021-39141 cwe-id: CWE-434 - epss-score: 0.75915 - epss-percentile: 0.98839 - cpe: cpe:2.3:a:xstream:xstream:*:*:*:*:*:*:*:* + epss-score: 0.25418 + epss-percentile: 0.96584 + cpe: cpe:2.3:a:xstream_project:xstream:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: xstream + vendor: xstream_project product: xstream tags: cve,cve2021,xstream,deserialization,rce,xstream_project diff --git a/http/cves/2021/CVE-2021-39144.yaml b/http/cves/2021/CVE-2021-39144.yaml index f7cb36b9ab6..327f15a689b 100644 --- a/http/cves/2021/CVE-2021-39144.yaml +++ b/http/cves/2021/CVE-2021-39144.yaml @@ -20,13 +20,13 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H cvss-score: 8.5 cve-id: CVE-2021-39144 - cwe-id: CWE-94,CWE-306 - epss-score: 0.94412 - epss-percentile: 0.99971 - cpe: cpe:2.3:a:xstream:xstream:*:*:*:*:*:*:*:* + cwe-id: CWE-306,CWE-502 + epss-score: 0.96272 + epss-percentile: 0.99425 + cpe: cpe:2.3:a:xstream_project:xstream:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: xstream + vendor: xstream_project product: xstream tags: cve2021,cve,xstream,deserialization,rce,kev,xstream_project diff --git a/http/cves/2021/CVE-2021-39146.yaml b/http/cves/2021/CVE-2021-39146.yaml index 7a63e61967e..5c5749f94a2 100644 --- a/http/cves/2021/CVE-2021-39146.yaml +++ b/http/cves/2021/CVE-2021-39146.yaml @@ -21,12 +21,12 @@ info: cvss-score: 8.5 cve-id: CVE-2021-39146 cwe-id: CWE-434 - epss-score: 0.44883 - epss-percentile: 0.97413 - cpe: cpe:2.3:a:xstream:xstream:*:*:*:*:*:*:*:* + epss-score: 0.27391 + epss-percentile: 0.96788 + cpe: cpe:2.3:a:xstream_project:xstream:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: xstream + vendor: xstream_project product: xstream tags: cve2021,cve,xstream,deserialization,rce,xstream_project diff --git a/http/cves/2021/CVE-2021-39165.yaml b/http/cves/2021/CVE-2021-39165.yaml index c72281f6098..b32deed76fa 100644 --- a/http/cves/2021/CVE-2021-39165.yaml +++ b/http/cves/2021/CVE-2021-39165.yaml @@ -3,7 +3,7 @@ id: CVE-2021-39165 info: name: Cachet <=2.3.18 - SQL Injection author: tess - severity: high + severity: medium description: | Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected. impact: | @@ -17,19 +17,19 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-39165 - https://github.com/fiveai/Cachet/security/advisories/GHSA-79mg-4w23-4fqc classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N - cvss-score: 8.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 cve-id: CVE-2021-39165 - cwe-id: CWE-89 - epss-score: 0.8938 - epss-percentile: 0.99509 + cwe-id: CWE-287 + epss-score: 0.04209 + epss-percentile: 0.92226 cpe: cpe:2.3:a:chachethq:cachet:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: chachethq product: cachet - shodan-query: http.favicon.hash:"-1606065523" + shodan-query: http.favicon.hash:-1606065523 fofa-query: icon_hash=-1606065523 tags: time-based-sqli,cve,cve2021,cachet,sqli,chachethq diff --git a/http/cves/2021/CVE-2021-39211.yaml b/http/cves/2021/CVE-2021-39211.yaml index 54da2f9f2b0..e948beb85bb 100644 --- a/http/cves/2021/CVE-2021-39211.yaml +++ b/http/cves/2021/CVE-2021-39211.yaml @@ -19,8 +19,8 @@ info: cvss-score: 5.3 cve-id: CVE-2021-39211 cwe-id: CWE-200,NVD-CWE-noinfo - epss-score: 0.54404 - epss-percentile: 0.97857 + epss-score: 0.00126 + epss-percentile: 0.47223 cpe: cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:* metadata: max-request: 2 @@ -29,11 +29,9 @@ info: shodan-query: - http.title:"glpi" - http.favicon.hash:"-1474875778" - - http.html:"setup glpi" fofa-query: - icon_hash="-1474875778" - title="glpi" - - body="setup glpi" google-query: intitle:"glpi" tags: cve,cve2021,glpi,exposure,glpi-project diff --git a/http/cves/2021/CVE-2021-39226.yaml b/http/cves/2021/CVE-2021-39226.yaml index d5d3cf7028b..be8623d93c8 100644 --- a/http/cves/2021/CVE-2021-39226.yaml +++ b/http/cves/2021/CVE-2021-39226.yaml @@ -3,7 +3,7 @@ id: CVE-2021-39226 info: name: Grafana Snapshot - Authentication Bypass author: Evan Rubinstein - severity: critical + severity: high description: Grafana instances up to 7.5.11 and 8.1.5 allow remote unauthenticated users to view the snapshot associated with the lowest database key by accessing the literal paths /api/snapshot/:key or /dashboard/snapshot/:key. If the snapshot is in public mode, unauthenticated users can delete snapshots by accessing the endpoint /api/snapshots-delete/:deleteKey. Authenticated users can also delete snapshots by accessing the endpoints /api/snapshots-delete/:deleteKey, or sending a delete request to /api/snapshot/:key, regardless of whether or not the snapshot is set to public mode (disabled by default). impact: | An attacker can bypass authentication and gain unauthorized access to Grafana Snapshot feature. @@ -15,20 +15,21 @@ info: - https://grafana.com/docs/grafana/latest/release-notes/release-notes-8-1-6/ - http://www.openwall.com/lists/oss-security/2021/10/05/4 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L + cvss-score: 7.3 cve-id: CVE-2021-39226 - cwe-id: CWE-287,CWE-862 - epss-score: 0.9435 - epss-percentile: 0.99947 + cwe-id: CWE-287 + epss-score: 0.97206 + epss-percentile: 0.9981 cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: grafana product: grafana shodan-query: - - http.title:"grafana" + - title:"Grafana" - cpe:"cpe:2.3:a:grafana:grafana" + - http.title:"grafana" fofa-query: - title="grafana" - app="grafana" diff --git a/http/cves/2021/CVE-2021-39312.yaml b/http/cves/2021/CVE-2021-39312.yaml index baa14029696..481ed957d51 100644 --- a/http/cves/2021/CVE-2021-39312.yaml +++ b/http/cves/2021/CVE-2021-39312.yaml @@ -17,8 +17,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-39312 cwe-id: CWE-22 - epss-score: 0.85472 - epss-percentile: 0.9931 + epss-score: 0.16864 + epss-percentile: 0.95927 cpe: cpe:2.3:a:trueranker:true_ranker:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-39322.yaml b/http/cves/2021/CVE-2021-39322.yaml index 5dbce55916d..17217e6300a 100644 --- a/http/cves/2021/CVE-2021-39322.yaml +++ b/http/cves/2021/CVE-2021-39322.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-39322 cwe-id: CWE-79 - epss-score: 0.13765 - epss-percentile: 0.93899 + epss-score: 0.00234 + epss-percentile: 0.60718 cpe: cpe:2.3:a:cybernetikz:easy_social_icons:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2021/CVE-2021-39327.yaml b/http/cves/2021/CVE-2021-39327.yaml index 0b69bf9e4d9..bd7cd778880 100644 --- a/http/cves/2021/CVE-2021-39327.yaml +++ b/http/cves/2021/CVE-2021-39327.yaml @@ -19,9 +19,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2021-39327 - cwe-id: CWE-200,CWE-459 - epss-score: 0.91276 - epss-percentile: 0.99622 + cwe-id: CWE-459,CWE-200 + epss-score: 0.18349 + epss-percentile: 0.96191 cpe: cpe:2.3:a:ait-pro:bulletproof_security:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2021/CVE-2021-39350.yaml b/http/cves/2021/CVE-2021-39350.yaml index 66f28cf4b14..7a11df97368 100644 --- a/http/cves/2021/CVE-2021-39350.yaml +++ b/http/cves/2021/CVE-2021-39350.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-39350 cwe-id: CWE-79 - epss-score: 0.11052 - epss-percentile: 0.9307 + epss-score: 0.00106 + epss-percentile: 0.43162 cpe: cpe:2.3:a:foliovision:fv_flowplayer_video_player:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2021/CVE-2021-39501.yaml b/http/cves/2021/CVE-2021-39501.yaml index bd4c59e989d..a1224e75aee 100644 --- a/http/cves/2021/CVE-2021-39501.yaml +++ b/http/cves/2021/CVE-2021-39501.yaml @@ -20,17 +20,14 @@ info: cvss-score: 6.1 cve-id: CVE-2021-39501 cwe-id: CWE-601 - epss-score: 0.38842 - epss-percentile: 0.97066 + epss-score: 0.00141 + epss-percentile: 0.49694 cpe: cpe:2.3:a:eyoucms:eyoucms:1.5.4:*:*:*:*:*:*:* metadata: max-request: 1 vendor: eyoucms product: eyoucms - fofa-query: - - title="eyoucms" - - icon_hash="-614262549" - shodan-query: http.favicon.hash:"-614262549" + fofa-query: title="eyoucms" tags: cve2021,cve,redirect,eyoucms,cms http: diff --git a/http/cves/2021/CVE-2021-40149.yaml b/http/cves/2021/CVE-2021-40149.yaml index af3dd49855c..977f26ad900 100644 --- a/http/cves/2021/CVE-2021-40149.yaml +++ b/http/cves/2021/CVE-2021-40149.yaml @@ -21,15 +21,15 @@ info: cvss-score: 5.9 cve-id: CVE-2021-40149 cwe-id: CWE-552 - epss-score: 0.74987 - epss-percentile: 0.98794 - cpe: cpe:2.3:o:reolink:e1_zoom_firmware:*:*:*:*:*:*:*:* + epss-score: 0.00942 + epss-percentile: 0.8308 + cpe: cpe:2.3:h:reolink:e1_zoom:-:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: reolink - product: e1_zoom_firmware - shodan-query: http.title:"reolink" + product: e1_zoom + shodan-query: http.title:"Reolink" fofa-query: title="reolink" google-query: intitle:"reolink" tags: cve2021,cve,exposure,unauth,packetstorm,reolink,camera,iot diff --git a/http/cves/2021/CVE-2021-40150.yaml b/http/cves/2021/CVE-2021-40150.yaml index 2ff3ea43f46..855e2a53c09 100644 --- a/http/cves/2021/CVE-2021-40150.yaml +++ b/http/cves/2021/CVE-2021-40150.yaml @@ -29,7 +29,9 @@ info: max-request: 1 vendor: reolink product: e1_zoom_firmware - shodan-query: http.title:"reolink" + shodan-query: + - http.title:"Reolink" + - http.title:"reolink" fofa-query: title="reolink" google-query: intitle:"reolink" tags: cve2021,cve,reolink,camera,exposure,iot diff --git a/http/cves/2021/CVE-2021-40272.yaml b/http/cves/2021/CVE-2021-40272.yaml index e970aa4ee5b..53ac9487ea8 100644 --- a/http/cves/2021/CVE-2021-40272.yaml +++ b/http/cves/2021/CVE-2021-40272.yaml @@ -13,24 +13,18 @@ info: reference: - https://github.com/hosakauk/exploits/blob/master/itrs_op5_monitor_xss.pdf - https://nvd.nist.gov/vuln/detail/CVE-2021-40272 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 cve-id: CVE-2021-40272 cwe-id: CWE-79 - epss-score: 0.08558 - epss-percentile: 0.91923 cpe: cpe:2.3:a:op5:monitor:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 - vendor: op5 + shodan-query: title:"ITRS" + fofa-query: title="ITRS" product: monitor - shodan-query: http.title:"itrs" - fofa-query: title="itrs" - google-query: intitle:"itrs" + vendor: op5 tags: cve2021,cve,irts,op5,xss http: diff --git a/http/cves/2021/CVE-2021-40323.yaml b/http/cves/2021/CVE-2021-40323.yaml index 0d6389cea04..8f7b6582724 100644 --- a/http/cves/2021/CVE-2021-40323.yaml +++ b/http/cves/2021/CVE-2021-40323.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-40323 cwe-id: CWE-94 - epss-score: 0.93927 - epss-percentile: 0.99866 + epss-score: 0.03304 + epss-percentile: 0.91311 cpe: cpe:2.3:a:cobbler_project:cobbler:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2021/CVE-2021-40438.yaml b/http/cves/2021/CVE-2021-40438.yaml index 95f1f52c67d..2b5854ca91f 100644 --- a/http/cves/2021/CVE-2021-40438.yaml +++ b/http/cves/2021/CVE-2021-40438.yaml @@ -17,14 +17,14 @@ info: cvss-score: 9 cve-id: CVE-2021-40438 cwe-id: CWE-918 - epss-score: 0.94432 - epss-percentile: 0.99981 - cpe: cpe:2.3:o:resf:rocky_linux:8.0:*:*:*:*:*:*:* + epss-score: 0.97446 + epss-percentile: 0.99948 + cpe: cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 - vendor: resf - product: rocky_linux + vendor: apache + product: http_server shodan-query: - cpe:"cpe:2.3:a:apache:http_server" - apache 2.4.49 diff --git a/http/cves/2021/CVE-2021-40542.yaml b/http/cves/2021/CVE-2021-40542.yaml index 18d6d193bdc..55d29c7cfa4 100644 --- a/http/cves/2021/CVE-2021-40542.yaml +++ b/http/cves/2021/CVE-2021-40542.yaml @@ -15,20 +15,21 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-40542 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-40542 cwe-id: CWE-79 - epss-score: 0.12593 - epss-percentile: 0.93572 + epss-score: 0.00342 + epss-percentile: 0.71484 cpe: cpe:2.3:a:os4ed:opensis:8.0:*:*:*:*:*:*:* metadata: max-request: 1 vendor: os4ed product: opensis - shodan-query: http.title:"opensis" + shodan-query: + - http.title:"openSIS" + - http.title:"opensis" fofa-query: title="opensis" google-query: intitle:"opensis" tags: cve2021,cve,xss,opensis,os4ed diff --git a/http/cves/2021/CVE-2021-40651.yaml b/http/cves/2021/CVE-2021-40651.yaml index 27a9e274da6..8b09f8f3f4f 100644 --- a/http/cves/2021/CVE-2021-40651.yaml +++ b/http/cves/2021/CVE-2021-40651.yaml @@ -17,14 +17,16 @@ info: cvss-score: 6.5 cve-id: CVE-2021-40651 cwe-id: CWE-22 - epss-score: 0.55433 - epss-percentile: 0.97909 + epss-score: 0.02562 + epss-percentile: 0.90208 cpe: cpe:2.3:a:os4ed:opensis:8.0:*:*:*:community:*:*:* metadata: max-request: 2 vendor: os4ed product: opensis - shodan-query: http.title:"opensis" + shodan-query: + - "title:\"openSIS\"" + - http.title:"opensis" fofa-query: title="opensis" google-query: intitle:"opensis" tags: cve,cve2021,lfi,os4ed,opensis,authenticated diff --git a/http/cves/2021/CVE-2021-40661.yaml b/http/cves/2021/CVE-2021-40661.yaml index c50b69f5121..63cb855cb4a 100644 --- a/http/cves/2021/CVE-2021-40661.yaml +++ b/http/cves/2021/CVE-2021-40661.yaml @@ -29,7 +29,9 @@ info: max-request: 1 vendor: mt product: ind780_firmware - shodan-query: ind780 + shodan-query: + - IND780 + - ind780 google-query: inurl:excalweb.dll tags: cve2021,cve,ind780,lfi,mt diff --git a/http/cves/2021/CVE-2021-40822.yaml b/http/cves/2021/CVE-2021-40822.yaml index 10704955284..ab26f29fc71 100644 --- a/http/cves/2021/CVE-2021-40822.yaml +++ b/http/cves/2021/CVE-2021-40822.yaml @@ -20,24 +20,24 @@ info: cvss-score: 7.5 cve-id: CVE-2021-40822 cwe-id: CWE-918 - epss-score: 0.9206 - epss-percentile: 0.99681 + epss-score: 0.79068 + epss-percentile: 0.98269 cpe: cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 + max-request: 1 vendor: osgeo product: geoserver shodan-query: - - '[title:"geoserver" http.title:"geoserver"]' + - title:"GeoServer" - http.title:"geoserver" - - server:"geohttpserver" fofa-query: - - '[app="geoserver" app="geoserver" title="geoserver"]' + - app="GeoServer" - app="geoserver" - title="geoserver" google-query: intitle:"geoserver" tags: cve2021,cve,ssrf,geoserver,osgeo + flow: http(1) && http(2) http: diff --git a/http/cves/2021/CVE-2021-40856.yaml b/http/cves/2021/CVE-2021-40856.yaml index dd9435d049b..090ec007a5c 100644 --- a/http/cves/2021/CVE-2021-40856.yaml +++ b/http/cves/2021/CVE-2021-40856.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-40856 cwe-id: CWE-706 - epss-score: 0.75425 - epss-percentile: 0.98813 + epss-score: 0.19673 + epss-percentile: 0.96195 cpe: cpe:2.3:o:auerswald:comfortel_3600_ip_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-40870.yaml b/http/cves/2021/CVE-2021-40870.yaml index 80365acb947..c10850dab12 100644 --- a/http/cves/2021/CVE-2021-40870.yaml +++ b/http/cves/2021/CVE-2021-40870.yaml @@ -27,17 +27,9 @@ info: max-request: 2 vendor: aviatrix product: controller - shodan-query: - - http.title:"aviatrix cloud controller" - - http.title:"aviatrix controller" - fofa-query: - - title="aviatrix cloud controller" - - app="aviatrix-controller" - - title="aviatrix controller" - google-query: - - intitle:"aviatrix cloud controller" - - intitle:"aviatrix controller" - zoomeye-query: app="aviatrix controller" + shodan-query: http.title:"aviatrix cloud controller" + fofa-query: title="aviatrix cloud controller" + google-query: intitle:"aviatrix cloud controller" tags: cve2021,cve,intrusive,packetstorm,rce,aviatrix,kev,fileupload variables: string: "CVE-2021-40870" diff --git a/http/cves/2021/CVE-2021-40875.yaml b/http/cves/2021/CVE-2021-40875.yaml index b59c21c079f..7ee7f4298b9 100644 --- a/http/cves/2021/CVE-2021-40875.yaml +++ b/http/cves/2021/CVE-2021-40875.yaml @@ -20,20 +20,17 @@ info: cvss-score: 7.5 cve-id: CVE-2021-40875 cwe-id: CWE-425 - epss-score: 0.79877 - epss-percentile: 0.99037 + epss-score: 0.25891 + epss-percentile: 0.96608 cpe: cpe:2.3:a:gurock:testrail:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: gurock product: testrail shodan-query: + - http.html:"TestRail" - http.html:"testrail" - - http.title:"testrail installation wizard" - fofa-query: - - body="testrail" - - title="testrail installation wizard" - google-query: intitle:"testrail installation wizard" + fofa-query: body="testrail" tags: cve2021,cve,exposure,gurock,testrail http: diff --git a/http/cves/2021/CVE-2021-40960.yaml b/http/cves/2021/CVE-2021-40960.yaml index 76efb8652bd..f6303b064ae 100644 --- a/http/cves/2021/CVE-2021-40960.yaml +++ b/http/cves/2021/CVE-2021-40960.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-40960 cwe-id: CWE-22 - epss-score: 0.81807 - epss-percentile: 0.99133 + epss-score: 0.00946 + epss-percentile: 0.81464 cpe: cpe:2.3:a:galera:galera_webtemplate:1.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-40968.yaml b/http/cves/2021/CVE-2021-40968.yaml index 1761cc065e8..2cbdd9ef509 100644 --- a/http/cves/2021/CVE-2021-40968.yaml +++ b/http/cves/2021/CVE-2021-40968.yaml @@ -19,15 +19,17 @@ info: cvss-score: 6.1 cve-id: CVE-2021-40968 cwe-id: CWE-79 - epss-score: 0.01286 - epss-percentile: 0.78602 + epss-score: 0.00159 + epss-percentile: 0.5237 cpe: cpe:2.3:a:spotweb_project:spotweb:*:*:*:*:*:*:*:* metadata: verified: "true" max-request: 1 vendor: spotweb_project product: spotweb - shodan-query: http.title:"spotweb - overview" + shodan-query: + - title:"SpotWeb - overview" + - http.title:"spotweb - overview" fofa-query: title="spotweb - overview" google-query: intitle:"spotweb - overview" tags: cve2021,cve,xss,spotweb,spotweb_project diff --git a/http/cves/2021/CVE-2021-40969.yaml b/http/cves/2021/CVE-2021-40969.yaml index 346a9dd438e..a9257a68978 100644 --- a/http/cves/2021/CVE-2021-40969.yaml +++ b/http/cves/2021/CVE-2021-40969.yaml @@ -19,15 +19,17 @@ info: cvss-score: 6.1 cve-id: CVE-2021-40969 cwe-id: CWE-79 - epss-score: 0.01286 - epss-percentile: 0.78602 + epss-score: 0.00159 + epss-percentile: 0.5237 cpe: cpe:2.3:a:spotweb_project:spotweb:*:*:*:*:*:*:*:* metadata: verified: "true" max-request: 1 vendor: spotweb_project product: spotweb - shodan-query: http.title:"spotweb - overview" + shodan-query: + - title:"SpotWeb - overview" + - http.title:"spotweb - overview" fofa-query: title="spotweb - overview" google-query: intitle:"spotweb - overview" tags: cve2021,cve,xss,spotweb,spotweb_project diff --git a/http/cves/2021/CVE-2021-40970.yaml b/http/cves/2021/CVE-2021-40970.yaml index d2e6e0074e4..d0e1f3f9cd1 100644 --- a/http/cves/2021/CVE-2021-40970.yaml +++ b/http/cves/2021/CVE-2021-40970.yaml @@ -19,15 +19,17 @@ info: cvss-score: 6.1 cve-id: CVE-2021-40970 cwe-id: CWE-79 - epss-score: 0.01286 - epss-percentile: 0.78602 + epss-score: 0.00152 + epss-percentile: 0.50482 cpe: cpe:2.3:a:spotweb_project:spotweb:*:*:*:*:*:*:*:* metadata: verified: "true" max-request: 1 vendor: spotweb_project product: spotweb - shodan-query: http.title:"spotweb - overview" + shodan-query: + - title:"SpotWeb - overview" + - http.title:"spotweb - overview" fofa-query: title="spotweb - overview" google-query: intitle:"spotweb - overview" tags: cve2021,cve,xss,spotweb,spotweb_project diff --git a/http/cves/2021/CVE-2021-40971.yaml b/http/cves/2021/CVE-2021-40971.yaml index 9310019595d..226418c160d 100644 --- a/http/cves/2021/CVE-2021-40971.yaml +++ b/http/cves/2021/CVE-2021-40971.yaml @@ -27,7 +27,9 @@ info: max-request: 1 vendor: spotweb_project product: spotweb - shodan-query: http.title:"spotweb - overview" + shodan-query: + - title:"SpotWeb - overview" + - http.title:"spotweb - overview" fofa-query: title="spotweb - overview" google-query: intitle:"spotweb - overview" tags: cve2021,cve,xss,spotweb,spotweb_project diff --git a/http/cves/2021/CVE-2021-40972.yaml b/http/cves/2021/CVE-2021-40972.yaml index 824c654ebf9..1e866886930 100644 --- a/http/cves/2021/CVE-2021-40972.yaml +++ b/http/cves/2021/CVE-2021-40972.yaml @@ -27,7 +27,9 @@ info: max-request: 1 vendor: spotweb_project product: spotweb - shodan-query: http.title:"spotweb - overview" + shodan-query: + - title:"SpotWeb - overview" + - http.title:"spotweb - overview" fofa-query: title="spotweb - overview" google-query: intitle:"spotweb - overview" tags: cve,cve2021,xss,spotweb,spotweb_project diff --git a/http/cves/2021/CVE-2021-40973.yaml b/http/cves/2021/CVE-2021-40973.yaml index 7b4c3e3954e..a1f5eeed54d 100644 --- a/http/cves/2021/CVE-2021-40973.yaml +++ b/http/cves/2021/CVE-2021-40973.yaml @@ -19,15 +19,17 @@ info: cvss-score: 6.1 cve-id: CVE-2021-40973 cwe-id: CWE-79 - epss-score: 0.01286 - epss-percentile: 0.78602 + epss-score: 0.00152 + epss-percentile: 0.51404 cpe: cpe:2.3:a:spotweb_project:spotweb:*:*:*:*:*:*:*:* metadata: verified: "true" max-request: 1 vendor: spotweb_project product: spotweb - shodan-query: http.title:"spotweb - overview" + shodan-query: + - title:"SpotWeb - overview" + - http.title:"spotweb - overview" fofa-query: title="spotweb - overview" google-query: intitle:"spotweb - overview" tags: cve2021,cve,xss,spotweb,spotweb_project diff --git a/http/cves/2021/CVE-2021-40978.yaml b/http/cves/2021/CVE-2021-40978.yaml index 5f0d2b65264..538bb9d3fec 100644 --- a/http/cves/2021/CVE-2021-40978.yaml +++ b/http/cves/2021/CVE-2021-40978.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-40978 cwe-id: CWE-22 - epss-score: 0.79718 - epss-percentile: 0.99028 + epss-score: 0.04239 + epss-percentile: 0.92255 cpe: cpe:2.3:a:mkdocs:mkdocs:1.2.2:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-41174.yaml b/http/cves/2021/CVE-2021-41174.yaml index 7bd7ee04ce2..ae883d3a221 100644 --- a/http/cves/2021/CVE-2021-41174.yaml +++ b/http/cves/2021/CVE-2021-41174.yaml @@ -27,8 +27,9 @@ info: vendor: grafana product: grafana shodan-query: - - http.title:"grafana" + - title:"Grafana" - cpe:"cpe:2.3:a:grafana:grafana" + - http.title:"grafana" fofa-query: - title="grafana" - app="grafana" diff --git a/http/cves/2021/CVE-2021-41192.yaml b/http/cves/2021/CVE-2021-41192.yaml index e765ace32a3..019cdd31416 100644 --- a/http/cves/2021/CVE-2021-41192.yaml +++ b/http/cves/2021/CVE-2021-41192.yaml @@ -3,7 +3,7 @@ id: CVE-2021-41192 info: name: Redash Setup Configuration - Default Secrets Disclosure author: bananabr - severity: high + severity: medium description: Redash Setup Configuration is vulnerable to default secrets disclosure (Insecure Default Initialization of Resource). If an admin sets up Redash versions <=10.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value. impact: | An attacker can gain unauthorized access to sensitive information and potentially compromise the Redash application. @@ -16,23 +16,19 @@ info: - https://github.com/getredash/redash/commit/ce60d20c4e3d1537581f2f70f1308fe77ab6a214 - https://github.com/ARPSyndicate/cvemon classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N - cvss-score: 8.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N + cvss-score: 6.5 cve-id: CVE-2021-41192 cwe-id: CWE-1188 - epss-score: 0.87556 - epss-percentile: 0.99413 + epss-score: 0.00807 + epss-percentile: 0.81699 cpe: cpe:2.3:a:redash:redash:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: redash product: redash - shodan-query: - - http.favicon.hash:"698624197" - - http.html:"redash initial setup" - fofa-query: - - icon_hash=698624197 - - body="redash initial setup" + shodan-query: http.favicon.hash:698624197 + fofa-query: icon_hash=698624197 tags: cve2021,cve,hackerone,redash,auth-bypass http: diff --git a/http/cves/2021/CVE-2021-41266.yaml b/http/cves/2021/CVE-2021-41266.yaml index 577cd2d9169..2b20e65793e 100644 --- a/http/cves/2021/CVE-2021-41266.yaml +++ b/http/cves/2021/CVE-2021-41266.yaml @@ -3,7 +3,7 @@ id: CVE-2021-41266 info: name: MinIO Operator Console Authentication Bypass author: alevsk - severity: high + severity: critical description: | MinIO Console is a graphical user interface for the for MinIO Operator. MinIO itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. impact: | @@ -16,12 +16,12 @@ info: - https://github.com/HimmelAward/Goby_POC - https://github.com/StarCrossPortal/scalpel classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L - cvss-score: 8.6 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2021-41266 cwe-id: CWE-306 - epss-score: 0.79997 - epss-percentile: 0.99044 + epss-score: 0.05383 + epss-percentile: 0.92945 cpe: cpe:2.3:a:min:minio_console:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-41277.yaml b/http/cves/2021/CVE-2021-41277.yaml index 4d637918f5d..8acb3599e04 100644 --- a/http/cves/2021/CVE-2021-41277.yaml +++ b/http/cves/2021/CVE-2021-41277.yaml @@ -3,7 +3,7 @@ id: CVE-2021-41277 info: name: Metabase - Local File Inclusion author: 0x_Akoko,DhiyaneshDK - severity: critical + severity: high description: | Metabase is an open source data analytics platform. In affected versions a local file inclusion security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. impact: | @@ -17,21 +17,24 @@ info: - https://github.com/metabase/metabase/commit/042a36e49574c749f944e19cf80360fd3dc322f0 - https://github.com/pen4uin/vulnerability-research-list classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L - cvss-score: 10 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 cve-id: CVE-2021-41277 - cwe-id: CWE-200,CWE-22 - epss-score: 0.94404 - epss-percentile: 0.99969 - cpe: cpe:2.3:a:metabase:metabase:0.40.0:-:*:*:-:*:*:* + cwe-id: CWE-22,CWE-200 + epss-score: 0.95556 + epss-percentile: 0.99393 + cpe: cpe:2.3:a:metabase:metabase:0.40.0:-:*:*:*:*:*:* metadata: max-request: 2 vendor: metabase product: metabase - shodan-query: http.title:"metabase" + shodan-query: + - "http.title:\"Metabase\"" + - http.title:"metabase" fofa-query: - - app="metabase" + - "app=\"Metabase\"" - title="metabase" + - app="metabase" google-query: "intitle:\"metabase\"" tags: cve2021,cve,metabase,lfi,kev diff --git a/http/cves/2021/CVE-2021-41282.yaml b/http/cves/2021/CVE-2021-41282.yaml index 33fb2bc75db..37506f51cd5 100644 --- a/http/cves/2021/CVE-2021-41282.yaml +++ b/http/cves/2021/CVE-2021-41282.yaml @@ -21,8 +21,8 @@ info: cvss-score: 8.8 cve-id: CVE-2021-41282 cwe-id: CWE-74 - epss-score: 0.91252 - epss-percentile: 0.99621 + epss-score: 0.97112 + epss-percentile: 0.99788 cpe: cpe:2.3:a:pfsense:pfsense:2.5.2:*:*:*:*:*:*:* metadata: max-request: 4 diff --git a/http/cves/2021/CVE-2021-41291.yaml b/http/cves/2021/CVE-2021-41291.yaml index 6d0b1c82704..0cb12000a04 100644 --- a/http/cves/2021/CVE-2021-41291.yaml +++ b/http/cves/2021/CVE-2021-41291.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-41291 cwe-id: CWE-22 - epss-score: 0.90556 - epss-percentile: 0.99579 + epss-score: 0.02626 + epss-percentile: 0.90324 cpe: cpe:2.3:o:ecoa:ecs_router_controller-ecs_firmware:-:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-41293.yaml b/http/cves/2021/CVE-2021-41293.yaml index 69918a1831c..c4b0321c17e 100644 --- a/http/cves/2021/CVE-2021-41293.yaml +++ b/http/cves/2021/CVE-2021-41293.yaml @@ -18,8 +18,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-41293 cwe-id: CWE-22 - epss-score: 0.88502 - epss-percentile: 0.99457 + epss-score: 0.02626 + epss-percentile: 0.90324 cpe: cpe:2.3:o:ecoa:ecs_router_controller-ecs_firmware:-:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-41349.yaml b/http/cves/2021/CVE-2021-41349.yaml index 096125677ce..cee22f89379 100644 --- a/http/cves/2021/CVE-2021-41349.yaml +++ b/http/cves/2021/CVE-2021-41349.yaml @@ -19,26 +19,22 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N cvss-score: 6.5 cve-id: CVE-2021-41349 - epss-score: 0.91436 - epss-percentile: 0.99632 + epss-score: 0.96172 + epss-percentile: 0.99474 cpe: cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* metadata: max-request: 1 vendor: microsoft product: exchange_server shodan-query: - - vuln:"cve-2021-26855" - - http.favicon.hash:"1768726119" + - vuln:cve-2021-26855 + - http.favicon.hash:1768726119 - http.title:"outlook" - cpe:"cpe:2.3:a:microsoft:exchange_server" - - http.title:"outlook exchange" fofa-query: - title="outlook" - icon_hash=1768726119 - - title=outlook exchange - google-query: - - intitle:"outlook" - - intitle:outlook exchange + google-query: intitle:"outlook" tags: cve,cve2021,xss,microsoft,exchange http: diff --git a/http/cves/2021/CVE-2021-41381.yaml b/http/cves/2021/CVE-2021-41381.yaml index 73e41ed7bba..6e43ad379c1 100644 --- a/http/cves/2021/CVE-2021-41381.yaml +++ b/http/cves/2021/CVE-2021-41381.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-41381 cwe-id: CWE-22 - epss-score: 0.80074 - epss-percentile: 0.99047 + epss-score: 0.11037 + epss-percentile: 0.95128 cpe: cpe:2.3:a:payara:micro_community:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-41432.yaml b/http/cves/2021/CVE-2021-41432.yaml index 3559aaba04b..d7d32e7d57e 100644 --- a/http/cves/2021/CVE-2021-41432.yaml +++ b/http/cves/2021/CVE-2021-41432.yaml @@ -21,8 +21,8 @@ info: cvss-score: 5.4 cve-id: CVE-2021-41432 cwe-id: CWE-79 - epss-score: 0.22607 - epss-percentile: 0.95523 + epss-score: 0.00067 + epss-percentile: 0.29279 cpe: cpe:2.3:a:flatpress:flatpress:1.2.1:*:*:*:*:*:*:* metadata: verified: true @@ -30,8 +30,9 @@ info: vendor: flatpress product: flatpress shodan-query: + - http.html:"Flatpress" - http.html:"flatpress" - - http.favicon.hash:"-1189292869" + - http.favicon.hash:-1189292869 fofa-query: - body="flatpress" - icon_hash=-1189292869 diff --git a/http/cves/2021/CVE-2021-41460.yaml b/http/cves/2021/CVE-2021-41460.yaml index 43f0453e390..7512069cea3 100644 --- a/http/cves/2021/CVE-2021-41460.yaml +++ b/http/cves/2021/CVE-2021-41460.yaml @@ -27,8 +27,8 @@ info: vendor: shopex product: ecshop fofa-query: + - product="ECShop" - product="ecshop" - - app="ecshop" tags: cve2021,cve,cnvd,cnvd2020,ecshop,sqli,shopex variables: num: "999999999" diff --git a/http/cves/2021/CVE-2021-41467.yaml b/http/cves/2021/CVE-2021-41467.yaml index 0a3c777b5a9..35495da033d 100644 --- a/http/cves/2021/CVE-2021-41467.yaml +++ b/http/cves/2021/CVE-2021-41467.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-41467 cwe-id: CWE-79 - epss-score: 0.14365 - epss-percentile: 0.9404 + epss-score: 0.00136 + epss-percentile: 0.48885 cpe: cpe:2.3:a:justwriting_project:justwriting:1.0.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-41569.yaml b/http/cves/2021/CVE-2021-41569.yaml index 9ae73092896..fe906bf7597 100644 --- a/http/cves/2021/CVE-2021-41569.yaml +++ b/http/cves/2021/CVE-2021-41569.yaml @@ -14,14 +14,13 @@ info: - https://support.sas.com/kb/68/641.html - https://nvd.nist.gov/vuln/detail/CVE-2021-41569 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-41569 cwe-id: CWE-829 - epss-score: 0.6047 - epss-percentile: 0.98148 + epss-score: 0.0083 + epss-percentile: 0.81604 cpe: cpe:2.3:a:sas:sas\/intrnet:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-41648.yaml b/http/cves/2021/CVE-2021-41648.yaml index 84ad2f6f7de..127289cd163 100644 --- a/http/cves/2021/CVE-2021-41648.yaml +++ b/http/cves/2021/CVE-2021-41648.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-41648 cwe-id: CWE-89 - epss-score: 0.63228 - epss-percentile: 0.98262 + epss-score: 0.05423 + epss-percentile: 0.93138 cpe: cpe:2.3:a:online-shopping-system-advanced_project:online-shopping-system-advanced:-:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-41649.yaml b/http/cves/2021/CVE-2021-41649.yaml index 670398a6bf5..f813b7d5df2 100644 --- a/http/cves/2021/CVE-2021-41649.yaml +++ b/http/cves/2021/CVE-2021-41649.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-41649 cwe-id: CWE-89 - epss-score: 0.87778 - epss-percentile: 0.99421 + epss-score: 0.08507 + epss-percentile: 0.94431 cpe: cpe:2.3:a:online-shopping-system-advanced_project:online-shopping-system-advanced:-:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-41653.yaml b/http/cves/2021/CVE-2021-41653.yaml index c1dd6be1250..3da75260b1b 100644 --- a/http/cves/2021/CVE-2021-41653.yaml +++ b/http/cves/2021/CVE-2021-41653.yaml @@ -19,8 +19,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-41653 cwe-id: CWE-94 - epss-score: 0.92184 - epss-percentile: 0.99692 + epss-score: 0.95198 + epss-percentile: 0.99332 cpe: cpe:2.3:o:tp-link:tl-wr840n_firmware:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2021/CVE-2021-41749.yaml b/http/cves/2021/CVE-2021-41749.yaml index 316188146cd..e5b75c7d87b 100644 --- a/http/cves/2021/CVE-2021-41749.yaml +++ b/http/cves/2021/CVE-2021-41749.yaml @@ -15,8 +15,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-41749 cwe-id: CWE-94 - epss-score: 0.85696 - epss-percentile: 0.9932 + epss-score: 0.51305 + epss-percentile: 0.97555 cpe: cpe:2.3:a:nystudio107:seomatic:*:*:*:*:*:craft_cms:*:* metadata: verified: true @@ -25,8 +25,9 @@ info: product: seomatic framework: craft_cms shodan-query: - - x-powered-by:"craft cms html"seomatic"" - - x-powered-by:"craft cms" + - 'X-Powered-By: Craft CMS html:"SEOmatic"' + - "x-powered-by: craft cms" + - 'x-powered-by: craft cms html:"seomatic"' tags: cve2021,cve,craftcms,cms,ssti,nystudio107,craft_cms variables: num1: "{{rand_int(40000, 44800)}}" diff --git a/http/cves/2021/CVE-2021-41773.yaml b/http/cves/2021/CVE-2021-41773.yaml index b565342c081..e38348ec468 100644 --- a/http/cves/2021/CVE-2021-41773.yaml +++ b/http/cves/2021/CVE-2021-41773.yaml @@ -22,8 +22,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-41773 cwe-id: CWE-22 - epss-score: 0.94398 - epss-percentile: 0.99967 + epss-score: 0.97456 + epss-percentile: 0.9995 cpe: cpe:2.3:a:apache:http_server:2.4.49:*:*:*:*:*:*:* metadata: verified: true @@ -31,22 +31,9 @@ info: vendor: apache product: http_server shodan-query: - - apache 2.4.49 + - Apache 2.4.49 - cpe:"cpe:2.3:a:apache:http_server" - - http.title:"apache http server test page powered by centos" - - http.title:"apache+default","apache+http+server+test","apache2+it+works" - - http.title:"apache2 debian default page:" - - http.title:"test page for the ssl/tls-aware apache installation on web site" - fofa-query: - - title="apache http server test page powered by centos" - - title="apache+default","apache+http+server+test","apache2+it+works" - - title="apache2 debian default page:" - - title="test page for the ssl/tls-aware apache installation on web site" - google-query: - - intitle:"apache http server test page powered by centos" - - intitle:"apache+default","apache+http+server+test","apache2+it+works" - - intitle:"apache2 debian default page:" - - intitle:"test page for the ssl/tls-aware apache installation on web site" + - apache 2.4.49 tags: cve2021,cve,lfi,rce,apache,misconfig,traversal,kev variables: cmd: "echo COP-37714-1202-EVC | rev" diff --git a/http/cves/2021/CVE-2021-4191.yaml b/http/cves/2021/CVE-2021-4191.yaml index 3803e080db5..d8e30177eff 100644 --- a/http/cves/2021/CVE-2021-4191.yaml +++ b/http/cves/2021/CVE-2021-4191.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5.3 cve-id: CVE-2021-4191 cwe-id: CWE-287 - epss-score: 0.93388 - epss-percentile: 0.99801 + epss-score: 0.24657 + epss-percentile: 0.96207 cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* metadata: max-request: 1 @@ -30,12 +30,7 @@ info: shodan-query: - cpe:"cpe:2.3:a:gitlab:gitlab" - http.title:"gitlab" - - http.html:"gitlab enterprise edition" - - http.html:"gitlab-ci.yml" - fofa-query: - - title="gitlab" - - body="gitlab enterprise edition" - - body="gitlab-ci.yml" + fofa-query: title="gitlab" google-query: intitle:"gitlab" tags: cve2021,cve,gitlab,api,graphql,enum,unauth diff --git a/http/cves/2021/CVE-2021-41951.yaml b/http/cves/2021/CVE-2021-41951.yaml index 0e68fb821ab..3b11d1c46e6 100644 --- a/http/cves/2021/CVE-2021-41951.yaml +++ b/http/cves/2021/CVE-2021-41951.yaml @@ -27,9 +27,6 @@ info: max-request: 1 vendor: montala product: resourcespace - fofa-query: title="resourcespace" - shodan-query: http.title:"resourcespace" - google-query: intitle:"resourcespace" tags: cve2021,cve,xss,resourcespace,montala http: diff --git a/http/cves/2021/CVE-2021-42013.yaml b/http/cves/2021/CVE-2021-42013.yaml index 81c1b0d9e2c..12e961c86db 100644 --- a/http/cves/2021/CVE-2021-42013.yaml +++ b/http/cves/2021/CVE-2021-42013.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: "CVE-2021-42013" cwe-id: CWE-22 - epss-score: 0.94428 - epss-percentile: 0.99979 + epss-score: 0.97429 + epss-percentile: 0.99938 cpe: cpe:2.3:a:apache:http_server:2.4.49:*:*:*:*:*:*:* metadata: verified: true @@ -31,20 +31,6 @@ info: shodan-query: - cpe:"cpe:2.3:a:apache:http_server" - apache 2.4.49 - - http.title:"apache http server test page powered by centos" - - http.title:"apache+default","apache+http+server+test","apache2+it+works" - - http.title:"apache2 debian default page:" - - http.title:"test page for the ssl/tls-aware apache installation on web site" - fofa-query: - - title="apache http server test page powered by centos" - - title="apache+default","apache+http+server+test","apache2+it+works" - - title="apache2 debian default page:" - - title="test page for the ssl/tls-aware apache installation on web site" - google-query: - - intitle:"apache http server test page powered by centos" - - intitle:"apache+default","apache+http+server+test","apache2+it+works" - - intitle:"apache2 debian default page:" - - intitle:"test page for the ssl/tls-aware apache installation on web site" tags: cve2021,cve,lfi,apache,rce,misconfig,traversal,kev variables: cmd: "echo 31024-1202-EVC | rev" diff --git a/http/cves/2021/CVE-2021-42063.yaml b/http/cves/2021/CVE-2021-42063.yaml index 15a2cd715ad..6fe86792c1d 100644 --- a/http/cves/2021/CVE-2021-42063.yaml +++ b/http/cves/2021/CVE-2021-42063.yaml @@ -28,11 +28,9 @@ info: max-request: 1 vendor: sap product: knowledge_warehouse - shodan-query: http.favicon.hash:"-266008933" + shodan-query: http.favicon.hash:-266008933 fofa-query: icon_hash=-266008933 - zoomeye-query: - - app="sap netweaver application server httpd - - +app:"sap netweaver application server httpd + zoomeye-query: app="SAP NetWeaver Application Server httpd tags: cve2021,cve,sap,xss,seclists,packetstorm http: diff --git a/http/cves/2021/CVE-2021-42192.yaml b/http/cves/2021/CVE-2021-42192.yaml index 0dc460a717a..7519ebe553c 100644 --- a/http/cves/2021/CVE-2021-42192.yaml +++ b/http/cves/2021/CVE-2021-42192.yaml @@ -20,8 +20,8 @@ info: cvss-score: 8.8 cve-id: CVE-2021-42192 cwe-id: CWE-863 - epss-score: 0.36118 - epss-percentile: 0.96892 + epss-score: 0.05551 + epss-percentile: 0.93226 cpe: cpe:2.3:a:konga_project:konga:0.14.9:*:*:*:*:*:*:* metadata: max-request: 3 diff --git a/http/cves/2021/CVE-2021-42237.yaml b/http/cves/2021/CVE-2021-42237.yaml index 2a98bbc6df8..e38eb2675fa 100644 --- a/http/cves/2021/CVE-2021-42237.yaml +++ b/http/cves/2021/CVE-2021-42237.yaml @@ -19,22 +19,18 @@ info: cvss-score: 9.8 cve-id: CVE-2021-42237 cwe-id: CWE-502 - epss-score: 0.94374 - epss-percentile: 0.99954 + epss-score: 0.97503 + epss-percentile: 0.99978 cpe: cpe:2.3:a:sitecore:experience_platform:7.5:-:*:*:*:*:*:* metadata: max-request: 1 vendor: sitecore product: experience_platform shodan-query: + - http.title:"SiteCore" - http.title:"sitecore" - - http.title:"welcome to sitecore" - fofa-query: - - title="sitecore" - - title="welcome to sitecore" - google-query: - - intitle:"sitecore" - - intitle:"welcome to sitecore" + fofa-query: title="sitecore" + google-query: intitle:"sitecore" tags: cve2021,cve,packetstorm,rce,sitecore,deserialization,oast,kev http: diff --git a/http/cves/2021/CVE-2021-42258.yaml b/http/cves/2021/CVE-2021-42258.yaml index 79948ada76e..de492ab29a3 100644 --- a/http/cves/2021/CVE-2021-42258.yaml +++ b/http/cves/2021/CVE-2021-42258.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-42258 cwe-id: CWE-89 - epss-score: 0.93901 - epss-percentile: 0.99862 + epss-score: 0.9738 + epss-percentile: 0.99901 cpe: cpe:2.3:a:bqe:billquick_web_suite:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2021/CVE-2021-42551.yaml b/http/cves/2021/CVE-2021-42551.yaml index 767ffd5a817..68835beeaa0 100644 --- a/http/cves/2021/CVE-2021-42551.yaml +++ b/http/cves/2021/CVE-2021-42551.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-42551 cwe-id: CWE-79 - epss-score: 0.08585 - epss-percentile: 0.91939 + epss-score: 0.00124 + epss-percentile: 0.4686 cpe: cpe:2.3:a:alcoda:netbiblio:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2021/CVE-2021-42565.yaml b/http/cves/2021/CVE-2021-42565.yaml index 6b65acad9f4..ade94d1226a 100644 --- a/http/cves/2021/CVE-2021-42565.yaml +++ b/http/cves/2021/CVE-2021-42565.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-42565 cwe-id: CWE-79 - epss-score: 0.02085 - epss-percentile: 0.83116 + epss-score: 0.00106 + epss-percentile: 0.43259 cpe: cpe:2.3:a:myfactory:fms:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2021/CVE-2021-42567.yaml b/http/cves/2021/CVE-2021-42567.yaml index 85765efaef0..ad51aeeff45 100644 --- a/http/cves/2021/CVE-2021-42567.yaml +++ b/http/cves/2021/CVE-2021-42567.yaml @@ -27,7 +27,9 @@ info: max-request: 1 vendor: apereo product: central_authentication_service - shodan-query: http.title:'cas - central authentication service' + shodan-query: + - http.title:'CAS - Central Authentication Service' + - http.title:'cas - central authentication service' fofa-query: title='cas - central authentication service' google-query: intitle:'cas - central authentication service' tags: cve2021,cve,apereo,xss,cas diff --git a/http/cves/2021/CVE-2021-42627.yaml b/http/cves/2021/CVE-2021-42627.yaml index 1d87c184ea9..9a25050e58f 100644 --- a/http/cves/2021/CVE-2021-42627.yaml +++ b/http/cves/2021/CVE-2021-42627.yaml @@ -29,10 +29,8 @@ info: vendor: dlink product: dir-615 shodan-query: - - http.title:"roteador wireless" + - http.title:"Roteador Wireless" - cpe:"cpe:2.3:h:dlink:dir-615" - fofa-query: title="roteador wireless" - google-query: intitle:"roteador wireless" tags: cve2021,cve,d-link,router,unauth,dir-615,roteador,dlink http: diff --git a/http/cves/2021/CVE-2021-42663.yaml b/http/cves/2021/CVE-2021-42663.yaml index 73a5baa5b99..67166ca13e8 100644 --- a/http/cves/2021/CVE-2021-42663.yaml +++ b/http/cves/2021/CVE-2021-42663.yaml @@ -21,8 +21,8 @@ info: cvss-score: 4.3 cve-id: CVE-2021-42663 cwe-id: CWE-79 - epss-score: 0.37983 - epss-percentile: 0.97008 + epss-score: 0.00116 + epss-percentile: 0.45225 cpe: cpe:2.3:a:online_event_booking_and_reservation_system_project:online_event_booking_and_reservation_system:2.3.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-42887.yaml b/http/cves/2021/CVE-2021-42887.yaml index c6547df369f..25bdb75aea2 100644 --- a/http/cves/2021/CVE-2021-42887.yaml +++ b/http/cves/2021/CVE-2021-42887.yaml @@ -26,7 +26,9 @@ info: max-request: 2 vendor: totolink product: ex1200t_firmware - shodan-query: http.title:"totolink" + shodan-query: + - title:"TOTOLINK" + - http.title:"totolink" fofa-query: title="totolink" google-query: intitle:"totolink" tags: cve2021,cve,totolink,auth-bypass,router diff --git a/http/cves/2021/CVE-2021-43062.yaml b/http/cves/2021/CVE-2021-43062.yaml index 0939673326a..c22ec6be019 100644 --- a/http/cves/2021/CVE-2021-43062.yaml +++ b/http/cves/2021/CVE-2021-43062.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-43062 cwe-id: CWE-79 - epss-score: 0.51679 - epss-percentile: 0.97739 + epss-score: 0.00709 + epss-percentile: 0.79992 cpe: cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-43287.yaml b/http/cves/2021/CVE-2021-43287.yaml index 2831e4859a7..c39a3daa186 100644 --- a/http/cves/2021/CVE-2021-43287.yaml +++ b/http/cves/2021/CVE-2021-43287.yaml @@ -19,16 +19,17 @@ info: cvss-score: 7.5 cve-id: CVE-2021-43287 cwe-id: CWE-200 - epss-score: 0.89559 - epss-percentile: 0.99518 + epss-score: 0.59294 + epss-percentile: 0.97471 cpe: cpe:2.3:a:thoughtworks:gocd:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: thoughtworks product: gocd shodan-query: - - http.title:"create a pipeline - go" html:"gocd version" + - http.title:"Create a pipeline - Go" html:"GoCD Version" - http.html:"gocd version" + - http.title:"create a pipeline - go" html:"gocd version" fofa-query: - title="create a pipeline - go" html:"gocd version" - body="gocd version" diff --git a/http/cves/2021/CVE-2021-43421.yaml b/http/cves/2021/CVE-2021-43421.yaml index ee8346922e1..d7037a83825 100644 --- a/http/cves/2021/CVE-2021-43421.yaml +++ b/http/cves/2021/CVE-2021-43421.yaml @@ -15,23 +15,19 @@ info: - https://twitter.com/infosec_90/status/1455180286354919425 - https://nvd.nist.gov/vuln/detail/CVE-2021-43421 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/Yucaerin/laravel classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-43421 cwe-id: CWE-434 - epss-score: 0.7657 - epss-percentile: 0.98869 + epss-score: 0.05253 + epss-percentile: 0.93023 cpe: cpe:2.3:a:std42:elfinder:*:*:*:*:*:*:*:* metadata: verified: true max-request: 3 vendor: std42 product: elfinder - shodan-query: http.title:"elfinder" - fofa-query: title="elfinder" - google-query: intitle:"elfinder" tags: cve,cve2021,elfinder,fileupload,rce,intrusive,std42 http: diff --git a/http/cves/2021/CVE-2021-43495.yaml b/http/cves/2021/CVE-2021-43495.yaml index 8a2f0f8cdd1..777bd69bfab 100644 --- a/http/cves/2021/CVE-2021-43495.yaml +++ b/http/cves/2021/CVE-2021-43495.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-43495 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-43495 cwe-id: CWE-22 - epss-score: 0.54584 - epss-percentile: 0.97866 + epss-score: 0.03503 + epss-percentile: 0.9064 cpe: cpe:2.3:a:alquistai:alquist:2017-06-13:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-43496.yaml b/http/cves/2021/CVE-2021-43496.yaml index be4b5f85013..d54122a47d4 100644 --- a/http/cves/2021/CVE-2021-43496.yaml +++ b/http/cves/2021/CVE-2021-43496.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-43496 cwe-id: CWE-22 - epss-score: 0.40172 - epss-percentile: 0.97149 + epss-score: 0.02502 + epss-percentile: 0.90106 cpe: cpe:2.3:a:clustering_project:clustering:2019-07-26:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-43574.yaml b/http/cves/2021/CVE-2021-43574.yaml index c5ee47d39ac..0c3a9683281 100644 --- a/http/cves/2021/CVE-2021-43574.yaml +++ b/http/cves/2021/CVE-2021-43574.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-43574 cwe-id: CWE-79 - epss-score: 0.32922 - epss-percentile: 0.96644 + epss-score: 0.00132 + epss-percentile: 0.48231 cpe: cpe:2.3:a:atmail:atmail:6.5.0:*:*:*:*:*:*:* metadata: verified: true @@ -30,6 +30,7 @@ info: vendor: atmail product: atmail shodan-query: + - http.html:"Powered by Atmail" - http.html:"powered by atmail" - http.html:"atmail" fofa-query: diff --git a/http/cves/2021/CVE-2021-43725.yaml b/http/cves/2021/CVE-2021-43725.yaml index 91f2ebeff9e..8f52bc4d69e 100644 --- a/http/cves/2021/CVE-2021-43725.yaml +++ b/http/cves/2021/CVE-2021-43725.yaml @@ -19,15 +19,17 @@ info: cvss-score: 6.1 cve-id: CVE-2021-43725 cwe-id: CWE-79 - epss-score: 0.01081 - epss-percentile: 0.76745 + epss-score: 0.00163 + epss-percentile: 0.52918 cpe: cpe:2.3:a:spotweb_project:spotweb:*:*:*:*:*:*:*:* metadata: verified: "true" max-request: 1 vendor: spotweb_project product: spotweb - shodan-query: http.title:"spotweb - overview" + shodan-query: + - title:"SpotWeb - overview" + - http.title:"spotweb - overview" fofa-query: title="spotweb - overview" google-query: intitle:"spotweb - overview" tags: cve,cve2021,xss,spotweb,unauth,spotweb_project diff --git a/http/cves/2021/CVE-2021-43734.yaml b/http/cves/2021/CVE-2021-43734.yaml index bcb2bb79bba..487336c85f1 100644 --- a/http/cves/2021/CVE-2021-43734.yaml +++ b/http/cves/2021/CVE-2021-43734.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-43734 cwe-id: CWE-22 - epss-score: 0.49233 - epss-percentile: 0.97624 + epss-score: 0.00856 + epss-percentile: 0.82223 cpe: cpe:2.3:a:keking:kkfileview:4.0.0:*:*:*:*:*:*:* metadata: verified: true @@ -30,13 +30,11 @@ info: vendor: keking product: kkfileview shodan-query: + - http.html:"kkFileView" - http.html:"kkfileview" - - http.title:"kkfileview" fofa-query: - body="kkfileview" - app="kkfileview" - - title="kkfileview" - google-query: intitle:"kkfileview" tags: cve2021,cve,kkfileview,traversal,lfi,keking http: diff --git a/http/cves/2021/CVE-2021-43778.yaml b/http/cves/2021/CVE-2021-43778.yaml index 1a4c218953a..5bb126bc2a0 100644 --- a/http/cves/2021/CVE-2021-43778.yaml +++ b/http/cves/2021/CVE-2021-43778.yaml @@ -3,7 +3,7 @@ id: CVE-2021-43778 info: name: GLPI plugin Barcode < 2.6.1 - Path Traversal Vulnerability. author: cckuailong - severity: critical + severity: high description: Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. impact: | An attacker can exploit this vulnerability to read arbitrary files on the server, potentially leading to unauthorized access or sensitive information disclosure. @@ -15,12 +15,12 @@ info: - https://github.com/pluginsGLPI/barcode/releases/tag/2.6.1 - https://github.com/pluginsGLPI/barcode/commit/428c3d9adfb446e8492b1c2b7affb3d34072ff46 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N - cvss-score: 9.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 cve-id: CVE-2021-43778 cwe-id: CWE-22 - epss-score: 0.90298 - epss-percentile: 0.99564 + epss-score: 0.59414 + epss-percentile: 0.97756 cpe: cpe:2.3:a:glpi-project:barcode:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-43798.yaml b/http/cves/2021/CVE-2021-43798.yaml index 625c534ef69..cb29031b8af 100644 --- a/http/cves/2021/CVE-2021-43798.yaml +++ b/http/cves/2021/CVE-2021-43798.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-43798 cwe-id: CWE-22 - epss-score: 0.94334 - epss-percentile: 0.99941 + epss-score: 0.97474 + epss-percentile: 0.99963 cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:* metadata: verified: "true" @@ -28,8 +28,9 @@ info: vendor: grafana product: grafana shodan-query: - - http.title:"grafana" + - title:"Grafana" - cpe:"cpe:2.3:a:grafana:grafana" + - http.title:"grafana" fofa-query: - title="grafana" - app="grafana" diff --git a/http/cves/2021/CVE-2021-43810.yaml b/http/cves/2021/CVE-2021-43810.yaml index a2c54a422fc..7804867c9e7 100644 --- a/http/cves/2021/CVE-2021-43810.yaml +++ b/http/cves/2021/CVE-2021-43810.yaml @@ -3,7 +3,7 @@ id: CVE-2021-43810 info: name: Admidio - Cross-Site Scripting author: gy741 - severity: high + severity: medium description: A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The reflected cross-site scripting vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts. impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. @@ -15,12 +15,12 @@ info: - https://github.com/Admidio/admidio/commit/c043267d362f7813543cc2785119bf3e3e54fe21 - https://github.com/Admidio/admidio/releases/tag/v4.0.12 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H - cvss-score: 8.8 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2021-43810 cwe-id: CWE-79 - epss-score: 0.57108 - epss-percentile: 0.97984 + epss-score: 0.00396 + epss-percentile: 0.73393 cpe: cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-43831.yaml b/http/cves/2021/CVE-2021-43831.yaml index d8fa35570c2..f25df9b4ada 100644 --- a/http/cves/2021/CVE-2021-43831.yaml +++ b/http/cves/2021/CVE-2021-43831.yaml @@ -18,22 +18,15 @@ info: cvss-score: 7.7 cve-id: CVE-2021-43831 cwe-id: CWE-22 - epss-score: 0.30342 - epss-percentile: 0.96424 + epss-score: 0.00063 + epss-percentile: 0.26511 cpe: cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:* metadata: - max-request: 2 - vendor: "gradio_project" + vendor: gradio_project product: gradio framework: python - shodan-query: - - http.title:"gradio" - - http.html:"__gradio_mode__" - fofa-query: - - body="__gradio_mode__" - - title="gradio" - google-query: intitle:"gradio" - tags: cve,cve2021,lfi,gradio,python,gradio_project + shodan-query: title:"Gradio" + tags: cve,cve2021,lfi,gradio http: - method: GET diff --git a/http/cves/2021/CVE-2021-44138.yaml b/http/cves/2021/CVE-2021-44138.yaml index e819ddcef49..60527ec694b 100644 --- a/http/cves/2021/CVE-2021-44138.yaml +++ b/http/cves/2021/CVE-2021-44138.yaml @@ -18,8 +18,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-44138 cwe-id: CWE-22 - epss-score: 0.81625 - epss-percentile: 0.99122 + epss-score: 0.01258 + epss-percentile: 0.8528 cpe: cpe:2.3:a:caucho:resin:*:*:*:*:*:*:*:* metadata: verified: "true" @@ -27,6 +27,7 @@ info: vendor: caucho product: resin shodan-query: + - html:"Resin" - http.html:"resin" - cpe:"cpe:2.3:a:caucho:resin" fofa-query: body="resin" diff --git a/http/cves/2021/CVE-2021-44139.yaml b/http/cves/2021/CVE-2021-44139.yaml index ce48a55eec8..343d9a8c064 100644 --- a/http/cves/2021/CVE-2021-44139.yaml +++ b/http/cves/2021/CVE-2021-44139.yaml @@ -17,14 +17,16 @@ info: cvss-score: 7.5 cve-id: CVE-2021-44139 cwe-id: CWE-918 - epss-score: 0.77664 - epss-percentile: 0.98923 + epss-score: 0.01303 + epss-percentile: 0.85873 cpe: cpe:2.3:a:hashicorp:sentinel:1.8.2:*:*:*:*:*:*:* metadata: max-request: 1 vendor: hashicorp product: sentinel - shodan-query: http.title:"sentinel dashboard" + shodan-query: + - title:"Sentinel Dashboard" + - http.title:"sentinel dashboard" fofa-query: title="sentinel dashboard" google-query: intitle:"sentinel dashboard" tags: cve2021,cve,ssrf,alibaba,oast,misconfig,sentinel,hashicorp diff --git a/http/cves/2021/CVE-2021-44152.yaml b/http/cves/2021/CVE-2021-44152.yaml index 61017942975..66cdc827eaf 100644 --- a/http/cves/2021/CVE-2021-44152.yaml +++ b/http/cves/2021/CVE-2021-44152.yaml @@ -30,8 +30,9 @@ info: vendor: reprisesoftware product: reprise_license_manager shodan-query: - - http.html:"reprise license manager" + - http.html:"Reprise License Manager" - http.html:"reprise license" + - http.html:"reprise license manager" fofa-query: - body="reprise license manager" - body="reprise license" diff --git a/http/cves/2021/CVE-2021-44228.yaml b/http/cves/2021/CVE-2021-44228.yaml index 5e2c65cc25f..5f427e937be 100644 --- a/http/cves/2021/CVE-2021-44228.yaml +++ b/http/cves/2021/CVE-2021-44228.yaml @@ -19,13 +19,13 @@ info: cvss-score: 10 cve-id: CVE-2021-44228 cwe-id: CWE-20,CWE-917 - epss-score: 0.94381 - epss-percentile: 0.99959 - cpe: cpe:2.3:o:siemens:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:* + epss-score: 0.97559 + epss-percentile: 0.99998 + cpe: cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* metadata: max-request: 2 - vendor: siemens - product: 6bk1602-0aa12-0tp0_firmware + vendor: apache + product: log4j tags: cve2021,cve,rce,oast,log4j,injection,kev,apache variables: rand1: '{{rand_int(111, 999)}}' diff --git a/http/cves/2021/CVE-2021-44260.yaml b/http/cves/2021/CVE-2021-44260.yaml index 94edd4027b6..741a08bb954 100644 --- a/http/cves/2021/CVE-2021-44260.yaml +++ b/http/cves/2021/CVE-2021-44260.yaml @@ -20,11 +20,8 @@ info: max-request: 1 vendor: wavlink product: wl-wn531g3_firmware - fofa-query: - - body="ac1200" && body="wavlink" - - body="wn531g3" - shodan-query: http.html:"wn531g3" - tags: cve,wavlink,exposure,ac1200,cve2021 + fofa-query: body="AC1200" && body="wavlink" + tags: cve,cve2022,wavlink,exposure,ac1200 http: - method: GET diff --git a/http/cves/2021/CVE-2021-4436.yaml b/http/cves/2021/CVE-2021-4436.yaml index c39b02313b0..76e6eef88fe 100644 --- a/http/cves/2021/CVE-2021-4436.yaml +++ b/http/cves/2021/CVE-2021-4436.yaml @@ -26,9 +26,8 @@ info: product: 3dprint_lite framework: wordpress publicwww-query: "/wp-content/plugins/3dprint-lite/" - shodan-query: http.html:"/wp-content/plugins/3dprint-lite/" - fofa-query: body=/wp-content/plugins/3dprint-lite/ - tags: cve,cve2021,3dprint-lite,file-upload,instrusive,wpscan,wordpress,wp-plugin,intrusive,wp3dprinting + tags: cve,cve2021,3dprint-lite,file-upload,instrusive,wpscan,wordpress,wp-plugin,intrusive + variables: string: "{{randstr}}" filename: "{{to_lower(rand_text_alpha(5))}}" diff --git a/http/cves/2021/CVE-2021-44451.yaml b/http/cves/2021/CVE-2021-44451.yaml index ea4db2de844..18109172393 100644 --- a/http/cves/2021/CVE-2021-44451.yaml +++ b/http/cves/2021/CVE-2021-44451.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.5 cve-id: CVE-2021-44451 cwe-id: CWE-522 - epss-score: 0.6758 - epss-percentile: 0.98454 + epss-score: 0.0058 + epss-percentile: 0.78015 cpe: cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:* metadata: verified: true @@ -29,12 +29,11 @@ info: vendor: apache product: superset shodan-query: - - http.favicon.hash:"1582430156" + - http.favicon.hash:1582430156 - http.html:"apache superset" fofa-query: - body="apache superset" - icon_hash=1582430156 - - icon_hash="1582430156" tags: cve2021,cve,apache,superset,default-login http: diff --git a/http/cves/2021/CVE-2021-44515.yaml b/http/cves/2021/CVE-2021-44515.yaml index 890d730e797..5eee617ead8 100644 --- a/http/cves/2021/CVE-2021-44515.yaml +++ b/http/cves/2021/CVE-2021-44515.yaml @@ -19,25 +19,18 @@ info: cvss-score: 9.8 cve-id: CVE-2021-44515 cwe-id: CWE-287 - epss-score: 0.94311 - epss-percentile: 0.99934 + epss-score: 0.97233 + epss-percentile: 0.99811 cpe: cpe:2.3:a:zohocorp:manageengine_desktop_central:*:*:*:*:enterprise:*:*:* metadata: max-request: 1 vendor: zohocorp product: manageengine_desktop_central - shodan-query: - - http.title:"manageengine desktop central 10" - - http.html:"manageengine desktop central 10" - - http.title:"manageengine desktop central" + shodan-query: http.title:"manageengine desktop central 10" fofa-query: - title="manageengine desktop central 10" - app="zoho-manageengine-desktop" - - body="manageengine desktop central 10" - - title="manageengine desktop central" - google-query: - - intitle:"manageengine desktop central 10" - - intitle:"manageengine desktop central" + google-query: intitle:"manageengine desktop central 10" tags: cve2021,cve,zoho,rce,manageengine,kev,zohocorp http: diff --git a/http/cves/2021/CVE-2021-44528.yaml b/http/cves/2021/CVE-2021-44528.yaml index 0eea4decf82..2d34f97457f 100644 --- a/http/cves/2021/CVE-2021-44528.yaml +++ b/http/cves/2021/CVE-2021-44528.yaml @@ -20,26 +20,14 @@ info: cvss-score: 6.1 cve-id: CVE-2021-44528 cwe-id: CWE-601 - epss-score: 0.26792 - epss-percentile: 0.96063 + epss-score: 0.00178 + epss-percentile: 0.54936 cpe: cpe:2.3:a:rubyonrails:rails:6.0.4.2:*:*:*:*:*:*:* metadata: max-request: 1 vendor: rubyonrails product: rails - shodan-query: - - cpe:"cpe:2.3:a:rubyonrails:rails" - - http.title:"index of" "secret_token.rb" - - http.title:"index of" "secrets.yml" - - http.title:"index of" storage.yml - google-query: - - intitle:"index of" "secret_token.rb" - - intitle:"index of" "secrets.yml" - - intitle:"index of" storage.yml - fofa-query: - - title="index of" "secret_token.rb" - - title="index of" "secrets.yml" - - title="index of" storage.yml + shodan-query: cpe:"cpe:2.3:a:rubyonrails:rails" tags: cve2021,cve,seclists,redirect,rubyonrails http: diff --git a/http/cves/2021/CVE-2021-44529.yaml b/http/cves/2021/CVE-2021-44529.yaml index e621bf81f64..9284ee7ac0c 100644 --- a/http/cves/2021/CVE-2021-44529.yaml +++ b/http/cves/2021/CVE-2021-44529.yaml @@ -20,22 +20,18 @@ info: cvss-score: 9.8 cve-id: CVE-2021-44529 cwe-id: CWE-94 - epss-score: 0.94461 - epss-percentile: 0.99992 + epss-score: 0.97096 + epss-percentile: 0.99778 cpe: cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: ivanti product: endpoint_manager_cloud_services_appliance shodan-query: + - title:"LANDesk(R) Cloud Services Appliance" - http.title:"landesk(r) cloud services appliance" - - http.title:"cloud services appliance" - fofa-query: - - title="landesk(r) cloud services appliance" - - title="cloud services appliance" - google-query: - - intitle:"landesk(r) cloud services appliance" - - intitle:"cloud services appliance" + fofa-query: title="landesk(r) cloud services appliance" + google-query: intitle:"landesk(r) cloud services appliance" tags: cve2021,cve,ivanti,epm,csa,injection,packetstorm,kev http: diff --git a/http/cves/2021/CVE-2021-45043.yaml b/http/cves/2021/CVE-2021-45043.yaml index 321e79e552a..81298caba09 100644 --- a/http/cves/2021/CVE-2021-45043.yaml +++ b/http/cves/2021/CVE-2021-45043.yaml @@ -29,7 +29,9 @@ info: product: hd-network_real-time_monitoring_system shodan-query: http.title:"hd-network real-time monitoring system v2.0" fofa-query: title="hd-network real-time monitoring system v2.0" - google-query: intitle:"hd-network real-time monitoring system v2.0" + google-query: + - intitle:"HD-Network Real-time Monitoring System V2.0" + - intitle:"hd-network real-time monitoring system v2.0" tags: cve2021,cve,camera,edb,hdnetwork,lfi,iot,hd-network_real-time_monitoring_system_project http: diff --git a/http/cves/2021/CVE-2021-45046.yaml b/http/cves/2021/CVE-2021-45046.yaml index 05bd359dfc9..3ba4f0b9b76 100644 --- a/http/cves/2021/CVE-2021-45046.yaml +++ b/http/cves/2021/CVE-2021-45046.yaml @@ -19,14 +19,13 @@ info: cvss-score: 9 cve-id: CVE-2021-45046 cwe-id: CWE-917 - epss-score: 0.94313 - epss-percentile: 0.99935 + epss-score: 0.97363 + epss-percentile: 0.99899 cpe: cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: apache product: log4j - fofa-query: app="致远互联-oa" tags: cve2021,cve,rce,oast,log4j,injection,kev,apache http: diff --git a/http/cves/2021/CVE-2021-45232.yaml b/http/cves/2021/CVE-2021-45232.yaml index fd50a2df303..b917b7e06fd 100644 --- a/http/cves/2021/CVE-2021-45232.yaml +++ b/http/cves/2021/CVE-2021-45232.yaml @@ -19,8 +19,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-45232 cwe-id: CWE-306 - epss-score: 0.94069 - epss-percentile: 0.99889 + epss-score: 0.97214 + epss-percentile: 0.9983 cpe: cpe:2.3:a:apache:apisix_dashboard:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-45380.yaml b/http/cves/2021/CVE-2021-45380.yaml index 706324eec09..8785afa89be 100644 --- a/http/cves/2021/CVE-2021-45380.yaml +++ b/http/cves/2021/CVE-2021-45380.yaml @@ -14,20 +14,21 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2021-45380 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-45380 cwe-id: CWE-79 - epss-score: 0.04332 - epss-percentile: 0.88324 + epss-score: 0.00314 + epss-percentile: 0.70155 cpe: cpe:2.3:a:appcms:appcms:2.0.101:*:*:*:*:*:*:* metadata: max-request: 1 vendor: appcms product: appcms - shodan-query: http.html:"powerd by appcms" + shodan-query: + - http.html:"Powerd by AppCMS" + - http.html:"powerd by appcms" fofa-query: body="powerd by appcms" tags: cve2021,cve,appcms,xss diff --git a/http/cves/2021/CVE-2021-45422.yaml b/http/cves/2021/CVE-2021-45422.yaml index 6acd58587ba..3529b674ce2 100644 --- a/http/cves/2021/CVE-2021-45422.yaml +++ b/http/cves/2021/CVE-2021-45422.yaml @@ -21,15 +21,16 @@ info: cvss-score: 6.1 cve-id: CVE-2021-45422 cwe-id: CWE-79 - epss-score: 0.11789 - epss-percentile: 0.93314 - cpe: cpe:2.3:a:reprisesoftware:reprise_license_manager:*:*:*:*:*:*:*:* + epss-score: 0.00218 + epss-percentile: 0.59831 + cpe: cpe:2.3:a:reprisesoftware:reprise_license_manager:14.2:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: reprisesoftware product: reprise_license_manager shodan-query: + - http.html:"Reprise License" - http.html:"reprise license" - http.html:"reprise license manager" fofa-query: diff --git a/http/cves/2021/CVE-2021-45428.yaml b/http/cves/2021/CVE-2021-45428.yaml index 4f705fa2c9e..7f0fd43f595 100644 --- a/http/cves/2021/CVE-2021-45428.yaml +++ b/http/cves/2021/CVE-2021-45428.yaml @@ -21,16 +21,15 @@ info: cvss-score: 9.8 cve-id: CVE-2021-45428 cwe-id: CWE-639 - epss-score: 0.87911 - epss-percentile: 0.99427 - cpe: cpe:2.3:o:telesquare:tlr-2005ksh_firmware:-:*:*:*:*:*:*:* + epss-score: 0.07905 + epss-percentile: 0.94241 + cpe: cpe:2.3:h:telesquare:tlr-2005ksh:-:*:*:*:*:*:*:* metadata: verified: true max-request: 3 vendor: telesquare - product: tlr-2005ksh_firmware - shodan-query: http.html:"tlr-2005ksh" - fofa-query: body="tlr-2005ksh" + product: tlr-2005ksh + shodan-query: http.html:"TLR-2005KSH" tags: cve2021,cve,telesquare,intrusive,fileupload,packetstorm http: diff --git a/http/cves/2021/CVE-2021-45793.yaml b/http/cves/2021/CVE-2021-45793.yaml index c45674c5de2..b45851f7170 100644 --- a/http/cves/2021/CVE-2021-45793.yaml +++ b/http/cves/2021/CVE-2021-45793.yaml @@ -1,32 +1,26 @@ id: CVE-2021-45793 -info: - name: Slims9 Bulian 9.4.2 - SQL Injection - author: nblirwn - severity: high - description: | - Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained. - reference: - - https://github.com/slims/slims9_bulian/issues/123 - - https://nvd.nist.gov/vuln/detail/CVE-2021-45793 - - https://github.com/cyb3r-w0lf/nuclei-template-collection - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2021-45793 - cwe-id: CWE-89 - epss-score: 0.14661 - epss-percentile: 0.9411 - cpe: cpe:2.3:a:slims:senayan_library_management_system:9.4.2:*:*:*:*:*:*:* - metadata: - max-request: 4 - vendor: slims - product: "senayan_library_management_system" - shodan-query: - - http.html:"slims" - - http.html:'content="slims' - fofa-query: body='content="slims' - tags: cve2021,cve,slims,sqli +info: + name: Slims9 Bulian 9.4.2 - SQL Injection + author: nblirwn + severity: high + description: | + Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained. + reference: + - https://github.com/slims/slims9_bulian/issues/123 + - https://nvd.nist.gov/vuln/detail/CVE-2021-45793 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2021-45793 + cwe-id: CWE-89 + cpe: cpe:2.3:a:slims:senayan_library_management_system:9.4.2:*:*:*:*:*:*:* + metadata: + max-request: 3 + vendor: slims + product: senayan_library_management_system + tags: cve2021,cve,slims,sqli + variables: num: "999999999" diff --git a/http/cves/2021/CVE-2021-45811.yaml b/http/cves/2021/CVE-2021-45811.yaml index 0a976a53743..041e604dec6 100644 --- a/http/cves/2021/CVE-2021-45811.yaml +++ b/http/cves/2021/CVE-2021-45811.yaml @@ -21,18 +21,11 @@ info: max-request: 3 vendor: osticket product: osticket - shodan-query: - - http.title:"osticket" - - http.html:"powered by osticket" - - http.title:"osticket installer" - fofa-query: - - title="osticket" - - body="powered by osticket" - - title="osticket installer" - google-query: - - intitle:"osticket" - - intitle:"osticket installer" + shodan-query: title:"osTicket" + fofa-query: title="osticket" + google-query: intitle:"osticket" tags: cve,cve2021,osticket,sqli,authenticated + flow: http(1) && http(2) http: diff --git a/http/cves/2021/CVE-2021-45967.yaml b/http/cves/2021/CVE-2021-45967.yaml index e118a9274ea..59fe1912e38 100644 --- a/http/cves/2021/CVE-2021-45967.yaml +++ b/http/cves/2021/CVE-2021-45967.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2021-45967 cwe-id: CWE-22 - epss-score: 0.81595 - epss-percentile: 0.9912 + epss-score: 0.72601 + epss-percentile: 0.98001 cpe: cpe:2.3:a:pascom:cloud_phone_system:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-45968.yaml b/http/cves/2021/CVE-2021-45968.yaml index 1e401556a96..0e9e2d65ce7 100644 --- a/http/cves/2021/CVE-2021-45968.yaml +++ b/http/cves/2021/CVE-2021-45968.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2021-45968 cwe-id: CWE-918 - epss-score: 0.517 - epss-percentile: 0.9774 + epss-score: 0.01712 + epss-percentile: 0.87786 cpe: cpe:2.3:a:jivesoftware:jive:-:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-46005.yaml b/http/cves/2021/CVE-2021-46005.yaml index d3e51df32fd..11e8ae494a0 100644 --- a/http/cves/2021/CVE-2021-46005.yaml +++ b/http/cves/2021/CVE-2021-46005.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5.4 cve-id: CVE-2021-46005 cwe-id: CWE-79 - epss-score: 0.0461 - epss-percentile: 0.88689 + epss-score: 0.00143 + epss-percentile: 0.50094 cpe: cpe:2.3:a:car_rental_management_system_project:car_rental_management_system:1.0:*:*:*:*:*:*:* metadata: max-request: 3 diff --git a/http/cves/2021/CVE-2021-46069.yaml b/http/cves/2021/CVE-2021-46069.yaml index b6fafa320c0..85544056603 100644 --- a/http/cves/2021/CVE-2021-46069.yaml +++ b/http/cves/2021/CVE-2021-46069.yaml @@ -21,8 +21,8 @@ info: cvss-score: 4.8 cve-id: CVE-2021-46069 cwe-id: CWE-79 - epss-score: 0.0426 - epss-percentile: 0.88228 + epss-score: 0.0011 + epss-percentile: 0.4404 cpe: cpe:2.3:a:vehicle_service_management_system_project:vehicle_service_management_system:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-46071.yaml b/http/cves/2021/CVE-2021-46071.yaml index b2e8a45ca9e..e4f7abb7e83 100644 --- a/http/cves/2021/CVE-2021-46071.yaml +++ b/http/cves/2021/CVE-2021-46071.yaml @@ -21,8 +21,8 @@ info: cvss-score: 4.8 cve-id: CVE-2021-46071 cwe-id: CWE-79 - epss-score: 0.0426 - epss-percentile: 0.88228 + epss-score: 0.0011 + epss-percentile: 0.4404 cpe: cpe:2.3:a:vehicle_service_management_system_project:vehicle_service_management_system:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-46072.yaml b/http/cves/2021/CVE-2021-46072.yaml index 6e55d69aa44..53952e25e17 100644 --- a/http/cves/2021/CVE-2021-46072.yaml +++ b/http/cves/2021/CVE-2021-46072.yaml @@ -21,8 +21,8 @@ info: cvss-score: 4.8 cve-id: CVE-2021-46072 cwe-id: CWE-79 - epss-score: 0.0426 - epss-percentile: 0.88228 + epss-score: 0.0011 + epss-percentile: 0.4404 cpe: cpe:2.3:a:vehicle_service_management_system_project:vehicle_service_management_system:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-46073.yaml b/http/cves/2021/CVE-2021-46073.yaml index a66641e8f3f..b5ddde732f1 100644 --- a/http/cves/2021/CVE-2021-46073.yaml +++ b/http/cves/2021/CVE-2021-46073.yaml @@ -21,8 +21,8 @@ info: cvss-score: 4.8 cve-id: CVE-2021-46073 cwe-id: CWE-79 - epss-score: 0.0426 - epss-percentile: 0.88228 + epss-score: 0.0011 + epss-percentile: 0.4404 cpe: cpe:2.3:a:vehicle_service_management_system_project:vehicle_service_management_system:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-46107.yaml b/http/cves/2021/CVE-2021-46107.yaml index 517c44ff0d6..4d2f9d7ca36 100644 --- a/http/cves/2021/CVE-2021-46107.yaml +++ b/http/cves/2021/CVE-2021-46107.yaml @@ -21,16 +21,20 @@ info: cvss-score: 7.5 cve-id: CVE-2021-46107 cwe-id: CWE-918 - epss-score: 0.62758 - epss-percentile: 0.98245 + epss-score: 0.01673 + epss-percentile: 0.87383 cpe: cpe:2.3:a:ligeo-archives:ligeo_basics:02_01-2022:*:*:*:*:*:*:* metadata: verified: true max-request: 3 vendor: ligeo-archives product: ligeo_basics - shodan-query: http.title:"ligeo" - fofa-query: title="ligeo" + shodan-query: + - title:"Ligeo" + - http.title:"ligeo" + fofa-query: + - title="Ligeo" + - title="ligeo" google-query: intitle:"ligeo" tags: cve2021,cve,ligeo,ssrf,lfr,ligeo-archives diff --git a/http/cves/2021/CVE-2021-46379.yaml b/http/cves/2021/CVE-2021-46379.yaml index 2cfcf4d7344..8c3ff9db6c4 100644 --- a/http/cves/2021/CVE-2021-46379.yaml +++ b/http/cves/2021/CVE-2021-46379.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2021-46379 cwe-id: CWE-601 - epss-score: 0.54757 - epss-percentile: 0.97871 + epss-score: 0.00306 + epss-percentile: 0.69219 cpe: cpe:2.3:o:dlink:dir-850l_firmware:1.08trb03:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-46381.yaml b/http/cves/2021/CVE-2021-46381.yaml index e69784cbf34..15a3db8b8fe 100644 --- a/http/cves/2021/CVE-2021-46381.yaml +++ b/http/cves/2021/CVE-2021-46381.yaml @@ -20,13 +20,13 @@ info: cvss-score: 7.5 cve-id: CVE-2021-46381 cwe-id: CWE-22 - epss-score: 0.90499 - epss-percentile: 0.99575 - cpe: cpe:2.3:o:dlink:dap-1620_firmware:-:*:*:*:*:*:*:* + epss-score: 0.02555 + epss-percentile: 0.90197 + cpe: cpe:2.3:h:dlink:dap-1620:-:*:*:*:*:*:*:* metadata: max-request: 1 vendor: dlink - product: dap-1620_firmware + product: dap-1620 tags: cve2021,cve,lfi,router,packetstorm,dlink http: diff --git a/http/cves/2021/CVE-2021-46387.yaml b/http/cves/2021/CVE-2021-46387.yaml index c9f0313c2cb..5f99f049a1d 100644 --- a/http/cves/2021/CVE-2021-46387.yaml +++ b/http/cves/2021/CVE-2021-46387.yaml @@ -27,7 +27,9 @@ info: max-request: 1 vendor: zyxel product: zywall_2_plus_internet_security_appliance_firmware - shodan-query: http.title:"zywall2plus" + shodan-query: + - http.title:"Zywall2Plus" + - http.title:"zywall2plus" fofa-query: title="zywall2plus" google-query: intitle:"zywall2plus" tags: cve2021,cve,xss,zyxel,edb diff --git a/http/cves/2021/CVE-2021-46417.yaml b/http/cves/2021/CVE-2021-46417.yaml index fc670bc9fb3..7ed03eae4d9 100644 --- a/http/cves/2021/CVE-2021-46417.yaml +++ b/http/cves/2021/CVE-2021-46417.yaml @@ -29,7 +29,9 @@ info: max-request: 1 vendor: franklinfueling product: colibri_firmware - shodan-query: http.html:"franklin fueling systems" + shodan-query: + - http.html:"Franklin Fueling Systems" + - http.html:"franklin fueling systems" fofa-query: body="franklin fueling systems" tags: cve2021,cve,packetstorm,franklinfueling,lfi diff --git a/http/cves/2021/CVE-2021-46418.yaml b/http/cves/2021/CVE-2021-46418.yaml index dd02f032d59..9de794fc1bd 100644 --- a/http/cves/2021/CVE-2021-46418.yaml +++ b/http/cves/2021/CVE-2021-46418.yaml @@ -10,25 +10,19 @@ info: - http://packetstormsecurity.com/files/166674/Telesquare-TLR-2855KS6-Arbitrary-File-Creation.html - https://github.com/ARPSyndicate/cvemon - https://nvd.nist.gov/vuln/detail/CVE-2021-46418 - - https://github.com/20142995/nuclei-templates - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N cvss-score: 7.5 cve-id: CVE-2021-46418 - epss-score: 0.63051 - epss-percentile: 0.98255 - cpe: cpe:2.3:o:telesquare:tlr-2855ks6_firmware:-:*:*:*:*:*:*:* + epss-score: 0.07418 + epss-percentile: 0.94089 + cpe: cpe:2.3:h:telesquare:tlr-2855ks6:-:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: telesquare - product: tlr-2855ks6_firmware - fofa-query: - - product=="telesquare-tlr-2855ks6" - - title="login to tlr-2855ks6" - shodan-query: http.title:"login to tlr-2855ks6" - google-query: intitle:"login to tlr-2855ks6" + product: "tlr-2855ks6" + fofa-query: "product==\"TELESQUARE-TLR-2855KS6\"" tags: packetstorm,cve,cve2021,telesquare,intrusive variables: filename: "{{rand_base(6)}}" diff --git a/http/cves/2021/CVE-2021-46419.yaml b/http/cves/2021/CVE-2021-46419.yaml index 38ef659cba8..c5127d741eb 100644 --- a/http/cves/2021/CVE-2021-46419.yaml +++ b/http/cves/2021/CVE-2021-46419.yaml @@ -22,10 +22,13 @@ info: max-request: 2 vendor: telesquare product: "tlr-2855ks6_firmware" - shodan-query: http.title:"login to tlr-2855ks6" + shodan-query: + - "title:\"Login to TLR-2855KS6\"" + - http.title:"login to tlr-2855ks6" fofa-query: - - product=="telesquare-tlr-2855ks6" + - "product==\"TELESQUARE-TLR-2855KS6\"" - title="login to tlr-2855ks6" + - product=="telesquare-tlr-2855ks6" google-query: "intitle:\"login to tlr-2855ks6\"" tags: packetstorm,cve,cve2021,telesquare,intrusive variables: diff --git a/http/cves/2021/CVE-2021-46422.yaml b/http/cves/2021/CVE-2021-46422.yaml index a5903886f35..262e870a789 100644 --- a/http/cves/2021/CVE-2021-46422.yaml +++ b/http/cves/2021/CVE-2021-46422.yaml @@ -21,16 +21,15 @@ info: cvss-score: 9.8 cve-id: CVE-2021-46422 cwe-id: CWE-78 - epss-score: 0.94263 - epss-percentile: 0.99923 - cpe: cpe:2.3:o:telesquare:sdt-cs3b1_firmware:1.1.0:*:*:*:*:*:*:* + epss-score: 0.95843 + epss-percentile: 0.99441 + cpe: cpe:2.3:h:telesquare:sdt-cs3b1:-:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: telesquare - product: sdt-cs3b1_firmware - shodan-query: http.html:"sdt-cw3b1" - fofa-query: body="sdt-cw3b1" + product: sdt-cs3b1 + shodan-query: html:"SDT-CW3B1" tags: cve2021,cve,packetstorm,telesquare,rce,router,injection,edb variables: cmd: "ping${IFS}-c${IFS}1${IFS}{{interactsh-url}}" diff --git a/http/cves/2021/CVE-2021-46424.yaml b/http/cves/2021/CVE-2021-46424.yaml index 0c6128e3cdc..98dd5671041 100644 --- a/http/cves/2021/CVE-2021-46424.yaml +++ b/http/cves/2021/CVE-2021-46424.yaml @@ -28,7 +28,9 @@ info: max-request: 3 vendor: telesquare product: tlr-2005ksh_firmware - shodan-query: http.html:"tlr-2005ksh" + shodan-query: + - http.html:"TLR-2005KSH" + - http.html:"tlr-2005ksh" fofa-query: body="tlr-2005ksh" tags: cve2021,cve,telesquare,intrusive,packetstorm diff --git a/http/cves/2021/CVE-2021-46704.yaml b/http/cves/2021/CVE-2021-46704.yaml index 4a17d094b65..f7923f7a504 100644 --- a/http/cves/2021/CVE-2021-46704.yaml +++ b/http/cves/2021/CVE-2021-46704.yaml @@ -30,7 +30,7 @@ info: vendor: genieacs product: genieacs shodan-query: - - http.favicon.hash:"-2098066288" + - http.favicon.hash:-2098066288 - http.html:"genieacs" fofa-query: - body="genieacs" diff --git a/http/cves/2022/CVE-2022-0087.yaml b/http/cves/2022/CVE-2022-0087.yaml index 95add865a5b..6ee9ab98d25 100644 --- a/http/cves/2022/CVE-2022-0087.yaml +++ b/http/cves/2022/CVE-2022-0087.yaml @@ -12,14 +12,13 @@ info: - https://huntr.com/bounties/c9d7374f-2cb9-4bac-9c90-a965942f413e - https://nvd.nist.gov/vuln/detail/CVE-2022-0087 - https://github.com/keystonejs/keystone/commit/96bf833a23b1a0a5d365cf394467a943cc481b38 - - https://github.com/goranc/codegraph classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-0087 cwe-id: CWE-79 - epss-score: 0.4977 - epss-percentile: 0.97647 + epss-score: 0.001 + epss-percentile: 0.41295 cpe: cpe:2.3:a:keystonejs:keystone:*:*:*:*:*:node.js:*:* metadata: max-request: 2 diff --git a/http/cves/2022/CVE-2022-0140.yaml b/http/cves/2022/CVE-2022-0140.yaml index 4d502f6c61f..06dab022012 100644 --- a/http/cves/2022/CVE-2022-0140.yaml +++ b/http/cves/2022/CVE-2022-0140.yaml @@ -21,8 +21,8 @@ info: cvss-score: 5.3 cve-id: CVE-2022-0140 cwe-id: CWE-306 - epss-score: 0.09629 - epss-percentile: 0.92461 + epss-score: 0.00966 + epss-percentile: 0.8297 cpe: cpe:2.3:a:vfbpro:visual_form_builder:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-0147.yaml b/http/cves/2022/CVE-2022-0147.yaml index eacc8711a90..4fb059bc01b 100644 --- a/http/cves/2022/CVE-2022-0147.yaml +++ b/http/cves/2022/CVE-2022-0147.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0147 cwe-id: CWE-79 - epss-score: 0.01259 - epss-percentile: 0.78379 + epss-score: 0.001 + epss-percentile: 0.41295 cpe: cpe:2.3:a:cookieinformation:wp-gdpr-compliance:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-0148.yaml b/http/cves/2022/CVE-2022-0148.yaml index 35d9d47749e..18dace76a08 100644 --- a/http/cves/2022/CVE-2022-0148.yaml +++ b/http/cves/2022/CVE-2022-0148.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5.4 cve-id: CVE-2022-0148 cwe-id: CWE-79 - epss-score: 0.06641 - epss-percentile: 0.90695 + epss-score: 0.00144 + epss-percentile: 0.50194 cpe: cpe:2.3:a:premio:mystickyelements:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2022/CVE-2022-0149.yaml b/http/cves/2022/CVE-2022-0149.yaml index a810b1f70f3..acb1c1f158a 100644 --- a/http/cves/2022/CVE-2022-0149.yaml +++ b/http/cves/2022/CVE-2022-0149.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0149 cwe-id: CWE-79 - epss-score: 0.01131 - epss-percentile: 0.77257 + epss-score: 0.001 + epss-percentile: 0.41295 cpe: cpe:2.3:a:visser:store_exporter_for_woocommerce:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2022/CVE-2022-0165.yaml b/http/cves/2022/CVE-2022-0165.yaml index 4141d559b64..6d8e8a518ce 100644 --- a/http/cves/2022/CVE-2022-0165.yaml +++ b/http/cves/2022/CVE-2022-0165.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0165 cwe-id: CWE-601 - epss-score: 0.713 - epss-percentile: 0.98615 + epss-score: 0.001 + epss-percentile: 0.40148 cpe: cpe:2.3:a:king-theme:kingcomposer:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-0169.yaml b/http/cves/2022/CVE-2022-0169.yaml index 8f383c158a9..153c1f76cf4 100644 --- a/http/cves/2022/CVE-2022-0169.yaml +++ b/http/cves/2022/CVE-2022-0169.yaml @@ -14,14 +14,13 @@ info: - https://wordpress.org/plugins/photo-gallery/advanced/ - https://nvd.nist.gov/vuln/detail/CVE-2022-0169 - https://plugins.trac.wordpress.org/changeset/2672822/photo-gallery#file9 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-0169 cwe-id: CWE-89 - epss-score: 0.52164 - epss-percentile: 0.97755 + epss-score: 0.01246 + epss-percentile: 0.85214 cpe: cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -29,7 +28,7 @@ info: vendor: 10web product: photo_gallery framework: wordpress - shodan-query: http.html:"/wp-content/plugins/photo-gallery" + shodan-query: http.html:/wp-content/plugins/photo-gallery fofa-query: body=/wp-content/plugins/photo-gallery publicwww-query: "/wp-content/plugins/photo-gallery" tags: cve,cve2022,wpscan,wp,wp-plugin,wordpress,sqli,photo-gallery,10web diff --git a/http/cves/2022/CVE-2022-0201.yaml b/http/cves/2022/CVE-2022-0201.yaml index eddf6c17933..010fb19d5fa 100644 --- a/http/cves/2022/CVE-2022-0201.yaml +++ b/http/cves/2022/CVE-2022-0201.yaml @@ -15,14 +15,13 @@ info: - https://plugins.trac.wordpress.org/changeset/2656512 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-0201 cwe-id: CWE-79 - epss-score: 0.20277 - epss-percentile: 0.9519 + epss-score: 0.001 + epss-percentile: 0.41295 cpe: cpe:2.3:a:permalink_manager_lite_project:permalink_manager_lite:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-0206.yaml b/http/cves/2022/CVE-2022-0206.yaml index 1ee4f6523f4..4ba7ab0b760 100644 --- a/http/cves/2022/CVE-2022-0206.yaml +++ b/http/cves/2022/CVE-2022-0206.yaml @@ -14,14 +14,13 @@ info: - https://wordpress.org/plugins/newstatpress - https://nvd.nist.gov/vuln/detail/CVE-2022-0206 - https://github.com/ARPSyndicate/cvemon - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-0206 cwe-id: CWE-79 - epss-score: 0.04219 - epss-percentile: 0.88174 + epss-score: 0.00106 + epss-percentile: 0.43227 cpe: cpe:2.3:a:newstatpress_project:newstatpress:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-0218.yaml b/http/cves/2022/CVE-2022-0218.yaml index a079e8bb74a..b0e9abf1fc2 100644 --- a/http/cves/2022/CVE-2022-0218.yaml +++ b/http/cves/2022/CVE-2022-0218.yaml @@ -3,7 +3,7 @@ id: CVE-2022-0218 info: name: HTML Email Template Designer < 3.1 - Stored Cross-Site Scripting author: hexcat - severity: high + severity: medium description: WordPress Email Template Designer WP HTML Mail allows stored cross-site scripting through an unprotected REST-API endpoint. impact: | An attacker can exploit this vulnerability to inject malicious scripts into the subject field of an email template, potentially leading to unauthorized access, data theft, or further compromise of the affected system. @@ -16,12 +16,12 @@ info: - https://plugins.trac.wordpress.org/changeset/2656984/wp-html-mail/trunk/includes/class-template-designer.php - https://github.com/ARPSyndicate/cvemon classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L - cvss-score: 8.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2022-0218 cwe-id: CWE-79 - epss-score: 0.81513 - epss-percentile: 0.99116 + epss-score: 0.03872 + epss-percentile: 0.9173 cpe: cpe:2.3:a:codemiq:wordpress_email_template_designer:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-0228.yaml b/http/cves/2022/CVE-2022-0228.yaml index 46e0436adc3..874fd96bdbc 100644 --- a/http/cves/2022/CVE-2022-0228.yaml +++ b/http/cves/2022/CVE-2022-0228.yaml @@ -26,12 +26,8 @@ info: vendor: sygnoos product: popup_builder framework: wordpress - shodan-query: - - http.html:"/wp-content/plugins/popup-builder/" - - http.html:"/wp-content/plugins/popup-builder" - fofa-query: - - body=/wp-content/plugins/popup-builder/ - - body="/wp-content/plugins/popup-builder" + shodan-query: http.html:/wp-content/plugins/popup-builder/ + fofa-query: body=/wp-content/plugins/popup-builder/ publicwww-query: /wp-content/plugins/popup-builder/ tags: time-based-sqli,cve2022,cve,wordpress,wp-plugin,wp,wpscan,popup-builder,sygnoos,sqli diff --git a/http/cves/2022/CVE-2022-0234.yaml b/http/cves/2022/CVE-2022-0234.yaml index cbef6a07179..c641f4e5d09 100644 --- a/http/cves/2022/CVE-2022-0234.yaml +++ b/http/cves/2022/CVE-2022-0234.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0234 cwe-id: CWE-79 - epss-score: 0.0259 - epss-percentile: 0.84828 + epss-score: 0.001 + epss-percentile: 0.41295 cpe: cpe:2.3:a:pluginus:woocs:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-0250.yaml b/http/cves/2022/CVE-2022-0250.yaml index e83310a8994..5f69bd870ff 100644 --- a/http/cves/2022/CVE-2022-0250.yaml +++ b/http/cves/2022/CVE-2022-0250.yaml @@ -22,14 +22,13 @@ info: epss-percentile: 0.39315 cpe: cpe:2.3:a:redirection-for-contact-form7:redirection_for_contact_form_7:*:*:*:*:*:wordpress:*:* metadata: + verifiedl: true max-request: 1 vendor: redirection-for-contact-form7 product: redirection_for_contact_form_7 framework: wordpress fofa-query: body="/wp-content/plugins/wpcf7-redirect" - verifiedl: true - shodan-query: http.html:"/wp-content/plugins/wpcf7-redirect" - tags: wpscan,cve,cve2022,wordpress,wp,wp-plugin,wpcf7,contact-form7,xss,redirection-for-contact-form7 + tags: cve,cve2022,wordpress,wp,wp-plugin,wpcf7,contact-form7,xss http: - method: GET diff --git a/http/cves/2022/CVE-2022-0271.yaml b/http/cves/2022/CVE-2022-0271.yaml index a770bdc1f3b..5ecb3586e27 100644 --- a/http/cves/2022/CVE-2022-0271.yaml +++ b/http/cves/2022/CVE-2022-0271.yaml @@ -29,13 +29,8 @@ info: vendor: thimpress product: learnpress framework: wordpress - shodan-query: - - http.html:"/wp-content/plugins/learnpress" - - http.html:"wp-content/plugins/learnpress" - fofa-query: - - body=/wp-content/plugins/learnpress - - body="/wp-content/plugins/learnpress" - - body="wp-content/plugins/learnpress" + shodan-query: http.html:/wp-content/plugins/learnpress + fofa-query: body=/wp-content/plugins/learnpress publicwww-query: /wp-content/plugins/learnpress tags: cve2022,cve,wp,wp-plugin,wordpress,learnpress,wpscan,xss,thimpress diff --git a/http/cves/2022/CVE-2022-0281.yaml b/http/cves/2022/CVE-2022-0281.yaml index f0cf946abe8..4a8428897af 100644 --- a/http/cves/2022/CVE-2022-0281.yaml +++ b/http/cves/2022/CVE-2022-0281.yaml @@ -28,7 +28,7 @@ info: vendor: microweber product: microweber shodan-query: - - http.favicon.hash:"780351152" + - http.favicon.hash:780351152 - http.html:"microweber" fofa-query: - body="microweber" diff --git a/http/cves/2022/CVE-2022-0288.yaml b/http/cves/2022/CVE-2022-0288.yaml index 08e9554a941..f456d80b6c7 100644 --- a/http/cves/2022/CVE-2022-0288.yaml +++ b/http/cves/2022/CVE-2022-0288.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2022-0288 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-0288 cwe-id: CWE-79 - epss-score: 0.03241 - epss-percentile: 0.86478 + epss-score: 0.00106 + epss-percentile: 0.43227 cpe: cpe:2.3:a:ad_inserter_pro_project:ad_inserter_pro:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-0342.yaml b/http/cves/2022/CVE-2022-0342.yaml index c127d72de87..44caecf65c6 100644 --- a/http/cves/2022/CVE-2022-0342.yaml +++ b/http/cves/2022/CVE-2022-0342.yaml @@ -17,15 +17,17 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0342 cwe-id: CWE-287 - epss-score: 0.91857 - epss-percentile: 0.99665 + epss-score: 0.08015 + epss-percentile: 0.94281 cpe: cpe:2.3:o:zyxel:usg40_firmware:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: zyxel product: usg40_firmware - fofa-query: body="/2fa-access.cgi" && body="zyxel zyxel_style1" + fofa-query: + - body="/2FA-access.cgi" && body="zyxel zyxel_style1" + - body="/2fa-access.cgi" && body="zyxel zyxel_style1" tags: cve2022,cve,zyxel,auth-bypass,router http: diff --git a/http/cves/2022/CVE-2022-0349.yaml b/http/cves/2022/CVE-2022-0349.yaml index bb96db16d1f..fb2a21ccaba 100644 --- a/http/cves/2022/CVE-2022-0349.yaml +++ b/http/cves/2022/CVE-2022-0349.yaml @@ -30,8 +30,6 @@ info: vendor: wpdeveloper product: notificationx framework: wordpress - fofa-query: body="/wp-content/plugins/notificationx" - shodan-query: http.html:"/wp-content/plugins/notificationx" tags: time-based-sqli,cve,cve2022,wordpress,wp-plugin,wp,sqli,notificationx,wpscan,wpdeveloper http: diff --git a/http/cves/2022/CVE-2022-0378.yaml b/http/cves/2022/CVE-2022-0378.yaml index 3c40d86eb34..9bc21719710 100644 --- a/http/cves/2022/CVE-2022-0378.yaml +++ b/http/cves/2022/CVE-2022-0378.yaml @@ -28,7 +28,7 @@ info: vendor: microweber product: microweber shodan-query: - - http.favicon.hash:"780351152" + - http.favicon.hash:780351152 - http.html:"microweber" fofa-query: - body="microweber" diff --git a/http/cves/2022/CVE-2022-0381.yaml b/http/cves/2022/CVE-2022-0381.yaml index 062012c5d60..c01c25fd027 100644 --- a/http/cves/2022/CVE-2022-0381.yaml +++ b/http/cves/2022/CVE-2022-0381.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0381 cwe-id: CWE-79 - epss-score: 0.07802 - epss-percentile: 0.91492 + epss-score: 0.00218 + epss-percentile: 0.59134 cpe: cpe:2.3:a:embed_swagger_project:embed_swagger:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2022/CVE-2022-0412.yaml b/http/cves/2022/CVE-2022-0412.yaml index 3cb433b3d68..ad7dad115b7 100644 --- a/http/cves/2022/CVE-2022-0412.yaml +++ b/http/cves/2022/CVE-2022-0412.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0412 cwe-id: CWE-89 - epss-score: 0.79499 - epss-percentile: 0.99016 + epss-score: 0.10259 + epss-percentile: 0.94816 cpe: cpe:2.3:a:templateinvaders:ti_woocommerce_wishlist:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -30,9 +30,6 @@ info: vendor: templateinvaders product: ti_woocommerce_wishlist framework: wordpress - fofa-query: body="/wp-content/plugins/ti-woocommerce-wishlist/" - publicwww-query: /wp-content/plugins/ti-woocommerce-wishlist/ - shodan-query: http.html:"/wp-content/plugins/ti-woocommerce-wishlist/" tags: time-based-sqli,cve2022,cve,sqli,ti-woocommerce-wishlist,wpscan,woocommerce,wordpress,wp-plugin,wp,templateinvaders http: diff --git a/http/cves/2022/CVE-2022-0415.yaml b/http/cves/2022/CVE-2022-0415.yaml index e2349939901..6a1ca85b619 100644 --- a/http/cves/2022/CVE-2022-0415.yaml +++ b/http/cves/2022/CVE-2022-0415.yaml @@ -31,13 +31,8 @@ info: shodan-query: - cpe:"cpe:2.3:a:gogs:gogs" - http.title:"sign in - gogs" - - http.title:"installation - gogs" - fofa-query: - - title="sign in - gogs" - - title="installation - gogs" - google-query: - - intitle:"sign in - gogs" - - intitle:"installation - gogs" + fofa-query: title="sign in - gogs" + google-query: intitle:"sign in - gogs" tags: cve,cve2022,rce,gogs,authenticated,huntr,intrusive http: diff --git a/http/cves/2022/CVE-2022-0424.yaml b/http/cves/2022/CVE-2022-0424.yaml index 44023d9b51f..efd562b6d9d 100644 --- a/http/cves/2022/CVE-2022-0424.yaml +++ b/http/cves/2022/CVE-2022-0424.yaml @@ -24,7 +24,7 @@ info: vendor: supsystic product: popup framework: wordpress - shodan-query: http.html:"/wp-content/plugins/popup-by-supsystic" + shodan-query: http.html:/wp-content/plugins/popup-by-supsystic fofa-query: body=/wp-content/plugins/popup-by-supsystic publicwww-query: "/wp-content/plugins/popup-by-supsystic" tags: wpscan,cve,cve2022,wp,wp-plugin,wordpress,disclosure,popup,supsystic diff --git a/http/cves/2022/CVE-2022-0432.yaml b/http/cves/2022/CVE-2022-0432.yaml index acef60581ed..620e23a74ff 100644 --- a/http/cves/2022/CVE-2022-0432.yaml +++ b/http/cves/2022/CVE-2022-0432.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0432 cwe-id: CWE-1321 - epss-score: 0.30275 - epss-percentile: 0.96415 + epss-score: 0.001 + epss-percentile: 0.41295 cpe: cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-0437.yaml b/http/cves/2022/CVE-2022-0437.yaml index 39292c9db8b..eee76e631e4 100644 --- a/http/cves/2022/CVE-2022-0437.yaml +++ b/http/cves/2022/CVE-2022-0437.yaml @@ -20,16 +20,14 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0437 cwe-id: CWE-79 - epss-score: 0.09268 - epss-percentile: 0.92296 + epss-score: 0.001 + epss-percentile: 0.40882 cpe: cpe:2.3:a:karma_project:karma:*:*:*:*:*:node.js:*:* metadata: max-request: 2 vendor: karma_project product: karma framework: node.js - shodan-query: http.html:"karma.conf.js" - fofa-query: body="karma.conf.js" tags: cve2022,cve,oss,huntr,karma,xss,karma_project,node.js http: diff --git a/http/cves/2022/CVE-2022-0441.yaml b/http/cves/2022/CVE-2022-0441.yaml index dad480f6b44..530e895b0e0 100644 --- a/http/cves/2022/CVE-2022-0441.yaml +++ b/http/cves/2022/CVE-2022-0441.yaml @@ -30,13 +30,6 @@ info: vendor: stylemixthemes product: masterstudy_lms framework: wordpress - fofa-query: - - body="wp-content/plugins/masterstudy-lms-learning-management-system/" - - body=/wp-content/plugins/masterstudy-lms-learning-management-system - shodan-query: - - http.html:"wp-content/plugins/masterstudy-lms-learning-management-system/" - - http.html:"/wp-content/plugins/masterstudy-lms-learning-management-system" - publicwww-query: /wp-content/plugins/masterstudy-lms-learning-management-system tags: cve2022,cve,wordpress,wp-plugin,wpscan,wp,unauth,stylemixthemes variables: username: "{{to_lower(rand_text_alphanumeric(6))}}" diff --git a/http/cves/2022/CVE-2022-0479.yaml b/http/cves/2022/CVE-2022-0479.yaml index b7fd8222abb..4f340ee2f57 100644 --- a/http/cves/2022/CVE-2022-0479.yaml +++ b/http/cves/2022/CVE-2022-0479.yaml @@ -10,15 +10,13 @@ info: Allows attackers to execute malicious SQL queries and inject scripts into web pages remediation: | Update Popup Builder Plugin to the latest secure version - reference: - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-0479 cwe-id: CWE-89 - epss-score: 0.43023 - epss-percentile: 0.97312 + epss-score: 0.0017 + epss-percentile: 0.53299 cpe: cpe:2.3:a:sygnoos:popup_builder:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,14 +24,9 @@ info: vendor: sygnoos product: popup_builder framework: wordpress - fofa-query: - - body="/wp-content/plugins/popup-builder" - - body=/wp-content/plugins/popup-builder/ - publicwww-query: /wp-content/plugins/popup-builder/ - shodan-query: - - http.html:"/wp-content/plugins/popup-builder" - - http.html:"/wp-content/plugins/popup-builder/" - tags: cve,cve2022,wp,wp-plugin,wordpress,popup-builder,xss,sqli,authenticated,sygnoos + fofa-query: body="/wp-content/plugins/popup-builder" + tags: cve,cve2022,wp,wp-plugin,wordpress,popup-builder,xss,sqli,authenticated + flow: http(1) && http(2) http: diff --git a/http/cves/2022/CVE-2022-0533.yaml b/http/cves/2022/CVE-2022-0533.yaml index 8deafd04833..f2573dc27f8 100644 --- a/http/cves/2022/CVE-2022-0533.yaml +++ b/http/cves/2022/CVE-2022-0533.yaml @@ -12,14 +12,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2022-0533 - https://vulners.com/cve/CVE-2022-0533 - https://plugins.trac.wordpress.org/changeset/2675223/ditty-news-ticker - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-0533 cwe-id: CWE-79 - epss-score: 0.02979 - epss-percentile: 0.85856 + epss-score: 0.001 + epss-percentile: 0.41295 cpe: cpe:2.3:a:metaphorcreations:ditty:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -27,7 +26,7 @@ info: vendor: metaphorcreations product: ditty framework: wordpress - shodan-query: http.html:"/wp-content/plugins/ditty-news-ticker/" + shodan-query: http.html:/wp-content/plugins/ditty-news-ticker/ fofa-query: body=/wp-content/plugins/ditty-news-ticker/ publicwww-query: "/wp-content/plugins/ditty-news-ticker/" tags: cve,cve2022,xss,ditty-news-ticker,wp,wordpress,wpscan,wp-plugin,authenticated,metaphorcreations diff --git a/http/cves/2022/CVE-2022-0535.yaml b/http/cves/2022/CVE-2022-0535.yaml index 6e41c38dc9c..56bd3a91a14 100644 --- a/http/cves/2022/CVE-2022-0535.yaml +++ b/http/cves/2022/CVE-2022-0535.yaml @@ -21,8 +21,8 @@ info: cvss-score: 4.8 cve-id: CVE-2022-0535 cwe-id: CWE-79 - epss-score: 0.01119 - epss-percentile: 0.77127 + epss-score: 0.00084 + epss-percentile: 0.34344 cpe: cpe:2.3:a:e2pdf:e2pdf:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-0540.yaml b/http/cves/2022/CVE-2022-0540.yaml index 02c026459b8..f67ba5b4bd1 100644 --- a/http/cves/2022/CVE-2022-0540.yaml +++ b/http/cves/2022/CVE-2022-0540.yaml @@ -27,7 +27,9 @@ info: max-request: 2 vendor: atlassian product: "jira_data_center" - shodan-query: http.component:"atlassian jira" + shodan-query: + - "http.component:\"Atlassian Jira\"" + - http.component:"atlassian jira" tags: cve,cve2022,atlassian,jira,exposure,auth-bypass http: diff --git a/http/cves/2022/CVE-2022-0591.yaml b/http/cves/2022/CVE-2022-0591.yaml index 2338d469553..2021cdee09b 100644 --- a/http/cves/2022/CVE-2022-0591.yaml +++ b/http/cves/2022/CVE-2022-0591.yaml @@ -13,16 +13,13 @@ info: reference: - https://wpscan.com/vulnerability/b5303e63-d640-4178-9237-d0f524b13d47 - https://nvd.nist.gov/vuln/detail/CVE-2022-0591 - - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/im-hanzou/FC3er - - https://github.com/nomi-sec/PoC-in-GitHub classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 9.1 cve-id: CVE-2022-0591 cwe-id: CWE-918 - epss-score: 0.82974 - epss-percentile: 0.99185 + epss-score: 0.03628 + epss-percentile: 0.90752 cpe: cpe:2.3:a:subtlewebinc:formcraft3:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-0592.yaml b/http/cves/2022/CVE-2022-0592.yaml index d5d13f43e53..a00ac4e23e7 100644 --- a/http/cves/2022/CVE-2022-0592.yaml +++ b/http/cves/2022/CVE-2022-0592.yaml @@ -8,17 +8,13 @@ info: The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users. reference: - https://wpscan.com/vulnerability/5d8d53ad-dc88-4b50-a292-fc447484c27b/ - - https://github.com/ARPSyndicate/cve-scores - - https://github.com/ARPSyndicate/cvemon - - https://github.com/20142995/nuclei-templates - - https://github.com/20142995/sectool classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-0592 cwe-id: CWE-89 - epss-score: 0.63004 - epss-percentile: 0.98253 + epss-score: 0.04446 + epss-percentile: 0.88469 cpe: cpe:2.3:a:mapsvg:mapsvg:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -27,7 +23,6 @@ info: product: mapsvg framework: wordpress fofa-query: body="/wp-content/plugins/mapsvg/" - shodan-query: http.html:"/wp-content/plugins/mapsvg/" tags: wpscan,cve,cve2022,mapsvg,wordpress,wp,wp-plugin,sqli,time-based-sqli,kev http: diff --git a/http/cves/2022/CVE-2022-0594.yaml b/http/cves/2022/CVE-2022-0594.yaml index d887dd4fa80..355a018c307 100644 --- a/http/cves/2022/CVE-2022-0594.yaml +++ b/http/cves/2022/CVE-2022-0594.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5.3 cve-id: CVE-2022-0594 cwe-id: CWE-863 - epss-score: 0.68996 - epss-percentile: 0.9852 + epss-score: 0.00188 + epss-percentile: 0.55305 cpe: cpe:2.3:a:shareaholic:shareaholic:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-0595.yaml b/http/cves/2022/CVE-2022-0595.yaml index 8a0a0fd53a3..24dc9a0223c 100644 --- a/http/cves/2022/CVE-2022-0595.yaml +++ b/http/cves/2022/CVE-2022-0595.yaml @@ -15,14 +15,13 @@ info: - https://plugins.trac.wordpress.org/changeset/2686614 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2022-0595 cwe-id: CWE-79 - epss-score: 0.09414 - epss-percentile: 0.92359 + epss-score: 0.00102 + epss-percentile: 0.40538 cpe: cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_-_contact_form_7:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2022/CVE-2022-0597.yaml b/http/cves/2022/CVE-2022-0597.yaml index 8e45a2e9713..91a128c1605 100644 --- a/http/cves/2022/CVE-2022-0597.yaml +++ b/http/cves/2022/CVE-2022-0597.yaml @@ -16,8 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0597 cwe-id: CWE-601 - epss-score: 0.00484 - epss-percentile: 0.64178 + epss-score: 0.00115 + epss-percentile: 0.45018 cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* metadata: verified: true @@ -25,7 +25,7 @@ info: vendor: microweber product: microweber shodan-query: - - http.favicon.hash:"780351152" + - http.favicon.hash:780351152 - http.html:"microweber" fofa-query: - body="microweber" diff --git a/http/cves/2022/CVE-2022-0651.yaml b/http/cves/2022/CVE-2022-0651.yaml index 0da34287864..4651102c4af 100644 --- a/http/cves/2022/CVE-2022-0651.yaml +++ b/http/cves/2022/CVE-2022-0651.yaml @@ -27,7 +27,7 @@ info: vendor: veronalabs product: wp_statistics framework: wordpress - shodan-query: http.html:"/wp-content/plugins/wp-statistics/" + shodan-query: http.html:/wp-content/plugins/wp-statistics/ fofa-query: body=/wp-content/plugins/wp-statistics/ publicwww-query: /wp-content/plugins/wp-statistics/ google-query: inurl:/wp-content/plugins/wp-statistics diff --git a/http/cves/2022/CVE-2022-0653.yaml b/http/cves/2022/CVE-2022-0653.yaml index 1a7914179c2..f1f15d56f8b 100644 --- a/http/cves/2022/CVE-2022-0653.yaml +++ b/http/cves/2022/CVE-2022-0653.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0653 cwe-id: CWE-79 - epss-score: 0.0565 - epss-percentile: 0.89873 + epss-score: 0.00206 + epss-percentile: 0.58565 cpe: cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-0660.yaml b/http/cves/2022/CVE-2022-0660.yaml index 011b28d9562..81097a4662b 100644 --- a/http/cves/2022/CVE-2022-0660.yaml +++ b/http/cves/2022/CVE-2022-0660.yaml @@ -30,7 +30,7 @@ info: vendor: microweber product: microweber shodan-query: - - http.favicon.hash:"780351152" + - http.favicon.hash:780351152 - http.html:"microweber" fofa-query: - body="microweber" diff --git a/http/cves/2022/CVE-2022-0666.yaml b/http/cves/2022/CVE-2022-0666.yaml index 4155e70dd7a..072f33f3c56 100644 --- a/http/cves/2022/CVE-2022-0666.yaml +++ b/http/cves/2022/CVE-2022-0666.yaml @@ -10,15 +10,11 @@ info: - https://github.com/microweber/microweber/commit/f0e338f1b7dc5ec9d99231f4ed3fa6245a5eb128 - https://huntr.dev/bounties/7215afc7-9133-4749-8e8e-0569317dbd55 - https://nvd.nist.gov/vuln/detail/CVE-2022-0666 - - https://github.com/NaInSec/CVE-PoC-in-GitHub - - https://github.com/WhooAmii/POC_to_review classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-0666 cwe-id: CWE-93 - epss-score: 0.1701 - epss-percentile: 0.94605 cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* metadata: verified: true @@ -26,7 +22,7 @@ info: vendor: microweber product: microweber shodan-query: - - http.favicon.hash:"780351152" + - http.favicon.hash:780351152 - http.html:"microweber" fofa-query: - icon_hash=780351152 diff --git a/http/cves/2022/CVE-2022-0678.yaml b/http/cves/2022/CVE-2022-0678.yaml index ee7bf5b86ff..2a39559f39a 100644 --- a/http/cves/2022/CVE-2022-0678.yaml +++ b/http/cves/2022/CVE-2022-0678.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0678 cwe-id: CWE-79 - epss-score: 0.00666 - epss-percentile: 0.70125 + epss-score: 0.00138 + epss-percentile: 0.49247 cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* metadata: verified: true @@ -30,7 +30,7 @@ info: vendor: microweber product: microweber shodan-query: - - http.favicon.hash:"780351152" + - http.favicon.hash:780351152 - http.html:"microweber" fofa-query: - body="microweber" diff --git a/http/cves/2022/CVE-2022-0679.yaml b/http/cves/2022/CVE-2022-0679.yaml index 9c67f04ce45..3f0c0b65fd0 100644 --- a/http/cves/2022/CVE-2022-0679.yaml +++ b/http/cves/2022/CVE-2022-0679.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0679 cwe-id: CWE-22 - epss-score: 0.80857 - epss-percentile: 0.99086 + epss-score: 0.03099 + epss-percentile: 0.90827 cpe: cpe:2.3:a:narnoo_distributor_project:narnoo_distributor:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-0693.yaml b/http/cves/2022/CVE-2022-0693.yaml index 6019dab1373..1fd89acbe14 100644 --- a/http/cves/2022/CVE-2022-0693.yaml +++ b/http/cves/2022/CVE-2022-0693.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0693 cwe-id: CWE-89 - epss-score: 0.67412 - epss-percentile: 0.98443 + epss-score: 0.02367 + epss-percentile: 0.89814 cpe: cpe:2.3:a:devbunch:master_elements:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-0735.yaml b/http/cves/2022/CVE-2022-0735.yaml index dfff7cb5907..88ed7f8d4a5 100644 --- a/http/cves/2022/CVE-2022-0735.yaml +++ b/http/cves/2022/CVE-2022-0735.yaml @@ -28,14 +28,10 @@ info: vendor: gitlab product: gitlab shodan-query: - - http.title:"gitlab" + - http.title:"GitLab" - cpe:"cpe:2.3:a:gitlab:gitlab" - - http.html:"gitlab enterprise edition" - - http.html:"gitlab-ci.yml" - fofa-query: - - title="gitlab" - - body="gitlab enterprise edition" - - body="gitlab-ci.yml" + - http.title:"gitlab" + fofa-query: title="gitlab" google-query: intitle:"gitlab" tags: cve,cve2022,gitlab diff --git a/http/cves/2022/CVE-2022-0769.yaml b/http/cves/2022/CVE-2022-0769.yaml index f9cb7155c52..29b80e9f429 100644 --- a/http/cves/2022/CVE-2022-0769.yaml +++ b/http/cves/2022/CVE-2022-0769.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0769 cwe-id: CWE-89 - epss-score: 0.77003 - epss-percentile: 0.98891 + epss-score: 0.02367 + epss-percentile: 0.89814 cpe: cpe:2.3:a:usersultra:users_ultra:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-0773.yaml b/http/cves/2022/CVE-2022-0773.yaml index 7cb00708938..4a85e1f02fc 100644 --- a/http/cves/2022/CVE-2022-0773.yaml +++ b/http/cves/2022/CVE-2022-0773.yaml @@ -14,15 +14,13 @@ info: - https://wpscan.com/vulnerability/55b89de0-30ed-4f98-935e-51f069faf6fc - https://wordpress.org/plugins/documentor-lite/ - https://nvd.nist.gov/vuln/detail/CVE-2022-0773 - - https://github.com/ARPSyndicate/cvemon - - https://github.com/cyllective/CVEs classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-0773 cwe-id: CWE-89 - epss-score: 0.79057 - epss-percentile: 0.98995 + epss-score: 0.05057 + epss-percentile: 0.92125 cpe: cpe:2.3:a:documentor_project:documentor:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-0781.yaml b/http/cves/2022/CVE-2022-0781.yaml index c3b30bcb770..54d6ddd5d26 100644 --- a/http/cves/2022/CVE-2022-0781.yaml +++ b/http/cves/2022/CVE-2022-0781.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0781 cwe-id: CWE-89 - epss-score: 0.87228 - epss-percentile: 0.99397 + epss-score: 0.01278 + epss-percentile: 0.85709 cpe: cpe:2.3:a:nirweb:nirweb_support:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-0784.yaml b/http/cves/2022/CVE-2022-0784.yaml index 42a42ff869a..eba6f17ef02 100644 --- a/http/cves/2022/CVE-2022-0784.yaml +++ b/http/cves/2022/CVE-2022-0784.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0784 cwe-id: CWE-89 - epss-score: 0.65685 - epss-percentile: 0.98373 + epss-score: 0.04043 + epss-percentile: 0.91894 cpe: cpe:2.3:a:title_experiments_free_project:title_experiments_free:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-0785.yaml b/http/cves/2022/CVE-2022-0785.yaml index 50e0378c771..2d05d9cb220 100644 --- a/http/cves/2022/CVE-2022-0785.yaml +++ b/http/cves/2022/CVE-2022-0785.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0785 cwe-id: CWE-89 - epss-score: 0.64708 - epss-percentile: 0.98329 + epss-score: 0.04032 + epss-percentile: 0.92073 cpe: cpe:2.3:a:daily_prayer_time_project:daily_prayer_time:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-0786.yaml b/http/cves/2022/CVE-2022-0786.yaml index b0c7df85fe8..71bba73bad7 100644 --- a/http/cves/2022/CVE-2022-0786.yaml +++ b/http/cves/2022/CVE-2022-0786.yaml @@ -30,8 +30,6 @@ info: vendor: iqonic product: kivicare framework: wordpress - fofa-query: body="/wp-content/plugins/kivicare-clinic-management-system" - shodan-query: http.html:"/wp-content/plugins/kivicare-clinic-management-system" tags: time-based-sqli,cve,cve2022,sqli,kivicare-clinic-management-system,unauth,wordpress,wp-plugin,wp,wpscan,iqonic http: diff --git a/http/cves/2022/CVE-2022-0788.yaml b/http/cves/2022/CVE-2022-0788.yaml index 1b7f315b016..8cccdc276a9 100644 --- a/http/cves/2022/CVE-2022-0788.yaml +++ b/http/cves/2022/CVE-2022-0788.yaml @@ -21,14 +21,14 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0788 cwe-id: CWE-89 - epss-score: 0.5867 - epss-percentile: 0.98062 - cpe: cpe:2.3:a:wpmet:fundengine:*:*:*:*:*:wordpress:*:* + epss-score: 0.03633 + epss-percentile: 0.91467 + cpe: cpe:2.3:a:wpmet:wp_fundraising_donation_and_crowdfunding_platform:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 1 vendor: wpmet - product: fundengine + product: wp_fundraising_donation_and_crowdfunding_platform framework: wordpress tags: time-based-sqli,cve,cve2022,sqli,wordpress,wp-plugin,wp,wp-fundraising-donation,unauth,wpscan,wpmet diff --git a/http/cves/2022/CVE-2022-0814.yaml b/http/cves/2022/CVE-2022-0814.yaml index 6f8ab629234..ce4f0aafb3e 100644 --- a/http/cves/2022/CVE-2022-0814.yaml +++ b/http/cves/2022/CVE-2022-0814.yaml @@ -12,14 +12,13 @@ info: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0814 - https://wordpress.org/plugins/ubigeo-peru/ - https://github.com/cyllective/CVEs - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-0814 cwe-id: CWE-89 - epss-score: 0.78961 - epss-percentile: 0.9899 + epss-score: 0.03633 + epss-percentile: 0.91467 cpe: cpe:2.3:a:ubigeo_de_peru_para_woocommerce_project:ubigeo_de_peru_para_woocommerce:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -27,7 +26,7 @@ info: vendor: ubigeo_de_peru_para_woocommerce_project product: ubigeo_de_peru_para_woocommerce framework: wordpress - shodan-query: http.html:"/wp-content/plugins/ubigeo-peru/" + shodan-query: http.html:/wp-content/plugins/ubigeo-peru/ fofa-query: body=/wp-content/plugins/ubigeo-peru/ publicwww-query: "/wp-content/plugins/ubigeo-peru/" tags: cve,cve2022,wordpress,wpscan,wp-plugin,sqli,ubigeo-peru,unauth,ubigeo_de_peru_para_woocommerce_project diff --git a/http/cves/2022/CVE-2022-0824.yaml b/http/cves/2022/CVE-2022-0824.yaml index 107a5cf3a6e..e3304a78f38 100644 --- a/http/cves/2022/CVE-2022-0824.yaml +++ b/http/cves/2022/CVE-2022-0824.yaml @@ -20,8 +20,8 @@ info: cvss-score: 8.8 cve-id: CVE-2022-0824 cwe-id: CWE-284,CWE-863 - epss-score: 0.93145 - epss-percentile: 0.99779 + epss-score: 0.97246 + epss-percentile: 0.99819 cpe: cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2022/CVE-2022-0826.yaml b/http/cves/2022/CVE-2022-0826.yaml index 2ae2c9b6c59..4d18c904dc6 100644 --- a/http/cves/2022/CVE-2022-0826.yaml +++ b/http/cves/2022/CVE-2022-0826.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0826 cwe-id: CWE-89 - epss-score: 0.81128 - epss-percentile: 0.99096 + epss-score: 0.04032 + epss-percentile: 0.92073 cpe: cpe:2.3:a:wp-video-gallery-free_project:wp-video-gallery-free:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-0864.yaml b/http/cves/2022/CVE-2022-0864.yaml index 92000e9194f..2a07189708d 100644 --- a/http/cves/2022/CVE-2022-0864.yaml +++ b/http/cves/2022/CVE-2022-0864.yaml @@ -15,14 +15,13 @@ info: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0864 - https://wordpress.org/plugins/updraftplus - https://github.com/ARPSyndicate/cvemon - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-0864 cwe-id: CWE-79 - epss-score: 0.02822 - epss-percentile: 0.85459 + epss-score: 0.00242 + epss-percentile: 0.63565 cpe: cpe:2.3:a:updraftplus:updraftplus:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-0867.yaml b/http/cves/2022/CVE-2022-0867.yaml index a9cb69efc81..a76cb79a4ab 100644 --- a/http/cves/2022/CVE-2022-0867.yaml +++ b/http/cves/2022/CVE-2022-0867.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0867 cwe-id: CWE-89 - epss-score: 0.88071 - epss-percentile: 0.99434 + epss-score: 0.09183 + epss-percentile: 0.9451 cpe: cpe:2.3:a:reputeinfosystems:pricing_table:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-0869.yaml b/http/cves/2022/CVE-2022-0869.yaml index 0f2b1b637b8..0fc3b42b63d 100644 --- a/http/cves/2022/CVE-2022-0869.yaml +++ b/http/cves/2022/CVE-2022-0869.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-0869 cwe-id: CWE-601 - epss-score: 0.03835 - epss-percentile: 0.87597 + epss-score: 0.00115 + epss-percentile: 0.45018 cpe: cpe:2.3:a:spirit-project:spirit:*:*:*:*:*:*:*:* metadata: max-request: 4 diff --git a/http/cves/2022/CVE-2022-0870.yaml b/http/cves/2022/CVE-2022-0870.yaml index 26e4f9948e0..f6bd93ee989 100644 --- a/http/cves/2022/CVE-2022-0870.yaml +++ b/http/cves/2022/CVE-2022-0870.yaml @@ -31,13 +31,8 @@ info: shodan-query: - cpe:"cpe:2.3:a:gogs:gogs" - http.title:"sign in - gogs" - - http.title:"installation - gogs" - fofa-query: - - title="sign in - gogs" - - title="installation - gogs" - google-query: - - intitle:"sign in - gogs" - - intitle:"installation - gogs" + fofa-query: title="sign in - gogs" + google-query: intitle:"sign in - gogs" tags: cve,cve2022,ssrf,gogs,authenticated,huntr http: diff --git a/http/cves/2022/CVE-2022-0885.yaml b/http/cves/2022/CVE-2022-0885.yaml index 563656d040f..633534045a3 100644 --- a/http/cves/2022/CVE-2022-0885.yaml +++ b/http/cves/2022/CVE-2022-0885.yaml @@ -19,9 +19,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-0885 - cwe-id: CWE-94 - epss-score: 0.89157 - epss-percentile: 0.99496 + cwe-id: CWE-862 + epss-score: 0.28394 + epss-percentile: 0.96849 cpe: cpe:2.3:a:memberhero:member_hero:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-0899.yaml b/http/cves/2022/CVE-2022-0899.yaml index 09cef576aaa..72f05c49fd0 100644 --- a/http/cves/2022/CVE-2022-0899.yaml +++ b/http/cves/2022/CVE-2022-0899.yaml @@ -9,14 +9,13 @@ info: reference: - https://wpscan.com/vulnerability/1772417a-1abb-4d97-9694-1254840defd1 - https://nvd.nist.gov/vuln/detail/CVE-2022-0899 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-0899 cwe-id: CWE-79 - epss-score: 0.30397 - epss-percentile: 0.96429 + epss-score: 0.00106 + epss-percentile: 0.42122 cpe: cpe:2.3:a:draftpress:header_footer_code_manager:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-0928.yaml b/http/cves/2022/CVE-2022-0928.yaml index 87c36bd1be8..2dec40488c1 100644 --- a/http/cves/2022/CVE-2022-0928.yaml +++ b/http/cves/2022/CVE-2022-0928.yaml @@ -21,8 +21,8 @@ info: cvss-score: 5.4 cve-id: CVE-2022-0928 cwe-id: CWE-79 - epss-score: 0.04709 - epss-percentile: 0.8882 + epss-score: 0.00144 + epss-percentile: 0.50194 cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* metadata: verified: true @@ -30,7 +30,7 @@ info: vendor: microweber product: microweber shodan-query: - - http.favicon.hash:"780351152" + - http.favicon.hash:780351152 - http.html:"microweber" fofa-query: - body="microweber" diff --git a/http/cves/2022/CVE-2022-0948.yaml b/http/cves/2022/CVE-2022-0948.yaml index 6f281b59b59..e9708fe1ecc 100644 --- a/http/cves/2022/CVE-2022-0948.yaml +++ b/http/cves/2022/CVE-2022-0948.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0948 cwe-id: CWE-89 - epss-score: 0.70065 - epss-percentile: 0.98564 + epss-score: 0.04964 + epss-percentile: 0.92058 cpe: cpe:2.3:a:pluginbazaar:order_listener_for_woocommerce:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-0949.yaml b/http/cves/2022/CVE-2022-0949.yaml index 646f9a8ac0f..4491755a8cc 100644 --- a/http/cves/2022/CVE-2022-0949.yaml +++ b/http/cves/2022/CVE-2022-0949.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-0949 cwe-id: CWE-89 - epss-score: 0.79292 - epss-percentile: 0.99006 + epss-score: 0.04032 + epss-percentile: 0.92073 cpe: cpe:2.3:a:stopbadbots:block_and_stop_bad_bots:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-0954.yaml b/http/cves/2022/CVE-2022-0954.yaml index f3ca5f2b256..2c9bfa54ca7 100644 --- a/http/cves/2022/CVE-2022-0954.yaml +++ b/http/cves/2022/CVE-2022-0954.yaml @@ -21,8 +21,8 @@ info: cvss-score: 5.4 cve-id: CVE-2022-0954 cwe-id: CWE-79 - epss-score: 0.05808 - epss-percentile: 0.90036 + epss-score: 0.00144 + epss-percentile: 0.50194 cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* metadata: verified: true @@ -30,7 +30,7 @@ info: vendor: microweber product: microweber shodan-query: - - http.favicon.hash:"780351152" + - http.favicon.hash:780351152 - http.html:"microweber" fofa-query: - body="microweber" diff --git a/http/cves/2022/CVE-2022-0963.yaml b/http/cves/2022/CVE-2022-0963.yaml index a3166035cf1..59538030854 100644 --- a/http/cves/2022/CVE-2022-0963.yaml +++ b/http/cves/2022/CVE-2022-0963.yaml @@ -19,8 +19,8 @@ info: cvss-score: 5.4 cve-id: CVE-2022-0963 cwe-id: CWE-79 - epss-score: 0.04641 - epss-percentile: 0.88739 + epss-score: 0.00144 + epss-percentile: 0.50194 cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* metadata: verified: true @@ -28,7 +28,7 @@ info: vendor: microweber product: microweber shodan-query: - - http.favicon.hash:"780351152" + - http.favicon.hash:780351152 - http.html:"microweber" fofa-query: - body="microweber" diff --git a/http/cves/2022/CVE-2022-0968.yaml b/http/cves/2022/CVE-2022-0968.yaml index 524f325e8d9..9650d413e21 100644 --- a/http/cves/2022/CVE-2022-0968.yaml +++ b/http/cves/2022/CVE-2022-0968.yaml @@ -20,15 +20,15 @@ info: cvss-score: 5.5 cve-id: CVE-2022-0968 cwe-id: CWE-190 - epss-score: 0.01127 - epss-percentile: 0.77214 + epss-score: 0.00076 + epss-percentile: 0.32297 cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* metadata: max-request: 3 vendor: microweber product: microweber shodan-query: - - http.favicon.hash:"780351152" + - http.favicon.hash:780351152 - http.html:"microweber" fofa-query: - body="microweber" diff --git a/http/cves/2022/CVE-2022-1007.yaml b/http/cves/2022/CVE-2022-1007.yaml index 625344d7ec3..27ee707ddc1 100644 --- a/http/cves/2022/CVE-2022-1007.yaml +++ b/http/cves/2022/CVE-2022-1007.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-1007 cwe-id: CWE-79 - epss-score: 0.02539 - epss-percentile: 0.84681 + epss-score: 0.001 + epss-percentile: 0.41295 cpe: cpe:2.3:a:elbtide:advanced_booking_calendar:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-1020.yaml b/http/cves/2022/CVE-2022-1020.yaml index dfa1f9df29f..a89c61728ab 100644 --- a/http/cves/2022/CVE-2022-1020.yaml +++ b/http/cves/2022/CVE-2022-1020.yaml @@ -12,16 +12,13 @@ info: reference: - https://wpscan.com/vulnerability/04fe89b3-8ad1-482f-a96d-759d1d3a0dd5 - https://nvd.nist.gov/vuln/detail/CVE-2022-1020 - - https://github.com/20142995/nuclei-templates - - https://github.com/20142995/sectool - - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-1020 cwe-id: CWE-352 - epss-score: 0.88626 - epss-percentile: 0.99463 + epss-score: 0.01578 + epss-percentile: 0.8591 cpe: cpe:2.3:a:codeastrology:woo_product_table:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-1040.yaml b/http/cves/2022/CVE-2022-1040.yaml index b3592736fb2..13bd9accb66 100644 --- a/http/cves/2022/CVE-2022-1040.yaml +++ b/http/cves/2022/CVE-2022-1040.yaml @@ -21,15 +21,17 @@ info: cvss-score: 9.8 cve-id: CVE-2022-1040 cwe-id: CWE-287 - epss-score: 0.94423 - epss-percentile: 0.99977 + epss-score: 0.97434 + epss-percentile: 0.99939 cpe: cpe:2.3:o:sophos:sfos:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: sophos product: sfos - shodan-query: http.title:"sophos" + shodan-query: + - http.title:"Sophos" + - http.title:"sophos" fofa-query: title="sophos" google-query: intitle:"sophos" tags: cve,cve2022,sophos,firewall,auth-bypass,rce,kev diff --git a/http/cves/2022/CVE-2022-1054.yaml b/http/cves/2022/CVE-2022-1054.yaml index abd899da6ea..4eaee65e1c3 100644 --- a/http/cves/2022/CVE-2022-1054.yaml +++ b/http/cves/2022/CVE-2022-1054.yaml @@ -13,14 +13,13 @@ info: - https://wpscan.com/vulnerability/95a5fad1-e823-4571-8640-19bf5436578d - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2022-1054 cwe-id: CWE-862 - epss-score: 0.26704 - epss-percentile: 0.96051 + epss-score: 0.00292 + epss-percentile: 0.69101 cpe: cpe:2.3:a:wpchill:rsvp_and_event_management:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-1058.yaml b/http/cves/2022/CVE-2022-1058.yaml index 819cc9093a7..d57782197e4 100644 --- a/http/cves/2022/CVE-2022-1058.yaml +++ b/http/cves/2022/CVE-2022-1058.yaml @@ -14,15 +14,13 @@ info: - https://github.com/go-gitea/gitea/commit/e3d8e92bdc67562783de9a76b5b7842b68daeb48 - https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d - https://nvd.nist.gov/vuln/detail/CVE-2022-1058 - - https://github.com/ARPSyndicate/cvemon - - https://github.com/cokeBeer/go-cves classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-1058 cwe-id: CWE-601 - epss-score: 0.08779 - epss-percentile: 0.92041 + epss-score: 0.001 + epss-percentile: 0.40832 cpe: cpe:2.3:a:gitea:gitea:*:*:*:*:*:*:*:* metadata: verified: true @@ -30,19 +28,14 @@ info: vendor: gitea product: gitea shodan-query: - - http.title:"gitea" + - title:"Gitea" - http.html:"powered by gitea version" + - http.title:"gitea" - cpe:"cpe:2.3:a:gitea:gitea" - - http.html:"powered by gitea" - - 'http.title:"installation - gitea: git with a cup of tea"' fofa-query: - body="powered by gitea version" - title="gitea" - - body="powered by gitea" - - 'title="installation - gitea: git with a cup of tea"' - google-query: - - intitle:"gitea" - - 'intitle:"installation - gitea: git with a cup of tea"' + google-query: intitle:"gitea" tags: cve,cve2022,huntr,open-redirect,gitea http: diff --git a/http/cves/2022/CVE-2022-1119.yaml b/http/cves/2022/CVE-2022-1119.yaml index 7a773479f05..3a0c20c5aef 100644 --- a/http/cves/2022/CVE-2022-1119.yaml +++ b/http/cves/2022/CVE-2022-1119.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-1119 cwe-id: CWE-22 - epss-score: 0.9133 - epss-percentile: 0.99627 + epss-score: 0.41577 + epss-percentile: 0.97306 cpe: cpe:2.3:a:simplefilelist:simple-file-list:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-1162.yaml b/http/cves/2022/CVE-2022-1162.yaml index 1b852096ea4..68e151a2b5c 100644 --- a/http/cves/2022/CVE-2022-1162.yaml +++ b/http/cves/2022/CVE-2022-1162.yaml @@ -15,26 +15,22 @@ info: - http://packetstormsecurity.com/files/166828/Gitlab-14.9-Authentication-Bypass.html - https://nvd.nist.gov/vuln/detail/cve-2022-1162 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N - cvss-score: 9.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2022-1162 cwe-id: CWE-798 - epss-score: 0.9106 - epss-percentile: 0.99608 + epss-score: 0.24455 + epss-percentile: 0.96514 cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* metadata: max-request: 1 vendor: gitlab product: gitlab shodan-query: - - http.title:"gitlab" + - http.title:"GitLab" - cpe:"cpe:2.3:a:gitlab:gitlab" - - http.html:"gitlab enterprise edition" - - http.html:"gitlab-ci.yml" - fofa-query: - - title="gitlab" - - body="gitlab enterprise edition" - - body="gitlab-ci.yml" + - http.title:"gitlab" + fofa-query: title="gitlab" google-query: intitle:"gitlab" tags: cve,cve2022,gitlab,packetstorm diff --git a/http/cves/2022/CVE-2022-1168.yaml b/http/cves/2022/CVE-2022-1168.yaml index 190ee059700..5d4ceb6b328 100644 --- a/http/cves/2022/CVE-2022-1168.yaml +++ b/http/cves/2022/CVE-2022-1168.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-1168 cwe-id: CWE-79 - epss-score: 0.02589 - epss-percentile: 0.84827 + epss-score: 0.001 + epss-percentile: 0.40139 cpe: cpe:2.3:a:eyecix:jobsearch_wp_job_board:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-1170.yaml b/http/cves/2022/CVE-2022-1170.yaml index a8c51317a89..3d3aca358ee 100644 --- a/http/cves/2022/CVE-2022-1170.yaml +++ b/http/cves/2022/CVE-2022-1170.yaml @@ -10,14 +10,13 @@ info: - https://wpscan.com/vulnerability/2ecb18e6-b575-4a20-bd31-94d24f1d1efc - https://nvd.nist.gov/vuln/detail/CVE-2022-1170 - https://themeforest.net/item/jobmonster-job-board-wordpress-theme/10965446 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-1170 cwe-id: CWE-79 - epss-score: 0.01402 - epss-percentile: 0.79465 + epss-score: 0.001 + epss-percentile: 0.40139 cpe: cpe:2.3:a:nootheme:jobmonster:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -25,7 +24,7 @@ info: vendor: nootheme product: jobmonster framework: wordpress - shodan-query: http.html:"/wp-content/themes/noo-jobmonster" + shodan-query: http.html:/wp-content/themes/noo-jobmonster fofa-query: body=/wp-content/themes/noo-jobmonster publicwww-query: "/wp-content/themes/noo-jobmonster" tags: cve,cve2022,wpscan,wp,wp-theme,wordpress,xss,jobmonster,nootheme diff --git a/http/cves/2022/CVE-2022-1329.yaml b/http/cves/2022/CVE-2022-1329.yaml index 8ba46960fae..f67ebf765cf 100644 --- a/http/cves/2022/CVE-2022-1329.yaml +++ b/http/cves/2022/CVE-2022-1329.yaml @@ -20,8 +20,8 @@ info: cvss-score: 8.8 cve-id: CVE-2022-1329 cwe-id: CWE-434,CWE-862 - epss-score: 0.93475 - epss-percentile: 0.99813 + epss-score: 0.96342 + epss-percentile: 0.9955 cpe: cpe:2.3:a:elementor:website_builder:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -29,9 +29,6 @@ info: vendor: elementor product: website_builder framework: wordpress - publicwww-query: /wp-content/plugins/elementor/ - shodan-query: http.html:"/wp-content/plugins/elementor/" - fofa-query: body=/wp-content/plugins/elementor/ tags: cve2022,cve,rce,wordpress,wp-plugin,wp,elementor,authenticated,intrusive,fileupload http: diff --git a/http/cves/2022/CVE-2022-1386.yaml b/http/cves/2022/CVE-2022-1386.yaml index ac9fda2ee0f..8bbad87b39c 100644 --- a/http/cves/2022/CVE-2022-1386.yaml +++ b/http/cves/2022/CVE-2022-1386.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-1386 cwe-id: CWE-918 - epss-score: 0.93324 - epss-percentile: 0.99797 + epss-score: 0.26067 + epss-percentile: 0.96717 cpe: cpe:2.3:a:fusion_builder_project:fusion_builder:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2022/CVE-2022-1388.yaml b/http/cves/2022/CVE-2022-1388.yaml index d9931e7c3be..b8124855abc 100644 --- a/http/cves/2022/CVE-2022-1388.yaml +++ b/http/cves/2022/CVE-2022-1388.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-1388 cwe-id: CWE-306 - epss-score: 0.94456 - epss-percentile: 0.99991 + epss-score: 0.97477 + epss-percentile: 0.99964 cpe: cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* metadata: verified: true @@ -30,11 +30,9 @@ info: vendor: f5 product: big-ip_access_policy_manager shodan-query: + - http.title:"BIG-IP®-+Redirect" +"Server" - http.title:"big-ip®-+redirect" +"server" - - http.html:"big-ip apm" - fofa-query: - - title="big-ip®-+redirect" +"server" - - body="big-ip apm" + fofa-query: title="big-ip®-+redirect" +"server" google-query: intitle:"big-ip®-+redirect" +"server" tags: cve,cve2022,f5,bigip,rce,mirai,kev variables: diff --git a/http/cves/2022/CVE-2022-1390.yaml b/http/cves/2022/CVE-2022-1390.yaml index 86c823bd897..422a12ab66c 100644 --- a/http/cves/2022/CVE-2022-1390.yaml +++ b/http/cves/2022/CVE-2022-1390.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-1390 cwe-id: CWE-22 - epss-score: 0.91002 - epss-percentile: 0.99606 + epss-score: 0.96052 + epss-percentile: 0.99452 cpe: cpe:2.3:a:admin_word_count_column_project:admin_word_count_column:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-1391.yaml b/http/cves/2022/CVE-2022-1391.yaml index b1a4371179e..ae901b53765 100644 --- a/http/cves/2022/CVE-2022-1391.yaml +++ b/http/cves/2022/CVE-2022-1391.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-1391 cwe-id: CWE-22 - epss-score: 0.66708 - epss-percentile: 0.98418 + epss-score: 0.03037 + epss-percentile: 0.90957 cpe: cpe:2.3:a:kanev:cab_fare_calculator:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-1392.yaml b/http/cves/2022/CVE-2022-1392.yaml index b57b4ad8baa..3144ced5540 100644 --- a/http/cves/2022/CVE-2022-1392.yaml +++ b/http/cves/2022/CVE-2022-1392.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-1392 cwe-id: CWE-22 - epss-score: 0.65164 - epss-percentile: 0.9835 + epss-score: 0.01514 + epss-percentile: 0.86976 cpe: cpe:2.3:a:commoninja:videos_sync_pdf:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-1439.yaml b/http/cves/2022/CVE-2022-1439.yaml index 18ad2f752dc..41dda53fde4 100644 --- a/http/cves/2022/CVE-2022-1439.yaml +++ b/http/cves/2022/CVE-2022-1439.yaml @@ -20,15 +20,15 @@ info: cvss-score: 6.1 cve-id: CVE-2022-1439 cwe-id: CWE-79 - epss-score: 0.38259 - epss-percentile: 0.97028 + epss-score: 0.001 + epss-percentile: 0.41295 cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: microweber product: microweber shodan-query: - - http.favicon.hash:"780351152" + - http.favicon.hash:780351152 - http.html:"microweber" fofa-query: - body="microweber" diff --git a/http/cves/2022/CVE-2022-1442.yaml b/http/cves/2022/CVE-2022-1442.yaml index 846c83901dd..8e9a4f09cba 100644 --- a/http/cves/2022/CVE-2022-1442.yaml +++ b/http/cves/2022/CVE-2022-1442.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-1442 cwe-id: CWE-862 - epss-score: 0.85195 - epss-percentile: 0.99294 + epss-score: 0.04148 + epss-percentile: 0.92177 cpe: cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-1574.yaml b/http/cves/2022/CVE-2022-1574.yaml index 8f1a474b17c..42803ac499c 100644 --- a/http/cves/2022/CVE-2022-1574.yaml +++ b/http/cves/2022/CVE-2022-1574.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-1574 cwe-id: CWE-352 - epss-score: 0.74987 - epss-percentile: 0.98794 + epss-score: 0.05961 + epss-percentile: 0.93455 cpe: cpe:2.3:a:html2wp_project:html2wp:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-1580.yaml b/http/cves/2022/CVE-2022-1580.yaml index c9c85535c72..1265956c2f2 100644 --- a/http/cves/2022/CVE-2022-1580.yaml +++ b/http/cves/2022/CVE-2022-1580.yaml @@ -24,9 +24,9 @@ info: vendor: freehtmldesigns product: "site_offline" framework: wordpress - shodan-query: http.html:"/wp-content/plugins/site-offline/" - fofa-query: body=/wp-content/plugins/site-offline/ publicwww-query: "/wp-content/plugins/site-offline/" + shodan-query: http.html:/wp-content/plugins/site-offline/ + fofa-query: body=/wp-content/plugins/site-offline/ tags: cve,cve2022,wpscan,site-offline,wordpress,wp-plugin,wp,freehtmldesigns flow: http(1) && http(2) diff --git a/http/cves/2022/CVE-2022-1595.yaml b/http/cves/2022/CVE-2022-1595.yaml index 0797d42ddbf..2879fd9d781 100644 --- a/http/cves/2022/CVE-2022-1595.yaml +++ b/http/cves/2022/CVE-2022-1595.yaml @@ -12,15 +12,13 @@ info: - https://wpscan.com/vulnerability/0218c90c-8f79-4f37-9a6f-60cf2f47d47b - https://wordpress.org/plugins/hc-custom-wp-admin-url/ - https://nvd.nist.gov/vuln/detail/CVE-2022-1595 - - https://github.com/bhavesh-pardhi/One-Liner - - https://github.com/0xPugal/One-Liners classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2022-1595 cwe-id: CWE-200 - epss-score: 0.14143 - epss-percentile: 0.93986 + epss-score: 0.0016 + epss-percentile: 0.52492 cpe: cpe:2.3:a:hc_custom_wp-admin_url_project:hc_custom_wp-admin_url:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-1597.yaml b/http/cves/2022/CVE-2022-1597.yaml index 2fcd3c13bfc..91090670fc4 100644 --- a/http/cves/2022/CVE-2022-1597.yaml +++ b/http/cves/2022/CVE-2022-1597.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-1597 cwe-id: CWE-79 - epss-score: 0.64678 - epss-percentile: 0.98326 + epss-score: 0.00188 + epss-percentile: 0.56053 cpe: cpe:2.3:a:2code:wpqa_builder:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-1598.yaml b/http/cves/2022/CVE-2022-1598.yaml index d09d301fe92..4d7301b2cf4 100644 --- a/http/cves/2022/CVE-2022-1598.yaml +++ b/http/cves/2022/CVE-2022-1598.yaml @@ -21,8 +21,8 @@ info: cvss-score: 5.3 cve-id: CVE-2022-1598 cwe-id: CWE-306 - epss-score: 0.64598 - epss-percentile: 0.98321 + epss-score: 0.01171 + epss-percentile: 0.84938 cpe: cpe:2.3:a:2code:wpqa_builder:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-1609.yaml b/http/cves/2022/CVE-2022-1609.yaml index 032be80bcb8..d83c6deef5a 100644 --- a/http/cves/2022/CVE-2022-1609.yaml +++ b/http/cves/2022/CVE-2022-1609.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-1609 cwe-id: CWE-94 - epss-score: 0.9353 - epss-percentile: 0.9982 + epss-score: 0.11941 + epss-percentile: 0.95204 cpe: cpe:2.3:a:weblizar:school_management:*:*:*:*:pro:wordpress:*:* metadata: verified: false diff --git a/http/cves/2022/CVE-2022-1711.yaml b/http/cves/2022/CVE-2022-1711.yaml index d04df237a39..7e9ddf8d2a8 100644 --- a/http/cves/2022/CVE-2022-1711.yaml +++ b/http/cves/2022/CVE-2022-1711.yaml @@ -12,29 +12,20 @@ info: - https://huntr.dev/bounties/c32afff5-6ad5-4d4d-beea-f55ab4925797 - https://github.com/jgraph/drawio/commit/cf5c78aa0f3127fb10053db55b39f3017a0654ae - https://nvd.nist.gov/vuln/detail/CVE-2022-1711 - - https://github.com/20142995/nuclei-templates - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-1711 cwe-id: CWE-918 - epss-score: 0.2652 - epss-percentile: 0.9603 - cpe: cpe:2.3:a:diagrams:drawio:*:*:*:*:*:*:*:* + epss-score: 0.00172 + epss-percentile: 0.66000 metadata: - verified: true - max-request: 1 vendor: diagrams product: drawio - shodan-query: - - http.html:"draw.io" - - http.title:"flowchart maker" - fofa-query: - - body="draw.io" - - title="flowchart maker" - google-query: intitle:"flowchart maker" - tags: huntr,cve,cve2022,ssrf,drawio,diagrams,jgraph + verified: true + shodan-query: html:"draw.io" + fofa-query: body="draw.io" + tags: cve,cve2022,ssrf,drawio,diagrams,jgraph http: - method: GET diff --git a/http/cves/2022/CVE-2022-1713.yaml b/http/cves/2022/CVE-2022-1713.yaml index 34e09d1ea2a..132b6be8fe3 100644 --- a/http/cves/2022/CVE-2022-1713.yaml +++ b/http/cves/2022/CVE-2022-1713.yaml @@ -15,14 +15,13 @@ info: - https://github.com/jgraph/drawio/commit/283d41ec80ad410d68634245cf56114bc19331ee - https://nvd.nist.gov/vuln/detail/CVE-2022-1713 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-1713 cwe-id: CWE-918 - epss-score: 0.88778 - epss-percentile: 0.99473 + epss-score: 0.02483 + epss-percentile: 0.90072 cpe: cpe:2.3:a:diagrams:drawio:*:*:*:*:*:*:*:* metadata: verified: true @@ -30,11 +29,9 @@ info: vendor: diagrams product: drawio shodan-query: + - http.title:"Flowchart Maker" - http.title:"flowchart maker" - - http.html:"draw.io" - fofa-query: - - title="flowchart maker" - - body="draw.io" + fofa-query: title="flowchart maker" google-query: intitle:"flowchart maker" tags: cve,cve2022,drawio,ssrf,oss,huntr,diagrams diff --git a/http/cves/2022/CVE-2022-1724.yaml b/http/cves/2022/CVE-2022-1724.yaml index 820e1aa9cc0..7c6d725c90c 100644 --- a/http/cves/2022/CVE-2022-1724.yaml +++ b/http/cves/2022/CVE-2022-1724.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-1724 cwe-id: CWE-79 - epss-score: 0.15768 - epss-percentile: 0.94364 + epss-score: 0.00106 + epss-percentile: 0.42122 cpe: cpe:2.3:a:simple-membership-plugin:simple_membership:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-1756.yaml b/http/cves/2022/CVE-2022-1756.yaml index 5268d3f2ed6..454d1f2cb36 100644 --- a/http/cves/2022/CVE-2022-1756.yaml +++ b/http/cves/2022/CVE-2022-1756.yaml @@ -28,7 +28,7 @@ info: vendor: thenewsletterplugin product: newsletter framework: wordpress - shodan-query: http.html:"/wp-content/plugins/newsletter/" + shodan-query: http.html:/wp-content/plugins/newsletter/ fofa-query: body=/wp-content/plugins/newsletter/ publicwww-query: "/wp-content/plugins/newsletter/" tags: cve,cve2022,wpscan,newsletter,xss,authenticated,thenewsletterplugin,wordpress diff --git a/http/cves/2022/CVE-2022-1768.yaml b/http/cves/2022/CVE-2022-1768.yaml index 17119ca5a28..2d5af2f2f70 100644 --- a/http/cves/2022/CVE-2022-1768.yaml +++ b/http/cves/2022/CVE-2022-1768.yaml @@ -3,7 +3,7 @@ id: CVE-2022-1768 info: name: WordPress RSVPMaker <=9.3.2 - SQL Injection author: edoardottt - severity: critical + severity: high description: | WordPress RSVPMaker plugin through 9.3.2 contains a SQL injection vulnerability due to insufficient escaping and parameterization on user-supplied data passed to multiple SQL queries in ~/rsvpmaker-email.php. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. impact: | @@ -17,12 +17,12 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2022-1768 - https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1768 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 cve-id: CVE-2022-1768 cwe-id: CWE-89 - epss-score: 0.84297 - epss-percentile: 0.99249 + epss-score: 0.10537 + epss-percentile: 0.95006 cpe: cpe:2.3:a:carrcommunications:rsvpmaker:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-1815.yaml b/http/cves/2022/CVE-2022-1815.yaml index 0e3bb2b1946..a2b80473968 100644 --- a/http/cves/2022/CVE-2022-1815.yaml +++ b/http/cves/2022/CVE-2022-1815.yaml @@ -20,21 +20,17 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-1815 - cwe-id: CWE-200,CWE-918 - epss-score: 0.581 - epss-percentile: 0.98034 + cwe-id: CWE-918,CWE-200 + epss-score: 0.02239 + epss-percentile: 0.8954 cpe: cpe:2.3:a:diagrams:drawio:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: diagrams product: drawio - shodan-query: - - http.title:"flowchart maker" - - http.html:"draw.io" - fofa-query: - - title="flowchart maker" - - body="draw.io" + shodan-query: http.title:"flowchart maker" + fofa-query: title="flowchart maker" google-query: intitle:"flowchart maker" tags: cve,cve2022,huntr,drawio,ssrf,oast,oss,jgraph,diagrams diff --git a/http/cves/2022/CVE-2022-1904.yaml b/http/cves/2022/CVE-2022-1904.yaml index 183ee091972..e54b612bff5 100644 --- a/http/cves/2022/CVE-2022-1904.yaml +++ b/http/cves/2022/CVE-2022-1904.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-1904 cwe-id: CWE-79 - epss-score: 0.07779 - epss-percentile: 0.91482 + epss-score: 0.00086 + epss-percentile: 0.35299 cpe: cpe:2.3:a:fatcatapps:easy_pricing_tables:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-1933.yaml b/http/cves/2022/CVE-2022-1933.yaml index fa0a4f055ed..5aad8f86ed4 100644 --- a/http/cves/2022/CVE-2022-1933.yaml +++ b/http/cves/2022/CVE-2022-1933.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-1933 cwe-id: CWE-79 - epss-score: 0.16826 - epss-percentile: 0.94576 + epss-score: 0.00086 + epss-percentile: 0.35299 cpe: cpe:2.3:a:collect_and_deliver_interface_for_woocommerce_project:collect_and_deliver_interface_for_woocommerce:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-1937.yaml b/http/cves/2022/CVE-2022-1937.yaml index be8c099e6f2..81c691b7cae 100644 --- a/http/cves/2022/CVE-2022-1937.yaml +++ b/http/cves/2022/CVE-2022-1937.yaml @@ -15,14 +15,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2022-1937 - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/cyllective/CVEs - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-1937 cwe-id: CWE-79 - epss-score: 0.03044 - epss-percentile: 0.86015 + epss-score: 0.00086 + epss-percentile: 0.36517 cpe: cpe:2.3:a:awin:awin_data_feed:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-1946.yaml b/http/cves/2022/CVE-2022-1946.yaml index e052648fb41..55c09d982cf 100644 --- a/http/cves/2022/CVE-2022-1946.yaml +++ b/http/cves/2022/CVE-2022-1946.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-1946 cwe-id: CWE-79 - epss-score: 0.00787 - epss-percentile: 0.72682 + epss-score: 0.00086 + epss-percentile: 0.36517 cpe: cpe:2.3:a:wpdevart:gallery:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-1950.yaml b/http/cves/2022/CVE-2022-1950.yaml index cf55d4f9f83..a2f610c2185 100644 --- a/http/cves/2022/CVE-2022-1950.yaml +++ b/http/cves/2022/CVE-2022-1950.yaml @@ -9,16 +9,13 @@ info: remediation: Fixed in 1.2.0 reference: - https://wpscan.com/vulnerability/4352283f-dd43-4827-b417-0c55d0f4637d/ - - https://github.com/20142995/nuclei-templates - - https://github.com/ARPSyndicate/cve-scores - - https://github.com/cyllective/CVEs classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-1950 cwe-id: CWE-89 - epss-score: 0.64646 - epss-percentile: 0.98324 + epss-score: 0.097 + epss-percentile: 0.92479 cpe: cpe:2.3:a:kainelabs:youzify:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -27,8 +24,7 @@ info: product: youzify framework: wordpress fofa-query: body="/wp-content/plugins/youzify" - shodan-query: http.html:"/wp-content/plugins/youzify" - tags: wpscan,cve,cve2022,youzify,wp,wp-plugin,wordpress,sqli,time-based-sqli,kev,kainelabs + tags: cve,cve2022,youzify,wp,wp-plugin,wordpress,sqli,time-based-sqli,kev http: - raw: diff --git a/http/cves/2022/CVE-2022-1952.yaml b/http/cves/2022/CVE-2022-1952.yaml index 1df49ea6716..74c5ca69483 100644 --- a/http/cves/2022/CVE-2022-1952.yaml +++ b/http/cves/2022/CVE-2022-1952.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-1952 cwe-id: CWE-434 - epss-score: 0.89244 - epss-percentile: 0.99501 + epss-score: 0.79729 + epss-percentile: 0.98289 cpe: cpe:2.3:a:syntactics:free_booking_plugin_for_hotels\,_restaurant_and_car_rental:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-2130.yaml b/http/cves/2022/CVE-2022-2130.yaml index 17752c7f87c..7d9cf5fdfea 100644 --- a/http/cves/2022/CVE-2022-2130.yaml +++ b/http/cves/2022/CVE-2022-2130.yaml @@ -24,14 +24,14 @@ info: metadata: verified: true max-request: 1 - vendor: microweber - product: microweber shodan-query: - - http.favicon.hash:"780351152" + - http.favicon.hash:780351152 - http.html:"microweber" fofa-query: - body="microweber" - icon_hash=780351152 + vendor: microweber + product: microweber tags: cve,cve2022,microweber,xss http: diff --git a/http/cves/2022/CVE-2022-21371.yaml b/http/cves/2022/CVE-2022-21371.yaml index dcc9fb6d78b..2a518ad0e02 100644 --- a/http/cves/2022/CVE-2022-21371.yaml +++ b/http/cves/2022/CVE-2022-21371.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-21371 cwe-id: CWE-22 - epss-score: 0.94222 - epss-percentile: 0.99913 + epss-score: 0.96287 + epss-percentile: 0.9943 cpe: cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2022/CVE-2022-21500.yaml b/http/cves/2022/CVE-2022-21500.yaml index ee5da71a56d..4ba19c3e659 100644 --- a/http/cves/2022/CVE-2022-21500.yaml +++ b/http/cves/2022/CVE-2022-21500.yaml @@ -20,8 +20,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-21500 - epss-score: 0.93931 - epss-percentile: 0.99866 + epss-score: 0.93111 + epss-percentile: 0.99046 cpe: cpe:2.3:a:oracle:e-business_suite:12.2:*:*:*:*:*:*:* metadata: verified: true @@ -29,11 +29,9 @@ info: vendor: oracle product: e-business_suite shodan-query: + - http.title:"Login" "X-ORACLE-DMS-ECID" 200 - http.title:"login" "x-oracle-dms-ecid" 200 - - http.html:"oracle uix" - fofa-query: - - title="login" "x-oracle-dms-ecid" 200 - - body="oracle uix" + fofa-query: title="login" "x-oracle-dms-ecid" 200 google-query: intitle:"login" "x-oracle-dms-ecid" 200 tags: cve,cve2022,oracle,misconfig,auth-bypass diff --git a/http/cves/2022/CVE-2022-21587.yaml b/http/cves/2022/CVE-2022-21587.yaml index ecab1a1d37e..fcc24918401 100644 --- a/http/cves/2022/CVE-2022-21587.yaml +++ b/http/cves/2022/CVE-2022-21587.yaml @@ -26,12 +26,8 @@ info: max-request: 3 vendor: oracle product: e-business_suite - shodan-query: - - http.title:"login" "x-oracle-dms-ecid" 200 - - http.html:"oracle uix" - fofa-query: - - title="login" "x-oracle-dms-ecid" 200 - - body="oracle uix" + shodan-query: http.title:"login" "x-oracle-dms-ecid" 200 + fofa-query: title="login" "x-oracle-dms-ecid" 200 google-query: intitle:"login" "x-oracle-dms-ecid" 200 tags: cve,cve2022,intrusive,ebs,unauth,kev,rce,oast,oracle,packetstorm diff --git a/http/cves/2022/CVE-2022-21661.yaml b/http/cves/2022/CVE-2022-21661.yaml index 6b5c6568e94..3c2b5f3b022 100644 --- a/http/cves/2022/CVE-2022-21661.yaml +++ b/http/cves/2022/CVE-2022-21661.yaml @@ -31,7 +31,6 @@ info: shodan-query: - cpe:"cpe:2.3:a:wordpress:wordpress" - http.component:"wordpress" - fofa-query: body="oembed" && body="wp-" tags: cve2022,cve,wp,sqli,wpquery,wpscan,packetstorm,wordpress http: diff --git a/http/cves/2022/CVE-2022-2168.yaml b/http/cves/2022/CVE-2022-2168.yaml index 33762dfffee..97e8f439876 100644 --- a/http/cves/2022/CVE-2022-2168.yaml +++ b/http/cves/2022/CVE-2022-2168.yaml @@ -11,31 +11,21 @@ info: reference: - https://wpscan.com/vulnerability/66789b32-049e-4440-8b19-658649851010/ - https://nvd.nist.gov/vuln/detail/CVE-2022-2168 - - https://github.com/20142995/nuclei-templates - - https://github.com/ARPSyndicate/cvemon classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-2168 cwe-id: CWE-79 - epss-score: 0.10516 - epss-percentile: 0.92841 cpe: cpe:2.3:a:w3eden:download_manager:*:*:*:*:free:wordpress:*:* metadata: verified: true max-request: 2 vendor: w3eden product: download_manager - framework: wordpress - shodan-query: - - http.html:"wp-content/plugins/download-manager/" - - http.html:"/wp-content/plugins/download-manager/" - fofa-query: - - body="wp-content/plugins/download-manager/" - - body=/wp-content/plugins/download-manager/ + fofa-query: body="wp-content/plugins/download-manager/" google-query: inurl:"/wp-content/plugins/download-manager/" - publicwww-query: /wp-content/plugins/download-manager/ - tags: wpscan,cve,cve2022,wp,wordpress,wp-plugin,xss,download-manager,authenticated,w3eden + shodan-query: html:"wp-content/plugins/download-manager/" + tags: cve,cve2022,wp,wordpress,wp-plugin,xss,download-manager,authenticated http: - raw: diff --git a/http/cves/2022/CVE-2022-21705.yaml b/http/cves/2022/CVE-2022-21705.yaml index bd064ef61db..5ceac390d82 100644 --- a/http/cves/2022/CVE-2022-21705.yaml +++ b/http/cves/2022/CVE-2022-21705.yaml @@ -28,7 +28,6 @@ info: max-request: 5 vendor: octobercms product: october - shodan-query: http.component:"october cms" tags: cve2022,cve,authenticated,rce,cms,octobercms,injection http: diff --git a/http/cves/2022/CVE-2022-2174.yaml b/http/cves/2022/CVE-2022-2174.yaml index 2e7dc42d914..f3750d43bea 100644 --- a/http/cves/2022/CVE-2022-2174.yaml +++ b/http/cves/2022/CVE-2022-2174.yaml @@ -17,8 +17,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-2174 cwe-id: CWE-79 - epss-score: 0.41217 - epss-percentile: 0.97209 + epss-score: 0.001 + epss-percentile: 0.40832 cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* metadata: verified: true @@ -26,7 +26,7 @@ info: vendor: microweber product: microweber shodan-query: - - http.favicon.hash:"780351152" + - http.favicon.hash:780351152 - http.html:"microweber" fofa-query: - body="microweber" diff --git a/http/cves/2022/CVE-2022-2185.yaml b/http/cves/2022/CVE-2022-2185.yaml index 8b319bdbdc5..cf16e928c66 100644 --- a/http/cves/2022/CVE-2022-2185.yaml +++ b/http/cves/2022/CVE-2022-2185.yaml @@ -28,14 +28,10 @@ info: vendor: gitlab product: gitlab shodan-query: - - http.title:"gitlab" + - http.title:"GitLab" - cpe:"cpe:2.3:a:gitlab:gitlab" - - http.html:"gitlab enterprise edition" - - http.html:"gitlab-ci.yml" - fofa-query: - - title="gitlab" - - body="gitlab enterprise edition" - - body="gitlab-ci.yml" + - http.title:"gitlab" + fofa-query: title="gitlab" google-query: intitle:"gitlab" tags: cve,cve2022,gitlab diff --git a/http/cves/2022/CVE-2022-2187.yaml b/http/cves/2022/CVE-2022-2187.yaml index 92f4dc19647..d1bc1d5c9b8 100644 --- a/http/cves/2022/CVE-2022-2187.yaml +++ b/http/cves/2022/CVE-2022-2187.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-2187 cwe-id: CWE-79 - epss-score: 0.24336 - epss-percentile: 0.95793 + epss-score: 0.00106 + epss-percentile: 0.43227 cpe: cpe:2.3:a:contact_form_7_captcha_project:contact_form_7_captcha:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-2219.yaml b/http/cves/2022/CVE-2022-2219.yaml index c8e1a408d53..631bb70e1df 100644 --- a/http/cves/2022/CVE-2022-2219.yaml +++ b/http/cves/2022/CVE-2022-2219.yaml @@ -13,14 +13,13 @@ info: - https://wpscan.com/vulnerability/1240797c-7f45-4c36-83f0-501c544ce76a - https://nvd.nist.gov/vuln/detail/CVE-2022-2219 - https://github.com/ARPSyndicate/cvemon - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N cvss-score: 7.2 cve-id: CVE-2022-2219 cwe-id: CWE-79 - epss-score: 0.0996 - epss-percentile: 0.92613 + epss-score: 0.00159 + epss-percentile: 0.52368 cpe: cpe:2.3:a:brizy:unyson:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-22242.yaml b/http/cves/2022/CVE-2022-22242.yaml index ede8df7fba8..0d653ac8d2a 100644 --- a/http/cves/2022/CVE-2022-22242.yaml +++ b/http/cves/2022/CVE-2022-22242.yaml @@ -21,15 +21,17 @@ info: cvss-score: 6.1 cve-id: CVE-2022-22242 cwe-id: CWE-79 - epss-score: 0.87403 - epss-percentile: 0.99405 + epss-score: 0.43644 + epss-percentile: 0.97362 cpe: cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: juniper product: junos - shodan-query: http.title:"juniper web device manager" + shodan-query: + - title:"Juniper Web Device Manager" + - http.title:"juniper web device manager" fofa-query: title="juniper web device manager" google-query: intitle:"juniper web device manager" tags: cve2022,cve,xss,juniper,junos diff --git a/http/cves/2022/CVE-2022-22536.yaml b/http/cves/2022/CVE-2022-22536.yaml index 14b7f8d5066..e35bd2f0ec3 100644 --- a/http/cves/2022/CVE-2022-22536.yaml +++ b/http/cves/2022/CVE-2022-22536.yaml @@ -27,10 +27,8 @@ info: max-request: 2 vendor: sap product: content_server - shodan-query: http.favicon.hash:"-266008933" - fofa-query: - - icon_hash=-266008933 - - "sap-server:" + shodan-query: http.favicon.hash:-266008933 + fofa-query: icon_hash=-266008933 tags: cve,cve2022,sap,smuggling,netweaver,web-dispatcher,memory-pipes,kev http: diff --git a/http/cves/2022/CVE-2022-22733.yaml b/http/cves/2022/CVE-2022-22733.yaml index ba80530d78c..c52041ebbc5 100644 --- a/http/cves/2022/CVE-2022-22733.yaml +++ b/http/cves/2022/CVE-2022-22733.yaml @@ -21,15 +21,15 @@ info: cvss-score: 6.5 cve-id: CVE-2022-22733 cwe-id: CWE-200 - epss-score: 0.84347 - epss-percentile: 0.99252 + epss-score: 0.2493 + epss-percentile: 0.96665 cpe: cpe:2.3:a:apache:shardingsphere_elasticjob-ui:3.0.0:-:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: apache product: shardingsphere_elasticjob-ui - shodan-query: http.favicon.hash:"816588900" + shodan-query: http.favicon.hash:816588900 fofa-query: icon_hash=816588900 tags: cve2022,cve,exposure,sharingsphere,apache diff --git a/http/cves/2022/CVE-2022-22897.yaml b/http/cves/2022/CVE-2022-22897.yaml index f0a17d3df4d..316e3771e57 100644 --- a/http/cves/2022/CVE-2022-22897.yaml +++ b/http/cves/2022/CVE-2022-22897.yaml @@ -28,7 +28,9 @@ info: vendor: apollotheme product: "ap_pagebuilder" framework: prestashop - shodan-query: http.component:"prestashop" + shodan-query: + - "http.component:\"Prestashop\"" + - http.component:"prestashop" tags: time-based-sqli,cve,cve2022,packetstorm,prestashop,sqli,unauth,apollotheme http: diff --git a/http/cves/2022/CVE-2022-2290.yaml b/http/cves/2022/CVE-2022-2290.yaml index d27a65bfd82..9c5fd0a72bd 100644 --- a/http/cves/2022/CVE-2022-2290.yaml +++ b/http/cves/2022/CVE-2022-2290.yaml @@ -20,15 +20,17 @@ info: cvss-score: 6.1 cve-id: CVE-2022-2290 cwe-id: CWE-79 - epss-score: 0.14159 - epss-percentile: 0.93989 + epss-score: 0.001 + epss-percentile: 0.41295 cpe: cpe:2.3:a:trilium_project:trilium:*:*:*:*:*:*:*:* metadata: verified: true max-request: 3 vendor: trilium_project product: trilium - shodan-query: http.title:"trilium notes" + shodan-query: + - title:"Trilium Notes" + - http.title:"trilium notes" fofa-query: title="trilium notes" google-query: intitle:"trilium notes" tags: cve,cve2022,xss,trilium,huntr,trilium_project diff --git a/http/cves/2022/CVE-2022-22954.yaml b/http/cves/2022/CVE-2022-22954.yaml index 3e992394668..089513f8817 100644 --- a/http/cves/2022/CVE-2022-22954.yaml +++ b/http/cves/2022/CVE-2022-22954.yaml @@ -15,20 +15,19 @@ info: - https://www.vmware.com/security/advisories/VMSA-2022-0011.html - http://packetstormsecurity.com/files/166935/VMware-Workspace-ONE-Access-Template-Injection-Command-Execution.html - https://nvd.nist.gov/vuln/detail/CVE-2022-22954 - - https://github.com/mumu2020629/-CVE-2022-22954-scanner classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-22954 cwe-id: CWE-94 - epss-score: 0.94441 - epss-percentile: 0.99987 + epss-score: 0.97348 + epss-percentile: 0.99878 cpe: cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:* metadata: max-request: 1 vendor: vmware product: identity_manager - shodan-query: http.favicon.hash:"-1250474341" + shodan-query: http.favicon.hash:-1250474341 fofa-query: - icon_hash=-1250474341 - app="vmware-workspace-one-access" || app="vmware-identity-manager" || app="vmware-vrealize" diff --git a/http/cves/2022/CVE-2022-22963.yaml b/http/cves/2022/CVE-2022-22963.yaml index d7715d3d8b8..e32d705617a 100644 --- a/http/cves/2022/CVE-2022-22963.yaml +++ b/http/cves/2022/CVE-2022-22963.yaml @@ -22,8 +22,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-22963 cwe-id: CWE-94,CWE-917 - epss-score: 0.94474 - epss-percentile: 0.99996 + epss-score: 0.97537 + epss-percentile: 0.99993 cpe: cpe:2.3:a:vmware:spring_cloud_function:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-22965.yaml b/http/cves/2022/CVE-2022-22965.yaml index f9e26492dcd..92fb39089e5 100644 --- a/http/cves/2022/CVE-2022-22965.yaml +++ b/http/cves/2022/CVE-2022-22965.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-22965 cwe-id: CWE-94 - epss-score: 0.9446 - epss-percentile: 0.99992 + epss-score: 0.97493 + epss-percentile: 0.99972 cpe: cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:* metadata: max-request: 4 diff --git a/http/cves/2022/CVE-2022-22972.yaml b/http/cves/2022/CVE-2022-22972.yaml index 52fc8ec7e3e..1090f331a89 100644 --- a/http/cves/2022/CVE-2022-22972.yaml +++ b/http/cves/2022/CVE-2022-22972.yaml @@ -28,10 +28,11 @@ info: max-request: 3 vendor: vmware product: identity_manager - shodan-query: http.favicon.hash:"-1250474341" + shodan-query: http.favicon.hash:-1250474341 fofa-query: - - app="vmware-workspace-one-access" || app="vmware-identity-manager" || app="vmware-vrealize" + - app="vmware-Workspace-ONE-Access" || app="vmware-Identity-Manager" || app="vmware-vRealize" - icon_hash=-1250474341 + - app="vmware-workspace-one-access" || app="vmware-identity-manager" || app="vmware-vrealize" tags: cve2022,cve,vmware,auth-bypass,oast http: diff --git a/http/cves/2022/CVE-2022-23102.yaml b/http/cves/2022/CVE-2022-23102.yaml index 5a769e9f6ab..a91feff8dc7 100644 --- a/http/cves/2022/CVE-2022-23102.yaml +++ b/http/cves/2022/CVE-2022-23102.yaml @@ -21,14 +21,16 @@ info: cvss-score: 6.1 cve-id: CVE-2022-23102 cwe-id: CWE-601 - epss-score: 0.04852 - epss-percentile: 0.89001 + epss-score: 0.00366 + epss-percentile: 0.71925 cpe: cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: siemens product: sinema_remote_connect_server - shodan-query: http.title:"logon - sinema remote connect" + shodan-query: + - title:"Logon - SINEMA Remote Connect" + - http.title:"logon - sinema remote connect" fofa-query: title="logon - sinema remote connect" google-query: intitle:"logon - sinema remote connect" tags: cve,cve2022,packetstorm,seclists,redirect,sinema,authenticated,siemens diff --git a/http/cves/2022/CVE-2022-23131.yaml b/http/cves/2022/CVE-2022-23131.yaml index e5095fbddbf..3511e68b45e 100644 --- a/http/cves/2022/CVE-2022-23131.yaml +++ b/http/cves/2022/CVE-2022-23131.yaml @@ -15,26 +15,26 @@ info: - https://github.com/1mxml/CVE-2022-23131 - https://github.com/20142995/sectool classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N - cvss-score: 9.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2022-23131 cwe-id: CWE-290 - epss-score: 0.94344 - epss-percentile: 0.99944 + epss-score: 0.9708 + epss-percentile: 0.99771 cpe: cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: zabbix product: zabbix shodan-query: - - http.favicon.hash:"892542951" + - http.favicon.hash:892542951 - http.title:"zabbix-server" - cpe:"cpe:2.3:a:zabbix:zabbix" fofa-query: - - app="zabbix-监控系统" && body="saml" + - app="ZABBIX-监控系统" && body="saml" - icon_hash=892542951 + - app="zabbix-监控系统" && body="saml" - title="zabbix-server" - - icon_hash="892542951" google-query: intitle:"zabbix-server" tags: cve,cve2022,zabbix,auth-bypass,saml,sso,kev diff --git a/http/cves/2022/CVE-2022-23134.yaml b/http/cves/2022/CVE-2022-23134.yaml index d0f402f3633..50973ef5d7c 100644 --- a/http/cves/2022/CVE-2022-23134.yaml +++ b/http/cves/2022/CVE-2022-23134.yaml @@ -3,7 +3,7 @@ id: CVE-2022-23134 info: name: Zabbix Setup Configuration Authentication Bypass author: bananabr - severity: low + severity: medium description: After the initial setup process, some steps of setup.php file are reachable not only by super-administrators but also by unauthenticated users. A malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. impact: | Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the Zabbix setup configuration. @@ -16,26 +16,25 @@ info: - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/ - https://lists.debian.org/debian-lts-announce/2022/02/msg00008.html classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N - cvss-score: 3.7 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-score: 5.3 cve-id: CVE-2022-23134 - cwe-id: CWE-284,CWE-287 - epss-score: 0.9158 - epss-percentile: 0.99643 + cwe-id: CWE-287,CWE-284 + epss-score: 0.6298 + epss-percentile: 0.97835 cpe: cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: zabbix product: zabbix shodan-query: - - http.favicon.hash:"892542951" + - http.favicon.hash:892542951 - http.title:"zabbix-server" - cpe:"cpe:2.3:a:zabbix:zabbix" fofa-query: - icon_hash=892542951 - app="zabbix-监控系统" && body="saml" - title="zabbix-server" - - icon_hash="892542951" google-query: intitle:"zabbix-server" tags: cve,cve2022,zabbix,auth-bypass,kev diff --git a/http/cves/2022/CVE-2022-23347.yaml b/http/cves/2022/CVE-2022-23347.yaml index 2984a6464be..3ecbadc1731 100644 --- a/http/cves/2022/CVE-2022-23347.yaml +++ b/http/cves/2022/CVE-2022-23347.yaml @@ -20,15 +20,17 @@ info: cvss-score: 7.5 cve-id: CVE-2022-23347 cwe-id: CWE-22 - epss-score: 0.75067 - epss-percentile: 0.98799 + epss-score: 0.11382 + epss-percentile: 0.95203 cpe: cpe:2.3:a:bigantsoft:bigant_server:5.6.06:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: bigantsoft product: bigant_server - shodan-query: http.html:"bigant" + shodan-query: + - http.html:"BigAnt" + - http.html:"bigant" fofa-query: body="bigant" tags: cve,cve2022,bigant,lfi,bigantsoft diff --git a/http/cves/2022/CVE-2022-23348.yaml b/http/cves/2022/CVE-2022-23348.yaml index 64d764cc3b2..a591c9d19de 100644 --- a/http/cves/2022/CVE-2022-23348.yaml +++ b/http/cves/2022/CVE-2022-23348.yaml @@ -19,8 +19,8 @@ info: cvss-score: 5.3 cve-id: CVE-2022-23348 cwe-id: CWE-916 - epss-score: 0.01506 - epss-percentile: 0.80231 + epss-score: 0.00425 + epss-percentile: 0.71717 cpe: cpe:2.3:a:bigantsoft:bigant_server:5.6.06:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-23544.yaml b/http/cves/2022/CVE-2022-23544.yaml index 2c813d17098..58f19067fd5 100644 --- a/http/cves/2022/CVE-2022-23544.yaml +++ b/http/cves/2022/CVE-2022-23544.yaml @@ -28,10 +28,13 @@ info: max-request: 1 vendor: metersphere product: metersphere - shodan-query: http.html:"metersphere" + shodan-query: + - html:"metersphere" + - http.html:"metersphere" fofa-query: - - title="metersphere" + - title="MeterSphere" - body="metersphere" + - title="metersphere" tags: cve2022,cve,metersphere,ssrf,oast,xss http: diff --git a/http/cves/2022/CVE-2022-2376.yaml b/http/cves/2022/CVE-2022-2376.yaml index 98e8ccc0a20..ce3462208a0 100644 --- a/http/cves/2022/CVE-2022-2376.yaml +++ b/http/cves/2022/CVE-2022-2376.yaml @@ -19,8 +19,8 @@ info: cvss-score: 5.3 cve-id: CVE-2022-2376 cwe-id: CWE-862 - epss-score: 0.13405 - epss-percentile: 0.93797 + epss-score: 0.03672 + epss-percentile: 0.91725 cpe: cpe:2.3:a:wpwax:directorist:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-23779.yaml b/http/cves/2022/CVE-2022-23779.yaml index acde40d84ad..9ea7d405c92 100644 --- a/http/cves/2022/CVE-2022-23779.yaml +++ b/http/cves/2022/CVE-2022-23779.yaml @@ -20,25 +20,19 @@ info: cvss-score: 5.3 cve-id: CVE-2022-23779 cwe-id: CWE-200 - epss-score: 0.66282 - epss-percentile: 0.98403 + epss-score: 0.00667 + epss-percentile: 0.79289 cpe: cpe:2.3:a:zohocorp:manageengine_desktop_central:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: zohocorp product: manageengine_desktop_central - shodan-query: - - http.title:"manageengine desktop central 10" - - http.html:"manageengine desktop central 10" - - http.title:"manageengine desktop central" + shodan-query: http.title:"manageengine desktop central 10" fofa-query: - - app="zoho-manageengine-desktop" + - app="ZOHO-ManageEngine-Desktop" - title="manageengine desktop central 10" - - body="manageengine desktop central 10" - - title="manageengine desktop central" - google-query: - - intitle:"manageengine desktop central 10" - - intitle:"manageengine desktop central" + - app="zoho-manageengine-desktop" + google-query: intitle:"manageengine desktop central 10" tags: cve,cve2022,zoho,exposure,zohocorp http: diff --git a/http/cves/2022/CVE-2022-2379.yaml b/http/cves/2022/CVE-2022-2379.yaml index 74b079ed525..07ec33591f8 100644 --- a/http/cves/2022/CVE-2022-2379.yaml +++ b/http/cves/2022/CVE-2022-2379.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-2379 cwe-id: CWE-862 - epss-score: 0.33989 - epss-percentile: 0.96728 + epss-score: 0.02846 + epss-percentile: 0.90702 cpe: cpe:2.3:a:easy_student_results_project:easy_student_results:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-23808.yaml b/http/cves/2022/CVE-2022-23808.yaml index 4f41d8200dd..64ad27b8a57 100644 --- a/http/cves/2022/CVE-2022-23808.yaml +++ b/http/cves/2022/CVE-2022-23808.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-23808 cwe-id: CWE-79 - epss-score: 0.45772 - epss-percentile: 0.97449 + epss-score: 0.00758 + epss-percentile: 0.81074 cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:* metadata: verified: true @@ -32,13 +32,9 @@ info: - http.component:"phpmyadmin" - http.title:"phpmyadmin" - cpe:"cpe:2.3:a:phpmyadmin:phpmyadmin" - - http.html:"phpmyadmin" - - http.html:"server_databases.php" fofa-query: - title="phpmyadmin" - body="pma_servername" && body="4.8.4" - - body="phpmyadmin" - - body="server_databases.php" google-query: intitle:"phpmyadmin" hunter-query: app.name="phpmyadmin"&&web.body="pma_servername"&&web.body="4.8.4" tags: cve,cve2022,phpmyadmin,xss diff --git a/http/cves/2022/CVE-2022-23854.yaml b/http/cves/2022/CVE-2022-23854.yaml index 469bab996a3..f52b651ab46 100644 --- a/http/cves/2022/CVE-2022-23854.yaml +++ b/http/cves/2022/CVE-2022-23854.yaml @@ -20,16 +20,18 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-23854 - cwe-id: CWE-23,CWE-22 - epss-score: 0.92614 - epss-percentile: 0.99727 + cwe-id: CWE-22,CWE-23 + epss-score: 0.66314 + epss-percentile: 0.97841 cpe: cpe:2.3:a:aveva:intouch_access_anywhere:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: aveva product: intouch_access_anywhere - shodan-query: http.html:"intouch access anywhere" + shodan-query: + - http.html:"InTouch Access Anywhere" + - http.html:"intouch access anywhere" fofa-query: body="intouch access anywhere" tags: cve,cve2022,lfi,packetstorm,aveva,intouch diff --git a/http/cves/2022/CVE-2022-23881.yaml b/http/cves/2022/CVE-2022-23881.yaml index 46a57f81243..b4b591cbc49 100644 --- a/http/cves/2022/CVE-2022-23881.yaml +++ b/http/cves/2022/CVE-2022-23881.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-23881 cwe-id: CWE-77 - epss-score: 0.86657 - epss-percentile: 0.99367 + epss-score: 0.16723 + epss-percentile: 0.95904 cpe: cpe:2.3:a:zzzcms:zzzphp:2.1.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-23898.yaml b/http/cves/2022/CVE-2022-23898.yaml index c0a2e283649..25a91db4496 100644 --- a/http/cves/2022/CVE-2022-23898.yaml +++ b/http/cves/2022/CVE-2022-23898.yaml @@ -27,7 +27,9 @@ info: max-request: 1 vendor: mingsoft product: mcms - shodan-query: http.favicon.hash:"1464851260" + shodan-query: + - http.favicon.hash:1464851260 + - http.favicon.hash:"1464851260" fofa-query: icon_hash="1464851260" tags: cve,cve2022,sqli,mcms,mingsoft variables: diff --git a/http/cves/2022/CVE-2022-23944.yaml b/http/cves/2022/CVE-2022-23944.yaml index 1c28246cd25..040df4f8ccb 100644 --- a/http/cves/2022/CVE-2022-23944.yaml +++ b/http/cves/2022/CVE-2022-23944.yaml @@ -26,9 +26,6 @@ info: max-request: 1 vendor: apache product: shenyu - shodan-query: http.title:"shenyu" - fofa-query: title="shenyu" - google-query: intitle:"shenyu" tags: cve,cve2022,shenyu,unauth,apache http: diff --git a/http/cves/2022/CVE-2022-24112.yaml b/http/cves/2022/CVE-2022-24112.yaml index 9f0838793ec..d492cf8df99 100644 --- a/http/cves/2022/CVE-2022-24112.yaml +++ b/http/cves/2022/CVE-2022-24112.yaml @@ -26,8 +26,12 @@ info: max-request: 2 vendor: apache product: apisix - shodan-query: http.title:"apache apisix dashboard" - fofa-query: title="apache apisix dashboard" + shodan-query: + - title:"Apache APISIX Dashboard" + - http.title:"apache apisix dashboard" + fofa-query: + - title="Apache APISIX Dashboard" + - title="apache apisix dashboard" google-query: intitle:"apache apisix dashboard" tags: cve,cve2022,apache,rce,apisix,oast,kev,intrusive diff --git a/http/cves/2022/CVE-2022-24124.yaml b/http/cves/2022/CVE-2022-24124.yaml index a73715e2cd6..dbd1897575c 100644 --- a/http/cves/2022/CVE-2022-24124.yaml +++ b/http/cves/2022/CVE-2022-24124.yaml @@ -20,14 +20,16 @@ info: cvss-score: 7.5 cve-id: CVE-2022-24124 cwe-id: CWE-89 - epss-score: 0.63898 - epss-percentile: 0.98288 + epss-score: 0.08991 + epss-percentile: 0.94589 cpe: cpe:2.3:a:casbin:casdoor:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: casbin product: casdoor - shodan-query: http.title:"casdoor" + shodan-query: + - http.title:"Casdoor" + - http.title:"casdoor" fofa-query: title="casdoor" google-query: intitle:"casdoor" tags: cve,cve2022,sqli,unauth,packetstorm,edb,casdoor,casbin diff --git a/http/cves/2022/CVE-2022-24129.yaml b/http/cves/2022/CVE-2022-24129.yaml index adecc31ff5d..d9c123cc2cd 100644 --- a/http/cves/2022/CVE-2022-24129.yaml +++ b/http/cves/2022/CVE-2022-24129.yaml @@ -20,8 +20,8 @@ info: cvss-score: 8.2 cve-id: CVE-2022-24129 cwe-id: CWE-918 - epss-score: 0.13877 - epss-percentile: 0.93927 + epss-score: 0.00647 + epss-percentile: 0.77074 cpe: cpe:2.3:a:shibboleth:oidc_op:*:*:*:*:*:identity_provider:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-2414.yaml b/http/cves/2022/CVE-2022-2414.yaml index 33d71db5678..57c708bfb8d 100644 --- a/http/cves/2022/CVE-2022-2414.yaml +++ b/http/cves/2022/CVE-2022-2414.yaml @@ -27,8 +27,11 @@ info: max-request: 1 vendor: dogtagpki product: dogtagpki - shodan-query: http.title:"identity management" html:"freeipa" + shodan-query: + - title:"Identity Management" html:"FreeIPA" + - http.title:"identity management" html:"freeipa" fofa-query: + - title="Identity Management" - title="identity management" - title="identity management" html:"freeipa" google-query: intitle:"identity management" html:"freeipa" diff --git a/http/cves/2022/CVE-2022-24181.yaml b/http/cves/2022/CVE-2022-24181.yaml index 1c20932b465..98329c7fceb 100644 --- a/http/cves/2022/CVE-2022-24181.yaml +++ b/http/cves/2022/CVE-2022-24181.yaml @@ -21,18 +21,15 @@ info: cvss-score: 6.1 cve-id: CVE-2022-24181 cwe-id: CWE-79 - epss-score: 0.05228 - epss-percentile: 0.89433 + epss-score: 0.0017 + epss-percentile: 0.53018 cpe: cpe:2.3:a:public_knowledge_project:open_journal_systems:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: public_knowledge_project product: open_journal_systems - shodan-query: - - cpe:"cpe:2.3:a:public_knowledge_project:open_journal_systems" - - http.html:"pkp-lib" - fofa-query: body="pkp-lib" + shodan-query: cpe:"cpe:2.3:a:public_knowledge_project:open_journal_systems" tags: cve,cve2022,xss,oss,pkp-lib,edb,public_knowledge_project http: diff --git a/http/cves/2022/CVE-2022-24223.yaml b/http/cves/2022/CVE-2022-24223.yaml index 4d638d448ff..7b57b9315f9 100644 --- a/http/cves/2022/CVE-2022-24223.yaml +++ b/http/cves/2022/CVE-2022-24223.yaml @@ -20,16 +20,14 @@ info: cvss-score: 9.8 cve-id: CVE-2022-24223 cwe-id: CWE-89 - epss-score: 0.4159 - epss-percentile: 0.9723 + epss-score: 0.27442 + epss-percentile: 0.96689 cpe: cpe:2.3:a:thedigitalcraft:atomcms:2.0:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: thedigitalcraft product: atomcms - shodan-query: http.html:"atomcms" - fofa-query: body="atomcms" tags: time-based-sqli,cve,cve2022,packetstorm,sqli,atom,cms,thedigitalcraft http: diff --git a/http/cves/2022/CVE-2022-24260.yaml b/http/cves/2022/CVE-2022-24260.yaml index 4620f28d43e..2ccf6007e3b 100644 --- a/http/cves/2022/CVE-2022-24260.yaml +++ b/http/cves/2022/CVE-2022-24260.yaml @@ -20,14 +20,16 @@ info: cvss-score: 9.8 cve-id: CVE-2022-24260 cwe-id: CWE-89 - epss-score: 0.8981 - epss-percentile: 0.99534 + epss-score: 0.25256 + epss-percentile: 0.96681 cpe: cpe:2.3:a:voipmonitor:voipmonitor:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: voipmonitor product: voipmonitor - shodan-query: http.title:"voipmonitor" + shodan-query: + - http.title:"VoIPmonitor" + - http.title:"voipmonitor" fofa-query: title="voipmonitor" google-query: intitle:"voipmonitor" tags: cve,cve2022,voipmonitor,sqli,unauth diff --git a/http/cves/2022/CVE-2022-24265.yaml b/http/cves/2022/CVE-2022-24265.yaml index 7f1e03832ba..ae74b0ce7d1 100644 --- a/http/cves/2022/CVE-2022-24265.yaml +++ b/http/cves/2022/CVE-2022-24265.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-24265 cwe-id: CWE-89 - epss-score: 0.5541 - epss-percentile: 0.97907 + epss-score: 0.05054 + epss-percentile: 0.92726 cpe: cpe:2.3:a:cuppacms:cuppacms:1.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-24288.yaml b/http/cves/2022/CVE-2022-24288.yaml index b4ee90fc66b..d5e359b1d41 100644 --- a/http/cves/2022/CVE-2022-24288.yaml +++ b/http/cves/2022/CVE-2022-24288.yaml @@ -20,8 +20,8 @@ info: cvss-score: 8.8 cve-id: CVE-2022-24288 cwe-id: CWE-78 - epss-score: 0.92442 - epss-percentile: 0.99714 + epss-score: 0.81676 + epss-percentile: 0.98279 cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:* metadata: verified: true @@ -29,21 +29,17 @@ info: vendor: apache product: airflow shodan-query: + - title:"Airflow - DAGs" || http.html:"Apache Airflow" - http.title:"airflow - dags" || http.html:"apache airflow" - http.title:"sign in - airflow" - product:"redis" - - http.html:"apache airflow" - - http.title:"airflow - dags" fofa-query: - title="sign in - airflow" - apache airflow - title="airflow - dags" || http.html:"apache airflow" - - body="apache airflow" - - title="airflow - dags" google-query: - intitle:"sign in - airflow" - intitle:"airflow - dags" || http.html:"apache airflow" - - intitle:"airflow - dags" tags: cve,cve2022,airflow,rce,apache http: diff --git a/http/cves/2022/CVE-2022-24384.yaml b/http/cves/2022/CVE-2022-24384.yaml index 5a0f467902a..224a1c029a4 100644 --- a/http/cves/2022/CVE-2022-24384.yaml +++ b/http/cves/2022/CVE-2022-24384.yaml @@ -26,7 +26,7 @@ info: max-request: 1 vendor: smartertools product: smartertrack - shodan-query: http.favicon.hash:"1410071322" + shodan-query: http.favicon.hash:1410071322 fofa-query: icon_hash=1410071322 tags: cve,cve2022,xss,smartertrack,smartertools diff --git a/http/cves/2022/CVE-2022-2462.yaml b/http/cves/2022/CVE-2022-2462.yaml index 3f81bd59367..bf925659c75 100644 --- a/http/cves/2022/CVE-2022-2462.yaml +++ b/http/cves/2022/CVE-2022-2462.yaml @@ -21,8 +21,8 @@ info: cvss-score: 5.3 cve-id: CVE-2022-2462 cwe-id: CWE-200 - epss-score: 0.04013 - epss-percentile: 0.87881 + epss-score: 0.02514 + epss-percentile: 0.90131 cpe: cpe:2.3:a:transposh:transposh_wordpress_translation:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-24627.yaml b/http/cves/2022/CVE-2022-24627.yaml index 0f711737583..aa95eb2ff7c 100644 --- a/http/cves/2022/CVE-2022-24627.yaml +++ b/http/cves/2022/CVE-2022-24627.yaml @@ -10,21 +10,22 @@ info: - https://seclists.org/fulldisclosure/2023/Feb/12 - https://nvd.nist.gov/vuln/detail/CVE-2022-24627 - https://github.com/tr3ss/newclei - - https://github.com/dearestdoe/newclei classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-24627 cwe-id: CWE-89 - epss-score: 0.53043 - epss-percentile: 0.97789 + epss-score: 0.01642 + epss-percentile: 0.87541 cpe: cpe:2.3:a:audiocodes:device_manager_express:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: audiocodes product: device_manager_express - shodan-query: http.title:"audiocodes" + shodan-query: + - title:"Audiocodes" + - http.title:"audiocodes" fofa-query: title="audiocodes" google-query: intitle:"audiocodes" tags: cve,cve2022,seclists,sqli,audiocodes diff --git a/http/cves/2022/CVE-2022-24637.yaml b/http/cves/2022/CVE-2022-24637.yaml index 4d3c13526e6..74ca8d978d3 100644 --- a/http/cves/2022/CVE-2022-24637.yaml +++ b/http/cves/2022/CVE-2022-24637.yaml @@ -22,11 +22,12 @@ info: cpe: cpe:2.3:a:openwebanalytics:open_web_analytics:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 9 + max-request: 6 vendor: openwebanalytics - product: "open_web_analytics" + product: open_web_analytics shodan-query: cpe:"cpe:2.3:a:openwebanalytics:open_web_analytics" - tags: cve,cve2022,packetstorm,rce,intrusive,open-web-analytics,openwebanalytics + tags: cve,cve2022,packetstorm,rce,intrusive,open-web-analytics + variables: password: "{{randbase(8)}}@123!" secret: "{{randstr}}" diff --git a/http/cves/2022/CVE-2022-2467.yaml b/http/cves/2022/CVE-2022-2467.yaml index 2911637c12f..87754fc734f 100644 --- a/http/cves/2022/CVE-2022-2467.yaml +++ b/http/cves/2022/CVE-2022-2467.yaml @@ -3,7 +3,7 @@ id: CVE-2022-2467 info: name: Garage Management System 1.0 - SQL Injection author: edoardottt - severity: high + severity: critical description: | Garage Management System 1.0 contains a SQL injection vulnerability in /login.php via manipulation of the argument username with input 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site. impact: | @@ -14,15 +14,13 @@ info: - https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Garage-Management-System.md - https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html - https://nvd.nist.gov/vuln/detail/CVE-2022-2467 - - https://github.com/ARPSyndicate/cvemon - - https://github.com/ARPSyndicate/kenzer-templates classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L - cvss-score: 7.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2022-2467 cwe-id: CWE-89 - epss-score: 0.68268 - epss-percentile: 0.98483 + epss-score: 0.01309 + epss-percentile: 0.8445 cpe: cpe:2.3:a:garage_management_system_project:garage_management_system:1.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-24681.yaml b/http/cves/2022/CVE-2022-24681.yaml index 715532315f5..fc6402c869c 100644 --- a/http/cves/2022/CVE-2022-24681.yaml +++ b/http/cves/2022/CVE-2022-24681.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-24681 cwe-id: CWE-79 - epss-score: 0.19985 - epss-percentile: 0.9515 + epss-score: 0.00155 + epss-percentile: 0.51848 cpe: cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-24716.yaml b/http/cves/2022/CVE-2022-24716.yaml index 1984bae4b25..614c87bf392 100644 --- a/http/cves/2022/CVE-2022-24716.yaml +++ b/http/cves/2022/CVE-2022-24716.yaml @@ -20,14 +20,15 @@ info: cvss-score: 7.5 cve-id: CVE-2022-24716 cwe-id: CWE-22 - epss-score: 0.93177 - epss-percentile: 0.99782 + epss-score: 0.25375 + epss-percentile: 0.96582 cpe: cpe:2.3:a:icinga:icinga_web_2:*:*:*:*:*:*:*:* metadata: max-request: 3 vendor: icinga product: icinga_web_2 shodan-query: + - title:"Icinga" - http.title:"icinga" - http.title:"icinga web 2 login" fofa-query: diff --git a/http/cves/2022/CVE-2022-24816.yaml b/http/cves/2022/CVE-2022-24816.yaml index 8b8be9e0a88..bf543d2de55 100644 --- a/http/cves/2022/CVE-2022-24816.yaml +++ b/http/cves/2022/CVE-2022-24816.yaml @@ -16,12 +16,12 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2022-24816 - https://github.com/tanjiti/sec_profile classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2022-24816 cwe-id: CWE-94 - epss-score: 0.94163 - epss-percentile: 0.99903 + epss-score: 0.86265 + epss-percentile: 0.98506 cpe: cpe:2.3:a:geosolutionsgroup:jai-ext:*:*:*:*:*:*:*:* metadata: verified: true @@ -29,7 +29,9 @@ info: vendor: geosolutionsgroup product: jai-ext shodan-query: /geoserver/ - fofa-query: app="geoserver" + fofa-query: + - app="GeoServer" + - app="geoserver" tags: cve,cve2022,geoserver,rce,geosolutionsgroup,kev http: diff --git a/http/cves/2022/CVE-2022-24819.yaml b/http/cves/2022/CVE-2022-24819.yaml index d31e3196c85..5eb2fb4b50d 100644 --- a/http/cves/2022/CVE-2022-24819.yaml +++ b/http/cves/2022/CVE-2022-24819.yaml @@ -12,23 +12,20 @@ info: Upgrade XWiki to the latest version to mitigate CVE-2022-24819. reference: - https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-97jg-43c9-q6pf - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2022-24819 cwe-id: CWE-359 - epss-score: 0.04178 - epss-percentile: 0.88124 + epss-score: 0.00068 + epss-percentile: 0.28844 cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 + max-request: 1 vendor: xwiki product: xwiki - shodan-query: - - http.html:"data-xwiki-reference" - - xwiki + shodan-query: html:"data-xwiki-reference" fofa-query: body="data-xwiki-reference" tags: cve,cve2022,xwiki,exposure diff --git a/http/cves/2022/CVE-2022-24856.yaml b/http/cves/2022/CVE-2022-24856.yaml index eb812e7aa1c..4775e122641 100644 --- a/http/cves/2022/CVE-2022-24856.yaml +++ b/http/cves/2022/CVE-2022-24856.yaml @@ -3,7 +3,7 @@ id: CVE-2022-24856 info: name: Flyte Console <0.52.0 - Server-Side Request Forgery author: pdteam - severity: critical + severity: high description: | FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur. impact: | @@ -17,12 +17,12 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2022-24856 - https://github.com/flyteorg/flyteconsole/commit/05b88ed2d2ecdb5d8a8404efea25414e57189709 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N - cvss-score: 9.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 cve-id: CVE-2022-24856 cwe-id: CWE-918 - epss-score: 0.85021 - epss-percentile: 0.99284 + epss-score: 0.08397 + epss-percentile: 0.94394 cpe: cpe:2.3:a:flyte:flyte_console:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-2486.yaml b/http/cves/2022/CVE-2022-2486.yaml index b2addb1e507..96b47149331 100644 --- a/http/cves/2022/CVE-2022-2486.yaml +++ b/http/cves/2022/CVE-2022-2486.yaml @@ -3,7 +3,7 @@ id: CVE-2022-2486 info: name: Wavlink WN535K2/WN535K3 - OS Command Injection author: For3stCo1d - severity: high + severity: critical description: | Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade via manipulation of the argument key. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. impact: | @@ -17,21 +17,19 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2022-2486 - https://github.com/ARPSyndicate/kenzer-templates classification: - cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2022-2486 cwe-id: CWE-78 - epss-score: 0.94104 - epss-percentile: 0.99893 - cpe: cpe:2.3:o:wavlink:wl-wn535k2_firmware:-:*:*:*:*:*:*:* + epss-score: 0.97331 + epss-percentile: 0.99885 + cpe: cpe:2.3:h:wavlink:wl-wn535k2:-:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: wavlink - product: wl-wn535k2_firmware - shodan-query: http.title:"wi-fi app login" - fofa-query: title="wi-fi app login" - google-query: intitle:"wi-fi app login" + product: wl-wn535k2 + shodan-query: http.title:"Wi-Fi APP Login" tags: cve2022,cve,iot,wavlink,router,rce,oast http: diff --git a/http/cves/2022/CVE-2022-2487.yaml b/http/cves/2022/CVE-2022-2487.yaml index cf246fc18f6..3d14b5c25af 100644 --- a/http/cves/2022/CVE-2022-2487.yaml +++ b/http/cves/2022/CVE-2022-2487.yaml @@ -28,7 +28,9 @@ info: max-request: 1 vendor: wavlink product: wl-wn535k2_firmware - shodan-query: http.title:"wi-fi app login" + shodan-query: + - http.title:"Wi-Fi APP Login" + - http.title:"wi-fi app login" fofa-query: title="wi-fi app login" google-query: intitle:"wi-fi app login" tags: cve,cve2022,iot,wavlink,router,rce,oast diff --git a/http/cves/2022/CVE-2022-2488.yaml b/http/cves/2022/CVE-2022-2488.yaml index 29f72353f59..f0aa5c85112 100644 --- a/http/cves/2022/CVE-2022-2488.yaml +++ b/http/cves/2022/CVE-2022-2488.yaml @@ -29,7 +29,9 @@ info: max-request: 1 vendor: wavlink product: wl-wn535k2_firmware - shodan-query: http.title:"wi-fi app login" + shodan-query: + - http.title:"Wi-Fi APP Login" + - http.title:"wi-fi app login" fofa-query: title="wi-fi app login" google-query: intitle:"wi-fi app login" tags: cve,cve2022,iot,wavlink,router,rce,oast diff --git a/http/cves/2022/CVE-2022-24899.yaml b/http/cves/2022/CVE-2022-24899.yaml index 53a1f7366eb..175fff98497 100644 --- a/http/cves/2022/CVE-2022-24899.yaml +++ b/http/cves/2022/CVE-2022-24899.yaml @@ -3,7 +3,7 @@ id: CVE-2022-24899 info: name: Contao <4.13.3 - Cross-Site Scripting author: ritikchaddha - severity: high + severity: medium description: | Contao prior to 4.13.3 contains a cross-site scripting vulnerability. It is possible to inject arbitrary JavaScript code into the canonical tag. impact: | @@ -16,18 +16,19 @@ info: - https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html - https://github.com/contao/contao/commit/199206849a87ddd0fa5cf674eb3c58292fd8366c classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N - cvss-score: 7.2 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2022-24899 cwe-id: CWE-79 - epss-score: 0.54548 - epss-percentile: 0.97863 + epss-score: 0.00342 + epss-percentile: 0.70926 cpe: cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: contao product: contao shodan-query: + - title:"Contao" - http.title:"contao" - http.html:"contao open source cms" - cpe:"cpe:2.3:a:contao:contao" diff --git a/http/cves/2022/CVE-2022-24900.yaml b/http/cves/2022/CVE-2022-24900.yaml index f63faf79858..d4522297c5e 100644 --- a/http/cves/2022/CVE-2022-24900.yaml +++ b/http/cves/2022/CVE-2022-24900.yaml @@ -3,7 +3,7 @@ id: CVE-2022-24900 info: name: Piano LED Visualizer 1.3 - Local File Inclusion author: 0x_Akoko - severity: critical + severity: high description: | Piano LED Visualizer 1.3 and prior are vulnerable to local file inclusion. impact: | @@ -17,12 +17,12 @@ info: - https://github.com/onlaj/Piano-LED-Visualizer/commit/3f10602323cd8184e1c69a76b815655597bf0ee5 - https://github.com/ARPSyndicate/kenzer-templates classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L - cvss-score: 9.9 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 8.6 cve-id: CVE-2022-24900 - cwe-id: CWE-22,CWE-668 - epss-score: 0.82858 - epss-percentile: 0.99181 + cwe-id: CWE-668,CWE-22 + epss-score: 0.00999 + epss-percentile: 0.83586 cpe: cpe:2.3:a:piano_led_visualizer_project:piano_led_visualizer:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-24990.yaml b/http/cves/2022/CVE-2022-24990.yaml index 612dd6e7eb1..60c24ef41ef 100644 --- a/http/cves/2022/CVE-2022-24990.yaml +++ b/http/cves/2022/CVE-2022-24990.yaml @@ -27,7 +27,9 @@ info: max-request: 1 vendor: terra-master product: terramaster_operating_system - shodan-query: terramaster + shodan-query: + - "TerraMaster" + - terramaster tags: cve,cve2022,packetstorm,terramaster,exposure,kev,terra-master http: diff --git a/http/cves/2022/CVE-2022-25125.yaml b/http/cves/2022/CVE-2022-25125.yaml index 39d775844e1..c03431807f7 100644 --- a/http/cves/2022/CVE-2022-25125.yaml +++ b/http/cves/2022/CVE-2022-25125.yaml @@ -19,15 +19,17 @@ info: cvss-score: 9.8 cve-id: CVE-2022-25125 cwe-id: CWE-89 - epss-score: 0.8008 - epss-percentile: 0.99047 + epss-score: 0.02031 + epss-percentile: 0.87716 cpe: cpe:2.3:a:mingsoft:mcms:5.2.4:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: mingsoft product: mcms - shodan-query: http.favicon.hash:"1464851260" + shodan-query: + - http.favicon.hash:1464851260 + - http.favicon.hash:"1464851260" fofa-query: icon_hash="1464851260" tags: cve,cve2022,sqli,mcms,mingsoft variables: diff --git a/http/cves/2022/CVE-2022-25148.yaml b/http/cves/2022/CVE-2022-25148.yaml index a7b80462254..7cd526d668d 100644 --- a/http/cves/2022/CVE-2022-25148.yaml +++ b/http/cves/2022/CVE-2022-25148.yaml @@ -18,8 +18,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-25148 cwe-id: CWE-89 - epss-score: 0.40221 - epss-percentile: 0.97152 + epss-score: 0.10089 + epss-percentile: 0.94364 cpe: cpe:2.3:a:veronalabs:wp_statistics:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -27,7 +27,7 @@ info: vendor: veronalabs product: wp_statistics framework: wordpress - shodan-query: http.html:"/wp-content/plugins/wp-statistics/" + shodan-query: http.html:/wp-content/plugins/wp-statistics/ fofa-query: body=/wp-content/plugins/wp-statistics/ publicwww-query: /wp-content/plugins/wp-statistics/ google-query: inurl:/wp-content/plugins/wp-statistics diff --git a/http/cves/2022/CVE-2022-25149.yaml b/http/cves/2022/CVE-2022-25149.yaml index f5915549456..aadc9f56438 100644 --- a/http/cves/2022/CVE-2022-25149.yaml +++ b/http/cves/2022/CVE-2022-25149.yaml @@ -26,7 +26,7 @@ info: vendor: veronalabs product: wp_statistics framework: wordpress - shodan-query: http.html:"/wp-content/plugins/wp-statistics/" + shodan-query: http.html:/wp-content/plugins/wp-statistics/ fofa-query: body=/wp-content/plugins/wp-statistics/ publicwww-query: "/wp-content/plugins/wp-statistics/" google-query: inurl:/wp-content/plugins/wp-statistics diff --git a/http/cves/2022/CVE-2022-25216.yaml b/http/cves/2022/CVE-2022-25216.yaml index f43f3980254..9bf213dc6dd 100644 --- a/http/cves/2022/CVE-2022-25216.yaml +++ b/http/cves/2022/CVE-2022-25216.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2022-25216 - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/ARPSyndicate/cvemon - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-25216 cwe-id: CWE-22 - epss-score: 0.68426 - epss-percentile: 0.98491 + epss-score: 0.01345 + epss-percentile: 0.86086 cpe: cpe:2.3:a:dvdfab:12_player:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-25226.yaml b/http/cves/2022/CVE-2022-25226.yaml index c6a80b50bd3..15d441e9546 100644 --- a/http/cves/2022/CVE-2022-25226.yaml +++ b/http/cves/2022/CVE-2022-25226.yaml @@ -18,17 +18,13 @@ info: epss-percentile: 0.70147 cpe: cpe:2.3:a:cybelsoft:thinvnc:1.0:b1:*:*:*:*:*:* metadata: - verified: true max-request: 1 + verified: true vendor: cybelsoft product: thinvnc - shodan-query: - - http.favicon.hash:"-1414548363" - - http.favicon.hash:"571240285" - fofa-query: - - icon_hash="571240285" - - icon_hash=-1414548363 - tags: cve,cve2022,thinvnc,auth-bypass,cybelsoft + shodan-query: http.favicon.hash:-1414548363 + fofa-query: icon_hash="571240285" + tags: cve,cve2022,thinvnc,auth-bypass http: - method: GET diff --git a/http/cves/2022/CVE-2022-2535.yaml b/http/cves/2022/CVE-2022-2535.yaml index 6864bdadaf4..2d49e5f8e9e 100644 --- a/http/cves/2022/CVE-2022-2535.yaml +++ b/http/cves/2022/CVE-2022-2535.yaml @@ -21,12 +21,12 @@ info: cpe: cpe:2.3:a:searchwp:searchwp_live_ajax_search:*:*:*:*:*:wordpress:*:* metadata: verified: true - max-request: 2 + max-request: 1 vendor: searchwp - product: "searchwp_live_ajax_search" + product: searchwp_live_ajax_search framework: wordpress - shodan-query: http.html:"/wp-content/plugins/searchwp-live-ajax-search/" - fofa-query: "body=/wp-content/plugins/searchwp-live-ajax-search/" + shodan-query: http.html:/wp-content/plugins/searchwp-live-ajax-search/ + fofa-query: body=/wp-content/plugins/searchwp-live-ajax-search/ publicwww-query: "/wp-content/plugins/searchwp-live-ajax-search/" tags: cve,cve2022,wp,wp-plugin,wordpress,wpscan,searchwp-live-ajax-search,searchwp diff --git a/http/cves/2022/CVE-2022-25356.yaml b/http/cves/2022/CVE-2022-25356.yaml index 2362042327b..ddeed42a971 100644 --- a/http/cves/2022/CVE-2022-25356.yaml +++ b/http/cves/2022/CVE-2022-25356.yaml @@ -21,15 +21,17 @@ info: cvss-score: 5.3 cve-id: CVE-2022-25356 cwe-id: CWE-91 - epss-score: 0.43201 - epss-percentile: 0.97324 + epss-score: 0.00425 + epss-percentile: 0.74252 cpe: cpe:2.3:a:altn:securitygateway:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: altn product: securitygateway - google-query: inurl:"/securitygateway.dll" + google-query: + - inurl:"/SecurityGateway.dll" + - inurl:"/securitygateway.dll" tags: cve,cve2022,altn,gateway,xml,injection http: diff --git a/http/cves/2022/CVE-2022-25481.yaml b/http/cves/2022/CVE-2022-25481.yaml index 86dd265ac69..50293f5988c 100644 --- a/http/cves/2022/CVE-2022-25481.yaml +++ b/http/cves/2022/CVE-2022-25481.yaml @@ -20,9 +20,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-25481 - cwe-id: CWE-668,CWE-284 - epss-score: 0.48808 - epss-percentile: 0.97601 + cwe-id: CWE-668 + epss-score: 0.01261 + epss-percentile: 0.85591 cpe: cpe:2.3:a:thinkphp:thinkphp:5.0.24:*:*:*:*:*:*:* metadata: verified: true @@ -30,15 +30,13 @@ info: vendor: thinkphp product: thinkphp shodan-query: + - title:"ThinkPHP" - http.title:"thinkphp" - cpe:"cpe:2.3:a:thinkphp:thinkphp" fofa-query: - title="thinkphp" - header="think_lang" - - app="thinkphp" - - app="thinkphp" && title="system error" google-query: intitle:"thinkphp" - zoomeye-query: app="thinkphp" tags: cve,cve2022,thinkphp,exposure,oss http: diff --git a/http/cves/2022/CVE-2022-25487.yaml b/http/cves/2022/CVE-2022-25487.yaml index 9b2945854f3..5b66834179c 100644 --- a/http/cves/2022/CVE-2022-25487.yaml +++ b/http/cves/2022/CVE-2022-25487.yaml @@ -20,16 +20,14 @@ info: cvss-score: 9.8 cve-id: CVE-2022-25487 cwe-id: CWE-434 - epss-score: 0.88369 - epss-percentile: 0.99448 + epss-score: 0.78706 + epss-percentile: 0.98263 cpe: cpe:2.3:a:thedigitalcraft:atomcms:2.0:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: thedigitalcraft product: atomcms - shodan-query: http.html:"atomcms" - fofa-query: body="atomcms" tags: cve2022,cve,rce,atom,cms,unauth,packetstorm,intrusive,thedigitalcraft,fielupload variables: string: "CVE-2022-25487" diff --git a/http/cves/2022/CVE-2022-25488.yaml b/http/cves/2022/CVE-2022-25488.yaml index cbd2830cb17..10ab05572ea 100644 --- a/http/cves/2022/CVE-2022-25488.yaml +++ b/http/cves/2022/CVE-2022-25488.yaml @@ -27,8 +27,6 @@ info: max-request: 1 vendor: thedigitalcraft product: atomcms - shodan-query: http.html:"atomcms" - fofa-query: body="atomcms" tags: cve,cve2022,sqli,atom,cms,thedigitalcraft variables: num: "999999999" diff --git a/http/cves/2022/CVE-2022-25489.yaml b/http/cves/2022/CVE-2022-25489.yaml index 352f417b694..4dda0ac1bd3 100644 --- a/http/cves/2022/CVE-2022-25489.yaml +++ b/http/cves/2022/CVE-2022-25489.yaml @@ -18,16 +18,14 @@ info: cvss-score: 5.4 cve-id: CVE-2022-25489 cwe-id: CWE-79 - epss-score: 0.06429 - epss-percentile: 0.9054 + epss-score: 0.00134 + epss-percentile: 0.48559 cpe: cpe:2.3:a:thedigitalcraft:atomcms:2.0:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: thedigitalcraft product: atomcms - shodan-query: http.html:"atomcms" - fofa-query: body="atomcms" tags: cve,cve2022,xss,atom,cms,thedigitalcraft http: diff --git a/http/cves/2022/CVE-2022-25497.yaml b/http/cves/2022/CVE-2022-25497.yaml index c11d9a9f144..6af00f634bf 100644 --- a/http/cves/2022/CVE-2022-25497.yaml +++ b/http/cves/2022/CVE-2022-25497.yaml @@ -14,14 +14,13 @@ info: - https://github.com/CuppaCMS/CuppaCMS - https://nvd.nist.gov/vuln/detail/CVE-2022-25497 - https://github.com/ARPSyndicate/cvemon - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2022-25497 cwe-id: CWE-552 - epss-score: 0.22187 - epss-percentile: 0.95461 + epss-score: 0.00508 + epss-percentile: 0.7649 cpe: cpe:2.3:a:cuppacms:cuppacms:1.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-2551.yaml b/http/cves/2022/CVE-2022-2551.yaml index 3d67b3ba6e2..9a09d485255 100644 --- a/http/cves/2022/CVE-2022-2551.yaml +++ b/http/cves/2022/CVE-2022-2551.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-2551 cwe-id: CWE-425 - epss-score: 0.58877 - epss-percentile: 0.98074 + epss-score: 0.66448 + epss-percentile: 0.97927 cpe: cpe:2.3:a:snapcreek:duplicator:*:*:*:*:lite:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-2552.yaml b/http/cves/2022/CVE-2022-2552.yaml index 7d72206f359..5b3651dacf4 100644 --- a/http/cves/2022/CVE-2022-2552.yaml +++ b/http/cves/2022/CVE-2022-2552.yaml @@ -18,13 +18,10 @@ info: metadata: verified: true max-request: 1 + fofa-query: body="/wp-content/plugins/duplicator" vendor: snapcreek product: wp_go_maps - fofa-query: - - body="/wp-content/plugins/duplicator" - - body="/wp-content/plugins/wp-google-maps" - shodan-query: http.html:"/wp-content/plugins/wp-google-maps" - tags: wpscan,cve,cve2022,wp,wp-plugin,wordpress,duplicator,disclosure,snapcreek + tags: cve,cve2022,wp,wp-plugin,wordpress,duplicator,disclosure http: - method: GET diff --git a/http/cves/2022/CVE-2022-25568.yaml b/http/cves/2022/CVE-2022-25568.yaml index 74c1e756592..07ee7f86c5d 100644 --- a/http/cves/2022/CVE-2022-25568.yaml +++ b/http/cves/2022/CVE-2022-25568.yaml @@ -17,15 +17,17 @@ info: cvss-score: 7.5 cve-id: CVE-2022-25568 cwe-id: CWE-1188 - epss-score: 0.89778 - epss-percentile: 0.99531 + epss-score: 0.01501 + epss-percentile: 0.86918 cpe: cpe:2.3:a:motioneye_project:motioneye:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: motioneye_project product: motioneye - shodan-query: http.html:"motioneye" + shodan-query: + - html:"MotionEye" + - http.html:"motioneye" fofa-query: body="motioneye" tags: cve,cve2022,motioneye,config,motioneye_project diff --git a/http/cves/2022/CVE-2022-2599.yaml b/http/cves/2022/CVE-2022-2599.yaml index 747134e38a1..519e58329b3 100644 --- a/http/cves/2022/CVE-2022-2599.yaml +++ b/http/cves/2022/CVE-2022-2599.yaml @@ -15,14 +15,13 @@ info: - https://wordpress.org/plugins/gotmls/advanced/ - https://nvd.nist.gov/vuln/detail/CVE-2022-2599 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-2599 cwe-id: CWE-79 - epss-score: 0.44025 - epss-percentile: 0.97369 + epss-score: 0.00106 + epss-percentile: 0.43227 cpe: cpe:2.3:a:anti-malware_security_and_brute-force_firewall_project:anti-malware_security_and_brute-force_firewall:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-26134.yaml b/http/cves/2022/CVE-2022-26134.yaml index b4107551063..ce2c8b59b1b 100644 --- a/http/cves/2022/CVE-2022-26134.yaml +++ b/http/cves/2022/CVE-2022-26134.yaml @@ -29,7 +29,9 @@ info: max-request: 2 vendor: atlassian product: confluence_data_center - shodan-query: http.component:"atlassian confluence" + shodan-query: + - http.component:"Atlassian Confluence" + - http.component:"atlassian confluence" fofa-query: app="atlassian-confluence" tags: cve,cve2022,packetstorm,confluence,rce,ognl,oast,kev,atlassian diff --git a/http/cves/2022/CVE-2022-26138.yaml b/http/cves/2022/CVE-2022-26138.yaml index d4691003d35..6aebcaced67 100644 --- a/http/cves/2022/CVE-2022-26138.yaml +++ b/http/cves/2022/CVE-2022-26138.yaml @@ -21,14 +21,16 @@ info: cvss-score: 9.8 cve-id: CVE-2022-26138 cwe-id: CWE-798 - epss-score: 0.94258 - epss-percentile: 0.99922 + epss-score: 0.97208 + epss-percentile: 0.99826 cpe: cpe:2.3:a:atlassian:questions_for_confluence:2.7.34:*:*:*:*:*:*:* metadata: max-request: 1 vendor: atlassian product: questions_for_confluence - shodan-query: http.component:"atlassian confluence" + shodan-query: + - http.component:"Atlassian Confluence" + - http.component:"atlassian confluence" tags: cve2022,cve,confluence,atlassian,default-login,kev http: diff --git a/http/cves/2022/CVE-2022-26148.yaml b/http/cves/2022/CVE-2022-26148.yaml index ac965fca723..68b4f2b65b7 100644 --- a/http/cves/2022/CVE-2022-26148.yaml +++ b/http/cves/2022/CVE-2022-26148.yaml @@ -21,19 +21,21 @@ info: cvss-score: 9.8 cve-id: CVE-2022-26148 cwe-id: CWE-312 - epss-score: 0.81612 - epss-percentile: 0.99122 + epss-score: 0.15727 + epss-percentile: 0.95795 cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: grafana product: grafana shodan-query: - - http.title:"grafana" + - title:"Grafana" - cpe:"cpe:2.3:a:grafana:grafana" + - http.title:"grafana" fofa-query: - - app="grafana" + - app="Grafana" - title="grafana" + - app="grafana" google-query: intitle:"grafana" tags: cve,cve2022,grafana,zabbix,exposure diff --git a/http/cves/2022/CVE-2022-26233.yaml b/http/cves/2022/CVE-2022-26233.yaml index b8bac0f1ac4..970e3559375 100644 --- a/http/cves/2022/CVE-2022-26233.yaml +++ b/http/cves/2022/CVE-2022-26233.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-26233 cwe-id: CWE-22 - epss-score: 0.85088 - epss-percentile: 0.99287 + epss-score: 0.00628 + epss-percentile: 0.78973 cpe: cpe:2.3:a:barco:control_room_management_suite:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-26263.yaml b/http/cves/2022/CVE-2022-26263.yaml index 0cce350bffe..5090e250035 100644 --- a/http/cves/2022/CVE-2022-26263.yaml +++ b/http/cves/2022/CVE-2022-26263.yaml @@ -28,7 +28,9 @@ info: verified: true vendor: yonyou product: u8\+ - google-query: inurl:/u8sl/webhelp + google-query: + - inurl:/u8sl/WebHelp + - inurl:/u8sl/webhelp tags: cve,cve2022,yonyou,xss,headless headless: - steps: diff --git a/http/cves/2022/CVE-2022-2627.yaml b/http/cves/2022/CVE-2022-2627.yaml index 529784b92e0..02beb505bc2 100644 --- a/http/cves/2022/CVE-2022-2627.yaml +++ b/http/cves/2022/CVE-2022-2627.yaml @@ -12,14 +12,13 @@ info: reference: - https://wpscan.com/vulnerability/038327d0-568f-4011-9b7e-3da39e8b6aea - https://nvd.nist.gov/vuln/detail/CVE-2022-2627 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-2627 cwe-id: CWE-79 - epss-score: 0.23883 - epss-percentile: 0.95714 + epss-score: 0.00106 + epss-percentile: 0.43227 cpe: cpe:2.3:a:tagdiv:newspaper:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -27,9 +26,11 @@ info: vendor: tagdiv product: newspaper framework: wordpress - shodan-query: http.html:"/wp-content/themes/newspaper" + shodan-query: http.html:/wp-content/themes/newspaper fofa-query: body=/wp-content/themes/newspaper - publicwww-query: /wp-content/themes/newspaper + publicwww-query: + - "/wp-content/themes/Newspaper" + - /wp-content/themes/newspaper tags: cve2022,cve,xss,wordpress,wp,wp-theme,newspaper,wpscan,tagdiv http: diff --git a/http/cves/2022/CVE-2022-26271.yaml b/http/cves/2022/CVE-2022-26271.yaml index f4fcfb618fb..46919af0078 100644 --- a/http/cves/2022/CVE-2022-26271.yaml +++ b/http/cves/2022/CVE-2022-26271.yaml @@ -22,14 +22,12 @@ info: epss-percentile: 0.58092 cpe: cpe:2.3:a:74cms:74cms:3.4.1:*:*:*:*:*:*:* metadata: - verified: true max-request: 1 + verified: true vendor: 74cms product: 74cms shodan-query: http.html:"74cms" - fofa-query: - - app="74cms" - - app="骑士-74cms" + fofa-query: app="74cms" tags: cve,cve2022,74cms,lfr http: diff --git a/http/cves/2022/CVE-2022-2633.yaml b/http/cves/2022/CVE-2022-2633.yaml index fca3f2fab35..5aaa2540a3d 100644 --- a/http/cves/2022/CVE-2022-2633.yaml +++ b/http/cves/2022/CVE-2022-2633.yaml @@ -17,12 +17,12 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2022-2633 - https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/trunk/public/video.php#L227 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N + cvss-score: 8.2 cve-id: CVE-2022-2633 cwe-id: CWE-610 - epss-score: 0.88941 - epss-percentile: 0.99486 + epss-score: 0.02868 + epss-percentile: 0.9073 cpe: cpe:2.3:a:plugins360:all-in-one_video_gallery:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-26564.yaml b/http/cves/2022/CVE-2022-26564.yaml index 5f4c76c6b40..4c3816de847 100644 --- a/http/cves/2022/CVE-2022-26564.yaml +++ b/http/cves/2022/CVE-2022-26564.yaml @@ -29,7 +29,7 @@ info: vendor: digitaldruid product: hoteldruid shodan-query: - - http.favicon.hash:"-1521640213" + - http.favicon.hash:-1521640213 - http.title:"hoteldruid" fofa-query: - title="hoteldruid" diff --git a/http/cves/2022/CVE-2022-26585.yaml b/http/cves/2022/CVE-2022-26585.yaml index fcbcfafeca8..6d3498d2115 100644 --- a/http/cves/2022/CVE-2022-26585.yaml +++ b/http/cves/2022/CVE-2022-26585.yaml @@ -11,25 +11,23 @@ info: reference: - https://gitee.com/mingSoft/MCMS/issues/I4W1S9 - https://nvd.nist.gov/vuln/detail/CVE-2022-26585 - - https://github.com/20142995/nuclei-templates - - https://github.com/ARPSyndicate/cve-scores - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-26585 cwe-id: CWE-89 - epss-score: 0.17904 - epss-percentile: 0.94787 + epss-score: 0.00172 + epss-percentile: 0.53749 cpe: cpe:2.3:a:mingsoft:mcms:5.2.7:*:*:*:*:*:*:* metadata: - verified: true - max-request: 1 vendor: mingsoft product: mcms - shodan-query: http.favicon.hash:"1464851260" + verified: true + max-request: 1 + shodan-query: http.favicon.hash:1464851260 fofa-query: icon_hash="1464851260" tags: cve,cve2022,mingsoft,mcms,sqli,kev + variables: num: "999999999" diff --git a/http/cves/2022/CVE-2022-26960.yaml b/http/cves/2022/CVE-2022-26960.yaml index 5ef624865c2..f95fc2d53e3 100644 --- a/http/cves/2022/CVE-2022-26960.yaml +++ b/http/cves/2022/CVE-2022-26960.yaml @@ -21,17 +21,14 @@ info: cvss-score: 9.1 cve-id: CVE-2022-26960 cwe-id: CWE-22 - epss-score: 0.87531 - epss-percentile: 0.99412 + epss-score: 0.84507 + epss-percentile: 0.98501 cpe: cpe:2.3:a:std42:elfinder:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: std42 product: elfinder - shodan-query: http.title:"elfinder" - fofa-query: title="elfinder" - google-query: intitle:"elfinder" tags: cve2022,cve,lfi,elfinder,std42 http: diff --git a/http/cves/2022/CVE-2022-27043.yaml b/http/cves/2022/CVE-2022-27043.yaml index 7a5c573f29d..e7123edc21b 100644 --- a/http/cves/2022/CVE-2022-27043.yaml +++ b/http/cves/2022/CVE-2022-27043.yaml @@ -20,10 +20,10 @@ info: cpe: cpe:2.3:a:yearning:yearning:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 + max-request: 1 vendor: yearning product: yearning - fofa-query: app="yearning" + fofa-query: app="Yearning" tags: cve,cve2022,yearning,lfi http: diff --git a/http/cves/2022/CVE-2022-2733.yaml b/http/cves/2022/CVE-2022-2733.yaml index 9fb91f8b74a..82477e6ad03 100644 --- a/http/cves/2022/CVE-2022-2733.yaml +++ b/http/cves/2022/CVE-2022-2733.yaml @@ -28,19 +28,16 @@ info: vendor: open-emr product: openemr shodan-query: - - http.title:"openemr" + - title:"OpenEMR" - http.html:"openemr" - - http.favicon.hash:"1971268439" - - http.title:"openemr setup tool" + - http.title:"openemr" + - http.favicon.hash:1971268439 fofa-query: - icon_hash=1971268439 - body="openemr" - title="openemr" - app="openemr" - - title="openemr setup tool" - google-query: - - intitle:"openemr" - - intitle:"openemr setup tool" + google-query: intitle:"openemr" tags: cve,cve2022,xss,openemr,authenticated,huntr,open-emr http: diff --git a/http/cves/2022/CVE-2022-2756.yaml b/http/cves/2022/CVE-2022-2756.yaml index 60b54e85699..e1fd7b2dc87 100644 --- a/http/cves/2022/CVE-2022-2756.yaml +++ b/http/cves/2022/CVE-2022-2756.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.5 cve-id: CVE-2022-2756 cwe-id: CWE-918 - epss-score: 0.71343 - epss-percentile: 0.98616 + epss-score: 0.01579 + epss-percentile: 0.87037 cpe: cpe:2.3:a:kavitareader:kavita:*:*:*:*:*:*:*:* metadata: verified: true @@ -28,11 +28,9 @@ info: vendor: kavitareader product: kavita shodan-query: + - title:"kavita" - http.title:"kavita" - - http.html:"kavita" - fofa-query: - - title="kavita" - - body="kavita" + fofa-query: title="kavita" google-query: intitle:"kavita" tags: cve,cve2022,ssrf,kavita,authenticated,huntr,intrusive,kavitareader diff --git a/http/cves/2022/CVE-2022-27593.yaml b/http/cves/2022/CVE-2022-27593.yaml index 9d491e838c5..e9d4e50a6cd 100644 --- a/http/cves/2022/CVE-2022-27593.yaml +++ b/http/cves/2022/CVE-2022-27593.yaml @@ -17,12 +17,12 @@ info: - https://github.com/20142995/sectool - https://github.com/ARPSyndicate/cvemon classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H - cvss-score: 10 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H + cvss-score: 9.1 cve-id: CVE-2022-27593 cwe-id: CWE-610 - epss-score: 0.93613 - epss-percentile: 0.99827 + epss-score: 0.56352 + epss-percentile: 0.97624 cpe: cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:* metadata: verified: true @@ -30,9 +30,10 @@ info: vendor: qnap product: photo_station shodan-query: - - http.title:"qnap" + - title:"QNAP" - http.title:"photo station" - - content-length:"580 "http server 1.0"" + - http.title:"qnap" + - 'content-length: 580 "http server 1.0"' fofa-query: - title="photo station" - title="qnap" diff --git a/http/cves/2022/CVE-2022-27849.yaml b/http/cves/2022/CVE-2022-27849.yaml index 8b99416c438..c27e345faa0 100644 --- a/http/cves/2022/CVE-2022-27849.yaml +++ b/http/cves/2022/CVE-2022-27849.yaml @@ -3,7 +3,7 @@ id: CVE-2022-27849 info: name: WordPress Simple Ajax Chat <20220116 - Sensitive Information Disclosure vulnerability author: random-robbie - severity: medium + severity: high description: | WordPress Simple Ajax Chat before 20220216 is vulnerable to sensitive information disclosure. The plugin does not properly restrict access to the exported data via the sac-export.csv file, which could allow unauthenticated users to access it. impact: | @@ -17,12 +17,12 @@ info: - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 cve-id: CVE-2022-27849 cwe-id: CWE-200 - epss-score: 0.12777 - epss-percentile: 0.93618 + epss-score: 0.00713 + epss-percentile: 0.80067 cpe: cpe:2.3:a:plugin-planet:simple_ajax_chat:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-27984.yaml b/http/cves/2022/CVE-2022-27984.yaml index fde8e73d1db..af71dbc67d6 100644 --- a/http/cves/2022/CVE-2022-27984.yaml +++ b/http/cves/2022/CVE-2022-27984.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-27984 cwe-id: CWE-89 - epss-score: 0.1203 - epss-percentile: 0.93394 + epss-score: 0.02079 + epss-percentile: 0.89045 cpe: cpe:2.3:a:cuppacms:cuppacms:1.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-27985.yaml b/http/cves/2022/CVE-2022-27985.yaml index 228f7160616..3a0a91ca94b 100644 --- a/http/cves/2022/CVE-2022-27985.yaml +++ b/http/cves/2022/CVE-2022-27985.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-27985 cwe-id: CWE-89 - epss-score: 0.1203 - epss-percentile: 0.93394 + epss-score: 0.02343 + epss-percentile: 0.89527 cpe: cpe:2.3:a:cuppacms:cuppacms:1.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-28032.yaml b/http/cves/2022/CVE-2022-28032.yaml index 08dee5bd14d..937ca665bb3 100644 --- a/http/cves/2022/CVE-2022-28032.yaml +++ b/http/cves/2022/CVE-2022-28032.yaml @@ -27,8 +27,6 @@ info: max-request: 1 vendor: thedigitalcraft product: atomcms - shodan-query: http.html:"atomcms" - fofa-query: body="atomcms" tags: time-based-sqli,cve,cve2022,sqli,atom,cms,thedigitalcraft http: diff --git a/http/cves/2022/CVE-2022-28033.yaml b/http/cves/2022/CVE-2022-28033.yaml index 8d5cb7f0d88..5d2764670b2 100644 --- a/http/cves/2022/CVE-2022-28033.yaml +++ b/http/cves/2022/CVE-2022-28033.yaml @@ -13,22 +13,21 @@ info: reference: - https://github.com/thedigicraft/Atom.CMS/issues/259 - https://nvd.nist.gov/vuln/detail/CVE-2022-28033 - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-28033 cwe-id: CWE-89 - epss-score: 0.39096 - epss-percentile: 0.9708 + epss-score: 0.00172 + epss-percentile: 0.53749 cpe: cpe:2.3:a:thedigitalcraft:atomcms:2.0:*:*:*:*:*:*:* metadata: max-request: 2 vendor: thedigitalcraft product: atomcms - shodan-query: http.html:"atomcms" - fofa-query: body="atomcms" - tags: cve,cve2022,atom,cms,sqli,thedigitalcraft + shodan-query: html:"atomcms" + tags: cve,cve2022,atom,cms,sqli + flow: http(1) && http(2) http: diff --git a/http/cves/2022/CVE-2022-28219.yaml b/http/cves/2022/CVE-2022-28219.yaml index 108c4269688..1449f7bb91f 100644 --- a/http/cves/2022/CVE-2022-28219.yaml +++ b/http/cves/2022/CVE-2022-28219.yaml @@ -23,15 +23,17 @@ info: cvss-score: 9.8 cve-id: CVE-2022-28219 cwe-id: CWE-611 - epss-score: 0.94175 - epss-percentile: 0.99905 + epss-score: 0.97453 + epss-percentile: 0.9995 cpe: cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: zohocorp product: manageengine_adaudit_plus - shodan-query: http.title:"adaudit plus" || http.title:"manageengine - admanager plus" + shodan-query: + - http.title:"ADAudit Plus" || http.title:"ManageEngine - ADManager Plus" + - http.title:"adaudit plus" || http.title:"manageengine - admanager plus" fofa-query: title="adaudit plus" || http.title:"manageengine - admanager plus" google-query: intitle:"adaudit plus" || http.title:"manageengine - admanager plus" tags: cve,cve2022,xxe,rce,zoho,manageengine,unauth,zohocorp diff --git a/http/cves/2022/CVE-2022-28290.yaml b/http/cves/2022/CVE-2022-28290.yaml index 1e48918d198..f9199e7f752 100644 --- a/http/cves/2022/CVE-2022-28290.yaml +++ b/http/cves/2022/CVE-2022-28290.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-28290 cwe-id: CWE-79 - epss-score: 0.01901 - epss-percentile: 0.82319 + epss-score: 0.00088 + epss-percentile: 0.37623 cpe: cpe:2.3:a:welaunch:wordpress_country_selector:1.6.5:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2022/CVE-2022-28363.yaml b/http/cves/2022/CVE-2022-28363.yaml index ed7b06ed78e..421c4bd9037 100644 --- a/http/cves/2022/CVE-2022-28363.yaml +++ b/http/cves/2022/CVE-2022-28363.yaml @@ -21,9 +21,9 @@ info: cvss-score: 6.1 cve-id: CVE-2022-28363 cwe-id: CWE-79 - epss-score: 0.13579 - epss-percentile: 0.93844 - cpe: cpe:2.3:a:reprisesoftware:reprise_license_manager:*:*:*:*:*:*:*:* + epss-score: 0.00336 + epss-percentile: 0.71252 + cpe: cpe:2.3:a:reprisesoftware:reprise_license_manager:14.2:*:*:*:*:*:*:* metadata: max-request: 1 vendor: reprisesoftware diff --git a/http/cves/2022/CVE-2022-28365.yaml b/http/cves/2022/CVE-2022-28365.yaml index 487fb4011cc..7c25c25f1a2 100644 --- a/http/cves/2022/CVE-2022-28365.yaml +++ b/http/cves/2022/CVE-2022-28365.yaml @@ -21,9 +21,9 @@ info: cvss-score: 5.3 cve-id: CVE-2022-28365 cwe-id: CWE-425 - epss-score: 0.29874 - epss-percentile: 0.96373 - cpe: cpe:2.3:a:reprisesoftware:reprise_license_manager:*:*:*:*:*:*:*:* + epss-score: 0.05306 + epss-percentile: 0.93052 + cpe: cpe:2.3:a:reprisesoftware:reprise_license_manager:14.2:*:*:*:*:*:*:* metadata: max-request: 1 vendor: reprisesoftware diff --git a/http/cves/2022/CVE-2022-28508.yaml b/http/cves/2022/CVE-2022-28508.yaml index ba02756609b..c3497d4eb11 100644 --- a/http/cves/2022/CVE-2022-28508.yaml +++ b/http/cves/2022/CVE-2022-28508.yaml @@ -14,31 +14,16 @@ info: - https://github.com/YavuzSahbaz/CVE-2022-28508/blob/main/MantisBT%202.25.2%20XSS%20vulnurability - https://www.mantisbt.org/bugs/changelog_page.php - https://nvd.nist.gov/vuln/detail/CVE-2022-28508 - - https://sourceforge.net/projects/mantisbt/ - - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-28508 cwe-id: CWE-79 - epss-score: 0.02299 - epss-percentile: 0.83911 - cpe: cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 - vendor: mantisbt - product: mantisbt - shodan-query: - - http.title:"mantisbt" - - cpe:"cpe:2.3:a:mantisbt:mantisbt" - - http.favicon.hash:"662709064" - - http.html:"administration - installation - mantisbt" - fofa-query: - - title="mantisbt" - - body="administration - installation - mantisbt" - - icon_hash=662709064 - google-query: intitle:"mantisbt" + shodan-query: title:"MantisBT" + fofa-query: title="MantisBT" tags: cve,cve2022,mantisbt,xss,opensearch http: diff --git a/http/cves/2022/CVE-2022-2863.yaml b/http/cves/2022/CVE-2022-2863.yaml index 6fa216b0a9c..ff330426a39 100644 --- a/http/cves/2022/CVE-2022-2863.yaml +++ b/http/cves/2022/CVE-2022-2863.yaml @@ -19,8 +19,8 @@ info: cvss-score: 4.9 cve-id: CVE-2022-2863 cwe-id: CWE-22 - epss-score: 0.03203 - epss-percentile: 0.86386 + epss-score: 0.46632 + epss-percentile: 0.97438 cpe: cpe:2.3:a:wpvivid:migration\,_backup\,_staging:*:*:*:*:*:wordpress:*:* metadata: max-request: 3 diff --git a/http/cves/2022/CVE-2022-28923.yaml b/http/cves/2022/CVE-2022-28923.yaml index d738d6e11e9..f1a19005f36 100644 --- a/http/cves/2022/CVE-2022-28923.yaml +++ b/http/cves/2022/CVE-2022-28923.yaml @@ -21,15 +21,17 @@ info: cvss-score: 6.1 cve-id: CVE-2022-28923 cwe-id: CWE-601 - epss-score: 0.13233 - epss-percentile: 0.9375 + epss-score: 0.00772 + epss-percentile: 0.79353 cpe: cpe:2.3:a:caddyserver:caddy:2.4.6:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: caddyserver product: caddy - shodan-query: server:"caddy" + shodan-query: + - 'Server: caddy' + - "server: caddy" tags: cve,cve2022,redirect,caddy,webserver,caddyserver http: diff --git a/http/cves/2022/CVE-2022-28955.yaml b/http/cves/2022/CVE-2022-28955.yaml index f4e5f94e6a5..7e97034e6c4 100644 --- a/http/cves/2022/CVE-2022-28955.yaml +++ b/http/cves/2022/CVE-2022-28955.yaml @@ -21,15 +21,17 @@ info: cvss-score: 7.5 cve-id: CVE-2022-28955 cwe-id: CWE-287 - epss-score: 0.89028 - epss-percentile: 0.99489 + epss-score: 0.02487 + epss-percentile: 0.89836 cpe: cpe:2.3:o:dlink:dir-816l_firmware:206b01:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: dlink product: dir-816l_firmware - shodan-query: http.html:"dir-816l" + shodan-query: + - http.html:"DIR-816L" + - http.html:"dir-816l" fofa-query: body="dir-816l" tags: cve2022,cve,dlink,exposure diff --git a/http/cves/2022/CVE-2022-29004.yaml b/http/cves/2022/CVE-2022-29004.yaml index c0aed267a9c..08c347807b8 100644 --- a/http/cves/2022/CVE-2022-29004.yaml +++ b/http/cves/2022/CVE-2022-29004.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-29004 cwe-id: CWE-79 - epss-score: 0.35177 - epss-percentile: 0.96824 + epss-score: 0.00254 + epss-percentile: 0.65186 cpe: cpe:2.3:a:phpgurukul:e-diary_management_system:1.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-29007.yaml b/http/cves/2022/CVE-2022-29007.yaml index 33850ebbfd9..d0a7211f250 100644 --- a/http/cves/2022/CVE-2022-29007.yaml +++ b/http/cves/2022/CVE-2022-29007.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-29007 cwe-id: CWE-89 - epss-score: 0.91 - epss-percentile: 0.99605 + epss-score: 0.1338 + epss-percentile: 0.95581 cpe: cpe:2.3:a:phpgurukul:dairy_farm_shop_management_system:1.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-29009.yaml b/http/cves/2022/CVE-2022-29009.yaml index 094f39e63b8..98fbb8ffd4b 100644 --- a/http/cves/2022/CVE-2022-29009.yaml +++ b/http/cves/2022/CVE-2022-29009.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-29009 cwe-id: CWE-89 - epss-score: 0.84516 - epss-percentile: 0.99258 + epss-score: 0.1338 + epss-percentile: 0.95581 cpe: cpe:2.3:a:phpgurukul:cyber_cafe_management_system:1.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-29013.yaml b/http/cves/2022/CVE-2022-29013.yaml index 2b95729a6a4..a729a533732 100644 --- a/http/cves/2022/CVE-2022-29013.yaml +++ b/http/cves/2022/CVE-2022-29013.yaml @@ -9,19 +9,18 @@ info: reference: - https://packetstormsecurity.com/files/166684/Razer-Sila-2.0.418-Command-Injection.html - https://nvd.nist.gov/vuln/detail/CVE-2022-29013 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-29013 cwe-id: CWE-78 - epss-score: 0.92823 - epss-percentile: 0.99747 - cpe: cpe:2.3:o:razer:sila_firmware:2.0.441_api-2.0.418:*:*:*:*:*:*:* + epss-score: 0.8792 + epss-percentile: 0.98658 + cpe: cpe:2.3:h:razer:sila:-:*:*:*:*:*:*:* metadata: max-request: 1 vendor: razer - product: sila_firmware + product: sila tags: packetstorm,cve,cve2022,razer,sila,router http: diff --git a/http/cves/2022/CVE-2022-29014.yaml b/http/cves/2022/CVE-2022-29014.yaml index dab4a7d3962..a7a41f847f9 100644 --- a/http/cves/2022/CVE-2022-29014.yaml +++ b/http/cves/2022/CVE-2022-29014.yaml @@ -19,8 +19,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-29014 - epss-score: 0.78136 - epss-percentile: 0.98949 + epss-score: 0.79802 + epss-percentile: 0.9829 cpe: cpe:2.3:o:razer:sila_firmware:2.0.441_api-2.0.418:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-29153.yaml b/http/cves/2022/CVE-2022-29153.yaml index dd4754bea2a..4f513212a51 100644 --- a/http/cves/2022/CVE-2022-29153.yaml +++ b/http/cves/2022/CVE-2022-29153.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-29153 cwe-id: CWE-918 - epss-score: 0.88401 - epss-percentile: 0.9945 + epss-score: 0.02376 + epss-percentile: 0.89839 cpe: cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:* metadata: verified: true @@ -29,6 +29,7 @@ info: vendor: hashicorp product: consul shodan-query: + - title:"Consul by HashiCorp" - http.title:"consul by hashicorp" - cpe:"cpe:2.3:a:hashicorp:consul" fofa-query: title="consul by hashicorp" diff --git a/http/cves/2022/CVE-2022-29272.yaml b/http/cves/2022/CVE-2022-29272.yaml index c5e177f5406..3f5d5673b24 100644 --- a/http/cves/2022/CVE-2022-29272.yaml +++ b/http/cves/2022/CVE-2022-29272.yaml @@ -21,20 +21,17 @@ info: cvss-score: 6.1 cve-id: CVE-2022-29272 cwe-id: CWE-601 - epss-score: 0.17766 - epss-percentile: 0.9476 + epss-score: 0.0033 + epss-percentile: 0.67975 cpe: cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: nagios product: nagios_xi - shodan-query: - - http.title:"nagios xi" - - http.favicon.hash:"1460499495" + shodan-query: http.title:"nagios xi" fofa-query: - title="nagios xi" - app="nagios-xi" - - icon_hash="1460499495" google-query: intitle:"nagios xi" tags: cve,cve2022,redirect,nagios,nagiosxi diff --git a/http/cves/2022/CVE-2022-29298.yaml b/http/cves/2022/CVE-2022-29298.yaml index f2db6d54e89..68fbb1209de 100644 --- a/http/cves/2022/CVE-2022-29298.yaml +++ b/http/cves/2022/CVE-2022-29298.yaml @@ -28,7 +28,9 @@ info: max-request: 1 vendor: contec product: sv-cpt-mc310_firmware - shodan-query: http.html:"solarview compact" + shodan-query: + - http.html:"SolarView Compact" + - http.html:"solarview compact" fofa-query: body="solarview compact" tags: cve,cve2022,lfi,solarview,edb,contec diff --git a/http/cves/2022/CVE-2022-29299.yaml b/http/cves/2022/CVE-2022-29299.yaml index bb86cd70b87..d73cac786cf 100644 --- a/http/cves/2022/CVE-2022-29299.yaml +++ b/http/cves/2022/CVE-2022-29299.yaml @@ -15,7 +15,6 @@ info: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29299 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cve-id: CVE-2022-29299 epss-score: 0.00175 @@ -24,17 +23,10 @@ info: metadata: verified: true max-request: 1 - vendor: contec + shodan-query: http.favicon.hash:-244067125 product: solarview_compact_firmware - shodan-query: - - http.favicon.hash:"-244067125" - - cpe:"cpe:2.3:o:contec:solarview_compact_firmware" - - http.html:"solarview compact" - fofa-query: - - body="solarview compact" - - body="solarview compact" && title="top" - - icon_hash="-244067125" - tags: cve2022,cve,xss,solarview,edb,contec + vendor: contec + tags: cve2022,cve,xss,solarview,edb http: - method: GET diff --git a/http/cves/2022/CVE-2022-29303.yaml b/http/cves/2022/CVE-2022-29303.yaml index 417f3d4bffe..d1f0c8a0653 100644 --- a/http/cves/2022/CVE-2022-29303.yaml +++ b/http/cves/2022/CVE-2022-29303.yaml @@ -29,7 +29,9 @@ info: max-request: 1 vendor: contec product: sv-cpt-mc310_firmware - shodan-query: http.html:"solarview compact" + shodan-query: + - http.html:"SolarView Compact" + - http.html:"solarview compact" fofa-query: body="solarview compact" tags: cve,cve2022,injection,solarview,edb,packetstorm,rce,kev,contec variables: diff --git a/http/cves/2022/CVE-2022-29349.yaml b/http/cves/2022/CVE-2022-29349.yaml index 1a12a9bdd41..e8de12c6c56 100644 --- a/http/cves/2022/CVE-2022-29349.yaml +++ b/http/cves/2022/CVE-2022-29349.yaml @@ -29,13 +29,11 @@ info: vendor: keking product: kkfileview shodan-query: + - http.html:"kkFileView" - http.html:"kkfileview" - - http.title:"kkfileview" fofa-query: - body="kkfileview" - app="kkfileview" - - title="kkfileview" - google-query: intitle:"kkfileview" tags: cve,cve2022,kkFileView,xss,keking http: diff --git a/http/cves/2022/CVE-2022-29383.yaml b/http/cves/2022/CVE-2022-29383.yaml index fbaff5b5bc2..ca909397a61 100644 --- a/http/cves/2022/CVE-2022-29383.yaml +++ b/http/cves/2022/CVE-2022-29383.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-29383 cwe-id: CWE-89 - epss-score: 0.81767 - epss-percentile: 0.99129 + epss-score: 0.39819 + epss-percentile: 0.9716 cpe: cpe:2.3:o:netgear:ssl312_firmware:fvs336gv2:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-29455.yaml b/http/cves/2022/CVE-2022-29455.yaml index 24ac116984e..15dc737658e 100644 --- a/http/cves/2022/CVE-2022-29455.yaml +++ b/http/cves/2022/CVE-2022-29455.yaml @@ -30,9 +30,6 @@ info: vendor: elementor product: website_builder framework: wordpress - publicwww-query: /wp-content/plugins/elementor/ - shodan-query: http.html:"/wp-content/plugins/elementor/" - fofa-query: body=/wp-content/plugins/elementor/ tags: cve,cve2022,xss,wordpress,elementor http: diff --git a/http/cves/2022/CVE-2022-29464.yaml b/http/cves/2022/CVE-2022-29464.yaml index b9191ca5100..e46c9a6ea78 100644 --- a/http/cves/2022/CVE-2022-29464.yaml +++ b/http/cves/2022/CVE-2022-29464.yaml @@ -21,14 +21,14 @@ info: cvss-score: 9.8 cve-id: CVE-2022-29464 cwe-id: CWE-22 - epss-score: 0.94434 - epss-percentile: 0.99982 + epss-score: 0.97146 + epss-percentile: 0.99783 cpe: cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: wso2 product: api_manager - shodan-query: http.favicon.hash:"1398055326" + shodan-query: http.favicon.hash:1398055326 fofa-query: icon_hash=1398055326 google-query: inurl:"carbon/admin/login" tags: cve,cve2022,rce,fileupload,wso2,intrusive,kev diff --git a/http/cves/2022/CVE-2022-29548.yaml b/http/cves/2022/CVE-2022-29548.yaml index b29ceafb4f7..bf51ba23269 100644 --- a/http/cves/2022/CVE-2022-29548.yaml +++ b/http/cves/2022/CVE-2022-29548.yaml @@ -17,19 +17,19 @@ info: - https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1603/ - https://github.com/vishnusomank/GoXploitDB classification: - cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N - cvss-score: 4.6 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2022-29548 cwe-id: CWE-79 - epss-score: 0.67519 - epss-percentile: 0.98448 + epss-score: 0.01348 + epss-percentile: 0.86109 cpe: cpe:2.3:a:wso2:api_manager:2.2.0:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: wso2 product: api_manager - shodan-query: http.favicon.hash:"1398055326" + shodan-query: http.favicon.hash:1398055326 fofa-query: icon_hash=1398055326 google-query: inurl:"carbon/admin/login" tags: cve,cve2022,wso2,xss,packetstorm diff --git a/http/cves/2022/CVE-2022-29775.yaml b/http/cves/2022/CVE-2022-29775.yaml index 40a678ce956..b8ba87eb96f 100644 --- a/http/cves/2022/CVE-2022-29775.yaml +++ b/http/cves/2022/CVE-2022-29775.yaml @@ -29,7 +29,9 @@ info: max-request: 1 vendor: ispyconnect product: ispy - shodan-query: http.html:"ispy is running" + shodan-query: + - http.html:"iSpy is running" + - http.html:"ispy is running" fofa-query: body="ispy is running" tags: cve,cve2022,ispy,auth-bypass,ispyconnect diff --git a/http/cves/2022/CVE-2022-30073.yaml b/http/cves/2022/CVE-2022-30073.yaml index 07e8bd72bca..6ba53d25b9c 100644 --- a/http/cves/2022/CVE-2022-30073.yaml +++ b/http/cves/2022/CVE-2022-30073.yaml @@ -15,14 +15,13 @@ info: - https://github.com/APTX-4879/CVE/blob/main/CVE-2022-30073.pdf - https://nvd.nist.gov/vuln/detail/CVE-2022-30073 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2022-30073 cwe-id: CWE-79 - epss-score: 0.10021 - epss-percentile: 0.92639 + epss-score: 0.00205 + epss-percentile: 0.5842 cpe: cpe:2.3:a:wbce:wbce_cms:1.5.2:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-30489.yaml b/http/cves/2022/CVE-2022-30489.yaml index 4a9d753be73..e6fc4b77622 100644 --- a/http/cves/2022/CVE-2022-30489.yaml +++ b/http/cves/2022/CVE-2022-30489.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-30489 cwe-id: CWE-79 - epss-score: 0.14239 - epss-percentile: 0.94017 + epss-score: 0.00102 + epss-percentile: 0.41641 cpe: cpe:2.3:o:wavlink:wn535g3_firmware:-:*:*:*:*:*:*:* metadata: verified: true @@ -30,8 +30,9 @@ info: vendor: wavlink product: wn535g3_firmware shodan-query: - - http.title:"wi-fi app login" + - http.title:"Wi-Fi APP Login" - http.html:"wavlink" + - http.title:"wi-fi app login" fofa-query: - title="wi-fi app login" - body="wavlink" diff --git a/http/cves/2022/CVE-2022-30512.yaml b/http/cves/2022/CVE-2022-30512.yaml index 3d95200ba12..2bc1e544a86 100644 --- a/http/cves/2022/CVE-2022-30512.yaml +++ b/http/cves/2022/CVE-2022-30512.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-30512 cwe-id: CWE-89 - epss-score: 0.73933 - epss-percentile: 0.98736 + epss-score: 0.11597 + epss-percentile: 0.9526 cpe: cpe:2.3:a:school_dormitory_management_system_project:school_dormitory_management_system:1.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-30513.yaml b/http/cves/2022/CVE-2022-30513.yaml index 3b429853bf7..7f86a0b2b63 100644 --- a/http/cves/2022/CVE-2022-30513.yaml +++ b/http/cves/2022/CVE-2022-30513.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-30513 cwe-id: CWE-79 - epss-score: 0.28631 - epss-percentile: 0.96251 + epss-score: 0.00112 + epss-percentile: 0.44481 cpe: cpe:2.3:a:school_dormitory_management_system_project:school_dormitory_management_system:1.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-3062.yaml b/http/cves/2022/CVE-2022-3062.yaml index 323de648ba4..f00d639453f 100644 --- a/http/cves/2022/CVE-2022-3062.yaml +++ b/http/cves/2022/CVE-2022-3062.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2022-3062 - https://wordpress.org/plugins/simple-file-list/ - https://github.com/ARPSyndicate/cvemon - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-3062 cwe-id: CWE-79 - epss-score: 0.39321 - epss-percentile: 0.97094 + epss-score: 0.00106 + epss-percentile: 0.43227 cpe: cpe:2.3:a:simplefilelist:simple-file-list:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-30776.yaml b/http/cves/2022/CVE-2022-30776.yaml index badaace2686..af9324b69e7 100644 --- a/http/cves/2022/CVE-2022-30776.yaml +++ b/http/cves/2022/CVE-2022-30776.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-30776 cwe-id: CWE-79 - epss-score: 0.28164 - epss-percentile: 0.96205 + epss-score: 0.00112 + epss-percentile: 0.43631 cpe: cpe:2.3:a:atmail:atmail:6.5.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-30777.yaml b/http/cves/2022/CVE-2022-30777.yaml index d4a9fa3b1fa..c70504afbb9 100644 --- a/http/cves/2022/CVE-2022-30777.yaml +++ b/http/cves/2022/CVE-2022-30777.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-30777 cwe-id: CWE-79 - epss-score: 0.04621 - epss-percentile: 0.88707 + epss-score: 0.00087 + epss-percentile: 0.36791 cpe: cpe:2.3:a:parallels:h-sphere:3.6.2:*:*:*:*:*:*:* metadata: verified: true @@ -30,6 +30,7 @@ info: vendor: parallels product: h-sphere shodan-query: + - title:"h-sphere" - http.title:"h-sphere" - http.title:"parallels h-sphere" fofa-query: diff --git a/http/cves/2022/CVE-2022-31126.yaml b/http/cves/2022/CVE-2022-31126.yaml index 21416585560..0205b9686a3 100644 --- a/http/cves/2022/CVE-2022-31126.yaml +++ b/http/cves/2022/CVE-2022-31126.yaml @@ -14,22 +14,20 @@ info: - https://pentest.blog/advisory-roxy-wi-unauthenticated-remote-code-executions-cve-2022-31137/ - https://github.com/roxy-wi/roxy-wi/security/advisories/GHSA-mh86-878h-43c9 - https://nvd.nist.gov/vuln/detail/CVE-2022-31126 - - https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-mh86-878h-43c9 - - https://github.com/ARPSyndicate/cvemon classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L - cvss-score: 10 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2022-31126 cwe-id: CWE-74 - epss-score: 0.85274 - epss-percentile: 0.99299 + epss-score: 0.84229 + epss-percentile: 0.98401 cpe: cpe:2.3:a:roxy-wi:roxy-wi:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: roxy-wi product: roxy-wi - shodan-query: http.html:"roxy-wi" + shodan-query: html:"Roxy-WI" fofa-query: body="roxy-wi" tags: cve2022,cve,rce,roxy,roxy-wi,kev diff --git a/http/cves/2022/CVE-2022-31137.yaml b/http/cves/2022/CVE-2022-31137.yaml index 0d3c59eeff3..155b67ac945 100644 --- a/http/cves/2022/CVE-2022-31137.yaml +++ b/http/cves/2022/CVE-2022-31137.yaml @@ -15,23 +15,24 @@ info: - https://www.cve.org/CVERecord?id=CVE-2022-31137 - https://github.com/hap-wi/roxy-wi/security/advisories/GHSA-mh86-878h-43c9 - https://nvd.nist.gov/vuln/detail/CVE-2022-31137 - - http://packetstormsecurity.com/files/171648/Roxy-WI-6.1.0.0-Improper-Authentication-Control.html classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2022-31137 - cwe-id: CWE-78 - epss-score: 0.92914 - epss-percentile: 0.99755 + cwe-id: CWE-74 + epss-score: 0.84229 + epss-percentile: 0.98401 cpe: cpe:2.3:a:roxy-wi:roxy-wi:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: roxy-wi product: roxy-wi - shodan-query: http.html:"roxy-wi" + shodan-query: + - http.html:"Roxy-WI" + - http.html:"roxy-wi" fofa-query: body="roxy-wi" - tags: packetstorm,cve2022,cve,rce,roxy,roxy-wi,kev + tags: cve2022,cve,rce,roxy,roxy-wi,kev http: - raw: diff --git a/http/cves/2022/CVE-2022-31161.yaml b/http/cves/2022/CVE-2022-31161.yaml index 4a8fa51fc2f..7b9f2902070 100644 --- a/http/cves/2022/CVE-2022-31161.yaml +++ b/http/cves/2022/CVE-2022-31161.yaml @@ -27,7 +27,7 @@ info: max-request: 1 vendor: roxy-wi product: roxy-wi - shodan-query: http.html:"roxy-wi" + shodan-query: html:"Roxy-WI" fofa-query: body="roxy-wi" tags: cve2022,cve,rce,roxy,roxy-wi,kev diff --git a/http/cves/2022/CVE-2022-31260.yaml b/http/cves/2022/CVE-2022-31260.yaml index 1bdb5a307e6..2ff6d59dcfa 100644 --- a/http/cves/2022/CVE-2022-31260.yaml +++ b/http/cves/2022/CVE-2022-31260.yaml @@ -13,26 +13,22 @@ info: reference: - https://github.com/grymer/CVE/blob/master/CVE-2022-31260.md - https://nvd.nist.gov/vuln/detail/CVE-2022-31260 - - https://www.resourcespace.com - - https://github.com/ARPSyndicate/cvemon - - https://github.com/grymer/CVE classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N cvss-score: 6.5 cve-id: CVE-2022-31260 cwe-id: CWE-306 - epss-score: 0.25861 - epss-percentile: 0.95952 + epss-score: 0.00087 + epss-percentile: 0.35924 cpe: cpe:2.3:a:montala:resourcespace:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: montala product: resourcespace - shodan-query: http.title:"resourcespace" - fofa-query: title="resourcespace" - google-query: intitle:"resourcespace" - tags: cve,cve2022,resourcespace,misconfig,montala + shodan-query: title:"ResourceSpace" + fofa-query: title="ResourceSpace" + tags: cve,cve2022,resourcespace,misconfig http: - raw: diff --git a/http/cves/2022/CVE-2022-31268.yaml b/http/cves/2022/CVE-2022-31268.yaml index 56d17821610..f7f35789f86 100644 --- a/http/cves/2022/CVE-2022-31268.yaml +++ b/http/cves/2022/CVE-2022-31268.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-31268 cwe-id: CWE-22 - epss-score: 0.7704 - epss-percentile: 0.98894 + epss-score: 0.00618 + epss-percentile: 0.76574 cpe: cpe:2.3:a:gitblit:gitblit:1.9.3:*:*:*:*:*:*:* metadata: verified: true @@ -30,8 +30,9 @@ info: vendor: gitblit product: gitblit shodan-query: - - http.html:"gitblit" + - http.html:"Gitblit" - http.title:"gitblit" + - http.html:"gitblit" fofa-query: - title="gitblit" - body="gitblit" diff --git a/http/cves/2022/CVE-2022-31269.yaml b/http/cves/2022/CVE-2022-31269.yaml index 9b22a85c2e7..c3d1da3f68e 100644 --- a/http/cves/2022/CVE-2022-31269.yaml +++ b/http/cves/2022/CVE-2022-31269.yaml @@ -21,8 +21,8 @@ info: cvss-score: 8.2 cve-id: CVE-2022-31269 cwe-id: CWE-798 - epss-score: 0.9019 - epss-percentile: 0.99558 + epss-score: 0.00284 + epss-percentile: 0.68595 cpe: cpe:2.3:o:nortekcontrol:emerge_e3_firmware:*:*:*:*:*:*:*:* metadata: verified: true @@ -30,8 +30,9 @@ info: vendor: nortekcontrol product: emerge_e3_firmware shodan-query: - - http.title:"linear emerge" + - http.title:"Linear eMerge" - http.title:"emerge" + - http.title:"linear emerge" fofa-query: - title="emerge" - title="linear emerge" diff --git a/http/cves/2022/CVE-2022-31299.yaml b/http/cves/2022/CVE-2022-31299.yaml index be8fd0c5cdc..87c70f8b26a 100644 --- a/http/cves/2022/CVE-2022-31299.yaml +++ b/http/cves/2022/CVE-2022-31299.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-31299 cwe-id: CWE-79 - epss-score: 0.69131 - epss-percentile: 0.98526 + epss-score: 0.00209 + epss-percentile: 0.58245 cpe: cpe:2.3:a:angtech:haraj:3.7:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-31373.yaml b/http/cves/2022/CVE-2022-31373.yaml index ec097be178a..915fbf21ac5 100644 --- a/http/cves/2022/CVE-2022-31373.yaml +++ b/http/cves/2022/CVE-2022-31373.yaml @@ -21,15 +21,17 @@ info: cvss-score: 6.1 cve-id: CVE-2022-31373 cwe-id: CWE-79 - epss-score: 0.07363 - epss-percentile: 0.91218 + epss-score: 0.00088 + epss-percentile: 0.37623 cpe: cpe:2.3:o:contec:sv-cpt-mc310_firmware:6.0:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: contec product: sv-cpt-mc310_firmware - shodan-query: http.html:"solarview compact" + shodan-query: + - http.html:"SolarView Compact" + - http.html:"solarview compact" fofa-query: body="solarview compact" tags: cve2022,cve,xss,solarview,contec diff --git a/http/cves/2022/CVE-2022-3142.yaml b/http/cves/2022/CVE-2022-3142.yaml index c352edbcb9f..9beff43eb7a 100644 --- a/http/cves/2022/CVE-2022-3142.yaml +++ b/http/cves/2022/CVE-2022-3142.yaml @@ -27,7 +27,7 @@ info: vendor: basixonline product: nex-forms framework: wordpress - shodan-query: http.html:"/wp-content/plugins/nex-forms-express-wp-form-builder/" + shodan-query: http.html:/wp-content/plugins/nex-forms-express-wp-form-builder/ fofa-query: body=/wp-content/plugins/nex-forms-express-wp-form-builder/ publicwww-query: /wp-content/plugins/nex-forms-express-wp-form-builder/ tags: time-based-sqli,cve,cve2022,wpscan,packetstorm,wordpress,sqli,wp-plugin,wp,authenticated,basixonline diff --git a/http/cves/2022/CVE-2022-31470.yaml b/http/cves/2022/CVE-2022-31470.yaml index d4fccf45046..d7f5964ea6e 100644 --- a/http/cves/2022/CVE-2022-31470.yaml +++ b/http/cves/2022/CVE-2022-31470.yaml @@ -10,27 +10,22 @@ info: - https://www.axigen.com/ - https://www.exploit-db.com/exploits/51722 - https://nvd.nist.gov/vuln/detail/CVE-2022-31470 - - http://packetstormsecurity.com/files/174551/Axigen-10.5.0-4370c946-Cross-Site-Scripting.html - - https://github.com/amirzargham/CVE-2023-08-21-exploit classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-31470 cwe-id: CWE-79 - epss-score: 0.18001 - epss-percentile: 0.94807 - cpe: cpe:2.3:a:axigen:axigen_mobile_webmail:*:*:*:*:*:*:*:* + epss-score: 0.00123 + epss-percentile: 0.45678 + cpe: cpe:2.3:a:axigen:webmail:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: axigen - product: axigen_mobile_webmail - shodan-query: - - http.title:"axigen" - - http.favicon.hash:"-1247684400" - fofa-query: - - title="axigen" - - icon_hash=-1247684400 + product: webmail + shodan-query: title:"Axigen" + fofa-query: title="Axigen" tags: cve,cve2022,axigen,webmail,xss + flow: http(1) && http(2) http: diff --git a/http/cves/2022/CVE-2022-31474.yaml b/http/cves/2022/CVE-2022-31474.yaml index 881e72b4e7d..d9f671747d7 100644 --- a/http/cves/2022/CVE-2022-31474.yaml +++ b/http/cves/2022/CVE-2022-31474.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-31474 cwe-id: CWE-22 - epss-score: 0.92656 - epss-percentile: 0.99731 + epss-score: 0.0063 + epss-percentile: 0.78579 cpe: cpe:2.3:a:ithemes:backupbuddy:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2022/CVE-2022-31499.yaml b/http/cves/2022/CVE-2022-31499.yaml index b23b6bb083c..ac8c169344a 100644 --- a/http/cves/2022/CVE-2022-31499.yaml +++ b/http/cves/2022/CVE-2022-31499.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-31499 cwe-id: CWE-78 - epss-score: 0.93449 - epss-percentile: 0.99808 + epss-score: 0.50608 + epss-percentile: 0.97247 cpe: cpe:2.3:o:nortekcontrol:emerge_e3_firmware:*:*:*:*:*:*:*:* metadata: verified: true @@ -30,6 +30,7 @@ info: vendor: nortekcontrol product: emerge_e3_firmware shodan-query: + - title:"eMerge" - http.title:"emerge" - http.title:"linear emerge" fofa-query: @@ -38,7 +39,7 @@ info: google-query: - intitle:"linear emerge" - intitle:"emerge" - tags: time-based-sqli,cve,cve2022,packetstorm,emerge,rce,nortekcontrol,sqli + tags: time-based-sqli,cve,cve2022,packetstorm,emerge,rce,nortekcontrol http: - raw: diff --git a/http/cves/2022/CVE-2022-31656.yaml b/http/cves/2022/CVE-2022-31656.yaml index bdd478e1f4d..f9b1662c494 100644 --- a/http/cves/2022/CVE-2022-31656.yaml +++ b/http/cves/2022/CVE-2022-31656.yaml @@ -21,15 +21,15 @@ info: cvss-score: 9.8 cve-id: CVE-2022-31656 cwe-id: CWE-287 - epss-score: 0.81167 - epss-percentile: 0.99099 + epss-score: 0.64132 + epss-percentile: 0.97874 cpe: cpe:2.3:a:vmware:identity_manager:3.3.4:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: vmware product: identity_manager - shodan-query: http.favicon.hash:"-1250474341" + shodan-query: http.favicon.hash:-1250474341 fofa-query: - icon_hash=-1250474341 - app="vmware-workspace-one-access" || app="vmware-identity-manager" || app="vmware-vrealize" diff --git a/http/cves/2022/CVE-2022-31798.yaml b/http/cves/2022/CVE-2022-31798.yaml index 1bac9abb042..a1b93788094 100644 --- a/http/cves/2022/CVE-2022-31798.yaml +++ b/http/cves/2022/CVE-2022-31798.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-31798 cwe-id: CWE-384 - epss-score: 0.68437 - epss-percentile: 0.98492 + epss-score: 0.00126 + epss-percentile: 0.47221 cpe: cpe:2.3:o:nortekcontrol:emerge_e3_firmware:*:*:*:*:*:*:*:* metadata: verified: true @@ -30,6 +30,7 @@ info: vendor: nortekcontrol product: emerge_e3_firmware shodan-query: + - http.title:"eMerge" - http.title:"emerge" - http.title:"linear emerge" fofa-query: diff --git a/http/cves/2022/CVE-2022-31814.yaml b/http/cves/2022/CVE-2022-31814.yaml index e4a96cab8cd..c286b755127 100644 --- a/http/cves/2022/CVE-2022-31814.yaml +++ b/http/cves/2022/CVE-2022-31814.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-31814 cwe-id: CWE-78 - epss-score: 0.94391 - epss-percentile: 0.99964 + epss-score: 0.97252 + epss-percentile: 0.99847 cpe: cpe:2.3:a:netgate:pfblockerng:*:*:*:*:*:pfsense:*:* metadata: verified: true @@ -30,8 +30,6 @@ info: vendor: netgate product: pfblockerng framework: pfsense - fofa-query: pfblockerng - shodan-query: pfblockerng tags: cve,cve2022,packetstorm,pfsense,pfblockerng,rce,oast,netgate http: diff --git a/http/cves/2022/CVE-2022-31845.yaml b/http/cves/2022/CVE-2022-31845.yaml index 19da57bfebf..fb15371d85c 100644 --- a/http/cves/2022/CVE-2022-31845.yaml +++ b/http/cves/2022/CVE-2022-31845.yaml @@ -28,6 +28,7 @@ info: vendor: wavlink product: wn535g3_firmware shodan-query: + - http.html:"Wavlink" - http.html:"wavlink" - http.title:"wi-fi app login" fofa-query: diff --git a/http/cves/2022/CVE-2022-31846.yaml b/http/cves/2022/CVE-2022-31846.yaml index 9832cfd8f82..3b49f414563 100644 --- a/http/cves/2022/CVE-2022-31846.yaml +++ b/http/cves/2022/CVE-2022-31846.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-31846 cwe-id: CWE-668 - epss-score: 0.57034 - epss-percentile: 0.9798 + epss-score: 0.00874 + epss-percentile: 0.82407 cpe: cpe:2.3:o:wavlink:wn535g3_firmware:m35g3r.v5030.180927:*:*:*:*:*:*:* metadata: verified: true @@ -30,6 +30,7 @@ info: vendor: wavlink product: wn535g3_firmware shodan-query: + - http.html:"Wavlink" - http.html:"wavlink" - http.title:"wi-fi app login" fofa-query: diff --git a/http/cves/2022/CVE-2022-31847.yaml b/http/cves/2022/CVE-2022-31847.yaml index d5d3d4daa56..eae82fd2b7d 100644 --- a/http/cves/2022/CVE-2022-31847.yaml +++ b/http/cves/2022/CVE-2022-31847.yaml @@ -28,7 +28,9 @@ info: max-request: 1 vendor: wavlink product: wn579x3_firmware - shodan-query: http.html:"wavlink" + shodan-query: + - http.html:"Wavlink" + - http.html:"wavlink" fofa-query: body="wavlink" tags: cve,cve2022,wavlink,exposure diff --git a/http/cves/2022/CVE-2022-31974.yaml b/http/cves/2022/CVE-2022-31974.yaml index 91177461bbb..964621ecb97 100644 --- a/http/cves/2022/CVE-2022-31974.yaml +++ b/http/cves/2022/CVE-2022-31974.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.2 cve-id: CVE-2022-31974 cwe-id: CWE-89 - epss-score: 0.34854 - epss-percentile: 0.96799 + epss-score: 0.01429 + epss-percentile: 0.85199 cpe: cpe:2.3:a:online_fire_reporting_system_project:online_fire_reporting_system:1.0:*:*:*:*:*:*:* metadata: verified: "true" diff --git a/http/cves/2022/CVE-2022-31976.yaml b/http/cves/2022/CVE-2022-31976.yaml index c4cca242c21..a0a2e55241f 100644 --- a/http/cves/2022/CVE-2022-31976.yaml +++ b/http/cves/2022/CVE-2022-31976.yaml @@ -19,8 +19,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-31976 cwe-id: CWE-89 - epss-score: 0.45759 - epss-percentile: 0.97447 + epss-score: 0.02266 + epss-percentile: 0.89602 cpe: cpe:2.3:a:online_fire_reporting_system_project:online_fire_reporting_system:1.0:*:*:*:*:*:*:* metadata: verified: "true" diff --git a/http/cves/2022/CVE-2022-31978.yaml b/http/cves/2022/CVE-2022-31978.yaml index d5fccc6f4c7..6aa6caaaf83 100644 --- a/http/cves/2022/CVE-2022-31978.yaml +++ b/http/cves/2022/CVE-2022-31978.yaml @@ -19,8 +19,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-31978 cwe-id: CWE-89 - epss-score: 0.52268 - epss-percentile: 0.97759 + epss-score: 0.02031 + epss-percentile: 0.88685 cpe: cpe:2.3:a:online_fire_reporting_system_project:online_fire_reporting_system:1.0:*:*:*:*:*:*:* metadata: verified: "true" diff --git a/http/cves/2022/CVE-2022-31984.yaml b/http/cves/2022/CVE-2022-31984.yaml index 4405a9a87e0..bf441cbda9e 100644 --- a/http/cves/2022/CVE-2022-31984.yaml +++ b/http/cves/2022/CVE-2022-31984.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.2 cve-id: CVE-2022-31984 cwe-id: CWE-89 - epss-score: 0.14587 - epss-percentile: 0.94097 + epss-score: 0.01593 + epss-percentile: 0.87356 cpe: cpe:2.3:a:online_fire_reporting_system_project:online_fire_reporting_system:1.0:*:*:*:*:*:*:* metadata: verified: "true" diff --git a/http/cves/2022/CVE-2022-32007.yaml b/http/cves/2022/CVE-2022-32007.yaml index b41c95489fd..5f41f5164a5 100644 --- a/http/cves/2022/CVE-2022-32007.yaml +++ b/http/cves/2022/CVE-2022-32007.yaml @@ -14,14 +14,13 @@ info: - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/online-job-search-system/SQLi-2.md - https://nvd.nist.gov/vuln/detail/CVE-2022-32007 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2022-32007 cwe-id: CWE-89 - epss-score: 0.20479 - epss-percentile: 0.95222 + epss-score: 0.01429 + epss-percentile: 0.85199 cpe: cpe:2.3:a:complete_online_job_search_system_project:complete_online_job_search_system:1.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-32015.yaml b/http/cves/2022/CVE-2022-32015.yaml index 4842ad5ff86..6a1c257b265 100644 --- a/http/cves/2022/CVE-2022-32015.yaml +++ b/http/cves/2022/CVE-2022-32015.yaml @@ -12,14 +12,13 @@ info: - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/online-job-search-system/SQLi-8.md - https://nvd.nist.gov/vuln/detail/CVE-2022-32015 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2022-32015 cwe-id: CWE-89 - epss-score: 0.12564 - epss-percentile: 0.93564 + epss-score: 0.01593 + epss-percentile: 0.87356 cpe: cpe:2.3:a:complete_online_job_search_system_project:complete_online_job_search_system:1.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-32018.yaml b/http/cves/2022/CVE-2022-32018.yaml index 298aebb140a..7e5c3058fd3 100644 --- a/http/cves/2022/CVE-2022-32018.yaml +++ b/http/cves/2022/CVE-2022-32018.yaml @@ -14,14 +14,13 @@ info: - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/online-job-search-system/SQLi-12.md - https://nvd.nist.gov/vuln/detail/CVE-2022-32018 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2022-32018 cwe-id: CWE-89 - epss-score: 0.12564 - epss-percentile: 0.93564 + epss-score: 0.01593 + epss-percentile: 0.87356 cpe: cpe:2.3:a:complete_online_job_search_system_project:complete_online_job_search_system:1.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-32022.yaml b/http/cves/2022/CVE-2022-32022.yaml index 21eac9f7478..3e789dbd9f2 100644 --- a/http/cves/2022/CVE-2022-32022.yaml +++ b/http/cves/2022/CVE-2022-32022.yaml @@ -27,7 +27,9 @@ info: max-request: 2 vendor: car_rental_management_system_project product: car_rental_management_system - shodan-query: http.html:"car rental management system" + shodan-query: + - http.html:"Car Rental Management System" + - http.html:"car rental management system" fofa-query: body="car rental management system" tags: cve,cve2022,carrental,cms,sqli,login-bypass,car_rental_management_system_project diff --git a/http/cves/2022/CVE-2022-32024.yaml b/http/cves/2022/CVE-2022-32024.yaml index f33fb465196..7f4d366ac55 100644 --- a/http/cves/2022/CVE-2022-32024.yaml +++ b/http/cves/2022/CVE-2022-32024.yaml @@ -13,22 +13,22 @@ info: reference: - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-4.md - https://nvd.nist.gov/vuln/detail/CVE-2022-32024 - - https://github.com/20142995/nuclei-templates - - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2022-32024 cwe-id: CWE-89 - epss-score: 0.22691 - epss-percentile: 0.95539 + epss-score: 0.00834 + epss-percentile: 0.80157 cpe: cpe:2.3:a:car_rental_management_system_project:car_rental_management_system:1.0:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: car_rental_management_system_project product: car_rental_management_system - shodan-query: http.html:"car rental management system" + shodan-query: + - http.html:"Car Rental Management System" + - http.html:"car rental management system" fofa-query: body="car rental management system" comment: Login bypass is also possible using the payload- admin'+or+'1'%3D'1' in username. tags: cve,cve2022,carrental,cms,sqli,authenticated,car_rental_management_system_project diff --git a/http/cves/2022/CVE-2022-32025.yaml b/http/cves/2022/CVE-2022-32025.yaml index 51d60a9627b..da9d5ae157f 100644 --- a/http/cves/2022/CVE-2022-32025.yaml +++ b/http/cves/2022/CVE-2022-32025.yaml @@ -14,21 +14,22 @@ info: - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-6.md - https://nvd.nist.gov/vuln/detail/CVE-2022-32025 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2022-32025 cwe-id: CWE-89 - epss-score: 0.22691 - epss-percentile: 0.95539 + epss-score: 0.01593 + epss-percentile: 0.87356 cpe: cpe:2.3:a:car_rental_management_system_project:car_rental_management_system:1.0:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: car_rental_management_system_project product: car_rental_management_system - shodan-query: http.html:"car rental management system" + shodan-query: + - http.html:"Car Rental Management System" + - http.html:"car rental management system" fofa-query: body="car rental management system" comment: Login bypass is also possible using the payload - admin'+or+'1'%3D'1' in username. tags: cve,cve2022,carrental,cms,sqli,authenticated,car_rental_management_system_project diff --git a/http/cves/2022/CVE-2022-32026.yaml b/http/cves/2022/CVE-2022-32026.yaml index 2088e2e42ff..68181b1a48a 100644 --- a/http/cves/2022/CVE-2022-32026.yaml +++ b/http/cves/2022/CVE-2022-32026.yaml @@ -15,21 +15,22 @@ info: - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-5.md - https://nvd.nist.gov/vuln/detail/CVE-2022-32028 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2022-32026 cwe-id: CWE-89 - epss-score: 0.22691 - epss-percentile: 0.95539 + epss-score: 0.01426 + epss-percentile: 0.8625 cpe: cpe:2.3:a:car_rental_management_system_project:car_rental_management_system:1.0:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: car_rental_management_system_project product: car_rental_management_system - shodan-query: http.html:"car rental management system" + shodan-query: + - http.html:"Car Rental Management System" + - http.html:"car rental management system" fofa-query: body="car rental management system" comment: Login bypass is also possible using the payload- admin'+or+'1'%3D'1' in username. tags: cve,cve2022,carrental,cms,sqli,authenticated,car_rental_management_system_project diff --git a/http/cves/2022/CVE-2022-32028.yaml b/http/cves/2022/CVE-2022-32028.yaml index 43fe8675015..ddc14d30862 100644 --- a/http/cves/2022/CVE-2022-32028.yaml +++ b/http/cves/2022/CVE-2022-32028.yaml @@ -14,21 +14,22 @@ info: - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-8.md - https://nvd.nist.gov/vuln/detail/CVE-2022-32028 - https://github.com/ARPSyndicate/kenzer-templates - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2022-32028 cwe-id: CWE-89 - epss-score: 0.22691 - epss-percentile: 0.95539 + epss-score: 0.01593 + epss-percentile: 0.87356 cpe: cpe:2.3:a:car_rental_management_system_project:car_rental_management_system:1.0:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: car_rental_management_system_project product: car_rental_management_system - shodan-query: http.html:"car rental management system" + shodan-query: + - http.html:"Car Rental Management System" + - http.html:"car rental management system" fofa-query: body="car rental management system" comment: Login bypass is also possible using the payload - admin'+or+'1'%3D'1' in username. tags: cve,cve2022,carrental,cms,sqli,authenticated,car_rental_management_system_project diff --git a/http/cves/2022/CVE-2022-32094.yaml b/http/cves/2022/CVE-2022-32094.yaml index 610f40c8aab..9e488244851 100644 --- a/http/cves/2022/CVE-2022-32094.yaml +++ b/http/cves/2022/CVE-2022-32094.yaml @@ -28,7 +28,9 @@ info: max-request: 1 vendor: hospital_management_system_project product: hospital_management_system - shodan-query: http.html:"hospital management system" + shodan-query: + - http.html:"Hospital Management System" + - http.html:"hospital management system" fofa-query: body="hospital management system" tags: cve,cve2022,hms,cms,sqli,auth-bypass,hospital_management_system_project diff --git a/http/cves/2022/CVE-2022-32195.yaml b/http/cves/2022/CVE-2022-32195.yaml index 67d2ba72b80..d14b88b97a6 100644 --- a/http/cves/2022/CVE-2022-32195.yaml +++ b/http/cves/2022/CVE-2022-32195.yaml @@ -21,15 +21,17 @@ info: cvss-score: 6.1 cve-id: CVE-2022-32195 cwe-id: CWE-79 - epss-score: 0.0607 - epss-percentile: 0.90259 + epss-score: 0.00112 + epss-percentile: 0.44633 cpe: cpe:2.3:a:edx:open_edx:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: edx product: open_edx - shodan-query: http.html:"open edx" + shodan-query: + - http.html:"Open edX" + - http.html:"open edx" fofa-query: body="open edx" comment: Hover the cursor on the redirect link tags: cve,cve2022,openedx,xss,edx diff --git a/http/cves/2022/CVE-2022-32409.yaml b/http/cves/2022/CVE-2022-32409.yaml index 1ff344c7da9..bfec6dfb005 100644 --- a/http/cves/2022/CVE-2022-32409.yaml +++ b/http/cves/2022/CVE-2022-32409.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-32409 cwe-id: CWE-22 - epss-score: 0.89826 - epss-percentile: 0.99535 + epss-score: 0.47251 + epss-percentile: 0.97452 cpe: cpe:2.3:a:softwarepublico:i3geo:7.0.5:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-3242.yaml b/http/cves/2022/CVE-2022-3242.yaml index 27a8e47664a..b3e1037d87c 100644 --- a/http/cves/2022/CVE-2022-3242.yaml +++ b/http/cves/2022/CVE-2022-3242.yaml @@ -25,7 +25,7 @@ info: vendor: microweber product: microweber shodan-query: - - http.favicon.hash:"780351152" + - http.favicon.hash:780351152 - http.html:"microweber" fofa-query: - body="microweber" diff --git a/http/cves/2022/CVE-2022-32429.yaml b/http/cves/2022/CVE-2022-32429.yaml index 4a845458140..57904d50626 100644 --- a/http/cves/2022/CVE-2022-32429.yaml +++ b/http/cves/2022/CVE-2022-32429.yaml @@ -21,15 +21,15 @@ info: cvss-score: 9.8 cve-id: CVE-2022-32429 cwe-id: CWE-287 - epss-score: 0.88762 - epss-percentile: 0.99472 + epss-score: 0.16163 + epss-percentile: 0.95978 cpe: cpe:2.3:o:megatech:msnswitch_firmware:mnt.2408:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: megatech product: msnswitch_firmware - shodan-query: http.favicon.hash:"-2073748627 || http.favicon.hash-1721140132" + shodan-query: http.favicon.hash:-2073748627 || http.favicon.hash:-1721140132 tags: cve2022,cve,config,dump,packetstorm,msmswitch,unauth,switch,megatech http: diff --git a/http/cves/2022/CVE-2022-32770.yaml b/http/cves/2022/CVE-2022-32770.yaml index 5bee0e8c579..2f508c06bf5 100644 --- a/http/cves/2022/CVE-2022-32770.yaml +++ b/http/cves/2022/CVE-2022-32770.yaml @@ -30,13 +30,9 @@ info: vendor: wwbn product: avideo shodan-query: + - http.html:"AVideo" - http.html:"avideo" - - http.title:"avideo" - fofa-query: - - body="avideo" - - avideo - - title="avideo" - google-query: intitle:"avideo" + fofa-query: body="avideo" tags: cve2022,cve,avideo,xss,wwbn http: diff --git a/http/cves/2022/CVE-2022-32771.yaml b/http/cves/2022/CVE-2022-32771.yaml index b4ae19d906a..c1efb4cfc60 100644 --- a/http/cves/2022/CVE-2022-32771.yaml +++ b/http/cves/2022/CVE-2022-32771.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-32771 cwe-id: CWE-79 - epss-score: 0.31923 - epss-percentile: 0.96554 + epss-score: 0.00074 + epss-percentile: 0.31793 cpe: cpe:2.3:a:wwbn:avideo:11.6:*:*:*:*:*:*:* metadata: verified: true @@ -30,13 +30,9 @@ info: vendor: wwbn product: avideo shodan-query: + - http.html:"AVideo" - http.html:"avideo" - - http.title:"avideo" - fofa-query: - - body="avideo" - - avideo - - title="avideo" - google-query: intitle:"avideo" + fofa-query: body="avideo" tags: cve,cve2022,avideo,xss,wwbn http: diff --git a/http/cves/2022/CVE-2022-32772.yaml b/http/cves/2022/CVE-2022-32772.yaml index 1f40d8d49d4..fcc50a1ae25 100644 --- a/http/cves/2022/CVE-2022-32772.yaml +++ b/http/cves/2022/CVE-2022-32772.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-32772 cwe-id: CWE-79 - epss-score: 0.24472 - epss-percentile: 0.95808 + epss-score: 0.00074 + epss-percentile: 0.31793 cpe: cpe:2.3:a:wwbn:avideo:11.6:*:*:*:*:*:*:* metadata: verified: true @@ -30,13 +30,9 @@ info: vendor: wwbn product: avideo shodan-query: + - http.html:"AVideo" - http.html:"avideo" - - http.title:"avideo" - fofa-query: - - body="avideo" - - avideo - - title="avideo" - google-query: intitle:"avideo" + fofa-query: body="avideo" tags: cve2022,cve,avideo,xss,wwbn http: diff --git a/http/cves/2022/CVE-2022-33119.yaml b/http/cves/2022/CVE-2022-33119.yaml index d3430a848b8..f01d9453ee7 100644 --- a/http/cves/2022/CVE-2022-33119.yaml +++ b/http/cves/2022/CVE-2022-33119.yaml @@ -29,7 +29,9 @@ info: max-request: 1 vendor: nuuo product: nvrsolo_firmware - shodan-query: http.html:"nvrsolo" + shodan-query: + - http.html:"NVRsolo" + - http.html:"nvrsolo" fofa-query: body="nvrsolo" tags: cve,cve2022,nvrsolo,xss,nuuo diff --git a/http/cves/2022/CVE-2022-33174.yaml b/http/cves/2022/CVE-2022-33174.yaml index 9699af81a96..1fc19d7337b 100644 --- a/http/cves/2022/CVE-2022-33174.yaml +++ b/http/cves/2022/CVE-2022-33174.yaml @@ -29,7 +29,9 @@ info: max-request: 1 vendor: powertekpdus product: basic_pdu_firmware - shodan-query: http.html:"powertek" + shodan-query: + - http.html:"Powertek" + - http.html:"powertek" fofa-query: body="powertek" tags: cve2022,cve,powertek,auth-bypass,powertekpdus diff --git a/http/cves/2022/CVE-2022-33891.yaml b/http/cves/2022/CVE-2022-33891.yaml index 1d69ab84630..c4afcc5946a 100644 --- a/http/cves/2022/CVE-2022-33891.yaml +++ b/http/cves/2022/CVE-2022-33891.yaml @@ -21,8 +21,8 @@ info: cvss-score: 8.8 cve-id: CVE-2022-33891 cwe-id: CWE-78 - epss-score: 0.94275 - epss-percentile: 0.99926 + epss-score: 0.97208 + epss-percentile: 0.99827 cpe: cpe:2.3:a:apache:spark:*:*:*:*:*:*:*:* metadata: verified: true @@ -30,8 +30,9 @@ info: vendor: apache product: spark shodan-query: - - http.title:"spark master at" + - title:"Spark Master at" - http.html:"/apps/imt/html/" + - http.title:"spark master at" fofa-query: - body="/apps/imt/html/" - title="spark master at" diff --git a/http/cves/2022/CVE-2022-33901.yaml b/http/cves/2022/CVE-2022-33901.yaml index 65fdbf8ebb0..d6a8a02c1f3 100644 --- a/http/cves/2022/CVE-2022-33901.yaml +++ b/http/cves/2022/CVE-2022-33901.yaml @@ -3,7 +3,7 @@ id: CVE-2022-33901 info: name: WordPress MultiSafepay for WooCommerce <=4.13.1 - Arbitrary File Read author: theamanrawat - severity: medium + severity: high description: | WordPress MultiSafepay for WooCommerce plugin through 4.13.1 contains an arbitrary file read vulnerability. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. impact: | @@ -17,11 +17,11 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2022-33901 - https://github.com/ARPSyndicate/kenzer-templates classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 cve-id: CVE-2022-33901 - epss-score: 0.05402 - epss-percentile: 0.89606 + epss-score: 0.00779 + epss-percentile: 0.81349 cpe: cpe:2.3:a:multisafepay:multisafepay_plugin_for_woocommerce:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-34045.yaml b/http/cves/2022/CVE-2022-34045.yaml index f4c39937558..12f042194c5 100644 --- a/http/cves/2022/CVE-2022-34045.yaml +++ b/http/cves/2022/CVE-2022-34045.yaml @@ -29,6 +29,7 @@ info: vendor: wavlink product: wl-wn530hg4_firmware shodan-query: + - http.html:"WN530HG4" - http.html:"wn530hg4" - http.title:"wi-fi app login" fofa-query: diff --git a/http/cves/2022/CVE-2022-34046.yaml b/http/cves/2022/CVE-2022-34046.yaml index 91aa627e8d0..27b41498890 100644 --- a/http/cves/2022/CVE-2022-34046.yaml +++ b/http/cves/2022/CVE-2022-34046.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-34046 cwe-id: CWE-863 - epss-score: 0.7257 - epss-percentile: 0.98672 + epss-score: 0.14292 + epss-percentile: 0.95713 cpe: cpe:2.3:o:wavlink:wn533a8_firmware:m33a8.v5030.190716:*:*:*:*:*:*:* metadata: verified: true @@ -30,8 +30,9 @@ info: vendor: wavlink product: wn533a8_firmware shodan-query: - - http.title:"wi-fi app login" + - http.title:"Wi-Fi APP Login" - http.html:"wavlink" + - http.title:"wi-fi app login" fofa-query: - title="wi-fi app login" - body="wavlink" diff --git a/http/cves/2022/CVE-2022-34047.yaml b/http/cves/2022/CVE-2022-34047.yaml index 3e15762703c..630231c2f0b 100644 --- a/http/cves/2022/CVE-2022-34047.yaml +++ b/http/cves/2022/CVE-2022-34047.yaml @@ -30,8 +30,9 @@ info: vendor: wavlink product: wl-wn530hg4_firmware shodan-query: - - http.title:"wi-fi app login" + - http.title:"Wi-Fi APP Login" - http.html:"wn530hg4" + - http.title:"wi-fi app login" fofa-query: - body="wn530hg4" - title="wi-fi app login" diff --git a/http/cves/2022/CVE-2022-34048.yaml b/http/cves/2022/CVE-2022-34048.yaml index e35d9c8f454..63d946ccb5f 100644 --- a/http/cves/2022/CVE-2022-34048.yaml +++ b/http/cves/2022/CVE-2022-34048.yaml @@ -30,6 +30,7 @@ info: vendor: wavlink product: wn533a8_firmware shodan-query: + - http.html:"Wavlink" - http.html:"wavlink" - http.title:"wi-fi app login" fofa-query: diff --git a/http/cves/2022/CVE-2022-34049.yaml b/http/cves/2022/CVE-2022-34049.yaml index da37e05b3e1..0734ba0b9a4 100644 --- a/http/cves/2022/CVE-2022-34049.yaml +++ b/http/cves/2022/CVE-2022-34049.yaml @@ -21,8 +21,8 @@ info: cvss-score: 5.3 cve-id: CVE-2022-34049 cwe-id: CWE-552 - epss-score: 0.20502 - epss-percentile: 0.95229 + epss-score: 0.16814 + epss-percentile: 0.9604 cpe: cpe:2.3:o:wavlink:wl-wn530hg4_firmware:m30hg4.v5030.191116:*:*:*:*:*:*:* metadata: verified: true @@ -30,8 +30,9 @@ info: vendor: wavlink product: wl-wn530hg4_firmware shodan-query: - - http.title:"wi-fi app login" + - http.title:"Wi-Fi APP Login" - http.html:"wn530hg4" + - http.title:"wi-fi app login" fofa-query: - body="wn530hg4" - title="wi-fi app login" diff --git a/http/cves/2022/CVE-2022-34094.yaml b/http/cves/2022/CVE-2022-34094.yaml index f3062cc1d96..7c75a0c50dc 100644 --- a/http/cves/2022/CVE-2022-34094.yaml +++ b/http/cves/2022/CVE-2022-34094.yaml @@ -17,8 +17,8 @@ info: cvss-score: 6.1 cve-id: CVE-2022-34094 cwe-id: CWE-79 - epss-score: 0.11312 - epss-percentile: 0.93159 + epss-score: 0.00258 + epss-percentile: 0.65535 cpe: cpe:2.3:a:softwarepublico:i3geo:7.0.5:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-34267.yaml b/http/cves/2022/CVE-2022-34267.yaml index ee11589a49c..5c9fbdfa537 100644 --- a/http/cves/2022/CVE-2022-34267.yaml +++ b/http/cves/2022/CVE-2022-34267.yaml @@ -15,18 +15,16 @@ info: cvss-score: 9.8 cve-id: CVE-2022-34267 cwe-id: CWE-287 - epss-score: 0.57744 - epss-percentile: 0.98015 + epss-score: 0.00106 + epss-percentile: 0.43655 cpe: cpe:2.3:a:rws:worldserver:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: rws product: worldserver - shodan-query: http.title:"worldserver" - fofa-query: title="worldserver" - google-query: intitle:"worldserver" - tags: cve,cve2022,worldserver,auth-bypass,rws + shodan-query: title:"WorldServer" + tags: cve,cve2022,worldserver,auth-bypass http: - raw: diff --git a/http/cves/2022/CVE-2022-34328.yaml b/http/cves/2022/CVE-2022-34328.yaml index a9e0eae2f02..e3be520608f 100644 --- a/http/cves/2022/CVE-2022-34328.yaml +++ b/http/cves/2022/CVE-2022-34328.yaml @@ -30,8 +30,9 @@ info: vendor: sigb product: pmb shodan-query: + - http.html:"PMB Group" - http.html:"pmb group" - - http.favicon.hash:"1469328760" + - http.favicon.hash:1469328760 fofa-query: - body="pmb group" - icon_hash=1469328760 diff --git a/http/cves/2022/CVE-2022-34534.yaml b/http/cves/2022/CVE-2022-34534.yaml index 272746b456d..47fe334edd3 100644 --- a/http/cves/2022/CVE-2022-34534.yaml +++ b/http/cves/2022/CVE-2022-34534.yaml @@ -22,7 +22,9 @@ info: max-request: 1 vendor: dw product: spectrum_server_firmware - shodan-query: http.favicon.hash:"868509217" + shodan-query: + - http.favicon.hash:868509217 + - http.favicon.hash:"868509217" fofa-query: icon_hash="868509217" tags: cve,cve2022,digital-watchdog,dw,spectrum,exposure diff --git a/http/cves/2022/CVE-2022-34576.yaml b/http/cves/2022/CVE-2022-34576.yaml index fbb435e7fd5..dfe2ec1958f 100644 --- a/http/cves/2022/CVE-2022-34576.yaml +++ b/http/cves/2022/CVE-2022-34576.yaml @@ -29,6 +29,7 @@ info: vendor: wavlink product: wn535g3_firmware shodan-query: + - http.html:"Wavlink" - http.html:"wavlink" - http.title:"wi-fi app login" fofa-query: diff --git a/http/cves/2022/CVE-2022-34590.yaml b/http/cves/2022/CVE-2022-34590.yaml index dd7bb6c22b4..834b06d2ce3 100644 --- a/http/cves/2022/CVE-2022-34590.yaml +++ b/http/cves/2022/CVE-2022-34590.yaml @@ -21,15 +21,17 @@ info: cvss-score: 7.2 cve-id: CVE-2022-34590 cwe-id: CWE-89 - epss-score: 0.05019 - epss-percentile: 0.89193 + epss-score: 0.01426 + epss-percentile: 0.86518 cpe: cpe:2.3:a:hospital_management_system_project:hospital_management_system:1.0:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: hospital_management_system_project product: hospital_management_system - shodan-query: http.html:"hospital management system" + shodan-query: + - http.html:"Hospital Management System" + - http.html:"hospital management system" fofa-query: body="hospital management system" tags: cve,cve2022,hms,cms,sqli,hospital_management_system_project diff --git a/http/cves/2022/CVE-2022-34753.yaml b/http/cves/2022/CVE-2022-34753.yaml index 3ee3cb89cc9..51dbe1e96d2 100644 --- a/http/cves/2022/CVE-2022-34753.yaml +++ b/http/cves/2022/CVE-2022-34753.yaml @@ -21,14 +21,16 @@ info: cvss-score: 8.8 cve-id: CVE-2022-34753 cwe-id: CWE-78 - epss-score: 0.91722 - epss-percentile: 0.99653 + epss-score: 0.96923 + epss-percentile: 0.99698 cpe: cpe:2.3:o:schneider-electric:spacelogic_c-bus_home_controller_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: schneider-electric product: spacelogic_c-bus_home_controller_firmware - shodan-query: http.html:"spacelogic c-bus" + shodan-query: + - html:"SpaceLogic C-Bus" + - http.html:"spacelogic c-bus" fofa-query: body="spacelogic c-bus" tags: cve2022,cve,iot,spacelogic,rce,oast,packetstorm,schneider-electric diff --git a/http/cves/2022/CVE-2022-3506.yaml b/http/cves/2022/CVE-2022-3506.yaml index e3521f54639..4b073724e1c 100644 --- a/http/cves/2022/CVE-2022-3506.yaml +++ b/http/cves/2022/CVE-2022-3506.yaml @@ -21,8 +21,8 @@ info: cvss-score: 5.4 cve-id: CVE-2022-3506 cwe-id: CWE-79 - epss-score: 0.05798 - epss-percentile: 0.90028 + epss-score: 0.00144 + epss-percentile: 0.50194 cpe: cpe:2.3:a:never5:related_posts:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-35151.yaml b/http/cves/2022/CVE-2022-35151.yaml index 574f84ddb29..9f3cf0b421f 100644 --- a/http/cves/2022/CVE-2022-35151.yaml +++ b/http/cves/2022/CVE-2022-35151.yaml @@ -30,13 +30,11 @@ info: vendor: keking product: kkfileview shodan-query: + - http.html:"kkFileView" - http.html:"kkfileview" - - http.title:"kkfileview" fofa-query: - body="kkfileview" - app="kkfileview" - - title="kkfileview" - google-query: intitle:"kkfileview" tags: cve,cve2022,xss,kkfileview,keking http: diff --git a/http/cves/2022/CVE-2022-35405.yaml b/http/cves/2022/CVE-2022-35405.yaml index ed2db3a0f86..19f48d758ed 100644 --- a/http/cves/2022/CVE-2022-35405.yaml +++ b/http/cves/2022/CVE-2022-35405.yaml @@ -28,7 +28,9 @@ info: max-request: 1 vendor: zohocorp product: manageengine_access_manager_plus - shodan-query: http.title:"manageengine" + shodan-query: + - http.title:"ManageEngine" + - http.title:"manageengine" fofa-query: title="manageengine" google-query: intitle:"manageengine" tags: cve,cve2022,rce,zoho,passwordmanager,deserialization,unauth,msf,kev,zohocorp diff --git a/http/cves/2022/CVE-2022-35413.yaml b/http/cves/2022/CVE-2022-35413.yaml index f7fddc5b7e7..f308cc35db6 100644 --- a/http/cves/2022/CVE-2022-35413.yaml +++ b/http/cves/2022/CVE-2022-35413.yaml @@ -21,15 +21,17 @@ info: cvss-score: 9.8 cve-id: CVE-2022-35413 cwe-id: CWE-798 - epss-score: 0.91796 - epss-percentile: 0.99659 + epss-score: 0.72077 + epss-percentile: 0.97989 cpe: cpe:2.3:a:pentasecurity:wapples:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: pentasecurity product: wapples - shodan-query: http.title:"intelligent wapples" + shodan-query: + - http.title:"Intelligent WAPPLES" + - http.title:"intelligent wapples" fofa-query: title="intelligent wapples" google-query: intitle:"intelligent wapples" tags: cve,cve2022,wapples,firewall,default-login,pentasecurity diff --git a/http/cves/2022/CVE-2022-35416.yaml b/http/cves/2022/CVE-2022-35416.yaml index b5b20e14c15..5b021086406 100644 --- a/http/cves/2022/CVE-2022-35416.yaml +++ b/http/cves/2022/CVE-2022-35416.yaml @@ -21,15 +21,15 @@ info: cvss-score: 6.1 cve-id: CVE-2022-35416 cwe-id: CWE-79 - epss-score: 0.20204 - epss-percentile: 0.95182 + epss-score: 0.00102 + epss-percentile: 0.41641 cpe: cpe:2.3:a:h3c:ssl_vpn:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: h3c product: ssl_vpn - shodan-query: http.html_hash:"510586239" + shodan-query: http.html_hash:510586239 tags: cve,cve2022,xss,vpn,h3c http: diff --git a/http/cves/2022/CVE-2022-35493.yaml b/http/cves/2022/CVE-2022-35493.yaml index 9322592beb3..6056ca962e2 100644 --- a/http/cves/2022/CVE-2022-35493.yaml +++ b/http/cves/2022/CVE-2022-35493.yaml @@ -20,15 +20,17 @@ info: cvss-score: 6.1 cve-id: CVE-2022-35493 cwe-id: CWE-79 - epss-score: 0.11461 - epss-percentile: 0.93212 + epss-score: 0.00118 + epss-percentile: 0.45934 cpe: cpe:2.3:a:wrteam:eshop_-_ecommerce_\/_store_website:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: wrteam product: eshop_-_ecommerce_\/_store_website - shodan-query: http.html:"eshop - multipurpose ecommerce" + shodan-query: + - http.html:"eShop - Multipurpose Ecommerce" + - http.html:"eshop - multipurpose ecommerce" fofa-query: body="eshop - multipurpose ecommerce" tags: cve,cve2022,eshop,xss,wrteam diff --git a/http/cves/2022/CVE-2022-35507.yaml b/http/cves/2022/CVE-2022-35507.yaml index 70a1ab6108f..d454ca4d14a 100644 --- a/http/cves/2022/CVE-2022-35507.yaml +++ b/http/cves/2022/CVE-2022-35507.yaml @@ -10,21 +10,20 @@ info: - https://git.proxmox.com/?p=pve-http-server.git%3Ba=commitdiff%3Bh=936007ae0241811093155000486da171379c23c2 - https://github.com/advisories/GHSA-xfgp-gpjw-wmqr - https://starlabs.sg/blog/2022/12-multiple-vulnerabilites-in-proxmox-ve--proxmox-mail-gateway/#bug-0x02-crlf-injection-in-response-headers - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H cvss-score: 7.1 cve-id: CVE-2022-35507 cwe-id: CWE-74 - epss-score: 0.24022 - epss-percentile: 0.9573 + epss-score: 0.00243 + epss-percentile: 0.44911 cpe: cpe:2.3:a:proxmox:proxmox_mail_gateway:-:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: proxmox product: proxmox_mail_gateway - shodan-query: http.html:"proxmox = {" + shodan-query: html:"Proxmox = {" tags: cve,cve2022,proxmox,crlf http: diff --git a/http/cves/2022/CVE-2022-35653.yaml b/http/cves/2022/CVE-2022-35653.yaml index 81519c43876..3813496c26d 100644 --- a/http/cves/2022/CVE-2022-35653.yaml +++ b/http/cves/2022/CVE-2022-35653.yaml @@ -26,17 +26,11 @@ info: vendor: moodle product: moodle shodan-query: - - http.title:"moodle" + - title:"Moodle" - cpe:"cpe:2.3:a:moodle:moodle" - - http.html:"moodle" - - http.title:"installation moodle" - fofa-query: - - title="moodle" - - body="moodle" - - title="installation moodle" - google-query: - - intitle:"moodle" - - intitle:"installation moodle" + - http.title:"moodle" + fofa-query: title="moodle" + google-query: intitle:"moodle" tags: cve,cve2022,moodle,xss http: diff --git a/http/cves/2022/CVE-2022-35914.yaml b/http/cves/2022/CVE-2022-35914.yaml index 9507754eaab..60d4c5798d6 100644 --- a/http/cves/2022/CVE-2022-35914.yaml +++ b/http/cves/2022/CVE-2022-35914.yaml @@ -28,17 +28,13 @@ info: cpe: cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 3 - vendor: "glpi-project" + max-request: 1 + vendor: glpi-project product: glpi shodan-query: - - '[http.favicon.hash:"-1474875778" http.title:"glpi"]' - http.favicon.hash:"-1474875778" - - http.html:"setup glpi" - http.title:"glpi" fofa-query: - - '[icon_hash="-1474875778" title="glpi"]' - - body="setup glpi" - icon_hash="-1474875778" - title="glpi" google-query: intitle:"glpi" diff --git a/http/cves/2022/CVE-2022-36446.yaml b/http/cves/2022/CVE-2022-36446.yaml index cc9a45c0d92..3da7992b6d6 100644 --- a/http/cves/2022/CVE-2022-36446.yaml +++ b/http/cves/2022/CVE-2022-36446.yaml @@ -28,7 +28,9 @@ info: max-request: 2 vendor: webmin product: webmin - shodan-query: http.title:"webmin" + shodan-query: + - title:"Webmin" + - http.title:"webmin" fofa-query: title="webmin" google-query: intitle:"webmin" tags: cve,cve2022,packetstorm,webmin,rce,authenticated,edb diff --git a/http/cves/2022/CVE-2022-36537.yaml b/http/cves/2022/CVE-2022-36537.yaml index 15e29bb760b..55503ba45b5 100644 --- a/http/cves/2022/CVE-2022-36537.yaml +++ b/http/cves/2022/CVE-2022-36537.yaml @@ -30,12 +30,9 @@ info: vendor: zkoss product: zk_framework shodan-query: + - http.title:"Server backup manager" - http.title:"server backup manager" - - http.html:"zk.wpd" or http.html:"" # Random string as HTML comment to append in response body diff --git a/http/cves/2023/CVE-2023-20198.yaml b/http/cves/2023/CVE-2023-20198.yaml index f599e2eac10..323954ee5f8 100644 --- a/http/cves/2023/CVE-2023-20198.yaml +++ b/http/cves/2023/CVE-2023-20198.yaml @@ -30,7 +30,7 @@ info: max-request: 1 vendor: cisco product: ios_xe - shodan-query: http.html_hash:"1076109428" + shodan-query: http.html_hash:1076109428 note: this template confirms vulnerable host with limited unauthenticated command execution, this does not include admin user creation + arbitrary cmd execution. tags: cve2023,cve,kev,cisco,rce,auth-bypass variables: diff --git a/http/cves/2023/CVE-2023-2059.yaml b/http/cves/2023/CVE-2023-2059.yaml index 0026157fdc9..d7ba4b087e7 100644 --- a/http/cves/2023/CVE-2023-2059.yaml +++ b/http/cves/2023/CVE-2023-2059.yaml @@ -11,12 +11,12 @@ info: - https://vuldb.com/?ctiid.225944 - https://vuldb.com/?id.225944 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L - cvss-score: 4.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 cve-id: CVE-2023-2059 cwe-id: CWE-28 - epss-score: 0.02762 - epss-percentile: 0.85297 + epss-score: 0.0012 + epss-percentile: 0.46305 cpe: cpe:2.3:a:dedecms:dedecms:5.7.87:*:*:*:*:*:*:* metadata: verified: true @@ -26,14 +26,10 @@ info: shodan-query: - http.html:"dedecms" - cpe:"cpe:2.3:a:dedecms:dedecms" - - http.html:"power by dedecms" || title:"dedecms" - - http.title:"dedecms" || http.html:"power by dedecms" fofa-query: + - app="DedeCMS" - app="dedecms" - body="dedecms" - - body="power by dedecms" || title:"dedecms" - - title="dedecms" || http.html:"power by dedecms" - google-query: intitle:"dedecms" || http.html:"power by dedecms" tags: cve,cve2023,dedecms,lfi http: diff --git a/http/cves/2023/CVE-2023-20864.yaml b/http/cves/2023/CVE-2023-20864.yaml index d0b9d884f87..94b6f818dfd 100644 --- a/http/cves/2023/CVE-2023-20864.yaml +++ b/http/cves/2023/CVE-2023-20864.yaml @@ -27,7 +27,9 @@ info: max-request: 2 vendor: vmware product: aria_operations_for_logs - shodan-query: http.title:"vrealize log insight" + shodan-query: + - title:"vRealize Log Insight" + - http.title:"vrealize log insight" fofa-query: title="vrealize log insight" google-query: intitle:"vrealize log insight" tags: cve2023,cve,vmware,aria,rce,oast diff --git a/http/cves/2023/CVE-2023-20887.yaml b/http/cves/2023/CVE-2023-20887.yaml index 25ed3ae10c8..d0b6ef1e331 100644 --- a/http/cves/2023/CVE-2023-20887.yaml +++ b/http/cves/2023/CVE-2023-20887.yaml @@ -22,14 +22,14 @@ info: cvss-score: 9.8 cve-id: CVE-2023-20887 cwe-id: CWE-77 - epss-score: 0.94389 - epss-percentile: 0.99962 - cpe: cpe:2.3:a:vmware:aria_operations_for_networks:*:*:*:*:*:*:*:* + epss-score: 0.9635 + epss-percentile: 0.99552 + cpe: cpe:2.3:a:vmware:vrealize_network_insight:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: vmware - product: aria_operations_for_networks + product: vrealize_network_insight shodan-query: - title:"VMware vRealize Network Insight" - http.title:"vmware vrealize network insight" diff --git a/http/cves/2023/CVE-2023-20888.yaml b/http/cves/2023/CVE-2023-20888.yaml index 2dcfe1f4f95..cf890a04f6a 100644 --- a/http/cves/2023/CVE-2023-20888.yaml +++ b/http/cves/2023/CVE-2023-20888.yaml @@ -18,8 +18,8 @@ info: cvss-score: 8.8 cve-id: CVE-2023-20888 cwe-id: CWE-502 - epss-score: 0.89693 - epss-percentile: 0.99527 + epss-score: 0.21995 + epss-percentile: 0.96459 cpe: cpe:2.3:a:vmware:vrealize_network_insight:*:*:*:*:*:*:*:* metadata: verified: true @@ -27,8 +27,9 @@ info: vendor: vmware product: vrealize_network_insight shodan-query: - - http.title:"vmware aria operations" + - title:"VMware Aria Operations" - http.title:"vmware vrealize network insight" + - http.title:"vmware aria operations" fofa-query: - title="vmware vrealize network insight" - title="vmware aria operations" diff --git a/http/cves/2023/CVE-2023-20889.yaml b/http/cves/2023/CVE-2023-20889.yaml index d699e2c0f19..9dabc8e4cb6 100644 --- a/http/cves/2023/CVE-2023-20889.yaml +++ b/http/cves/2023/CVE-2023-20889.yaml @@ -19,8 +19,8 @@ info: cvss-score: 7.5 cve-id: CVE-2023-20889 cwe-id: CWE-77 - epss-score: 0.91821 - epss-percentile: 0.99662 + epss-score: 0.37918 + epss-percentile: 0.9721 cpe: cpe:2.3:a:vmware:vrealize_network_insight:*:*:*:*:*:*:*:* metadata: verified: true @@ -28,8 +28,9 @@ info: vendor: vmware product: vrealize_network_insight shodan-query: - - http.title:"vmware aria operations" + - title:"VMware Aria Operations" - http.title:"vmware vrealize network insight" + - http.title:"vmware aria operations" fofa-query: - title="vmware vrealize network insight" - title="vmware aria operations" diff --git a/http/cves/2023/CVE-2023-2122.yaml b/http/cves/2023/CVE-2023-2122.yaml index b0ed44903a9..58910e281de 100644 --- a/http/cves/2023/CVE-2023-2122.yaml +++ b/http/cves/2023/CVE-2023-2122.yaml @@ -11,14 +11,13 @@ info: - https://wpscan.com/vulnerability/936fd93a-428d-4744-a4fc-c8da78dcbe78 - https://wordpress.org/plugins/image-optimizer-wd/advanced/ - https://nvd.nist.gov/vuln/detail/CVE-2023-2122 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-2122 cwe-id: CWE-79 - epss-score: 0.10905 - epss-percentile: 0.93015 + epss-score: 0.00071 + epss-percentile: 0.30429 cpe: cpe:2.3:a:10web:image_optimizer:*:*:*:*:*:wordpress:*:* metadata: verified: "true" diff --git a/http/cves/2023/CVE-2023-2178.yaml b/http/cves/2023/CVE-2023-2178.yaml index fd23b1a7668..6e6b0c0315a 100644 --- a/http/cves/2023/CVE-2023-2178.yaml +++ b/http/cves/2023/CVE-2023-2178.yaml @@ -14,14 +14,13 @@ info: - https://wpscan.com/vulnerability/e84b71f9-4208-4efb-90e8-1c778e7d2ebb - https://downloads.wordpress.org/plugin/aajoda-testimonials.2.1.0.zip - https://nvd.nist.gov/vuln/detail/CVE-2023-2178 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N cvss-score: 4.8 cve-id: CVE-2023-2178 cwe-id: CWE-79 - epss-score: 0.00846 - epss-percentile: 0.73693 + epss-score: 0.00078 + epss-percentile: 0.33655 cpe: cpe:2.3:a:aajoda:aajoda_testimonials:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-22047.yaml b/http/cves/2023/CVE-2023-22047.yaml index 16706979d80..4c135a7cd9b 100644 --- a/http/cves/2023/CVE-2023-22047.yaml +++ b/http/cves/2023/CVE-2023-22047.yaml @@ -9,14 +9,12 @@ info: reference: - https://nvd.nist.gov/vuln/detail/CVE-2023-22047 - https://x.com/tuo4n8/status/1907279143517266286 - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2023-22047 - cwe-id: CWE-306,NVD-CWE-noinfo - epss-score: 0.88893 - epss-percentile: 0.99484 + epss-score: 0.00635 + epss-percentile: 0.68045 cpe: cpe:2.3:a:oracle:peoplesoft_enterprise:8.59:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-22232.yaml b/http/cves/2023/CVE-2023-22232.yaml index 05615331ae9..3e3c0c670fe 100644 --- a/http/cves/2023/CVE-2023-22232.yaml +++ b/http/cves/2023/CVE-2023-22232.yaml @@ -16,8 +16,8 @@ info: cvss-score: 5.3 cve-id: CVE-2023-22232 cwe-id: CWE-284,NVD-CWE-noinfo - epss-score: 0.88663 - epss-percentile: 0.99466 + epss-score: 0.12731 + epss-percentile: 0.95463 cpe: cpe:2.3:a:adobe:connect:*:*:*:*:*:*:*:* metadata: verified: true @@ -25,15 +25,10 @@ info: vendor: adobe product: connect shodan-query: - - http.title:"adobe connect" + - title:"Adobe Connect" - http.title:"openvpn connect" - - http.title:"ovpn config download" - fofa-query: - - title="openvpn connect" - - title="ovpn config download" - google-query: - - intitle:"openvpn connect" - - intitle:"ovpn config download" + fofa-query: title="openvpn connect" + google-query: intitle:"openvpn connect" tags: packetstorm,cve2023,cve,adobe,lfd,download http: diff --git a/http/cves/2023/CVE-2023-2227.yaml b/http/cves/2023/CVE-2023-2227.yaml index c3e41c646b4..f9c6b27f862 100644 --- a/http/cves/2023/CVE-2023-2227.yaml +++ b/http/cves/2023/CVE-2023-2227.yaml @@ -10,23 +10,23 @@ info: - https://huntr.com/bounties/351f9055-2008-4af0-b820-01ff66678bf3 - https://github.com/modoboa/modoboa/commit/7bcd3f6eb264d4e3e01071c97c2bac51cdd6fe97 - https://nvd.nist.gov/vuln/detail/CVE-2023-2227 - - https://github.com/7h3h4ckv157/7h3h4ckv157 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 9.1 cve-id: CVE-2023-2227 cwe-id: CWE-285 - epss-score: 0.9045 - epss-percentile: 0.99573 + epss-score: 0.01292 + epss-percentile: 0.85804 cpe: cpe:2.3:a:modoboa:modoboa:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: modoboa product: modoboa shodan-query: - - http.favicon.hash:"1949005079" + - "http.favicon.hash:1949005079" - http.html:"modoboa" fofa-query: + - "body=\"Modoboa\"" - body="modoboa" - icon_hash=1949005079 tags: cve,cve2023,modoboa,exposure,disclosure diff --git a/http/cves/2023/CVE-2023-22432.yaml b/http/cves/2023/CVE-2023-22432.yaml index 83b4d5f79dc..9427a87d7b7 100644 --- a/http/cves/2023/CVE-2023-22432.yaml +++ b/http/cves/2023/CVE-2023-22432.yaml @@ -19,15 +19,15 @@ info: cvss-score: 6.1 cve-id: CVE-2023-22432 cwe-id: CWE-601 - epss-score: 0.51277 - epss-percentile: 0.97718 + epss-score: 0.00945 + epss-percentile: 0.83107 cpe: cpe:2.3:a:web2py:web2py:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: web2py product: web2py - shodan-query: http.favicon.hash:"-1680052984" + shodan-query: http.favicon.hash:-1680052984 fofa-query: icon_hash=-1680052984 tags: cve,cve2023,web2py,redirect,authenticated diff --git a/http/cves/2023/CVE-2023-22463.yaml b/http/cves/2023/CVE-2023-22463.yaml index f9109d8c62d..df986a2eecb 100644 --- a/http/cves/2023/CVE-2023-22463.yaml +++ b/http/cves/2023/CVE-2023-22463.yaml @@ -20,15 +20,17 @@ info: cvss-score: 9.8 cve-id: CVE-2023-22463 cwe-id: CWE-798 - epss-score: 0.89244 - epss-percentile: 0.99501 + epss-score: 0.01936 + epss-percentile: 0.88621 cpe: cpe:2.3:a:fit2cloud:kubepi:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: fit2cloud product: kubepi - shodan-query: http.html:"kubepi" + shodan-query: + - html:"kubepi" + - http.html:"kubepi" fofa-query: - "kubepi" - body="kubepi" diff --git a/http/cves/2023/CVE-2023-22478.yaml b/http/cves/2023/CVE-2023-22478.yaml index 9c0201ecf4c..f79d8fd5290 100644 --- a/http/cves/2023/CVE-2023-22478.yaml +++ b/http/cves/2023/CVE-2023-22478.yaml @@ -29,7 +29,9 @@ info: max-request: 1 vendor: fit2cloud product: kubepi - shodan-query: http.html:"kubepi" + shodan-query: + - html:"kubepi" + - http.html:"kubepi" fofa-query: - "kubepi" - body="kubepi" diff --git a/http/cves/2023/CVE-2023-22480.yaml b/http/cves/2023/CVE-2023-22480.yaml index 7e458748275..3ececa9fd02 100644 --- a/http/cves/2023/CVE-2023-22480.yaml +++ b/http/cves/2023/CVE-2023-22480.yaml @@ -3,7 +3,7 @@ id: CVE-2023-22480 info: name: KubeOperator Foreground `kubeconfig` - File Download author: DhiyaneshDk - severity: high + severity: critical description: | KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4. impact: | @@ -17,22 +17,25 @@ info: - https://github.com/KubeOperator/KubeOperator/commit/7ef42bf1c16900d13e6376f8be5ecdbfdfb44aaf - https://github.com/KubeOperator/KubeOperator/releases/tag/v3.16.4 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L - cvss-score: 7.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2023-22480 - cwe-id: CWE-285,CWE-863 - epss-score: 0.79241 - epss-percentile: 0.99003 + cwe-id: CWE-863,CWE-285 + epss-score: 0.03554 + epss-percentile: 0.91598 cpe: cpe:2.3:a:fit2cloud:kubeoperator:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: fit2cloud product: kubeoperator - shodan-query: http.html:"kubeoperator" + shodan-query: + - html:"KubeOperator" + - http.html:"kubeoperator" fofa-query: - - app="kubeoperator" + - app="KubeOperator" - body="kubeoperator" + - app="kubeoperator" tags: cve2023,cve,kubeoperator,k8s,kubeconfig,exposure,fit2cloud http: diff --git a/http/cves/2023/CVE-2023-22515.yaml b/http/cves/2023/CVE-2023-22515.yaml index f8faa63fac3..ca549e3bc30 100644 --- a/http/cves/2023/CVE-2023-22515.yaml +++ b/http/cves/2023/CVE-2023-22515.yaml @@ -18,8 +18,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-22515 - epss-score: 0.94365 - epss-percentile: 0.99952 + epss-score: 0.97313 + epss-percentile: 0.99875 cpe: cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* metadata: verified: true @@ -27,7 +27,9 @@ info: vendor: atlassian product: confluence_data_center shodan-query: http.component:"atlassian confluence" - fofa-query: app="atlassian-confluence" + fofa-query: + - app="ATLASSIAN-Confluence" + - app="atlassian-confluence" tags: cve2023,cve,confluence,auth-bypass,kev,intrusive,atlassian variables: username: "{{rand_base(10)}}" diff --git a/http/cves/2023/CVE-2023-22518.yaml b/http/cves/2023/CVE-2023-22518.yaml index 87f37235623..838c6e3e8c1 100644 --- a/http/cves/2023/CVE-2023-22518.yaml +++ b/http/cves/2023/CVE-2023-22518.yaml @@ -18,15 +18,17 @@ info: cvss-score: 9.8 cve-id: CVE-2023-22518 cwe-id: CWE-863 - epss-score: 0.94375 - epss-percentile: 0.99956 + epss-score: 0.96267 + epss-percentile: 0.99528 cpe: cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: atlassian product: confluence_data_center - shodan-query: http.component:"atlassian confluence" + shodan-query: + - http.component:"Atlassian Confluence" + - http.component:"atlassian confluence" fofa-query: app="atlassian-confluence" note: this template attempts to validate the vulnerability by uploading an invalid (empty) zip file. This is a safe method for checking vulnerability and will not cause data loss or database reset. In real attack scenarios, a malicious file could potentially be used causing more severe impacts. tags: cve,cve2023,atlassian,confluence,rce,unauth,intrusive,kev diff --git a/http/cves/2023/CVE-2023-2252.yaml b/http/cves/2023/CVE-2023-2252.yaml index e7caeff77b8..c3886ac0f7b 100644 --- a/http/cves/2023/CVE-2023-2252.yaml +++ b/http/cves/2023/CVE-2023-2252.yaml @@ -13,14 +13,13 @@ info: - https://wpscan.com/vulnerability/9da6eede-10d0-4609-8b97-4a5d38fa8e69 - https://wordpress.org/plugins/directorist/advanced/ - https://nvd.nist.gov/vuln/detail/CVE-2023-2252 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N cvss-score: 2.7 cve-id: CVE-2023-2252 cwe-id: CWE-22 - epss-score: 0.07799 - epss-percentile: 0.9149 + epss-score: 0.00129 + epss-percentile: 0.4773 cpe: cpe:2.3:a:wpwax:directorist:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-22527.yaml b/http/cves/2023/CVE-2023-22527.yaml index ac7b9defa83..e70e827ecc4 100644 --- a/http/cves/2023/CVE-2023-22527.yaml +++ b/http/cves/2023/CVE-2023-22527.yaml @@ -18,14 +18,16 @@ info: cvss-score: 9.8 cve-id: CVE-2023-22527 cwe-id: CWE-74 - epss-score: 0.94363 - epss-percentile: 0.99951 + epss-score: 0.97459 + epss-percentile: 0.99955 cpe: cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: atlassian product: confluence_data_center - shodan-query: http.component:"atlassian confluence" + shodan-query: + - http.component:"Atlassian Confluence" + - http.component:"atlassian confluence" fofa-query: app="atlassian-confluence" tags: packetstorm,cve,cve2023,confluence,rce,ssti,kev,atlassian diff --git a/http/cves/2023/CVE-2023-2256.yaml b/http/cves/2023/CVE-2023-2256.yaml index a6328616dd2..cc7bc1b7e7e 100644 --- a/http/cves/2023/CVE-2023-2256.yaml +++ b/http/cves/2023/CVE-2023-2256.yaml @@ -3,28 +3,24 @@ id: CVE-2023-2256 info: name: WordPress Product Addons & Fields for WooCommerce < 32.0.7 - Cross-Site Scripting author: ritikchaddha - severity: medium + severity: high description: | The Product Addons & Fields for WooCommerce WordPress plugin before version 32.0.7 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape some URL parameters in the admin panel, which could allow attackers to execute arbitrary JavaScript code in an administrator's browser context. reference: - https://wpscan.com/vulnerability/1187e041-3be2-4613-8d56-c2394fcc75fb - https://nvd.nist.gov/vuln/detail/CVE-2023-2256 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-2256 cwe-id: CWE-79 - epss-score: 0.08965 - epss-percentile: 0.92142 cpe: cpe:2.3:a:themeisle:product_addons_\&_fields_for_woocommerce:*:*:*:*:*:wordpress:*:* metadata: max-request: 3 - vendor: themeisle - product: product_addons_\&_fields_for_woocommerce - framework: wordpress + vendor: WordPress + product: woocommerce-product-addon fofa-query: body="wp-content/plugins/woocommerce-product-addon/" - tags: wpscan,cve,cve2023,wp,wordpress,wp-plugin,xss,woocommerce,woocommerce-product-addon,authenticated,WordPress + tags: cve,cve2023,wp,wordpress,wp-plugin,xss,woocommerce,woocommerce-product-addon,authenticated http: - raw: diff --git a/http/cves/2023/CVE-2023-22620.yaml b/http/cves/2023/CVE-2023-22620.yaml index bf549839363..30796d09e28 100644 --- a/http/cves/2023/CVE-2023-22620.yaml +++ b/http/cves/2023/CVE-2023-22620.yaml @@ -28,10 +28,10 @@ info: max-request: 2 vendor: securepoint product: unified_threat_management - shodan-query: http.title:"securepoint utm" - fofa-query: - - title="securepoint utm" - - app="securepoint-utm-v11-admin-interface-11.8.8.8" + shodan-query: + - title:"Securepoint UTM" + - http.title:"securepoint utm" + fofa-query: title="securepoint utm" google-query: intitle:"securepoint utm" tags: cve,cve2023,utm,leak,memory,packetstorm,securepoint diff --git a/http/cves/2023/CVE-2023-22621.yaml b/http/cves/2023/CVE-2023-22621.yaml index 9a131ae0584..9f99b747771 100644 --- a/http/cves/2023/CVE-2023-22621.yaml +++ b/http/cves/2023/CVE-2023-22621.yaml @@ -17,27 +17,17 @@ info: cvss-score: 7.2 cve-id: CVE-2023-22621 cwe-id: CWE-74 - epss-score: 0.83441 - epss-percentile: 0.99206 + epss-score: 0.00654 + epss-percentile: 0.79886 cpe: cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:* metadata: verified: true max-request: 4 vendor: strapi product: strapi - shodan-query: - - http.html:"welcome to your strapi app" - - http.title:"strapi" - - http.title:"welcome to your strapi app" - fofa-query: - - app="strapi-headless-cms" - - body="welcome to your strapi app" - - title="strapi" - - title="welcome to your strapi app" - google-query: - - intitle:"strapi" - - intitle:"welcome to your strapi app" + shodan-query: html:"Welcome to your Strapi app" tags: cve,cve2023,strapi,ssti,rce,intrusive,authenticated + flow: http(1) && http(2) && http(3) && http(4) variables: diff --git a/http/cves/2023/CVE-2023-2272.yaml b/http/cves/2023/CVE-2023-2272.yaml index 9deac406174..43040e5f33c 100644 --- a/http/cves/2023/CVE-2023-2272.yaml +++ b/http/cves/2023/CVE-2023-2272.yaml @@ -14,14 +14,13 @@ info: - https://wpscan.com/vulnerability/dba60216-2753-40b7-8f2b-6caeba684b2e - https://wordpress.org/plugins/tiempocom/ - https://nvd.nist.gov/vuln/detail/CVE-2023-2272 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-2272 cwe-id: CWE-79 - epss-score: 0.08505 - epss-percentile: 0.91898 + epss-score: 0.00071 + epss-percentile: 0.30429 cpe: cpe:2.3:a:tiempo:tiempo:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-22893.yaml b/http/cves/2023/CVE-2023-22893.yaml index 6463b7820fe..34d401bbda0 100644 --- a/http/cves/2023/CVE-2023-22893.yaml +++ b/http/cves/2023/CVE-2023-22893.yaml @@ -24,19 +24,9 @@ info: max-request: 1 vendor: strapi product: strapi - fofa-query: - - app="strapi-headless-cms" - - body="welcome to your strapi app" - - title="strapi" - - title="welcome to your strapi app" - shodan-query: - - http.html:"welcome to your strapi app" - - http.title:"strapi" - - http.title:"welcome to your strapi app" - google-query: - - intitle:"strapi" - - intitle:"welcome to your strapi app" + fofa-query: app="strapi-Headless-CMS" tags: cve,cve2023,strapi,authenticated,aws,cognito + variables: email: "{{email}}" payload: '{"cognito:username":"{{to_lower(rand_text_alpha(10))}}","email":"{{email}}"}' diff --git a/http/cves/2023/CVE-2023-22897.yaml b/http/cves/2023/CVE-2023-22897.yaml index b707bee8736..6071bf7dcf9 100644 --- a/http/cves/2023/CVE-2023-22897.yaml +++ b/http/cves/2023/CVE-2023-22897.yaml @@ -21,18 +21,18 @@ info: cvss-score: 6.5 cve-id: CVE-2023-22897 cwe-id: CWE-908 - epss-score: 0.88779 - epss-percentile: 0.99473 + epss-score: 0.03238 + epss-percentile: 0.91228 cpe: cpe:2.3:o:securepoint:unified_threat_management:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: securepoint product: unified_threat_management - shodan-query: http.title:"securepoint utm" - fofa-query: - - title="securepoint utm" - - app="securepoint-utm-v11-admin-interface-11.8.8.8" + shodan-query: + - title:"Securepoint UTM" + - http.title:"securepoint utm" + fofa-query: title="securepoint utm" google-query: intitle:"securepoint utm" tags: cve,cve2023,securepoint,utm,exposure,memory diff --git a/http/cves/2023/CVE-2023-22952.yaml b/http/cves/2023/CVE-2023-22952.yaml index 32b59542052..06b31bd2fb0 100644 --- a/http/cves/2023/CVE-2023-22952.yaml +++ b/http/cves/2023/CVE-2023-22952.yaml @@ -8,38 +8,31 @@ info: In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation. reference: - https://attackerkb.com/topics/E486ui94II/cve-2023-22952 - - https://github.com/h00die-gr3y/Metasploit - - https://github.com/jakabakos/PHP-payload-injection-to-PNGs - - https://github.com/santosomar/kev_checker - - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2023-22952 cwe-id: CWE-20,CWE-94 - epss-score: 0.93756 - epss-percentile: 0.99844 + epss-score: 0.52172 + epss-percentile: 0.97769 cpe: cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:*:*:*:* metadata: - max-request: 3 vendor: sugarcrm product: sugarcrm shodan-query: - - '[http.html:"sugarcrm inc. all rights reserved" http.title:"sugar setup wizard" http.title:"sugarcrm"]' - http.html:"sugarcrm inc. all rights reserved" - http.title:"sugar setup wizard" - http.title:"sugarcrm" fofa-query: - - '[body="sugarcrm inc. all rights reserved" title="sugar setup wizard" title=sugarcrm]' - body="sugarcrm inc. all rights reserved" - title="sugar setup wizard" - - title="sugarcrm" + - title=sugarcrm google-query: - - '[intext:"sugarcrm inc. all rights reserved" intitle:"sugar setup wizard" intitle:sugarcrm]' - intext:"sugarcrm inc. all rights reserved" - intitle:"sugar setup wizard" - - intitle:"sugarcrm" + - intitle:sugarcrm tags: cve,cve2023,sugarcrm,rce,file-upload,intrusive,kev + flow: http(1) && http(2) && http(3) http: diff --git a/http/cves/2023/CVE-2023-2309.yaml b/http/cves/2023/CVE-2023-2309.yaml index b727c756879..7e38e637e8b 100644 --- a/http/cves/2023/CVE-2023-2309.yaml +++ b/http/cves/2023/CVE-2023-2309.yaml @@ -26,9 +26,7 @@ info: product: wpforo_forum framework: wordpress publicwww-query: "/wp-content/plugins/wpforo/" - shodan-query: http.html:"/wp-content/plugins/wpforo/" - fofa-query: body=/wp-content/plugins/wpforo/ - tags: cve,cve2023,wordpress,wpforo,wpscan,wp-plugin,wp,xss,gvectors + tags: cve,cve2023,wordpress,wpforo,wpscan,wp-plugin,wp,xss http: - raw: diff --git a/http/cves/2023/CVE-2023-23161.yaml b/http/cves/2023/CVE-2023-23161.yaml index 4e9d0c4f857..0d287cb159e 100644 --- a/http/cves/2023/CVE-2023-23161.yaml +++ b/http/cves/2023/CVE-2023-23161.yaml @@ -29,7 +29,9 @@ info: max-request: 1 vendor: phpgurukul product: art_gallery_management_system - fofa-query: title="art gallery management system" + fofa-query: + - title="Art Gallery Management System" + - title="art gallery management system" tags: cve2023,cve,packetstorm,art,gallery,xss,art_gallery_management_system_project,phpgurukul http: diff --git a/http/cves/2023/CVE-2023-23333.yaml b/http/cves/2023/CVE-2023-23333.yaml index ab84c5af68d..1c304372aa4 100644 --- a/http/cves/2023/CVE-2023-23333.yaml +++ b/http/cves/2023/CVE-2023-23333.yaml @@ -30,10 +30,12 @@ info: vendor: contec product: solarview_compact_firmware shodan-query: - - http.html:"solarview compact" + - http.html:"SolarView Compact" - http.favicon.hash:"-244067125" + - http.html:"solarview compact" - cpe:"cpe:2.3:o:contec:solarview_compact_firmware" fofa-query: + - body="SolarView Compact" && title="Top" - body="solarview compact" && title="top" - icon_hash="-244067125" - body="solarview compact" diff --git a/http/cves/2023/CVE-2023-23488.yaml b/http/cves/2023/CVE-2023-23488.yaml index f7456244af6..5b612d9b99a 100644 --- a/http/cves/2023/CVE-2023-23488.yaml +++ b/http/cves/2023/CVE-2023-23488.yaml @@ -30,7 +30,7 @@ info: vendor: strangerstudios product: paid_memberships_pro framework: wordpress - shodan-query: http.html:"/wp-content/plugins/paid-memberships-pro/" + shodan-query: http.html:/wp-content/plugins/paid-memberships-pro/ fofa-query: body=/wp-content/plugins/paid-memberships-pro/ publicwww-query: /wp-content/plugins/paid-memberships-pro/ google-query: inurl:"/wp-content/plugins/paid-memberships-pro" diff --git a/http/cves/2023/CVE-2023-23489.yaml b/http/cves/2023/CVE-2023-23489.yaml index 2d83c896a25..2769f99e4ff 100644 --- a/http/cves/2023/CVE-2023-23489.yaml +++ b/http/cves/2023/CVE-2023-23489.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2023-23489 cwe-id: CWE-89 - epss-score: 0.80683 - epss-percentile: 0.99078 + epss-score: 0.11793 + epss-percentile: 0.95309 cpe: cpe:2.3:a:sandhillsdev:easy_digital_downloads:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-23491.yaml b/http/cves/2023/CVE-2023-23491.yaml index d58b92dd042..f17a6c28b3d 100644 --- a/http/cves/2023/CVE-2023-23491.yaml +++ b/http/cves/2023/CVE-2023-23491.yaml @@ -12,14 +12,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2023-23491 - https://github.com/ARPSyndicate/cvemon - https://github.com/JoshuaMart/JoshuaMart - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-23491 cwe-id: CWE-79 - epss-score: 0.07686 - epss-percentile: 0.91429 + epss-score: 0.0012 + epss-percentile: 0.46205 cpe: cpe:2.3:a:fullworksplugins:quick_event_manager:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -27,7 +26,7 @@ info: vendor: fullworksplugins product: quick_event_manager framework: wordpress - shodan-query: http.html:"/wp-content/plugins/quick-event-manager" + shodan-query: http.html:/wp-content/plugins/quick-event-manager fofa-query: body=/wp-content/plugins/quick-event-manager publicwww-query: "/wp-content/plugins/quick-event-manager" tags: cve2023,cve,wordpress,wp,wp-plugin,wpscan,xss,quick-event-manager,fullworksplugins diff --git a/http/cves/2023/CVE-2023-23492.yaml b/http/cves/2023/CVE-2023-23492.yaml index 40a1eccafe6..584607c67c1 100644 --- a/http/cves/2023/CVE-2023-23492.yaml +++ b/http/cves/2023/CVE-2023-23492.yaml @@ -21,8 +21,8 @@ info: cvss-score: 8.8 cve-id: CVE-2023-23492 cwe-id: CWE-89 - epss-score: 0.86218 - epss-percentile: 0.99345 + epss-score: 0.06178 + epss-percentile: 0.93551 cpe: cpe:2.3:a:idehweb:login_with_phone_number:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-2356.yaml b/http/cves/2023/CVE-2023-2356.yaml index 1792fad5049..30f38ed6cec 100644 --- a/http/cves/2023/CVE-2023-2356.yaml +++ b/http/cves/2023/CVE-2023-2356.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2023-2356 cwe-id: CWE-23 - epss-score: 0.84556 - epss-percentile: 0.99259 + epss-score: 0.01406 + epss-percentile: 0.86426 cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:* metadata: verified: true @@ -31,6 +31,7 @@ info: product: mlflow shodan-query: http.title:"mlflow" fofa-query: + - app="MLflow" - app="mlflow" - title="mlflow" google-query: intitle:"mlflow" diff --git a/http/cves/2023/CVE-2023-23752.yaml b/http/cves/2023/CVE-2023-23752.yaml index b9fdf3d6032..5ccfb7f53ca 100644 --- a/http/cves/2023/CVE-2023-23752.yaml +++ b/http/cves/2023/CVE-2023-23752.yaml @@ -19,8 +19,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2023-23752 - epss-score: 0.94532 - epss-percentile: 1 + epss-score: 0.93208 + epss-percentile: 0.99053 cpe: cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* metadata: verified: true @@ -28,6 +28,7 @@ info: vendor: joomla product: joomla\! shodan-query: + - html:"Joomla! - Open Source Content Management" - http.html:"joomla! - open source content management" - http.component:"joomla" - cpe:"cpe:2.3:a:joomla:joomla\!" diff --git a/http/cves/2023/CVE-2023-24243.yaml b/http/cves/2023/CVE-2023-24243.yaml index b5ad4c08bff..c084c4ce70a 100644 --- a/http/cves/2023/CVE-2023-24243.yaml +++ b/http/cves/2023/CVE-2023-24243.yaml @@ -30,12 +30,9 @@ info: vendor: cdata product: arc shodan-query: + - http.favicon.hash:163538942 - http.favicon.hash:"163538942" - - http.title:"cdata arc" - fofa-query: - - icon_hash="163538942" - - title="cdata arc" - google-query: intitle:"cdata arc" + fofa-query: icon_hash="163538942" tags: cve,cve2023,cdata,rsb,ssrf http: diff --git a/http/cves/2023/CVE-2023-24278.yaml b/http/cves/2023/CVE-2023-24278.yaml index 5d788c27daf..ad7249c5eea 100644 --- a/http/cves/2023/CVE-2023-24278.yaml +++ b/http/cves/2023/CVE-2023-24278.yaml @@ -15,21 +15,20 @@ info: - https://www.openwall.com/lists/oss-security/2023/03/16/1 - https://nvd.nist.gov/vuln/detail/CVE-2023-24278 - https://github.com/karimhabush/cyberowl - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-24278 cwe-id: CWE-79 - epss-score: 0.48089 - epss-percentile: 0.97564 + epss-score: 0.00158 + epss-percentile: 0.52245 cpe: cpe:2.3:a:squidex.io:squidex:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: squidex.io product: squidex - shodan-query: http.favicon.hash:"1099097618" + shodan-query: http.favicon.hash:1099097618 fofa-query: icon_hash=1099097618 tags: cve2023,cve,xss,squidex,cms,unauth,squidex.io diff --git a/http/cves/2023/CVE-2023-24322.yaml b/http/cves/2023/CVE-2023-24322.yaml index 33df0a5669c..e06a72b6552 100644 --- a/http/cves/2023/CVE-2023-24322.yaml +++ b/http/cves/2023/CVE-2023-24322.yaml @@ -19,18 +19,18 @@ info: cvss-score: 6.1 cve-id: CVE-2023-24322 cwe-id: CWE-79 - epss-score: 0.19147 - epss-percentile: 0.95012 + epss-score: 0.00157 + epss-percentile: 0.52131 cpe: cpe:2.3:a:mojoportal:mojoportal:2.7.0.0:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: mojoportal product: mojoportal - shodan-query: http.html:"mojoportal" - fofa-query: - - body="mojoportal" - - title="mojoportal" + shodan-query: + - html:"mojoPortal" + - http.html:"mojoportal" + fofa-query: body="mojoportal" tags: cve,cve2023,cves,mojoportal,xss http: diff --git a/http/cves/2023/CVE-2023-24367.yaml b/http/cves/2023/CVE-2023-24367.yaml index 440812b4290..289f5b1e53b 100644 --- a/http/cves/2023/CVE-2023-24367.yaml +++ b/http/cves/2023/CVE-2023-24367.yaml @@ -25,11 +25,9 @@ info: metadata: verified: true max-request: 1 - vendor: temenos + shodan-query: title:"T24 Sign in" product: t24 - shodan-query: http.title:"t24 sign in" - fofa-query: title="t24 sign in" - google-query: intitle:"t24 sign in" + vendor: temenos tags: cve,cve2023,xss,temenos http: diff --git a/http/cves/2023/CVE-2023-24488.yaml b/http/cves/2023/CVE-2023-24488.yaml index 11317f1daeb..6a949f42450 100644 --- a/http/cves/2023/CVE-2023-24488.yaml +++ b/http/cves/2023/CVE-2023-24488.yaml @@ -21,14 +21,16 @@ info: cvss-score: 6.1 cve-id: CVE-2023-24488 cwe-id: CWE-79 - epss-score: 0.90972 - epss-percentile: 0.99604 + epss-score: 0.05227 + epss-percentile: 0.93007 cpe: cpe:2.3:a:citrix:gateway:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: citrix product: gateway - shodan-query: http.title:"citrix gateway" + shodan-query: + - title:"Citrix Gateway" + - http.title:"citrix gateway" fofa-query: title="citrix gateway" google-query: intitle:"citrix gateway" tags: cve2023,cve,citrix,xss,adc diff --git a/http/cves/2023/CVE-2023-24489.yaml b/http/cves/2023/CVE-2023-24489.yaml index ab96b3a81ec..f54f31aa358 100644 --- a/http/cves/2023/CVE-2023-24489.yaml +++ b/http/cves/2023/CVE-2023-24489.yaml @@ -29,7 +29,9 @@ info: max-request: 256 vendor: citrix product: sharefile_storage_zones_controller - shodan-query: http.title:"sharefile storage server" + shodan-query: + - title:"ShareFile Storage Server" + - http.title:"sharefile storage server" fofa-query: title="sharefile storage server" google-query: intitle:"sharefile storage server" tags: cve2023,cve,sharefile,rce,intrusive,fileupload,fuzz,kev,citrix diff --git a/http/cves/2023/CVE-2023-24657.yaml b/http/cves/2023/CVE-2023-24657.yaml index 80f037c0b4f..13b150b7b38 100644 --- a/http/cves/2023/CVE-2023-24657.yaml +++ b/http/cves/2023/CVE-2023-24657.yaml @@ -18,8 +18,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-24657 cwe-id: CWE-79 - epss-score: 0.05727 - epss-percentile: 0.89959 + epss-score: 0.01878 + epss-percentile: 0.88418 cpe: cpe:2.3:a:phpipam:phpipam:1.6:*:*:*:*:*:*:* metadata: verified: true @@ -27,11 +27,9 @@ info: vendor: phpipam product: phpipam shodan-query: + - html:"phpIPAM IP address management" - http.html:"phpipam ip address management" - - http.html:"phpipam installation wizard" - fofa-query: - - body="phpipam ip address management" - - body="phpipam installation wizard" + fofa-query: body="phpipam ip address management" tags: cve2023,cve,xss,phpipam,authenticated http: diff --git a/http/cves/2023/CVE-2023-24733.yaml b/http/cves/2023/CVE-2023-24733.yaml index 4cec18fbf4a..1242967bf6d 100644 --- a/http/cves/2023/CVE-2023-24733.yaml +++ b/http/cves/2023/CVE-2023-24733.yaml @@ -28,7 +28,7 @@ info: vendor: sigb product: pmb shodan-query: - - http.favicon.hash:"1469328760" + - http.favicon.hash:1469328760 - http.html:"pmb group" fofa-query: - body="pmb group" diff --git a/http/cves/2023/CVE-2023-24735.yaml b/http/cves/2023/CVE-2023-24735.yaml index cc5c79d4b8b..760b18d234c 100644 --- a/http/cves/2023/CVE-2023-24735.yaml +++ b/http/cves/2023/CVE-2023-24735.yaml @@ -28,7 +28,7 @@ info: vendor: sigb product: pmb shodan-query: - - http.favicon.hash:"1469328760" + - http.favicon.hash:1469328760 - http.html:"pmb group" fofa-query: - body="pmb group" diff --git a/http/cves/2023/CVE-2023-24737.yaml b/http/cves/2023/CVE-2023-24737.yaml index d753a575dc2..dbceb580cd6 100644 --- a/http/cves/2023/CVE-2023-24737.yaml +++ b/http/cves/2023/CVE-2023-24737.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-24737 cwe-id: CWE-79 - epss-score: 0.10232 - epss-percentile: 0.92734 + epss-score: 0.00099 + epss-percentile: 0.41025 cpe: cpe:2.3:a:sigb:pmb:7.4.6:*:*:*:*:*:*:* metadata: verified: true @@ -28,7 +28,7 @@ info: vendor: sigb product: pmb shodan-query: - - http.favicon.hash:"1469328760" + - http.favicon.hash:1469328760 - http.html:"pmb group" fofa-query: - body="pmb group" diff --git a/http/cves/2023/CVE-2023-2479.yaml b/http/cves/2023/CVE-2023-2479.yaml index b289e3b3a19..f2d9f0b319c 100644 --- a/http/cves/2023/CVE-2023-2479.yaml +++ b/http/cves/2023/CVE-2023-2479.yaml @@ -18,8 +18,8 @@ info: cvss-score: 9.8 cve-id: CVE-2023-2479 cwe-id: CWE-78 - epss-score: 0.92272 - epss-percentile: 0.99698 + epss-score: 0.96532 + epss-percentile: 0.99605 cpe: cpe:2.3:a:appium:appium-desktop:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2023/CVE-2023-25135.yaml b/http/cves/2023/CVE-2023-25135.yaml index 701114e2fb5..60667f71745 100644 --- a/http/cves/2023/CVE-2023-25135.yaml +++ b/http/cves/2023/CVE-2023-25135.yaml @@ -29,20 +29,18 @@ info: vendor: vbulletin product: vbulletin shodan-query: - - http.component:"vbulletin" + - http.component:"vBulletin" - http.html:"powered by vbulletin" + - http.component:"vbulletin" - http.title:"powered by vbulletin" - cpe:"cpe:2.3:a:vbulletin:vbulletin" - - http.title:"vbulletin" fofa-query: - body="powered by vbulletin" - title="powered by vbulletin" - - app="vbulletin" - - title="vbulletin" google-query: - - intext:"powered by vbulletin" + - intext:"Powered By vBulletin" - intitle:"powered by vbulletin" - - intitle:"vbulletin" + - intext:"powered by vbulletin" tags: cve,cve2023,vbulletin,rce http: diff --git a/http/cves/2023/CVE-2023-25157.yaml b/http/cves/2023/CVE-2023-25157.yaml index f6be927f8c7..6d72ed1e3fd 100644 --- a/http/cves/2023/CVE-2023-25157.yaml +++ b/http/cves/2023/CVE-2023-25157.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2023-25157 cwe-id: CWE-89 - epss-score: 0.93809 - epss-percentile: 0.9985 + epss-score: 0.59299 + epss-percentile: 0.97754 cpe: cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:* metadata: verified: "true" @@ -30,8 +30,8 @@ info: vendor: osgeo product: geoserver shodan-query: + - title:"geoserver" - http.title:"geoserver" - - server:"geohttpserver" fofa-query: - title="geoserver" - app="geoserver" diff --git a/http/cves/2023/CVE-2023-2518.yaml b/http/cves/2023/CVE-2023-2518.yaml index e9917ebaa1b..ef22f8879c0 100644 --- a/http/cves/2023/CVE-2023-2518.yaml +++ b/http/cves/2023/CVE-2023-2518.yaml @@ -20,8 +20,8 @@ info: vendor: yikesinc product: easy_forms_for_mailchimp fofa-query: body="wp-content/plugins/yikes-inc-easy-mailchimp-extender/" - shodan-query: http.html:"wp-content/plugins/yikes-inc-easy-mailchimp-extender/" - tags: wpscan,cve,cve2023,wp,wordpress,wp-plugin,xss,yikes-inc-easy-mailchimp-extender,authenticated,yikesinc + tags: cve,cve2023,wp,wordpress,wp-plugin,xss,yikes-inc-easy-mailchimp-extender,authenticated + flow: http(1) && http(2) http: diff --git a/http/cves/2023/CVE-2023-25194.yaml b/http/cves/2023/CVE-2023-25194.yaml index 0182efb7314..06a231bbf5b 100644 --- a/http/cves/2023/CVE-2023-25194.yaml +++ b/http/cves/2023/CVE-2023-25194.yaml @@ -17,15 +17,17 @@ info: cvss-score: 8.8 cve-id: CVE-2023-25194 cwe-id: CWE-502 - epss-score: 0.94188 - epss-percentile: 0.99908 + epss-score: 0.96717 + epss-percentile: 0.99653 cpe: cpe:2.3:a:apache:kafka_connect:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: apache product: kafka_connect - shodan-query: http.html:"apache druid" + shodan-query: + - html:"Apache Druid" + - http.html:"apache druid" fofa-query: body="apache druid" tags: packetstorm,cve,cve2023,apache,druid,kafka,rce,jndi,oast diff --git a/http/cves/2023/CVE-2023-25346.yaml b/http/cves/2023/CVE-2023-25346.yaml index 52d8ead790a..c505138fa40 100644 --- a/http/cves/2023/CVE-2023-25346.yaml +++ b/http/cves/2023/CVE-2023-25346.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-25346 cwe-id: CWE-79 - epss-score: 0.05082 - epss-percentile: 0.89262 + epss-score: 0.00165 + epss-percentile: 0.5311 cpe: cpe:2.3:a:churchcrm:churchcrm:4.5.3:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-25573.yaml b/http/cves/2023/CVE-2023-25573.yaml index 9bfec5fddd1..f0cde81f69e 100644 --- a/http/cves/2023/CVE-2023-25573.yaml +++ b/http/cves/2023/CVE-2023-25573.yaml @@ -16,12 +16,12 @@ info: - https://github.com/20142995/sectool - https://github.com/KayCHENvip/vulnerability-poc classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 cve-id: CVE-2023-25573 cwe-id: CWE-862 - epss-score: 0.91914 - epss-percentile: 0.99669 + epss-score: 0.04496 + epss-percentile: 0.92455 cpe: cpe:2.3:a:metersphere:metersphere:*:*:*:*:*:*:*:* metadata: verified: true @@ -30,6 +30,7 @@ info: product: metersphere shodan-query: http.html:"metersphere" fofa-query: + - body="Metersphere" - body="metersphere" - title="metersphere" tags: cve,cve2023,metersphere,lfi diff --git a/http/cves/2023/CVE-2023-25717.yaml b/http/cves/2023/CVE-2023-25717.yaml index 7e7406b637e..d24f740f219 100644 --- a/http/cves/2023/CVE-2023-25717.yaml +++ b/http/cves/2023/CVE-2023-25717.yaml @@ -14,22 +14,22 @@ info: - https://cybir.com/2023/cve/proof-of-concept-ruckus-wireless-admin-10-4-unauthenticated-remote-code-execution-csrf-ssrf/ - https://support.ruckuswireless.com/security_bulletins/315 - https://nvd.nist.gov/vuln/detail/CVE-2023-25717 - - https://github.com/Ostorlab/KEV - - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-25717 cwe-id: CWE-94 - epss-score: 0.94354 - epss-percentile: 0.99948 + epss-score: 0.95613 + epss-percentile: 0.99262 cpe: cpe:2.3:a:ruckuswireless:ruckus_wireless_admin:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: ruckuswireless product: ruckus_wireless_admin - shodan-query: http.title:"ruckus wireless" + shodan-query: + - title:"ruckus wireless" + - http.title:"ruckus wireless" fofa-query: title="ruckus wireless" google-query: intitle:"ruckus wireless" tags: cve2023,cve,ruckus,rce,kev,ruckuswireless diff --git a/http/cves/2023/CVE-2023-26035.yaml b/http/cves/2023/CVE-2023-26035.yaml index 61bf0bff810..d3db02314f0 100644 --- a/http/cves/2023/CVE-2023-26035.yaml +++ b/http/cves/2023/CVE-2023-26035.yaml @@ -3,7 +3,7 @@ id: CVE-2023-26035 info: name: ZoneMinder Snapshots - Command Injection author: Unblvr1,whotwagner - severity: high + severity: critical description: | ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. remediation: This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33. @@ -14,12 +14,12 @@ info: - https://github.com/rvizx/CVE-2023-26035 - https://nvd.nist.gov/vuln/detail/CVE-2023-26035 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N - cvss-score: 7.2 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2023-26035 cwe-id: CWE-862 - epss-score: 0.54612 - epss-percentile: 0.97866 + epss-score: 0.96928 + epss-percentile: 0.99718 cpe: cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:* metadata: verified: true @@ -27,14 +27,9 @@ info: vendor: zoneminder product: zoneminder shodan-query: + - html:"ZM - Login" - http.html:"zm - login" - - http.favicon.hash:"-1218152116" - - http.title:"zoneminder" - fofa-query: - - body="zm - login" - - icon_hash="-1218152116" - - title="zoneminder" - google-query: intitle:"zoneminder" + fofa-query: body="zm - login" tags: cve,cve2023,rce,zoneminder,unauth,packetstorm flow: http(1) && http(2) diff --git a/http/cves/2023/CVE-2023-26067.yaml b/http/cves/2023/CVE-2023-26067.yaml index 2a6856b4ddd..b0c716b2f3d 100644 --- a/http/cves/2023/CVE-2023-26067.yaml +++ b/http/cves/2023/CVE-2023-26067.yaml @@ -21,15 +21,17 @@ info: cvss-score: 8.1 cve-id: CVE-2023-26067 cwe-id: CWE-20 - epss-score: 0.91931 - epss-percentile: 0.99671 + epss-score: 0.10331 + epss-percentile: 0.94831 cpe: cpe:2.3:o:lexmark:cxtpc_firmware:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: lexmark product: cxtpc_firmware - shodan-query: server:"lexmark_web_server" + shodan-query: + - "Server: Lexmark_Web_Server" + - "server: lexmark_web_server" tags: cve2023,cve,printer,iot,lexmark variables: cmd: 'nslookup {{interactsh-url}}' diff --git a/http/cves/2023/CVE-2023-2624.yaml b/http/cves/2023/CVE-2023-2624.yaml index 42bf8b7cc5e..d6dd3b0bdf9 100644 --- a/http/cves/2023/CVE-2023-2624.yaml +++ b/http/cves/2023/CVE-2023-2624.yaml @@ -14,23 +14,20 @@ info: - https://wpscan.com/vulnerability/dc3a841d-a95b-462e-be4b-acaa44e77264 - http://packetstormsecurity.com/files/174895/WordPress-KiviCare-3.2.0-Cross-Site-Scripting.html - https://nvd.nist.gov/vuln/detail/CVE-2023-2624 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-2624 - epss-score: 0.08213 - epss-percentile: 0.91748 + epss-score: 0.00111 + epss-percentile: 0.43753 cpe: cpe:2.3:a:iqonic:kivicare:*:*:*:*:*:wordpress:*:* metadata: - verified: true max-request: 2 + verified: true vendor: iqonic product: kivicare framework: wordpress - fofa-query: body="/wp-content/plugins/kivicare-clinic-management-system" - shodan-query: http.html:"/wp-content/plugins/kivicare-clinic-management-system" - tags: wpscan,packetstorm,cve,cve2023,kivicare,wp,wp-plugin,wordpress,authenticated,xss,iqonic + tags: cve,cve2023,kivicare,wp,wp-plugin,wordpress,wpscan,authenticated http: - raw: diff --git a/http/cves/2023/CVE-2023-26255.yaml b/http/cves/2023/CVE-2023-26255.yaml index 8f8205b362b..b663093d63b 100644 --- a/http/cves/2023/CVE-2023-26255.yaml +++ b/http/cves/2023/CVE-2023-26255.yaml @@ -29,7 +29,9 @@ info: vendor: stagil product: stagil_navigation framework: jira - shodan-query: http.title:"jira" + shodan-query: + - title:Jira + - http.title:jira fofa-query: title=jira google-query: intitle:jira tags: cve2023,cve,lfi,jira,cms,atlassian,stagil diff --git a/http/cves/2023/CVE-2023-26256.yaml b/http/cves/2023/CVE-2023-26256.yaml index 30346ea7fc4..f2dcfc1c4f9 100644 --- a/http/cves/2023/CVE-2023-26256.yaml +++ b/http/cves/2023/CVE-2023-26256.yaml @@ -21,15 +21,17 @@ info: cvss-score: 7.5 cve-id: CVE-2023-26256 cwe-id: CWE-22 - epss-score: 0.90109 - epss-percentile: 0.99555 + epss-score: 0.01419 + epss-percentile: 0.86483 cpe: cpe:2.3:a:stagil:stagil_navigation:*:*:*:*:*:jira:*:* metadata: max-request: 1 vendor: stagil product: stagil_navigation framework: jira - shodan-query: http.title:"jira" + shodan-query: + - title:Jira + - http.title:jira fofa-query: title=jira google-query: intitle:jira tags: cve,cve2023,lfi,jira,cms,atlassian,stagil diff --git a/http/cves/2023/CVE-2023-26347.yaml b/http/cves/2023/CVE-2023-26347.yaml index 050472ca1f8..ae73bb8053e 100644 --- a/http/cves/2023/CVE-2023-26347.yaml +++ b/http/cves/2023/CVE-2023-26347.yaml @@ -16,8 +16,8 @@ info: cvss-score: 7.5 cve-id: CVE-2023-26347 cwe-id: CWE-284 - epss-score: 0.88502 - epss-percentile: 0.99458 + epss-score: 0.00415 + epss-percentile: 0.73972 cpe: cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:* metadata: verified: true @@ -25,10 +25,12 @@ info: vendor: adobe product: coldfusion shodan-query: + - http.component:"Adobe ColdFusion" - http.component:"adobe coldfusion" - http.title:"coldfusion administrator login" - cpe:"cpe:2.3:a:adobe:coldfusion" fofa-query: + - app="Adobe-ColdFusion" - app="adobe-coldfusion" - title="coldfusion administrator login" google-query: intitle:"coldfusion administrator login" diff --git a/http/cves/2023/CVE-2023-26360.yaml b/http/cves/2023/CVE-2023-26360.yaml index 89b84f30d2d..2dc560baf8d 100644 --- a/http/cves/2023/CVE-2023-26360.yaml +++ b/http/cves/2023/CVE-2023-26360.yaml @@ -26,18 +26,17 @@ info: cpe: cpe:2.3:a:adobe:coldfusion:2018:-:*:*:*:*:*:* metadata: verified: true - max-request: 5 + max-request: 1 vendor: adobe product: coldfusion shodan-query: - - '[http.component:"adobe coldfusion" http.component:"adobe coldfusion" http.title:"coldfusion administrator login" cpe:"cpe:2.3:a:adobe:coldfusion"]' - - cpe:"cpe:2.3:a:adobe:coldfusion" + - http.component:"Adobe ColdFusion" - http.component:"adobe coldfusion" - http.title:"coldfusion administrator login" + - cpe:"cpe:2.3:a:adobe:coldfusion" fofa-query: - - '[title="coldfusion administrator login" app="adobe-coldfusion"]' - - app="adobe-coldfusion" - title="coldfusion administrator login" + - app="adobe-coldfusion" google-query: intitle:"coldfusion administrator login" tags: cve2023,cve,packetstorm,adobe,coldfusion,lfi,kev diff --git a/http/cves/2023/CVE-2023-26469.yaml b/http/cves/2023/CVE-2023-26469.yaml index 8dbb08c3268..5c10aaa8216 100644 --- a/http/cves/2023/CVE-2023-26469.yaml +++ b/http/cves/2023/CVE-2023-26469.yaml @@ -21,20 +21,16 @@ info: cvss-score: 9.8 cve-id: CVE-2023-26469 cwe-id: CWE-22 - epss-score: 0.93695 - epss-percentile: 0.99836 + epss-score: 0.9424 + epss-percentile: 0.99175 cpe: cpe:2.3:a:jorani:jorani:1.0.0:*:*:*:*:*:*:* metadata: verified: true max-request: 3 vendor: jorani product: jorani - shodan-query: - - http.favicon.hash:"-2032163853" - - http.html:"login - jorani" - fofa-query: - - icon_hash=-2032163853 - - body="login - jorani" + shodan-query: http.favicon.hash:-2032163853 + fofa-query: icon_hash=-2032163853 tags: cve2023,cve,jorani,rce,packetstorm variables: payload: "" diff --git a/http/cves/2023/CVE-2023-2648.yaml b/http/cves/2023/CVE-2023-2648.yaml index 4a96e9d2105..e185996c14f 100644 --- a/http/cves/2023/CVE-2023-2648.yaml +++ b/http/cves/2023/CVE-2023-2648.yaml @@ -3,7 +3,7 @@ id: CVE-2023-2648 info: name: Weaver E-Office 9.5 - Remote Code Execution author: ritikchaddha - severity: medium + severity: critical description: | A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. impact: | @@ -17,12 +17,12 @@ info: - https://vuldb.com/?id.228777 - https://github.com/bingtangbanli/cve-2023-2523-and-cve-2023-2648 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L - cvss-score: 6.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2023-2648 cwe-id: CWE-434 - epss-score: 0.92333 - epss-percentile: 0.99705 + epss-score: 0.08638 + epss-percentile: 0.94483 cpe: cpe:2.3:a:weaver:e-office:9.5:*:*:*:*:*:*:* metadata: verified: true @@ -30,8 +30,8 @@ info: vendor: weaver product: e-office fofa-query: + - app="泛微-EOffice" - app="泛微-eoffice" - - app="泛微-协同办公oa" tags: cve2023,cve,weaver,eoffice,ecology,fileupload,rce,intrusive variables: file: '{{rand_base(5, "abc")}}' diff --git a/http/cves/2023/CVE-2023-26842.yaml b/http/cves/2023/CVE-2023-26842.yaml index d00d7aa8673..8afc8a29b8c 100644 --- a/http/cves/2023/CVE-2023-26842.yaml +++ b/http/cves/2023/CVE-2023-26842.yaml @@ -19,8 +19,8 @@ info: cvss-score: 5.4 cve-id: CVE-2023-26842 cwe-id: CWE-79 - epss-score: 0.08291 - epss-percentile: 0.91791 + epss-score: 0.00169 + epss-percentile: 0.53813 cpe: cpe:2.3:a:churchcrm:churchcrm:4.5.3:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-26843.yaml b/http/cves/2023/CVE-2023-26843.yaml index db1f22d87c8..eeafcd70e01 100644 --- a/http/cves/2023/CVE-2023-26843.yaml +++ b/http/cves/2023/CVE-2023-26843.yaml @@ -21,8 +21,8 @@ info: cvss-score: 5.4 cve-id: CVE-2023-26843 cwe-id: CWE-79 - epss-score: 0.07355 - epss-percentile: 0.91212 + epss-score: 0.00264 + epss-percentile: 0.66076 cpe: cpe:2.3:a:churchcrm:churchcrm:4.5.3:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-27008.yaml b/http/cves/2023/CVE-2023-27008.yaml index c037288963b..9dcc820c7a8 100644 --- a/http/cves/2023/CVE-2023-27008.yaml +++ b/http/cves/2023/CVE-2023-27008.yaml @@ -14,21 +14,22 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2023-27008 - https://plantplants213607121.wordpress.com/2023/02/16/atutor-2-2-1-cross-site-scripting-via-the-token-body-parameter/ - https://github.com/ARPSyndicate/cvemon - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-27008 cwe-id: CWE-79 - epss-score: 0.25117 - epss-percentile: 0.95876 + epss-score: 0.00133 + epss-percentile: 0.48375 cpe: cpe:2.3:a:atutor:atutor:2.2.1:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: atutor product: atutor - shodan-query: http.html:"atutor" + shodan-query: + - http.html:"Atutor" + - http.html:"atutor" fofa-query: body="atutor" tags: cve,cve2023,xss,atutor diff --git a/http/cves/2023/CVE-2023-27032.yaml b/http/cves/2023/CVE-2023-27032.yaml index 64ce2867b4f..91cdb319788 100644 --- a/http/cves/2023/CVE-2023-27032.yaml +++ b/http/cves/2023/CVE-2023-27032.yaml @@ -14,8 +14,8 @@ info: cvss-score: 9.8 cve-id: CVE-2023-27032 cwe-id: CWE-89 - epss-score: 0.38387 - epss-percentile: 0.97038 + epss-score: 0.01979 + epss-percentile: 0.88753 cpe: cpe:2.3:a:idnovate:popup_module_\(on_entering\,_exit_popup\,_add_product\)_and_newsletter:*:*:*:*:*:prestashop:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-27034.yaml b/http/cves/2023/CVE-2023-27034.yaml index faec247f194..3cdb0c5b915 100644 --- a/http/cves/2023/CVE-2023-27034.yaml +++ b/http/cves/2023/CVE-2023-27034.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2023-27034 cwe-id: CWE-89 - epss-score: 0.89821 - epss-percentile: 0.99534 + epss-score: 0.01204 + epss-percentile: 0.85171 cpe: cpe:2.3:a:joommasters:jms_blog:2.5.5:*:*:*:*:prestashop:*:* metadata: max-request: 2 @@ -30,6 +30,7 @@ info: product: jms_blog framework: prestashop tags: time-based-sqli,cve2023,cve,prestashop,prestashop-module,sqli,intrusive,joommasters + flow: http(1) && http(2) http: diff --git a/http/cves/2023/CVE-2023-27159.yaml b/http/cves/2023/CVE-2023-27159.yaml index 6724f261478..a80173bba5d 100644 --- a/http/cves/2023/CVE-2023-27159.yaml +++ b/http/cves/2023/CVE-2023-27159.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.5 cve-id: CVE-2023-27159 cwe-id: CWE-918 - epss-score: 0.76972 - epss-percentile: 0.98888 + epss-score: 0.00418 + epss-percentile: 0.74069 cpe: cpe:2.3:a:appwrite:appwrite:*:*:*:*:*:*:*:* metadata: verified: true @@ -30,8 +30,9 @@ info: vendor: appwrite product: appwrite shodan-query: + - title:"Sign In - Appwrite" - http.title:"sign in - appwrite" - - http.favicon.hash:"-633108100" + - http.favicon.hash:-633108100 fofa-query: - icon_hash=-633108100 - title="sign in - appwrite" diff --git a/http/cves/2023/CVE-2023-27292.yaml b/http/cves/2023/CVE-2023-27292.yaml index 2281ff657bd..ae1eee2cc82 100644 --- a/http/cves/2023/CVE-2023-27292.yaml +++ b/http/cves/2023/CVE-2023-27292.yaml @@ -27,7 +27,9 @@ info: max-request: 2 vendor: opencats product: opencats - shodan-query: http.title:"opencats" + shodan-query: + - title:"opencats" + - http.title:"opencats" fofa-query: title="opencats" google-query: intitle:"opencats" tags: cve2023,cve,authenticated,tenable,opencats,redirect diff --git a/http/cves/2023/CVE-2023-2732.yaml b/http/cves/2023/CVE-2023-2732.yaml index ac61226db24..d37ae1191da 100644 --- a/http/cves/2023/CVE-2023-2732.yaml +++ b/http/cves/2023/CVE-2023-2732.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2023-2732 cwe-id: CWE-288,NVD-CWE-Other - epss-score: 0.91301 - epss-percentile: 0.99623 + epss-score: 0.18921 + epss-percentile: 0.96241 cpe: cpe:2.3:a:inspireui:mstore_api:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -30,10 +30,9 @@ info: vendor: inspireui product: mstore_api framework: wordpress - shodan-query: http.html:"/wp-content/plugins/mstore-api/" - fofa-query: body=/wp-content/plugins/mstore-api/ publicwww-query: /wp-content/plugins/mstore-api/ - google-query: inurl:/wp-content/plugins/mstore-api/ + shodan-query: http.html:/wp-content/plugins/mstore-api/ + fofa-query: body=/wp-content/plugins/mstore-api/ tags: cve2023,cve,wordpress,wp,wp-plugin,auth-bypass,mstore-api,inspireui http: diff --git a/http/cves/2023/CVE-2023-27350.yaml b/http/cves/2023/CVE-2023-27350.yaml index e7abbc4d936..4b942bb4aab 100644 --- a/http/cves/2023/CVE-2023-27350.yaml +++ b/http/cves/2023/CVE-2023-27350.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2023-27350 cwe-id: CWE-284,NVD-CWE-Other - epss-score: 0.94257 - epss-percentile: 0.99922 + epss-score: 0.97107 + epss-percentile: 0.99783 cpe: cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:* metadata: verified: true @@ -30,15 +30,13 @@ info: vendor: papercut product: papercut_mf shodan-query: + - http.html:"PaperCut" - http.html:"papercut" - http.html:"content=\"papercut\"" - cpe:"cpe:2.3:a:papercut:papercut_mf" - - http.title:"papercut" fofa-query: - body="papercut" - body="content=\"papercut\"" - - title="papercut" - google-query: intitle:"papercut" tags: cve2023,cve,packetstorm,papercut,rce,oast,unauth,kev variables: cmd: "nslookup {{interactsh-url}}" diff --git a/http/cves/2023/CVE-2023-27372.yaml b/http/cves/2023/CVE-2023-27372.yaml index c6badcfea40..fcdba6d3b63 100644 --- a/http/cves/2023/CVE-2023-27372.yaml +++ b/http/cves/2023/CVE-2023-27372.yaml @@ -20,8 +20,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-27372 - epss-score: 0.93217 - epss-percentile: 0.99787 + epss-score: 0.97376 + epss-percentile: 0.99905 cpe: cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:* metadata: verified: "true" @@ -29,11 +29,10 @@ info: vendor: spip product: spip shodan-query: + - html:"spip.php?page=backend" - http.html:"spip.php?page=backend" - cpe:"cpe:2.3:a:spip:spip" - fofa-query: - - body="spip.php?page=backend" - - app="spip" + fofa-query: body="spip.php?page=backend" tags: cve,cve2023,packetstorm,spip,rce http: diff --git a/http/cves/2023/CVE-2023-2745.yaml b/http/cves/2023/CVE-2023-2745.yaml index 68dccf7d165..58b93effa57 100644 --- a/http/cves/2023/CVE-2023-2745.yaml +++ b/http/cves/2023/CVE-2023-2745.yaml @@ -11,27 +11,15 @@ info: reference: - https://nvd.nist.gov/vuln/detail/CVE-2023-2745 - https://www.cvedetails.com/cve/CVE-2023-2745/ - - http://packetstormsecurity.com/files/172426/WordPress-Core-6.2-XSS-CSRF-Directory-Traversal.html - - https://lists.debian.org/debian-lts-announce/2023/06/msg00024.html - - https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/ classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N - cvss-score: 5.4 - cve-id: CVE-2023-2745 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cwe-id: CWE-22 - epss-score: 0.66239 - epss-percentile: 0.98401 - cpe: cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* metadata: max-request: 3 - vendor: wordpress - product: wordpress framework: wordpress - shodan-query: - - cpe:"cpe:2.3:a:wordpress:wordpress" - - http.component:"wordpress" - fofa-query: body="oembed" && body="wp-" tags: cve,cve2023,wpscan,disclosure,wp,wordpress,lfi + flow: http(1) && http(2) http: diff --git a/http/cves/2023/CVE-2023-27482.yaml b/http/cves/2023/CVE-2023-27482.yaml index 6ee440dba46..79ce9a00417 100644 --- a/http/cves/2023/CVE-2023-27482.yaml +++ b/http/cves/2023/CVE-2023-27482.yaml @@ -22,8 +22,8 @@ info: cvss-score: 10 cve-id: CVE-2023-27482 cwe-id: CWE-287 - epss-score: 0.89478 - epss-percentile: 0.99514 + epss-score: 0.03385 + epss-percentile: 0.91419 cpe: cpe:2.3:a:home-assistant:home-assistant:*:*:*:*:*:*:*:* metadata: verified: true @@ -31,6 +31,7 @@ info: vendor: home-assistant product: home-assistant shodan-query: + - title:"Home Assistant" - http.title:"home assistant" - cpe:"cpe:2.3:a:home-assistant:home-assistant" fofa-query: title="home assistant" diff --git a/http/cves/2023/CVE-2023-27524.yaml b/http/cves/2023/CVE-2023-27524.yaml index 5fde319390e..1adb8a29693 100644 --- a/http/cves/2023/CVE-2023-27524.yaml +++ b/http/cves/2023/CVE-2023-27524.yaml @@ -3,7 +3,7 @@ id: CVE-2023-27524 info: name: Apache Superset - Authentication Bypass author: DhiyaneshDK,_0xf4n9x_ - severity: high + severity: critical description: Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config. impact: | Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to sensitive information. @@ -16,12 +16,12 @@ info: - http://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html - http://www.openwall.com/lists/oss-security/2023/04/24/2 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L - cvss-score: 8.9 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2023-27524 cwe-id: CWE-1188 - epss-score: 0.80255 - epss-percentile: 0.99055 + epss-score: 0.97095 + epss-percentile: 0.99777 cpe: cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:* metadata: verified: true @@ -29,12 +29,12 @@ info: vendor: apache product: superset shodan-query: + - html:"Apache Superset" + - http.favicon.hash:1582430156 - http.html:"apache superset" - - http.favicon.hash:"1582430156" fofa-query: - body="apache superset" - icon_hash=1582430156 - - icon_hash="1582430156" tags: packetstorm,cve,cve2023,apache,superset,auth-bypass,kev http: diff --git a/http/cves/2023/CVE-2023-27584.yaml b/http/cves/2023/CVE-2023-27584.yaml index 51b783ab8b2..dc8a6afb8ae 100644 --- a/http/cves/2023/CVE-2023-27584.yaml +++ b/http/cves/2023/CVE-2023-27584.yaml @@ -11,22 +11,18 @@ info: - https://github.com/dragonflyoss/Dragonfly2/releases/tag/v2.0.9 - https://github.com/dragonflyoss/Dragonfly2/security/advisories/GHSA-hpc8-7wpm-889w - https://nvd.nist.gov/vuln/detail/cve-2023-27584 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-27584 - cwe-id: CWE-321,CWE-798 - epss-score: 0.37582 - epss-percentile: 0.96986 - cpe: cpe:2.3:a:linuxfoundation:dragonfly:*:*:*:*:*:go:*:* + cwe-id: CWE-321 + epss-score: 0.00043 + epss-percentile: 0.09612 metadata: - verified: true max-request: 1 - vendor: linuxfoundation - product: dragonfly - framework: go + verified: true tags: cve,cve2023,dragonfly,exposure,jwt,secret + variables: orig_iat: '{{to_unix_time(unixtime())}}' exp: '{{to_number(orig_iat)+4000 }}' diff --git a/http/cves/2023/CVE-2023-27639.yaml b/http/cves/2023/CVE-2023-27639.yaml index 8d0db9c1225..5c5d9931359 100644 --- a/http/cves/2023/CVE-2023-27639.yaml +++ b/http/cves/2023/CVE-2023-27639.yaml @@ -15,8 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2023-27639 cwe-id: CWE-22 - epss-score: 0.81762 - epss-percentile: 0.99128 + epss-score: 0.04552 + epss-percentile: 0.92497 cpe: cpe:2.3:a:tshirtecommerce:custom_product_designer:*:*:*:*:*:prestashop:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-27640.yaml b/http/cves/2023/CVE-2023-27640.yaml index 9ed5543b3d9..e4ca7951963 100644 --- a/http/cves/2023/CVE-2023-27640.yaml +++ b/http/cves/2023/CVE-2023-27640.yaml @@ -15,8 +15,8 @@ info: cvss-score: 7.5 cve-id: CVE-2023-27640 cwe-id: CWE-22 - epss-score: 0.81762 - epss-percentile: 0.99128 + epss-score: 0.04552 + epss-percentile: 0.92497 cpe: cpe:2.3:a:tshirtecommerce:custom_product_designer:*:*:*:*:*:prestashop:*:* metadata: max-request: 1 diff --git a/http/cves/2023/CVE-2023-27641.yaml b/http/cves/2023/CVE-2023-27641.yaml index d44cfc6be88..a9016da5867 100644 --- a/http/cves/2023/CVE-2023-27641.yaml +++ b/http/cves/2023/CVE-2023-27641.yaml @@ -22,10 +22,9 @@ info: epss-percentile: 0.28723 cpe: cpe:2.3:a:lsoft:listserv:*:*:*:*:*:*:*:* metadata: - max-request: 1 vendor: lsoft product: listserv - shodan-query: http.html:"listserv" + shodan-query: http.html:"LISTSERV" fofa-query: body="listserv" tags: cve2023,cve,xss,listserv,edb,lsoft diff --git a/http/cves/2023/CVE-2023-2766.yaml b/http/cves/2023/CVE-2023-2766.yaml index 6bef42314c1..e5c2d3f91dd 100644 --- a/http/cves/2023/CVE-2023-2766.yaml +++ b/http/cves/2023/CVE-2023-2766.yaml @@ -27,7 +27,9 @@ info: max-request: 1 vendor: weaver product: weaver_office_automation - fofa-query: app="泛微-eoffice" + fofa-query: + - app="泛微-EOffice" + - app="泛微-eoffice" tags: cve,cve2023,weaver,eoffice,exposure http: diff --git a/http/cves/2023/CVE-2023-2779.yaml b/http/cves/2023/CVE-2023-2779.yaml index 235796df126..8f6a1465e8f 100644 --- a/http/cves/2023/CVE-2023-2779.yaml +++ b/http/cves/2023/CVE-2023-2779.yaml @@ -12,14 +12,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2023-2779 - https://wordpress.org/plugins/super-socializer/ - https://github.com/40826d/advisories - - https://wpscan.com/vulnerability/fe9b7696-3b0e-42e2-9dbc-55167605f5c5/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-2779 cwe-id: CWE-79 - epss-score: 0.17745 - epss-percentile: 0.94754 + epss-score: 0.0083 + epss-percentile: 0.8196 cpe: cpe:2.3:a:heator:social_share\,_social_login_and_social_comments:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -27,7 +26,7 @@ info: vendor: heator product: social_share\,_social_login_and_social_comments framework: wordpress - shodan-query: http.html:"/wp-content/plugins/super-socializer/" + shodan-query: http.html:/wp-content/plugins/super-socializer/ fofa-query: body=/wp-content/plugins/super-socializer/ publicwww-query: "/wp-content/plugins/super-socializer/" tags: cve,cve2023,wpscan,xss,wp,wp-plugin,wordpress,authenticated,super-socializer,heator diff --git a/http/cves/2023/CVE-2023-27847.yaml b/http/cves/2023/CVE-2023-27847.yaml index 8bbf908055c..5bb4f49e1cb 100644 --- a/http/cves/2023/CVE-2023-27847.yaml +++ b/http/cves/2023/CVE-2023-27847.yaml @@ -20,11 +20,12 @@ info: epss-percentile: 0.91818 metadata: verified: true - max-request: 3 + max-request: 2 framework: prestashop shodan-query: html:"/xipblog" fofa-query: app="Prestashop" tags: time-based-sqli,cve,cve2023,prestashop,sqli,xipblog + flow: http(1) && http(2) variables: diff --git a/http/cves/2023/CVE-2023-27922.yaml b/http/cves/2023/CVE-2023-27922.yaml index fa24a87a748..b6d7e8c183a 100644 --- a/http/cves/2023/CVE-2023-27922.yaml +++ b/http/cves/2023/CVE-2023-27922.yaml @@ -25,7 +25,7 @@ info: vendor: thenewsletterplugin product: newsletter framework: wordpress - shodan-query: http.html:"/wp-content/plugins/newsletter/" + shodan-query: http.html:/wp-content/plugins/newsletter/ fofa-query: body=/wp-content/plugins/newsletter/ publicwww-query: /wp-content/plugins/newsletter/ tags: cve2023,cve,wpscan,wordpress,wp,wp-plugin,xss,newsletter,authenticated,thenewsletterplugin diff --git a/http/cves/2023/CVE-2023-2796.yaml b/http/cves/2023/CVE-2023-2796.yaml index 74ee9cb0e0d..19b56c93b7e 100644 --- a/http/cves/2023/CVE-2023-2796.yaml +++ b/http/cves/2023/CVE-2023-2796.yaml @@ -20,8 +20,8 @@ info: cvss-score: 5.3 cve-id: CVE-2023-2796 cwe-id: CWE-862 - epss-score: 0.79039 - epss-percentile: 0.98994 + epss-score: 0.03205 + epss-percentile: 0.91193 cpe: cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -30,9 +30,9 @@ info: product: eventon framework: wordpress shodan-query: - - vuln:"cve-2023-2796" - - http.html:"/wp-content/plugins/eventon-lite/" - - http.html:"/wp-content/plugins/eventon/" + - 'vuln:CVE-2023-2796' + - http.html:/wp-content/plugins/eventon-lite/ + - http.html:/wp-content/plugins/eventon/ fofa-query: - "wp-content/plugins/eventon/" - body=/wp-content/plugins/eventon/ diff --git a/http/cves/2023/CVE-2023-28121.yaml b/http/cves/2023/CVE-2023-28121.yaml index 6b035970c5c..f88a45068a0 100644 --- a/http/cves/2023/CVE-2023-28121.yaml +++ b/http/cves/2023/CVE-2023-28121.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2023-28121 cwe-id: CWE-287 - epss-score: 0.93462 - epss-percentile: 0.9981 + epss-score: 0.94133 + epss-percentile: 0.99162 cpe: cpe:2.3:a:automattic:woocommerce_payments:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -30,7 +30,7 @@ info: vendor: automattic product: woocommerce_payments framework: wordpress - shodan-query: http.html:"/wp-content/plugins/woocommerce-payments" + shodan-query: http.html:/wp-content/plugins/woocommerce-payments fofa-query: body=/wp-content/plugins/woocommerce-payments publicwww-query: /wp-content/plugins/woocommerce-payments google-query: inurl:/wp-content/plugins/woocommerce-payments diff --git a/http/cves/2023/CVE-2023-2813.yaml b/http/cves/2023/CVE-2023-2813.yaml index 84ebf7ece51..cefdce0c4f4 100644 --- a/http/cves/2023/CVE-2023-2813.yaml +++ b/http/cves/2023/CVE-2023-2813.yaml @@ -17,8 +17,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-2813 cwe-id: CWE-79 - epss-score: 0.01661 - epss-percentile: 0.81145 + epss-score: 0.00127 + epss-percentile: 0.47427 cpe: cpe:2.3:a:ajaydsouza:connections_reloaded:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-2822.yaml b/http/cves/2023/CVE-2023-2822.yaml index 178971cc3b6..5069e805412 100644 --- a/http/cves/2023/CVE-2023-2822.yaml +++ b/http/cves/2023/CVE-2023-2822.yaml @@ -27,7 +27,9 @@ info: max-request: 1 vendor: ellucian product: ethos_identity - shodan-query: http.html:"ellucian company" + shodan-query: + - html:"Ellucian Company" + - http.html:"ellucian company" fofa-query: body="ellucian company" google-query: "login with ellucian ethos identity" tags: cve2023,cve,cas,xss,ellucian diff --git a/http/cves/2023/CVE-2023-2825.yaml b/http/cves/2023/CVE-2023-2825.yaml index 22703820607..b95b8987689 100644 --- a/http/cves/2023/CVE-2023-2825.yaml +++ b/http/cves/2023/CVE-2023-2825.yaml @@ -3,7 +3,7 @@ id: CVE-2023-2825 info: name: GitLab 16.0.0 - Path Traversal author: DhiyaneshDk,rootxharsh,iamnoooob,pdresearch - severity: critical + severity: high description: | An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups remediation: | @@ -15,12 +15,12 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2023-2825 - https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2825.json classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N - cvss-score: 10 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 cve-id: CVE-2023-2825 cwe-id: CWE-22 - epss-score: 0.93305 - epss-percentile: 0.99795 + epss-score: 0.12203 + epss-percentile: 0.95384 cpe: cpe:2.3:a:gitlab:gitlab:16.0.0:*:*:*:community:*:*:* metadata: verified: true @@ -28,14 +28,10 @@ info: vendor: gitlab product: gitlab shodan-query: - - http.title:"gitlab" + - title:"Gitlab" - cpe:"cpe:2.3:a:gitlab:gitlab" - - http.html:"gitlab enterprise edition" - - http.html:"gitlab-ci.yml" - fofa-query: - - title="gitlab" - - body="gitlab enterprise edition" - - body="gitlab-ci.yml" + - http.title:"gitlab" + fofa-query: title="gitlab" google-query: intitle:"gitlab" tags: cve2023,cve,gitlab,lfi,authenticated,intrusive variables: diff --git a/http/cves/2023/CVE-2023-28343.yaml b/http/cves/2023/CVE-2023-28343.yaml index aad2d45da28..57b75ededdc 100644 --- a/http/cves/2023/CVE-2023-28343.yaml +++ b/http/cves/2023/CVE-2023-28343.yaml @@ -21,16 +21,20 @@ info: cvss-score: 9.8 cve-id: CVE-2023-28343 cwe-id: CWE-78 - epss-score: 0.93791 - epss-percentile: 0.99848 + epss-score: 0.84636 + epss-percentile: 0.98506 cpe: cpe:2.3:o:apsystems:energy_communication_unit_firmware:c1.2.5:*:*:*:*:*:*:* metadata: max-request: 1 vendor: apsystems product: energy_communication_unit_firmware - shodan-query: http.title:"altenergy power control software" + shodan-query: + - title:"Altenergy Power Control Software" + - http.title:"altenergy power control software" fofa-query: title="altenergy power control software" - google-query: intitle:"altenergy power control software" + google-query: + - intitle:"Altenergy Power Control Software" + - intitle:"altenergy power control software" tags: cve,cve2023,oast,altenergy,iot,packetstorm,apsystems http: diff --git a/http/cves/2023/CVE-2023-28432.yaml b/http/cves/2023/CVE-2023-28432.yaml index 02d23abb0a9..232468ae551 100644 --- a/http/cves/2023/CVE-2023-28432.yaml +++ b/http/cves/2023/CVE-2023-28432.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2023-28432 cwe-id: CWE-200,NVD-CWE-noinfo - epss-score: 0.9386 - epss-percentile: 0.99856 + epss-score: 0.93873 + epss-percentile: 0.9913 cpe: cpe:2.3:a:minio:minio:*:*:*:*:*:*:*:* metadata: verified: true @@ -29,15 +29,15 @@ info: vendor: minio product: minio shodan-query: - - http.title:"minio console" + - title:"Minio Console" - http.title:"minio browser" - cpe:"cpe:2.3:a:minio:minio" - - http.html:"symfony profiler" + - http.title:"minio console" fofa-query: + - app="Minio" - app="minio" - title="minio browser" - title="minio console" - - body="symfony profiler" google-query: - intitle:"minio browser" - intitle:"minio console" diff --git a/http/cves/2023/CVE-2023-28662.yaml b/http/cves/2023/CVE-2023-28662.yaml index 9294a6acbb0..d2fefd544b0 100644 --- a/http/cves/2023/CVE-2023-28662.yaml +++ b/http/cves/2023/CVE-2023-28662.yaml @@ -15,14 +15,13 @@ info: - https://wordpress.org/plugins/gift-voucher/ - https://github.com/ARPSyndicate/cvemon - https://github.com/JoshuaMart/JoshuaMart - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-28662 cwe-id: CWE-89 - epss-score: 0.68328 - epss-percentile: 0.98486 + epss-score: 0.01065 + epss-percentile: 0.8414 cpe: cpe:2.3:a:codemenschen:gift_vouchers:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2023/CVE-2023-28665.yaml b/http/cves/2023/CVE-2023-28665.yaml index a0908ee6750..2c5cbfedeb2 100644 --- a/http/cves/2023/CVE-2023-28665.yaml +++ b/http/cves/2023/CVE-2023-28665.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2023-28665 - https://github.com/JoshuaMart/JoshuaMart - https://github.com/ARPSyndicate/cvemon - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2023-28665 cwe-id: CWE-79 - epss-score: 0.16968 - epss-percentile: 0.946 + epss-score: 0.00092 + epss-percentile: 0.39168 cpe: cpe:2.3:a:technocrackers:bulk_price_update_for_woocommerce:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-29084.yaml b/http/cves/2023/CVE-2023-29084.yaml index 03a8cae506d..b2bfb2fb0df 100644 --- a/http/cves/2023/CVE-2023-29084.yaml +++ b/http/cves/2023/CVE-2023-29084.yaml @@ -21,16 +21,13 @@ info: cvss-score: 7.2 cve-id: CVE-2023-29084 cwe-id: CWE-77 - epss-score: 0.93798 - epss-percentile: 0.99849 + epss-score: 0.37079 + epss-percentile: 0.97178 cpe: cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:* metadata: max-request: 3 vendor: zohocorp product: manageengine_admanager_plus - shodan-query: http.title:"manageengine" - fofa-query: title="manageengine" - google-query: intitle:"manageengine" tags: cve,cve2023,packetstorm,manageengine,admanager,rce,oast,authenticated,zohocorp variables: cmd: "nslookup.exe {{interactsh-url}} 1.1.1.1" diff --git a/http/cves/2023/CVE-2023-29204.yaml b/http/cves/2023/CVE-2023-29204.yaml index a926ee48e37..6c0174c8920 100644 --- a/http/cves/2023/CVE-2023-29204.yaml +++ b/http/cves/2023/CVE-2023-29204.yaml @@ -24,12 +24,10 @@ info: epss-percentile: 0.39237 cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* metadata: - max-request: 2 + max-request: 1 vendor: xwiki product: xwiki - shodan-query: - - http.html:"data-xwiki-reference" - - xwiki + shodan-query: html:"data-xwiki-reference" fofa-query: body="data-xwiki-reference" tags: cve,cve2023,xwiki,redirect diff --git a/http/cves/2023/CVE-2023-29298.yaml b/http/cves/2023/CVE-2023-29298.yaml index 0dcdbc6cb0d..3c269668859 100644 --- a/http/cves/2023/CVE-2023-29298.yaml +++ b/http/cves/2023/CVE-2023-29298.yaml @@ -29,10 +29,12 @@ info: vendor: adobe product: coldfusion shodan-query: + - http.component:"Adobe ColdFusion" - http.component:"adobe coldfusion" - http.title:"coldfusion administrator login" - cpe:"cpe:2.3:a:adobe:coldfusion" fofa-query: + - app="Adobe-ColdFusion" - app="adobe-coldfusion" - title="coldfusion administrator login" google-query: intitle:"coldfusion administrator login" diff --git a/http/cves/2023/CVE-2023-29300.yaml b/http/cves/2023/CVE-2023-29300.yaml index c4f4ccf32a0..f62bbc43ef3 100644 --- a/http/cves/2023/CVE-2023-29300.yaml +++ b/http/cves/2023/CVE-2023-29300.yaml @@ -21,18 +21,20 @@ info: cvss-score: 9.8 cve-id: CVE-2023-29300 cwe-id: CWE-502 - epss-score: 0.92907 - epss-percentile: 0.99755 - cpe: cpe:2.3:a:adobe:coldfusion:2018:-:*:*:*:*:*:* + epss-score: 0.9695 + epss-percentile: 0.99724 + cpe: cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: adobe product: coldfusion shodan-query: + - http.component:"Adobe ColdFusion" - http.component:"adobe coldfusion" - http.title:"coldfusion administrator login" - cpe:"cpe:2.3:a:adobe:coldfusion" fofa-query: + - app="Adobe-ColdFusion" - app="adobe-coldfusion" - title="coldfusion administrator login" google-query: intitle:"coldfusion administrator login" diff --git a/http/cves/2023/CVE-2023-29357.yaml b/http/cves/2023/CVE-2023-29357.yaml index 4b4798d9d50..8f6ffa822cb 100644 --- a/http/cves/2023/CVE-2023-29357.yaml +++ b/http/cves/2023/CVE-2023-29357.yaml @@ -25,9 +25,11 @@ info: vendor: microsoft product: sharepoint_server shodan-query: - - http.headers_hash:"-1968878704" + - http.headers_hash:-1968878704 - cpe:"cpe:2.3:a:microsoft:sharepoint_server" - fofa-query: app="microsoft-sharepoint" + fofa-query: + - app="Microsoft-SharePoint" + - app="microsoft-sharepoint" tags: cve,cve2023,microsoft,sharepoint_server,kev variables: client_id: "00000003-0000-0ff1-ce00-000000000000" diff --git a/http/cves/2023/CVE-2023-29439.yaml b/http/cves/2023/CVE-2023-29439.yaml index e95db99e3f5..6c6fdb475e1 100644 --- a/http/cves/2023/CVE-2023-29439.yaml +++ b/http/cves/2023/CVE-2023-29439.yaml @@ -3,7 +3,7 @@ id: CVE-2023-29439 info: name: FooGallery plugin <= 2.2.35 - Cross-Site Scripting author: theamanrawat - severity: high + severity: medium description: | Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.35 versions. reference: @@ -13,12 +13,12 @@ info: - https://patchstack.com/database/vulnerability/foogallery/wordpress-foogallery-plugin-2-2-35-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve - https://github.com/ARPSyndicate/cvemon classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L - cvss-score: 7.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2023-29439 cwe-id: CWE-79 - epss-score: 0.53434 - epss-percentile: 0.97808 + epss-score: 0.00161 + epss-percentile: 0.52668 cpe: cpe:2.3:a:fooplugins:foogallery:*:*:*:*:*:wordpress:*:* metadata: verified: "true" @@ -26,7 +26,7 @@ info: vendor: fooplugins product: foogallery framework: wordpress - shodan-query: http.html:"/wp-content/plugins/foogallery/" + shodan-query: http.html:/wp-content/plugins/foogallery/ fofa-query: body=/wp-content/plugins/foogallery/ publicwww-query: "/wp-content/plugins/foogallery/" tags: cve,cve2023,xss,wordpress,wp-plugin,wp,foogallery,authenticated,fooplugins diff --git a/http/cves/2023/CVE-2023-2948.yaml b/http/cves/2023/CVE-2023-2948.yaml index ceb1fbec837..edaf8ead8f2 100644 --- a/http/cves/2023/CVE-2023-2948.yaml +++ b/http/cves/2023/CVE-2023-2948.yaml @@ -15,8 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-2948 cwe-id: CWE-79 - epss-score: 0.83283 - epss-percentile: 0.992 + epss-score: 0.0031 + epss-percentile: 0.69965 cpe: cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:* metadata: verified: true @@ -24,19 +24,16 @@ info: vendor: open-emr product: openemr shodan-query: - - http.favicon.hash:"1971268439" + - http.favicon.hash:1971268439 - http.html:"openemr" - http.title:"openemr" - - http.title:"openemr setup tool" fofa-query: - - app="openemr" + - app="OpenEMR" - body="openemr" - title="openemr" + - app="openemr" - icon_hash=1971268439 - - title="openemr setup tool" - google-query: - - intitle:"openemr" - - intitle:"openemr setup tool" + google-query: intitle:"openemr" tags: cve,cve2023,xss,openemr,open-emr http: diff --git a/http/cves/2023/CVE-2023-29489.yaml b/http/cves/2023/CVE-2023-29489.yaml index 94a4a808c48..fd8509b5075 100644 --- a/http/cves/2023/CVE-2023-29489.yaml +++ b/http/cves/2023/CVE-2023-29489.yaml @@ -30,6 +30,7 @@ info: vendor: cpanel product: cpanel shodan-query: + - "title:\"cPanel\"" - http.title:"cpanel" - cpe:"cpe:2.3:a:cpanel:cpanel" - http.title:"cpanel - api codes" diff --git a/http/cves/2023/CVE-2023-2949.yaml b/http/cves/2023/CVE-2023-2949.yaml index 5d491c1a904..839361bdd42 100644 --- a/http/cves/2023/CVE-2023-2949.yaml +++ b/http/cves/2023/CVE-2023-2949.yaml @@ -15,8 +15,6 @@ info: cvss-score: 6.1 cve-id: CVE-2023-2949 cwe-id: CWE-79 - epss-score: 0.72247 - epss-percentile: 0.98657 cpe: cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:* metadata: verified: true @@ -24,19 +22,16 @@ info: vendor: open-emr product: openemr shodan-query: - - http.favicon.hash:"1971268439" + - http.favicon.hash:1971268439 - http.html:"openemr" - http.title:"openemr" - - http.title:"openemr setup tool" fofa-query: - - app="openemr" + - app="OpenEMR" - body="openemr" - title="openemr" + - app="openemr" - icon_hash=1971268439 - - title="openemr setup tool" - google-query: - - intitle:"openemr" - - intitle:"openemr setup tool" + google-query: intitle:"openemr" tags: cve,cve2023,xss,openemr,open-emr http: diff --git a/http/cves/2023/CVE-2023-29506.yaml b/http/cves/2023/CVE-2023-29506.yaml index 8686354533e..c057ccddafb 100644 --- a/http/cves/2023/CVE-2023-29506.yaml +++ b/http/cves/2023/CVE-2023-29506.yaml @@ -23,16 +23,15 @@ info: epss-percentile: 0.39139 cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 1 + verified: true vendor: xwiki product: xwiki - shodan-query: - - http.html:"data-xwiki-reference" - - xwiki + shodan-query: html:"data-xwiki-reference" fofa-query: body="data-xwiki-reference" tags: cve,cve2023,xwiki,xss + http: - method: GET path: diff --git a/http/cves/2023/CVE-2023-29919.yaml b/http/cves/2023/CVE-2023-29919.yaml index 569db1ad4c5..c12216e60b0 100644 --- a/http/cves/2023/CVE-2023-29919.yaml +++ b/http/cves/2023/CVE-2023-29919.yaml @@ -29,12 +29,8 @@ info: vendor: contec product: solarview_compact shodan-query: - - http.html:"solarview compact" + - http.html:"SolarView Compact" - cpe:"cpe:2.3:h:contec:solarview_compact" - - http.favicon.hash:"-244067125" - fofa-query: - - body="solarview compact" - - icon_hash="-244067125" tags: cve,cve2023,lfi,solarview,edb,contec http: diff --git a/http/cves/2023/CVE-2023-29922.yaml b/http/cves/2023/CVE-2023-29922.yaml index 1137e183d98..69243785928 100644 --- a/http/cves/2023/CVE-2023-29922.yaml +++ b/http/cves/2023/CVE-2023-29922.yaml @@ -21,8 +21,8 @@ info: cvss-score: 5.3 cve-id: CVE-2023-29922 cwe-id: CWE-1188 - epss-score: 0.87724 - epss-percentile: 0.99419 + epss-score: 0.00822 + epss-percentile: 0.81865 cpe: cpe:2.3:a:powerjob:powerjob:4.3.1:*:*:*:*:*:*:* metadata: verified: true @@ -30,13 +30,12 @@ info: vendor: powerjob product: powerjob shodan-query: + - html:"PowerJob" - http.html:"powerjob" - - http.title:"powerjob" fofa-query: + - app="PowerJob" - app="powerjob" - body="powerjob" - - title="powerjob" - google-query: intitle:"powerjob" tags: cve,cve2023,auth-bypass,powerjob variables: str: "{{rand_base(6)}}" diff --git a/http/cves/2023/CVE-2023-29923.yaml b/http/cves/2023/CVE-2023-29923.yaml index ae935ebc0d5..be891a45af1 100644 --- a/http/cves/2023/CVE-2023-29923.yaml +++ b/http/cves/2023/CVE-2023-29923.yaml @@ -29,14 +29,11 @@ info: max-request: 1 vendor: powerjob product: powerjob - shodan-query: - - http.html:"powerjob" - - http.title:"powerjob" + shodan-query: http.html:"powerjob" fofa-query: + - app="PowerJob" - app="powerjob" - body="powerjob" - - title="powerjob" - google-query: intitle:"powerjob" tags: cve2023,cve,powerjob,unauth http: diff --git a/http/cves/2023/CVE-2023-30019.yaml b/http/cves/2023/CVE-2023-30019.yaml index 6d0c109a92f..94d4101b76d 100644 --- a/http/cves/2023/CVE-2023-30019.yaml +++ b/http/cves/2023/CVE-2023-30019.yaml @@ -28,9 +28,8 @@ info: vendor: evilmartians product: imgproxy shodan-query: - - server:"imgproxy" - - http.html:"imgproxy" - fofa-query: body="imgproxy" + - "Server: imgproxy" + - "server: imgproxy" tags: cve,cve2023,imgproxy,ssrf,oast,evilmartians http: diff --git a/http/cves/2023/CVE-2023-30150.yaml b/http/cves/2023/CVE-2023-30150.yaml index 62bd08a3fdd..02e96f47748 100644 --- a/http/cves/2023/CVE-2023-30150.yaml +++ b/http/cves/2023/CVE-2023-30150.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2023-30150 cwe-id: CWE-89 - epss-score: 0.51972 - epss-percentile: 0.97751 + epss-score: 0.04505 + epss-percentile: 0.92462 cpe: cpe:2.3:a:leotheme:leocustomajax:1.0.0:*:*:*:*:prestashop:*:* metadata: verified: true @@ -29,7 +29,9 @@ info: vendor: leotheme product: leocustomajax framework: prestashop - shodan-query: http.component:"prestashop" + shodan-query: + - http.component:"Prestashop" + - http.component:"prestashop" tags: time-based-sqli,cve2023,cve,prestashop,sqli,leotheme http: diff --git a/http/cves/2023/CVE-2023-30210.yaml b/http/cves/2023/CVE-2023-30210.yaml index 2a0eec7aa54..18c5739d33b 100644 --- a/http/cves/2023/CVE-2023-30210.yaml +++ b/http/cves/2023/CVE-2023-30210.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-30210 cwe-id: CWE-79 - epss-score: 0.07974 - epss-percentile: 0.91613 + epss-score: 0.00113 + epss-percentile: 0.44693 cpe: cpe:2.3:a:ourphp:ourphp:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-30212.yaml b/http/cves/2023/CVE-2023-30212.yaml index 9fa74724053..8d2f48bbc31 100644 --- a/http/cves/2023/CVE-2023-30212.yaml +++ b/http/cves/2023/CVE-2023-30212.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-30212 cwe-id: CWE-79 - epss-score: 0.55197 - epss-percentile: 0.97896 + epss-score: 0.03007 + epss-percentile: 0.90911 cpe: cpe:2.3:a:ourphp:ourphp:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-30256.yaml b/http/cves/2023/CVE-2023-30256.yaml index 79b817507da..830e40dc14c 100644 --- a/http/cves/2023/CVE-2023-30256.yaml +++ b/http/cves/2023/CVE-2023-30256.yaml @@ -29,9 +29,7 @@ info: max-request: 1 vendor: webkul product: qloapps - fofa-query: - - title="qloapps" - - title="qloapps installation" + fofa-query: title="qloapps" tags: cve2023,cve,packetstorm,xss,webkul-qloapps,unauth,webkul http: diff --git a/http/cves/2023/CVE-2023-30258.yaml b/http/cves/2023/CVE-2023-30258.yaml index 5ad4073b9cc..4dd140b7483 100644 --- a/http/cves/2023/CVE-2023-30258.yaml +++ b/http/cves/2023/CVE-2023-30258.yaml @@ -19,8 +19,8 @@ info: cvss-score: 9.8 cve-id: CVE-2023-30258 cwe-id: CWE-78 - epss-score: 0.93458 - epss-percentile: 0.9981 + epss-score: 0.25604 + epss-percentile: 0.96696 cpe: cpe:2.3:a:magnussolution:magnusbilling:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-30534.yaml b/http/cves/2023/CVE-2023-30534.yaml index 15e1ce886a9..066355a1d60 100644 --- a/http/cves/2023/CVE-2023-30534.yaml +++ b/http/cves/2023/CVE-2023-30534.yaml @@ -14,12 +14,12 @@ info: - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/ classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N cvss-score: 4.3 cve-id: CVE-2023-30534 cwe-id: CWE-502 - epss-score: 0.38717 - epss-percentile: 0.97059 + epss-score: 0.09326 + epss-percentile: 0.94688 cpe: cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:* metadata: verified: true @@ -27,8 +27,9 @@ info: vendor: cacti product: cacti shodan-query: - - http.title:"cacti" + - title:"Cacti" - http.title:"login to cacti" + - http.title:"cacti" - http.favicon.hash:"-1797138069" fofa-query: - icon_hash="-1797138069" diff --git a/http/cves/2023/CVE-2023-3077.yaml b/http/cves/2023/CVE-2023-3077.yaml index 7f908753fa5..9878330c141 100644 --- a/http/cves/2023/CVE-2023-3077.yaml +++ b/http/cves/2023/CVE-2023-3077.yaml @@ -26,10 +26,9 @@ info: vendor: inspireui product: mstore_api framework: wordpress - shodan-query: http.html:"/wp-content/plugins/mstore-api/" - fofa-query: body=/wp-content/plugins/mstore-api/ publicwww-query: "/wp-content/plugins/mstore-api/" - google-query: inurl:/wp-content/plugins/mstore-api/ + shodan-query: http.html:/wp-content/plugins/mstore-api/ + fofa-query: body=/wp-content/plugins/mstore-api/ tags: time-based-sqli,cve,cve2023,wpscan,wordpress,wp-plugin,wp,mstore-api,sqli,inspireui flow: http(1) && http(2) diff --git a/http/cves/2023/CVE-2023-30868.yaml b/http/cves/2023/CVE-2023-30868.yaml index 9b565d10654..d9f9d85a14b 100644 --- a/http/cves/2023/CVE-2023-30868.yaml +++ b/http/cves/2023/CVE-2023-30868.yaml @@ -3,7 +3,7 @@ id: CVE-2023-30868 info: name: Tree Page View Plugin < 1.6.7 - Cross-Site Scripting author: r3Y3r53 - severity: high + severity: medium description: | The CMS Tree Page View plugin for WordPress has a Reflected Cross-Site Scripting vulnerability up to version 1.6.7. This is due to the post_type parameter not properly escaping user input. As a result, users with administrator privileges or higher can inject JavaScript code that will execute whenever accessed. reference: @@ -13,12 +13,12 @@ info: - http://packetstormsecurity.com/files/172730/WordPress-Tree-Page-View-1.6.7-Cross-Site-Scripting.html - https://patchstack.com/database/vulnerability/cms-tree-page-view/wordpress-cms-tree-page-view-plugin-1-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L - cvss-score: 7.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2023-30868 cwe-id: CWE-79 - epss-score: 0.50594 - epss-percentile: 0.97679 + epss-score: 0.00114 + epss-percentile: 0.44861 cpe: cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-30943.yaml b/http/cves/2023/CVE-2023-30943.yaml index 884f4e2e46a..3e92cea175e 100644 --- a/http/cves/2023/CVE-2023-30943.yaml +++ b/http/cves/2023/CVE-2023-30943.yaml @@ -27,17 +27,11 @@ info: vendor: moodle product: moodle shodan-query: - - http.title:"moodle" + - title:"Moodle" - cpe:"cpe:2.3:a:moodle:moodle" - - http.html:"moodle" - - http.title:"installation moodle" - fofa-query: - - title="moodle" - - body="moodle" - - title="installation moodle" - google-query: - - intitle:"moodle" - - intitle:"installation moodle" + - http.title:"moodle" + fofa-query: title="moodle" + google-query: intitle:"moodle" tags: cve,cve2023,moodle,xss,rce,authenticated http: diff --git a/http/cves/2023/CVE-2023-31059.yaml b/http/cves/2023/CVE-2023-31059.yaml index 34bc89a152b..ec89aa987f8 100644 --- a/http/cves/2023/CVE-2023-31059.yaml +++ b/http/cves/2023/CVE-2023-31059.yaml @@ -26,8 +26,12 @@ info: max-request: 1 vendor: repetier-server product: repetier-server - shodan-query: http.title:"repetier-server" - fofa-query: title="repetier-server" + shodan-query: + - title:"Repetier-Server" + - http.title:"repetier-server" + fofa-query: + - title="Repetier-Server" + - title="repetier-server" google-query: intitle:"repetier-server" tags: cve2023,cve,repetier,lfi,repetier-server diff --git a/http/cves/2023/CVE-2023-31446.yaml b/http/cves/2023/CVE-2023-31446.yaml index 59f36d40cb2..ba5396a5864 100644 --- a/http/cves/2023/CVE-2023-31446.yaml +++ b/http/cves/2023/CVE-2023-31446.yaml @@ -16,15 +16,17 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-31446 - epss-score: 0.89905 - epss-percentile: 0.99539 + epss-score: 0.01982 + epss-percentile: 0.8876 cpe: cpe:2.3:o:cassianetworks:xc1000_firmware:2.1.1.2303082218:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: cassianetworks product: xc1000_firmware - shodan-query: http.html:"cassia bluetooth gateway management platform" + shodan-query: + - html:"Cassia Bluetooth Gateway Management Platform" + - http.html:"cassia bluetooth gateway management platform" fofa-query: body="cassia bluetooth gateway management platform" tags: cve,cve2023,rce,cassia,gateway,cassianetworks diff --git a/http/cves/2023/CVE-2023-31465.yaml b/http/cves/2023/CVE-2023-31465.yaml index 5dafd2aa829..22b3c337236 100644 --- a/http/cves/2023/CVE-2023-31465.yaml +++ b/http/cves/2023/CVE-2023-31465.yaml @@ -14,14 +14,14 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-31465 - epss-score: 0.89395 - epss-percentile: 0.9951 + epss-score: 0.0156 + epss-percentile: 0.87192 cpe: cpe:2.3:a:fsmlabs:timekeeper:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: fsmlabs product: timekeeper - shodan-query: http.favicon.hash:"2134367771" + shodan-query: http.favicon.hash:2134367771 fofa-query: icon_hash=2134367771 tags: cve,cve2023,timekeeper,rce,oast,fsmlabs diff --git a/http/cves/2023/CVE-2023-31478.yaml b/http/cves/2023/CVE-2023-31478.yaml index 1f33e5c98c9..819fb17a009 100644 --- a/http/cves/2023/CVE-2023-31478.yaml +++ b/http/cves/2023/CVE-2023-31478.yaml @@ -12,15 +12,15 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2023-31478 - epss-score: 0.82164 - epss-percentile: 0.99152 + epss-score: 0.00214 + epss-percentile: 0.41108 cpe: cpe:2.3:o:gl-inet:gl-s20_firmware:*:*:*:*:*:*:*:* metadata: - verified: true - max-request: 1 vendor: gl-inet product: gl-s20_firmware - shodan-query: http.title:"gl.inet admin panel" + verified: true + max-request: 1 + shodan-query: title:"GL.iNet Admin Panel" tags: cve,cve2023,gl-inet,disclosure http: diff --git a/http/cves/2023/CVE-2023-3188.yaml b/http/cves/2023/CVE-2023-3188.yaml index 70b8dee386c..a4842f72743 100644 --- a/http/cves/2023/CVE-2023-3188.yaml +++ b/http/cves/2023/CVE-2023-3188.yaml @@ -9,24 +9,21 @@ info: reference: - https://owncast.online/ - https://nvd.nist.gov/vuln/detail/CVE-2023-3188 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N cvss-score: 6.5 cve-id: CVE-2023-3188 cwe-id: CWE-918 - epss-score: 0.42464 - epss-percentile: 0.97279 + epss-score: 0.00098 + epss-percentile: 0.41558 cpe: cpe:2.3:a:owncast_project:owncast:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: owncast_project product: owncast - shodan-query: http.html:"owncast" - fofa-query: body="owncast" - tags: cve,cve2023,owncast,oast,ssrf,owncast_project + shodan-query: html:"owncast" + tags: cve,cve2023,owncast,oast,ssrf http: - raw: diff --git a/http/cves/2023/CVE-2023-32068.yaml b/http/cves/2023/CVE-2023-32068.yaml index 9ba0aba0257..2699ba56965 100644 --- a/http/cves/2023/CVE-2023-32068.yaml +++ b/http/cves/2023/CVE-2023-32068.yaml @@ -14,20 +14,18 @@ info: - https://jira.xwiki.org/browse/XWIKI-20096 - https://nvd.nist.gov/vuln/detail/CVE-2023-32068 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N - cvss-score: 4.7 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2023-32068 cwe-id: CWE-601 - epss-score: 0.4637 - epss-percentile: 0.97486 + epss-score: 0.00149 + epss-percentile: 0.50372 cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: xwiki product: xwiki - shodan-query: - - http.html:"data-xwiki-reference" - - xwiki + shodan-query: html:"data-xwiki-reference" fofa-query: body="data-xwiki-reference" tags: cve,cve2023,xwiki,redirect diff --git a/http/cves/2023/CVE-2023-32077.yaml b/http/cves/2023/CVE-2023-32077.yaml index 883a0c64293..fb805371acf 100644 --- a/http/cves/2023/CVE-2023-32077.yaml +++ b/http/cves/2023/CVE-2023-32077.yaml @@ -19,7 +19,9 @@ info: max-request: 1 vendor: gravitl product: netmaker - shodan-query: http.html:"netmaker" + shodan-query: + - html:"netmaker" + - http.html:"netmaker" fofa-query: body="netmaker" tags: cve,cve2023,info-key,netmaker,exposure,gravitl diff --git a/http/cves/2023/CVE-2023-32117.yaml b/http/cves/2023/CVE-2023-32117.yaml index a5d08006249..fe929b70a0f 100644 --- a/http/cves/2023/CVE-2023-32117.yaml +++ b/http/cves/2023/CVE-2023-32117.yaml @@ -20,12 +20,10 @@ info: metadata: verified: true max-request: 1 - vendor: softlabbd - product: integrate_google_drive publicwww-query: "/wp-content/plugins/integrate-google-drive/" - shodan-query: http.html:"/wp-content/plugins/integrate-google-drive/" - fofa-query: body=/wp-content/plugins/integrate-google-drive/ - tags: cve,cve2023,wordpress,wpscan,wp-plugin,wp,integrate-google-drive,softlabbd + product: integrate_google_drive + vendor: softlabbd + tags: cve,cve2023,wordpress,wpscan,wp-plugin,wp,integrate-google-drive http: - method: POST diff --git a/http/cves/2023/CVE-2023-3219.yaml b/http/cves/2023/CVE-2023-3219.yaml index 5b84c28709b..625fb7eec38 100644 --- a/http/cves/2023/CVE-2023-3219.yaml +++ b/http/cves/2023/CVE-2023-3219.yaml @@ -19,8 +19,8 @@ info: cvss-score: 5.3 cve-id: CVE-2023-3219 cwe-id: CWE-639 - epss-score: 0.7763 - epss-percentile: 0.9892 + epss-score: 0.08542 + epss-percentile: 0.94439 cpe: cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -29,9 +29,8 @@ info: product: eventon framework: wordpress shodan-query: - - http.html:"/wp-content/plugins/eventon/" - - http.html:"/wp-content/plugins/eventon-lite/" - - vuln:"cve-2023-2796" + - http.html:/wp-content/plugins/eventon/ + - http.html:/wp-content/plugins/eventon-lite/ fofa-query: - wp-content/plugins/eventon/ - body=/wp-content/plugins/eventon/ diff --git a/http/cves/2023/CVE-2023-32235.yaml b/http/cves/2023/CVE-2023-32235.yaml index 01789c963fb..888c473ebfc 100644 --- a/http/cves/2023/CVE-2023-32235.yaml +++ b/http/cves/2023/CVE-2023-32235.yaml @@ -14,14 +14,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2023-32235 - https://github.com/TryGhost/Ghost/commit/378dd913aa8d0fd0da29b0ffced8884579598b0f - https://github.com/TryGhost/Ghost/compare/v5.42.0...v5.42.1 - - https://github.com/AXRoux/Ghost-Path-Traversal-CVE-2023-32235- classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2023-32235 cwe-id: CWE-22 - epss-score: 0.93738 - epss-percentile: 0.99841 + epss-score: 0.01376 + epss-percentile: 0.84873 cpe: cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:* metadata: verified: true @@ -29,8 +28,9 @@ info: vendor: ghost product: ghost framework: node.js - shodan-query: http.component:"ghost" - fofa-query: app="ghost" + shodan-query: + - http.component:"Ghost" + - http.component:"ghost" tags: cve2023,cve,lfi,ghostcms,ghost,node.js http: diff --git a/http/cves/2023/CVE-2023-32243.yaml b/http/cves/2023/CVE-2023-32243.yaml index a62442230b8..b767704f6c3 100644 --- a/http/cves/2023/CVE-2023-32243.yaml +++ b/http/cves/2023/CVE-2023-32243.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2023-32243 cwe-id: CWE-287 - epss-score: 0.92825 - epss-percentile: 0.99747 + epss-score: 0.08653 + epss-percentile: 0.94489 cpe: cpe:2.3:a:wpdeveloper:essential_addons_for_elementor:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-32315.yaml b/http/cves/2023/CVE-2023-32315.yaml index d278d42c5f1..10058fad86d 100644 --- a/http/cves/2023/CVE-2023-32315.yaml +++ b/http/cves/2023/CVE-2023-32315.yaml @@ -17,12 +17,12 @@ info: - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/TLGKien/SploitusCrawl classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L - cvss-score: 8.6 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 cve-id: CVE-2023-32315 cwe-id: CWE-22 - epss-score: 0.94439 - epss-percentile: 0.99986 + epss-score: 0.97409 + epss-percentile: 0.99927 cpe: cpe:2.3:a:igniterealtime:openfire:*:*:*:*:*:*:*:* metadata: verified: true @@ -30,13 +30,12 @@ info: vendor: igniterealtime product: openfire shodan-query: + - title:"openfire" - http.title:"openfire" - http.title:"openfire admin console" - - http.html:"welcome to openfire setup" fofa-query: - title="openfire" - title="openfire admin console" - - body="welcome to openfire setup" google-query: - intitle:"openfire" - intitle:"openfire admin console" diff --git a/http/cves/2023/CVE-2023-33338.yaml b/http/cves/2023/CVE-2023-33338.yaml index 51b50d57bb2..f47cb563e58 100644 --- a/http/cves/2023/CVE-2023-33338.yaml +++ b/http/cves/2023/CVE-2023-33338.yaml @@ -18,8 +18,8 @@ info: cvss-score: 9.8 cve-id: CVE-2023-33338 cwe-id: CWE-89 - epss-score: 0.69286 - epss-percentile: 0.9853 + epss-score: 0.01754 + epss-percentile: 0.87944 cpe: cpe:2.3:a:phpgurukul:old_age_home_management_system:1.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-33405.yaml b/http/cves/2023/CVE-2023-33405.yaml index c4e6c29af9a..e10f902ba2e 100644 --- a/http/cves/2023/CVE-2023-33405.yaml +++ b/http/cves/2023/CVE-2023-33405.yaml @@ -17,8 +17,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-33405 cwe-id: CWE-601 - epss-score: 0.52872 - epss-percentile: 0.97783 + epss-score: 0.00071 + epss-percentile: 0.29221 cpe: cpe:2.3:a:blogengine:blogengine.net:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-33439.yaml b/http/cves/2023/CVE-2023-33439.yaml index 669addc61e1..653381daea7 100644 --- a/http/cves/2023/CVE-2023-33439.yaml +++ b/http/cves/2023/CVE-2023-33439.yaml @@ -18,8 +18,8 @@ info: cvss-score: 7.2 cve-id: CVE-2023-33439 cwe-id: CWE-89 - epss-score: 0.32144 - epss-percentile: 0.96575 + epss-score: 0.00778 + epss-percentile: 0.81335 cpe: cpe:2.3:a:faculty_evaluation_system_project:faculty_evaluation_system:1.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-33440.yaml b/http/cves/2023/CVE-2023-33440.yaml index 0aa07dcaa11..6b8edc28144 100644 --- a/http/cves/2023/CVE-2023-33440.yaml +++ b/http/cves/2023/CVE-2023-33440.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.2 cve-id: CVE-2023-33440 cwe-id: CWE-434 - epss-score: 0.83595 - epss-percentile: 0.99217 + epss-score: 0.07644 + epss-percentile: 0.94146 cpe: cpe:2.3:a:faculty_evaluation_system_project:faculty_evaluation_system:1.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-33510.yaml b/http/cves/2023/CVE-2023-33510.yaml index a948aaed5d7..1359251bea3 100644 --- a/http/cves/2023/CVE-2023-33510.yaml +++ b/http/cves/2023/CVE-2023-33510.yaml @@ -15,14 +15,13 @@ info: - https://carl1l.github.io/2023/05/08/jeecg-p3-biz-chat-1-0-5-jar-has-arbitrary-file-read-vulnerability/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33510 - https://github.com/izj007/wechat - - https://github.com/whoami13apt/files2 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2023-33510 - cwe-id: CWE-22,CWE-668 - epss-score: 0.76604 - epss-percentile: 0.98871 + cwe-id: CWE-668 + epss-score: 0.00406 + epss-percentile: 0.73689 cpe: cpe:2.3:a:jeecg_p3_biz_chat_project:jeecg_p3_biz_chat:1.0.5:*:*:*:*:wordpress:*:* metadata: verified: "true" @@ -30,7 +29,7 @@ info: vendor: jeecg_p3_biz_chat_project product: jeecg_p3_biz_chat framework: wordpress - shodan-query: http.favicon.hash:"1380908726" + shodan-query: http.favicon.hash:1380908726 fofa-query: icon_hash=1380908726 tags: cve2023,cve,jeecg,lfi,jeecg_p3_biz_chat_project,wordpress diff --git a/http/cves/2023/CVE-2023-33568.yaml b/http/cves/2023/CVE-2023-33568.yaml index 3f28cf6a260..f8cd64fbffd 100644 --- a/http/cves/2023/CVE-2023-33568.yaml +++ b/http/cves/2023/CVE-2023-33568.yaml @@ -21,15 +21,15 @@ info: cvss-score: 7.5 cve-id: CVE-2023-33568 cwe-id: CWE-552 - epss-score: 0.72597 - epss-percentile: 0.98675 + epss-score: 0.4855 + epss-percentile: 0.97483 cpe: cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:*:*:*:*:*:*:* metadata: verified: "true" max-request: 1 vendor: dolibarr product: dolibarr_erp\/crm - shodan-query: http.favicon.hash:"440258421" + shodan-query: http.favicon.hash:440258421 fofa-query: icon_hash=440258421 tags: cve2023,cve,dolibarr,unauth diff --git a/http/cves/2023/CVE-2023-33629.yaml b/http/cves/2023/CVE-2023-33629.yaml index 3f315969471..23e02d37ffa 100644 --- a/http/cves/2023/CVE-2023-33629.yaml +++ b/http/cves/2023/CVE-2023-33629.yaml @@ -16,15 +16,17 @@ info: cvss-score: 7.2 cve-id: CVE-2023-33629 cwe-id: CWE-787 - epss-score: 0.86944 - epss-percentile: 0.99382 + epss-score: 0.01254 + epss-percentile: 0.85534 cpe: cpe:2.3:o:h3c:magic_r300-2100m_firmware:r300-2100mv100r004:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: h3c product: magic_r300-2100m_firmware - fofa-query: app="h3c-ent-router" + fofa-query: + - app="H3C-Ent-Router" + - app="h3c-ent-router" tags: cve2023,cve,router,rce,h3c variables: filename: "{{to_lower(rand_text_alpha(7))}}" diff --git a/http/cves/2023/CVE-2023-3368.yaml b/http/cves/2023/CVE-2023-3368.yaml index d44de4ee02d..fa85c084078 100644 --- a/http/cves/2023/CVE-2023-3368.yaml +++ b/http/cves/2023/CVE-2023-3368.yaml @@ -19,8 +19,8 @@ info: cvss-score: 9.8 cve-id: CVE-2023-3368 cwe-id: CWE-78 - epss-score: 0.88954 - epss-percentile: 0.99487 + epss-score: 0.93283 + epss-percentile: 0.99063 cpe: cpe:2.3:a:chamilo:chamilo:*:*:*:*:*:*:*:* metadata: verified: "true" @@ -28,11 +28,9 @@ info: vendor: chamilo product: chamilo shodan-query: + - http.component:"Chamilo" - http.component:"chamilo" - cpe:"cpe:2.3:a:chamilo:chamilo" - - http.title:"chamilo has not been installed" - fofa-query: title="chamilo has not been installed" - google-query: intitle:"chamilo has not been installed" tags: cve2023,cve,chamilo,unauth,cmd,rce http: diff --git a/http/cves/2023/CVE-2023-3380.yaml b/http/cves/2023/CVE-2023-3380.yaml index 8fd7cc68e71..63aa10679db 100644 --- a/http/cves/2023/CVE-2023-3380.yaml +++ b/http/cves/2023/CVE-2023-3380.yaml @@ -3,29 +3,27 @@ id: CVE-2023-3380 info: name: WAVLINK WN579X3 - Remote Command Execution author: pussycat0x - severity: medium + severity: critical description: | Remote Command Execution vulnerability in WAVLINK WN579X3 routers via pingIp parameter in /cgi-bin/adm.cgi. reference: - https://github.com/sleepyvv/vul_report/blob/main/WAVLINK/WAVLINK-WN579X3-RCE.md - https://vuldb.com/?ctiid.232236 - https://vuldb.com/?id.232236 - - https://github.com/20142995/nuclei-templates classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L - cvss-score: 4.7 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2023-3380 cwe-id: CWE-74 - epss-score: 0.51617 - epss-percentile: 0.97734 + epss-score: 0.00064 + epss-percentile: 0.26519 cpe: cpe:2.3:o:wavlink:wn579x3_firmware:*:*:*:*:*:*:*:* metadata: - max-request: 2 vendor: wavlink - product: "wn579x3_firmware" - shodan-query: http.html:"wavlink" - fofa-query: body="wavlink" + product: wn579x3_firmware + shodan-query: http.html:"Wavlink" tags: cve,cve2023,wavlink,rce + flow: http(1) && http(2) http: diff --git a/http/cves/2023/CVE-2023-33831.yaml b/http/cves/2023/CVE-2023-33831.yaml index 103de5207f4..4af1fe82b98 100644 --- a/http/cves/2023/CVE-2023-33831.yaml +++ b/http/cves/2023/CVE-2023-33831.yaml @@ -11,21 +11,22 @@ info: - https://github.com/rodolfomarianocy/Unauthenticated-RCE-FUXA-CVE-2023-33831 - https://github.com/codeb0ss/CVE-2023-33831-PoC - https://github.com/nomi-sec/PoC-in-GitHub - - https://github.com/lihi13/OSCP classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-33831 cwe-id: CWE-77 - epss-score: 0.93474 - epss-percentile: 0.99813 + epss-score: 0.21555 + epss-percentile: 0.96432 cpe: cpe:2.3:a:frangoteam:fuxa:1.1.13:*:*:*:*:*:*:* metadata: verified: "true" max-request: 2 vendor: frangoteam product: fuxa - fofa-query: title="fuxa" + fofa-query: + - title="FUXA" + - title="fuxa" tags: cve,cve2023,rce,intrusive,frangoteam,fuxa,unauth variables: filename: "{{rand_base(6)}}" diff --git a/http/cves/2023/CVE-2023-34020.yaml b/http/cves/2023/CVE-2023-34020.yaml index f335df83c79..88ccad5dfc9 100644 --- a/http/cves/2023/CVE-2023-34020.yaml +++ b/http/cves/2023/CVE-2023-34020.yaml @@ -10,25 +10,21 @@ info: - https://patchstack.com/database/vulnerability/uncanny-learndash-toolkit/wordpress-uncanny-toolkit-for-learndash-plugin-3-6-4-3-open-redirection-vulnerability - https://wordpress.org/plugins/uncanny-learndash-toolkit/ - https://patchstack.com/database/vulnerability/uncanny-learndash-toolkit/wordpress-uncanny-toolkit-for-learndash-plugin-3-6-4-3-open-redirection-vulnerability?_s_id=cve - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N cvss-score: 4.7 cve-id: CVE-2023-34020 cwe-id: CWE-601 - epss-score: 0.03528 - epss-percentile: 0.87068 - cpe: cpe:2.3:a:uncannyowl:uncanny_toolkit_for_learndash:*:*:*:*:*:wordpress:*:* + epss-score: 0.00076 + epss-percentile: 0.32361 + cpe: cpe:2.3:a:uncannyowl:uncanny_toolkit_for_learndash:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 - vendor: uncannyowl - product: uncanny_toolkit_for_learndash - framework: wordpress publicwww-query: "/wp-content/plugins/uncanny-learndash-toolkit/" - shodan-query: http.html:"/wp-content/plugins/uncanny-learndash-toolkit/" - fofa-query: body=/wp-content/plugins/uncanny-learndash-toolkit/ - tags: cve2023,cve,wordpress,uncanny-learndash-toolkit,wpscan,redirect,uncannyowl + product: uncanny_toolkit_for_learndash + vendor: uncannyowl + tags: cve2023,cve,wordpress,uncanny-learndash-toolkit,wpscan,redirect http: - method: GET diff --git a/http/cves/2023/CVE-2023-34105.yaml b/http/cves/2023/CVE-2023-34105.yaml index 35913722e82..d663b9b89ff 100644 --- a/http/cves/2023/CVE-2023-34105.yaml +++ b/http/cves/2023/CVE-2023-34105.yaml @@ -9,24 +9,21 @@ info: reference: - https://github.com/ossrs/srs/security/advisories/GHSA-vpr5-779c-cx62 - https://github.com/ossrs/srs/blob/1d11d02e4b82fc3f37e4b048cff483b1581482c1/trunk/research/api-server/server.go#L761 - - https://github.com/cyb3r-w0lf/nuclei-template-collection - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H cvss-score: 7.5 cve-id: CVE-2023-34105 - cwe-id: CWE-78,CWE-77 - epss-score: 0.76823 - epss-percentile: 0.9888 + cwe-id: CWE-77,CWE-78 + epss-score: 0.01543 + epss-percentile: 0.8742 cpe: cpe:2.3:a:ossrs:simple_realtime_server:*:*:*:*:*:*:*:* metadata: - verified: true - max-request: 1 vendor: ossrs product: simple_realtime_server - shodan-query: http.favicon.hash:"1386054408" - fofa-query: icon_hash=1386054408 - tags: cve,cve2023,srs,rce,oast,ossrs + shodan-query: http.favicon.hash:1386054408 + verified: true + max-request: 1 + tags: cve,cve2023,srs,rce,oast http: - raw: diff --git a/http/cves/2023/CVE-2023-34124.yaml b/http/cves/2023/CVE-2023-34124.yaml index 586408c25a1..9f55160b359 100644 --- a/http/cves/2023/CVE-2023-34124.yaml +++ b/http/cves/2023/CVE-2023-34124.yaml @@ -20,16 +20,16 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-34124 - cwe-id: CWE-305,CWE-287 - epss-score: 0.92099 - epss-percentile: 0.99686 + cwe-id: CWE-287,CWE-305 + epss-score: 0.03433 + epss-percentile: 0.91476 cpe: cpe:2.3:a:sonicwall:analytics:*:*:*:*:*:*:*:* metadata: verified: true max-request: 4 vendor: sonicwall product: analytics - shodan-query: http.favicon.hash:"-1381126564" + shodan-query: http.favicon.hash:-1381126564 fofa-query: icon_hash=-1381126564 tags: cve2023,cve,sonicwall,shell,injection,auth-bypass,instrusive variables: diff --git a/http/cves/2023/CVE-2023-34192.yaml b/http/cves/2023/CVE-2023-34192.yaml index 33c8f52282b..7622ce1f36c 100644 --- a/http/cves/2023/CVE-2023-34192.yaml +++ b/http/cves/2023/CVE-2023-34192.yaml @@ -29,8 +29,9 @@ info: vendor: zimbra product: collaboration shodan-query: - - http.favicon.hash:"475145467" + - http.favicon.hash:475145467 - http.favicon.hash:"1624375939" + - http.favicon.hash:"475145467" fofa-query: - icon_hash="475145467" - icon_hash="1624375939" diff --git a/http/cves/2023/CVE-2023-34259.yaml b/http/cves/2023/CVE-2023-34259.yaml index 1149e636311..ae5a0b006de 100644 --- a/http/cves/2023/CVE-2023-34259.yaml +++ b/http/cves/2023/CVE-2023-34259.yaml @@ -19,15 +19,15 @@ info: cvss-score: 4.9 cve-id: CVE-2023-34259 cwe-id: CWE-22 - epss-score: 0.92992 - epss-percentile: 0.99763 + epss-score: 0.00559 + epss-percentile: 0.77589 cpe: cpe:2.3:o:kyocera:d-copia253mf_plus_firmware:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: kyocera product: d-copia253mf_plus_firmware - shodan-query: http.favicon.hash:"-50306417" + shodan-query: http.favicon.hash:-50306417 fofa-query: icon_hash=-50306417 tags: cve,cve2023,packetstorm,seclists,kyocera,lfi,printer diff --git a/http/cves/2023/CVE-2023-34362.yaml b/http/cves/2023/CVE-2023-34362.yaml index 2ebfc4dc73b..2c85dd29290 100644 --- a/http/cves/2023/CVE-2023-34362.yaml +++ b/http/cves/2023/CVE-2023-34362.yaml @@ -21,15 +21,15 @@ info: cvss-score: 9.8 cve-id: CVE-2023-34362 cwe-id: CWE-89 - epss-score: 0.94485 - epss-percentile: 0.99998 + epss-score: 0.95916 + epss-percentile: 0.99457 cpe: cpe:2.3:a:progress:moveit_cloud:*:*:*:*:*:*:*:* metadata: verified: true max-request: 7 vendor: progress product: moveit_cloud - shodan-query: http.favicon.hash:"989289239" + shodan-query: http.favicon.hash:989289239 fofa-query: icon_hash=989289239 tags: cve2023,cve,packetstorm,moveit,rce,sqli,intrusive,kev,progress variables: diff --git a/http/cves/2023/CVE-2023-34537.yaml b/http/cves/2023/CVE-2023-34537.yaml index 71830452dc2..832e5ca1d50 100644 --- a/http/cves/2023/CVE-2023-34537.yaml +++ b/http/cves/2023/CVE-2023-34537.yaml @@ -15,14 +15,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2023-34537 - https://github.com/ARPSyndicate/cvemon - https://github.com/nomi-sec/PoC-in-GitHub - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2023-34537 cwe-id: CWE-79 - epss-score: 0.07731 - epss-percentile: 0.91457 + epss-score: 0.00084 + epss-percentile: 0.35673 cpe: cpe:2.3:a:digitaldruid:hoteldruid:3.0.5:*:*:*:*:*:*:* metadata: verified: true @@ -31,7 +30,7 @@ info: product: hoteldruid shodan-query: - http.title:"hoteldruid" - - http.favicon.hash:"-1521640213" + - http.favicon.hash:-1521640213 fofa-query: - title="hoteldruid" - icon_hash=-1521640213 diff --git a/http/cves/2023/CVE-2023-34598.yaml b/http/cves/2023/CVE-2023-34598.yaml index 3674ada4b7c..cd57934bf34 100644 --- a/http/cves/2023/CVE-2023-34598.yaml +++ b/http/cves/2023/CVE-2023-34598.yaml @@ -21,15 +21,17 @@ info: cvss-score: 9.8 cve-id: CVE-2023-34598 cwe-id: CWE-22 - epss-score: 0.91585 - epss-percentile: 0.99643 + epss-score: 0.02842 + epss-percentile: 0.90694 cpe: cpe:2.3:a:gibbonedu:gibbon:25.0.00:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: gibbonedu product: gibbon - shodan-query: http.favicon.hash:"-165631681" + shodan-query: + - http.favicon.hash:-165631681 + - http.favicon.hash:"-165631681" fofa-query: icon_hash="-165631681" tags: cve2023,cve,gibbon,lfi,gibbonedu diff --git a/http/cves/2023/CVE-2023-34599.yaml b/http/cves/2023/CVE-2023-34599.yaml index 048f95d5b81..b4b4f90f996 100644 --- a/http/cves/2023/CVE-2023-34599.yaml +++ b/http/cves/2023/CVE-2023-34599.yaml @@ -21,14 +21,16 @@ info: cvss-score: 6.1 cve-id: CVE-2023-34599 cwe-id: CWE-79 - epss-score: 0.30133 - epss-percentile: 0.96403 + epss-score: 0.00071 + epss-percentile: 0.30482 cpe: cpe:2.3:a:gibbonedu:gibbon:25.0.00:*:*:*:*:*:*:* metadata: max-request: 2 vendor: gibbonedu product: gibbon - shodan-query: http.favicon.hash:"-165631681" + shodan-query: + - http.favicon.hash:-165631681 + - http.favicon.hash:"-165631681" fofa-query: icon_hash="-165631681" tags: cve2023,cve,gibbon,xss,authenticated,intrusive,gibbonedu diff --git a/http/cves/2023/CVE-2023-3460.yaml b/http/cves/2023/CVE-2023-3460.yaml index 96ee070aabd..e9f76edd213 100644 --- a/http/cves/2023/CVE-2023-3460.yaml +++ b/http/cves/2023/CVE-2023-3460.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2023-3460 cwe-id: CWE-269 - epss-score: 0.93124 - epss-percentile: 0.99778 + epss-score: 0.06326 + epss-percentile: 0.93621 cpe: cpe:2.3:a:ultimatemember:ultimate_member:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -30,20 +30,10 @@ info: vendor: ultimatemember product: ultimate_member framework: wordpress - shodan-query: - - http.html:"/wp-content/plugins/ultimate-member" - - http.html:"/wp-content/plugins/ultimate-member/" - fofa-query: - - body=/wp-content/plugins/ultimate-member - - body="/wp-content/plugins/ultimate-member" - - body=/wp-content/plugins/ultimate-member/ - publicwww-query: - - /wp-content/plugins/ultimate-member - - /wp-content/plugins/ultimate-member/ + shodan-query: http.html:/wp-content/plugins/ultimate-member + fofa-query: body=/wp-content/plugins/ultimate-member + publicwww-query: /wp-content/plugins/ultimate-member google-query: inurl:/wp-content/plugins/ultimate-member - zoomeye-query: - - app:"wordpress ultimate member plugin" - - app="wordpress ultimate member plugin" tags: cve,cve2023,wordpress,wp,wp-plugin,auth-bypass,intrusive,wpscan,ultimatemember variables: username: "{{rand_base(6)}}" diff --git a/http/cves/2023/CVE-2023-34659.yaml b/http/cves/2023/CVE-2023-34659.yaml index 531a503c1e1..ffe7554fd84 100644 --- a/http/cves/2023/CVE-2023-34659.yaml +++ b/http/cves/2023/CVE-2023-34659.yaml @@ -14,27 +14,20 @@ info: - https://github.com/jeecgboot/jeecg-boot/issues/4976 - https://nvd.nist.gov/vuln/detail/CVE-2023-34659 - https://github.com/izj007/wechat - - https://github.com/whoami13apt/files2 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-34659 cwe-id: CWE-89 - epss-score: 0.90808 - epss-percentile: 0.99596 + epss-score: 0.40226 + epss-percentile: 0.97268 cpe: cpe:2.3:a:jeecg:jeecg_boot:3.5.0:*:*:*:*:*:*:* metadata: max-request: 1 vendor: jeecg product: jeecg_boot - shodan-query: - - http.favicon.hash:"1380908726" - - http.favicon.hash:"-250963920" - fofa-query: - - icon_hash=1380908726 - - icon_hash="-250963920" - - icon_hash="1380908726" - - title="jeecg-boot" + shodan-query: http.favicon.hash:1380908726 + fofa-query: icon_hash=1380908726 tags: cve2023,cve,jeecg,sqli http: diff --git a/http/cves/2023/CVE-2023-34751.yaml b/http/cves/2023/CVE-2023-34751.yaml index f4319c7bc4d..bed0f3e57ba 100644 --- a/http/cves/2023/CVE-2023-34751.yaml +++ b/http/cves/2023/CVE-2023-34751.yaml @@ -23,7 +23,9 @@ info: max-request: 2 vendor: bloofox product: bloofoxcms - fofa-query: powered by bloofoxcms + fofa-query: + - "Powered by bloofoxCMS" + - powered by bloofoxcms tags: time-based-sqli,cve2023,cve,sqli,bloofox,authenticated http: diff --git a/http/cves/2023/CVE-2023-34752.yaml b/http/cves/2023/CVE-2023-34752.yaml index 712717122b9..d84a0e8856a 100644 --- a/http/cves/2023/CVE-2023-34752.yaml +++ b/http/cves/2023/CVE-2023-34752.yaml @@ -17,15 +17,17 @@ info: cvss-score: 9.8 cve-id: CVE-2023-34752 cwe-id: CWE-89 - epss-score: 0.36343 - epss-percentile: 0.96903 + epss-score: 0.14896 + epss-percentile: 0.95799 cpe: cpe:2.3:a:bloofox:bloofoxcms:0.5.2.1:*:*:*:*:*:*:* metadata: verified: "true" max-request: 2 vendor: bloofox product: bloofoxcms - fofa-query: powered by bloofoxcms + fofa-query: + - "Powered by bloofoxCMS" + - powered by bloofoxcms tags: time-based-sqli,cve,cve2023,sqli,bloofox,authenticated http: diff --git a/http/cves/2023/CVE-2023-34753.yaml b/http/cves/2023/CVE-2023-34753.yaml index a6bc89e2f51..3b18efd5788 100644 --- a/http/cves/2023/CVE-2023-34753.yaml +++ b/http/cves/2023/CVE-2023-34753.yaml @@ -15,15 +15,17 @@ info: cvss-score: 9.8 cve-id: CVE-2023-34753 cwe-id: CWE-89 - epss-score: 0.39586 - epss-percentile: 0.97107 + epss-score: 0.0257 + epss-percentile: 0.90221 cpe: cpe:2.3:a:bloofox:bloofoxcms:0.5.2.1:*:*:*:*:*:*:* metadata: verified: "true" max-request: 2 vendor: bloofox product: bloofoxcms - fofa-query: powered by bloofoxcms + fofa-query: + - "Powered by bloofoxCMS" + - powered by bloofoxcms tags: time-based-sqli,cve,cve2023,sqli,bloofox,authenticated http: diff --git a/http/cves/2023/CVE-2023-34754.yaml b/http/cves/2023/CVE-2023-34754.yaml index a8f66da12a9..cee15a0f484 100644 --- a/http/cves/2023/CVE-2023-34754.yaml +++ b/http/cves/2023/CVE-2023-34754.yaml @@ -13,21 +13,19 @@ info: reference: - https://ndmcyb.hashnode.dev/T-v0521-was-discovered-to-contain-many-sql-injection-vulnerability - https://nvd.nist.gov/vuln/detail/CVE-2023-34754 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-34754 cwe-id: CWE-89 - epss-score: 0.13419 - epss-percentile: 0.93802 + epss-score: 0.00265 + epss-percentile: 0.65516 cpe: cpe:2.3:a:bloofox:bloofoxcms:0.5.2.1:*:*:*:*:*:*:* metadata: - verified: true max-request: 2 + verified: true vendor: bloofox product: bloofoxcms - fofa-query: powered by bloofoxcms tags: time-based-sqli,cve,cve2023,bloofox,sqli,authenticated http: diff --git a/http/cves/2023/CVE-2023-34755.yaml b/http/cves/2023/CVE-2023-34755.yaml index 12ad4871532..efe3026342c 100644 --- a/http/cves/2023/CVE-2023-34755.yaml +++ b/http/cves/2023/CVE-2023-34755.yaml @@ -15,15 +15,17 @@ info: cvss-score: 9.8 cve-id: CVE-2023-34755 cwe-id: CWE-89 - epss-score: 0.39586 - epss-percentile: 0.97107 + epss-score: 0.0257 + epss-percentile: 0.90221 cpe: cpe:2.3:a:bloofox:bloofoxcms:0.5.2.1:*:*:*:*:*:*:* metadata: verified: "true" max-request: 2 vendor: bloofox product: bloofoxcms - fofa-query: powered by bloofoxcms + fofa-query: + - "Powered by bloofoxCMS" + - powered by bloofoxcms tags: time-based-sqli,cve,cve2023,sqli,bloofox,authenticated http: diff --git a/http/cves/2023/CVE-2023-34756.yaml b/http/cves/2023/CVE-2023-34756.yaml index 9c9b4ff0b25..0aa6c143706 100644 --- a/http/cves/2023/CVE-2023-34756.yaml +++ b/http/cves/2023/CVE-2023-34756.yaml @@ -23,7 +23,9 @@ info: max-request: 2 vendor: bloofox product: bloofoxcms - fofa-query: powered by bloofoxcms + fofa-query: + - "Powered by bloofoxCMS" + - powered by bloofoxcms tags: time-based-sqli,cve,cve2023,sqli,bloofox,authenticated http: diff --git a/http/cves/2023/CVE-2023-3479.yaml b/http/cves/2023/CVE-2023-3479.yaml index ecf0b142f8b..40a9f1bf3fc 100644 --- a/http/cves/2023/CVE-2023-3479.yaml +++ b/http/cves/2023/CVE-2023-3479.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-3479 cwe-id: CWE-79 - epss-score: 0.16743 - epss-percentile: 0.94565 + epss-score: 0.0007 + epss-percentile: 0.30234 cpe: cpe:2.3:a:hestiacp:control_panel:*:*:*:*:*:*:*:* metadata: verified: true @@ -28,7 +28,7 @@ info: vendor: hestiacp product: control_panel shodan-query: - - http.favicon.hash:"-476299640" + - http.favicon.hash:-476299640 - http.title:"hestia control panel" fofa-query: - title="hestia control panel" diff --git a/http/cves/2023/CVE-2023-34843.yaml b/http/cves/2023/CVE-2023-34843.yaml index 92b2fcdd3ea..723fd94cf00 100644 --- a/http/cves/2023/CVE-2023-34843.yaml +++ b/http/cves/2023/CVE-2023-34843.yaml @@ -21,15 +21,17 @@ info: cvss-score: 7.5 cve-id: CVE-2023-34843 cwe-id: CWE-22 - epss-score: 0.90936 - epss-percentile: 0.99603 + epss-score: 0.00357 + epss-percentile: 0.72064 cpe: cpe:2.3:a:traggo:traggo:0.3.0:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: traggo product: traggo - shodan-query: http.html:"traggo" + shodan-query: + - html:"traggo" + - http.html:"traggo" fofa-query: body="traggo" tags: cve2023,cve,traggo,lfi,server diff --git a/http/cves/2023/CVE-2023-34960.yaml b/http/cves/2023/CVE-2023-34960.yaml index bd67829d5e7..fdeb9fd82ad 100644 --- a/http/cves/2023/CVE-2023-34960.yaml +++ b/http/cves/2023/CVE-2023-34960.yaml @@ -30,11 +30,9 @@ info: vendor: chamilo product: chamilo shodan-query: + - http.component:"Chamilo" - http.component:"chamilo" - cpe:"cpe:2.3:a:chamilo:chamilo" - - http.title:"chamilo has not been installed" - fofa-query: title="chamilo has not been installed" - google-query: intitle:"chamilo has not been installed" tags: cve,cve2023,packetstorm,chamilo http: diff --git a/http/cves/2023/CVE-2023-34993.yaml b/http/cves/2023/CVE-2023-34993.yaml index 763bc0889b2..16b17b63366 100644 --- a/http/cves/2023/CVE-2023-34993.yaml +++ b/http/cves/2023/CVE-2023-34993.yaml @@ -21,16 +21,17 @@ info: cvss-score: 9.8 cve-id: CVE-2023-34993 cwe-id: CWE-78 - epss-score: 0.84926 - epss-percentile: 0.99277 + epss-score: 0.96644 + epss-percentile: 0.99631 cpe: cpe:2.3:a:fortinet:fortiwlm:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: fortinet product: fortiwlm shodan-query: - - http.title:"fortiwlm" + - http.title:"FortiWLM" - http.html:"fortiwlm" + - http.title:"fortiwlm" fofa-query: - body="fortiwlm" - title="fortiwlm" diff --git a/http/cves/2023/CVE-2023-35078.yaml b/http/cves/2023/CVE-2023-35078.yaml index 47a0d5def9f..b584cff5cfe 100644 --- a/http/cves/2023/CVE-2023-35078.yaml +++ b/http/cves/2023/CVE-2023-35078.yaml @@ -28,7 +28,9 @@ info: max-request: 1 vendor: ivanti product: endpoint_manager_mobile - shodan-query: http.favicon.hash:"362091310" + shodan-query: + - http.favicon.hash:362091310 + - http.favicon.hash:"362091310" fofa-query: icon_hash="362091310" tags: cve,cve2023,kev,ivanti,mobileiron,epmm diff --git a/http/cves/2023/CVE-2023-35082.yaml b/http/cves/2023/CVE-2023-35082.yaml index b0f59e586c7..c380e3f3058 100644 --- a/http/cves/2023/CVE-2023-35082.yaml +++ b/http/cves/2023/CVE-2023-35082.yaml @@ -28,7 +28,9 @@ info: max-request: 1 vendor: ivanti product: endpoint_manager_mobile - shodan-query: http.favicon.hash:"362091310" + shodan-query: + - http.favicon.hash:362091310 + - http.favicon.hash:"362091310" fofa-query: icon_hash="362091310" tags: cve2023,cve,ivanti,mobileiron,epmm,kev diff --git a/http/cves/2023/CVE-2023-35155.yaml b/http/cves/2023/CVE-2023-35155.yaml index 1617765d6f7..7481f90e837 100644 --- a/http/cves/2023/CVE-2023-35155.yaml +++ b/http/cves/2023/CVE-2023-35155.yaml @@ -3,7 +3,7 @@ id: CVE-2023-35155 info: name: XWiki - Cross-Site Scripting author: ritikchaddha - severity: high + severity: medium description: | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). impact: | @@ -13,25 +13,20 @@ info: reference: - https://jira.xwiki.org/browse/XWIKI-20370 - https://nvd.nist.gov/vuln/detail/CVE-2023-35155 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L - cvss-score: 8.8 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2023-35155 cwe-id: CWE-79 - epss-score: 0.34081 - epss-percentile: 0.96737 + epss-score: 0.00046 + epss-percentile: 0.15636 cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* metadata: - max-request: 1 vendor: xwiki product: xwiki - shodan-query: - - http.html:"data-xwiki-reference" - - xwiki + shodan-query: html:"data-xwiki-reference" fofa-query: body="data-xwiki-reference" - tags: cve,cve2023,xwiki,xss,intrusive + tags: cve,cve2023,xwiki,xss http: - method: GET diff --git a/http/cves/2023/CVE-2023-35156.yaml b/http/cves/2023/CVE-2023-35156.yaml index 0884d50afe7..b840ed37600 100644 --- a/http/cves/2023/CVE-2023-35156.yaml +++ b/http/cves/2023/CVE-2023-35156.yaml @@ -20,13 +20,11 @@ info: cwe-id: CWE-79 cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 2 + verified: true vendor: xwiki product: xwiki - shodan-query: - - http.html:"data-xwiki-reference" - - xwiki + shodan-query: html:"data-xwiki-reference" fofa-query: body="data-xwiki-reference" tags: cve,cve2023,xwiki,xss diff --git a/http/cves/2023/CVE-2023-35158.yaml b/http/cves/2023/CVE-2023-35158.yaml index 87f716968e9..3d6d4b4a2bd 100644 --- a/http/cves/2023/CVE-2023-35158.yaml +++ b/http/cves/2023/CVE-2023-35158.yaml @@ -26,6 +26,7 @@ info: vendor: xwiki product: xwiki shodan-query: + - "XWiki" - xwiki - http.html:"data-xwiki-reference" fofa-query: body="data-xwiki-reference" diff --git a/http/cves/2023/CVE-2023-35159.yaml b/http/cves/2023/CVE-2023-35159.yaml index fc69965022b..63ba58641d4 100644 --- a/http/cves/2023/CVE-2023-35159.yaml +++ b/http/cves/2023/CVE-2023-35159.yaml @@ -3,7 +3,7 @@ id: CVE-2023-35159 info: name: XWiki >= 3.4-milestone-1 - Cross-Site Scripting author: ritikchaddha - severity: critical + severity: medium description: | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as: > xwiki/bin/deletespace/Sandbox/?xredirect=javascript:alert(document.domain). impact: | @@ -13,23 +13,18 @@ info: reference: - https://jira.xwiki.org/browse/XWIKI-20612 - https://nvd.nist.gov/vuln/detail/CVE-2023-35159 - - https://github.com/20142995/nuclei-templates classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H - cvss-score: 9.6 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2023-35159 - cwe-id: CWE-87,CWE-79 - epss-score: 0.03375 - epss-percentile: 0.86753 + cwe-id: CWE-79 cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 2 + verified: true vendor: xwiki product: xwiki - shodan-query: - - http.html:"data-xwiki-reference" - - xwiki + shodan-query: html:"data-xwiki-reference" fofa-query: body="data-xwiki-reference" tags: cve,cve2023,xwiki,xss diff --git a/http/cves/2023/CVE-2023-35160.yaml b/http/cves/2023/CVE-2023-35160.yaml index 7131593f1e7..9e31855f45e 100644 --- a/http/cves/2023/CVE-2023-35160.yaml +++ b/http/cves/2023/CVE-2023-35160.yaml @@ -20,13 +20,11 @@ info: cwe-id: CWE-79 cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 2 + verified: true vendor: xwiki product: xwiki - shodan-query: - - http.html:"data-xwiki-reference" - - xwiki + shodan-query: html:"data-xwiki-reference" fofa-query: body="data-xwiki-reference" tags: cve,cve2023,xwiki,xss diff --git a/http/cves/2023/CVE-2023-35161.yaml b/http/cves/2023/CVE-2023-35161.yaml index 3a0416b92f2..64ff44ad0f3 100644 --- a/http/cves/2023/CVE-2023-35161.yaml +++ b/http/cves/2023/CVE-2023-35161.yaml @@ -3,7 +3,7 @@ id: CVE-2023-35161 info: name: XWiki >= 6.2-milestone-1 - Cross-Site Scripting author: ritikchaddha - severity: critical + severity: medium description: | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the DeleteApplication page to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/AppWithinMinutes/DeleteApplication?appName=Menu&resolve=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.2-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1. impact: | @@ -13,23 +13,18 @@ info: reference: - https://jira.xwiki.org/browse/XWIKI-20614 - https://nvd.nist.gov/vuln/detail/CVE-2023-35161 - - https://github.com/20142995/nuclei-templates classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H - cvss-score: 9.6 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2023-35161 - cwe-id: CWE-79,CWE-87 - epss-score: 0.03375 - epss-percentile: 0.86753 + cwe-id: CWE-79 cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 2 + verified: true vendor: xwiki product: xwiki - shodan-query: - - http.html:"data-xwiki-reference" - - xwiki + shodan-query: html:"data-xwiki-reference" fofa-query: body="data-xwiki-reference" tags: cve,cve2023,xwiki,xss diff --git a/http/cves/2023/CVE-2023-35162.yaml b/http/cves/2023/CVE-2023-35162.yaml index ef1ff7f2d1c..df4005495bb 100644 --- a/http/cves/2023/CVE-2023-35162.yaml +++ b/http/cves/2023/CVE-2023-35162.yaml @@ -3,7 +3,7 @@ id: CVE-2023-35162 info: name: XWiki < 14.10.5 - Cross-Site Scripting author: ritikchaddha - severity: critical + severity: medium description: | XWiki Platform is vulnerable to reflected XSS via the previewactions template. An attacker can inject JavaScript through the xcontinue parameter. impact: | @@ -15,18 +15,19 @@ info: - https://github.com/xwiki/xwiki-platform/blob/244dbbaa0738a0c40b19929c0369c8b62ae5236e/xwiki-platform-core/xwiki-platform-flamingo/xwiki-platform-flamingo-skin/xwiki-platform-flamingo-skin-resources/src/main/resources/flamingo/previewactions.vm#L48 - https://nvd.nist.gov/vuln/detail/CVE-2023-35162 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H - cvss-score: 9.6 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2023-35162 cwe-id: CWE-79 - epss-score: 0.03375 - epss-percentile: 0.86753 + epss-score: 0.00129 + epss-percentile: 0.47675 cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: xwiki product: xwiki shodan-query: + - XWiki - xwiki - http.html:"data-xwiki-reference" fofa-query: "body=\"data-xwiki-reference\"" diff --git a/http/cves/2023/CVE-2023-3521.yaml b/http/cves/2023/CVE-2023-3521.yaml index aac0d59c1f8..81916dfcac1 100644 --- a/http/cves/2023/CVE-2023-3521.yaml +++ b/http/cves/2023/CVE-2023-3521.yaml @@ -9,23 +9,16 @@ info: reference: - https://huntr.com/bounties/76a3441d-7f75-4a8d-a7a0-95a7f5456eb0 - https://nvd.nist.gov/vuln/detail/CVE-2023-3521 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-3521 cwe-id: CWE-79 - epss-score: 0.02302 - epss-percentile: 0.83922 - cpe: cpe:2.3:a:fossbilling:fossbilling:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 - vendor: fossbilling + fofa-query: title="FOSSBilling" product: fossbilling - fofa-query: title="fossbilling" - shodan-query: http.title:"fossbilling" - google-query: intitle:"fossbilling" tags: cve2023,cve,fossbilling,xss http: diff --git a/http/cves/2023/CVE-2023-3578.yaml b/http/cves/2023/CVE-2023-3578.yaml index cefb900ba9b..5bc62821d63 100644 --- a/http/cves/2023/CVE-2023-3578.yaml +++ b/http/cves/2023/CVE-2023-3578.yaml @@ -3,7 +3,7 @@ id: CVE-2023-3578 info: name: DedeCMS 5.7.109 - Server-Side Request Forgery author: ritikchaddha - severity: medium + severity: critical description: | Manipulation of the rssurl parameter in co_do.php leads to server-side request forgery in DedeCMS version 5.7.109. impact: | @@ -13,33 +13,21 @@ info: reference: - https://github.com/nightcloudos/cve/blob/main/SSRF.md - https://nvd.nist.gov/vuln/detail/CVE-2023-3578 - - https://vuldb.com/?ctiid.233371 - - https://vuldb.com/?id.233371 - - https://github.com/20142995/nuclei-templates classification: - cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L - cvss-score: 5.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2023-3578 cwe-id: CWE-918 - epss-score: 0.69641 - epss-percentile: 0.9855 + epss-score: 0.00063 + epss-percentile: 0.26288 cpe: cpe:2.3:a:dedecms:dedecms:5.7.109:*:*:*:*:*:*:* metadata: - max-request: 2 vendor: dedecms product: dedecms - shodan-query: - - http.html:"dedecms" - - cpe:"cpe:2.3:a:dedecms:dedecms" - - http.html:"power by dedecms" || title:"dedecms" - - http.title:"dedecms" || http.html:"power by dedecms" - fofa-query: - - app="dedecms" - - body="dedecms" - - body="power by dedecms" || title:"dedecms" - - title="dedecms" || http.html:"power by dedecms" - google-query: intitle:"dedecms" || http.html:"power by dedecms" + shodan-query: http.html:"DedeCms" + fofa-query: app="DedeCMS" tags: cve,cve2023,dedecms,ssrf,oast + flow: http(1) && http(2) http: diff --git a/http/cves/2023/CVE-2023-35813.yaml b/http/cves/2023/CVE-2023-35813.yaml index 695be2941e7..d10091172df 100644 --- a/http/cves/2023/CVE-2023-35813.yaml +++ b/http/cves/2023/CVE-2023-35813.yaml @@ -24,7 +24,9 @@ info: max-request: 1 vendor: sitecore product: experience_commerce - shodan-query: http.title:"sitecore" + shodan-query: + - title:"Sitecore" + - http.title:"sitecore" fofa-query: title="sitecore" google-query: intitle:"sitecore" tags: cve2023,cve,sitecore,rce diff --git a/http/cves/2023/CVE-2023-35843.yaml b/http/cves/2023/CVE-2023-35843.yaml index 146fb768774..0344fed3da0 100644 --- a/http/cves/2023/CVE-2023-35843.yaml +++ b/http/cves/2023/CVE-2023-35843.yaml @@ -29,7 +29,7 @@ info: max-request: 1 vendor: nocodb product: nocodb - shodan-query: http.favicon.hash:"-2017596142" + shodan-query: http.favicon.hash:-2017596142 fofa-query: icon_hash=-2017596142 tags: cve2023,cve,nocodb,lfi diff --git a/http/cves/2023/CVE-2023-35844.yaml b/http/cves/2023/CVE-2023-35844.yaml index 956c6a3fbfd..a47523a2b6b 100644 --- a/http/cves/2023/CVE-2023-35844.yaml +++ b/http/cves/2023/CVE-2023-35844.yaml @@ -24,15 +24,17 @@ info: cvss-score: 7.5 cve-id: CVE-2023-35844 cwe-id: CWE-22 - epss-score: 0.91513 - epss-percentile: 0.99638 + epss-score: 0.04986 + epss-percentile: 0.92655 cpe: cpe:2.3:a:lightdash:lightdash:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: lightdash product: lightdash - shodan-query: http.title:"lightdash" + shodan-query: + - title:"Lightdash" + - http.title:"lightdash" fofa-query: title="lightdash" google-query: intitle:"lightdash" tags: cve,cve2023,lightdash,lfi diff --git a/http/cves/2023/CVE-2023-35885.yaml b/http/cves/2023/CVE-2023-35885.yaml index 6863f5133e0..c949932fbcd 100644 --- a/http/cves/2023/CVE-2023-35885.yaml +++ b/http/cves/2023/CVE-2023-35885.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2023-35885 cwe-id: CWE-565 - epss-score: 0.9413 - epss-percentile: 0.99897 + epss-score: 0.48073 + epss-percentile: 0.97467 cpe: cpe:2.3:a:mgt-commerce:cloudpanel:*:*:*:*:*:*:*:* metadata: verified: true @@ -30,6 +30,7 @@ info: vendor: mgt-commerce product: cloudpanel shodan-query: + - title:"Cloudpanel" - http.title:"cloudpanel" - http.favicon.hash:"151132309" fofa-query: diff --git a/http/cves/2023/CVE-2023-36144.yaml b/http/cves/2023/CVE-2023-36144.yaml index 9bd08ca44f2..cdfe752ea95 100644 --- a/http/cves/2023/CVE-2023-36144.yaml +++ b/http/cves/2023/CVE-2023-36144.yaml @@ -25,7 +25,9 @@ info: max-request: 1 vendor: intelbras product: sg_2404_mr_firmware - shodan-query: http.title:"intelbras" + shodan-query: + - title:"Intelbras" + - http.title:"intelbras" fofa-query: title="intelbras" google-query: intitle:"intelbras" tags: cve2023,cve,intelbras,switch,exposure diff --git a/http/cves/2023/CVE-2023-36284.yaml b/http/cves/2023/CVE-2023-36284.yaml index 3ff4ccf19ec..c95931e1795 100644 --- a/http/cves/2023/CVE-2023-36284.yaml +++ b/http/cves/2023/CVE-2023-36284.yaml @@ -18,8 +18,8 @@ info: cvss-score: 7.5 cve-id: CVE-2023-36284 cwe-id: CWE-89 - epss-score: 0.22033 - epss-percentile: 0.95448 + epss-score: 0.00721 + epss-percentile: 0.80577 cpe: cpe:2.3:a:webkul:qloapps:1.6.0:*:*:*:*:*:*:* metadata: verified: true @@ -27,8 +27,8 @@ info: vendor: webkul product: qloapps fofa-query: + - "title=\"QloApps\"" - title="qloapps" - - title="qloapps installation" tags: time-based-sqli,cve,cve2023,qloapps,sqli,webkul flow: http(1) && http(2) diff --git a/http/cves/2023/CVE-2023-36287.yaml b/http/cves/2023/CVE-2023-36287.yaml index eacf72eea94..bb7b3f64350 100644 --- a/http/cves/2023/CVE-2023-36287.yaml +++ b/http/cves/2023/CVE-2023-36287.yaml @@ -27,9 +27,7 @@ info: max-request: 1 vendor: webkul product: qloapps - fofa-query: - - title="qloapps" - - title="qloapps installation" + fofa-query: title="qloapps" tags: cve2023,cve,xss,webkul-qloapps,unauth,webkul http: diff --git a/http/cves/2023/CVE-2023-36289.yaml b/http/cves/2023/CVE-2023-36289.yaml index ecaf1318f38..76944e33cbf 100644 --- a/http/cves/2023/CVE-2023-36289.yaml +++ b/http/cves/2023/CVE-2023-36289.yaml @@ -27,9 +27,7 @@ info: max-request: 1 vendor: webkul product: qloapps - fofa-query: - - title="qloapps" - - title="qloapps installation" + fofa-query: title="qloapps" tags: cve2023,cve,xss,webkul-qloapps,unauth,webkul variables: email: "{{randstr}}@{{rand_base(5)}}.com" diff --git a/http/cves/2023/CVE-2023-36306.yaml b/http/cves/2023/CVE-2023-36306.yaml index 93df999d9f6..6d1fd2dd3d9 100644 --- a/http/cves/2023/CVE-2023-36306.yaml +++ b/http/cves/2023/CVE-2023-36306.yaml @@ -14,8 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-36306 cwe-id: CWE-79 - epss-score: 0.0298 - epss-percentile: 0.85859 + epss-score: 0.00385 + epss-percentile: 0.73054 cpe: cpe:2.3:a:adiscon:loganalyzer:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-36346.yaml b/http/cves/2023/CVE-2023-36346.yaml index d94e1d40b4d..f06ce9e61b2 100644 --- a/http/cves/2023/CVE-2023-36346.yaml +++ b/http/cves/2023/CVE-2023-36346.yaml @@ -21,8 +21,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-36346 cwe-id: CWE-79 - epss-score: 0.06377 - epss-percentile: 0.90498 + epss-score: 0.00107 + epss-percentile: 0.43313 cpe: cpe:2.3:a:codekop:codekop:2.0:*:*:*:*:*:*:* metadata: verified: "true" diff --git a/http/cves/2023/CVE-2023-36844.yaml b/http/cves/2023/CVE-2023-36844.yaml index 98958bf8231..7fcd09a8d5f 100644 --- a/http/cves/2023/CVE-2023-36844.yaml +++ b/http/cves/2023/CVE-2023-36844.yaml @@ -20,18 +20,16 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N cvss-score: 5.3 cve-id: CVE-2023-36844 - cwe-id: CWE-473,NVD-CWE-Other - epss-score: 0.94297 - epss-percentile: 0.9993 - cpe: cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:* + cwe-id: CWE-473 + epss-score: 0.74086 + epss-percentile: 0.98118 + cpe: cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:* metadata: verified: true max-request: 3 vendor: juniper - product: junos - shodan-query: http.title:"juniper web device manager" - fofa-query: title="juniper web device manager" - google-query: intitle:"juniper web device manager" + product: srx100 + shodan-query: title:"Juniper Web Device Manager" tags: cve2023,cve,packetstorm,juniper,php,rce,intrusive,fileupload,kev variables: string: "CVE-2023-36844" diff --git a/http/cves/2023/CVE-2023-36845.yaml b/http/cves/2023/CVE-2023-36845.yaml index 368b75801ed..6bef4f19799 100644 --- a/http/cves/2023/CVE-2023-36845.yaml +++ b/http/cves/2023/CVE-2023-36845.yaml @@ -18,16 +18,18 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-36845 - cwe-id: CWE-473,NVD-CWE-Other - epss-score: 0.94355 - epss-percentile: 0.99948 + cwe-id: CWE-473 + epss-score: 0.96663 + epss-percentile: 0.99636 cpe: cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: juniper product: junos - shodan-query: http.title:"juniper web device manager" + shodan-query: + - title:"Juniper Web Device Manager" + - http.title:"juniper web device manager" fofa-query: title="juniper web device manager" google-query: intitle:"juniper web device manager" tags: cve,cve2023,packetstorm,rce,unauth,juniper,kev diff --git a/http/cves/2023/CVE-2023-36934.yaml b/http/cves/2023/CVE-2023-36934.yaml index 9838148932a..d0c9496ab59 100644 --- a/http/cves/2023/CVE-2023-36934.yaml +++ b/http/cves/2023/CVE-2023-36934.yaml @@ -29,14 +29,8 @@ info: max-request: 4 vendor: progress product: moveit_transfer - shodan-query: - - http.favicon.hash:"989289239" - - http.html:"human.aspx" - - http.title:"web transfer client" - fofa-query: - - icon_hash=989289239 - - title="web transfer client" - google-query: intitle:"web transfer client" + shodan-query: http.favicon.hash:989289239 + fofa-query: icon_hash=989289239 tags: cve,cve2023,moveit,rce,sqli,intrusive,progress variables: session_cookie: "{{randstr}}" diff --git a/http/cves/2023/CVE-2023-37265.yaml b/http/cves/2023/CVE-2023-37265.yaml index 661844fe1f0..619ca62ac68 100644 --- a/http/cves/2023/CVE-2023-37265.yaml +++ b/http/cves/2023/CVE-2023-37265.yaml @@ -29,11 +29,11 @@ info: vendor: icewhale product: casaos shodan-query: + - http.html:"/CasaOS-UI/public/index.html" - http.html:"/casaos-ui/public/index.html" - - http.html:"casaos" fofa-query: + - body="/CasaOS-UI/public/index.html" - body="/casaos-ui/public/index.html" - - body="casaos" tags: cve,cve2023,oss,casaos,jwt,icewhale http: diff --git a/http/cves/2023/CVE-2023-37266.yaml b/http/cves/2023/CVE-2023-37266.yaml index 691a4bd7fc7..d9bde3bd99a 100644 --- a/http/cves/2023/CVE-2023-37266.yaml +++ b/http/cves/2023/CVE-2023-37266.yaml @@ -16,9 +16,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-37266 - cwe-id: CWE-287,NVD-CWE-noinfo - epss-score: 0.89233 - epss-percentile: 0.995 + cwe-id: CWE-287 + epss-score: 0.03237 + epss-percentile: 0.91226 cpe: cpe:2.3:o:icewhale:casaos:*:*:*:*:*:*:*:* metadata: verified: true @@ -26,11 +26,11 @@ info: vendor: icewhale product: casaos shodan-query: + - http.html:"/CasaOS-UI/public/index.html" - http.html:"/casaos-ui/public/index.html" - - http.html:"casaos" fofa-query: + - body="/CasaOS-UI/public/index.html" - body="/casaos-ui/public/index.html" - - body="casaos" tags: cve2023,cve,oss,casaos,jwt,icewhale variables: jwt_data: '{"iss":"casaos","exp":1790210322,"nbf":1790199522,"iat":1790199522}' diff --git a/http/cves/2023/CVE-2023-37270.yaml b/http/cves/2023/CVE-2023-37270.yaml index 4e951901e29..7472835df4f 100644 --- a/http/cves/2023/CVE-2023-37270.yaml +++ b/http/cves/2023/CVE-2023-37270.yaml @@ -17,27 +17,22 @@ info: - https://github.com/Piwigo/Piwigo/blob/c01ec38bc43f09424a8d404719c35f963d63cf00/include/functions.inc.php#L621 - https://github.com/Piwigo/Piwigo/commit/978425527d6c113887f845d75cf982bbb62d761a classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L - cvss-score: 7.6 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 cve-id: CVE-2023-37270 cwe-id: CWE-89 - epss-score: 0.69123 - epss-percentile: 0.98525 + epss-score: 0.02538 + epss-percentile: 0.90171 cpe: cpe:2.3:a:piwigo:piwigo:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: piwigo product: piwigo - shodan-query: - - http.favicon.hash:"540706145" - - http.html:"- installation" - - http.html:"piwigo" html:"- installation" + shodan-query: http.favicon.hash:540706145 fofa-query: - icon_hash=540706145 - title="piwigo" - - body="- installation" - - body="piwigo" html:"- installation" google-query: powered by piwigo tags: cve2023,cve,piwigo,sqli,authenticated diff --git a/http/cves/2023/CVE-2023-37462.yaml b/http/cves/2023/CVE-2023-37462.yaml index cebb3950057..d1a41516bee 100644 --- a/http/cves/2023/CVE-2023-37462.yaml +++ b/http/cves/2023/CVE-2023-37462.yaml @@ -28,8 +28,9 @@ info: vendor: xwiki product: xwiki shodan-query: - - http.html:"data-xwiki-reference" + - html:"data-xwiki-reference" - xwiki + - http.html:"data-xwiki-reference" fofa-query: body="data-xwiki-reference" tags: cve2023,cve,xwiki,rce diff --git a/http/cves/2023/CVE-2023-37580.yaml b/http/cves/2023/CVE-2023-37580.yaml index 42fd215d58f..a8647cf607c 100644 --- a/http/cves/2023/CVE-2023-37580.yaml +++ b/http/cves/2023/CVE-2023-37580.yaml @@ -28,7 +28,9 @@ info: max-request: 2 vendor: zimbra product: zimbra - shodan-query: http.favicon.hash:"475145467" + shodan-query: + - http.favicon.hash:475145467 + - http.favicon.hash:"475145467" fofa-query: icon_hash="475145467" tags: cve2023,cve,zimbra,xss,authenticated,kev diff --git a/http/cves/2023/CVE-2023-37599.yaml b/http/cves/2023/CVE-2023-37599.yaml index 0a6d8ea1cc4..182e030667b 100644 --- a/http/cves/2023/CVE-2023-37599.yaml +++ b/http/cves/2023/CVE-2023-37599.yaml @@ -24,7 +24,7 @@ info: max-request: 1 vendor: issabel product: issabel-pbx - shodan-query: http.title:"issabel" + shodan-query: title:"issabel" fofa-query: title="issabel" tags: cve,cve2023,issabel,issabel-pbx,directory-listing diff --git a/http/cves/2023/CVE-2023-37645.yaml b/http/cves/2023/CVE-2023-37645.yaml index 7c13f754567..3a11ef454a9 100644 --- a/http/cves/2023/CVE-2023-37645.yaml +++ b/http/cves/2023/CVE-2023-37645.yaml @@ -12,14 +12,13 @@ info: Upgrade eYouCMS to a patched version to mitigate CVE-2023-37645. reference: - https://github.com/weng-xianhu/eyoucms/issues/50 - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2023-37645 cwe-id: CWE-668 - epss-score: 0.56015 - epss-percentile: 0.97938 + epss-score: 0.00046 + epss-percentile: 0.16551 cpe: cpe:2.3:a:eyoucms:eyoucms:1.6.3:*:*:*:*:*:*:* metadata: verified: true @@ -29,7 +28,6 @@ info: fofa-query: - icon_hash="-614262549" - title="eyoucms" - shodan-query: http.favicon.hash:"-614262549" tags: cve,cve2023,info-leak,eyoucms http: diff --git a/http/cves/2023/CVE-2023-3765.yaml b/http/cves/2023/CVE-2023-3765.yaml index 7df1f392f8b..ffa6d37aad6 100644 --- a/http/cves/2023/CVE-2023-3765.yaml +++ b/http/cves/2023/CVE-2023-3765.yaml @@ -20,8 +20,8 @@ info: cvss-score: 10 cve-id: CVE-2023-3765 cwe-id: CWE-36 - epss-score: 0.9279 - epss-percentile: 0.99744 + epss-score: 0.01303 + epss-percentile: 0.85869 cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-37679.yaml b/http/cves/2023/CVE-2023-37679.yaml index 56079afb5d4..b1521111f9a 100644 --- a/http/cves/2023/CVE-2023-37679.yaml +++ b/http/cves/2023/CVE-2023-37679.yaml @@ -17,15 +17,17 @@ info: cvss-score: 9.8 cve-id: CVE-2023-37679 cwe-id: CWE-77 - epss-score: 0.93735 - epss-percentile: 0.9984 + epss-score: 0.07052 + epss-percentile: 0.9396 cpe: cpe:2.3:a:nextgen:mirth_connect:4.3.0:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: nextgen product: mirth_connect - shodan-query: http.title:"mirth connect administrator" + shodan-query: + - title:"mirth connect administrator" + - http.title:"mirth connect administrator" fofa-query: title="mirth connect administrator" google-query: intitle:"mirth connect administrator" tags: packetstorm,cve2023,cve,nextgen,rce diff --git a/http/cves/2023/CVE-2023-37728.yaml b/http/cves/2023/CVE-2023-37728.yaml index 1d0f7a5db10..e9a7a680476 100644 --- a/http/cves/2023/CVE-2023-37728.yaml +++ b/http/cves/2023/CVE-2023-37728.yaml @@ -26,7 +26,7 @@ info: vendor: icewarp product: icewarp shodan-query: - - http.favicon.hash:"2144485375" + - http.favicon.hash:2144485375 - http.title:"icewarp" fofa-query: - title="icewarp" diff --git a/http/cves/2023/CVE-2023-37979.yaml b/http/cves/2023/CVE-2023-37979.yaml index ebaa78e98c5..f9d55ce6816 100644 --- a/http/cves/2023/CVE-2023-37979.yaml +++ b/http/cves/2023/CVE-2023-37979.yaml @@ -27,13 +27,8 @@ info: vendor: ninjaforms product: ninja_forms framework: wordpress - shodan-query: - - http.html:"/wp-content/plugins/ninja-forms/" - - http.html:"/wp-content/plugins/ninja-forms" - fofa-query: - - body=/wp-content/plugins/ninja-forms/ - - body="/wp-content/plugins/ninja-forms" - - body="/wp-content/plugins/ninja-forms/" + shodan-query: http.html:/wp-content/plugins/ninja-forms/ + fofa-query: body=/wp-content/plugins/ninja-forms/ publicwww-query: /wp-content/plugins/ninja-forms/ tags: cve2023,cve,wpscan,packetstorm,xss,wordpress,authenticated,wp-plugin,wp,ninjaforms diff --git a/http/cves/2023/CVE-2023-38035.yaml b/http/cves/2023/CVE-2023-38035.yaml index 28d3197f8e2..024c9ede7d9 100644 --- a/http/cves/2023/CVE-2023-38035.yaml +++ b/http/cves/2023/CVE-2023-38035.yaml @@ -21,7 +21,7 @@ info: cvss-score: 9.8 cve-id: CVE-2023-38035 cwe-id: CWE-863 - epss-score: 0.94435 + epss-score: 0.97506 epss-percentile: 0.99983 cpe: cpe:2.3:a:ivanti:mobileiron_sentry:*:*:*:*:*:*:*:* metadata: @@ -30,11 +30,9 @@ info: vendor: ivanti product: mobileiron_sentry shodan-query: + - 'html:"Note: Requires a local Sentry administrative user"' - 'http.html:"note: requires a local sentry administrative user"' - - http.html:"requires a local sentry administrative user"" - fofa-query: - - 'body="note: requires a local sentry administrative user"' - - body=requires a local sentry administrative user" + fofa-query: 'body="note: requires a local sentry administrative user"' tags: cve2023,cve,packetstorm,ivanti,mobileiron,sentry,kev,rce,auth-bypass,oast variables: oast: "{{interactsh-url}}/?" diff --git a/http/cves/2023/CVE-2023-38040.yaml b/http/cves/2023/CVE-2023-38040.yaml index 7060f17c34a..7f71814fefb 100644 --- a/http/cves/2023/CVE-2023-38040.yaml +++ b/http/cves/2023/CVE-2023-38040.yaml @@ -21,16 +21,12 @@ info: cpe: cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:* metadata: max-request: 2 + shodan-query: http.favicon.hash:106844876 + fofa-query: icon_hash="106844876" vendor: revive-adserver product: revive_adserver - shodan-query: - - http.favicon.hash:"106844876" - - http.title:"revive adserver" - fofa-query: - - icon_hash="106844876" - - title="revive adserver" - google-query: intitle:"revive adserver" - tags: hackerone,cve,cve2023,revive-adserver,xss + tags: cve,cve2023,revive-adserver,xss + flow: http(1) && http(2) http: diff --git a/http/cves/2023/CVE-2023-38192.yaml b/http/cves/2023/CVE-2023-38192.yaml index 8b08759f54a..3b923c22526 100644 --- a/http/cves/2023/CVE-2023-38192.yaml +++ b/http/cves/2023/CVE-2023-38192.yaml @@ -14,24 +14,20 @@ info: - https://herolab.usd.de/security-advisories/usd-2023-0011/ - https://herolab.usd.de/security-advisories/ - https://nvd.nist.gov/vuln/detail/CVE-2023-38192 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-38192 cwe-id: CWE-79 - epss-score: 0.07546 - epss-percentile: 0.91328 + epss-score: 0.00046 + epss-percentile: 0.15636 cpe: cpe:2.3:a:superwebmailer:superwebmailer:9.00.0.01710:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: superwebmailer product: superwebmailer - shodan-query: http.title:"superwebmailer" - fofa-query: title="superwebmailer" - google-query: intitle:"superwebmailer" + shodan-query: title:"SuperWebMailer" tags: cve,cve2023,superwebmailer,xss http: diff --git a/http/cves/2023/CVE-2023-38194.yaml b/http/cves/2023/CVE-2023-38194.yaml index f8c3e267515..5f3dc37347d 100644 --- a/http/cves/2023/CVE-2023-38194.yaml +++ b/http/cves/2023/CVE-2023-38194.yaml @@ -13,23 +13,20 @@ info: reference: - https://herolab.usd.de/security-advisories/usd-2023-0013/ - https://nvd.nist.gov/vuln/detail/CVE-2023-38194 - - https://herolab.usd.de/security-advisories/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-38194 cwe-id: CWE-79 - epss-score: 0.03498 - epss-percentile: 0.87009 + epss-score: 0.00046 + epss-percentile: 0.15636 cpe: cpe:2.3:a:superwebmailer:superwebmailer:9.00.0.01710:*:*:*:*:*:*:* metadata: + max-request: 1 verified: true - max-request: 2 vendor: superwebmailer product: superwebmailer - shodan-query: http.title:"superwebmailer" - fofa-query: title="superwebmailer" - google-query: intitle:"superwebmailer" + shodan-query: title:"SuperWebMailer" tags: cve,cve2023,superwebmailer,xss http: diff --git a/http/cves/2023/CVE-2023-38203.yaml b/http/cves/2023/CVE-2023-38203.yaml index 3fb5e1acb2b..3c29168ca29 100644 --- a/http/cves/2023/CVE-2023-38203.yaml +++ b/http/cves/2023/CVE-2023-38203.yaml @@ -19,18 +19,20 @@ info: cvss-score: 9.8 cve-id: CVE-2023-38203 cwe-id: CWE-502 - epss-score: 0.94264 - epss-percentile: 0.99924 + epss-score: 0.97037 + epss-percentile: 0.99755 cpe: cpe:2.3:a:adobe:coldfusion:2018:-:*:*:*:*:*:* metadata: max-request: 1 vendor: adobe product: coldfusion shodan-query: + - http.component:"Adobe ColdFusion" - http.component:"adobe coldfusion" - http.title:"coldfusion administrator login" - cpe:"cpe:2.3:a:adobe:coldfusion" fofa-query: + - app="Adobe-ColdFusion" - app="adobe-coldfusion" - title="coldfusion administrator login" google-query: intitle:"coldfusion administrator login" diff --git a/http/cves/2023/CVE-2023-38205.yaml b/http/cves/2023/CVE-2023-38205.yaml index 0f6b2f4b7ae..b81ef8a2992 100644 --- a/http/cves/2023/CVE-2023-38205.yaml +++ b/http/cves/2023/CVE-2023-38205.yaml @@ -29,10 +29,12 @@ info: vendor: adobe product: coldfusion shodan-query: + - http.component:"Adobe ColdFusion" - http.component:"adobe coldfusion" - http.title:"coldfusion administrator login" - cpe:"cpe:2.3:a:adobe:coldfusion" fofa-query: + - app="Adobe-ColdFusion" - app="adobe-coldfusion" - title="coldfusion administrator login" google-query: intitle:"coldfusion administrator login" diff --git a/http/cves/2023/CVE-2023-3836.yaml b/http/cves/2023/CVE-2023-3836.yaml index 6ba51b7c802..aba76a8594e 100644 --- a/http/cves/2023/CVE-2023-3836.yaml +++ b/http/cves/2023/CVE-2023-3836.yaml @@ -3,7 +3,7 @@ id: CVE-2023-3836 info: name: Dahua Smart Park Management - Arbitrary File Upload author: HuTa0 - severity: medium + severity: critical description: | Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePoint_addImgIco?. remediation: | @@ -15,23 +15,23 @@ info: - https://vuldb.com/?id.235162 - https://github.com/1f3lse/taiE classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L - cvss-score: 6.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2023-3836 cwe-id: CWE-434 - epss-score: 0.90446 - epss-percentile: 0.99572 + epss-score: 0.02637 + epss-percentile: 0.90348 cpe: cpe:2.3:a:dahuasecurity:smart_parking_management:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: dahuasecurity product: smart_parking_management - shodan-query: http.html:"/wpms/asset" + shodan-query: + - html:"/WPMS/asset" + - http.html:"/wpms/asset" fofa-query: body="/wpms/asset" - zoomeye-query: - - app="大华智慧园区综合管理平台" - - /wpms/asset + zoomeye-query: app="大华智慧园区综合管理平台" tags: cve2023,cve,dahua,fileupload,intrusive,rce,dahuasecurity variables: random_str: "{{rand_base(6)}}" diff --git a/http/cves/2023/CVE-2023-38433.yaml b/http/cves/2023/CVE-2023-38433.yaml index c7138bc2869..44887da589c 100644 --- a/http/cves/2023/CVE-2023-38433.yaml +++ b/http/cves/2023/CVE-2023-38433.yaml @@ -27,7 +27,9 @@ info: max-request: 2 vendor: fujitsu product: ip-he950e_firmware - shodan-query: '"server:"thttpd/2.25b 29dec2003" content-length1133"' + shodan-query: + - '"Server: thttpd/2.25b 29dec2003" content-length:1133' + - '"server: thttpd/2.25b 29dec2003" content-length:1133' max-req: 1 tags: cve2023,cve,fujitsu,ip-series diff --git a/http/cves/2023/CVE-2023-3844.yaml b/http/cves/2023/CVE-2023-3844.yaml index f8d7b20d1bd..5a9939b36fb 100644 --- a/http/cves/2023/CVE-2023-3844.yaml +++ b/http/cves/2023/CVE-2023-3844.yaml @@ -3,7 +3,7 @@ id: CVE-2023-3844 info: name: MooDating 1.2 - Cross-Site Scripting author: r3Y3r53 - severity: low + severity: medium description: | A vulnerability was found in mooSocial mooDating 1.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /friends of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. reference: @@ -12,12 +12,12 @@ info: - https://vuldb.com/?ctiid.235195 - https://vuldb.com/?id.235195 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N - cvss-score: 3.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2023-3844 cwe-id: CWE-79 - epss-score: 0.07189 - epss-percentile: 0.91092 + epss-score: 0.00235 + epss-percentile: 0.61597 cpe: cpe:2.3:a:moosocial:moodating:1.2:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-3845.yaml b/http/cves/2023/CVE-2023-3845.yaml index c4739f25108..4868d541492 100644 --- a/http/cves/2023/CVE-2023-3845.yaml +++ b/http/cves/2023/CVE-2023-3845.yaml @@ -3,7 +3,7 @@ id: CVE-2023-3845 info: name: MooDating 1.2 - Cross-Site Scripting author: r3Y3r53 - severity: low + severity: medium description: | A vulnerability was found in mooSocial mooDating 1.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /friends/ajax_invite of the component URL Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. reference: @@ -12,12 +12,12 @@ info: - https://vuldb.com/?ctiid.235196 - https://vuldb.com/?id.235196 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N - cvss-score: 3.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2023-3845 cwe-id: CWE-79 - epss-score: 0.07189 - epss-percentile: 0.91092 + epss-score: 0.00235 + epss-percentile: 0.61597 cpe: cpe:2.3:a:moosocial:moodating:1.2:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-3847.yaml b/http/cves/2023/CVE-2023-3847.yaml index af7d3d06754..79081634379 100644 --- a/http/cves/2023/CVE-2023-3847.yaml +++ b/http/cves/2023/CVE-2023-3847.yaml @@ -3,7 +3,7 @@ id: CVE-2023-3847 info: name: MooDating 1.2 - Cross-Site scripting author: r3Y3r53 - severity: low + severity: medium description: | A vulnerability classified as problematic was found in mooSocial mooDating 1.2. This vulnerability affects unknown code of the file /users of the component URL Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. reference: @@ -13,12 +13,12 @@ info: - https://vuldb.com/?id.235198 - https://github.com/fkie-cad/nvd-json-data-feeds classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N - cvss-score: 3.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2023-3847 cwe-id: CWE-79 - epss-score: 0.07189 - epss-percentile: 0.91092 + epss-score: 0.00235 + epss-percentile: 0.61597 cpe: cpe:2.3:a:moosocial:moodating:1.2:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-3849.yaml b/http/cves/2023/CVE-2023-3849.yaml index 2b2e0b0c20f..735148c899c 100644 --- a/http/cves/2023/CVE-2023-3849.yaml +++ b/http/cves/2023/CVE-2023-3849.yaml @@ -3,7 +3,7 @@ id: CVE-2023-3849 info: name: mooDating 1.2 - Cross-site scripting author: r3Y3r53 - severity: low + severity: medium description: | A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. reference: @@ -13,12 +13,12 @@ info: - https://vuldb.com/?id.235200 - https://github.com/fkie-cad/nvd-json-data-feeds classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N - cvss-score: 3.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2023-3849 cwe-id: CWE-79 - epss-score: 0.07189 - epss-percentile: 0.91092 + epss-score: 0.00235 + epss-percentile: 0.61597 cpe: cpe:2.3:a:moosocial:moodating:1.2:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-38501.yaml b/http/cves/2023/CVE-2023-38501.yaml index 1c940817b21..29c1ca80da5 100644 --- a/http/cves/2023/CVE-2023-38501.yaml +++ b/http/cves/2023/CVE-2023-38501.yaml @@ -26,7 +26,9 @@ info: max-request: 1 vendor: copyparty_project product: copyparty - shodan-query: http.title:"copyparty" + shodan-query: + - title:"copyparty" + - http.title:"copyparty" fofa-query: title="copyparty" google-query: intitle:"copyparty" tags: cve,cve2023,packetstorm,copyparty,xss,oss,copyparty_project diff --git a/http/cves/2023/CVE-2023-38646.yaml b/http/cves/2023/CVE-2023-38646.yaml index 0b524d8d827..71b2bf695ec 100644 --- a/http/cves/2023/CVE-2023-38646.yaml +++ b/http/cves/2023/CVE-2023-38646.yaml @@ -21,18 +21,21 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-38646 - epss-score: 0.94219 - epss-percentile: 0.99912 + epss-score: 0.91302 + epss-percentile: 0.98865 cpe: cpe:2.3:a:metabase:metabase:*:*:*:*:-:*:*:* metadata: verified: true max-request: 2 vendor: metabase product: metabase - shodan-query: http.title:"metabase" + shodan-query: + - http.title:"Metabase" + - http.title:"metabase" fofa-query: - - app="metabase" + - app="Metabase" - title="metabase" + - app="metabase" google-query: intitle:"metabase" tags: cve2023,cve,metabase,oss,rce variables: diff --git a/http/cves/2023/CVE-2023-38964.yaml b/http/cves/2023/CVE-2023-38964.yaml index a9951dde831..3acfb8aa197 100644 --- a/http/cves/2023/CVE-2023-38964.yaml +++ b/http/cves/2023/CVE-2023-38964.yaml @@ -27,7 +27,9 @@ info: vendor: creativeitem product: academy_lms shodan-query: http.html:"academy lms" - fofa-query: body="academy lms" + fofa-query: + - body="Academy LMS" + - body="academy lms" tags: cve2023,cve,academylms,xss,creativeitem http: diff --git a/http/cves/2023/CVE-2023-38992.yaml b/http/cves/2023/CVE-2023-38992.yaml index b842f2c23bf..ebef6448488 100644 --- a/http/cves/2023/CVE-2023-38992.yaml +++ b/http/cves/2023/CVE-2023-38992.yaml @@ -14,29 +14,19 @@ info: - https://github.com/jeecgboot/jeecg-boot/issues/5173 - https://my.oschina.net/jeecg/blog/10107636 - https://nvd.nist.gov/vuln/detail/CVE-2023-38992 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-38992 cwe-id: CWE-89 - epss-score: 0.67007 - epss-percentile: 0.98429 + epss-score: 0.00076 + epss-percentile: 0.31944 cpe: cpe:2.3:a:jeecg:jeecg_boot:3.5.1:*:*:*:*:*:*:* metadata: - verified: true max-request: 4 - vendor: jeecg - product: jeecg_boot - shodan-query: - - http.favicon.hash:"1380908726" - - http.favicon.hash:"-250963920" - fofa-query: - - icon_hash=1380908726 - - icon_hash="-250963920" - - icon_hash="1380908726" - - title="jeecg-boot" + verified: true + shodan-query: http.favicon.hash:1380908726 + fofa-query: icon_hash=1380908726 tags: cve,cve2023,jeecg,jeecg-boot,sqli http: diff --git a/http/cves/2023/CVE-2023-39002.yaml b/http/cves/2023/CVE-2023-39002.yaml index 0be10a24107..c808db4f2a6 100644 --- a/http/cves/2023/CVE-2023-39002.yaml +++ b/http/cves/2023/CVE-2023-39002.yaml @@ -22,7 +22,9 @@ info: max-request: 3 vendor: opnsense product: opnsense - shodan-query: http.title:"opnsense" + shodan-query: + - title:"OPNsense" + - http.title:"opnsense" fofa-query: title="opnsense" google-query: intitle:"opnsense" tags: cve2023,cve,opnsense,xss,authenticated,rce diff --git a/http/cves/2023/CVE-2023-39007.yaml b/http/cves/2023/CVE-2023-39007.yaml index f30b0306344..bc2845acce5 100644 --- a/http/cves/2023/CVE-2023-39007.yaml +++ b/http/cves/2023/CVE-2023-39007.yaml @@ -9,22 +9,19 @@ info: reference: - https://logicaltrust.net/blog/2023/08/opnsense.html - https://nvd.nist.gov/vuln/detail/CVE-2023-39007 - - https://github.com/opnsense/core/compare/23.1.11...23.7 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H cvss-score: 9.6 cve-id: CVE-2023-39007 cwe-id: CWE-79 - epss-score: 0.47078 - epss-percentile: 0.97519 cpe: cpe:2.3:a:opnsense:opnsense:*:*:*:*:*:*:*:* metadata: max-request: 3 vendor: opnsense product: opnsense - shodan-query: http.title:"opnsense" + shodan-query: + - title:"OPNsense" + - http.title:"opnsense" fofa-query: title="opnsense" google-query: intitle:"opnsense" tags: cve2023,cve,opnsense,xss,authenticated,rce diff --git a/http/cves/2023/CVE-2023-39024.yaml b/http/cves/2023/CVE-2023-39024.yaml index 1add2dfd758..af976d1ba8c 100644 --- a/http/cves/2023/CVE-2023-39024.yaml +++ b/http/cves/2023/CVE-2023-39024.yaml @@ -15,8 +15,9 @@ info: max-request: 2 vendor: harman product: media-suite - fofa-query: harman media suite + fofa-query: "Harman Media Suite" tags: cve,cve2023,harman,media-suite,lfi + flow: http(1) && http(2) http: diff --git a/http/cves/2023/CVE-2023-39026.yaml b/http/cves/2023/CVE-2023-39026.yaml index 4e736aed413..cad65446286 100644 --- a/http/cves/2023/CVE-2023-39026.yaml +++ b/http/cves/2023/CVE-2023-39026.yaml @@ -21,19 +21,17 @@ info: cvss-score: 7.5 cve-id: CVE-2023-39026 cwe-id: CWE-22 - epss-score: 0.88638 - epss-percentile: 0.99464 - cpe: cpe:2.3:a:filemage:filemage:*:*:*:*:*:*:*:* + epss-score: 0.04279 + epss-percentile: 0.92285 + cpe: cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* metadata: verified: true max-request: 1 - vendor: filemage - product: filemage + vendor: microsoft + product: windows shodan-query: - - http.title:"filemage" + - title:"FileMage" - cpe:"cpe:2.3:o:microsoft:windows" - fofa-query: title="filemage" - google-query: intitle:"filemage" tags: cve2023,cve,packetstorm,lfi,filemage,microsoft http: diff --git a/http/cves/2023/CVE-2023-39108.yaml b/http/cves/2023/CVE-2023-39108.yaml index 29d565845d5..1dd717fa30f 100644 --- a/http/cves/2023/CVE-2023-39108.yaml +++ b/http/cves/2023/CVE-2023-39108.yaml @@ -16,15 +16,17 @@ info: cvss-score: 8.8 cve-id: CVE-2023-39108 cwe-id: CWE-918 - epss-score: 0.79504 - epss-percentile: 0.99017 + epss-score: 0.05213 + epss-percentile: 0.92994 cpe: cpe:2.3:a:rconfig:rconfig:3.9.4:*:*:*:*:*:*:* metadata: verified: true max-request: 3 vendor: rconfig product: rconfig - shodan-query: http.title:"rconfig" + shodan-query: + - http.title:"rConfig" + - http.title:"rconfig" fofa-query: title="rconfig" google-query: intitle:"rconfig" tags: cve2023,cve,rconfig,authenticated,ssrf,lfr diff --git a/http/cves/2023/CVE-2023-39109.yaml b/http/cves/2023/CVE-2023-39109.yaml index 8aaca06ee56..e7df5efa23c 100644 --- a/http/cves/2023/CVE-2023-39109.yaml +++ b/http/cves/2023/CVE-2023-39109.yaml @@ -16,15 +16,17 @@ info: cvss-score: 8.8 cve-id: CVE-2023-39109 cwe-id: CWE-918 - epss-score: 0.79504 - epss-percentile: 0.99017 + epss-score: 0.05213 + epss-percentile: 0.92994 cpe: cpe:2.3:a:rconfig:rconfig:3.9.4:*:*:*:*:*:*:* metadata: verified: true max-request: 3 vendor: rconfig product: rconfig - shodan-query: http.title:"rconfig" + shodan-query: + - http.title:"rConfig" + - http.title:"rconfig" fofa-query: title="rconfig" google-query: intitle:"rconfig" tags: cve2023,cve,rconfig,authenticated,ssrf,lfi diff --git a/http/cves/2023/CVE-2023-39110.yaml b/http/cves/2023/CVE-2023-39110.yaml index 0bc064184e2..c86852cc085 100644 --- a/http/cves/2023/CVE-2023-39110.yaml +++ b/http/cves/2023/CVE-2023-39110.yaml @@ -16,15 +16,17 @@ info: cvss-score: 8.8 cve-id: CVE-2023-39110 cwe-id: CWE-918 - epss-score: 0.79504 - epss-percentile: 0.99017 + epss-score: 0.05213 + epss-percentile: 0.92994 cpe: cpe:2.3:a:rconfig:rconfig:3.9.4:*:*:*:*:*:*:* metadata: verified: true max-request: 3 vendor: rconfig product: rconfig - shodan-query: http.title:"rconfig" + shodan-query: + - http.title:"rConfig" + - http.title:"rconfig" fofa-query: title="rconfig" google-query: intitle:"rconfig" tags: cve2023,cve,rconfig,authenticated,ssrf,lfr diff --git a/http/cves/2023/CVE-2023-39141.yaml b/http/cves/2023/CVE-2023-39141.yaml index b234d480c9c..bee12d2b9b1 100644 --- a/http/cves/2023/CVE-2023-39141.yaml +++ b/http/cves/2023/CVE-2023-39141.yaml @@ -21,15 +21,17 @@ info: cvss-score: 7.5 cve-id: CVE-2023-39141 cwe-id: CWE-22 - epss-score: 0.83376 - epss-percentile: 0.99204 + epss-score: 0.005 + epss-percentile: 0.76302 cpe: cpe:2.3:a:ziahamza:webui-aria2:-:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: ziahamza product: webui-aria2 - shodan-query: http.title:"aria2 webui" + shodan-query: + - title:"Aria2 WebUI" + - http.title:"aria2 webui" fofa-query: title="aria2 webui" google-query: intitle:"aria2 webui" tags: cve2023,cve,lfi,unauth,aria2,webui,ziahamza diff --git a/http/cves/2023/CVE-2023-39143.yaml b/http/cves/2023/CVE-2023-39143.yaml index 649159d096f..03c3f339039 100644 --- a/http/cves/2023/CVE-2023-39143.yaml +++ b/http/cves/2023/CVE-2023-39143.yaml @@ -29,15 +29,13 @@ info: vendor: papercut product: papercut_mf shodan-query: - - http.html:"content=\"papercut\"" + - html:"content=\"PaperCut\"" - http.html:"papercut" + - http.html:"content=\"papercut\"" - cpe:"cpe:2.3:a:papercut:papercut_mf" - - http.title:"papercut" fofa-query: - body="papercut" - body="content=\"papercut\"" - - title="papercut" - google-query: intitle:"papercut" tags: cve2023,cve,lfi,papercut http: diff --git a/http/cves/2023/CVE-2023-3936.yaml b/http/cves/2023/CVE-2023-3936.yaml index a783332960c..d3b4ea1b0d6 100644 --- a/http/cves/2023/CVE-2023-3936.yaml +++ b/http/cves/2023/CVE-2023-3936.yaml @@ -13,14 +13,13 @@ info: reference: - https://wpscan.com/vulnerability/6d09a5d3-046d-47ef-86b4-c024ea09dc0f - https://nvd.nist.gov/vuln/detail/CVE-2023-3936 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-3936 cwe-id: CWE-79 - epss-score: 0.05942 - epss-percentile: 0.90147 + epss-score: 0.00071 + epss-percentile: 0.30429 cpe: cpe:2.3:a:adenion:blog2social:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-39361.yaml b/http/cves/2023/CVE-2023-39361.yaml index d3962cdbcf1..e9971a7b2e8 100644 --- a/http/cves/2023/CVE-2023-39361.yaml +++ b/http/cves/2023/CVE-2023-39361.yaml @@ -19,8 +19,8 @@ info: cvss-score: 9.8 cve-id: CVE-2023-39361 cwe-id: CWE-89 - epss-score: 0.93189 - epss-percentile: 0.99784 + epss-score: 0.233 + epss-percentile: 0.9655 cpe: cpe:2.3:a:cacti:cacti:1.2.24:*:*:*:*:*:*:* metadata: verified: true @@ -28,6 +28,7 @@ info: vendor: cacti product: cacti shodan-query: + - title:"Login to Cacti" - http.title:"login to cacti" - http.title:"cacti" - http.favicon.hash:"-1797138069" diff --git a/http/cves/2023/CVE-2023-39560.yaml b/http/cves/2023/CVE-2023-39560.yaml index 96b9dd4a47b..ca715a28457 100644 --- a/http/cves/2023/CVE-2023-39560.yaml +++ b/http/cves/2023/CVE-2023-39560.yaml @@ -9,15 +9,13 @@ info: reference: - https://wiki.bachang.org/doc/2582/ - https://nvd.nist.gov/vuln/detail/CVE-2023-39560 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-39560 cwe-id: CWE-89 - epss-score: 0.65201 - epss-percentile: 0.98352 + epss-score: 0.00139 + epss-percentile: 0.50318 cpe: cpe:2.3:a:ectouch:ectouch:2.0:*:*:*:*:*:*:* metadata: verified: true @@ -25,7 +23,6 @@ info: vendor: ectouch product: ectouch fofa-query: icon_hash="127711143" - shodan-query: http.favicon.hash:"127711143" tags: cve,cve2023,ectouch,sqli http: diff --git a/http/cves/2023/CVE-2023-39598.yaml b/http/cves/2023/CVE-2023-39598.yaml index a7789ecad13..0545e322fe6 100644 --- a/http/cves/2023/CVE-2023-39598.yaml +++ b/http/cves/2023/CVE-2023-39598.yaml @@ -26,7 +26,9 @@ info: max-request: 1 vendor: icewarp product: webclient - shodan-query: http.title:"icewarp" + shodan-query: + - title:"icewarp" + - http.title:"icewarp" fofa-query: title="icewarp" google-query: intitle:"icewarp" tags: cve2023,cve,xss,icewarp diff --git a/http/cves/2023/CVE-2023-39600.yaml b/http/cves/2023/CVE-2023-39600.yaml index 2808b602f6e..e4f4bebc6cc 100644 --- a/http/cves/2023/CVE-2023-39600.yaml +++ b/http/cves/2023/CVE-2023-39600.yaml @@ -18,16 +18,17 @@ info: cvss-score: 6.1 cve-id: CVE-2023-39600 cwe-id: CWE-79 - epss-score: 0.0431 - epss-percentile: 0.88293 + epss-score: 0.00071 + epss-percentile: 0.30401 cpe: cpe:2.3:a:icewarp:icewarp:11.4.6.0:*:*:*:*:*:*:* metadata: max-request: 1 vendor: icewarp product: icewarp shodan-query: + - title:"icewarp" + - http.favicon.hash:2144485375 - http.title:"icewarp" - - http.favicon.hash:"2144485375" fofa-query: - title="icewarp" - icon_hash=2144485375 diff --git a/http/cves/2023/CVE-2023-39650.yaml b/http/cves/2023/CVE-2023-39650.yaml index 519abbe90dd..a958dd87df9 100644 --- a/http/cves/2023/CVE-2023-39650.yaml +++ b/http/cves/2023/CVE-2023-39650.yaml @@ -19,11 +19,12 @@ info: epss-score: 0.04685 epss-percentile: 0.91818 metadata: - verified: true max-request: 4 + verified: true framework: prestashop shodan-query: html:"/tvcmsblog" tags: time-based-sqli,cve,cve2023,prestashop,sqli,tvcmsblog + flow: http(1) && http(2) http: diff --git a/http/cves/2023/CVE-2023-39676.yaml b/http/cves/2023/CVE-2023-39676.yaml index b2c8e627392..daeec5ce083 100644 --- a/http/cves/2023/CVE-2023-39676.yaml +++ b/http/cves/2023/CVE-2023-39676.yaml @@ -17,8 +17,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-39676 cwe-id: CWE-79 - epss-score: 0.0921 - epss-percentile: 0.92272 + epss-score: 0.00167 + epss-percentile: 0.53401 cpe: cpe:2.3:a:fieldthemes:fieldpopupnewsletter:1.0.0:*:*:*:*:prestashop:*:* metadata: verified: "true" @@ -26,7 +26,9 @@ info: vendor: fieldthemes product: fieldpopupnewsletter framework: prestashop - shodan-query: http.html:"fieldpopupnewsletter" + shodan-query: + - html:"fieldpopupnewsletter" + - http.html:"fieldpopupnewsletter" fofa-query: body="fieldpopupnewsletter" tags: cve2023,cve,prestashop,xss,fieldthemes diff --git a/http/cves/2023/CVE-2023-39677.yaml b/http/cves/2023/CVE-2023-39677.yaml index 43de9865273..5e2aa00e653 100644 --- a/http/cves/2023/CVE-2023-39677.yaml +++ b/http/cves/2023/CVE-2023-39677.yaml @@ -26,7 +26,9 @@ info: vendor: simpleimportproduct_project product: simpleimportproduct framework: prestashop - shodan-query: http.component:"prestashop" + shodan-query: + - http.component:"PrestaShop" + - http.component:"prestashop" tags: cve2023,cve,prestashop,phpinfo,disclosure,simpleimportproduct_project http: diff --git a/http/cves/2023/CVE-2023-39700.yaml b/http/cves/2023/CVE-2023-39700.yaml index b2194d4b027..e7842b2d106 100644 --- a/http/cves/2023/CVE-2023-39700.yaml +++ b/http/cves/2023/CVE-2023-39700.yaml @@ -16,8 +16,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-39700 cwe-id: CWE-79 - epss-score: 0.15473 - epss-percentile: 0.94291 + epss-score: 0.00103 + epss-percentile: 0.42039 cpe: cpe:2.3:a:icewarp:mail_server:10.4.5:*:*:*:*:*:*:* metadata: verified: true @@ -25,6 +25,7 @@ info: vendor: icewarp product: mail_server shodan-query: + - http.title:"IceWarp Server Administration" - http.title:"icewarp server administration" - http.title:"icewarp" - cpe:"cpe:2.3:a:icewarp:mail_server" @@ -35,7 +36,6 @@ info: - intitle:"icewarp server administration" - intitle:"icewarp" - powered by icewarp 10.4.4 - - powered by icewarp 10.2.1 tags: cve,cve2023,icewarp,xss,unauth http: diff --git a/http/cves/2023/CVE-2023-39796.yaml b/http/cves/2023/CVE-2023-39796.yaml index 59dfd8be28b..827b1767a09 100644 --- a/http/cves/2023/CVE-2023-39796.yaml +++ b/http/cves/2023/CVE-2023-39796.yaml @@ -16,8 +16,8 @@ info: cvss-score: 9.8 cve-id: CVE-2023-39796 cwe-id: CWE-89 - epss-score: 0.8192 - epss-percentile: 0.9914 + epss-score: 0.05018 + epss-percentile: 0.92857 cpe: cpe:2.3:a:wbce:wbce_cms:1.6.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-3990.yaml b/http/cves/2023/CVE-2023-3990.yaml index cc4f002e9cc..2ad584db1e6 100644 --- a/http/cves/2023/CVE-2023-3990.yaml +++ b/http/cves/2023/CVE-2023-3990.yaml @@ -3,7 +3,7 @@ id: CVE-2023-3990 info: name: Mingsoft MCMS < 5.3.1 - Cross-Site Scripting author: ritikchaddha - severity: low + severity: medium description: | A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-235611. impact: | @@ -13,23 +13,22 @@ info: reference: - https://gitee.com/mingSoft/MCMS/issues/I7K4DQ - https://nvd.nist.gov/vuln/detail/CVE-2023-3990 - - https://vuldb.com/?ctiid.235611 - - https://vuldb.com/?id.235611 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N - cvss-score: 3.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2023-3990 cwe-id: CWE-79 - epss-score: 0.07054 - epss-percentile: 0.90994 + epss-score: 0.00345 + epss-percentile: 0.6789 cpe: cpe:2.3:a:mingsoft:mcms:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: mingsoft product: mcms - shodan-query: http.favicon.hash:"1464851260" + shodan-query: http.favicon.hash:1464851260 fofa-query: icon_hash="1464851260" tags: cve,cve2023,mingsoft,mcms,xss + flow: http(1) && http(2) http: diff --git a/http/cves/2023/CVE-2023-40208.yaml b/http/cves/2023/CVE-2023-40208.yaml index 2fe8639ade3..514c7f4f5af 100644 --- a/http/cves/2023/CVE-2023-40208.yaml +++ b/http/cves/2023/CVE-2023-40208.yaml @@ -3,7 +3,7 @@ id: CVE-2023-40208 info: name: Stock Ticker <= 3.23.2 - Cross-Site Scripting author: theamanrawat - severity: high + severity: medium description: | The Stock Ticker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in the ajax_stockticker_load function in versions up to, and including, 3.23.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. remediation: Fixed in version 3.23.3 @@ -14,12 +14,12 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2023-40208 - https://patchstack.com/database/vulnerability/stock-ticker/wordpress-stock-ticker-plugin-3-23-3-unauth-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L - cvss-score: 7.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2023-40208 cwe-id: CWE-79 - epss-score: 0.06271 - epss-percentile: 0.90413 + epss-score: 0.00071 + epss-percentile: 0.30433 cpe: cpe:2.3:a:urosevic:stock_ticker:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -27,7 +27,7 @@ info: vendor: urosevic product: stock_ticker framework: wordpress - shodan-query: http.html:"/wp-content/plugins/stock-ticker/" + shodan-query: http.html:/wp-content/plugins/stock-ticker/ fofa-query: body=/wp-content/plugins/stock-ticker/ publicwww-query: /wp-content/plugins/stock-ticker/ tags: cve2023,cve,wordpress,wp-plugin,wpscan,wp,stock-ticker,xss,urosevic diff --git a/http/cves/2023/CVE-2023-40355.yaml b/http/cves/2023/CVE-2023-40355.yaml index aa4308ce6eb..d263dd10071 100644 --- a/http/cves/2023/CVE-2023-40355.yaml +++ b/http/cves/2023/CVE-2023-40355.yaml @@ -22,7 +22,7 @@ info: max-request: 3 vendor: axigen product: axigen_mobile_webmail - shodan-query: http.favicon.hash:"-1247684400" + shodan-query: http.favicon.hash:-1247684400 fofa-query: icon_hash=-1247684400 tags: cve,cve2023,xss,axigen,webmail diff --git a/http/cves/2023/CVE-2023-40504.yaml b/http/cves/2023/CVE-2023-40504.yaml index bd5bb6ebcc9..d71ab32c9d1 100644 --- a/http/cves/2023/CVE-2023-40504.yaml +++ b/http/cves/2023/CVE-2023-40504.yaml @@ -12,21 +12,20 @@ info: - https://www.usom.gov.tr/bildirim/tr-24-0417 - https://nvd.nist.gov/vuln/detail/CVE-2023-40504 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-40504 cwe-id: CWE-78 - epss-score: 0.89601 - epss-percentile: 0.99521 - cpe: cpe:2.3:a:lg:simple_editor:3.21.0:*:*:*:*:*:*:* + epss-score: 0.00094 + epss-percentile: 0.40471 metadata: + max-request: 1 verified: true - max-request: 4 vendor: lg - product: "simple_editor" + product: simple_editor fofa-query: icon_hash="159985907" - shodan-query: http.favicon.hash:"159985907" - tags: packetstorm,cve,cve2023,lg,simple-editor,intrusive,rce,file-upload + tags: cve,cve2023,lg,simple-editor,intrusive,rce,file-upload + variables: filename: "{{rand_base(12)}}" diff --git a/http/cves/2023/CVE-2023-40748.yaml b/http/cves/2023/CVE-2023-40748.yaml index df7a351eaae..676d5e12684 100644 --- a/http/cves/2023/CVE-2023-40748.yaml +++ b/http/cves/2023/CVE-2023-40748.yaml @@ -9,24 +9,18 @@ info: reference: - https://medium.com/@tfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f - https://nvd.nist.gov/vuln/detail/CVE-2023-40748 - - https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f - - https://www.phpjabbers.com/food-delivery-script/ - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-40748 cwe-id: CWE-89 - epss-score: 0.29205 - epss-percentile: 0.96313 cpe: cpe:2.3:a:phpjabbers:food_delivery_script:3.0:*:*:*:*:*:*:* metadata: verified: true max-request: 1 + shodan-query: html:"PHPJabbers" vendor: phpjabbers product: food_delivery_script - shodan-query: http.html:"phpjabbers" - fofa-query: body="phpjabbers" tags: cve,cve2023,phpjabbers,food-delivery,sqli http: diff --git a/http/cves/2023/CVE-2023-40749.yaml b/http/cves/2023/CVE-2023-40749.yaml index 91b0b3f205b..b089208dcbf 100644 --- a/http/cves/2023/CVE-2023-40749.yaml +++ b/http/cves/2023/CVE-2023-40749.yaml @@ -18,10 +18,9 @@ info: metadata: verified: true max-request: 1 + shodan-query: html:"PHPJabbers" vendor: phpjabbers product: food_delivery_script - shodan-query: http.html:"phpjabbers" - fofa-query: body="phpjabbers" tags: cve,cve2023,phpjabbers,food-delivery,sqli http: diff --git a/http/cves/2023/CVE-2023-40750.yaml b/http/cves/2023/CVE-2023-40750.yaml index 9a60d1d9d23..af9e1fabbcf 100644 --- a/http/cves/2023/CVE-2023-40750.yaml +++ b/http/cves/2023/CVE-2023-40750.yaml @@ -9,24 +9,19 @@ info: reference: - https://medium.com/@tfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f - https://nvd.nist.gov/vuln/detail/CVE-2023-40750 - - https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f - - https://www.phpjabbers.com/yacht-listing-script/ - - https://github.com/fkie-cad/nvd-json-data-feeds classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-40750 cwe-id: CWE-79 - epss-score: 0.01538 - epss-percentile: 0.80417 cpe: cpe:2.3:a:phpjabbers:yacht_listing_script:1.0:*:*:*:*:*:*:* metadata: verified: true max-request: 1 + shodan-query: html:"PHPJabbers" + fofa-query: body="PHPJabbers" vendor: phpjabbers product: yacht_listing_script - shodan-query: http.html:"phpjabbers" - fofa-query: body="phpjabbers" tags: cve,cve2023,phpjabbers,yacht-listing,xss http: diff --git a/http/cves/2023/CVE-2023-40751.yaml b/http/cves/2023/CVE-2023-40751.yaml index 477e4e9c254..271fe459f25 100644 --- a/http/cves/2023/CVE-2023-40751.yaml +++ b/http/cves/2023/CVE-2023-40751.yaml @@ -9,24 +9,19 @@ info: reference: - https://medium.com/@tfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f - https://nvd.nist.gov/vuln/detail/CVE-2023-40751 - - https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f - - https://www.phpjabbers.com/fundraising-script/ - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-40751 cwe-id: CWE-79 - epss-score: 0.01384 - epss-percentile: 0.79352 cpe: cpe:2.3:a:phpjabbers:fundraising_script:1.0:*:*:*:*:*:*:* metadata: verified: true max-request: 1 + shodan-query: html:"PHPJabbers" + fofa-query: body="PHPJabbers" vendor: phpjabbers product: fundraising_script - shodan-query: http.html:"phpjabbers" - fofa-query: body="phpjabbers" tags: cve,cve2023,phpjabbers,fundraising,xss http: diff --git a/http/cves/2023/CVE-2023-40752.yaml b/http/cves/2023/CVE-2023-40752.yaml index f3850c2dd27..be865a75c94 100644 --- a/http/cves/2023/CVE-2023-40752.yaml +++ b/http/cves/2023/CVE-2023-40752.yaml @@ -18,10 +18,10 @@ info: metadata: verified: true max-request: 1 + shodan-query: html:"PHPJabbers" + fofa-query: body="PHPJabbers" vendor: phpjabbers product: make_an_offer_widget - shodan-query: http.html:"phpjabbers" - fofa-query: body="phpjabbers" tags: cve,cve2023,phpjabbers,make-an-offer-widget,xss http: diff --git a/http/cves/2023/CVE-2023-40753.yaml b/http/cves/2023/CVE-2023-40753.yaml index 4227ab883a3..037719c1ce2 100644 --- a/http/cves/2023/CVE-2023-40753.yaml +++ b/http/cves/2023/CVE-2023-40753.yaml @@ -9,24 +9,19 @@ info: reference: - https://medium.com/@tfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f - https://nvd.nist.gov/vuln/detail/CVE-2023-40753 - - https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f - - https://www.phpjabbers.com/ticket-support-script - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2023-40753 cwe-id: CWE-79 - epss-score: 0.01012 - epss-percentile: 0.7598 cpe: cpe:2.3:a:phpjabbers:ticket_support_script:3.2:*:*:*:*:*:*:* metadata: verified: true max-request: 2 + shodan-query: html:"PHPJabbers" + fofa-query: body="PHPJabbers" vendor: phpjabbers product: ticket_support_script - shodan-query: http.html:"phpjabbers" - fofa-query: body="phpjabbers" tags: cve,cve2023,phpjabbers,ticket-support-script,xss,authenticated http: diff --git a/http/cves/2023/CVE-2023-40755.yaml b/http/cves/2023/CVE-2023-40755.yaml index 6e4831a67c9..e8d71505a0e 100644 --- a/http/cves/2023/CVE-2023-40755.yaml +++ b/http/cves/2023/CVE-2023-40755.yaml @@ -17,12 +17,13 @@ info: cpe: cpe:2.3:a:phpjabbers:callback_widget:1.0:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 + max-request: 1 + shodan-query: html:"PHPJabbers" + fofa-query: body="PHPJabbers" vendor: phpjabbers - product: "callback_widget" - shodan-query: http.html:"phpjabbers" - fofa-query: body="phpjabbers" + product: callback_widget tags: cve,cve2023,phpjabbers,callback-widget,xss + flow: http(1) && http(2) http: diff --git a/http/cves/2023/CVE-2023-40779.yaml b/http/cves/2023/CVE-2023-40779.yaml index 23960578d8d..62bb04e2339 100644 --- a/http/cves/2023/CVE-2023-40779.yaml +++ b/http/cves/2023/CVE-2023-40779.yaml @@ -15,15 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2023-40779 cwe-id: CWE-601 - epss-score: 0.28157 - epss-percentile: 0.96205 + epss-score: 0.06641 + epss-percentile: 0.93801 cpe: cpe:2.3:a:icewarp:deep_castle_g2:13.0.1.2:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: icewarp product: deep_castle_g2 - shodan-query: http.title:"icewarp" + shodan-query: + - title:"IceWarp" + - http.title:"icewarp" fofa-query: title="icewarp" google-query: intitle:"icewarp" tags: cve2023,cve,icewarp,redirect diff --git a/http/cves/2023/CVE-2023-40931.yaml b/http/cves/2023/CVE-2023-40931.yaml index 0a57ff53fc4..631ae14e895 100644 --- a/http/cves/2023/CVE-2023-40931.yaml +++ b/http/cves/2023/CVE-2023-40931.yaml @@ -13,29 +13,21 @@ info: reference: - https://rootsecdev.medium.com/notes-from-the-field-exploiting-nagios-xi-sql-injection-cve-2023-40931-9d5dd6563f8c - https://nvd.nist.gov/vuln/detail/CVE-2023-40931 - - http://nagios.com - - https://outpost24.com/blog/nagios-xi-vulnerabilities/ - - https://github.com/sealldeveloper/CVE-2023-40931-PoC classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N cvss-score: 6.5 cve-id: CVE-2023-40931 cwe-id: CWE-89 - epss-score: 0.88428 - epss-percentile: 0.99452 + epss-score: 0.00208 + epss-percentile: 0.59103 cpe: cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* metadata: verified: true max-request: 3 vendor: nagios product: nagios_xi - shodan-query: - - http.title:"nagios xi" - - http.favicon.hash:"1460499495" - fofa-query: - - app="nagios-xi" - - icon_hash="1460499495" - - title="nagios xi" + shodan-query: title:"Nagios XI" + fofa-query: app="nagios-xi" google-query: intitle:"nagios xi" tags: cve2023,cve,authenticated,nagiosxi,sqli,nagios diff --git a/http/cves/2023/CVE-2023-41109.yaml b/http/cves/2023/CVE-2023-41109.yaml index bca6d12f56a..75875ee7d69 100644 --- a/http/cves/2023/CVE-2023-41109.yaml +++ b/http/cves/2023/CVE-2023-41109.yaml @@ -21,14 +21,14 @@ info: cvss-score: 9.8 cve-id: CVE-2023-41109 cwe-id: CWE-78 - epss-score: 0.92012 - epss-percentile: 0.99678 - cpe: cpe:2.3:o:patton:smartnode_sn200_firmware:*:*:*:*:*:*:*:* + epss-score: 0.33157 + epss-percentile: 0.97044 + cpe: cpe:2.3:h:patton:smartnode_sn200:-:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: patton - product: smartnode_sn200_firmware + product: smartnode_sn200 tags: cve,cve2023,smartnode,voip,patton variables: payload: "echo CVE-2023-41109 | md5sum" diff --git a/http/cves/2023/CVE-2023-4111.yaml b/http/cves/2023/CVE-2023-4111.yaml index 9b934124c3b..edebf438bed 100644 --- a/http/cves/2023/CVE-2023-4111.yaml +++ b/http/cves/2023/CVE-2023-4111.yaml @@ -12,12 +12,12 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2023-4111 - https://vuldb.com/?ctiid.235958 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N - cvss-score: 4.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2023-4111 cwe-id: CWE-79 - epss-score: 0.05748 - epss-percentile: 0.8998 + epss-score: 0.00235 + epss-percentile: 0.61597 cpe: cpe:2.3:a:phpjabbers:bus_reservation_system:1.1:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-4112.yaml b/http/cves/2023/CVE-2023-4112.yaml index 1e5bdab041c..40913ad466a 100644 --- a/http/cves/2023/CVE-2023-4112.yaml +++ b/http/cves/2023/CVE-2023-4112.yaml @@ -13,19 +13,21 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2023-4112 - https://vuldb.com/?ctiid.235959 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N - cvss-score: 4.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2023-4112 cwe-id: CWE-79 - epss-score: 0.05083 - epss-percentile: 0.89263 + epss-score: 0.00229 + epss-percentile: 0.61041 cpe: cpe:2.3:a:phpjabbers:shuttle_booking_software:1.0:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: phpjabbers product: shuttle_booking_software - shodan-query: http.html:"php jabbers.com" + shodan-query: + - html:"PHP Jabbers.com" + - http.html:"php jabbers.com" fofa-query: body="php jabbers.com" tags: cve2023,cve,packetstorm,xss,unauth,phpjabbers diff --git a/http/cves/2023/CVE-2023-4113.yaml b/http/cves/2023/CVE-2023-4113.yaml index f4f66542abd..18e687ebcab 100644 --- a/http/cves/2023/CVE-2023-4113.yaml +++ b/http/cves/2023/CVE-2023-4113.yaml @@ -12,12 +12,12 @@ info: - https://vuldb.com/?ctiid.235960 - https://vuldb.com/?id.235960 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N - cvss-score: 4.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2023-4113 cwe-id: CWE-79 - epss-score: 0.05083 - epss-percentile: 0.89263 + epss-score: 0.0027 + epss-percentile: 0.67777 cpe: cpe:2.3:a:phpjabbers:service_booking_script:1.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-4115.yaml b/http/cves/2023/CVE-2023-4115.yaml index 7a94ede81a5..62c85f8ed63 100644 --- a/http/cves/2023/CVE-2023-4115.yaml +++ b/http/cves/2023/CVE-2023-4115.yaml @@ -13,12 +13,12 @@ info: - https://vuldb.com/?ctiid.235962 - https://vuldb.com/?id.235962 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N - cvss-score: 4.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2023-4115 cwe-id: CWE-79 - epss-score: 0.06258 - epss-percentile: 0.90402 + epss-score: 0.0027 + epss-percentile: 0.67777 cpe: cpe:2.3:a:phpjabbers:cleaning_business_software:1.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-4116.yaml b/http/cves/2023/CVE-2023-4116.yaml index fbcbe95362b..e2faf5adf6c 100644 --- a/http/cves/2023/CVE-2023-4116.yaml +++ b/http/cves/2023/CVE-2023-4116.yaml @@ -25,7 +25,9 @@ info: max-request: 1 vendor: phpjabbers product: taxi_booking_script - shodan-query: http.html:"php jabbers.com" + shodan-query: + - html:"PHP Jabbers.com" + - http.html:"php jabbers.com" fofa-query: body="php jabbers.com" tags: cve,cve2023,packetstorm,xss,phpjabbers diff --git a/http/cves/2023/CVE-2023-41265.yaml b/http/cves/2023/CVE-2023-41265.yaml index 1815d91ded9..e6c187cbd7b 100644 --- a/http/cves/2023/CVE-2023-41265.yaml +++ b/http/cves/2023/CVE-2023-41265.yaml @@ -13,12 +13,12 @@ info: - https://community.qlik.com/t5/Release-Notes/tkb-p/ReleaseNotes - https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N - cvss-score: 9.6 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H + cvss-score: 9.9 cve-id: CVE-2023-41265 cwe-id: CWE-444 - epss-score: 0.91791 - epss-percentile: 0.99658 + epss-score: 0.91412 + epss-percentile: 0.98873 cpe: cpe:2.3:a:qlik:qlik_sense:august_2022:-:*:*:enterprise:windows:*:* metadata: max-request: 1 @@ -26,8 +26,9 @@ info: product: qlik_sense framework: windows shodan-query: + - html:"Qlik" + - http.favicon.hash:-74348711 - http.html:"qlik" - - http.favicon.hash:"-74348711" - http.title:"qlik-sense" fofa-query: - app="qlik-sense" diff --git a/http/cves/2023/CVE-2023-41266.yaml b/http/cves/2023/CVE-2023-41266.yaml index 18da9d78362..e23562fc6e0 100644 --- a/http/cves/2023/CVE-2023-41266.yaml +++ b/http/cves/2023/CVE-2023-41266.yaml @@ -3,7 +3,7 @@ id: CVE-2023-41266 info: name: Qlik Sense Enterprise - Path Traversal author: AdamCrosser - severity: high + severity: medium description: A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13. reference: - https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801 @@ -12,12 +12,12 @@ info: - https://community.qlik.com/t5/Release-Notes/tkb-p/ReleaseNotes - https://github.com/Ostorlab/KEV classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N - cvss-score: 8.2 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N + cvss-score: 6.5 cve-id: CVE-2023-41266 - cwe-id: CWE-22 - epss-score: 0.94246 - epss-percentile: 0.99918 + cwe-id: CWE-20 + epss-score: 0.86555 + epss-percentile: 0.98585 cpe: cpe:2.3:a:qlik:qlik_sense:august_2022:-:*:*:enterprise:windows:*:* metadata: verified: true @@ -26,7 +26,7 @@ info: product: qlik_sense framework: windows shodan-query: - - http.favicon.hash:"-74348711" + - http.favicon.hash:-74348711 - http.html:"qlik" - http.title:"qlik-sense" fofa-query: diff --git a/http/cves/2023/CVE-2023-4148.yaml b/http/cves/2023/CVE-2023-4148.yaml index 758da1b4e20..953b239876d 100644 --- a/http/cves/2023/CVE-2023-4148.yaml +++ b/http/cves/2023/CVE-2023-4148.yaml @@ -24,7 +24,7 @@ info: vendor: metaphorcreations product: ditty framework: wordpress - shodan-query: http.html:"/wp-content/plugins/ditty-news-ticker/" + shodan-query: http.html:/wp-content/plugins/ditty-news-ticker/ fofa-query: body=/wp-content/plugins/ditty-news-ticker/ publicwww-query: /wp-content/plugins/ditty-news-ticker/ tags: cve2023,cve,ditty-news-ticker,wordpress,wp-plugin,wpscan,wp,authenticated,metaphorcreations diff --git a/http/cves/2023/CVE-2023-4151.yaml b/http/cves/2023/CVE-2023-4151.yaml index 69faf8ed1c3..b76c33bdc63 100644 --- a/http/cves/2023/CVE-2023-4151.yaml +++ b/http/cves/2023/CVE-2023-4151.yaml @@ -13,30 +13,24 @@ info: reference: - https://wpscan.com/vulnerability/c9d80aa4-a26d-4b3f-b7bf-9d2fb0560d7b/ - https://nvd.nist.gov/vuln/detail/CVE-2023-4151 - - https://wpscan.com/vulnerability/c9d80aa4-a26d-4b3f-b7bf-9d2fb0560d7b - - https://github.com/20142995/nuclei-templates - - https://github.com/fkie-cad/nvd-json-data-feeds classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-4151 cwe-id: CWE-79 - epss-score: 0.11517 - epss-percentile: 0.93227 + epss-score: 0.00063 + epss-percentile: 0.27983 cpe: cpe:2.3:a:agilelogix:store_locator:*:*:*:*:*:wordpress:*:* metadata: max-request: 3 vendor: agilelogix product: store_locator framework: wordpress - shodan-query: - - http.html:"/wp-content/plugins/agile-store-locator/" - - http.html:"/wp-content/plugins/agile-store-locator" - fofa-query: - - body="/wp-content/plugins/agile-store-locator" - - body="/wp-content/plugins/agile-store-locator/" + fofa-query: body="/wp-content/plugins/agile-store-locator" publicwww-query: /wp-content/plugins/agile-store-locator/ - tags: wpscan,cve,wp,wordpress,wp-plugin,agile-store-locator,xss,cve2023,agilelogix + shodan-query: http.html:"/wp-content/plugins/agile-store-locator/" + tags: cve,cve2024,wp,wordpress,wp-plugin,agile-store-locator,xss + flow: http(1) && http(2) http: diff --git a/http/cves/2023/CVE-2023-41597.yaml b/http/cves/2023/CVE-2023-41597.yaml index 8f8d0a83772..f199a92d4b2 100644 --- a/http/cves/2023/CVE-2023-41597.yaml +++ b/http/cves/2023/CVE-2023-41597.yaml @@ -25,8 +25,8 @@ info: fofa-query: - icon_hash="-614262549" - title="eyoucms" - shodan-query: http.favicon.hash:"-614262549" tags: cve,cve2023,eyoucms,xss + flow: http(1) && http(2) http: diff --git a/http/cves/2023/CVE-2023-41599.yaml b/http/cves/2023/CVE-2023-41599.yaml index 2b0898edc39..8373352a763 100644 --- a/http/cves/2023/CVE-2023-41599.yaml +++ b/http/cves/2023/CVE-2023-41599.yaml @@ -17,16 +17,14 @@ info: cvss-score: 5.3 cve-id: CVE-2023-41599 cwe-id: CWE-22 - epss-score: 0.91444 - epss-percentile: 0.99633 + epss-score: 0.00047 + epss-percentile: 0.17113 cpe: cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:* metadata: - max-request: 1 - vendor: "jfinalcms_project" + vendor: jfinalcms_project product: jfinalcms - fofa-query: body="content=\"jrecms" - shodan-query: http.html:"content=\"jrecms" - tags: cve,cve2023,jrecms,jfinalcms_project + fofa-query: body="content=\"JreCms" + tags: cve,cve2023,jrecms http: - method: GET diff --git a/http/cves/2023/CVE-2023-41621.yaml b/http/cves/2023/CVE-2023-41621.yaml index 97326256b7e..35581b1191d 100644 --- a/http/cves/2023/CVE-2023-41621.yaml +++ b/http/cves/2023/CVE-2023-41621.yaml @@ -22,9 +22,9 @@ info: epss-percentile: 0.15636 cpe: cpe:2.3:a:emlog:emlog:2.1.14:*:*:*:pro:*:*:* metadata: - max-request: 1 vendor: emlog product: emlog + max-request: 1 fofa-query: title="emlog" tags: cve,cve2023,emlog,xss diff --git a/http/cves/2023/CVE-2023-41642.yaml b/http/cves/2023/CVE-2023-41642.yaml index d6df4ab83de..61b528d1362 100644 --- a/http/cves/2023/CVE-2023-41642.yaml +++ b/http/cves/2023/CVE-2023-41642.yaml @@ -15,8 +15,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-41642 cwe-id: CWE-79 - epss-score: 0.14278 - epss-percentile: 0.94025 + epss-score: 0.00069 + epss-percentile: 0.29886 cpe: cpe:2.3:a:grupposcai:realgimm:1.1.37:p38:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2023/CVE-2023-4169.yaml b/http/cves/2023/CVE-2023-4169.yaml index fda543fd0d8..9110cb26fc8 100644 --- a/http/cves/2023/CVE-2023-4169.yaml +++ b/http/cves/2023/CVE-2023-4169.yaml @@ -3,7 +3,7 @@ id: CVE-2023-4169 info: name: Ruijie RG-EW1200G Router - Password Reset author: DhiyaneshDK - severity: medium + severity: high description: | A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. reference: @@ -13,12 +13,12 @@ info: - https://vuldb.com/?id.236185 - https://github.com/20142995/sectool classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L - cvss-score: 6.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 cve-id: CVE-2023-4169 cwe-id: CWE-284,NVD-CWE-noinfo - epss-score: 0.90956 - epss-percentile: 0.99603 + epss-score: 0.0131 + epss-percentile: 0.85907 cpe: cpe:2.3:o:ruijie:rg-ew1200g_firmware:1.0\(1\)b1p5:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2023/CVE-2023-4173.yaml b/http/cves/2023/CVE-2023-4173.yaml index b4ceb5b9d9a..95b3e0a9d05 100644 --- a/http/cves/2023/CVE-2023-4173.yaml +++ b/http/cves/2023/CVE-2023-4173.yaml @@ -29,13 +29,11 @@ info: max-request: 1 vendor: moosocial product: moostore - shodan-query: - - http.favicon.hash:"702863115" - - http.favicon.hash:"702863115clear" + shodan-query: http.favicon.hash:"702863115" fofa-query: + - mooSocial - moosocial - icon_hash="702863115" - - icon_hash=702863115clear tags: cve2023,cve,packetstorm,moosocial,xss http: diff --git a/http/cves/2023/CVE-2023-4174.yaml b/http/cves/2023/CVE-2023-4174.yaml index 3a99fa4bef2..d9fc9f792c3 100644 --- a/http/cves/2023/CVE-2023-4174.yaml +++ b/http/cves/2023/CVE-2023-4174.yaml @@ -29,13 +29,10 @@ info: max-request: 5 vendor: moosocial product: moostore - shodan-query: - - http.favicon.hash:"702863115" - - http.favicon.hash:"702863115clear" + shodan-query: http.favicon.hash:"702863115" fofa-query: - icon_hash="702863115" - moosocial - - icon_hash=702863115clear tags: cve,cve2023,packetstorm,moosocial,xss http: diff --git a/http/cves/2023/CVE-2023-41763.yaml b/http/cves/2023/CVE-2023-41763.yaml index c553c989556..f5ba9396521 100644 --- a/http/cves/2023/CVE-2023-41763.yaml +++ b/http/cves/2023/CVE-2023-41763.yaml @@ -24,7 +24,9 @@ info: max-request: 1 vendor: microsoft product: skype_for_business_server - shodan-query: http.html:"skype for business" + shodan-query: + - html:"Skype for Business" + - http.html:"skype for business" fofa-query: body="skype for business" tags: cve,cve2023,skype,blind-ssrf,oast,ssrf,kev,microsoft variables: diff --git a/http/cves/2023/CVE-2023-41892.yaml b/http/cves/2023/CVE-2023-41892.yaml index 6013ee8919b..d9cd49eb9f8 100644 --- a/http/cves/2023/CVE-2023-41892.yaml +++ b/http/cves/2023/CVE-2023-41892.yaml @@ -14,12 +14,12 @@ info: - https://github.com/craftcms/cms/commit/7359d18d46389ffac86c2af1e0cd59e37c298857 - https://github.com/craftcms/cms/commit/a270b928f3d34ad3bd953b81c304424edd57355e classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L - cvss-score: 10 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2023-41892 cwe-id: CWE-94 - epss-score: 0.93542 - epss-percentile: 0.99821 + epss-score: 0.8421 + epss-percentile: 0.98494 cpe: cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:* metadata: verified: true @@ -27,15 +27,12 @@ info: vendor: craftcms product: craft_cms shodan-query: - - http.favicon.hash:"-47932290" + - http.favicon.hash:-47932290 - cpe:"cpe:2.3:a:craftcms:craft_cms" - - http.html:"craftcms" - - x-powered-by:"craft cms" + - http.html:craftcms fofa-query: - icon_hash=-47932290 - body=craftcms - - body="craftcms" - - icon_hash="-47932290" publicwww-query: "craftcms" tags: cve2023,cve,rce,unauth,craftcms diff --git a/http/cves/2023/CVE-2023-4220.yaml b/http/cves/2023/CVE-2023-4220.yaml index aa00470a313..24a87de9e96 100644 --- a/http/cves/2023/CVE-2023-4220.yaml +++ b/http/cves/2023/CVE-2023-4220.yaml @@ -23,10 +23,9 @@ info: max-request: 2 vendor: chamilo product: chamilo_lms - shodan-query: - - x-powered-by:"chamilo" - - cpe:"cpe:2.3:a:chamilo:chamilo_lms" + shodan-query: "X-Powered-By: Chamilo" tags: cve,cve2023,chamilo,lms,rce,intrusive,file-upload + variables: filename: "{{rand_base(10)}}" num: "{{rand_int(1000, 9999)}}" diff --git a/http/cves/2023/CVE-2023-42343.yaml b/http/cves/2023/CVE-2023-42343.yaml index 51e4cc5dc63..5ea00d7af03 100644 --- a/http/cves/2023/CVE-2023-42343.yaml +++ b/http/cves/2023/CVE-2023-42343.yaml @@ -14,17 +14,15 @@ info: metadata: verified: true max-request: 1 - vendor: alkacon - product: opencms shodan-query: - "/opencms/" - http.title:"opencms" - cpe:"cpe:2.3:a:alkacon:opencms" - fofa-query: - - title="opencms" - - opencms-9.5.3 + product: opencms + vendor: alkacon + fofa-query: title="opencms" google-query: intitle:"opencms" - tags: cve,cve2023,xss,opencms,alkacon + tags: cve,cve2023,xss,opencms http: - method: GET diff --git a/http/cves/2023/CVE-2023-42344.yaml b/http/cves/2023/CVE-2023-42344.yaml index 0c72147e2b5..ad7b0a39a21 100644 --- a/http/cves/2023/CVE-2023-42344.yaml +++ b/http/cves/2023/CVE-2023-42344.yaml @@ -17,15 +17,8 @@ info: max-request: 2 vendor: alkacon product: opencms - fofa-query: - - opencms-9.5.3 - - title="opencms" - shodan-query: - - /opencms/ - - cpe:"cpe:2.3:a:alkacon:opencms" - - http.title:"opencms" - google-query: intitle:"opencms" - tags: cve,cve2023,xxe,opencms,alkacon + fofa-query: "OpenCms-9.5.3" + tags: cve,cve2023,xxe,opencms http: - method: POST diff --git a/http/cves/2023/CVE-2023-42442.yaml b/http/cves/2023/CVE-2023-42442.yaml index 33de5c22df4..c07f7332ca0 100644 --- a/http/cves/2023/CVE-2023-42442.yaml +++ b/http/cves/2023/CVE-2023-42442.yaml @@ -27,12 +27,9 @@ info: max-request: 1 vendor: fit2cloud product: jumpserver - fofa-query: title="jumpserver" - shodan-query: http.title:'jumpserver' - google-query: intitle:'jumpserver' - zoomeye-query: - - app="jumpserver bastion host" - - title:'jumpserver' + fofa-query: + - title="JumpServer" + - title="jumpserver" tags: cve2023,cve,jumpserver,exposure,fit2cloud http: diff --git a/http/cves/2023/CVE-2023-42793.yaml b/http/cves/2023/CVE-2023-42793.yaml index bda78b52911..df602eb1bc1 100644 --- a/http/cves/2023/CVE-2023-42793.yaml +++ b/http/cves/2023/CVE-2023-42793.yaml @@ -16,9 +16,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-42793 - cwe-id: CWE-288,CWE-306 - epss-score: 0.94584 - epss-percentile: 1 + cwe-id: CWE-288 + epss-score: 0.97094 + epss-percentile: 0.99777 cpe: cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:* metadata: verified: true @@ -26,9 +26,12 @@ info: vendor: jetbrains product: teamcity shodan-query: - - http.title:"teamcity" + - title:TeamCity + - http.title:teamcity - http.component:"teamcity" - fofa-query: title=teamcity + fofa-query: + - title=TeamCity + - title=teamcity google-query: intitle:teamcity tags: cve2023,cve,jetbrains,teamcity,rce,auth-bypass,intrusive,kev diff --git a/http/cves/2023/CVE-2023-4284.yaml b/http/cves/2023/CVE-2023-4284.yaml index b446144bc59..22ad0cd2db5 100644 --- a/http/cves/2023/CVE-2023-4284.yaml +++ b/http/cves/2023/CVE-2023-4284.yaml @@ -3,30 +3,26 @@ id: CVE-2023-4284 info: name: WordPress Post Timeline Plugin < 2.2.6 - Cross-Site Scripting author: ritikchaddha - severity: medium + severity: high description: | The Post Timeline WordPress plugin before version 2.2.6 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape an invalid nonce before outputting it back in an AJAX response, which could allow attackers to execute arbitrary JavaScript code in an administrator's browser context. reference: - https://wpscan.com/vulnerability/1c126869-0afa-456f-94cc-10334964e5f9 - https://nvd.nist.gov/vuln/detail/CVE-2023-4284 - - https://github.com/20142995/nuclei-templates - - https://github.com/fkie-cad/nvd-json-data-feeds classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N + cvss-score: 7.1 cve-id: CVE-2023-4284 cwe-id: CWE-79 - epss-score: 0.14739 - epss-percentile: 0.94125 cpe: cpe:2.3:a:agilelogix:post_timeline:*:*:*:*:*:wordpress:*:* metadata: - max-request: 3 + max-request: 2 vendor: agilelogix - product: post_timeline - framework: wordpress + product: post-timeline shodan-query: http.html:"wp-content/plugins/post-timeline/" fofa-query: body="wp-content/plugins/post-timeline/" - tags: wpscan,cve,cve2023,wordpress,wp,wp-plugin,xss,post-timeline,authenticated,agilelogix + tags: cve,cve2023,wordpress,wp,wp-plugin,xss,post-timeline,authenticated + flow: http(1) && http(2) http: diff --git a/http/cves/2023/CVE-2023-43177.yaml b/http/cves/2023/CVE-2023-43177.yaml index 1b0b591e717..9a3e1eb10dd 100644 --- a/http/cves/2023/CVE-2023-43177.yaml +++ b/http/cves/2023/CVE-2023-43177.yaml @@ -17,22 +17,15 @@ info: cvss-score: 9.8 cve-id: CVE-2023-43177 cwe-id: CWE-913 - epss-score: 0.70469 - epss-percentile: 0.9858 + epss-score: 0.96402 + epss-percentile: 0.99567 cpe: cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:* metadata: max-request: 3 vendor: crushftp product: crushftp - shodan-query: - - http.html:"crushftp" - - http.favicon.hash:"-1022206565" - - http.title:"crushftp webinterface" - fofa-query: - - body="crushftp" - - icon_hash="-1022206565" - - title="crushftp webinterface" - google-query: intitle:"crushftp webinterface" + shodan-query: http.html:"crushftp" + fofa-query: body="crushftp" tags: cve,cve2023,crushftp,unauth,rce,intrusive flow: http(1) && http(2) && http(3) diff --git a/http/cves/2023/CVE-2023-43187.yaml b/http/cves/2023/CVE-2023-43187.yaml index f981c9ca3ed..d741aa51ee3 100644 --- a/http/cves/2023/CVE-2023-43187.yaml +++ b/http/cves/2023/CVE-2023-43187.yaml @@ -21,13 +21,8 @@ info: max-request: 2 vendor: nodebb product: nodebb - shodan-query: - - cpe:"cpe:2.3:a:nodebb:nodebb" - - http.title:"nodebb web installer" - fofa-query: - - "title=\"nodebb\"" - - title="nodebb web installer" - google-query: intitle:"nodebb web installer" + shodan-query: cpe:"cpe:2.3:a:nodebb:nodebb" + fofa-query: "title=\"nodebb\"" tags: cve,cve2023,nodebb,rce flow: http(1) && http(2) diff --git a/http/cves/2023/CVE-2023-43208.yaml b/http/cves/2023/CVE-2023-43208.yaml index 69dc34df972..834db740dda 100644 --- a/http/cves/2023/CVE-2023-43208.yaml +++ b/http/cves/2023/CVE-2023-43208.yaml @@ -12,22 +12,20 @@ info: reference: - http://packetstormsecurity.com/files/176920/Mirth-Connect-4.4.0-Remote-Command-Execution.html - https://github.com/nvn1729/advisories - - https://github.com/DMW11525708/wiki - - https://github.com/gotr00t0day/NextGen-Mirth-Connect-Exploit - - https://github.com/Ostorlab/KEV classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-43208 - cwe-id: CWE-78 - epss-score: 0.94413 - epss-percentile: 0.99973 + epss-score: 0.96306 + epss-percentile: 0.99539 cpe: cpe:2.3:a:nextgen:mirth_connect:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: nextgen product: "mirth_connect" - shodan-query: http.title:"mirth connect administrator" + shodan-query: + - "title:\"mirth connect administrator\"" + - http.title:"mirth connect administrator" fofa-query: "title=\"mirth connect administrator\"" google-query: "intitle:\"mirth connect administrator\"" tags: packetstorm,cve,cve2023,nextgen,rce,kev diff --git a/http/cves/2023/CVE-2023-43261.yaml b/http/cves/2023/CVE-2023-43261.yaml index 44789c0384a..ce5fcbd8807 100644 --- a/http/cves/2023/CVE-2023-43261.yaml +++ b/http/cves/2023/CVE-2023-43261.yaml @@ -25,8 +25,7 @@ info: max-request: 1 vendor: milesight product: ur51 - shodan-query: http.html:"rt_title" - fofa-query: body=rt_title + shodan-query: http.html:rt_title tags: cve2023,cve,router,milesight,disclosure,unauth,iot http: diff --git a/http/cves/2023/CVE-2023-43323.yaml b/http/cves/2023/CVE-2023-43323.yaml index 3cfd013d6bc..e7f6eef379e 100644 --- a/http/cves/2023/CVE-2023-43323.yaml +++ b/http/cves/2023/CVE-2023-43323.yaml @@ -14,28 +14,24 @@ info: - https://github.com/ahrixia/CVE-2023-43323 - https://github.com/nomi-sec/PoC-in-GitHub - https://nvd.nist.gov/vuln/detail/CVE-2023-43323 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N cvss-score: 6.5 cve-id: CVE-2023-43323 - cwe-id: CWE-15,NVD-CWE-noinfo - epss-score: 0.58709 - epss-percentile: 0.98065 + epss-score: 0.00046 + epss-percentile: 0.15636 cpe: cpe:2.3:a:moosocial:moosocial:3.1.8:*:*:*:*:*:*:* metadata: - max-request: 2 + max-request: 1 vendor: moosocial - product: moosocial - shodan-query: - - http.favicon.hash:"702863115clear" - - http.favicon.hash:"702863115" - - http.html:"moosocial installation" + product: moostore + shodan-query: http.favicon.hash:702863115clear fofa-query: - - '[moosocial moosocial icon_hash="702863115"]' - - body="moosocial installation" + - mooSocial + - moosocial - icon_hash="702863115" - tags: moosocial + tags: cve,cve2023,moosocial,oast + flow: http(1) && http(2) http: diff --git a/http/cves/2023/CVE-2023-43325.yaml b/http/cves/2023/CVE-2023-43325.yaml index 2f4ca55b185..2f242876230 100644 --- a/http/cves/2023/CVE-2023-43325.yaml +++ b/http/cves/2023/CVE-2023-43325.yaml @@ -25,12 +25,8 @@ info: max-request: 1 vendor: moosocial product: moosocial - shodan-query: - - http.favicon.hash:"702863115" - - http.html:"moosocial installation" - fofa-query: - - icon_hash="702863115" - - body="moosocial installation" + shodan-query: http.favicon.hash:"702863115" + fofa-query: icon_hash="702863115" tags: cve2023,cve,xss,moosocial http: diff --git a/http/cves/2023/CVE-2023-43326.yaml b/http/cves/2023/CVE-2023-43326.yaml index 8ad7d5ee084..88f49c41e56 100644 --- a/http/cves/2023/CVE-2023-43326.yaml +++ b/http/cves/2023/CVE-2023-43326.yaml @@ -24,12 +24,8 @@ info: max-request: 1 vendor: moosocial product: moosocial - shodan-query: - - http.favicon.hash:"702863115" - - http.html:"moosocial installation" - fofa-query: - - icon_hash="702863115" - - body="moosocial installation" + shodan-query: http.favicon.hash:"702863115" + fofa-query: icon_hash="702863115" tags: cve2023,cve,xss,moosocial http: diff --git a/http/cves/2023/CVE-2023-43373.yaml b/http/cves/2023/CVE-2023-43373.yaml index 12c061b7d8d..7031962d5e1 100644 --- a/http/cves/2023/CVE-2023-43373.yaml +++ b/http/cves/2023/CVE-2023-43373.yaml @@ -13,28 +13,22 @@ info: reference: - https://flashy-lemonade-192.notion.site/SQL-injection-in-hoteldruid-version-3-0-5-via-n_utente_agg-parameter-948a6d724b5348f3867ee6d780f98f1a - https://nvd.nist.gov/vuln/detail/CVE-2023-43373 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-43373 cwe-id: CWE-89 - epss-score: 0.17365 - epss-percentile: 0.94686 + epss-score: 0.00076 + epss-percentile: 0.31944 cpe: cpe:2.3:a:digitaldruid:hoteldruid:3.0.5:*:*:*:*:*:*:* metadata: max-request: 2 vendor: digitaldruid product: hoteldruid - shodan-query: - - http.title:"hoteldruid" - - http.favicon.hash:"-1521640213" - fofa-query: - - title="hoteldruid" - - icon_hash=-1521640213 - google-query: intitle:"hoteldruid" - tags: cve,cve2023,hoteldruid,sqli,digitaldruid,intrusive + fofa-query: title="hoteldruid" + shodan-query: title:"hoteldruid" + tags: cve,cve2023,hoteldruid,sqli + flow: http(1) && http(2) http: diff --git a/http/cves/2023/CVE-2023-43374.yaml b/http/cves/2023/CVE-2023-43374.yaml index ac6571c790f..24794094bbe 100644 --- a/http/cves/2023/CVE-2023-43374.yaml +++ b/http/cves/2023/CVE-2023-43374.yaml @@ -26,9 +26,11 @@ info: vendor: digitaldruid product: hoteldruid shodan-query: + - title:"HotelDruid" - http.title:"hoteldruid" - - http.favicon.hash:"-1521640213" + - http.favicon.hash:-1521640213 fofa-query: + - title="HotelDruid" - title="hoteldruid" - icon_hash=-1521640213 google-query: intitle:"hoteldruid" diff --git a/http/cves/2023/CVE-2023-43472.yaml b/http/cves/2023/CVE-2023-43472.yaml index 50e01090c7f..37efbe4be67 100644 --- a/http/cves/2023/CVE-2023-43472.yaml +++ b/http/cves/2023/CVE-2023-43472.yaml @@ -22,15 +22,11 @@ info: cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 1 vendor: lfprojects product: mlflow shodan-query: http.title:"mlflow" - fofa-query: - - app="mlflow" - - title="mlflow" - google-query: intitle:"mlflow" - tags: cve,cve2023,mflow,exposure,lfprojects + fofa-query: app="MLflow" + tags: cve,cve2023,mflow,exposure http: - method: GET diff --git a/http/cves/2023/CVE-2023-43654.yaml b/http/cves/2023/CVE-2023-43654.yaml index b620c44c559..574b223648a 100644 --- a/http/cves/2023/CVE-2023-43654.yaml +++ b/http/cves/2023/CVE-2023-43654.yaml @@ -10,23 +10,20 @@ info: - https://github.com/pytorch/serve/pull/2534 - https://github.com/pytorch/serve/releases/tag/v0.8.2 - https://github.com/OligoCyberSecurity/ShellTorchChecker - - https://github.com/leoambrus/CheckersNomisec - - https://github.com/mdisec/mdisec-twitch-yayinlari classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2023-43654 cwe-id: CWE-918 - epss-score: 0.92495 - epss-percentile: 0.99718 + epss-score: 0.00173 + epss-percentile: 0.55187 cpe: cpe:2.3:a:pytorch:torchserve:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: pytorch product: torchserve - fofa-query: body="requested method is not allowed, please refer to api document" - shodan-query: http.html:"requested method is not allowed, please refer to api document" + fofa-query: body="Requested method is not allowed, please refer to API document" tags: cve,cve2023,pytorch,oast,ssrf http: diff --git a/http/cves/2023/CVE-2023-43662.yaml b/http/cves/2023/CVE-2023-43662.yaml index 5359f41d22d..0395f87e457 100644 --- a/http/cves/2023/CVE-2023-43662.yaml +++ b/http/cves/2023/CVE-2023-43662.yaml @@ -23,11 +23,10 @@ info: cpe: cpe:2.3:a:shokoanime:shokoserver:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 1 vendor: shokoanime product: shokoserver - fofa-query: title="shoko web ui" - tags: cve,cve2023,shoko,web-aui,lfi,shokoanime + fofa-query: title="Shoko WEB UI" + tags: cve,cve2023,shoko,web-aui,lfi http: - method: GET diff --git a/http/cves/2023/CVE-2023-43795.yaml b/http/cves/2023/CVE-2023-43795.yaml index af56ac45bfd..2a467914e7e 100644 --- a/http/cves/2023/CVE-2023-43795.yaml +++ b/http/cves/2023/CVE-2023-43795.yaml @@ -25,9 +25,10 @@ info: vendor: osgeo product: geoserver shodan-query: + - title:"GeoServer" - http.title:"geoserver" - - server:"geohttpserver" fofa-query: + - app="GeoServer" - app="geoserver" - title="geoserver" google-query: intitle:"geoserver" diff --git a/http/cves/2023/CVE-2023-44012.yaml b/http/cves/2023/CVE-2023-44012.yaml index c5e8aab98f3..1158ac66ca4 100644 --- a/http/cves/2023/CVE-2023-44012.yaml +++ b/http/cves/2023/CVE-2023-44012.yaml @@ -26,10 +26,7 @@ info: max-request: 1 vendor: mojoportal product: mojoportal - fofa-query: - - title="mojoportal" - - body="mojoportal" - shodan-query: http.html:"mojoportal" + fofa-query: title="mojoPortal" tags: cve,cve2023,mojoportal,xss http: diff --git a/http/cves/2023/CVE-2023-44352.yaml b/http/cves/2023/CVE-2023-44352.yaml index a68fa618814..9e9e1622f7a 100644 --- a/http/cves/2023/CVE-2023-44352.yaml +++ b/http/cves/2023/CVE-2023-44352.yaml @@ -14,8 +14,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-44352 cwe-id: CWE-79 - epss-score: 0.86471 - epss-percentile: 0.99358 + epss-score: 0.00931 + epss-percentile: 0.82639 cpe: cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:* metadata: verified: true @@ -23,6 +23,7 @@ info: vendor: adobe product: coldfusion shodan-query: + - http.component:"Adobe Coldfusion" - http.component:"adobe coldfusion" - http.title:"coldfusion administrator login" - cpe:"cpe:2.3:a:adobe:coldfusion" diff --git a/http/cves/2023/CVE-2023-44353.yaml b/http/cves/2023/CVE-2023-44353.yaml index 5dbb88485ed..35358ee3f33 100644 --- a/http/cves/2023/CVE-2023-44353.yaml +++ b/http/cves/2023/CVE-2023-44353.yaml @@ -28,6 +28,7 @@ info: vendor: adobe product: coldfusion shodan-query: + - http.component:"Adobe ColdFusion" - http.component:"adobe coldfusion" - http.title:"coldfusion administrator login" - cpe:"cpe:2.3:a:adobe:coldfusion" diff --git a/http/cves/2023/CVE-2023-44393.yaml b/http/cves/2023/CVE-2023-44393.yaml index 9e75bd9b823..71e4460449d 100644 --- a/http/cves/2023/CVE-2023-44393.yaml +++ b/http/cves/2023/CVE-2023-44393.yaml @@ -22,19 +22,10 @@ info: epss-percentile: 0.15636 cpe: cpe:2.3:a:piwigo:piwigo:*:*:*:*:*:*:*:* metadata: - max-request: 2 vendor: piwigo product: piwigo - shodan-query: - - http.favicon.hash:"540706145" - - http.html:"- installation" - - http.html:"piwigo" html:"- installation" - fofa-query: - - title="piwigo" - - body="- installation" - - body="piwigo" html:"- installation" - - icon_hash=540706145 - google-query: powered by piwigo + shodan-query: http.favicon.hash:540706145 + fofa-query: title="piwigo" tags: cve,cve2023,piwigo,xss,authenticated http: diff --git a/http/cves/2023/CVE-2023-4450.yaml b/http/cves/2023/CVE-2023-4450.yaml index c440df6154b..977de76442e 100644 --- a/http/cves/2023/CVE-2023-4450.yaml +++ b/http/cves/2023/CVE-2023-4450.yaml @@ -7,9 +7,9 @@ info: description: | A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. impact: | - Unauthorized api called /jmreport/queryFieldBySql led to remote arbitrary code execution due to parsing SQL statements using Freemarker. + Unauthorized api called /jmreport/queryFieldBySql led to remote arbitrary code execution due to parsing SQL statements using Freemarker. remediation: | - Upgrading to version 1.6.1 is able to address this issue. It is recommended to upgrade the affected component. + Upgrading to version 1.6.1 is able to address this issue. It is recommended to upgrade the affected component. reference: - https://github.com/advisories/GHSA-j8h5-8rrr-m6j9 - https://whoopsunix.com/docs/java/named%20module/ @@ -19,12 +19,15 @@ info: max-request: 1 vendor: jeecg product: jeecg - shodan-query: http.title:"jeecg-boot" + shodan-query: + - title:"Jeecg-Boot" + - http.title:"jeecg-boot" fofa-query: - - title="jeecgboot 企业级低代码平台" + - title="JeecgBoot 企业级低代码平台" - title="jeecg-boot" + - title="jeecgboot 企业级低代码平台" google-query: intitle:"jeecg-boot" - tags: cve,cve2023,rce,jeecgboot,jeecg + tags: cve,cve2023,rce,jeecgboot http: - raw: diff --git a/http/cves/2023/CVE-2023-4451.yaml b/http/cves/2023/CVE-2023-4451.yaml index 5b38456a7bc..71aeba8149d 100644 --- a/http/cves/2023/CVE-2023-4451.yaml +++ b/http/cves/2023/CVE-2023-4451.yaml @@ -17,8 +17,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-4451 cwe-id: CWE-79 - epss-score: 0.34097 - epss-percentile: 0.96739 + epss-score: 0.00157 + epss-percentile: 0.52015 cpe: cpe:2.3:a:agentejo:cockpit:*:*:*:*:*:*:*:* metadata: verified: true @@ -26,8 +26,9 @@ info: vendor: agentejo product: cockpit shodan-query: + - html:"Cockpit" + - http.favicon.hash:688609340 - http.html:"cockpit" - - http.favicon.hash:"688609340" fofa-query: - icon_hash=688609340 - body="cockpit" diff --git a/http/cves/2023/CVE-2023-44812.yaml b/http/cves/2023/CVE-2023-44812.yaml index e5ad29d23fa..a4d3c319edd 100644 --- a/http/cves/2023/CVE-2023-44812.yaml +++ b/http/cves/2023/CVE-2023-44812.yaml @@ -26,12 +26,8 @@ info: max-request: 2 vendor: moosocial product: moosocial - shodan-query: - - "http.favicon.hash:\"702863115\"" - - http.html:"moosocial installation" - fofa-query: - - "icon_hash=\"702863115\"" - - body="moosocial installation" + shodan-query: "http.favicon.hash:\"702863115\"" + fofa-query: "icon_hash=\"702863115\"" tags: cve2023,cve,moosocial,xss flow: http(1) && http(2) diff --git a/http/cves/2023/CVE-2023-44813.yaml b/http/cves/2023/CVE-2023-44813.yaml index 2b2ec771024..89f040dcd2b 100644 --- a/http/cves/2023/CVE-2023-44813.yaml +++ b/http/cves/2023/CVE-2023-44813.yaml @@ -19,8 +19,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-44813 cwe-id: CWE-79 - epss-score: 0.12372 - epss-percentile: 0.93511 + epss-score: 0.01077 + epss-percentile: 0.84242 cpe: cpe:2.3:a:moosocial:moosocial:3.1.8:*:*:*:*:*:*:* metadata: verified: true @@ -28,11 +28,9 @@ info: vendor: moosocial product: moosocial shodan-query: + - http.favicon.hash:702863115 - http.favicon.hash:"702863115" - - http.html:"moosocial installation" - fofa-query: - - icon_hash="702863115" - - body="moosocial installation" + fofa-query: icon_hash="702863115" tags: cve,cve2023,moosocial,xss http: diff --git a/http/cves/2023/CVE-2023-4490.yaml b/http/cves/2023/CVE-2023-4490.yaml index 4a4b434fc75..1b8e38bc495 100644 --- a/http/cves/2023/CVE-2023-4490.yaml +++ b/http/cves/2023/CVE-2023-4490.yaml @@ -3,30 +3,23 @@ id: CVE-2023-4490 info: name: WordPress Job Portal < 2.0.6 - SQL Injection author: paresh_parmar1,Configtea - severity: critical + severity: high description: | The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape the city parameter before using it in a SQL statement,leading to a SQL injection vulnerability that is exploitable by unauthenticated users. This vulnerability can be used to extractsensitive data from the database or potentially compromise the WordPress installation. remediation: Update to version 2.0.6 or later reference: - https://wpscan.com/vulnerability/986024f0-3c8d-44d8-a9c9-1dd284d7db0d/ - https://nvd.nist.gov/vuln/detail/CVE-2023-4490 - - https://github.com/20142995/nuclei-templates classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2023-4490 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N + cvss-score: 8.6 cwe-id: CWE-89 - epss-score: 0.57258 - epss-percentile: 0.97992 - cpe: cpe:2.3:a:wpjobportal:wp_job_portal:*:*:*:*:*:wordpress:*:* + cve-id: CVE-2023-4490 metadata: verified: true max-request: 1 - vendor: wpjobportal - product: wp_job_portal - framework: wordpress fofa-query: body="/wp-content/plugins/wp-job-portal" - tags: wpscan,cve,cve2023,sqli,wp,wordpress,wp-plugin,wp-job-portal,time-based-sqli + tags: cve,cve2023,sqli,wp,wordpress,wp-plugin,wp-job-portal,time-based-sqli http: - raw: diff --git a/http/cves/2023/CVE-2023-45136.yaml b/http/cves/2023/CVE-2023-45136.yaml index b284a32fcd4..20ba888c31e 100644 --- a/http/cves/2023/CVE-2023-45136.yaml +++ b/http/cves/2023/CVE-2023-45136.yaml @@ -3,7 +3,7 @@ id: CVE-2023-45136 info: name: XWiki < 14.10.14 - Cross-Site Scripting author: ritikchaddha - severity: critical + severity: medium description: | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy (disabled by default), XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflected cross-site scripting attack in the page creation form. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link. impact: | @@ -14,23 +14,19 @@ info: - https://jira.xwiki.org/browse/XWIKI-20854 - https://nvd.nist.gov/vuln/detail/CVE-2023-45136 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H - cvss-score: 9.6 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2023-45136 cwe-id: CWE-79 - epss-score: 0.60169 - epss-percentile: 0.98134 cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 2 + verified: true vendor: xwiki product: xwiki - shodan-query: - - http.html:"data-xwiki-reference" - - xwiki + shodan-query: html:"data-xwiki-reference" fofa-query: body="data-xwiki-reference" - tags: cve,xwiki,xss,cve2023 + tags: cve,cve2024,xwiki,xss http: - method: GET diff --git a/http/cves/2023/CVE-2023-4521.yaml b/http/cves/2023/CVE-2023-4521.yaml index fea56046f6e..3ae04755d9d 100644 --- a/http/cves/2023/CVE-2023-4521.yaml +++ b/http/cves/2023/CVE-2023-4521.yaml @@ -11,13 +11,12 @@ info: Update the Import XML and RSS Feeds WordPress Plugin to the latest version to mitigate the vulnerability. reference: - https://wpscan.com/vulnerability/de2cdb38-3a9f-448e-b564-a798d1e93481 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-4521 - epss-score: 0.90904 - epss-percentile: 0.996 + epss-score: 0.03055 + epss-percentile: 0.90979 cpe: cpe:2.3:a:mooveagency:import_xml_and_rss_feeds:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2023/CVE-2023-45375.yaml b/http/cves/2023/CVE-2023-45375.yaml index ace56b8ce53..2017721b626 100644 --- a/http/cves/2023/CVE-2023-45375.yaml +++ b/http/cves/2023/CVE-2023-45375.yaml @@ -13,8 +13,8 @@ info: cvss-score: 8.8 cve-id: CVE-2023-45375 cwe-id: CWE-89 - epss-score: 0.84199 - epss-percentile: 0.99245 + epss-score: 0.01204 + epss-percentile: 0.8517 cpe: cpe:2.3:a:01generator:pireospay:*:*:*:*:*:prestashop:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-4542.yaml b/http/cves/2023/CVE-2023-4542.yaml index 036254f14e1..5883f5be6c3 100644 --- a/http/cves/2023/CVE-2023-4542.yaml +++ b/http/cves/2023/CVE-2023-4542.yaml @@ -25,7 +25,9 @@ info: max-request: 1 vendor: dlink product: dar-8000-10_firmware - fofa-query: body="dar-8000-10" && title="d-link" + fofa-query: + - body="DAR-8000-10" && title="D-Link" + - body="dar-8000-10" && title="d-link" tags: cve,cve2023,dlink http: diff --git a/http/cves/2023/CVE-2023-4547.yaml b/http/cves/2023/CVE-2023-4547.yaml index 06797bc16d8..fb8af0e280d 100644 --- a/http/cves/2023/CVE-2023-4547.yaml +++ b/http/cves/2023/CVE-2023-4547.yaml @@ -3,7 +3,7 @@ id: CVE-2023-4547 info: name: SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting author: theamanrawat,SoSpiRo - severity: low + severity: medium description: | A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability. reference: @@ -13,12 +13,12 @@ info: - https://vuldb.com/?ctiid.238058 - https://vuldb.com/?id.238058 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N - cvss-score: 3.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2023-4547 cwe-id: CWE-79 - epss-score: 0.1558 - epss-percentile: 0.94321 + epss-score: 0.0025 + epss-percentile: 0.6492 cpe: cpe:2.3:a:spa-cart:ecommerce_cms:1.9.0.3:*:*:*:*:*:*:* metadata: verified: "true" diff --git a/http/cves/2023/CVE-2023-45542.yaml b/http/cves/2023/CVE-2023-45542.yaml index 7e5b20517a9..7c808cbb3d4 100644 --- a/http/cves/2023/CVE-2023-45542.yaml +++ b/http/cves/2023/CVE-2023-45542.yaml @@ -15,20 +15,16 @@ info: cvss-score: 6.1 cve-id: CVE-2023-45542 cwe-id: CWE-79 - epss-score: 0.32427 - epss-percentile: 0.96597 + epss-score: 0.00082 + epss-percentile: 0.34845 cpe: cpe:2.3:a:moosocial:moosocial:3.1.8:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: moosocial product: moosocial - shodan-query: - - http.favicon.hash:"702863115" - - http.html:"moosocial installation" - fofa-query: - - icon_hash="702863115" - - body="moosocial installation" + shodan-query: http.favicon.hash:"702863115" + fofa-query: icon_hash="702863115" tags: cve2023,cve,xss,moosocial http: diff --git a/http/cves/2023/CVE-2023-45671.yaml b/http/cves/2023/CVE-2023-45671.yaml index d58fda6bb5f..782b64a1d95 100644 --- a/http/cves/2023/CVE-2023-45671.yaml +++ b/http/cves/2023/CVE-2023-45671.yaml @@ -24,7 +24,9 @@ info: max-request: 1 vendor: frigate product: frigate - shodan-query: http.title:"frigate" + shodan-query: + - title:"Frigate" + - http.title:"frigate" fofa-query: title="frigate" google-query: intitle:"frigate" tags: cve,cve2023,frigate,xss diff --git a/http/cves/2023/CVE-2023-4568.yaml b/http/cves/2023/CVE-2023-4568.yaml index 1f6659ab920..e73bbfbdc39 100644 --- a/http/cves/2023/CVE-2023-4568.yaml +++ b/http/cves/2023/CVE-2023-4568.yaml @@ -25,9 +25,10 @@ info: vendor: papercut product: papercut_ng shodan-query: - - http.html:"content=\"papercut\"" + - html:"content=\"PaperCut\"" - http.html:'content="papercut' - cpe:"cpe:2.3:a:papercut:papercut_ng" + - http.html:"content=\"papercut\"" fofa-query: - body='content="papercut' - body="content=\"papercut\"" diff --git a/http/cves/2023/CVE-2023-45826.yaml b/http/cves/2023/CVE-2023-45826.yaml index d98b60151f2..afda7b6d98f 100644 --- a/http/cves/2023/CVE-2023-45826.yaml +++ b/http/cves/2023/CVE-2023-45826.yaml @@ -21,8 +21,9 @@ info: max-request: 2 vendor: leantime product: leantime - shodan-query: http.title:"leantime" + shodan-query: title:"Leantime" tags: cve,cve2023,leantime,authenticated,sqli + variables: username: "{{username}}" password: "{{password}}" diff --git a/http/cves/2023/CVE-2023-45852.yaml b/http/cves/2023/CVE-2023-45852.yaml index 28199597270..1796e8c2549 100644 --- a/http/cves/2023/CVE-2023-45852.yaml +++ b/http/cves/2023/CVE-2023-45852.yaml @@ -25,8 +25,12 @@ info: max-request: 1 vendor: viessmann product: vitogate_300_firmware - shodan-query: http.title:"vitogate 300" - fofa-query: title="vitogate 300" + shodan-query: + - title:"Vitogate 300" + - http.title:"vitogate 300" + fofa-query: + - title="Vitogate 300" + - title="vitogate 300" google-query: intitle:"vitogate 300" tags: cve2023,cve,rce,vitogate,viessmann diff --git a/http/cves/2023/CVE-2023-45855.yaml b/http/cves/2023/CVE-2023-45855.yaml index 5d886e8caf6..087e0e8c128 100644 --- a/http/cves/2023/CVE-2023-45855.yaml +++ b/http/cves/2023/CVE-2023-45855.yaml @@ -19,14 +19,14 @@ info: cvss-score: 7.5 cve-id: CVE-2023-45855 cwe-id: CWE-22 - epss-score: 0.81998 - epss-percentile: 0.99143 + epss-score: 0.00318 + epss-percentile: 0.70433 cpe: cpe:2.3:a:qdpm:qdpm:9.2:*:*:*:*:*:*:* metadata: max-request: 1 vendor: qdpm product: qdpm - shodan-query: http.favicon.hash:"762074255" + shodan-query: "http.favicon.hash:762074255" fofa-query: "icon_hash=762074255" tags: cve,cve2023,qdpm,lfi diff --git a/http/cves/2023/CVE-2023-45878.yaml b/http/cves/2023/CVE-2023-45878.yaml index 8f93436392e..370aa92d3e8 100644 --- a/http/cves/2023/CVE-2023-45878.yaml +++ b/http/cves/2023/CVE-2023-45878.yaml @@ -13,25 +13,23 @@ info: - https://github.com/GibbonEdu/core/tree/16638b849220dd24ed1e536b44b76e222ae0f6c0 - https://nvd.nist.gov/vuln/detail/CVE-2023-45878 - https://herolab.usd.de/security-advisories/usd-2023-0025/ - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-45878 - epss-score: 0.92974 - epss-percentile: 0.99761 - cpe: cpe:2.3:a:gibbonedu:gibbon:*:*:*:*:*:*:*:* + epss-score: 84.03 + epss-percentile: 99 metadata: verified: true - max-request: 2 + max-requests: 1 vendor: gibbonedu product: gibbon shodan-query: - - '[http.favicon.hash:"-165631681 http.favicon.hash"-165631681"]"' + - http.favicon.hash:-165631681 - http.favicon.hash:"-165631681" fofa-query: icon_hash="-165631681" - max-requests: 1 tags: cve2023,cve,file-upload,rce,gibbonedu,gibbon + flow: http(1) && http(2) variables: diff --git a/http/cves/2023/CVE-2023-4596.yaml b/http/cves/2023/CVE-2023-4596.yaml index 6d4143b180e..d7f6c195b03 100644 --- a/http/cves/2023/CVE-2023-4596.yaml +++ b/http/cves/2023/CVE-2023-4596.yaml @@ -17,8 +17,8 @@ info: cvss-score: 9.8 cve-id: CVE-2023-4596 cwe-id: CWE-434 - epss-score: 0.93485 - epss-percentile: 0.99814 + epss-score: 0.07197 + epss-percentile: 0.94017 cpe: cpe:2.3:a:incsub:forminator:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,9 +26,11 @@ info: vendor: incsub product: forminator framework: wordpress - shodan-query: http.html:"/wp-content/plugins/forminator" + shodan-query: http.html:/wp-content/plugins/forminator fofa-query: body=/wp-content/plugins/forminator - publicwww-query: /wp-content/plugins/forminator + publicwww-query: + - /wp-content/plugins/Forminator + - /wp-content/plugins/forminator tags: cve2023,cve,forminator,wordpress,wp,wp-plugin,fileupload,intrusive,rce,incsub variables: string: "CVE-2023-4596" diff --git a/http/cves/2023/CVE-2023-4634.yaml b/http/cves/2023/CVE-2023-4634.yaml index 592b7cf5bb2..fd44083df31 100644 --- a/http/cves/2023/CVE-2023-4634.yaml +++ b/http/cves/2023/CVE-2023-4634.yaml @@ -29,7 +29,7 @@ info: vendor: davidlingren product: media_library_assistant framework: wordpress - shodan-query: http.html:"wp-content/plugins/media-library-assistant" + shodan-query: http.html:wp-content/plugins/media-library-assistant fofa-query: body=wp-content/plugins/media-library-assistant publicwww-query: "wp-content/plugins/media-library-assistant" tags: cve,cve2023,packetstorm,wordpress,wp,wp-plugin,lfi,rce,media-library-assistant,davidlingren diff --git a/http/cves/2023/CVE-2023-46347.yaml b/http/cves/2023/CVE-2023-46347.yaml index 31f71de4efc..b875b142eb8 100644 --- a/http/cves/2023/CVE-2023-46347.yaml +++ b/http/cves/2023/CVE-2023-46347.yaml @@ -14,17 +14,18 @@ info: cvss-score: 9.8 cve-id: CVE-2023-46347 cwe-id: CWE-89 - epss-score: 0.74319 - epss-percentile: 0.98759 + epss-score: 0.04018 + epss-percentile: 0.92057 cpe: cpe:2.3:a:ndkdesign:ndk_steppingpack:*:*:*:*:*:prestashop:*:* metadata: verified: true - max-request: 2 + max-request: 1 vendor: ndkdesign - product: "ndk_steppingpack" + product: ndk_steppingpack framework: prestashop shodan-query: http.component:"prestashop" tags: time-based-sqli,cve,cve2023,sqli,prestashop,ndk_steppingpack,ndkdesign + variables: num: "999999999" diff --git a/http/cves/2023/CVE-2023-46359.yaml b/http/cves/2023/CVE-2023-46359.yaml index 828f5cd6288..dbc060538d5 100644 --- a/http/cves/2023/CVE-2023-46359.yaml +++ b/http/cves/2023/CVE-2023-46359.yaml @@ -26,8 +26,7 @@ info: max-request: 1 vendor: hardy-barth product: cph2_echarge - shodan-query: http.html:"salia plcc" - fofa-query: body="salia plcc" + shodan-query: html:"Salia PLCC" tags: cve2023,cve,salia-plcc,cph2,rce,hardy-barth http: diff --git a/http/cves/2023/CVE-2023-46455.yaml b/http/cves/2023/CVE-2023-46455.yaml index 7b1d5b1aac5..0760de80b52 100644 --- a/http/cves/2023/CVE-2023-46455.yaml +++ b/http/cves/2023/CVE-2023-46455.yaml @@ -16,11 +16,12 @@ info: cwe-id: CWE-22 cpe: cpe:2.3:o:gl-inet:gl-ar300m_firmware:4.3.7:*:*:*:*:*:*:* metadata: - max-request: 2 - vendor: "gl-inet" - product: "gl-ar300m_firmware" - shodan-query: http.title:"gl.inet admin panel" - tags: cve,cve2023,gl-net,file-upload,intrusive,gl-inet + max-request: 1 + vendor: gl-inet + product: gl-ar300m_firmware + shodan-query: title:"GL.iNet Admin Panel" + tags: cve,cve2023,gl-net,file-upload,intrusive + variables: string: "{{to_lower(rand_text_alpha(5))}}" file: "{{to_lower(rand_text_alpha(4))}}" diff --git a/http/cves/2023/CVE-2023-46574.yaml b/http/cves/2023/CVE-2023-46574.yaml index b5a08b31a77..88b8416bebe 100644 --- a/http/cves/2023/CVE-2023-46574.yaml +++ b/http/cves/2023/CVE-2023-46574.yaml @@ -17,15 +17,17 @@ info: cvss-score: 9.8 cve-id: CVE-2023-46574 cwe-id: CWE-77 - epss-score: 0.94117 - epss-percentile: 0.99896 + epss-score: 0.20185 + epss-percentile: 0.96341 cpe: cpe:2.3:o:totolink:a3700r_firmware:9.1.2u.6165_20211012:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: totolink product: a3700r_firmware - shodan-query: http.title:"totolink" + shodan-query: + - title:"Totolink" + - http.title:"totolink" fofa-query: title="totolink" google-query: intitle:"totolink" tags: cve,cve2023,totolink,router,iot,rce diff --git a/http/cves/2023/CVE-2023-46732.yaml b/http/cves/2023/CVE-2023-46732.yaml index ce5ef43d396..2f1f1cc72ac 100644 --- a/http/cves/2023/CVE-2023-46732.yaml +++ b/http/cves/2023/CVE-2023-46732.yaml @@ -20,15 +20,13 @@ info: cwe-id: CWE-79 cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 2 + verified: true vendor: xwiki product: xwiki - shodan-query: - - http.html:"data-xwiki-reference" - - xwiki + shodan-query: html:"data-xwiki-reference" fofa-query: body="data-xwiki-reference" - tags: cve,xwiki,xss,cve2023 + tags: cve,cve2024,xwiki,xss http: - method: GET diff --git a/http/cves/2023/CVE-2023-46747.yaml b/http/cves/2023/CVE-2023-46747.yaml index 6120f392f9b..4f202fb4772 100644 --- a/http/cves/2023/CVE-2023-46747.yaml +++ b/http/cves/2023/CVE-2023-46747.yaml @@ -16,9 +16,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-46747 - cwe-id: CWE-288,CWE-306 - epss-score: 0.94441 - epss-percentile: 0.99986 + cwe-id: CWE-306,CWE-288 + epss-score: 0.97116 + epss-percentile: 0.9979 cpe: cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* metadata: verified: true @@ -26,11 +26,9 @@ info: vendor: f5 product: big-ip_access_policy_manager shodan-query: + - http.title:"BIG-IP®-+Redirect" +"Server" - http.title:"big-ip®-+redirect" +"server" - - http.html:"big-ip apm" - fofa-query: - - title="big-ip®-+redirect" +"server" - - body="big-ip apm" + fofa-query: title="big-ip®-+redirect" +"server" google-query: intitle:"big-ip®-+redirect" +"server" tags: cve2023,cve,packetstorm,rce,f5,bigip,unauth,ajp,smuggling,intrusive,kev variables: diff --git a/http/cves/2023/CVE-2023-46805.yaml b/http/cves/2023/CVE-2023-46805.yaml index d672d1125b0..cd920f92e85 100644 --- a/http/cves/2023/CVE-2023-46805.yaml +++ b/http/cves/2023/CVE-2023-46805.yaml @@ -16,19 +16,15 @@ info: cvss-score: 8.2 cve-id: CVE-2023-46805 cwe-id: CWE-287 - epss-score: 0.94398 - epss-percentile: 0.99967 + epss-score: 0.96558 + epss-percentile: 0.99613 cpe: cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:* metadata: max-request: 2 vendor: ivanti product: connect_secure - shodan-query: - - http.html:"welcome.cgi?p=logo" - - http.title:"ivanti connect secure" - fofa-query: - - body="welcome.cgi?p=logo" - - title="ivanti connect secure" + shodan-query: "html:\"welcome.cgi?p=logo\"" + fofa-query: body="welcome.cgi?p=logo" google-query: intitle:"ivanti connect secure" tags: packetstorm,cve,cve2023,kev,auth-bypass,ivanti diff --git a/http/cves/2023/CVE-2023-46818.yaml b/http/cves/2023/CVE-2023-46818.yaml index a2e46e2f2aa..de82d8e5297 100644 --- a/http/cves/2023/CVE-2023-46818.yaml +++ b/http/cves/2023/CVE-2023-46818.yaml @@ -11,24 +11,17 @@ info: - http://packetstormsecurity.com/files/176126/ISPConfig-3.2.11-PHP-Code-Injection.html - http://seclists.org/fulldisclosure/2023/Dec/2 - https://nvd.nist.gov/vuln/detail/CVE-2023-46818 - - https://github.com/bipbopbup/bipbopbup classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2023-46818 cwe-id: CWE-94 - epss-score: 0.80861 - epss-percentile: 0.99087 - cpe: cpe:2.3:a:ispconfig:ispconfig:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 6 - vendor: ispconfig + max-request: 1 product: ispconfig - shodan-query: http.title:"ispconfig" http.favicon.hash:483383992 - fofa-query: title="ispconfig" http.favicon.hash:483383992 - google-query: intitle:"ispconfig" http.favicon.hash:483383992 - tags: packetstorm,seclists,cve,cve2023,ispconfig,php,rce + tags: cve,cve2023,ispconfig,php,rce + flow: http(1) && http(2) && http(3) && http(4) && http(5) && http(6) variables: diff --git a/http/cves/2023/CVE-2023-47105.yaml b/http/cves/2023/CVE-2023-47105.yaml index 0e6257317dc..7f2a7ea8f9f 100644 --- a/http/cves/2023/CVE-2023-47105.yaml +++ b/http/cves/2023/CVE-2023-47105.yaml @@ -26,7 +26,7 @@ info: max-request: 1 vendor: chaosblade-io product: chaosblade - tags: cve,cve2023,chaosblade,rce,chaosblade-io + tags: cve,cve2023,chaosblade,rce http: - raw: diff --git a/http/cves/2023/CVE-2023-47115.yaml b/http/cves/2023/CVE-2023-47115.yaml index 2634a1b7c73..a33ecd542cd 100644 --- a/http/cves/2023/CVE-2023-47115.yaml +++ b/http/cves/2023/CVE-2023-47115.yaml @@ -25,11 +25,10 @@ info: metadata: verified: true max-request: 6 - vendor: humansignal + shodan-query: http.favicon.hash:-1649949475 product: label_studio - shodan-query: http.favicon.hash:"-1649949475" - fofa-query: icon_hash=-1649949475 - tags: cve,cve2023,xss,authenticated,intrusive,label-studio,humansignal + vendor: humansignal + tags: cve,cve2023,xss,authenticated,intrusive,label-studio http: - raw: diff --git a/http/cves/2023/CVE-2023-47117.yaml b/http/cves/2023/CVE-2023-47117.yaml index b2acf8d8e52..eca237f6365 100644 --- a/http/cves/2023/CVE-2023-47117.yaml +++ b/http/cves/2023/CVE-2023-47117.yaml @@ -23,9 +23,9 @@ info: max-request: 4 vendor: humansignal product: label_studio - shodan-query: http.favicon.hash:"-1649949475" - fofa-query: icon_hash=-1649949475 - tags: cve,cve2023,label_studio,oss,exposure,authenticated,humansignal + shodan-query: http.favicon.hash:-1649949475 + tags: cve,cve2023,label_studio,oss,exposure,authenticated + variables: Task_id: "{{task}}" Project_id: "{{project}}" diff --git a/http/cves/2023/CVE-2023-47211.yaml b/http/cves/2023/CVE-2023-47211.yaml index c71d7c0fc36..0a89b4e3ecb 100644 --- a/http/cves/2023/CVE-2023-47211.yaml +++ b/http/cves/2023/CVE-2023-47211.yaml @@ -3,7 +3,7 @@ id: CVE-2023-47211 info: name: ManageEngine OpManager - Directory Traversal author: gy741 - severity: critical + severity: high description: | A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. reference: @@ -11,18 +11,20 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2023-47211 - https://github.com/fkie-cad/nvd-json-data-feeds classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L - cvss-score: 9.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N + cvss-score: 8.6 cve-id: CVE-2023-47211 cwe-id: CWE-22 - epss-score: 0.84625 - epss-percentile: 0.99263 + epss-score: 0.00164 + epss-percentile: 0.52964 cpe: cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:* metadata: max-request: 3 vendor: zohocorp product: manageengine_firewall_analyzer - shodan-query: http.title:"opmanager plus" + shodan-query: + - "http.title:\"OpManager Plus\"" + - http.title:"opmanager plus" fofa-query: title="opmanager plus" google-query: intitle:"opmanager plus" tags: cve,cve2023,zoho,manageengine,authenticated,traversal,lfi,intrusive,zohocorp diff --git a/http/cves/2023/CVE-2023-47218.yaml b/http/cves/2023/CVE-2023-47218.yaml index 7ba4b9c75c9..cec3aa83e1c 100644 --- a/http/cves/2023/CVE-2023-47218.yaml +++ b/http/cves/2023/CVE-2023-47218.yaml @@ -23,14 +23,9 @@ info: metadata: verified: true max-request: 2 - vendor: qnap + shodan-query: ssl.cert.issuer.cn:"QNAP NAS",title:"QNAP Turbo NAS" product: qts - shodan-query: - - ssl.cert.issuer.cn:"qnap nas",title:"qnap turbo nas" - - http.title:"qnap turbo nas" inurl:/cgi-bin - - product:"qnap" - google-query: intitle:"qnap turbo nas" inurl:/cgi-bin - fofa-query: title="qnap turbo nas" inurl:/cgi-bin + vendor: qnap tags: cve,cve2023,qnap,qts,quts,rce,intrusive variables: file: '{{rand_base(6)}}' diff --git a/http/cves/2023/CVE-2023-47246.yaml b/http/cves/2023/CVE-2023-47246.yaml index 824f6a85fd9..6797b0e39b3 100644 --- a/http/cves/2023/CVE-2023-47246.yaml +++ b/http/cves/2023/CVE-2023-47246.yaml @@ -27,7 +27,9 @@ info: max-request: 2 vendor: sysaid product: sysaid_on-premises - shodan-query: http.favicon.hash:"1540720428" + shodan-query: + - http.favicon.hash:1540720428 + - http.favicon.hash:"1540720428" fofa-query: icon_hash="1540720428" tags: cve,cve2023,sysaid,rce,kev,traversal,intrusive variables: diff --git a/http/cves/2023/CVE-2023-47248.yaml b/http/cves/2023/CVE-2023-47248.yaml index 98be5c832d4..ce0c0473a77 100644 --- a/http/cves/2023/CVE-2023-47248.yaml +++ b/http/cves/2023/CVE-2023-47248.yaml @@ -18,8 +18,8 @@ info: cvss-score: 9.8 cve-id: CVE-2023-47248 cwe-id: CWE-502 - epss-score: 0.01596 - epss-percentile: 0.87028 + epss-score: 0.015960000 + epss-percentile: 0.870280000 cpe: cpe:2.3:a:apache:pyarrow:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-47253.yaml b/http/cves/2023/CVE-2023-47253.yaml index 3d872b755b2..b39464213f8 100644 --- a/http/cves/2023/CVE-2023-47253.yaml +++ b/http/cves/2023/CVE-2023-47253.yaml @@ -23,10 +23,7 @@ info: max-request: 1 vendor: qualitor product: qualitor - fofa-query: - - qualitor - - icon_hash="-1217039701" - shodan-query: http.favicon.hash:"-1217039701" + fofa-query: "Qualitor" tags: cve,cve2023,rce,qualitor http: diff --git a/http/cves/2023/CVE-2023-47643.yaml b/http/cves/2023/CVE-2023-47643.yaml index 05e1b8e806a..0c71232c748 100644 --- a/http/cves/2023/CVE-2023-47643.yaml +++ b/http/cves/2023/CVE-2023-47643.yaml @@ -27,7 +27,9 @@ info: max-request: 2 vendor: salesagility product: suitecrm - shodan-query: http.title:"suitecrm" + shodan-query: + - title:"SuiteCRM" + - http.title:"suitecrm" fofa-query: title="suitecrm" google-query: intitle:"suitecrm" tags: cve,cve2023,graphql,suitecrm,introspection,salesagility diff --git a/http/cves/2023/CVE-2023-47684.yaml b/http/cves/2023/CVE-2023-47684.yaml index be52b28bd57..4881ea367e2 100644 --- a/http/cves/2023/CVE-2023-47684.yaml +++ b/http/cves/2023/CVE-2023-47684.yaml @@ -3,20 +3,19 @@ id: CVE-2023-47684 info: name: Essential Grid <= 3.1.0 - Cross-Site Scripting author: 0xpugal - severity: high + severity: medium description: | Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in ThemePunch OHG Essential Grid plugin <= 3.1.0 versions. reference: - https://patchstack.com/database/vulnerability/essential-grid/wordpress-essential-grid-plugin-3-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve - https://nvd.nist.gov/vuln/detail/CVE-2023-47684 - - https://github.com/20142995/nuclei-templates classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L - cvss-score: 7.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2023-47684 cwe-id: CWE-79 - epss-score: 0.04207 - epss-percentile: 0.88163 + epss-score: 0.00046 + epss-percentile: 0.17675 cpe: cpe:2.3:a:themepunch:essential_grid:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -25,8 +24,6 @@ info: product: essential_grid framework: wordpress publicwww-query: "essential-grid-plugin" - shodan-query: http.html:"essential-grid-plugin" - fofa-query: body=essential-grid-plugin tags: cve,cve2023,wordpress,wp,xss,wp-theme,essential-grid,themepunch http: diff --git a/http/cves/2023/CVE-2023-48023.yaml b/http/cves/2023/CVE-2023-48023.yaml index 8374a84032d..0a9869243c8 100644 --- a/http/cves/2023/CVE-2023-48023.yaml +++ b/http/cves/2023/CVE-2023-48023.yaml @@ -14,30 +14,23 @@ info: - https://huntr.com/bounties/448bcada-9f6f-442e-8950-79f41efacfed/ - https://security.snyk.io/vuln/SNYK-PYTHON-RAY-6096054 - https://nvd.nist.gov/vuln/detail/CVE-2023-48023 - - https://docs.ray.io/en/latest/ray-security/index.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 9.1 cve-id: CVE-2023-48023 - cwe-id: CWE-918 - epss-score: 0.86464 - epss-percentile: 0.99356 - cpe: cpe:2.3:a:anyscale:ray:2.6.3:*:*:*:*:*:*:* + cwe-id: CWE-441,CWE-918 metadata: verified: true max-request: 1 - vendor: anyscale - product: ray + vendor: ray_project shodan-query: - - http.favicon.hash:"463802404" + - http.favicon.hash:463802404 - http.html:"ray dashboard" - - http.title:"ray dashboard" + product: ray fofa-query: - icon_hash=463802404 - body="ray dashboard" - - title="ray dashboard" - google-query: intitle:"ray dashboard" - tags: cve,cve2023,ssrf,ray,anyscale,Anyscale,ray_project + tags: cve,cve2023,ssrf,ray,anyscale,Anyscale http: - method: GET diff --git a/http/cves/2023/CVE-2023-48084.yaml b/http/cves/2023/CVE-2023-48084.yaml index f14617b6292..d3bd37f8e85 100644 --- a/http/cves/2023/CVE-2023-48084.yaml +++ b/http/cves/2023/CVE-2023-48084.yaml @@ -20,21 +20,19 @@ info: cvss-score: 9.8 cve-id: CVE-2023-48084 cwe-id: CWE-89 - epss-score: 0.86816 - epss-percentile: 0.99376 + epss-score: 0.00114 + epss-percentile: 0.44856 cpe: cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* metadata: verified: true max-request: 3 vendor: nagios product: nagios_xi - shodan-query: - - http.title:"nagios xi" - - http.favicon.hash:"1460499495" + shodan-query: http.title:"nagios xi" fofa-query: + - title="Nagios XI" - title="nagios xi" - app="nagios-xi" - - icon_hash="1460499495" google-query: intitle:"nagios xi" tags: time-based-sqli,cve,cve2023,nagiosxi,sqli,authenticated,nagios diff --git a/http/cves/2023/CVE-2023-48241.yaml b/http/cves/2023/CVE-2023-48241.yaml index a58eb816496..c6770b795e4 100644 --- a/http/cves/2023/CVE-2023-48241.yaml +++ b/http/cves/2023/CVE-2023-48241.yaml @@ -9,7 +9,7 @@ info: impact: | Successful exploitation could lead to disclosure of content of all documents of all wikis. remediation: | - This has been fixed in XWiki 15.6RC1, 15.5.1 and 14.10.15 by not listing documents whose rights cannot be checked. + This has been fixed in XWiki 15.6RC1, 15.5.1 and 14.10.15 by not listing documents whose rights cannot be checked. reference: - https://jira.xwiki.org/browse/XWIKI-21138 - https://nvd.nist.gov/vuln/detail/CVE-2023-48241 @@ -17,20 +17,16 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2023-48241 - cwe-id: CWE-285,NVD-CWE-noinfo - epss-score: 0.2045 - epss-percentile: 0.95218 + cwe-id: CWE-285 cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 2 + verified: true vendor: xwiki product: xwiki - shodan-query: - - http.html:"data-xwiki-reference" - - xwiki + shodan-query: html:"data-xwiki-reference" fofa-query: body="data-xwiki-reference" - tags: cve,xwiki,exposure,cve2023 + tags: cve,cve2024,xwiki,exposure http: - method: GET diff --git a/http/cves/2023/CVE-2023-48728.yaml b/http/cves/2023/CVE-2023-48728.yaml index 33389f4f2f3..d84106055be 100644 --- a/http/cves/2023/CVE-2023-48728.yaml +++ b/http/cves/2023/CVE-2023-48728.yaml @@ -26,14 +26,8 @@ info: max-request: 1 vendor: wwbn product: avideo - shodan-query: - - http.html:"avideo" - - http.title:"avideo" - fofa-query: - - avideo - - title="avideo" - google-query: intitle:"avideo" - tags: cve,cve2023,avideo,xss,wwbn + shodan-query: html:"AVideo" + tags: cve,cve2023,avideo,xss http: - method: GET diff --git a/http/cves/2023/CVE-2023-48777.yaml b/http/cves/2023/CVE-2023-48777.yaml index ad919e949e7..c4dbdf66517 100644 --- a/http/cves/2023/CVE-2023-48777.yaml +++ b/http/cves/2023/CVE-2023-48777.yaml @@ -10,26 +10,21 @@ info: reference: - https://wpscan.com/vulnerability/a6b3b14c-f06b-4506-9b88-854f155ebca9/ - https://patchstack.com/database/vulnerability/elementor/wordpress-elementor-plugin-3-18-0-arbitrary-file-upload-vulnerability?_s_id=cve - - https://github.com/20142995/nuclei-templates - - https://github.com/AkuCyberSec/Elementor-3.18.0-Upload-Path-Traversal-RCE-CVE-2023-48777 - - https://github.com/Chocapikk/wpprobe classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H cvss-score: 9.9 cve-id: CVE-2023-48777 cwe-id: CWE-434 - epss-score: 0.86471 - epss-percentile: 0.99358 - cpe: cpe:2.3:a:elementor:website_builder:*:*:*:*:free:wordpress:*:* + epss-score: 0.00054 + epss-percentile: 0.21518 + cpe: cpe:2.3:a:elementor:website_builder:*:*:*:*:wordpress:*:*:* metadata: verified: true max-request: 4 - vendor: elementor - product: website_builder framework: wordpress publicwww-query: "/wp-content/plugins/elementor/" - shodan-query: http.html:"/wp-content/plugins/elementor/" - fofa-query: body=/wp-content/plugins/elementor/ + product: website_builder + vendor: elementor tags: cve,cve2023,elementor,file-upload,intrusive,rce,wpscan,wordpress,wp-plugin,authenticated variables: filename: "{{rand_base(6)}}" diff --git a/http/cves/2023/CVE-2023-49070.yaml b/http/cves/2023/CVE-2023-49070.yaml index d00dbfb6f49..2f544be67c4 100644 --- a/http/cves/2023/CVE-2023-49070.yaml +++ b/http/cves/2023/CVE-2023-49070.yaml @@ -18,21 +18,21 @@ info: cvss-score: 9.8 cve-id: CVE-2023-49070 cwe-id: CWE-94 - epss-score: 0.93892 - epss-percentile: 0.99861 + epss-score: 0.79399 + epss-percentile: 0.98282 cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: apache product: ofbiz shodan-query: + - html:"OFBiz" - http.html:"ofbiz" - ofbiz.visitor= - - http.html:"apache ofbiz" fofa-query: - - app="apache_ofbiz" + - app="Apache_OFBiz" - body="ofbiz" - - body="apache ofbiz" + - app="apache_ofbiz" tags: cve,cve2023,seclists,apache,ofbiz,deserialization,rce http: diff --git a/http/cves/2023/CVE-2023-49103.yaml b/http/cves/2023/CVE-2023-49103.yaml index 427cfa433d8..0c11d87175c 100644 --- a/http/cves/2023/CVE-2023-49103.yaml +++ b/http/cves/2023/CVE-2023-49103.yaml @@ -3,7 +3,7 @@ id: CVE-2023-49103 info: name: OwnCloud - Phpinfo Configuration author: ritikchaddha - severity: critical + severity: high description: | An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. reference: @@ -14,19 +14,21 @@ info: - https://attackerkb.com/topics/G9urDj4Cg2/cve-2023-49103 - https://www.rapid7.com/blog/post/2023/12/01/etr-cve-2023-49103-critical-information-disclosure-in-owncloud-graph-api/ classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 cve-id: CVE-2023-49103 cwe-id: CWE-200 - epss-score: 0.94366 - epss-percentile: 0.99953 + epss-score: 0.51754 + epss-percentile: 0.97272 cpe: cpe:2.3:a:owncloud:graph_api:0.2.0:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: owncloud product: graph_api - shodan-query: http.title:"owncloud" + shodan-query: + - title:"owncloud" + - http.title:"owncloud" fofa-query: title="owncloud" google-query: intitle:"owncloud" tags: cve2023,cve,owncloud,phpinfo,config,kev diff --git a/http/cves/2023/CVE-2023-49489.yaml b/http/cves/2023/CVE-2023-49489.yaml index 81687f4c37f..3138bbb5d43 100644 --- a/http/cves/2023/CVE-2023-49489.yaml +++ b/http/cves/2023/CVE-2023-49489.yaml @@ -17,11 +17,10 @@ info: epss-percentile: 0.37213 cpe: cpe:2.3:a:kodcloud:kodexplorer:4.51:*:*:*:*:*:*:* metadata: - max-request: 1 vendor: kodcloud product: kodexplorer fofa-query: app="powered-by-kodexplorer" - tags: cve,kodexplorer,xss,cve2023,kodcloud + tags: cve,cve2024,kodexplorer,xss http: - raw: diff --git a/http/cves/2023/CVE-2023-49494.yaml b/http/cves/2023/CVE-2023-49494.yaml index d1f5f80d935..7db1b2cd8f4 100644 --- a/http/cves/2023/CVE-2023-49494.yaml +++ b/http/cves/2023/CVE-2023-49494.yaml @@ -25,18 +25,9 @@ info: max-request: 1 vendor: dedecms product: dedecms - shodan-query: - - http.html:"dedecms" - - cpe:"cpe:2.3:a:dedecms:dedecms" - - http.html:"power by dedecms" || title:"dedecms" - - http.title:"dedecms" || http.html:"power by dedecms" - fofa-query: - - app="dedecms" - - body="dedecms" - - body="power by dedecms" || title:"dedecms" - - title="dedecms" || http.html:"power by dedecms" - google-query: intitle:"dedecms" || http.html:"power by dedecms" - tags: cve,cve2023,dedecms,xss,intrusive + shodan-query: http.html:"DedeCms" + fofa-query: app="DedeCMS" + tags: cve,cve2023,dedecms,xss http: - raw: diff --git a/http/cves/2023/CVE-2023-4966.yaml b/http/cves/2023/CVE-2023-4966.yaml index 2afbe49f92b..8acc333c783 100644 --- a/http/cves/2023/CVE-2023-4966.yaml +++ b/http/cves/2023/CVE-2023-4966.yaml @@ -3,7 +3,7 @@ id: CVE-2023-4966 info: name: Citrix Bleed - Leaking Session Tokens author: DhiyaneshDK - severity: critical + severity: high description: | Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. reference: @@ -13,19 +13,21 @@ info: - https://x.com/assetnote/status/1716757539323564196?s=20 - https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/ classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L - cvss-score: 9.4 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 cve-id: CVE-2023-4966 cwe-id: CWE-119,NVD-CWE-noinfo - epss-score: 0.94378 - epss-percentile: 0.99957 + epss-score: 0.9671 + epss-percentile: 0.99651 cpe: cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:* metadata: verified: "true" max-request: 2 vendor: citrix product: netscaler_application_delivery_controller - shodan-query: http.title:"citrix gateway" || title:"netscaler gateway" + shodan-query: + - title:"Citrix Gateway" || title:"Netscaler Gateway" + - http.title:"citrix gateway" || title:"netscaler gateway" fofa-query: title="citrix gateway" || title:"netscaler gateway" google-query: intitle:"citrix gateway" || title:"netscaler gateway" tags: cve,cve2023,citrix,adc,info-leak,kev,exposure diff --git a/http/cves/2023/CVE-2023-4973.yaml b/http/cves/2023/CVE-2023-4973.yaml index 2d1748a4b64..9259cf0f2c8 100644 --- a/http/cves/2023/CVE-2023-4973.yaml +++ b/http/cves/2023/CVE-2023-4973.yaml @@ -3,29 +3,29 @@ id: CVE-2023-4973 info: name: Academy LMS 6.2 - Cross-Site Scripting author: ritikchaddha,princechaddha - severity: low + severity: medium description: | A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument searched_word/searched_tution_class_type[]/searched_price_type[]/searched_duration[] leads to cross site scripting. The attack can be launched remotely. reference: - https://packetstormsecurity.com/files/174680/Academy-LMS-6.2-Cross-Site-Scripting.html - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4973 - - https://vuldb.com/?ctiid.239749 - - https://vuldb.com/?id.239749 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N - cvss-score: 3.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2023-4973 cwe-id: CWE-79 - epss-score: 0.0573 - epss-percentile: 0.89961 cpe: cpe:2.3:a:creativeitem:academy_lms:6.2:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: creativeitem product: academy_lms - shodan-query: http.html:"academy lms" - fofa-query: body="academy lms" + shodan-query: + - html:"Academy LMS" + - http.html:"academy lms" + fofa-query: + - body="Academy LMS" + - body="academy lms" tags: packetstorm,cve2023,cve,academylms,xss,creativeitem http: diff --git a/http/cves/2023/CVE-2023-4974.yaml b/http/cves/2023/CVE-2023-4974.yaml index 094da724847..80a569a39c7 100644 --- a/http/cves/2023/CVE-2023-4974.yaml +++ b/http/cves/2023/CVE-2023-4974.yaml @@ -3,7 +3,7 @@ id: CVE-2023-4974 info: name: Academy LMS 6.2 - SQL Injection author: theamanrawat - severity: medium + severity: critical description: | A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql injection. The attack may be launched remotely. VDB-239750 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. reference: @@ -13,19 +13,21 @@ info: - http://packetstormsecurity.com/files/174681/Academy-LMS-6.2-SQL-Injection.html - https://vuldb.com/?ctiid.239750 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L - cvss-score: 6.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2023-4974 cwe-id: CWE-89 - epss-score: 0.43231 - epss-percentile: 0.97326 + epss-score: 0.02153 + epss-percentile: 0.89309 cpe: cpe:2.3:a:creativeitem:academy_lms:6.2:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: creativeitem product: academy_lms - shodan-query: http.html:"academy lms" + shodan-query: + - html:"Academy LMS" + - http.html:"academy lms" fofa-query: body="academy lms" tags: time-based-sqli,cve,cve2023,packetstorm,sqli,academy,lms,creativeitem diff --git a/http/cves/2023/CVE-2023-49785.yaml b/http/cves/2023/CVE-2023-49785.yaml index 102041c2320..0d9c2ab90a3 100644 --- a/http/cves/2023/CVE-2023-49785.yaml +++ b/http/cves/2023/CVE-2023-49785.yaml @@ -11,22 +11,16 @@ info: reference: - https://www.horizon3.ai/attack-research/attack-blogs/nextchat-an-ai-chatbot-that-lets-you-talk-to-anyone-you-want-to/ - https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web - - https://github.com/XRSec/AWVS-Update - - https://github.com/k3ppf0r/2024-PocLib - - https://github.com/nvn1729/advisories classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 9.1 cve-id: CVE-2023-49785 cwe-id: CWE-79 - epss-score: 0.93252 - epss-percentile: 0.99791 - cpe: cpe:2.3:a:nextchat:nextchat:*:*:*:*:*:*:*:* + epss-score: 0.00049 + epss-percentile: 0.17861 metadata: verified: true max-request: 2 - vendor: nextchat - product: nextchat shodan-query: "title:NextChat,\"ChatGPT Next Web\"" tags: cve,cve2023,ssrf,xss,chatgpt,nextchat diff --git a/http/cves/2023/CVE-2023-5003.yaml b/http/cves/2023/CVE-2023-5003.yaml index e9c1949388e..84532553f80 100644 --- a/http/cves/2023/CVE-2023-5003.yaml +++ b/http/cves/2023/CVE-2023-5003.yaml @@ -10,13 +10,12 @@ info: reference: - https://nvd.nist.gov/vuln/detail/CVE-2023-5003 - https://wpscan.com/vulnerability/91f4e500-71f3-4ef6-9cc7-24a7c12a5748/ - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2023-5003 - epss-score: 0.77787 - epss-percentile: 0.98932 + epss-score: 0.00419 + epss-percentile: 0.7409 cpe: cpe:2.3:a:miniorange:active_directory_integration_\/_ldap_integration:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-50094.yaml b/http/cves/2023/CVE-2023-50094.yaml index 290034eaf34..ab6789c28da 100644 --- a/http/cves/2023/CVE-2023-50094.yaml +++ b/http/cves/2023/CVE-2023-50094.yaml @@ -10,22 +10,19 @@ info: - https://github.com/yogeshojha/rengine - https://github.com/Zierax/CVE-2023-50094_POC - https://nvd.nist.gov/vuln/detail/CVE-2023-50094 - - https://github.com/yogeshojha/rengine/blob/53d9f505f04861a5040195ea71f20907ff90577a/web/api/views.py#L268-L275 - - https://github.com/yogeshojha/rengine/blob/5e120bd5f9dfbd1da82a193e8c9702e483d38d22/web/api/views.py#L195 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2023-50094 cwe-id: CWE-78 - epss-score: 0.92174 - epss-percentile: 0.99692 - cpe: cpe:2.3:a:yogeshojha:rengine:*:*:*:*:*:*:*:* + cpe: cpe:2.3:a:yogeshojha::*:*:*:*:*:*:*:* metadata: - max-request: 3 + max-request: 2 vendor: yogeshojha product: rengine - shodan-query: http.title:"rengine" - tags: cve,cve2023,rengine,rce,injection,authenticated,yogeshojha + shodan-query: title:"reNgine" + tags: cve,cve2023,rengine,rce,injection,authenticated + flow: http(1) && http(2) http: diff --git a/http/cves/2023/CVE-2023-50290.yaml b/http/cves/2023/CVE-2023-50290.yaml index 4dc2e666225..a07a8bcf8e2 100644 --- a/http/cves/2023/CVE-2023-50290.yaml +++ b/http/cves/2023/CVE-2023-50290.yaml @@ -21,28 +21,24 @@ info: cvss-score: 6.5 cve-id: CVE-2023-50290 cwe-id: CWE-200,NVD-CWE-noinfo - epss-score: 0.93001 - epss-percentile: 0.99763 + epss-score: 0.05452 + epss-percentile: 0.93157 cpe: cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: apache product: solr shodan-query: + - "title:\"Apache Solr\"" - http.title:"apache solr" - cpe:"cpe:2.3:a:apache:solr" - http.title:"solr admin" - - http.html:"apache solr" - - http.title:"solr" fofa-query: - title="solr admin" - title="apache solr" - - body="apache solr" - - title="solr" google-query: - intitle:"apache solr" - intitle:"solr admin" - - intitle:"solr" tags: cve,cve2023,apache,solr,exposure http: diff --git a/http/cves/2023/CVE-2023-50719.yaml b/http/cves/2023/CVE-2023-50719.yaml index d6fc4d73e8f..403e897e175 100644 --- a/http/cves/2023/CVE-2023-50719.yaml +++ b/http/cves/2023/CVE-2023-50719.yaml @@ -20,15 +20,13 @@ info: cwe-id: CWE-359 cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 2 + verified: true vendor: xwiki product: xwiki - shodan-query: - - http.html:"data-xwiki-reference" - - xwiki + shodan-query: html:"data-xwiki-reference" fofa-query: body="data-xwiki-reference" - tags: cve,xwiki,password,exposure,cve2023 + tags: cve,cve2024,xwiki,password,exposure http: - method: GET diff --git a/http/cves/2023/CVE-2023-50720.yaml b/http/cves/2023/CVE-2023-50720.yaml index 78e0e06a25b..baa0fe5f719 100644 --- a/http/cves/2023/CVE-2023-50720.yaml +++ b/http/cves/2023/CVE-2023-50720.yaml @@ -20,15 +20,13 @@ info: cwe-id: CWE-200 cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 2 + verified: true vendor: xwiki product: xwiki - shodan-query: - - http.html:"data-xwiki-reference" - - xwiki + shodan-query: html:"data-xwiki-reference" fofa-query: body="data-xwiki-reference" - tags: cve,xwiki,email,exposure,cve2023 + tags: cve,cve2024,xwiki,email,exposure http: - method: GET diff --git a/http/cves/2023/CVE-2023-5074.yaml b/http/cves/2023/CVE-2023-5074.yaml index ab81bf40906..e98296a0719 100644 --- a/http/cves/2023/CVE-2023-5074.yaml +++ b/http/cves/2023/CVE-2023-5074.yaml @@ -26,7 +26,9 @@ info: max-request: 1 vendor: dlink product: d-view_8 - shodan-query: http.favicon.hash:"-1317621215" + shodan-query: + - http.favicon.hash:-1317621215 + - http.favicon.hash:"-1317621215" fofa-query: icon_hash="-1317621215" tags: cve2023,cve,d-link,auth-bypass,dlink diff --git a/http/cves/2023/CVE-2023-5089.yaml b/http/cves/2023/CVE-2023-5089.yaml index a35369f0bff..e98b865d399 100644 --- a/http/cves/2023/CVE-2023-5089.yaml +++ b/http/cves/2023/CVE-2023-5089.yaml @@ -11,14 +11,12 @@ info: - https://www.sprocketsecurity.com/resources/discovering-wp-admin-urls-in-wordpress-with-gravityforms - https://wpscan.com/vulnerability/2b547488-187b-44bc-a57d-f876a7d4c87d/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5089 - - https://github.com/20142995/nuclei-templates - - https://github.com/Cappricio-Securities/CVE-2023-5089 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2023-5089 - epss-score: 0.8275 - epss-percentile: 0.99175 + epss-score: 0.00291 + epss-percentile: 0.69035 cpe: cpe:2.3:a:wpmudev:defender_security:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,7 +24,7 @@ info: vendor: wpmudev product: defender_security framework: wordpress - shodan-query: http.html:"/wp-content/plugins/defender-security/" + shodan-query: http.html:/wp-content/plugins/defender-security/ fofa-query: body=/wp-content/plugins/defender-security/ publicwww-query: "/wp-content/plugins/defender-security/" tags: cve,cve2023,wordpress,wpscan,wp-plugin,defender-security,redirect,wpmudev diff --git a/http/cves/2023/CVE-2023-50917.yaml b/http/cves/2023/CVE-2023-50917.yaml index 28f9b7e0ecb..89d2cd57f64 100644 --- a/http/cves/2023/CVE-2023-50917.yaml +++ b/http/cves/2023/CVE-2023-50917.yaml @@ -17,16 +17,17 @@ info: cvss-score: 9.8 cve-id: CVE-2023-50917 cwe-id: CWE-77 - epss-score: 0.92618 - epss-percentile: 0.99729 + epss-score: 0.70095 + epss-percentile: 0.98019 cpe: cpe:2.3:a:mjdm:majordomo:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: mjdm product: majordomo - shodan-query: http.favicon.hash:"1903390397" + shodan-query: http.favicon.hash:1903390397 fofa-query: + - app="MajordomoSL" - app="majordomosl" - icon_hash=1903390397 tags: packetstorm,seclists,cve,cve2023,majordomo,rce,os,mjdm diff --git a/http/cves/2023/CVE-2023-50968.yaml b/http/cves/2023/CVE-2023-50968.yaml index b64b9f3efe7..fd71006af1a 100644 --- a/http/cves/2023/CVE-2023-50968.yaml +++ b/http/cves/2023/CVE-2023-50968.yaml @@ -26,13 +26,13 @@ info: vendor: apache product: ofbiz shodan-query: + - html:"OFBiz" - http.html:"ofbiz" - ofbiz.visitor= - - http.html:"apache ofbiz" fofa-query: - - app="apache_ofbiz" + - app="Apache_OFBiz" - body="ofbiz" - - body="apache ofbiz" + - app="apache_ofbiz" tags: cve,cve2023,apache,ofbiz,ssrf variables: str: "{{rand_base(6)}}" diff --git a/http/cves/2023/CVE-2023-51409.yaml b/http/cves/2023/CVE-2023-51409.yaml index 8823b86ac80..1201f2ab368 100644 --- a/http/cves/2023/CVE-2023-51409.yaml +++ b/http/cves/2023/CVE-2023-51409.yaml @@ -11,14 +11,13 @@ info: - https://github.com/RandomRobbieBF/CVE-2023-51409 - https://patchstack.com/database/vulnerability/ai-engine/wordpress-ai-engine-plugin-1-9-98-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve - https://nvd.nist.gov/vuln/detail/CVE-2023-51409 - - https://github.com/20142995/nuclei-templates classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2023-51409 cwe-id: CWE-434 - epss-score: 0.92988 - epss-percentile: 0.99762 + epss-score: 0.80552 + epss-percentile: 0.99069 cpe: cpe:2.3:a:meowapps:ai_engine:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -27,9 +26,8 @@ info: product: ai_engine framework: wordpress publicwww-query: "/wp-content/plugins/ai-engine/" - shodan-query: http.html:"/wp-content/plugins/ai-engine/" - fofa-query: body=/wp-content/plugins/ai-engine/ - tags: cve,cve2023,wp,wordpress,wp-plugin,ai-engine,kev,intrusive,meowapps + tags: cve,cve2023,wp,wordpress,wp-plugin,ai-engine,kev,intrusive + variables: filename: "{{to_lower(rand_text_alpha(7))}}" diff --git a/http/cves/2023/CVE-2023-51449.yaml b/http/cves/2023/CVE-2023-51449.yaml index a935a595100..04ad22bf67b 100644 --- a/http/cves/2023/CVE-2023-51449.yaml +++ b/http/cves/2023/CVE-2023-51449.yaml @@ -3,37 +3,31 @@ id: CVE-2023-51449 info: name: Gradio Hugging Face - Local File Inclusion author: nvn1729 - severity: medium + severity: high description: | Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works against Gradio < 3.33 reference: - https://www.horizon3.ai/attack-research/disclosures/exploiting-file-read-vulnerabilities-in-gradio-to-steal-secrets-from-hugging-face-spaces/ - https://github.com/gradio-app/gradio/security/advisories/GHSA-6qm2-wpxq-7qh2 - https://nvd.nist.gov/vuln/detail/CVE-2023-51449 - - https://github.com/J1ezds/Vulnerability-Wiki-page - - https://github.com/Threekiii/Awesome-POC classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L - cvss-score: 5.6 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 cve-id: CVE-2023-51449 cwe-id: CWE-22 - epss-score: 0.79445 - epss-percentile: 0.99014 + epss-score: 0.00064 + epss-percentile: 0.27836 cpe: cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:* metadata: verified: true - max-request: 4 - vendor: "gradio_project" + max-request: 2 + vendor: gradio_project product: gradio framework: python - shodan-query: - - http.html:"__gradio_mode__" - - http.title:"gradio" - fofa-query: - - body="__gradio_mode__" - - title="gradio" - google-query: intitle:"gradio" - tags: cve,lfi,gradio,unauth,intrusive,cve2023,python,gradio_project + shodan-query: html:"__gradio_mode__" + fofa-query: body="__gradio_mode__" + tags: cve,cve2024,lfi,gradio,unauth,intrusive + variables: str: '{{rand_base(8)}}' diff --git a/http/cves/2023/CVE-2023-51467.yaml b/http/cves/2023/CVE-2023-51467.yaml index f4d053dffec..1f9f90f2d4c 100644 --- a/http/cves/2023/CVE-2023-51467.yaml +++ b/http/cves/2023/CVE-2023-51467.yaml @@ -17,21 +17,21 @@ info: cvss-score: 9.8 cve-id: CVE-2023-51467 cwe-id: CWE-918 - epss-score: 0.93996 - epss-percentile: 0.99875 + epss-score: 0.58267 + epss-percentile: 0.97731 cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: apache product: ofbiz shodan-query: + - html:"OFBiz" - http.html:"ofbiz" - ofbiz.visitor= - - http.html:"apache ofbiz" fofa-query: - - app="apache_ofbiz" + - app="Apache_OFBiz" - body="ofbiz" - - body="apache ofbiz" + - app="apache_ofbiz" tags: cve2023,cve,apache,ofbiz,rce http: diff --git a/http/cves/2023/CVE-2023-52085.yaml b/http/cves/2023/CVE-2023-52085.yaml index 3613a1197e3..13b5002255d 100644 --- a/http/cves/2023/CVE-2023-52085.yaml +++ b/http/cves/2023/CVE-2023-52085.yaml @@ -3,26 +3,30 @@ id: CVE-2023-52085 info: name: Winter CMS Local File Inclusion - (LFI) author: sanineng - severity: low + severity: medium description: | Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. This issue has been patched in v1.2.4. reference: - https://github.com/wintercms/winter/security/advisories/GHSA-2x7r-93ww-cxrq - https://nvd.nist.gov/vuln/detail/CVE-2023-52085 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N - cvss-score: 3.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N + cvss-score: 5.4 cve-id: CVE-2023-52085 cwe-id: CWE-22 - epss-score: 0.44908 - epss-percentile: 0.97413 + epss-score: 0.00256 + epss-percentile: 0.65415 cpe: cpe:2.3:a:wintercms:winter:*:*:*:*:*:*:*:* metadata: max-request: 4 vendor: wintercms product: winter - shodan-query: http.title:"winter cms" - fofa-query: title="winter cms" + shodan-query: + - "title:\"Winter CMS\"" + - http.title:"winter cms" + fofa-query: + - "title=\"Winter CMS\"" + - title="winter cms" google-query: intitle:"winter cms" tags: cve,cve2023,authenticated,lfi,wintercms diff --git a/http/cves/2023/CVE-2023-5222.yaml b/http/cves/2023/CVE-2023-5222.yaml index 1454c1d7b80..dd11e39c850 100644 --- a/http/cves/2023/CVE-2023-5222.yaml +++ b/http/cves/2023/CVE-2023-5222.yaml @@ -3,7 +3,7 @@ id: CVE-2023-5222 info: name: Viessmann Vitogate 300 - Hardcoded Password author: ritikchaddha - severity: medium + severity: critical description: | A critical vulnerability in Viessmann Vitogate 300 up to 2.1.3.0 allows attackers to authenticate using hardcoded credentials in the Web Management Interface. impact: | @@ -14,23 +14,21 @@ info: - https://vuldb.com/?ctiid.240364 - https://vuldb.com/?id.240364 - https://nvd.nist.gov/vuln/detail/CVE-2023-5222 - - https://github.com/20142995/nuclei-templates classification: - cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L - cvss-score: 6.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2023-5222 cwe-id: CWE-259 - epss-score: 0.90661 - epss-percentile: 0.99587 + epss-score: 0.00164 + epss-percentile: 0.52433 cpe: cpe:2.3:o:viessmann:vitogate_300_firmware:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 + shodan-query: title:"Vitogate 300" + fofa-query: title="Vitogate 300" vendor: viessmann product: vitogate_300_firmware - shodan-query: http.title:"vitogate 300" - fofa-query: title="vitogate 300" - google-query: intitle:"vitogate 300" tags: cve,cve2023,viessmann,vitogate,default-login http: diff --git a/http/cves/2023/CVE-2023-52251.yaml b/http/cves/2023/CVE-2023-52251.yaml index e96f814f806..71520005539 100644 --- a/http/cves/2023/CVE-2023-52251.yaml +++ b/http/cves/2023/CVE-2023-52251.yaml @@ -25,8 +25,7 @@ info: product: ui framework: kafka fofa-query: icon_hash="-1477045616" - shodan-query: http.favicon.hash:"-1477045616" - tags: cve,cve2023,rce,kafka,kafka-ui,packetstorm,provectus + tags: cve,cve2023,rce,kafka,kafka-ui,packetstorm http: - raw: diff --git a/http/cves/2023/CVE-2023-5244.yaml b/http/cves/2023/CVE-2023-5244.yaml index f1883280de2..2e64ab50141 100644 --- a/http/cves/2023/CVE-2023-5244.yaml +++ b/http/cves/2023/CVE-2023-5244.yaml @@ -17,8 +17,8 @@ info: cvss-score: 6.1 cve-id: CVE-2023-5244 cwe-id: CWE-79 - epss-score: 0.25862 - epss-percentile: 0.95952 + epss-score: 0.00176 + epss-percentile: 0.54692 cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* metadata: verified: true @@ -26,7 +26,7 @@ info: vendor: microweber product: microweber shodan-query: - - http.favicon.hash:"780351152" + - http.favicon.hash:780351152 - http.html:"microweber" fofa-query: - body="microweber" diff --git a/http/cves/2023/CVE-2023-5360.yaml b/http/cves/2023/CVE-2023-5360.yaml index cab11c02a7e..f99904ab19c 100644 --- a/http/cves/2023/CVE-2023-5360.yaml +++ b/http/cves/2023/CVE-2023-5360.yaml @@ -27,7 +27,7 @@ info: vendor: royal-elementor-addons product: royal_elementor_addons framework: wordpress - shodan-query: http.html:"/plugins/royal-elementor-addons/" + shodan-query: http.html:/plugins/royal-elementor-addons/ fofa-query: body=/plugins/royal-elementor-addons/ publicwww-query: "/plugins/royal-elementor-addons/" tags: wpscan,packetstorm,cve,cve2023,rce,wordpress,wp-plugin,wp,royal-elementor-addons,unauth,intrusive diff --git a/http/cves/2023/CVE-2023-5375.yaml b/http/cves/2023/CVE-2023-5375.yaml index 74fd07c9ea4..182578e3423 100644 --- a/http/cves/2023/CVE-2023-5375.yaml +++ b/http/cves/2023/CVE-2023-5375.yaml @@ -17,17 +17,14 @@ info: cvss-score: 6.1 cve-id: CVE-2023-5375 cwe-id: CWE-601 - epss-score: 0.2932 - epss-percentile: 0.96324 + epss-score: 0.00092 + epss-percentile: 0.39191 cpe: cpe:2.3:a:mosparo:mosparo:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: mosparo product: mosparo - shodan-query: http.title:"setup - mosparo" - fofa-query: title="setup - mosparo" - google-query: intitle:"setup - mosparo" tags: cve2023,cve,huntr,mosparo,redirect http: diff --git a/http/cves/2023/CVE-2023-5556.yaml b/http/cves/2023/CVE-2023-5556.yaml index b2b8135d312..1f995bf7c18 100644 --- a/http/cves/2023/CVE-2023-5556.yaml +++ b/http/cves/2023/CVE-2023-5556.yaml @@ -17,14 +17,14 @@ info: cvss-score: 6.1 cve-id: CVE-2023-5556 cwe-id: CWE-79 - epss-score: 0.17648 - epss-percentile: 0.94737 + epss-score: 0.00064 + epss-percentile: 0.27592 cpe: cpe:2.3:a:structurizr:on-premises_installation:*:*:*:*:*:*:*:* metadata: max-request: 5 vendor: structurizr product: on-premises_installation - shodan-query: http.favicon.hash:"1199592666" + shodan-query: http.favicon.hash:1199592666 fofa-query: icon_hash=1199592666 tags: cve,cve2023,xss,structurizr,oos,authenticated variables: diff --git a/http/cves/2023/CVE-2023-5558.yaml b/http/cves/2023/CVE-2023-5558.yaml index 413e3f9f409..81a552b4351 100644 --- a/http/cves/2023/CVE-2023-5558.yaml +++ b/http/cves/2023/CVE-2023-5558.yaml @@ -13,28 +13,21 @@ info: reference: - https://wpscan.com/vulnerability/4efd2a4d-89bd-472f-ba5a-f9944fd4dd16/ - https://nvd.nist.gov/vuln/detail/CVE-2023-5558 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-5558 cwe-id: CWE-79 - epss-score: 0.0303 - epss-percentile: 0.85975 + epss-score: 0.00046 + epss-percentile: 0.15636 cpe: cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:wordpress:*:* metadata: - max-request: 9 + max-request: 6 vendor: thimpress product: learnpress framework: wordpress - publicwww-query: /wp-content/plugins/learnpress - shodan-query: - - http.html:"/wp-content/plugins/learnpress" - - http.html:"wp-content/plugins/learnpress" - fofa-query: - - body="/wp-content/plugins/learnpress" - - body="wp-content/plugins/learnpress" - tags: wpscan,cve,cve2023,wp,wp-plugin,wordpress,learnpress,xss,authenticated,thimpress + tags: cve,cve2023,wp,wp-plugin,wordpress,learnpress,xss,authenticated + flow: http(1) && http(2) http: diff --git a/http/cves/2023/CVE-2023-5561.yaml b/http/cves/2023/CVE-2023-5561.yaml index 92e76d09009..86c2adece42 100644 --- a/http/cves/2023/CVE-2023-5561.yaml +++ b/http/cves/2023/CVE-2023-5561.yaml @@ -12,28 +12,26 @@ info: - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-core/wordpress-core-470-631-sensitive-information-exposure-via-user-search-rest-endpoint?asset_slug=wordpress - https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441/ - https://nvd.nist.gov/vuln/detail/CVE-2023-5561 - - https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html - - https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2023-5561 cwe-id: CWE-200 - epss-score: 0.70577 - epss-percentile: 0.98585 + epss-score: 0.00072 + epss-percentile: 0.32109 cpe: cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 3 + max-request: 2 vendor: wordpress product: wordpress framework: wordpress shodan-query: - - '[cpe:"cpe:2.3:a:wordpress:wordpress" http.component:"wordpress"]' - cpe:"cpe:2.3:a:wordpress:wordpress" - http.component:"wordpress" fofa-query: body="oembed" && body="wp-" tags: cve,cve2023,wpscan,disclosure,wp,wordpress,email,exposure + flow: http(1) && http(2) http: diff --git a/http/cves/2023/CVE-2023-5830.yaml b/http/cves/2023/CVE-2023-5830.yaml index 03aaf6b9a43..f1cfd3dcbc6 100644 --- a/http/cves/2023/CVE-2023-5830.yaml +++ b/http/cves/2023/CVE-2023-5830.yaml @@ -3,7 +3,7 @@ id: CVE-2023-5830 info: name: ColumbiaSoft DocumentLocator - Improper Authentication author: Gonski - severity: high + severity: critical description: | Instances of ColumbiaSoft's Document Locator prior to version 7.2 SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF vulnerability. This template identifies vulnerable instances of the ColumbiaSoft Document Locater application by confirming external DNS interaction/lookups by modifying the value of the client-side SERVER parameter at /api/authentication/login. impact: | @@ -16,18 +16,20 @@ info: - https://github.com/advisories/GHSA-j89v-wm7x-4434 - https://vuldb.com/?id.243729 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L - cvss-score: 7.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2023-5830 cwe-id: CWE-287 - epss-score: 0.8712 - epss-percentile: 0.99391 + epss-score: 0.00427 + epss-percentile: 0.74333 cpe: cpe:2.3:a:documentlocator:document_locator:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: documentlocator product: document_locator - shodan-query: http.title:"document locator - webtools" + shodan-query: + - 'title:"Document Locator - WebTools"' + - http.title:"document locator - webtools" fofa-query: title="document locator - webtools" google-query: intitle:"document locator - webtools" tags: cve,cve2023,ssrf,unauth,columbiasoft,intrusive,webtools,documentlocator diff --git a/http/cves/2023/CVE-2023-5863.yaml b/http/cves/2023/CVE-2023-5863.yaml index 4144353f73b..e3220a39cc7 100644 --- a/http/cves/2023/CVE-2023-5863.yaml +++ b/http/cves/2023/CVE-2023-5863.yaml @@ -9,24 +9,16 @@ info: reference: - https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f - https://nvd.nist.gov/vuln/detail/CVE-2023-5863 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-5863 cwe-id: CWE-79 - epss-score: 0.08501 - epss-percentile: 0.91895 - cpe: cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 - vendor: phpmyfaq - product: phpmyfaq shodan-query: http.html:"phpmyfaq" - fofa-query: - - body="phpmyfaq" - - phpmyfaq-setup + product: phpMyFAQ tags: cve2023,cve,huntr,phpmyfaq,xss http: diff --git a/http/cves/2023/CVE-2023-5914.yaml b/http/cves/2023/CVE-2023-5914.yaml index 2c28baa98d3..a5681e365a9 100644 --- a/http/cves/2023/CVE-2023-5914.yaml +++ b/http/cves/2023/CVE-2023-5914.yaml @@ -11,20 +11,21 @@ info: - https://support.citrix.com/article/CTX583759/citrix-storefront-security-bulletin-for-cve20235914 - https://www.youtube.com/watch?v=t8MeUQrPqec - https://nvd.nist.gov/vuln/detail/CVE-2023-5914 - - https://github.com/ARPSyndicate/cve-scores classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N - cvss-score: 5.4 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 cve-id: CVE-2023-5914 cwe-id: CWE-79 - epss-score: 0.75836 - epss-percentile: 0.98832 + epss-score: 0.00095 + epss-percentile: 0.39942 cpe: cpe:2.3:a:cloud:citrix_storefront:*:*:*:*:ltsr:*:*:* metadata: max-request: 1 vendor: cloud product: citrix_storefront - shodan-query: http.html:"/citrix/storeweb" + shodan-query: + - html:"/Citrix/StoreWeb" + - http.html:"/citrix/storeweb" fofa-query: body="/citrix/storeweb" tags: cve,xss,citrix,storefront,cve2023,cloud diff --git a/http/cves/2023/CVE-2023-5974.yaml b/http/cves/2023/CVE-2023-5974.yaml index 13f48b910b0..6166bdf65f0 100644 --- a/http/cves/2023/CVE-2023-5974.yaml +++ b/http/cves/2023/CVE-2023-5974.yaml @@ -9,23 +9,19 @@ info: reference: - https://wpscan.com/vulnerability/c0136057-f420-4fe7-a147-ecbec7e7a9b5 - https://nvd.nist.gov/vuln/detail/CVE-2023-5974 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-5974 cwe-id: CWE-918 - epss-score: 0.8078 - epss-percentile: 0.99082 cpe: cpe:2.3:a:wpb_show_core_project:wpb_show_core:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 - vendor: wpb_show_core_project - product: wpb_show_core - framework: wordpress + vendor: wpb-show-core-project + product: wpb-show-core fofa-query: body="wp-content/plugins/wpb-show-core/" - google-query: inurl:wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php - tags: wpscan,cve,cve2023,wp,wordpress,wp-plugin,ssrf,wpb-show-core,oast,wpb-show-core-project + tags: cve,cve2023,wp,wordpress,wp-plugin,ssrf,wpb-show-core,oast + flow: http(1) && http(2) http: diff --git a/http/cves/2023/CVE-2023-5991.yaml b/http/cves/2023/CVE-2023-5991.yaml index c7083a5e6b1..07044ee054b 100644 --- a/http/cves/2023/CVE-2023-5991.yaml +++ b/http/cves/2023/CVE-2023-5991.yaml @@ -24,7 +24,7 @@ info: vendor: motopress product: hotel_booking_lite framework: wordpress - shodan-query: http.html:"/wp-content/plugins/motopress-hotel-booking" + shodan-query: http.html:/wp-content/plugins/motopress-hotel-booking fofa-query: body=/wp-content/plugins/motopress-hotel-booking publicwww-query: "/wp-content/plugins/motopress-hotel-booking" tags: cve,cve2023,lfi,motopress-hotel-booking,wordpress,wp-plugin,wpscan,wp,motopress diff --git a/http/cves/2023/CVE-2023-6018.yaml b/http/cves/2023/CVE-2023-6018.yaml index 14e065c280a..e77980595c7 100644 --- a/http/cves/2023/CVE-2023-6018.yaml +++ b/http/cves/2023/CVE-2023-6018.yaml @@ -9,15 +9,13 @@ info: reference: - https://huntr.com/bounties/7cf918b5-43f4-48c0-a371-4d963ce69b30/ - https://nvd.nist.gov/vuln/detail/CVE-2023-6018 - - https://github.com/google/tsunami-security-scanner-plugins - - https://github.com/jmdunne28/offsec classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-6018 cwe-id: CWE-78 - epss-score: 0.905 - epss-percentile: 0.99576 + epss-score: 0.86232 + epss-percentile: 0.98574 cpe: cpe:2.3:a:lfprojects:mlflow:-:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-6020.yaml b/http/cves/2023/CVE-2023-6020.yaml index 7bb06a7f58b..224eece7dc4 100644 --- a/http/cves/2023/CVE-2023-6020.yaml +++ b/http/cves/2023/CVE-2023-6020.yaml @@ -9,14 +9,13 @@ info: reference: - https://huntr.com/bounties/83dd8619-6dc3-4c98-8f1b-e620fedcd1f6/ - https://nvd.nist.gov/vuln/detail/CVE-2023-6020 - - https://github.com/nomi-sec/PoC-in-GitHub classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2023-6020 cwe-id: CWE-862 - epss-score: 0.83456 - epss-percentile: 0.99208 + epss-score: 0.06351 + epss-percentile: 0.93636 cpe: cpe:2.3:a:ray_project:ray:-:*:*:*:*:*:*:* metadata: verified: true @@ -24,14 +23,11 @@ info: vendor: ray_project product: ray shodan-query: - - http.favicon.hash:"463802404" + - http.favicon.hash:463802404 - http.html:"ray dashboard" - - http.title:"ray dashboard" fofa-query: - body="ray dashboard" - icon_hash=463802404 - - title="ray dashboard" - google-query: intitle:"ray dashboard" tags: cve2023,cve,lfi,ray,oos,ray_project http: diff --git a/http/cves/2023/CVE-2023-6021.yaml b/http/cves/2023/CVE-2023-6021.yaml index 49758ffd44e..f5026fc9629 100644 --- a/http/cves/2023/CVE-2023-6021.yaml +++ b/http/cves/2023/CVE-2023-6021.yaml @@ -9,14 +9,13 @@ info: reference: - https://huntr.com/bounties/5039c045-f986-4cbc-81ac-370fe4b0d3f8/ - https://nvd.nist.gov/vuln/detail/CVE-2023-6021 - - https://github.com/nomi-sec/PoC-in-GitHub classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2023-6021 - cwe-id: CWE-29,CWE-22 - epss-score: 0.87127 - epss-percentile: 0.99392 + cwe-id: CWE-22,CWE-29 + epss-score: 0.0038 + epss-percentile: 0.72895 cpe: cpe:2.3:a:ray_project:ray:-:*:*:*:*:*:*:* metadata: verified: true @@ -24,14 +23,12 @@ info: vendor: ray_project product: ray shodan-query: + - html:"Ray Dashboard" + - http.favicon.hash:463802404 - http.html:"ray dashboard" - - http.favicon.hash:"463802404" - - http.title:"ray dashboard" fofa-query: - body="ray dashboard" - icon_hash=463802404 - - title="ray dashboard" - google-query: intitle:"ray dashboard" tags: cve,cve2023,lfi,ray,oos,ray_project http: diff --git a/http/cves/2023/CVE-2023-6023.yaml b/http/cves/2023/CVE-2023-6023.yaml index 251e5d404e5..265fbe00adb 100644 --- a/http/cves/2023/CVE-2023-6023.yaml +++ b/http/cves/2023/CVE-2023-6023.yaml @@ -16,9 +16,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2023-6023 - cwe-id: CWE-29,CWE-22 - epss-score: 0.54379 - epss-percentile: 0.97856 + cwe-id: CWE-22,CWE-29 + epss-score: 0.003 + epss-percentile: 0.69472 cpe: cpe:2.3:a:vertaai:modeldb:-:*:*:*:*:*:*:* metadata: verified: true @@ -26,15 +26,13 @@ info: vendor: vertaai product: modeldb shodan-query: - - http.favicon.hash:"-2097033750" + - http.favicon.hash:-2097033750 - http.title:"verta ai" fofa-query: - icon_hash=-2097033750 - title="verta ai" google-query: intitle:"verta ai" - zoomeye-query: - - title="verta ai" - - title:"verta ai" + zoomeye-query: title="Verta AI" tags: cve,cve2023,lfi,modeldb,vertaai http: diff --git a/http/cves/2023/CVE-2023-6038.yaml b/http/cves/2023/CVE-2023-6038.yaml index c57d084c2f2..ee33a903670 100644 --- a/http/cves/2023/CVE-2023-6038.yaml +++ b/http/cves/2023/CVE-2023-6038.yaml @@ -15,15 +15,17 @@ info: cvss-score: 7.5 cve-id: CVE-2023-6038 cwe-id: CWE-862 - epss-score: 0.57447 - epss-percentile: 0.98001 + epss-score: 0.06351 + epss-percentile: 0.93636 cpe: cpe:2.3:a:h2o:h2o:-:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: h2o product: h2o - shodan-query: http.title:"h2o flow" + shodan-query: + - title:"H2O Flow" + - http.title:"h2o flow" fofa-query: title="h2o flow" google-query: intitle:"h2o flow" tags: cve,cve2023,h2o-3,h2o,ml diff --git a/http/cves/2023/CVE-2023-6063.yaml b/http/cves/2023/CVE-2023-6063.yaml index eb2493878c5..ebd77370a4f 100644 --- a/http/cves/2023/CVE-2023-6063.yaml +++ b/http/cves/2023/CVE-2023-6063.yaml @@ -18,15 +18,15 @@ info: cvss-score: 7.5 cve-id: CVE-2023-6063 cwe-id: CWE-89 - epss-score: 0.91859 - epss-percentile: 0.99666 + epss-score: 0.02974 + epss-percentile: 0.90865 cpe: cpe:2.3:a:wpfastestcache:wp_fastest_cache:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 vendor: wpfastestcache product: "wp_fastest_cache" framework: wordpress - shodan-query: http.html:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: "http.html:/wp-content/plugins/wp-fastest-cache/" fofa-query: "body=/wp-content/plugins/wp-fastest-cache/" publicwww-query: "/wp-content/plugins/wp-fastest-cache/" tags: time-based-sqli,cve,cve2023,wp-fastest-cache,wpscan,wordpress,wp-plugin,sqli,wpfastestcache diff --git a/http/cves/2023/CVE-2023-6114.yaml b/http/cves/2023/CVE-2023-6114.yaml index 93b783736a5..3079812f7c9 100644 --- a/http/cves/2023/CVE-2023-6114.yaml +++ b/http/cves/2023/CVE-2023-6114.yaml @@ -12,14 +12,13 @@ info: - https://wpscan.com/vulnerability/5c5d41b9-1463-4a9b-862f-e9ee600ef8e1 - https://nvd.nist.gov/vuln/detail/CVE-2023-6114 - https://wpscan.com/plugin/duplicator/ - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2023-6114 cwe-id: CWE-552 - epss-score: 0.66155 - epss-percentile: 0.98397 + epss-score: 0.01646 + epss-percentile: 0.87553 cpe: cpe:2.3:a:awesomemotive:duplicator:*:*:*:*:-:wordpress:*:* metadata: max-request: 2 diff --git a/http/cves/2023/CVE-2023-6275.yaml b/http/cves/2023/CVE-2023-6275.yaml index 509761edc7d..7723d78e4c0 100644 --- a/http/cves/2023/CVE-2023-6275.yaml +++ b/http/cves/2023/CVE-2023-6275.yaml @@ -23,8 +23,8 @@ info: max-request: 2 vendor: totvs product: fluig - fofa-query: app="totvs-fluig" - tags: cve,cve2023,xss,fluig,totvs + fofa-query: app="TOTVS-Fluig" + tags: cve,cve2023,xss,fluig http: - method: GET diff --git a/http/cves/2023/CVE-2023-6329.yaml b/http/cves/2023/CVE-2023-6329.yaml index 312ed27536f..956104132b3 100644 --- a/http/cves/2023/CVE-2023-6329.yaml +++ b/http/cves/2023/CVE-2023-6329.yaml @@ -20,12 +20,12 @@ info: cpe: cpe:2.3:a:controlid:idsecure:4.7.32.0:*:*:*:*:*:*:* metadata: verified: true - max-request: 4 + max-request: 3 vendor: controlid product: idsecure - fofa-query: body="idsecure" - shodan-query: http.html:"idsecure" - tags: cve,cve2023,auth-bypass,idsecure,control-id,intrusive,controlid + fofa-query: body="iDSecure" + tags: cve,cve2023,auth-bypass,idsecure,control-id,intrusive + variables: username: "{{rand_base(8)}}" password: "{{randstr}}" diff --git a/http/cves/2023/CVE-2023-6360.yaml b/http/cves/2023/CVE-2023-6360.yaml index 0d0e7f46e07..2d421b8407f 100644 --- a/http/cves/2023/CVE-2023-6360.yaml +++ b/http/cves/2023/CVE-2023-6360.yaml @@ -3,7 +3,7 @@ id: CVE-2023-6360 info: name: WordPress My Calendar <3.4.22 - SQL Injection author: xxcdd - severity: high + severity: critical description: | WordPress My Calendar plugin versions before 3.4.22 are vulnerable to an unauthenticated SQL injection within the 'from' and 'to' parameters of the '/my-calendar/v1/events' REST route. impact: | @@ -16,12 +16,12 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2023-6360 - https://github.com/JoshuaMart/JoshuaMart classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2023-6360 cwe-id: CWE-89 - epss-score: 0.84645 - epss-percentile: 0.99264 + epss-score: 0.00832 + epss-percentile: 0.81991 cpe: cpe:2.3:a:joedolson:my_calendar:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -31,6 +31,7 @@ info: framework: wordpress fofa-query: '"wordpress" && body="wp-content/plugins/my-calendar"' tags: cve,cve2023,sqli,wp,wordpress,wpscan,wp-plugin,my-calendar,joedolson + flow: http(1) && http(2) http: diff --git a/http/cves/2023/CVE-2023-6379.yaml b/http/cves/2023/CVE-2023-6379.yaml index 871c90d3133..322d6209067 100644 --- a/http/cves/2023/CVE-2023-6379.yaml +++ b/http/cves/2023/CVE-2023-6379.yaml @@ -28,12 +28,11 @@ info: vendor: alkacon product: opencms shodan-query: + - title:"opencms" - http.title:"opencms" - cpe:"cpe:2.3:a:alkacon:opencms" - /opencms/ - fofa-query: - - title="opencms" - - opencms-9.5.3 + fofa-query: title="opencms" google-query: intitle:"opencms" tags: cve2023,cve,opencms,xss,alkacon diff --git a/http/cves/2023/CVE-2023-6380.yaml b/http/cves/2023/CVE-2023-6380.yaml index db97fd11b7e..b2b282ea73f 100644 --- a/http/cves/2023/CVE-2023-6380.yaml +++ b/http/cves/2023/CVE-2023-6380.yaml @@ -27,9 +27,7 @@ info: - "/opencms/" - http.title:"opencms" - cpe:"cpe:2.3:a:alkacon:opencms" - fofa-query: - - title="opencms" - - opencms-9.5.3 + fofa-query: title="opencms" google-query: intitle:"opencms" tags: cve,cve2023,redirect,opencms,alkacon diff --git a/http/cves/2023/CVE-2023-6389.yaml b/http/cves/2023/CVE-2023-6389.yaml index 4d45980e9d2..1192735d50d 100644 --- a/http/cves/2023/CVE-2023-6389.yaml +++ b/http/cves/2023/CVE-2023-6389.yaml @@ -9,21 +9,20 @@ info: reference: - https://wpscan.com/vulnerability/04dafc55-3a8d-4dd2-96da-7a8b100e5a81/ - https://nvd.nist.gov/vuln/detail/CVE-2023-6389 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-6389 cwe-id: CWE-601 - epss-score: 0.09957 - epss-percentile: 0.92612 + epss-score: 0.00097 + epss-percentile: 0.40297 cpe: cpe:2.3:a:abhinavsingh:wordpress_toolbar:*:*:*:*:*:*:wordpress:* metadata: verified: true max-request: 1 vendor: abhinavsingh product: wordpress_toolbar - shodan-query: http.html:"/wp-content/plugins/wordpress-toolbar/" + shodan-query: http.html:/wp-content/plugins/wordpress-toolbar/ fofa-query: body=/wp-content/plugins/wordpress-toolbar/ publicwww-query: "/wp-content/plugins/wordpress-toolbar/" tags: wpscan,cve,cve2023,wordpress,wp-plugin,wordpress-toolbar,wp,redirect,abhinavsingh diff --git a/http/cves/2023/CVE-2023-6421.yaml b/http/cves/2023/CVE-2023-6421.yaml index df65e0f0ea5..028c3d6a9a2 100644 --- a/http/cves/2023/CVE-2023-6421.yaml +++ b/http/cves/2023/CVE-2023-6421.yaml @@ -18,10 +18,10 @@ info: metadata: verified: true max-request: 1 - shodan-query: html:"wp-content/plugins/download-manager/" fofa-query: body="wp-content/plugins/download-manager/" google-query: inurl:"/wp-content/plugins/download-manager/" - tags: wpscan,cve,cve2023,wp,wordpress,wp-plugin,exposure,download-manager + shodan-query: html:"wp-content/plugins/download-manager/" + tags: cve,cve2023,wp,wordpress,wp-plugin,exposure,download-manager http: - raw: diff --git a/http/cves/2023/CVE-2023-6444.yaml b/http/cves/2023/CVE-2023-6444.yaml index 28a04655588..7773c130eaf 100644 --- a/http/cves/2023/CVE-2023-6444.yaml +++ b/http/cves/2023/CVE-2023-6444.yaml @@ -25,9 +25,8 @@ info: product: seriously-simple-podcasting framework: wordpress publicwww-query: "/wp-content/plugins/seriously-simple-podcasting/" - shodan-query: http.html:"/wp-content/plugins/seriously-simple-podcasting/" - fofa-query: body=/wp-content/plugins/seriously-simple-podcasting/ - tags: wpscan,cve,cve2023,wordpress,wp-plugin,exposure,wp,seriously-simple-podcasting,castos + tags: cve,cve2023,wordpress,wp-plugin,exposure,wp,seriously-simple-podcasting + flow: http(1) && http(2) http: diff --git a/http/cves/2023/CVE-2023-6505.yaml b/http/cves/2023/CVE-2023-6505.yaml index 34e113e444d..23b4e8084fa 100644 --- a/http/cves/2023/CVE-2023-6505.yaml +++ b/http/cves/2023/CVE-2023-6505.yaml @@ -25,8 +25,7 @@ info: product: prime_mover framework: wordpress fofa-query: body="/wp-content/plugins/prime-mover" - shodan-query: http.html:"/wp-content/plugins/prime-mover" - tags: wpscan,cve,cve2023,wp,wp-plugin,wordpress,exposure,prime-mover,listing,codexonics + tags: cve,cve2023,wp,wp-plugin,wordpress,exposure,prime-mover,listing http: - method: GET diff --git a/http/cves/2023/CVE-2023-6553.yaml b/http/cves/2023/CVE-2023-6553.yaml index 32b28144975..ad7520d1d51 100644 --- a/http/cves/2023/CVE-2023-6553.yaml +++ b/http/cves/2023/CVE-2023-6553.yaml @@ -16,15 +16,15 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-6553 - epss-score: 0.93076 - epss-percentile: 0.99773 + epss-score: 0.91621 + epss-percentile: 0.98837 cpe: cpe:2.3:a:backupbliss:backup_migration:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 vendor: backupbliss product: backup_migration framework: wordpress - shodan-query: http.html:"/wp-content/plugins/backup-backup/" + shodan-query: http.html:/wp-content/plugins/backup-backup/ fofa-query: body=/wp-content/plugins/backup-backup/ publicwww-query: /wp-content/plugins/backup-backup/ google-query: inurl:"/wp-content/plugins/backup-backup/" diff --git a/http/cves/2023/CVE-2023-6567.yaml b/http/cves/2023/CVE-2023-6567.yaml index ddaec4e1dcc..6a0697301fd 100644 --- a/http/cves/2023/CVE-2023-6567.yaml +++ b/http/cves/2023/CVE-2023-6567.yaml @@ -27,13 +27,8 @@ info: vendor: thimpress product: learnpress framework: wordpress - shodan-query: - - http.html:"/wp-content/plugins/learnpress" - - http.html:"wp-content/plugins/learnpress" - fofa-query: - - body=/wp-content/plugins/learnpress - - body="/wp-content/plugins/learnpress" - - body="wp-content/plugins/learnpress" + shodan-query: http.html:/wp-content/plugins/learnpress + fofa-query: body=/wp-content/plugins/learnpress publicwww-query: "/wp-content/plugins/learnpress" tags: time-based-sqli,wpscan,cve,cve2023,wp,wp-plugin,wordpress,learnpress,sqli,thimpress diff --git a/http/cves/2023/CVE-2023-6568.yaml b/http/cves/2023/CVE-2023-6568.yaml index 2efac0dccc3..16d366db0de 100644 --- a/http/cves/2023/CVE-2023-6568.yaml +++ b/http/cves/2023/CVE-2023-6568.yaml @@ -14,27 +14,22 @@ info: reference: - https://huntr.com/bounties/816bdaaa-8153-4732-951e-b0d92fddf709 - https://nvd.nist.gov/vuln/detail/CVE-2023-6568 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection - - https://github.com/fkie-cad/nvd-json-data-feeds classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-6568 cwe-id: CWE-79 - epss-score: 0.19937 - epss-percentile: 0.95143 + epss-score: 0.00046 + epss-percentile: 0.15636 cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: lfprojects product: mlflow shodan-query: http.title:"mlflow" - fofa-query: - - app="mlflow" - - title="mlflow" + fofa-query: app="MLflow" google-query: intitle:"mlflow" - tags: cve,cve2023,mlflow,xss,lfprojects + tags: cve,cve2023,mlflow,xss http: - raw: diff --git a/http/cves/2023/CVE-2023-6623.yaml b/http/cves/2023/CVE-2023-6623.yaml index 559b6ee7dca..ca23e324893 100644 --- a/http/cves/2023/CVE-2023-6623.yaml +++ b/http/cves/2023/CVE-2023-6623.yaml @@ -14,14 +14,13 @@ info: - https://wpscan.com/blog/file-inclusion-vulnerability-fixed-in-essential-blocks-4-4-3/ - https://flysec-blog.blogspot.com/2024/01/cve-2023-6623-file-inclusion.html - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6623 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-6623 cwe-id: CWE-22 - epss-score: 0.89339 - epss-percentile: 0.99505 + epss-score: 0.07821 + epss-percentile: 0.94063 cpe: cpe:2.3:a:wpdeveloper:essential_blocks:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -29,7 +28,7 @@ info: vendor: wpdeveloper product: essential_blocks framework: wordpress - shodan-query: http.html:"/wp-content/plugins/essential-blocks/" + shodan-query: http.html:/wp-content/plugins/essential-blocks/ fofa-query: body=/wp-content/plugins/essential-blocks/ publicwww-query: "/wp-content/plugins/essential-blocks/" tags: wpscan,cve,cve2023,wp,wp-plugin,wordpress,essential-blocks,lfi,wpdeveloper diff --git a/http/cves/2023/CVE-2023-6634.yaml b/http/cves/2023/CVE-2023-6634.yaml index c3f657f0c96..e13ed14aacd 100644 --- a/http/cves/2023/CVE-2023-6634.yaml +++ b/http/cves/2023/CVE-2023-6634.yaml @@ -27,13 +27,8 @@ info: vendor: thimpress product: learnpress framework: wordpress - shodan-query: - - http.html:"/wp-content/plugins/learnpress" - - http.html:"wp-content/plugins/learnpress" - fofa-query: - - body=/wp-content/plugins/learnpress - - body="/wp-content/plugins/learnpress" - - body="wp-content/plugins/learnpress" + shodan-query: http.html:/wp-content/plugins/learnpress + fofa-query: body=/wp-content/plugins/learnpress publicwww-query: "/wp-content/plugins/learnpress" tags: wpscan,cve,cve2023,wordpress,wp,wp-plugin,learnpress,rce,intrusive,thimpress variables: diff --git a/http/cves/2023/CVE-2023-6697.yaml b/http/cves/2023/CVE-2023-6697.yaml index 898010f6aeb..57f2d7e929f 100644 --- a/http/cves/2023/CVE-2023-6697.yaml +++ b/http/cves/2023/CVE-2023-6697.yaml @@ -9,26 +9,19 @@ info: reference: - https://wpscan.com/vulnerability/ffcebd9d-82fe-4a30-8ad6-cf6c03753d4c/ - https://nvd.nist.gov/vuln/detail/CVE-2023-6697 - - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3c3115b-8921-429d-b517-b946edab1cd5?source=cve - - https://github.com/20142995/nuclei-templates - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-6697 cwe-id: CWE-79 - epss-score: 0.42086 - epss-percentile: 0.97256 cpe: cpe:2.3:a:wpgmaps:wp_go_maps:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 2 + fofa-query: body="/wp-content/plugins/wp-google-maps" vendor: wpgmaps product: wp_go_maps - framework: wordpress - fofa-query: body="/wp-content/plugins/wp-google-maps" - shodan-query: http.html:"/wp-content/plugins/wp-google-maps" - tags: wpscan,cve,cve2023,wp,wp-plugin,wordpress,xss,wp-go-maps,authenticated,wpgmaps + tags: cve,cve2023,wp,wp-plugin,wordpress,xss,wp-go-maps,authenticated http: - raw: diff --git a/http/cves/2023/CVE-2023-6786.yaml b/http/cves/2023/CVE-2023-6786.yaml index 6d4b843fb5a..d47fb5055cb 100644 --- a/http/cves/2023/CVE-2023-6786.yaml +++ b/http/cves/2023/CVE-2023-6786.yaml @@ -12,16 +12,12 @@ info: - https://wpscan.com/vulnerability/f3e64947-3138-4ec4-86c4-27b5d6a5c9c2/ - https://nvd.nist.gov/vuln/detail/CVE-2023-6786 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 cve-id: CVE-2023-6786 - epss-score: 0.02899 - epss-percentile: 0.8568 metadata: - verified: true max-request: 1 + verified: true publicwww-query: "/wp-content/plugins/payment-gateway-for-telcell" - tags: wpscan,cve,cve2023,wordpress,redirect,wp-plugin,wp,payment-gateway-for-telcell + tags: cve,cve2023,wordpress,redirect,wp-plugin,wp,payment-gateway-for-telcell http: - method: GET diff --git a/http/cves/2023/CVE-2023-6831.yaml b/http/cves/2023/CVE-2023-6831.yaml index b8c0e6f5b62..bf45a7d1369 100644 --- a/http/cves/2023/CVE-2023-6831.yaml +++ b/http/cves/2023/CVE-2023-6831.yaml @@ -16,9 +16,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H cvss-score: 8.1 cve-id: CVE-2023-6831 - cwe-id: CWE-29,CWE-22 - epss-score: 0.80382 - epss-percentile: 0.99061 + cwe-id: CWE-22,CWE-29 + epss-score: 0.00207 + epss-percentile: 0.58698 cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-6875.yaml b/http/cves/2023/CVE-2023-6875.yaml index 50bd5f68316..d639304bc08 100644 --- a/http/cves/2023/CVE-2023-6875.yaml +++ b/http/cves/2023/CVE-2023-6875.yaml @@ -18,8 +18,8 @@ info: cvss-score: 9.8 cve-id: CVE-2023-6875 cwe-id: CWE-862 - epss-score: 0.93819 - epss-percentile: 0.99852 + epss-score: 0.05153 + epss-percentile: 0.92961 cpe: cpe:2.3:a:wpexperts:post_smtp_mailer:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -27,7 +27,7 @@ info: vendor: wpexperts product: post_smtp_mailer framework: wordpress - shodan-query: http.html:"/wp-content/plugins/post-smtp" + shodan-query: http.html:/wp-content/plugins/post-smtp fofa-query: body=/wp-content/plugins/post-smtp publicwww-query: "/wp-content/plugins/post-smtp" tags: cve,cve2023,wp,wp-plugin,wordpress,smtp,mailer,auth-bypass,wpexperts diff --git a/http/cves/2023/CVE-2023-6977.yaml b/http/cves/2023/CVE-2023-6977.yaml index aeafe1e8a9d..9830daade50 100644 --- a/http/cves/2023/CVE-2023-6977.yaml +++ b/http/cves/2023/CVE-2023-6977.yaml @@ -13,16 +13,13 @@ info: reference: - https://huntr.com/bounties/fe53bf71-3687-4711-90df-c26172880aaf - https://nvd.nist.gov/vuln/detail/CVE-2023-6977 - - https://github.com/aboutyouprv1337/Nuclei - - https://github.com/dev-thefirewall/nuclei-test - - https://github.com/google/tsunami-security-scanner-plugins classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2023-6977 cwe-id: CWE-29 - epss-score: 0.84942 - epss-percentile: 0.9928 + epss-score: 0.00494 + epss-percentile: 0.76167 cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-6989.yaml b/http/cves/2023/CVE-2023-6989.yaml index 91e3908ff5e..a2ab8bfce08 100644 --- a/http/cves/2023/CVE-2023-6989.yaml +++ b/http/cves/2023/CVE-2023-6989.yaml @@ -10,14 +10,13 @@ info: - https://wpscan.com/vulnerability/a485aee7-39a0-418c-9699-9afc53e28f55/ - https://nvd.nist.gov/vuln/detail/CVE-2023-6989 - https://github.com/fkie-cad/nvd-json-data-feeds - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-6989 cwe-id: CWE-22 - epss-score: 0.62318 - epss-percentile: 0.98233 + epss-score: 0.11562 + epss-percentile: 0.95251 cpe: cpe:2.3:a:getshieldsecurity:shield_security:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -25,7 +24,7 @@ info: vendor: getshieldsecurity product: shield_security framework: wordpress - shodan-query: http.html:"/wp-content/plugins/wp-simple-firewall" + shodan-query: http.html:/wp-content/plugins/wp-simple-firewall fofa-query: body=/wp-content/plugins/wp-simple-firewall publicwww-query: "/wp-content/plugins/wp-simple-firewall" tags: wpscan,cve,cve2023,wp,wordpress,wp-plugin,lfi,shield-security,getshieldsecurity diff --git a/http/cves/2023/CVE-2023-7028.yaml b/http/cves/2023/CVE-2023-7028.yaml index b63822ca844..1662e4398d9 100644 --- a/http/cves/2023/CVE-2023-7028.yaml +++ b/http/cves/2023/CVE-2023-7028.yaml @@ -26,14 +26,10 @@ info: vendor: gitlab product: gitlab shodan-query: - - http.title:"gitlab" + - title:"Gitlab" - cpe:"cpe:2.3:a:gitlab:gitlab" - - http.html:"gitlab enterprise edition" - - http.html:"gitlab-ci.yml" - fofa-query: - - title="gitlab" - - body="gitlab enterprise edition" - - body="gitlab-ci.yml" + - http.title:"gitlab" + fofa-query: title="gitlab" google-query: intitle:"gitlab" tags: hackerone,cve,cve2023,gitlab,auth-bypass,intrusive,kev flow: http(1) && http(2) diff --git a/http/cves/2023/CVE-2023-7246.yaml b/http/cves/2023/CVE-2023-7246.yaml index f0e731e32d9..109635bde30 100644 --- a/http/cves/2023/CVE-2023-7246.yaml +++ b/http/cves/2023/CVE-2023-7246.yaml @@ -12,26 +12,18 @@ info: - https://wpscan.com/vulnerability/7413d5ec-10a7-4cb8-ac1c-4ef554751518/ - https://research.cleantalk.org/cve-2023-7246/ - https://nvd.nist.gov/vuln/detail/CVE-2023-7246 - - https://github.com/20142995/nuclei-templates - - https://github.com/NaInSec/CVE-LIST classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2023-7246 cwe-id: CWE-79 - epss-score: 0.01214 - epss-percentile: 0.78 - cpe: cpe:2.3:a:bowo:system_dashboard:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 2 - vendor: bowo - product: system_dashboard - framework: wordpress - shodan-query: html:"wp-content/plugins/system-dashboard/" fofa-query: body="wp-content/plugins/system-dashboard/" google-query: inurl:"/wp-content/plugins/system-dashboard/" - tags: wpscan,cve,cve2023,wp,wordpress,xss,wp-plugin,authenticated,system-dashboard + shodan-query: html:"wp-content/plugins/system-dashboard/" + tags: cve,cve2023,wp,wordpress,xss,wp-plugin,authenticated,system-dashboard http: - raw: diff --git a/http/cves/2024/CVE-2024-0012.yaml b/http/cves/2024/CVE-2024-0012.yaml index 7136f0f90fc..d448c393c0b 100644 --- a/http/cves/2024/CVE-2024-0012.yaml +++ b/http/cves/2024/CVE-2024-0012.yaml @@ -10,26 +10,24 @@ info: - https://security.paloaltonetworks.com/CVE-2024-0012 - https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/ - https://nvd.nist.gov/vuln/detail/CVE-2024-0012 - - https://github.com/k4nfr3/CVE-2024-9474 - - https://github.com/nomi-sec/PoC-in-GitHub classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-0012 cwe-id: CWE-306 - epss-score: 0.94327 - epss-percentile: 0.99939 + epss-score: 0.01216 + epss-percentile: 0.85843 cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: paloaltonetworks product: pan-os + fofa-query: icon_hash="-631559155" shodan-query: - cpe:"cpe:2.3:o:paloaltonetworks:pan-os" - http.favicon.hash:"-631559155" - fofa-query: icon_hash="-631559155" - tags: cve,cve2024,paloalto,globalprotect,kev,paloaltonetworks + tags: cve,cve2024,paloalto,globalprotect,kev http: - raw: diff --git a/http/cves/2024/CVE-2024-0195.yaml b/http/cves/2024/CVE-2024-0195.yaml index 10a2d77fbed..e0f0592b8ee 100644 --- a/http/cves/2024/CVE-2024-0195.yaml +++ b/http/cves/2024/CVE-2024-0195.yaml @@ -3,7 +3,7 @@ id: CVE-2024-0195 info: name: SpiderFlow Crawler Platform - Remote Code Execution author: pussycat0x - severity: medium + severity: critical description: | A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability. reference: @@ -13,19 +13,21 @@ info: - https://vuldb.com/?ctiid.249510 - https://github.com/Tropinene/Yscanner classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L - cvss-score: 6.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2024-0195 cwe-id: CWE-94 - epss-score: 0.9247 - epss-percentile: 0.99716 + epss-score: 0.89846 + epss-percentile: 0.98769 cpe: cpe:2.3:a:ssssssss:spider-flow:0.4.3:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: ssssssss product: "spider-flow" - fofa-query: app="spiderflow" + fofa-query: + - "app=\"SpiderFlow\"" + - app="spiderflow" tags: cve,cve2024,spiderflow,crawler,unauth,rce,ssssssss flow: http(1) && http(2) diff --git a/http/cves/2024/CVE-2024-0200.yaml b/http/cves/2024/CVE-2024-0200.yaml index d462bf750cc..65ed83ec595 100644 --- a/http/cves/2024/CVE-2024-0200.yaml +++ b/http/cves/2024/CVE-2024-0200.yaml @@ -26,7 +26,7 @@ info: vendor: github product: "enterprise_server" shodan-query: - - http.title:"github enterprise" + - "title:\"GitHub Enterprise\"" - micro focus dsd fofa-query: "app=\"Github-Enterprise\"" tags: cve,cve2024,rce,github,enterprise diff --git a/http/cves/2024/CVE-2024-0204.yaml b/http/cves/2024/CVE-2024-0204.yaml index 12cd9e8aa50..900b4aea582 100644 --- a/http/cves/2024/CVE-2024-0204.yaml +++ b/http/cves/2024/CVE-2024-0204.yaml @@ -26,17 +26,14 @@ info: vendor: fortra product: goanywhere_managed_file_transfer shodan-query: - - http.favicon.hash:"1484947000,1828756398,1170495932" - - http.favicon.hash:"1484947000" - - http.html:"goanywhere managed file transfer" + - http.favicon.hash:1484947000,1828756398,1170495932 + - http.favicon.hash:1484947000 fofa-query: - - app="goanywhere-mft" + - app="GoAnywhere-MFT" - icon_hash=1484947000 - icon_hash=1484947000,1828756398,1170495932 - - body="goanywhere managed file transfer" - zoomeye-query: - - app="fortra goanywhere-mft" - - app:"fortra goanywhere-mft" + - app="goanywhere-mft" + zoomeye-query: app="Fortra GoAnywhere-MFT" tags: packetstorm,cve,cve2024,auth-bypass,goanywhere,fortra http: diff --git a/http/cves/2024/CVE-2024-0235.yaml b/http/cves/2024/CVE-2024-0235.yaml index 8ead3218d6f..79475b21050 100644 --- a/http/cves/2024/CVE-2024-0235.yaml +++ b/http/cves/2024/CVE-2024-0235.yaml @@ -14,15 +14,13 @@ info: - https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/ - https://github.com/fkie-cad/nvd-json-data-feeds - https://nvd.nist.gov/vuln/detail/CVE-2024-0235 - - https://github.com/20142995/nuclei-templates - - https://github.com/Cappricio-Securities/CVE-2024-0235 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2024-0235 cwe-id: CWE-862 - epss-score: 0.8042 - epss-percentile: 0.99064 + epss-score: 0.00052 + epss-percentile: 0.19233 cpe: cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 @@ -30,9 +28,9 @@ info: product: eventon framework: wordpress shodan-query: - - vuln:"cve-2023-2796" - - http.html:"/wp-content/plugins/eventon-lite/" - - http.html:"/wp-content/plugins/eventon/" + - "vuln:CVE-2023-2796" + - http.html:/wp-content/plugins/eventon-lite/ + - http.html:/wp-content/plugins/eventon/ fofa-query: - "wp-content/plugins/eventon/" - body=/wp-content/plugins/eventon/ diff --git a/http/cves/2024/CVE-2024-0250.yaml b/http/cves/2024/CVE-2024-0250.yaml index 7acb4476078..bdee4a83231 100644 --- a/http/cves/2024/CVE-2024-0250.yaml +++ b/http/cves/2024/CVE-2024-0250.yaml @@ -16,8 +16,8 @@ info: epss-score: 0.00043 epss-percentile: 0.0866 metadata: - verified: true max-request: 1 + verified: true fofa-query: body="/wp-content/plugins/analytics-insights" publicwww-query: "/wp-content/plugins/analytics-insights" tags: cve,cve2024,wpscan,redirect,wp,wp-plugin,wordpress,analytics-insights diff --git a/http/cves/2024/CVE-2024-0305.yaml b/http/cves/2024/CVE-2024-0305.yaml index 1047f3a32dd..91dd660c51e 100644 --- a/http/cves/2024/CVE-2024-0305.yaml +++ b/http/cves/2024/CVE-2024-0305.yaml @@ -3,7 +3,7 @@ id: CVE-2024-0305 info: name: Ncast busiFacade - Remote Command Execution author: BMCel - severity: medium + severity: high description: | The Ncast Yingshi high-definition intelligent recording and playback system is a newly developed audio and video recording and playback system. The system has RCE vulnerabilities in versions 2017 and earlier. impact: | @@ -15,12 +15,11 @@ info: - https://vuldb.com/?ctiid.249872 - https://github.com/Marco-zcl/POC classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 cve-id: CVE-2024-0305 - cwe-id: CWE-200,NVD-CWE-noinfo - epss-score: 0.93888 - epss-percentile: 0.9986 + epss-score: 0.00947 + epss-percentile: 0.83122 cpe: cpe:2.3:a:ncast_project:ncast:*:*:*:*:*:*:*:* metadata: verified: true @@ -29,12 +28,11 @@ info: product: ncast shodan-query: http.title:"高清智能录播系统" fofa-query: + - app="Ncast-产品" && title=="高清智能录播系统" + - title="高清智能录播系统" - app="ncast-产品" && title=="高清智能录播系统" - - title="高清智能录播系统" google-query: intitle:"高清智能录播系统" - zoomeye-query: - - title="高清智能录播系统" - - title:"高清智能录播系统" + zoomeye-query: title="高清智能录播系统" tags: cve,cve2024,ncast,rce,ncast_project http: diff --git a/http/cves/2024/CVE-2024-0352.yaml b/http/cves/2024/CVE-2024-0352.yaml index 96d54f84767..bc987ae1222 100644 --- a/http/cves/2024/CVE-2024-0352.yaml +++ b/http/cves/2024/CVE-2024-0352.yaml @@ -3,7 +3,7 @@ id: CVE-2024-0352 info: name: Likeshop < 2.5.7.20210311 - Arbitrary File Upload author: CookieHanHoan,babybash,samuelsamuelsamuel - severity: high + severity: critical description: | A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file with an unknown input leads to a unrestricted upload vulnerability. The CWE definition for the vulnerability is CWE-434 impact: | @@ -16,19 +16,19 @@ info: - https://vuldb.com/?id.250120 - https://github.com/tanjiti/sec_profile classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L - cvss-score: 7.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2024-0352 cwe-id: CWE-434 - epss-score: 0.90393 - epss-percentile: 0.99569 + epss-score: 0.0086 + epss-percentile: 0.82263 cpe: cpe:2.3:a:likeshop:likeshop:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: likeshop product: likeshop - shodan-query: http.favicon.hash:"874152924" + shodan-query: http.favicon.hash:874152924 fofa-query: icon_hash=874152924 tags: cve,cve2024,rce,file-upload,likeshop,instrusive,intrusive variables: diff --git a/http/cves/2024/CVE-2024-0713.yaml b/http/cves/2024/CVE-2024-0713.yaml index b5b10b6bb66..1c55b39f079 100644 --- a/http/cves/2024/CVE-2024-0713.yaml +++ b/http/cves/2024/CVE-2024-0713.yaml @@ -10,7 +10,6 @@ info: - https://github.com/Tropinene/Yscanner - https://github.com/fkie-cad/nvd-json-data-feeds - https://nvd.nist.gov/vuln/detail/CVE-2024-0713 - - https://github.com/nomi-sec/PoC-in-GitHub classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 diff --git a/http/cves/2024/CVE-2024-0881.yaml b/http/cves/2024/CVE-2024-0881.yaml index aead03e15ec..564e5861db6 100644 --- a/http/cves/2024/CVE-2024-0881.yaml +++ b/http/cves/2024/CVE-2024-0881.yaml @@ -11,21 +11,16 @@ info: - https://github.com/fkie-cad/nvd-json-data-feeds - https://nvd.nist.gov/vuln/detail/CVE-2024-0881 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N - cvss-score: 5.4 cve-id: CVE-2024-0881 cwe-id: CWE-284 - epss-score: 0.13641 - epss-percentile: 0.9386 - cpe: cpe:2.3:a:pickplugins:post_grid:*:*:*:*:*:wordpress:*:* + epss-score: 0.00043 + epss-percentile: 0.08268 metadata: verified: true max-request: 3 - vendor: pickplugins - product: post_grid - framework: wordpress publicwww-query: "/wp-content/plugins/user-meta/" tags: cve,cve2024,wp,wpscan,wordpress,wp-plugin,combo-blocks,exposure + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-0939.yaml b/http/cves/2024/CVE-2024-0939.yaml index d3bb7bac85c..0b8253c2c88 100644 --- a/http/cves/2024/CVE-2024-0939.yaml +++ b/http/cves/2024/CVE-2024-0939.yaml @@ -3,7 +3,7 @@ id: CVE-2024-0939 info: name: Smart S210 Management Platform - Arbitary File Upload author: DhiyaneshDk - severity: medium + severity: critical description: | A vulnerability has been found in Byzoro Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. reference: @@ -13,21 +13,21 @@ info: - https://vuldb.com/?submit.269268 - https://github.com/tanjiti/sec_profile classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L - cvss-score: 6.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2024-0939 cwe-id: CWE-434 - epss-score: 0.732 - epss-percentile: 0.98698 + epss-score: 0.00063 + epss-percentile: 0.2659 cpe: cpe:2.3:o:byzoro:smart_s210_firmware:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 + max-request: 1 vendor: byzoro - product: "smart_s210_firmware" - fofa-query: body="smart管理平台" - shodan-query: http.html:"smart管理平台" - tags: cve,cve2024,smart,file-upload,intrusive,rce,byzoro + product: smart_s210_firmware + fofa-query: body="Smart管理平台" + tags: cve,cve2024,smart,file-upload,intrusive,rce + variables: filename: "{{to_lower(rand_text_alpha(5))}}" num1: "{{rand_int(800000, 999999)}}" diff --git a/http/cves/2024/CVE-2024-0986.yaml b/http/cves/2024/CVE-2024-0986.yaml index 21fce4ff10c..6e2cc8881d2 100644 --- a/http/cves/2024/CVE-2024-0986.yaml +++ b/http/cves/2024/CVE-2024-0986.yaml @@ -25,7 +25,7 @@ info: vendor: issabel product: pbx fofa-query: title="issabel" - tags: cve,cve2024,isssabel,authenticated,rce,asterisk,issabel + tags: cve,cve2024,isssabel,authenticated,rce,asterisk variables: username: "{{username}}" diff --git a/http/cves/2024/CVE-2024-1021.yaml b/http/cves/2024/CVE-2024-1021.yaml index 9dad0c5983b..541d3a7ba6c 100644 --- a/http/cves/2024/CVE-2024-1021.yaml +++ b/http/cves/2024/CVE-2024-1021.yaml @@ -3,7 +3,7 @@ id: CVE-2024-1021 info: name: Rebuild <= 3.5.5 - Server-Side Request Forgery author: BMCel - severity: medium + severity: critical description: | There is a security vulnerability in Rebuild 3.5.5, which is due to a server-side request forgery vulnerability in the URL parameter of the readRawText function of the HTTP Request Handler component. impact: | @@ -17,12 +17,12 @@ info: - https://vuldb.com/?id.252290 - https://github.com/tanjiti/sec_profile classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L - cvss-score: 6.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2024-1021 cwe-id: CWE-918 - epss-score: 0.93055 - epss-percentile: 0.9977 + epss-score: 0.00973 + epss-percentile: 0.83349 cpe: cpe:2.3:a:ruifang-tech:rebuild:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2024/CVE-2024-10400.yaml b/http/cves/2024/CVE-2024-10400.yaml index 60c7746f28c..eca0e0e7715 100644 --- a/http/cves/2024/CVE-2024-10400.yaml +++ b/http/cves/2024/CVE-2024-10400.yaml @@ -9,16 +9,11 @@ info: reference: - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/tutor/tutor-lms-276-unauthenticated-sql-injection-via-rating-filter - https://nvd.nist.gov/vuln/detail/CVE-2024-10400 - - https://www.wordfence.com/threat-intel/vulnerabilities/id/bcf37d4e-e94a-4046-9949-c208e4e70197?source=cve - - https://github.com/wy876/wiki - - https://github.com/adysec/POC classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-10400 cwe-id: CWE-89 - epss-score: 0.92714 - epss-percentile: 0.99736 cpe: cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,10 +21,10 @@ info: vendor: themeum product: tutor_lms framework: wordpress - shodan-query: http.html:"/wp-content/plugins/tutor/" + shodan-query: html:"/wp-content/plugins/tutor/" fofa-query: body="/wp-content/plugins/tutor/" - publicwww-query: /wp-content/plugins/tutor/ - tags: cve,cve2024,tutor-lms,lms,sqli,wordpress,themeum + tags: cve,cve2024,tutor-lms,lms,sqli + variables: num: '999999999' diff --git a/http/cves/2024/CVE-2024-10486.yaml b/http/cves/2024/CVE-2024-10486.yaml index 2b6b2fb501d..0851f240361 100644 --- a/http/cves/2024/CVE-2024-10486.yaml +++ b/http/cves/2024/CVE-2024-10486.yaml @@ -9,14 +9,13 @@ info: reference: - https://plugins.trac.wordpress.org/browser/google-listings-and-ads/tags/2.8.6/vendor/googleads/google-ads-php/scripts/print_php_information.php - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/google-listings-and-ads/google-for-woocommerce-286-information-disclosure-via-publicly-accessible-php-info-file - - https://www.wordfence.com/threat-intel/vulnerabilities/id/64bc7d47-6b63-4fd9-85d4-82126f86308a?source=cve classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2024-10486 cwe-id: CWE-862 - epss-score: 0.02166 - epss-percentile: 0.83465 + epss-score: 0.00094 + epss-percentile: 0.23969 metadata: verified: true max-request: 1 diff --git a/http/cves/2024/CVE-2024-10516.yaml b/http/cves/2024/CVE-2024-10516.yaml index 0489b038bb9..f270ab08ec7 100644 --- a/http/cves/2024/CVE-2024-10516.yaml +++ b/http/cves/2024/CVE-2024-10516.yaml @@ -9,24 +9,19 @@ info: reference: - https://github.com/RandomRobbieBF/CVE-2024-10516 - https://nvd.nist.gov/vuln/detail/CVE-2024-10516 - - https://plugins.trac.wordpress.org/browser/swift-performance-lite/trunk/includes/classes/class.ajax.php#L795 - - https://plugins.trac.wordpress.org/browser/swift-performance-lite/trunk/includes/classes/class.ajax.php#L824 - - https://plugins.trac.wordpress.org/changeset/3201933/ classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2024-10516 - cwe-id: CWE-22 - epss-score: 0.75613 - epss-percentile: 0.98823 + cwe-id: CWE-98 cpe: cpe:2.3:a:swiftperformance:swift_performance_lite:*:*:*:*:*:*:*:* metadata: - max-request: 2 + max-request: 1 vendor: swiftperformance - product: "swift_performance_lite" + product: swift_performance_lite fofa-query: body="/wp-content/plugins/swift-performance-lite" - shodan-query: http.html:"/wp-content/plugins/swift-performance-lite" - tags: cve,cve2024,wp,wp-plugin,wordpress,swift-performance,lfi,swiftperformance + tags: cve,cve2024,wp,wp-plugin,wordpress,swift-performance,lfi + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-1061.yaml b/http/cves/2024/CVE-2024-1061.yaml index 8849815f8e9..7e6b10fd868 100644 --- a/http/cves/2024/CVE-2024-1061.yaml +++ b/http/cves/2024/CVE-2024-1061.yaml @@ -3,7 +3,7 @@ id: CVE-2024-1061 info: name: WordPress HTML5 Video Player - SQL Injection author: xxcdd - severity: high + severity: critical description: | WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks. impact: | @@ -17,12 +17,12 @@ info: - https://github.com/tanjiti/sec_profile - https://github.com/JoshuaMart/JoshuaMart classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2024-1061 cwe-id: CWE-89 - epss-score: 0.82139 - epss-percentile: 0.9915 + epss-score: 0.00934 + epss-percentile: 0.82678 cpe: cpe:2.3:a:bplugins:html5_video_player:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -30,11 +30,7 @@ info: vendor: bplugins product: html5_video_player framework: wordpress - fofa-query: - - "\"wordpress\" && body=\"html5-video-player\"" - - body=/wp-content/plugins/html5-video-player - publicwww-query: /wp-content/plugins/html5-video-player - shodan-query: http.html:"/wp-content/plugins/html5-video-player" + fofa-query: "\"wordpress\" && body=\"html5-video-player\"" tags: time-based-sqli,cve,cve2024,wp,wordpress,wp-plugin,sqli,html5-video-player,bplugins http: diff --git a/http/cves/2024/CVE-2024-1071.yaml b/http/cves/2024/CVE-2024-1071.yaml index ed8a496d579..a8bcfd62da9 100644 --- a/http/cves/2024/CVE-2024-1071.yaml +++ b/http/cves/2024/CVE-2024-1071.yaml @@ -24,23 +24,13 @@ info: metadata: verified: true max-request: 2 - vendor: ultimatemember - product: ultimate_member framework: wordpress - fofa-query: - - body="/wp-content/plugins/ultimate-member" - - body=/wp-content/plugins/ultimate-member/ - publicwww-query: - - "/wp-content/plugins/ultimate-member/" - - /wp-content/plugins/ultimate-member - zoomeye-query: - - app="wordpress ultimate member plugin" - - app:"wordpress ultimate member plugin" - google-query: inurl:/wp-content/plugins/ultimate-member - shodan-query: - - http.html:"/wp-content/plugins/ultimate-member" - - http.html:"/wp-content/plugins/ultimate-member/" - tags: time-based-sqli,cve,cve2024,ultimate-member,wpscan,wordpress,wp-plugin,sqli,ultimatemember + fofa-query: body="/wp-content/plugins/ultimate-member" + publicwww-query: "/wp-content/plugins/ultimate-member/" + zoomeye-query: app="WordPress Ultimate Member Plugin" + product: ultimate_member + vendor: ultimatemember + tags: time-based-sqli,cve,cve2024,ultimate-member,wpscan,wordpress,wp-plugin,sqli http: - raw: diff --git a/http/cves/2024/CVE-2024-10783.yaml b/http/cves/2024/CVE-2024-10783.yaml index 65da2cf41c8..be17e8ae302 100644 --- a/http/cves/2024/CVE-2024-10783.yaml +++ b/http/cves/2024/CVE-2024-10783.yaml @@ -17,13 +17,14 @@ info: cvss-score: 8.1 cve-id: CVE-2024-10783 cwe-id: CWE-862 - epss-score: 0.26918 - epss-percentile: 0.96073 + epss-score: 0.00103 + epss-percentile: 0.2532 metadata: verified: true max-request: 2 publicwww-query: "/wp-content/plugins/mainwp-child/" tags: cve,cve2024,wp,mainwp-child,wpscan,wordpress,wp-plugin,auth-bypass + flow: http(1) && http(2) variables: diff --git a/http/cves/2024/CVE-2024-10812.yaml b/http/cves/2024/CVE-2024-10812.yaml index 475a35beb46..c9b7cb76717 100644 --- a/http/cves/2024/CVE-2024-10812.yaml +++ b/http/cves/2024/CVE-2024-10812.yaml @@ -10,9 +10,10 @@ info: - https://huntr.com/bounties/51408ebd-e0be-489d-8088-f210087dbd6a metadata: verified: true - max-request: 2 + max-request: 1 fofa-query: body="gpt_academic" tags: cve,cve2024,huntr,redirect,oss,gpt_academic,binary-husky + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-10908.yaml b/http/cves/2024/CVE-2024-10908.yaml index 8a279a27a99..ccc7b6399c8 100644 --- a/http/cves/2024/CVE-2024-10908.yaml +++ b/http/cves/2024/CVE-2024-10908.yaml @@ -9,10 +9,11 @@ info: reference: - https://huntr.com/bounties/61f5e725-5579-4d08-8a88-e4ba04e6d1f2 metadata: - verified: true - max-request: 2 shodan-query: html:"Chatbot Arena" + verified: true + max-request: 1 tags: cve,cve2024,fastchat,redirect,oss,chatbot,areana + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-10914.yaml b/http/cves/2024/CVE-2024-10914.yaml index eb2b32e3db6..5c21803171e 100644 --- a/http/cves/2024/CVE-2024-10914.yaml +++ b/http/cves/2024/CVE-2024-10914.yaml @@ -3,27 +3,24 @@ id: CVE-2024-10914 info: name: D-Link NAS - Command Injection via Name Parameter author: s4e-io - severity: high + severity: critical description: | A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. reference: - https://github.com/verylazytech/CVE-2024-10914 - https://www.usom.gov.tr/bildirim/tr-24-1836 - https://nvd.nist.gov/vuln/detail/CVE-2024-10914 - - https://vuldb.com/?ctiid.283309 - - https://vuldb.com/?id.283309 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2024-10914 - cwe-id: CWE-74 - epss-score: 0.93447 - epss-percentile: 0.99808 + cwe-id: CWE-707 + epss-score: 0.00092 + epss-percentile: 0.40606 cpe: cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:* metadata: - max-request: 2 vendor: dlink - product: "dns-320_firmware" + product: dns-320_firmware shodan-query: http.html:"sharecenter" fofa-query: body="sharecenter" tags: cve,cve2024,dlink,sharecenter,rce diff --git a/http/cves/2024/CVE-2024-10924.yaml b/http/cves/2024/CVE-2024-10924.yaml index 3ce2a41b142..2545caced86 100644 --- a/http/cves/2024/CVE-2024-10924.yaml +++ b/http/cves/2024/CVE-2024-10924.yaml @@ -19,19 +19,20 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-10924 - cwe-id: CWE-306,CWE-288 - epss-score: 0.9395 - epss-percentile: 0.99869 + cwe-id: CWE-288,CWE-306 + epss-score: 0.00101 + epss-percentile: 0.4287 cpe: cpe:2.3:a:really-simple-plugins:really_simple_security:*:*:*:*:-:wordpress:*:* metadata: verified: true - max-request: 3 - vendor: "really-simple-plugins" - product: "really_simple_security" + max-request: 1 + vendor: really-simple-plugins + product: really_simple_security framework: wordpress - shodan-query: http.html:"/wp-content/plugins/really-simple-ssl" + shodan-query: html:"/wp-content/plugins/really-simple-ssl" fofa-query: body="/wp-content/plugins/really-simple-ssl" - tags: wpscan,cve,cve2024,wp,wp-plugin,wordpress,auth-bypass,really-simple-ssl,really-simple-plugins + tags: cve,cve2024,wp,wp-plugin,wordpress,auth-bypass,really-simple-ssl + flow: http(1) && http(2) && http(3) http: diff --git a/http/cves/2024/CVE-2024-11044.yaml b/http/cves/2024/CVE-2024-11044.yaml index 139ba290c6d..b7a8ab55d12 100644 --- a/http/cves/2024/CVE-2024-11044.yaml +++ b/http/cves/2024/CVE-2024-11044.yaml @@ -8,19 +8,12 @@ info: An open redirect vulnerability exists in Stable-Diffusion-Webui 1.10.0, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. reference: - https://huntr.com/bounties/ee942e5e-4987-4f81-ba83-014fec6b33b3 - - https://github.com/cyb3r-w0lf/nuclei-template-collection - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2024-11044 - cwe-id: CWE-601 - epss-score: 0.00546 - epss-percentile: 0.66693 metadata: verified: true - max-request: 2 + max-request: 1 fofa-query: body="stable-diffusion-webui" tags: cve,cve2024,huntr,redirect,oss,stable_diffusion_webui,automatic1111 + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-11303.yaml b/http/cves/2024/CVE-2024-11303.yaml index f100ad46ba0..6c8eabe714b 100644 --- a/http/cves/2024/CVE-2024-11303.yaml +++ b/http/cves/2024/CVE-2024-11303.yaml @@ -10,14 +10,12 @@ info: - https://seclists.org/fulldisclosure/2024/Nov/8 - https://www.korenix.com/en/about/index.aspx?kind=3 - https://cyberdanube.com/en/en-st-polten-uas-path-traversal-in-korenix-jetport/ - - http://seclists.org/fulldisclosure/2024/Nov/8 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cwe-id: CWE-22 - epss-score: 0.08965 - epss-percentile: 0.92141 + epss-score: 0.00044 + epss-percentile: 0.11869 metadata: max-request: 1 tags: seclists,cve,cve2024,korenix,lfi diff --git a/http/cves/2024/CVE-2024-11305.yaml b/http/cves/2024/CVE-2024-11305.yaml index 9576b80f1d3..cc0d050d9d7 100644 --- a/http/cves/2024/CVE-2024-11305.yaml +++ b/http/cves/2024/CVE-2024-11305.yaml @@ -25,7 +25,7 @@ info: shodan-query: http.title:"altenergy power control software" fofa-query: title="altenergy power control software" google-query: intitle:"altenergy power control software" - tags: cve,cve2024,altenergy,iot,sqli,apsystems + tags: cve,cve2024,altenergy,iot,sqli http: - raw: diff --git a/http/cves/2024/CVE-2024-11320.yaml b/http/cves/2024/CVE-2024-11320.yaml index 5441bbf2bcb..1638d0a24c2 100644 --- a/http/cves/2024/CVE-2024-11320.yaml +++ b/http/cves/2024/CVE-2024-11320.yaml @@ -8,30 +8,26 @@ info: Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism.This issue affects Pandora FMS- from 700 through <=777.4 reference: - https://github.com/mhaskar/CVE-2024-11320 - - https://github.com/ARPSyndicate/cve-scores - - https://github.com/nomi-sec/PoC-in-GitHub classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-11320 cwe-id: CWE-77 - epss-score: 0.92171 - epss-percentile: 0.99691 + epss-score: 0.82357 + epss-percentile: 0.99157 cpe: cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:* metadata: - max-request: 6 vendor: pandorafms - product: "pandora_fms" + product: pandora_fms shodan-query: - - '[http.html:"pandora fms - installation wizard" http.title:"pandora fms"]' - http.html:"pandora fms - installation wizard" - http.title:"pandora fms" fofa-query: - - '[body="pandora fms - installation wizard" title="pandora fms"]' - body="pandora fms - installation wizard" - title="pandora fms" google-query: intitle:"pandora fms" - tags: cve,cve2024,oast,rce,pandora,fms,pandorafms + tags: cve,cve2024,oast,rce,pandora,fms + flow: http(1) && http(2) && http(3) && http(4) && http(5) && http(6) http: diff --git a/http/cves/2024/CVE-2024-11396.yaml b/http/cves/2024/CVE-2024-11396.yaml index dbb1f34476a..6c3f046f50b 100644 --- a/http/cves/2024/CVE-2024-11396.yaml +++ b/http/cves/2024/CVE-2024-11396.yaml @@ -17,8 +17,8 @@ info: cvss-score: 5.3 cve-id: CVE-2024-11396 cwe-id: CWE-359 - epss-score: 0.33068 - epss-percentile: 0.96653 + epss-score: 0.00046 + epss-percentile: 0.19303 metadata: verified: true max-request: 2 @@ -27,7 +27,8 @@ info: framework: wordpress shodan-query: http.html:"wp-content/plugins/event-monster" fofa-query: body="wp-content/plugins/event-monster" - tags: cve,cve2024,wordpress,wp,wp-plugin,event-monster,info-leak,a-wp-life,intrusive + tags: cve,cve2024,wordpress,wp,wp-plugin,event-monster,info-leak + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-11680.yaml b/http/cves/2024/CVE-2024-11680.yaml index 21994691a48..555ec8c1546 100644 --- a/http/cves/2024/CVE-2024-11680.yaml +++ b/http/cves/2024/CVE-2024-11680.yaml @@ -20,20 +20,18 @@ info: cpe: cpe:2.3:a:projectsend:projectsend:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 5 + max-request: 1 vendor: projectsend product: projectsend shodan-query: - - '[http.html:"projectsend" http.html:"projectsend setup" http.html:"provided by projectsend"]' - - http.html:"projectsend setup" - http.html:"projectsend" + - http.html:"projectsend setup" - http.html:"provided by projectsend" fofa-query: - - '[body="projectsend" body="projectsend setup" body=provided by projectsend]' - - body="projectsend setup" - body="projectsend" - - body="provided by projectsend" - google-query: "intext:provided by projectsend" + - body="projectsend setup" + - body=provided by projectsend + google-query: intext:provided by projectsend tags: cve,cve2024,projectsend,auth-bypass,intrusive,kev variables: string: "{{randstr}}" diff --git a/http/cves/2024/CVE-2024-11728.yaml b/http/cves/2024/CVE-2024-11728.yaml index 47c56e3e97c..ba42eff6aaa 100644 --- a/http/cves/2024/CVE-2024-11728.yaml +++ b/http/cves/2024/CVE-2024-11728.yaml @@ -28,8 +28,8 @@ info: product: kivicare framework: wordpress fofa-query: body="/wp-content/plugins/kivicare-clinic-management-system" - shodan-query: http.html:"/wp-content/plugins/kivicare-clinic-management-system" - tags: cve,cve2024,wp,wordpress,wp-plugin,sqli,kivicare-clinic-management-system,iqonic + tags: cve,cve2024,wp,wordpress,wp-plugin,sqli,kivicare-clinic-management-system + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-11740.yaml b/http/cves/2024/CVE-2024-11740.yaml index 179398dffc4..5033cafb580 100644 --- a/http/cves/2024/CVE-2024-11740.yaml +++ b/http/cves/2024/CVE-2024-11740.yaml @@ -26,9 +26,7 @@ info: product: download_manager framework: wordpress publicwww-query: "/wp-content/plugins/download-manager/" - shodan-query: http.html:"/wp-content/plugins/download-manager/" - fofa-query: body=/wp-content/plugins/download-manager/ - tags: cve,cve2024,wordpress,wp-plugin,download-manager,short-code,wp,wpdownloadmanager + tags: cve,cve2024,wordpress,wp-plugin,download-manager,short-code,wp http: - raw: diff --git a/http/cves/2024/CVE-2024-1183.yaml b/http/cves/2024/CVE-2024-1183.yaml index 4eedcd07dfa..a78486014d2 100644 --- a/http/cves/2024/CVE-2024-1183.yaml +++ b/http/cves/2024/CVE-2024-1183.yaml @@ -20,16 +20,10 @@ info: metadata: verified: true max-request: 1 - vendor: gradio_project + shodan-query: html:"__gradio_mode__" product: gradio - shodan-query: - - http.html:"__gradio_mode__" - - http.title:"gradio" - fofa-query: - - body="__gradio_mode__" - - title="gradio" - google-query: intitle:"gradio" - tags: cve,cve2024,ssrf,oast,gradio,gradio_project + vendor: gradio_project + tags: cve,cve2024,ssrf,oast,gradio http: - raw: diff --git a/http/cves/2024/CVE-2024-11921.yaml b/http/cves/2024/CVE-2024-11921.yaml index 13245baaa48..9ea70fdcfd8 100644 --- a/http/cves/2024/CVE-2024-11921.yaml +++ b/http/cves/2024/CVE-2024-11921.yaml @@ -17,8 +17,8 @@ info: cve-id: CVE-2024-11921 cwe-id: CWE-79 metadata: - max-request: 3 - tags: wpscan,cve,cve2024,wordpress,wp,wp-plugin,give,xss,authenticated + max-request: 2 + tags: cve,cve2024,wordpress,wp,wp-plugin,give,xss,authenticated http: - raw: diff --git a/http/cves/2024/CVE-2024-1208.yaml b/http/cves/2024/CVE-2024-1208.yaml index 3a6d54109f7..30f7b3936d7 100644 --- a/http/cves/2024/CVE-2024-1208.yaml +++ b/http/cves/2024/CVE-2024-1208.yaml @@ -17,8 +17,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2024-1208 - epss-score: 0.85171 - epss-percentile: 0.99292 + epss-score: 0.01217 + epss-percentile: 0.85275 cpe: cpe:2.3:a:learndash:learndash:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -26,7 +26,7 @@ info: vendor: learndash product: learndash framework: wordpress - shodan-query: http.html:"/wp-content/plugins/sfwd-lms" + shodan-query: http.html:/wp-content/plugins/sfwd-lms fofa-query: body=/wp-content/plugins/sfwd-lms publicwww-query: "/wp-content/plugins/sfwd-lms" google-query: inurl:"/wp-content/plugins/sfwd-lms" diff --git a/http/cves/2024/CVE-2024-1209.yaml b/http/cves/2024/CVE-2024-1209.yaml index 7469b2edada..53beca0e72e 100644 --- a/http/cves/2024/CVE-2024-1209.yaml +++ b/http/cves/2024/CVE-2024-1209.yaml @@ -26,7 +26,7 @@ info: vendor: learndash product: learndash framework: wordpress - shodan-query: http.html:"/wp-content/plugins/sfwd-lms" + shodan-query: http.html:/wp-content/plugins/sfwd-lms fofa-query: body=/wp-content/plugins/sfwd-lms publicwww-query: "/wp-content/plugins/sfwd-lms" google-query: inurl:"/wp-content/plugins/sfwd-lms" diff --git a/http/cves/2024/CVE-2024-1210.yaml b/http/cves/2024/CVE-2024-1210.yaml index dc5f0a08e95..d3a857690fc 100644 --- a/http/cves/2024/CVE-2024-1210.yaml +++ b/http/cves/2024/CVE-2024-1210.yaml @@ -26,10 +26,10 @@ info: vendor: learndash product: learndash framework: wordpress - shodan-query: http.html:"/wp-content/plugins/sfwd-lms" - fofa-query: body=/wp-content/plugins/sfwd-lms publicwww-query: "/wp-content/plugins/sfwd-lms" google-query: inurl:"/wp-content/plugins/sfwd-lms" + shodan-query: http.html:/wp-content/plugins/sfwd-lms + fofa-query: body=/wp-content/plugins/sfwd-lms tags: wpscan,cve,cve2024,wp,wp-plugin,wordpress,exposure,learndash http: diff --git a/http/cves/2024/CVE-2024-12209.yaml b/http/cves/2024/CVE-2024-12209.yaml index a173540df20..2e0123db47d 100644 --- a/http/cves/2024/CVE-2024-12209.yaml +++ b/http/cves/2024/CVE-2024-12209.yaml @@ -13,23 +13,20 @@ info: - https://plugins.trac.wordpress.org/browser/wp-health/tags/v2.16.4/src/Actions/RestoreRouter.php#L45 - https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3202883%40wp-health&new=3202883%40wp-health&sfp_email=&sfph_mail= - https://www.wordfence.com/threat-intel/vulnerabilities/id/c74ce3e8-cab9-4cc6-a1ad-1e51f7268474?source=cve - - https://github.com/Nxploited/CVE-2024-12209 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-12209 cwe-id: CWE-98 - epss-score: 0.84731 - epss-percentile: 0.99267 metadata: verified: true - max-request: 2 - vendor: "wp-umbrella" - product: "wp-umbrella" + max-request: 1 + vendor: wp-umbrella + product: wp-umbrella framework: wordpress fofa-query: body="/wp-content/plugins/wp-health" - shodan-query: http.html:"/wp-content/plugins/wp-health" - tags: cve,cve2024,wp,wordpress,wp-plugin,wp-health,lfi,wp-umbrella + tags: cve,cve2024,wp,wordpress,wp-plugin,wp-health,lfi + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-12760.yaml b/http/cves/2024/CVE-2024-12760.yaml index 121dcc0f6de..e688230fa90 100644 --- a/http/cves/2024/CVE-2024-12760.yaml +++ b/http/cves/2024/CVE-2024-12760.yaml @@ -8,7 +8,6 @@ info: An open redirect vulnerability exists in BentoML v1.3.9, where the file parameter in the /ui/gradio_api/file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. reference: - https://huntr.com/bounties/2a284ff6-cc6c-4a10-b72e-1bb31c842bca - - https://github.com/cyb3r-w0lf/nuclei-template-collection metadata: verified: true max-request: 1 diff --git a/http/cves/2024/CVE-2024-12824.yaml b/http/cves/2024/CVE-2024-12824.yaml index 29dca11f4f0..9ef2e286f32 100644 --- a/http/cves/2024/CVE-2024-12824.yaml +++ b/http/cves/2024/CVE-2024-12824.yaml @@ -16,12 +16,13 @@ info: cvss-score: 9.8 cve-id: CVE-2024-12824 cwe-id: CWE-620 - epss-score: 0.54232 - epss-percentile: 0.97848 + epss-score: 0.00091 + epss-percentile: 0.41121 metadata: verified: true - max-request: 2 + max-request: 1 tags: cve,cve2024,intrusive,nokri,unauth + flow: http(1) && http(2) variables: diff --git a/http/cves/2024/CVE-2024-12849.yaml b/http/cves/2024/CVE-2024-12849.yaml index 8a82c394eae..9462b0a11cc 100644 --- a/http/cves/2024/CVE-2024-12849.yaml +++ b/http/cves/2024/CVE-2024-12849.yaml @@ -11,14 +11,11 @@ info: - https://www.wordfence.com/threat-intel/vulnerabilities/id/57888e36-3a61-4452-b4ea-9db9e422dc2d?source=cve - https://nvd.nist.gov/vuln/detail/CVE-2024-12849 - https://github.com/advisories/GHSA-899p-f2mf-g895 - - https://plugins.trac.wordpress.org/browser/error-log-viewer-wp/tags/1.0.1.3/error-log-viewer-wp.php#L295 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-12849 cwe-id: CWE-22 - epss-score: 0.88477 - epss-percentile: 0.99455 metadata: verified: true max-request: 2 @@ -27,7 +24,8 @@ info: framework: wordpress shodan-query: http.html:"wp-content/plugins/error-log-viewer-wp" fofa-query: body="wp-content/plugins/error-log-viewer-wp" - tags: cve,cve2024,wordpress,wp,wp-plugin,error-log-viewer-wp,lfi,wp-guru + tags: cve,cve2024,wordpress,wp,wp-plugin,error-log-viewer-wp,lfi + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-12987.yaml b/http/cves/2024/CVE-2024-12987.yaml index 97f3b5e5e0a..dc987194b1d 100644 --- a/http/cves/2024/CVE-2024-12987.yaml +++ b/http/cves/2024/CVE-2024-12987.yaml @@ -3,7 +3,7 @@ id: CVE-2024-12987 info: name: DrayTek Vigor - Command Injection author: ritikchaddha - severity: high + severity: critical description: | DrayTek Gateway devices (Vigor2960, Vigor300B, etc.) are vulnerable to command injection via the session parameter in the /cgi-bin/mainfunction.cgi/apmcfgupload endpoint. An attacker can inject arbitrary commands and retrieve their output. remediation: | @@ -11,23 +11,18 @@ info: reference: - https://netsecfish.notion.site/ - https://nvd.nist.gov/vuln/detail/CVE-2024-12987 - - https://vuldb.com/?ctiid.289380 - - https://vuldb.com/?id.289380 - - https://vuldb.com/?submit.468795 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L - cvss-score: 7.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2024-12987 - cwe-id: CWE-77 - epss-score: 0.72324 - epss-percentile: 0.9866 - cpe: cpe:2.3:o:draytek:vigor300b_firmware:1.5.1.4:*:*:*:*:*:*:* + cwe-id: CWE-78 + cpe: cpe:2.3:h:draytek:vigor300b:-:*:*:*:*:*:*:* metadata: max-request: 2 - vendor: draytek - product: vigor300b_firmware fofa-query: '"excanvas.js" && "lang == \"zh-cn\"" && "detectLang" && server=="DWS"' - tags: cve,cve2024,draytek,rce,router,kev,DrayTek + vendor: DrayTek + product: Vigor300B + tags: cve,cve2024,draytek,rce,router,kev http: - raw: diff --git a/http/cves/2024/CVE-2024-13126.yaml b/http/cves/2024/CVE-2024-13126.yaml index 3d808982fc0..da72c672800 100644 --- a/http/cves/2024/CVE-2024-13126.yaml +++ b/http/cves/2024/CVE-2024-13126.yaml @@ -20,10 +20,10 @@ info: metadata: verified: true max-request: 1 - shodan-query: html:"wp-content/plugins/download-manager/" fofa-query: body="wp-content/plugins/download-manager/" google-query: inurl:"/wp-content/plugins/download-manager/" - tags: wpscan,cve,cve2024,wp,wordpress,wp-plugin,directory-listing,download-manager + shodan-query: html:"wp-content/plugins/download-manager/" + tags: cve,cve2024,wp,wordpress,wp-plugin,directory-listing,download-manager http: - method: GET diff --git a/http/cves/2024/CVE-2024-13159.yaml b/http/cves/2024/CVE-2024-13159.yaml index 9a06acefaa5..1c94d082f57 100644 --- a/http/cves/2024/CVE-2024-13159.yaml +++ b/http/cves/2024/CVE-2024-13159.yaml @@ -9,24 +9,17 @@ info: reference: - https://www.horizon3.ai/attack-research/attack-blogs/ivanti-endpoint-manager-multiple-credential-coercion-vulnerabilities/ - https://nvd.nist.gov/vuln/detail/CVE-2024-13159 - - https://github.com/20142995/nuclei-templates - - https://github.com/Ostorlab/KEV - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-13159 cwe-id: CWE-36 - epss-score: 0.93277 - epss-percentile: 0.99793 - cpe: cpe:2.3:a:ivanti:endpoint_manager:*:-:*:*:*:*:*:* metadata: max-request: 1 - vendor: ivanti - product: endpoint_manager shodan-query: http.favicon.hash:362091310 fofa-query: icon_hash="362091310" tags: cve,cve2024,ivanti,epm,ntlm,traversal,kev + variables: file: "{{to_lower(rand_text_alpha(5))}}" diff --git a/http/cves/2024/CVE-2024-13161.yaml b/http/cves/2024/CVE-2024-13161.yaml index ccb19c70c95..c161c8ab267 100644 --- a/http/cves/2024/CVE-2024-13161.yaml +++ b/http/cves/2024/CVE-2024-13161.yaml @@ -9,25 +9,18 @@ info: reference: - https://www.horizon3.ai/attack-research/attack-blogs/ivanti-endpoint-manager-multiple-credential-coercion-vulnerabilities/ - https://nvd.nist.gov/vuln/detail/CVE-2024-13161 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection - - https://github.com/cyberdyne-ventures/predictions classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-13161 cwe-id: CWE-36 - epss-score: 0.89873 - epss-percentile: 0.99537 - cpe: cpe:2.3:a:ivanti:endpoint_manager:*:-:*:*:*:*:*:* metadata: verified: true max-request: 1 - vendor: ivanti - product: endpoint_manager shodan-query: http.favicon.hash:362091310 fofa-query: icon_hash="362091310" tags: cve,cve2024,ivanti,epm,ntlm,traversal,kev + variables: file: "{{to_lower(rand_text_alpha(5))}}" diff --git a/http/cves/2024/CVE-2024-13322.yaml b/http/cves/2024/CVE-2024-13322.yaml index 297aa3df8a8..6910b9c5a85 100644 --- a/http/cves/2024/CVE-2024-13322.yaml +++ b/http/cves/2024/CVE-2024-13322.yaml @@ -10,21 +10,14 @@ info: - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ap-plugin-scripteo/ads-pro-plugin-multi-purpose-wordpress-advertising-manager-488-unauthenticated-sql-injection - https://codecanyon.net/item/ads-pro-plugin-multipurpose-wordpress-advertising-manager/10275010 - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bcb60a8-220f-45a4-a9a9-10f64acf470c?source=cve - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-13322 cwe-id: CWE-89 - epss-score: 0.14867 - epss-percentile: 0.94161 - cpe: cpe:2.3:a:scripteo:ads_pro:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 1 - vendor: scripteo - product: ads_pro - framework: wordpress tags: cve,cve2024,sqli,time-based-sqli,wp,wp-plugin,wordpress http: diff --git a/http/cves/2024/CVE-2024-13496.yaml b/http/cves/2024/CVE-2024-13496.yaml index 6bba462b74a..6c7957b5611 100644 --- a/http/cves/2024/CVE-2024-13496.yaml +++ b/http/cves/2024/CVE-2024-13496.yaml @@ -9,25 +9,15 @@ info: reference: - https://abrahack.com/posts/gamipress-sqli/ - https://nvd.nist.gov/vuln/detail/CVE-2024-13496 - - https://wordpress.org/plugins/gamipress/#developers - - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea54436c-b623-4049-af19-9995c312476e?source=cve - - https://github.com/ARPSyndicate/cve-scores classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2024-13496 cwe-id: CWE-89 - epss-score: 0.35226 - epss-percentile: 0.96828 - cpe: cpe:2.3:a:gamipress:gamipress:*:*:*:*:*:wordpress:*:* metadata: - max-request: 2 - vendor: gamipress - product: gamipress - framework: wordpress - fofa-query: body="/wp-content/plugins/gamipress" max-requests: 2 - tags: cve,cve2024,wp,wordpress,gamipress,sqli,wp-plugin,intrusive + fofa-query: body="/wp-content/plugins/gamipress" + tags: cve,cve2024,wp,wordpress,gamipress,sqli,wp-plugin http: - raw: diff --git a/http/cves/2024/CVE-2024-13624.yaml b/http/cves/2024/CVE-2024-13624.yaml index 88c45a6240b..2e621ba1791 100644 --- a/http/cves/2024/CVE-2024-13624.yaml +++ b/http/cves/2024/CVE-2024-13624.yaml @@ -16,10 +16,11 @@ info: cwe-id: CWE-79 metadata: verified: true - max-request: 3 + max-request: 2 product: wpmovielibrary fofa-query: body="wp-content/plugins/wpmovielibrary/" - tags: wpscan,cve,cve2024,wp,wordpress,wp-plugin,xss,wpmovielibrary,authenticated + tags: cve,cve2024,wp,wordpress,wp-plugin,xss,wpmovielibrary,authenticated + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-13726.yaml b/http/cves/2024/CVE-2024-13726.yaml index 073ef957f20..4383a925feb 100644 --- a/http/cves/2024/CVE-2024-13726.yaml +++ b/http/cves/2024/CVE-2024-13726.yaml @@ -16,8 +16,8 @@ info: product: tc-ecommerce framework: wordpress fofa-query: body="wp-content/plugins/tc-ecommerce/" - shodan-query: http.html:"wp-content/plugins/tc-ecommerce/" - tags: wpscan,cve,cve2024,wp,wordpress,wp-plugin,sqli,tc-ecommerce,timebased-sqli,themescoder + tags: wpscan,cve,cve2024,wp,wordpress,wp-plugin,sqli,tc-ecommerce,timebased-sqli + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-1380.yaml b/http/cves/2024/CVE-2024-1380.yaml index 1aa4ac54f58..95d11eed78e 100644 --- a/http/cves/2024/CVE-2024-1380.yaml +++ b/http/cves/2024/CVE-2024-1380.yaml @@ -21,9 +21,9 @@ info: metadata: verified: true max-request: 1 - vendor: relevanssi - product: relevanssi fofa-query: "/wp-content/plugins/relevanssi/" + product: relevanssi + vendor: relevanssi tags: cve,cve2024,wp,wordpress,wp-plugin,relevanssi,exposure http: diff --git a/http/cves/2024/CVE-2024-13853.yaml b/http/cves/2024/CVE-2024-13853.yaml index 4c4fe72f386..ee440595782 100644 --- a/http/cves/2024/CVE-2024-13853.yaml +++ b/http/cves/2024/CVE-2024-13853.yaml @@ -14,17 +14,14 @@ info: cvss-score: 6.1 cve-id: CVE-2024-13853 cwe-id: CWE-79 - epss-score: 0.00504 - epss-percentile: 0.64959 - cpe: cpe:2.3:a:zynit:seo_tools:*:*:*:*:*:wordpress:*:* metadata: - max-request: 2 - vendor: zynit - product: seo_tools - framework: wordpress + max-request: 1 + vendor: WordPress + product: seo-automatic-seo-tools shodan-query: http.html:"seo-automatic-seo-tools" fofa-query: body="wp-content/plugins/seo-automatic-seo-tools/" - tags: wpscan,cve,cve2024,wp,wordpress,wp-plugin,xss,seo-automatic-seo-tools,WordPress + tags: cve,cve2024,wp,wordpress,wp-plugin,xss,seo-automatic-seo-tools + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-13888.yaml b/http/cves/2024/CVE-2024-13888.yaml index 055411b4e18..a912b3b4000 100644 --- a/http/cves/2024/CVE-2024-13888.yaml +++ b/http/cves/2024/CVE-2024-13888.yaml @@ -22,8 +22,8 @@ info: framework: wordpress fofa-query: body="/wp-content/plugins/wpappninja" publicwww-query: "/wp-content/plugins/wpappninja" - shodan-query: http.html:"/wp-content/plugins/wpappninja" - tags: cve,cve2024,redirect,wp,wordpress,wp-plugin,wpappninja,amauri + tags: cve,cve2024,redirect,wp,wordpress,wp-plugin,wpappninja + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-1483.yaml b/http/cves/2024/CVE-2024-1483.yaml index 962522c4f86..3c830d05b0d 100644 --- a/http/cves/2024/CVE-2024-1483.yaml +++ b/http/cves/2024/CVE-2024-1483.yaml @@ -17,9 +17,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-1483 - cwe-id: CWE-22 - epss-score: 0.73302 - epss-percentile: 0.98702 + cwe-id: CWE-29 + epss-score: 0.00044 + epss-percentile: 0.11996 cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2024/CVE-2024-1512.yaml b/http/cves/2024/CVE-2024-1512.yaml index 340f1b9d49a..56444103202 100644 --- a/http/cves/2024/CVE-2024-1512.yaml +++ b/http/cves/2024/CVE-2024-1512.yaml @@ -24,14 +24,8 @@ info: vendor: stylemixthemes product: masterstudy_lms framework: wordpress - fofa-query: - - body="wp-content/plugins/masterstudy-lms-learning-management-system/" - - body=/wp-content/plugins/masterstudy-lms-learning-management-system - shodan-query: - - http.html:"wp-content/plugins/masterstudy-lms-learning-management-system/" - - http.html:"/wp-content/plugins/masterstudy-lms-learning-management-system" - publicwww-query: /wp-content/plugins/masterstudy-lms-learning-management-system - tags: time-based-sqli,cve,cve2024,sqli,wp-plugin,wordpress,stylemixthemes + fofa-query: body="wp-content/plugins/masterstudy-lms-learning-management-system/" + tags: time-based-sqli,cve,cve2024,sqli,wp-plugin,wordpress http: - raw: diff --git a/http/cves/2024/CVE-2024-1561.yaml b/http/cves/2024/CVE-2024-1561.yaml index 5c86a7438ce..3a9c011499a 100644 --- a/http/cves/2024/CVE-2024-1561.yaml +++ b/http/cves/2024/CVE-2024-1561.yaml @@ -22,22 +22,16 @@ info: cvss-score: 7.5 cve-id: CVE-2024-1561 cwe-id: CWE-29 - epss-score: 0.93658 - epss-percentile: 0.99833 + epss-score: 0.00087 + epss-percentile: 0.36659 cpe: cpe:2.3:a:gradio_project:gradio:*:*:*:*:python:*:*:* metadata: verified: true - max-request: 4 - vendor: "gradio_project" + max-request: 2 + shodan-query: html:"__gradio_mode__" product: gradio - shodan-query: - - http.html:"__gradio_mode__" - - http.title:"gradio" - fofa-query: - - body="__gradio_mode__" - - title="gradio" - google-query: intitle:"gradio" - tags: cve,cve2024,intrusive,unauth,gradio,lfi,lfr,gradio_project + vendor: gradio_project + tags: cve,cve2024,intrusive,unauth,gradio,lfi,lfr http: - raw: diff --git a/http/cves/2024/CVE-2024-1698.yaml b/http/cves/2024/CVE-2024-1698.yaml index d03c4961dd3..b4a672907b8 100644 --- a/http/cves/2024/CVE-2024-1698.yaml +++ b/http/cves/2024/CVE-2024-1698.yaml @@ -16,19 +16,16 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-1698 - cwe-id: CWE-89 - epss-score: 0.9372 - epss-percentile: 0.99839 - cpe: cpe:2.3:a:wpdeveloper:notificationx:*:*:*:*:*:wordpress:*:* + epss-score: 0.00045 + epss-percentile: 0.12615 + cpe: cpe:2.3:a:wpdeveloper:notificationx:*:*:*:*:wordpress:*:*:* metadata: verified: true max-request: 1 - vendor: wpdeveloper - product: notificationx - framework: wordpress fofa-query: body="/wp-content/plugins/notificationx" - shodan-query: http.html:"/wp-content/plugins/notificationx" - tags: time-based-sqli,cve,cve2024,wpscan,wordpress,wp-plugin,notificationx,sqli,wpdeveloper + product: notificationx + vendor: wpdeveloper + tags: time-based-sqli,cve,cve2024,wpscan,wordpress,wp-plugin,notificationx,sqli http: - raw: diff --git a/http/cves/2024/CVE-2024-1709.yaml b/http/cves/2024/CVE-2024-1709.yaml index 2710ccb79e5..7774435b425 100644 --- a/http/cves/2024/CVE-2024-1709.yaml +++ b/http/cves/2024/CVE-2024-1709.yaml @@ -17,22 +17,23 @@ info: cvss-score: 10 cve-id: CVE-2024-1709 cwe-id: CWE-288,NVD-CWE-Other - epss-score: 0.94364 - epss-percentile: 0.99952 + epss-score: 0.94464 + epss-percentile: 0.99213 cpe: cpe:2.3:a:connectwise:screenconnect:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: connectwise product: screenconnect - shodan-query: http.favicon.hash:"-82958153" + shodan-query: http.favicon.hash:-82958153 fofa-query: + - app="ScreenConnect-Remote-Support-Software" - app="screenconnect-remote-support-software" - icon_hash=-82958153 - zoomeye-query: - - app="screenconnect remote management software" - - app:"screenconnect remote management software" - hunter-query: app.name="connectwise screenconnect software" + zoomeye-query: app="ScreenConnect Remote Management Software" + hunter-query: + - app.name="ConnectWise ScreenConnect software" + - app.name="connectwise screenconnect software" tags: cve,cve2024,screenconnect,connectwise,auth-bypass,kev variables: string: "{{rand_text_alpha(10)}}" diff --git a/http/cves/2024/CVE-2024-1728.yaml b/http/cves/2024/CVE-2024-1728.yaml index eea3e763bce..0d649dc3b4c 100644 --- a/http/cves/2024/CVE-2024-1728.yaml +++ b/http/cves/2024/CVE-2024-1728.yaml @@ -14,27 +14,19 @@ info: - https://github.com/gradio-app/gradio/commit/16fbe9cd0cffa9f2a824a0165beb43446114eec7 - https://huntr.com/bounties/9bb33b71-7995-425d-91cc-2c2a2f2a068a - https://nvd.nist.gov/vuln/detail/CVE-2024-1728 - - https://github.com/20142995/nuclei-templates - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-1728 cwe-id: CWE-22 - epss-score: 0.70507 - epss-percentile: 0.98582 + epss-score: 0.00044 + epss-percentile: 0.10164 metadata: + max-request: 5 verified: true - max-request: 6 vendor: gradio product: gradio - shodan-query: - - http.html:"__gradio_mode__" - - http.title:"gradio" - fofa-query: - - body="__gradio_mode__" - - title="gradio" - google-query: intitle:"gradio" + shodan-query: html:"__gradio_mode__" tags: cve,cve2024,lfi,gradio,intrusive http: diff --git a/http/cves/2024/CVE-2024-20419.yaml b/http/cves/2024/CVE-2024-20419.yaml index 8a2ed18c77b..e3ae836da93 100644 --- a/http/cves/2024/CVE-2024-20419.yaml +++ b/http/cves/2024/CVE-2024-20419.yaml @@ -19,13 +19,14 @@ info: cvss-score: 10 cve-id: CVE-2024-20419 cwe-id: CWE-620 - epss-score: 0.90016 - epss-percentile: 0.99549 + epss-score: 0.00043 + epss-percentile: 0.09568 metadata: + fofa-query: title="On-Prem License Workspace" verified: true max-request: 4 - fofa-query: title="On-Prem License Workspace" tags: cve,cve2024,cisco,on-prem,ssm,intrusive,account-takeover + flow: http(1) && http(2) && http(3) && http(4) variables: diff --git a/http/cves/2024/CVE-2024-20767.yaml b/http/cves/2024/CVE-2024-20767.yaml index 7ea99f36201..9d1b5e9c7f9 100644 --- a/http/cves/2024/CVE-2024-20767.yaml +++ b/http/cves/2024/CVE-2024-20767.yaml @@ -13,26 +13,19 @@ info: - https://github.com/Praison001/CVE-2024-20767-Adobe-ColdFusion - https://github.com/Hatcat123/my_stars classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N - cvss-score: 7.4 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N + cvss-score: 8.2 cve-id: CVE-2024-20767 - cwe-id: CWE-284,NVD-CWE-noinfo - epss-score: 0.94003 - epss-percentile: 0.99876 - cpe: cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:* + cwe-id: CWE-284 + epss-score: 0.08221 + epss-percentile: 0.94345 + cpe: cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 - vendor: adobe + shodan-query: http.component:"Adobe ColdFusion" product: coldfusion - shodan-query: - - http.component:"adobe coldfusion" - - cpe:"cpe:2.3:a:adobe:coldfusion" - - http.title:"coldfusion administrator login" - fofa-query: - - app="adobe-coldfusion" - - title="coldfusion administrator login" - google-query: intitle:"coldfusion administrator login" + vendor: adobe tags: cve,cve2024,adobe,coldfusion,lfr,kev http: diff --git a/http/cves/2024/CVE-2024-21136.yaml b/http/cves/2024/CVE-2024-21136.yaml index 32c3a10f504..aa13ec393d2 100644 --- a/http/cves/2024/CVE-2024-21136.yaml +++ b/http/cves/2024/CVE-2024-21136.yaml @@ -12,20 +12,19 @@ info: - https://www.oracle.com/security-alerts/cpuapr2024.html - https://www.synacktiv.com/en/advisories/oracle-retail-xstore-suite-pre-authenticated-path-traversal - https://nvd.nist.gov/vuln/detail/CVE-2024-21136 - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N cvss-score: 8.6 cve-id: CVE-2024-21136 - epss-score: 0.27863 - epss-percentile: 0.96177 + epss-score: 0.00158 + epss-percentile: 0.37709 cpe: cpe:2.3:a:oracle:retail_xstore_office:19.0.5:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: oracle product: retail_xstore_office - shodan-query: http.html:"xstoremgwt" + shodan-query: html:"xstoremgwt" tags: cve,cve2024,oracle,xstore,lfi http: diff --git a/http/cves/2024/CVE-2024-21485.yaml b/http/cves/2024/CVE-2024-21485.yaml index 08f3a047858..d7d95def07a 100644 --- a/http/cves/2024/CVE-2024-21485.yaml +++ b/http/cves/2024/CVE-2024-21485.yaml @@ -6,27 +6,24 @@ info: severity: medium description: | Dash framework versions before 2.15.0 are vulnerable to Cross-site Scripting (XSS) via href attribute in anchor tags. This template tests for javascript:alert payload injection. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2024-21485 impact: | Data theft from users who access the compromised view and Access token stealing allowing attacker to impersonate users remediation: | Upgrade to dash version 2.15.0 or later - reference: - - https://nvd.nist.gov/vuln/detail/CVE-2024-21485 - - https://github.com/plotly/dash/releases/tag/v2.15.0 - - https://github.com/fkie-cad/nvd-json-data-feeds classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N - cvss-score: 6.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.4 cve-id: CVE-2024-21485 cwe-id: CWE-79 - epss-score: 0.00322 - epss-percentile: 0.54616 + epss-score: 0.00103 + epss-percentile: 0.43330 cpe: cpe:2.3:a:plotly:dash:*:*:*:*:*:*:*:* metadata: max-request: 2 - vendor: plotly - product: dash tags: cve,cve2024,dash,xss + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-21633.yaml b/http/cves/2024/CVE-2024-21633.yaml index 0de0ac932cb..8adecf46e70 100644 --- a/http/cves/2024/CVE-2024-21633.yaml +++ b/http/cves/2024/CVE-2024-21633.yaml @@ -15,22 +15,19 @@ info: - https://www.qu35t.pw/posts/2024-21633-mobsf-rce/ - https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/19c1b55c2c59596f2d43439926c9dc976cbeaec4 - https://nvd.nist.gov/vuln/detail/CVE-2024-21633 - - https://github.com/0x33c0unt/CVE-2024-21633 classification: cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H cvss-score: 7.8 cve-id: CVE-2024-21633 cwe-id: CWE-22 - epss-score: 0.72467 - epss-percentile: 0.98667 cpe: cpe:2.3:a:apktool:apktool:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 4 - vendor: apktool - product: apktool + verified: true + vendor: mobsf_project + product: mobile-security-framework fofa-query: title="MobSF" - tags: cve,cve2024,mobsf,intrusive,rce,lfi,mobsf_project + tags: cve,cve2024,mobsf,intrusive,rce,lfi http: - raw: diff --git a/http/cves/2024/CVE-2024-21641.yaml b/http/cves/2024/CVE-2024-21641.yaml index 9bb7614720f..7c2852840a8 100644 --- a/http/cves/2024/CVE-2024-21641.yaml +++ b/http/cves/2024/CVE-2024-21641.yaml @@ -23,13 +23,8 @@ info: max-request: 1 vendor: flarum product: flarum - fofa-query: - - header="flarum_session=" - - body="install flarum" - zoomeye-query: app="flarum" - shodan-query: - - cpe:"cpe:2.3:a:flarum:flarum" - - http.html:"install flarum" + fofa-query: header="flarum_session=" + zoomeye-query: app="Flarum" tags: cve,cve2024,flarum,redirect http: diff --git a/http/cves/2024/CVE-2024-21644.yaml b/http/cves/2024/CVE-2024-21644.yaml index e0fce6f24e6..394bfeb1e8f 100644 --- a/http/cves/2024/CVE-2024-21644.yaml +++ b/http/cves/2024/CVE-2024-21644.yaml @@ -18,9 +18,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-21644 - cwe-id: CWE-284,NVD-CWE-noinfo - epss-score: 0.89794 - epss-percentile: 0.99533 + cwe-id: CWE-284 + epss-score: 0.14751 + epss-percentile: 0.95779 cpe: cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:* metadata: verified: true @@ -28,8 +28,9 @@ info: vendor: pyload product: pyload shodan-query: - - http.html:"pyload" + - html:"pyload" - http.title:"login - pyload" + - http.html:"pyload" - http.title:"pyload" fofa-query: - title="login - pyload" @@ -38,9 +39,7 @@ info: google-query: - intitle:"login - pyload" - intitle:"pyload" - zoomeye-query: - - app="pyload" - - app:"pyload" + zoomeye-query: app="pyLoad" tags: cve,cve2024,python,pip,pyload,access-control http: diff --git a/http/cves/2024/CVE-2024-21645.yaml b/http/cves/2024/CVE-2024-21645.yaml index 1bccc4b8678..8ee38fdcb9b 100644 --- a/http/cves/2024/CVE-2024-21645.yaml +++ b/http/cves/2024/CVE-2024-21645.yaml @@ -12,14 +12,13 @@ info: - https://github.com/advisories/GHSA-ghmw-rwh8-6qmr - https://nvd.nist.gov/vuln/detail/CVE-2024-21645 - https://github.com/fkie-cad/nvd-json-data-feeds - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N cvss-score: 5.3 cve-id: CVE-2024-21645 cwe-id: CWE-74 - epss-score: 0.72619 - epss-percentile: 0.98676 + epss-score: 0.0112 + epss-percentile: 0.84559 cpe: cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:* metadata: verified: true @@ -27,9 +26,10 @@ info: vendor: pyload product: pyload shodan-query: - - http.title:"pyload" + - "title:\"pyload\"" - http.title:"login - pyload" - http.html:"pyload" + - http.title:"pyload" fofa-query: - title="login - pyload" - body="pyload" @@ -37,9 +37,7 @@ info: google-query: - intitle:"login - pyload" - intitle:"pyload" - zoomeye-query: - - app="pyload" - - app:"pyload" + zoomeye-query: app="pyLoad" tags: cve,cve2024,pyload,authenticated,injection variables: str: "{{rand_base(6)}}" diff --git a/http/cves/2024/CVE-2024-21650.yaml b/http/cves/2024/CVE-2024-21650.yaml index 295b2f673ff..a281c8eb01a 100644 --- a/http/cves/2024/CVE-2024-21650.yaml +++ b/http/cves/2024/CVE-2024-21650.yaml @@ -13,27 +13,23 @@ info: reference: - https://jira.xwiki.org/browse/XWIKI-21173 - https://nvd.nist.gov/vuln/detail/CVE-2024-21650 - - https://github.com/codeb0ss/CVE-2024-21650-PoC - - https://github.com/felixsta/Using_CVSS - - https://github.com/fkie-cad/nvd-json-data-feeds classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 + cvss-score: 10.0 cve-id: CVE-2024-21650 - cwe-id: CWE-95,CWE-94 - epss-score: 0.93396 - epss-percentile: 0.99802 + cwe-id: CWE-95 + epss-score: 0.0015 + epss-percentile: 0.50461 cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 4 + verified: true vendor: xwiki product: xwiki - shodan-query: - - http.html:"data-xwiki-reference" - - xwiki + shodan-query: html:"data-xwiki-reference" fofa-query: body="data-xwiki-reference" - tags: cve,cve2024,xwiki,rce,intrusive + tags: cve,cve2024,xwiki,rce + variables: user: "{{rand_base(6)}}" pass: "{{rand_base(8)}}" diff --git a/http/cves/2024/CVE-2024-21683.yaml b/http/cves/2024/CVE-2024-21683.yaml index 37fa7066540..e3d1cf85217 100644 --- a/http/cves/2024/CVE-2024-21683.yaml +++ b/http/cves/2024/CVE-2024-21683.yaml @@ -23,10 +23,9 @@ info: metadata: verified: true max-request: 3 - vendor: atlassian + fofa-query: "app=\"ATLASSIAN-Confluence\"" product: confluence_data_center - fofa-query: app="atlassian-confluence" - shodan-query: http.component:"atlassian confluence" + vendor: atlassian tags: cve,cve2024,atlassian,confluence,rce,authenticated,intrusive variables: username: "{{username}}" diff --git a/http/cves/2024/CVE-2024-21887.yaml b/http/cves/2024/CVE-2024-21887.yaml index 18a9774462c..fa193b7d5de 100644 --- a/http/cves/2024/CVE-2024-21887.yaml +++ b/http/cves/2024/CVE-2024-21887.yaml @@ -24,8 +24,9 @@ info: vendor: ivanti product: connect_secure shodan-query: - - http.html:"welcome.cgi?p=logo" + - "html:\"welcome.cgi?p=logo\"" - http.title:"ivanti connect secure" + - http.html:"welcome.cgi?p=logo" fofa-query: - body="welcome.cgi?p=logo" - title="ivanti connect secure" diff --git a/http/cves/2024/CVE-2024-21893.yaml b/http/cves/2024/CVE-2024-21893.yaml index 00adbf15b07..b8a1c5b65d4 100644 --- a/http/cves/2024/CVE-2024-21893.yaml +++ b/http/cves/2024/CVE-2024-21893.yaml @@ -25,8 +25,9 @@ info: vendor: ivanti product: connect_secure shodan-query: - - http.html:"welcome.cgi?p=logo" + - "html:\"welcome.cgi?p=logo\"" - http.title:"ivanti connect secure" + - http.html:"welcome.cgi?p=logo" fofa-query: - body="welcome.cgi?p=logo" - title="ivanti connect secure" diff --git a/http/cves/2024/CVE-2024-22024.yaml b/http/cves/2024/CVE-2024-22024.yaml index 821cbec5cc2..55f3a57e64a 100644 --- a/http/cves/2024/CVE-2024-22024.yaml +++ b/http/cves/2024/CVE-2024-22024.yaml @@ -13,24 +13,14 @@ info: reference: - https://labs.watchtowr.com/are-we-now-part-of-ivanti/ - https://twitter.com/h4x0r_dz/status/1755849867149103106/photo/1 - - https://github.com/laoa1573/wy876 - - https://github.com/0dteam/CVE-2024-22024 - - https://github.com/DMW11525708/wiki - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L - cvss-score: 8.3 - cve-id: CVE-2024-22024 - cwe-id: CWE-611 - epss-score: 0.9432 - epss-percentile: 0.99937 - cpe: cpe:2.3:a:ivanti:connect_secure:9.1:r14.4:*:*:*:*:*:* metadata: max-request: 1 vendor: ivanti product: connect_secure shodan-query: - - http.html:"welcome.cgi?p=logo" + - "html:\"welcome.cgi?p=logo\"" - http.title:"ivanti connect secure" + - http.html:"welcome.cgi?p=logo" fofa-query: - body="welcome.cgi?p=logo" - title="ivanti connect secure" diff --git a/http/cves/2024/CVE-2024-22207.yaml b/http/cves/2024/CVE-2024-22207.yaml index a71d9705aad..2db2f7c0600 100644 --- a/http/cves/2024/CVE-2024-22207.yaml +++ b/http/cves/2024/CVE-2024-22207.yaml @@ -9,27 +9,23 @@ info: reference: - https://security.netapp.com/advisory/ntap-20240216-0002/ - https://nvd.nist.gov/vuln/detail/CVE-2024-22207 - - https://github.com/cyb3r-w0lf/nuclei-template-collection - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2024-22207 cwe-id: CWE-1188 - epss-score: 0.09842 - epss-percentile: 0.92558 + epss-score: 0.00052 + epss-percentile: 0.21263 cpe: cpe:2.3:a:smartbear:swagger_ui:*:*:*:*:*:node.js:*:* metadata: - max-request: 1 vendor: smartbear - product: "swagger_ui" - framework: "node.js" + product: swagger_ui + framework: node.js shodan-query: - - '[http.component:"swagger" http.favicon.hash:"-1180440057"]' - http.component:"swagger" - http.favicon.hash:"-1180440057" fofa-query: icon_hash="-1180440057" - tags: cve,cve2024,swagger-ui,exposure,node.js,smartbear + tags: cve,cve2024,swagger-ui,exposure http: - method: GET diff --git a/http/cves/2024/CVE-2024-22319.yaml b/http/cves/2024/CVE-2024-22319.yaml index ae813b1c97b..4b2e4e63dae 100644 --- a/http/cves/2024/CVE-2024-22319.yaml +++ b/http/cves/2024/CVE-2024-22319.yaml @@ -20,15 +20,12 @@ info: vendor: ibm product: operational_decision_manager shodan-query: + - html:"IBM ODM" - http.html:"ibm odm" - - http.favicon.hash:"707491698" - - http.title:"decision center | business console" fofa-query: + - title="IBM ODM" - title="ibm odm" - body="ibm odm" - - icon_hash="707491698" - - title="decision center | business console" - google-query: intitle:"decision center | business console" tags: cve,cve2024,ibm,odm,decision-manager,jndi,jsf,rce http: diff --git a/http/cves/2024/CVE-2024-22320.yaml b/http/cves/2024/CVE-2024-22320.yaml index d8dc1b8518b..203ac4177cb 100644 --- a/http/cves/2024/CVE-2024-22320.yaml +++ b/http/cves/2024/CVE-2024-22320.yaml @@ -23,15 +23,12 @@ info: vendor: ibm product: operational_decision_manager shodan-query: + - html:"IBM ODM" - http.html:"ibm odm" - - http.favicon.hash:"707491698" - - http.title:"decision center | business console" fofa-query: + - title="IBM ODM" - title="ibm odm" - body="ibm odm" - - icon_hash="707491698" - - title="decision center | business console" - google-query: intitle:"decision center | business console" tags: cve,cve2024,ibm,odm,decision-manager,deserialization,jsf,rce http: diff --git a/http/cves/2024/CVE-2024-22476.yaml b/http/cves/2024/CVE-2024-22476.yaml index 3cb3e32db34..70d6c491374 100644 --- a/http/cves/2024/CVE-2024-22476.yaml +++ b/http/cves/2024/CVE-2024-22476.yaml @@ -9,16 +9,13 @@ info: reference: - https://huntr.com/bounties/300bffa9-b240-4201-a1d9-e3ec8d802e4a - https://nvd.nist.gov/vuln/detail/CVE-2024-22476 - - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01109.html - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cve-id: CVE-2024-22476 cwe-id: CWE-20 - epss-score: 0.3021 - epss-percentile: 0.96408 + epss-score: 0.00043 + epss-percentile: 0.09691 metadata: max-request: 1 tags: cve,cve2024,intel,neural-compressor,sqli,intrusive,file-upload diff --git a/http/cves/2024/CVE-2024-22927.yaml b/http/cves/2024/CVE-2024-22927.yaml index ab6b37b948a..a4ef687d00e 100644 --- a/http/cves/2024/CVE-2024-22927.yaml +++ b/http/cves/2024/CVE-2024-22927.yaml @@ -18,17 +18,14 @@ info: cvss-score: 6.1 cve-id: CVE-2024-22927 cwe-id: CWE-79 - epss-score: 0.0168 - epss-percentile: 0.81263 + epss-score: 0.10809 + epss-percentile: 0.95082 cpe: cpe:2.3:a:eyoucms:eyoucms:1.6.5:*:*:*:*:*:*:* metadata: max-request: 1 vendor: eyoucms product: eyoucms - fofa-query: - - "title=\"eyoucms\"" - - icon_hash="-614262549" - shodan-query: http.favicon.hash:"-614262549" + fofa-query: "title=\"eyoucms\"" tags: cve2024,cve,eyoucms,cms,xss http: diff --git a/http/cves/2024/CVE-2024-23163.yaml b/http/cves/2024/CVE-2024-23163.yaml index db4f3e9e60c..e43d3540a13 100644 --- a/http/cves/2024/CVE-2024-23163.yaml +++ b/http/cves/2024/CVE-2024-23163.yaml @@ -21,12 +21,11 @@ info: verified: true max-request: 1 vendor: gestsup + fofa-query: title="GestSup" + shodan-query: http.favicon.hash:-283003760 product: gestsup - shodan-query: http.favicon.hash:"-283003760" - fofa-query: - - title="gestsup" - - icon_hash=-283003760 tags: cve,cve2024,account-takeover,gestsup + variables: email: "{{randstr}}@{{rand_base(5)}}.com" firstname: "{{rand_base(5)}}" diff --git a/http/cves/2024/CVE-2024-23167.yaml b/http/cves/2024/CVE-2024-23167.yaml index 231b592acba..076b54a155d 100644 --- a/http/cves/2024/CVE-2024-23167.yaml +++ b/http/cves/2024/CVE-2024-23167.yaml @@ -22,11 +22,8 @@ info: max-request: 3 vendor: gestsup product: gestsup - fofa-query: - - icon_hash=-283003760 - - title="gestsup" - shodan-query: http.favicon.hash:"-283003760" tags: cve2024,cve,xss,gestsup + variables: formatted_date: "{{date_time('2006/01/02')}}" diff --git a/http/cves/2024/CVE-2024-2330.yaml b/http/cves/2024/CVE-2024-2330.yaml index 3c29ca9db21..96c6bcfcf48 100644 --- a/http/cves/2024/CVE-2024-2330.yaml +++ b/http/cves/2024/CVE-2024-2330.yaml @@ -17,17 +17,12 @@ info: cvss-score: 6.3 cve-id: CVE-2024-2330 cwe-id: CWE-89 - epss-score: 0.91566 - epss-percentile: 0.99642 - cpe: cpe:2.3:a:netentsec:application_security_gateway:6.3:*:*:*:*:*:*:* + epss-score: 0.00045 + epss-percentile: 0.15866 metadata: - max-request: 1 - vendor: netentsec - product: application_security_gateway - shodan-query: "http.title:“NS-ASG”" - fofa-query: - - app="网康科技-ns-asg安全网关" - - ns-icg + max-request: 2 + shodan-query: http.title:“NS-ASG” + fofa-query: app="网康科技-NS-ASG安全网关" tags: cve,cve2024,ns-asg,sqli http: diff --git a/http/cves/2024/CVE-2024-23334.yaml b/http/cves/2024/CVE-2024-23334.yaml index 1993171c4e9..9e199b4783a 100644 --- a/http/cves/2024/CVE-2024-23334.yaml +++ b/http/cves/2024/CVE-2024-23334.yaml @@ -3,22 +3,20 @@ id: CVE-2024-23334 info: name: aiohttp - Directory Traversal author: DhiyaneshDk - severity: medium + severity: high description: | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue. reference: - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/ - https://x.com/W01fh4cker/status/1762491210953060827?s=20 - - https://github.com/Betan423/CVE-2024-23334-PoC - - https://github.com/anneelv/htb-chemistry classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 5.9 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 cve-id: CVE-2024-23334 cwe-id: CWE-22 - epss-score: 0.93393 - epss-percentile: 0.99802 + epss-score: 0.00073 + epss-percentile: 0.29411 cpe: cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2024/CVE-2024-2340.yaml b/http/cves/2024/CVE-2024-2340.yaml index ce525dff9aa..94181a89b7b 100644 --- a/http/cves/2024/CVE-2024-2340.yaml +++ b/http/cves/2024/CVE-2024-2340.yaml @@ -12,20 +12,15 @@ info: - https://avada.com/documentation/avada-changelog/ - https://www.wordfence.com/threat-intel/vulnerabilities/id/8db8bbc3-43ca-4ef5-a44d-2987c8597961?source=cve - https://nvd.nist.gov/vuln/detail/CVE-2024-2340 - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2024-2340 - epss-score: 0.59675 - epss-percentile: 0.98112 - cpe: cpe:2.3:a:theme-fusion:avada:*:*:*:*:*:wordpress:*:* + epss-score: 0.00053 + epss-percentile: 0.21091 metadata: verified: true max-request: 1 - vendor: theme-fusion - product: avada - framework: wordpress tags: cve,cve2024,wp-theme,wp,wordpress,wpscan,avada,exposure http: diff --git a/http/cves/2024/CVE-2024-23917.yaml b/http/cves/2024/CVE-2024-23917.yaml index 2979897fd01..99c16e6c1ef 100644 --- a/http/cves/2024/CVE-2024-23917.yaml +++ b/http/cves/2024/CVE-2024-23917.yaml @@ -9,16 +9,13 @@ info: reference: - https://github.com/fkie-cad/nvd-json-data-feeds - https://www.rapid7.com/db/vulnerabilities/jetbrains-teamcity-cve-2024-23917/ - - https://github.com/Ostorlab/KEV - - https://github.com/Y4tacker/JavaSec - - https://github.com/crisprss/CVEs classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-23917 - cwe-id: CWE-288,CWE-306 - epss-score: 0.94417 - epss-percentile: 0.99975 + cwe-id: CWE-306,CWE-288 + epss-score: 0.04384 + epss-percentile: 0.92363 cpe: cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:* metadata: verified: true @@ -26,7 +23,7 @@ info: vendor: jetbrains product: teamcity shodan-query: - - http.title:"teamcity" + - "http.title:teamcity" - http.component:"teamcity" fofa-query: "title=teamcity" google-query: "intitle:teamcity" diff --git a/http/cves/2024/CVE-2024-24112.yaml b/http/cves/2024/CVE-2024-24112.yaml index 32250c032e7..a9b69227da5 100644 --- a/http/cves/2024/CVE-2024-24112.yaml +++ b/http/cves/2024/CVE-2024-24112.yaml @@ -22,8 +22,9 @@ info: max-request: 1 vendor: exrick product: xmall - fofa-query: app="xmall-后台管理系统" - tags: cve,cve2024,xmall,sqli,exrick + fofa-query: app="XMall-后台管理系统" + tags: cve,cve2024,xmall,sqli + variables: num: "{{rand_int(9000000, 9999999)}}" diff --git a/http/cves/2024/CVE-2024-24116.yaml b/http/cves/2024/CVE-2024-24116.yaml index a1f2863c9fc..d62305c6f08 100644 --- a/http/cves/2024/CVE-2024-24116.yaml +++ b/http/cves/2024/CVE-2024-24116.yaml @@ -10,22 +10,20 @@ info: - https://github.com/zty-1995/RG-NBS2009G-P-switch/tree/main/Unauthorized%20Access%20Vulnerability - https://gist.github.com/zty-1995/7a5e3ad0eb3b6c44db1a6eb4092893d3 - https://nvd.nist.gov/vuln/detail/CVE-2024-24116 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-24116 cwe-id: CWE-287 - epss-score: 0.76642 - epss-percentile: 0.98872 + epss-score: 0.00106 + epss-percentile: 0.44559 cpe: cpe:2.3:o:ruijie:rg-nbs2009g-p_firmware:10.4\(1\)p2_release\(9736\):*:*:*:*:*:*:* metadata: verified: true max-request: 1 - vendor: ruijie - product: rg-nbs2009g-p_firmware fofa-query: body="ruijie.com.cn" + vendor: ruijie + product: rg-nbs2009g-p, rg-nbs2009g-p_firmware tags: ruijie,cve,cve2024,exposure,bac http: diff --git a/http/cves/2024/CVE-2024-24131.yaml b/http/cves/2024/CVE-2024-24131.yaml index a00ddee40fd..5114fd4409f 100644 --- a/http/cves/2024/CVE-2024-24131.yaml +++ b/http/cves/2024/CVE-2024-24131.yaml @@ -14,15 +14,17 @@ info: cvss-score: 6.1 cve-id: CVE-2024-24131 cwe-id: CWE-79 - epss-score: 0.10114 - epss-percentile: 0.92691 + epss-score: 0.00046 + epss-percentile: 0.15655 cpe: cpe:2.3:a:superwebmailer:superwebmailer:9.31.0.01799:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: superwebmailer product: superwebmailer - shodan-query: http.title:"superwebmailer" + shodan-query: + - title:"SuperWebMailer" + - http.title:"superwebmailer" fofa-query: title="superwebmailer" google-query: intitle:"superwebmailer" tags: cve,cve2024,superwebmailer,xss diff --git a/http/cves/2024/CVE-2024-24565.yaml b/http/cves/2024/CVE-2024-24565.yaml index 10610219fa1..c50a88b1f56 100644 --- a/http/cves/2024/CVE-2024-24565.yaml +++ b/http/cves/2024/CVE-2024-24565.yaml @@ -16,11 +16,12 @@ info: cpe: cpe:2.3:a:cratedb:cratedb:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 3 + max-request: 1 vendor: cratedb product: cratedb - fofa-query: title="cratedb" + fofa-query: title="CrateDB" tags: cve,cve2024,cratedb,lfi,exposure,intrusive + variables: table_name: "{{to_lower(rand_text_alpha(8))}}" diff --git a/http/cves/2024/CVE-2024-2473.yaml b/http/cves/2024/CVE-2024-2473.yaml index 79a5a990924..019a5a1503d 100644 --- a/http/cves/2024/CVE-2024-2473.yaml +++ b/http/cves/2024/CVE-2024-2473.yaml @@ -9,29 +9,20 @@ info: reference: - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wps-hide-login/wps-hide-login-19152-login-page-disclosure - https://nvd.nist.gov/vuln/detail/CVE-2024-2473 - - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd21c7d3-a5f1-4c3a-b6ab-0a979f070a62?source=cve - - https://github.com/ARPSyndicate/cve-scores - - https://github.com/whattheslime/wps-show-login classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2024-2473 cwe-id: CWE-200 - epss-score: 0.04485 - epss-percentile: 0.88528 cpe: cpe:2.3:a:wpserveur:wps_hide_login:*:*:*:*:*:wordpress:*:* metadata: + max-request: 1 verified: true - max-request: 2 + fofa-query: body="/wp-content/plugins/wps-hide-login" vendor: wpserveur - product: wps_hide_login - framework: wordpress - fofa-query: - - body="/wp-content/plugins/wps-hide-login" - - body=/wp-content/plugins/wps-hide-login/ - publicwww-query: /wp-content/plugins/wps-hide-login/ - shodan-query: http.html:"/wp-content/plugins/wps-hide-login/" - tags: cve,cve2024,wordpress,wp-plugin,wp,disclosure,wps-hide-login,wpserveur + product: wps-hide-login + tags: cve,cve2024,wordpress,wp-plugin,wp,disclosure,wps-hide-login + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-24759.yaml b/http/cves/2024/CVE-2024-24759.yaml index f26fb42a90e..ef5f62dbf02 100644 --- a/http/cves/2024/CVE-2024-24759.yaml +++ b/http/cves/2024/CVE-2024-24759.yaml @@ -22,11 +22,12 @@ info: epss-percentile: 0.37577 cpe: cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:* metadata: - max-request: 2 + max-request: 1 vendor: mindsdb product: mindsdb - shodan-query: http.title:"mindsdb" + shodan-query: title:"mindsdb" tags: cve,cve2024,mindsdb,ssrf,dns-rebinding,oast + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-24763.yaml b/http/cves/2024/CVE-2024-24763.yaml index af22ff2f2b4..5d38aeb5b18 100644 --- a/http/cves/2024/CVE-2024-24763.yaml +++ b/http/cves/2024/CVE-2024-24763.yaml @@ -16,17 +16,12 @@ info: cwe-id: CWE-601 cpe: cpe:2.3:a:smartbear:swagger_ui:*:*:*:*:*:*:*:* metadata: - max-request: 3 + max-request: 1 vendor: fit2cloud product: jumpserver fofa-query: - - '[title="jumpserver" title="jumpserver"]' + - title="JumpServer" - title="jumpserver" - shodan-query: http.title:'jumpserver' - google-query: intitle:'jumpserver' - zoomeye-query: - - app="jumpserver bastion host" - - title:'jumpserver' tags: cve2024,cve,jumpserver,redirect,fit2cloud,authenticated http: diff --git a/http/cves/2024/CVE-2024-24809.yaml b/http/cves/2024/CVE-2024-24809.yaml index 30bd1448805..abfd512f7f8 100644 --- a/http/cves/2024/CVE-2024-24809.yaml +++ b/http/cves/2024/CVE-2024-24809.yaml @@ -20,12 +20,12 @@ info: cpe: cpe:2.3:a:traccar:traccar:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 7 - vendor: traccar + max-request: 1 + shodan-query: html:"Traccar" product: traccar - shodan-query: http.html:"traccar" - fofa-query: body="traccar" + vendor: traccar tags: cve,cve2024,traccar,rce,intrusive,file-upload + variables: name: "{{rand_base(6)}}" password: "{{rand_base(8)}}" diff --git a/http/cves/2024/CVE-2024-24919.yaml b/http/cves/2024/CVE-2024-24919.yaml index ac1961d1385..47802c4adf5 100644 --- a/http/cves/2024/CVE-2024-24919.yaml +++ b/http/cves/2024/CVE-2024-24919.yaml @@ -16,15 +16,15 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N cvss-score: 8.6 cve-id: CVE-2024-24919 - cwe-id: CWE-200,NVD-CWE-noinfo - epss-score: 0.94327 - epss-percentile: 0.99939 - cpe: cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:*:*:*:*:*:*:* + cwe-id: CWE-200 + epss-score: 0.94543 + epss-percentile: 0.99271 + cpe: cpe:2.3:h:checkpoint:quantum_security_gateway:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: checkpoint - product: quantum_security_gateway_firmware + product: quantum_security_gateway shodan-query: - html:"Check Point SSL Network" - http.html:"check point ssl network" diff --git a/http/cves/2024/CVE-2024-25669.yaml b/http/cves/2024/CVE-2024-25669.yaml index 5367aefa62d..ef459fe2f56 100644 --- a/http/cves/2024/CVE-2024-25669.yaml +++ b/http/cves/2024/CVE-2024-25669.yaml @@ -25,7 +25,9 @@ info: max-request: 1 vendor: a360inc product: caseaware - fofa-query: title="caseaware" + fofa-query: + - title="CaseAware" + - title="caseaware" tags: cve,cve2024,xss,caseaware,a360inc http: diff --git a/http/cves/2024/CVE-2024-25735.yaml b/http/cves/2024/CVE-2024-25735.yaml index 7c6700785aa..d5e23991d81 100644 --- a/http/cves/2024/CVE-2024-25735.yaml +++ b/http/cves/2024/CVE-2024-25735.yaml @@ -3,7 +3,7 @@ id: CVE-2024-25735 info: name: WyreStorm Apollo VX20 - Information Disclosure author: johnk3r - severity: critical + severity: high description: | An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext credentials for the SoftAP (access point) Router /device/config using an HTTP GET request. reference: @@ -13,18 +13,16 @@ info: - https://hyp3rlinx.altervista.org - https://github.com/codeb0ss/CVE-2024-25735-PoC classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N - cvss-score: 9.1 - cve-id: CVE-2024-25735 - cwe-id: CWE-319 - epss-score: 0.86097 - epss-percentile: 0.99341 + epss-score: 0.00381 + epss-percentile: 0.72907 metadata: verified: true max-request: 1 vendor: wyrestorm product: apollo vx20 - shodan-query: ssl:"wyrestorm apollo vx20" + shodan-query: + - ssl:"WyreStorm Apollo VX20" + - ssl:"wyrestorm apollo vx20" tags: packetstorm,cve,cve2024,wyrestorm,info-leak http: diff --git a/http/cves/2024/CVE-2024-25852.yaml b/http/cves/2024/CVE-2024-25852.yaml index 410774547e1..3c3d49df06d 100644 --- a/http/cves/2024/CVE-2024-25852.yaml +++ b/http/cves/2024/CVE-2024-25852.yaml @@ -16,10 +16,11 @@ info: epss-percentile: 0.0866 metadata: verified: true - max-request: 2 + max-request: 1 vendor: Linksys product: RE7000 - tags: cve,cve2024,unauth,injection,Linksys,intrusive + tags: cve,cve2024,unauth,injection + variables: filename: "{{rand_base(5)}}" diff --git a/http/cves/2024/CVE-2024-2621.yaml b/http/cves/2024/CVE-2024-2621.yaml index 535cedc0b04..6f181ec5f6e 100644 --- a/http/cves/2024/CVE-2024-2621.yaml +++ b/http/cves/2024/CVE-2024-2621.yaml @@ -18,14 +18,11 @@ info: cvss-score: 6.3 cve-id: CVE-2024-2621 cwe-id: CWE-89 - epss-score: 0.12205 - epss-percentile: 0.93465 - cpe: cpe:2.3:a:kelixin_communication_command_and_dispatch_project:kelixin_communication_command_and_dispatch:*:*:*:*:*:*:*:* + epss-score: 0.00045 + epss-percentile: 0.15047 metadata: verified: true max-request: 1 - vendor: kelixin_communication_command_and_dispatch_project - product: kelixin_communication_command_and_dispatch fofa-query: body="app/structure/departments.php" || app="指挥调度管理平台" tags: time-based-sqli,cve,cve2024,sqli,fujian,rce diff --git a/http/cves/2024/CVE-2024-26331.yaml b/http/cves/2024/CVE-2024-26331.yaml index f04291283b7..d0789d1501d 100644 --- a/http/cves/2024/CVE-2024-26331.yaml +++ b/http/cves/2024/CVE-2024-26331.yaml @@ -11,14 +11,9 @@ info: - https://sensepost.com/blog/2024/from-discovery-to-disclosure-recrystallize-server-vulnerabilities/ - https://www.recrystallize.com/merchant/ReCrystallize-Server-for-Crystal-Reports.htm - https://github.com/Ostorlab/KEV - - https://github.com/ARPSyndicate/cve-scores classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2024-26331 - cwe-id: CWE-287 - epss-score: 0.56036 - epss-percentile: 0.97939 + epss-score: 0.00053 + epss-percentile: 0.21091 metadata: verified: true max-request: 1 diff --git a/http/cves/2024/CVE-2024-27115.yaml b/http/cves/2024/CVE-2024-27115.yaml index dd563e3809f..638de3c842d 100644 --- a/http/cves/2024/CVE-2024-27115.yaml +++ b/http/cves/2024/CVE-2024-27115.yaml @@ -11,15 +11,14 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2024-27115 classification: cvss-metrics: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:I/V:C/RE:M/U:Red - cvss-score: 10 + cvss-score: 10.0 cve-id: CVE-2024-27115 cwe-id: CWE-434 epss-score: 0.00091 - epss-percentile: 0.4063 + epss-percentile: 0.40630 cpe: cpe:2.3:a:soplanning:soplanning:*:*:*:*:*:*:*:* - metadata: - max-request: 3 tags: cve,cve2024,soplanning,rce,authenticated,file-upload,intrusive + variables: username: "{{username}}" password: "{{password}}" diff --git a/http/cves/2024/CVE-2024-27198.yaml b/http/cves/2024/CVE-2024-27198.yaml index d40bd8e31c0..f3f0e9856eb 100644 --- a/http/cves/2024/CVE-2024-27198.yaml +++ b/http/cves/2024/CVE-2024-27198.yaml @@ -16,9 +16,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-27198 - cwe-id: CWE-288,NVD-CWE-Other - epss-score: 0.94579 - epss-percentile: 1 + cwe-id: CWE-288 + epss-score: 0.97209 + epss-percentile: 0.99812 cpe: cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:* metadata: verified: true @@ -26,8 +26,9 @@ info: vendor: jetbrains product: teamcity shodan-query: + - http.component:"TeamCity" + - http.title:teamcity - http.component:"teamcity" - - http.title:"teamcity" fofa-query: title=teamcity google-query: intitle:teamcity tags: cve,cve2024,teamcity,jetbrains,auth-bypass,kev diff --git a/http/cves/2024/CVE-2024-27199.yaml b/http/cves/2024/CVE-2024-27199.yaml index f7b3559d85a..88d6b66080c 100644 --- a/http/cves/2024/CVE-2024-27199.yaml +++ b/http/cves/2024/CVE-2024-27199.yaml @@ -17,13 +17,9 @@ info: metadata: verified: true max-request: 3 - vendor: jetbrains + shodan-query: http.component:"TeamCity" product: teamcity - shodan-query: - - http.component:"teamcity" - - http.title:"teamcity" - fofa-query: title=teamcity - google-query: intitle:teamcity + vendor: jetbrains tags: cve,cve2024,teamcity,jetbrains,auth-bypass http: diff --git a/http/cves/2024/CVE-2024-27292.yaml b/http/cves/2024/CVE-2024-27292.yaml index f5b38bac1d4..8c01ef0cb18 100644 --- a/http/cves/2024/CVE-2024-27292.yaml +++ b/http/cves/2024/CVE-2024-27292.yaml @@ -10,15 +10,13 @@ info: - https://tantosec.com/blog/docassemble/ - https://github.com/jhpyle/docassemble/security/advisories/GHSA-jq57-3w7p-vwvv - https://github.com/jhpyle/docassemble/commit/97f77dc486a26a22ba804765bfd7058aabd600c9 - - https://github.com/wy876/wiki - - https://github.com/12442RF/POC classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-27292 cwe-id: CWE-706 - epss-score: 0.93506 - epss-percentile: 0.99816 + epss-score: 0.00043 + epss-percentile: 0.0866 metadata: verified: true max-request: 1 diff --git a/http/cves/2024/CVE-2024-27348.yaml b/http/cves/2024/CVE-2024-27348.yaml index 4c4ae3a05dc..d27f4e27ef7 100644 --- a/http/cves/2024/CVE-2024-27348.yaml +++ b/http/cves/2024/CVE-2024-27348.yaml @@ -3,7 +3,7 @@ id: CVE-2024-27348 info: name: Apache HugeGraph-Server - Remote Command Execution author: DhiyaneshDK - severity: critical + severity: high description: | Apache HugeGraph-Server is an open-source graph database that provides a scalable and high-performance solution for managing and analyzing large-scale graph data. It is commonly used in Java8 and Java11 environments. However, versions prior to 1.3.0 are vulnerable to a remote command execution (RCE) vulnerability in the gremlin component. reference: @@ -14,18 +14,13 @@ info: - https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2024-27348 - https://nvd.nist.gov/vuln/detail/CVE-2024-27348 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 cve-id: CVE-2024-27348 - cwe-id: CWE-284,NVD-CWE-noinfo - epss-score: 0.94251 - epss-percentile: 0.99919 - cpe: cpe:2.3:a:apache:hugegraph:*:*:*:*:*:*:*:* + cwe-id: CWE-77 + epss-score: 0.00045 + epss-percentile: 0.15047 metadata: verified: true max-request: 1 - vendor: apache - product: hugegraph shodan-query: title:"HugeGraph" fofa-query: title="HugeGraph" tags: cve,cve2024,hugegraph,rce,apache,kev diff --git a/http/cves/2024/CVE-2024-27497.yaml b/http/cves/2024/CVE-2024-27497.yaml index 3f335ff900f..dfe8fc1953c 100644 --- a/http/cves/2024/CVE-2024-27497.yaml +++ b/http/cves/2024/CVE-2024-27497.yaml @@ -16,12 +16,8 @@ info: - https://github.com/Ostorlab/KEV - https://github.com/fkie-cad/nvd-json-data-feeds classification: - cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 - cve-id: CVE-2024-27497 - cwe-id: CWE-284 - epss-score: 0.84338 - epss-percentile: 0.99251 + epss-score: 0.00053 + epss-percentile: 0.21091 metadata: verified: true max-request: 1 diff --git a/http/cves/2024/CVE-2024-27564.yaml b/http/cves/2024/CVE-2024-27564.yaml index b541208d12e..8be9c413e05 100644 --- a/http/cves/2024/CVE-2024-27564.yaml +++ b/http/cves/2024/CVE-2024-27564.yaml @@ -3,30 +3,21 @@ id: CVE-2024-27564 info: name: ChatGPT个人专用版 - Server Side Request Forgery author: DhiyaneshDK - severity: medium + severity: high description: | A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter. reference: - https://github.com/dirk1983/chatgpt/issues/114 - https://nvd.nist.gov/vuln/detail/CVE-2024-27564 - - https://web.archive.org/save/https://github.com/dirk1983/chatgpt/blob/f9f4bbc99eed7210b291ec116bd57b3d8276bee5/README.md - - https://web.archive.org/save/https://github.com/dirk1983/chatgpt/issues/114 - - https://web.archive.org/web/20250320031248/https://mm1.ltd/ classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N - cvss-score: 5.8 - cve-id: CVE-2024-27564 - cwe-id: CWE-918 - epss-score: 0.91787 - epss-percentile: 0.99658 - cpe: cpe:2.3:a:dirk1983:chatgpt:2023-05-23:*:*:*:*:*:*:* + cpe: cpe:2.3:a:chanzhaoyu:chatgpt_web:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 - vendor: dirk1983 - product: chatgpt + vendor: chanzhaoyu + product: chatgpt_web fofa-query: "title=\"ChatGPT个人专用版\"" - tags: cve,cve2024,chatgpt,ssrf,oast,oos,lfi,chanzhaoyu + tags: cve,cve2024,chatgpt,ssrf,oast,oos,lfi http: - method: GET diff --git a/http/cves/2024/CVE-2024-27956.yaml b/http/cves/2024/CVE-2024-27956.yaml index a263f5b733a..f043f693b7b 100644 --- a/http/cves/2024/CVE-2024-27956.yaml +++ b/http/cves/2024/CVE-2024-27956.yaml @@ -19,15 +19,11 @@ info: cvss-score: 9.9 cve-id: CVE-2024-27956 cwe-id: CWE-89 - epss-score: 0.9342 - epss-percentile: 0.99805 - cpe: cpe:2.3:a:valvepress:automatic:*:*:*:*:*:wordpress:*:* + epss-score: 0.0005 + epss-percentile: 0.1901 metadata: verified: true max-request: 1 - vendor: valvepress - product: automatic - framework: wordpress publicwww-query: "wp-content/plugins/wp-automatic" tags: time-based-sqli,cve,cve2024,sqli,wordpress,wpscan,wp-automatic diff --git a/http/cves/2024/CVE-2024-28397.yaml b/http/cves/2024/CVE-2024-28397.yaml index 0f5c1752739..0137ff0f1ee 100644 --- a/http/cves/2024/CVE-2024-28397.yaml +++ b/http/cves/2024/CVE-2024-28397.yaml @@ -9,35 +9,22 @@ info: reference: - https://github.com/advisories/GHSA-r9pp-r4xf-597r - https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape - - https://github.com/Marven11 - - https://github.com/20142995/nuclei-templates - - https://github.com/CYBER-WARRIOR-SEC/CVE-2024-28397-js2py-Sandbox-Escape classification: cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L cvss-score: 5.3 cve-id: CVE-2024-28397 cwe-id: CWE-94 - epss-score: 0.54777 - epss-percentile: 0.97873 + epss-score: 0.00043 + epss-percentile: 0.09572 metadata: verified: true max-request: 1 vendor: pyload product: pyload - shodan-query: - - http.html:"pyload" - - http.title:"login - pyload" - - http.title:"pyload" - fofa-query: - - body="pyload" - - title="login - pyload" - - title="pyload" - google-query: - - intitle:"pyload" - - intitle:"login - pyload" - zoomeye-query: - - app="pyload" - - app:"pyload" + shodan-query: http.html:"pyload" + fofa-query: body="pyload" + google-query: intitle:"pyload" + zoomeye-query: app="pyLoad" tags: cve,cve2024,pyload,js2py,rce,oast http: diff --git a/http/cves/2024/CVE-2024-2876.yaml b/http/cves/2024/CVE-2024-2876.yaml index b6bb0e170f1..40d5a4bd02a 100644 --- a/http/cves/2024/CVE-2024-2876.yaml +++ b/http/cves/2024/CVE-2024-2876.yaml @@ -9,15 +9,6 @@ info: reference: - https://nvd.nist.gov/vuln/detail/CVE-2024-2876 - https://www.wordfence.com/blog/2024/04/1250-bounty-awarded-for-unauthenticated-sql-injection-vulnerability-patched-in-email-subscribers-by-icegram-express-wordpress-plugin/ - - https://github.com/WordpressPluginDirectory/email-subscribers/blob/main/email-subscribers/lite/admin/class-email-subscribers-admin.php#L1433 - - https://github.com/WordpressPluginDirectory/email-subscribers/blob/main/email-subscribers/lite/includes/classes/class-ig-es-subscriber-query.php#L304 - - https://plugins.trac.wordpress.org/changeset/3060251/email-subscribers/trunk/lite/includes/classes/class-ig-es-subscriber-query.php - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2024-2876 - epss-score: 0.92069 - epss-percentile: 0.99682 metadata: verified: true max-request: 1 diff --git a/http/cves/2024/CVE-2024-2879.yaml b/http/cves/2024/CVE-2024-2879.yaml index 5a969920669..d3c2469cdd6 100644 --- a/http/cves/2024/CVE-2024-2879.yaml +++ b/http/cves/2024/CVE-2024-2879.yaml @@ -3,7 +3,7 @@ id: CVE-2024-2879 info: name: WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection author: d4ly - severity: critical + severity: high description: | The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. remediation: Fixed in 7.10.1 @@ -14,22 +14,20 @@ info: - https://layerslider.com/release-log/ - https://www.wordfence.com/threat-intel/vulnerabilities/id/3fddf96e-029c-4753-ba82-043ca64b78d3?source=cve classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 cve-id: CVE-2024-2879 cwe-id: CWE-89 - epss-score: 0.93545 - epss-percentile: 0.99822 - cpe: cpe:2.3:a:kreaturamedia:layerslider:7.9.11:*:*:*:*:wordpress:*:* + epss-score: 0.00492 + epss-percentile: 0.76133 + cpe: cpe:2.3:a:layerslider:layerslider:7.9.11:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 2 - vendor: kreaturamedia + vendor: layerslider product: layerslider framework: wordpress - publicwww-query: /wp-content/plugins/layerslider/ - shodan-query: http.html:"/wp-content/plugins/layerslider/" - fofa-query: body=/wp-content/plugins/layerslider/ + publicwww-query: "/wp-content/plugins/LayerSlider/" tags: time-based-sqli,cve,cve2024,wp-plugin,wp,wordpress,layerslider,sqli flow: http(1) && http(2) diff --git a/http/cves/2024/CVE-2024-28987.yaml b/http/cves/2024/CVE-2024-28987.yaml index dfd770c39a9..1897fbe87b9 100644 --- a/http/cves/2024/CVE-2024-28987.yaml +++ b/http/cves/2024/CVE-2024-28987.yaml @@ -10,23 +10,19 @@ info: - https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2 - https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987 - https://nvd.nist.gov/vuln/detail/CVE-2024-28987 - - https://www.theregister.com/2024/08/22/hardcoded_credentials_bug_solarwinds_whd/ - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 9.1 cve-id: CVE-2024-28987 cwe-id: CWE-798 - epss-score: 0.94221 - epss-percentile: 0.99913 - cpe: cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:* + epss-score: 0.00091 + epss-percentile: 0.39649 metadata: verified: true max-request: 1 - vendor: solarwinds - product: web_help_desk shodan-query: http.favicon.hash:1895809524 tags: cve,cve2024,exposure,solarwinds,help-desk,kev + variables: username: "helpdeskIntegrationUser" password: "dev-C4F8025E7" diff --git a/http/cves/2024/CVE-2024-28995.yaml b/http/cves/2024/CVE-2024-28995.yaml index f968cf41287..aa63f4c5133 100644 --- a/http/cves/2024/CVE-2024-28995.yaml +++ b/http/cves/2024/CVE-2024-28995.yaml @@ -10,27 +10,19 @@ info: - https://attackerkb.com/topics/2k7UrkHyl3/cve-2024-28995/rapid7-analysis - https://nvd.nist.gov/vuln/detail/CVE-2024-28995 - https://x.com/stephenfewer/status/1801191416741130575 - - https://github.com/ggfzx/CVE-2024-28995 - - https://github.com/huseyinstif/CVE-2024-28995-Nuclei-Template classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 cve-id: CVE-2024-28995 cwe-id: CWE-22 - epss-score: 0.94444 - epss-percentile: 0.99988 cpe: cpe:2.3:a:solarwinds:serv-u:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: solarwinds product: serv-u - shodan-query: - - http.html:"serv-u" - - product:"rhinosoft serv-u httpd" - fofa-query: - - server="serv-u" - - body="serv-u" + shodan-query: html:"Serv-U" + fofa-query: server="Serv-U" tags: cve,cve2024,lfi,solarwinds,serv-u,kev http: diff --git a/http/cves/2024/CVE-2024-29059.yaml b/http/cves/2024/CVE-2024-29059.yaml index 2a8f3b94c86..93232fa1a80 100644 --- a/http/cves/2024/CVE-2024-29059.yaml +++ b/http/cves/2024/CVE-2024-29059.yaml @@ -16,14 +16,16 @@ info: cvss-score: 7.5 cve-id: CVE-2024-29059 cwe-id: CWE-209 - epss-score: 0.93675 - epss-percentile: 0.99834 - cpe: cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:* + epss-score: 0.01259 + epss-percentile: 0.85581 + cpe: cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: microsoft product: .net_framework - shodan-query: server:"ms .net remoting" + shodan-query: + - 'Server: MS .NET Remoting' + - "server: ms .net remoting" tags: cve,cve2024,dotnet,microsoft,remoting,deserialization,kev http: diff --git a/http/cves/2024/CVE-2024-29269.yaml b/http/cves/2024/CVE-2024-29269.yaml index 439bfed68b9..da3dcfa6251 100644 --- a/http/cves/2024/CVE-2024-29269.yaml +++ b/http/cves/2024/CVE-2024-29269.yaml @@ -3,7 +3,7 @@ id: CVE-2024-29269 info: name: Telesquare TLR-2005KSH - Remote Command Execution author: ritikchaddha - severity: high + severity: critical description: | Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea's Telesquare company.Telesquare TLR-2005Ksh versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit this vulnerability to execute system commands without authorization through the Cmd parameter and obtain server permissions. reference: @@ -13,24 +13,17 @@ info: - https://github.com/YongYe-Security/CVE-2024-29269 - https://github.com/nomi-sec/PoC-in-GitHub classification: - cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2024-29269 - cwe-id: CWE-77 - epss-score: 0.93019 - epss-percentile: 0.99765 + epss-score: 0.00054 + epss-percentile: 0.21518 cpe: cpe:2.3:h:telesquare:tlr-2005ksh:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: telesquare + shodan-query: title:"Login to TLR-2005KSH" product: tlr-2005ksh - shodan-query: - - http.title:"login to tlr-2005ksh" - - http.html:"tlr-2005ksh" - fofa-query: - - body="tlr-2005ksh" - - title="login to tlr-2005ksh" - google-query: intitle:"login to tlr-2005ksh" + vendor: telesquare tags: cve,cve2024,telesquare,tlr,rce http: diff --git a/http/cves/2024/CVE-2024-29272.yaml b/http/cves/2024/CVE-2024-29272.yaml index d757652bfdf..efab617ad04 100644 --- a/http/cves/2024/CVE-2024-29272.yaml +++ b/http/cves/2024/CVE-2024-29272.yaml @@ -11,23 +11,22 @@ info: - https://github.com/givanz/VvvebJs/issues/343 - https://nvd.nist.gov/vuln/detail/CVE-2024-29272 - https://vuldb.com/?id.257680 - - https://github.com/givanz/VvvebJs/commit/c6422cfd4d835c2fa6d512645e30015f24538ef0 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N cvss-score: 6.5 cve-id: CVE-2024-29272 cwe-id: CWE-434 - epss-score: 0.89934 - epss-percentile: 0.99542 + epss-score: 0.00043 + epss-percentile: 0.09538 cpe: cpe:2.3:a:vvvebjs:vvvebjs:1.7.4:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 + max-request: 1 vendor: vvvebjs product: vvvebjs fofa-query: icon_hash="524332373" - shodan-query: http.favicon.hash:"524332373" - tags: cve,cve2024,file-upload,intrusive,vvvebjs + tags: cve,cve2024,file-upload,intrusive + variables: num: "{{rand_int(1000, 9999)}}" diff --git a/http/cves/2024/CVE-2024-2928.yaml b/http/cves/2024/CVE-2024-2928.yaml index cf0fad813bb..58b2ad094e7 100644 --- a/http/cves/2024/CVE-2024-2928.yaml +++ b/http/cves/2024/CVE-2024-2928.yaml @@ -13,16 +13,11 @@ info: reference: - https://huntr.com/bounties/19bf02d7-6393-4a95-b9d0-d6d4d2d8c298 - https://nvd.nist.gov/vuln/detail/CVE-2024-2928 - - https://github.com/fkie-cad/nvd-json-data-feeds - - https://github.com/nomi-sec/PoC-in-GitHub - - https://github.com/nuridincersaygili/CVE-2024-2928 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-2928 - cwe-id: CWE-29,CWE-22 - epss-score: 0.88273 - epss-percentile: 0.99442 + cwe-id: CWE-29 cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2024/CVE-2024-29824.yaml b/http/cves/2024/CVE-2024-29824.yaml index a58020ce4de..d70c789dc30 100644 --- a/http/cves/2024/CVE-2024-29824.yaml +++ b/http/cves/2024/CVE-2024-29824.yaml @@ -3,7 +3,7 @@ id: CVE-2024-29824 info: name: Ivanti EPM - Remote Code Execution author: DhiyaneshDK - severity: high + severity: critical description: | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. reference: @@ -11,19 +11,12 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2024-29824 - https://forums.ivanti.com/s/article/Security-Advisory-May-2024 - https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/ - - https://github.com/POC-2025/nuclei classification: - cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.8 + cvss-metrics: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 9.6 cve-id: CVE-2024-29824 - cwe-id: CWE-89 - epss-score: 0.94341 - epss-percentile: 0.99942 - cpe: cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: ivanti - product: endpoint_manager tags: cve,cve2024,ivanti,epm,sqli,rce,kev http: diff --git a/http/cves/2024/CVE-2024-29868.yaml b/http/cves/2024/CVE-2024-29868.yaml index a122d644fe2..1daad304e35 100644 --- a/http/cves/2024/CVE-2024-29868.yaml +++ b/http/cves/2024/CVE-2024-29868.yaml @@ -15,23 +15,18 @@ info: - https://www.cve.org/CVERecord?id=CVE-2024-29868 - https://lists.apache.org/thread/g7t7zctvq2fysrw1x17flnc12592nhx7 - https://nvd.nist.gov/vuln/detail/CVE-2024-29868 - - http://www.openwall.com/lists/oss-security/2024/06/22/1 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N - cvss-score: 9.1 cve-id: CVE-2024-29868 cwe-id: CWE-338 - epss-score: 0.52878 - epss-percentile: 0.97783 cpe: cpe:2.3:a:apache:streampipes:*:*:*:*:*:*:*:* metadata: max-request: 2 - vendor: apache - product: streampipes shodan-query: http.title:"apache streampipes" fofa-query: title="apache streampipes" - google-query: intitle:"apache streampipes" + product: streampipes + vendor: apache tags: cve,cve2024,apache,streampipes,account-takeover + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-29889.yaml b/http/cves/2024/CVE-2024-29889.yaml index b857ee4405f..9b440149afb 100644 --- a/http/cves/2024/CVE-2024-29889.yaml +++ b/http/cves/2024/CVE-2024-29889.yaml @@ -24,16 +24,9 @@ info: max-request: 8 vendor: glpi-project product: glpi - shodan-query: - - http.title:"glpi" - - http.favicon.hash:"-1474875778" - - http.html:"setup glpi" - fofa-query: - - body="setup glpi" - - icon_hash="-1474875778" - - title="glpi" - google-query: intitle:"glpi" - tags: cve,cve2024,glpi,sqli,authenticated,glpi-project,intrusive + shodan-query: http.title:"glpi" + tags: cve,cve2024,glpi,sqli,authenticated + flow: http(1) && http(2) && http(3) && http(4) && http(5) && http(6) && http(7) && http(8) http: diff --git a/http/cves/2024/CVE-2024-29895.yaml b/http/cves/2024/CVE-2024-29895.yaml index c49a5c3fbd4..c51364ed7cf 100644 --- a/http/cves/2024/CVE-2024-29895.yaml +++ b/http/cves/2024/CVE-2024-29895.yaml @@ -17,23 +17,14 @@ info: cvss-score: 10 cve-id: CVE-2024-29895 cwe-id: CWE-77 - epss-score: 0.92736 - epss-percentile: 0.99739 + epss-score: 0.00045 + epss-percentile: 0.14706 metadata: max-request: 1 vendor: cacti product: cacti - shodan-query: - - http.favicon.hash:"-1797138069" - - http.title:"cacti" - - http.title:"login to cacti" - fofa-query: - - icon_hash="-1797138069" - - title="cacti" - - title="login to cacti" - google-query: - - intitle:"cacti" - - intitle:"login to cacti" + shodan-query: http.favicon.hash:-1797138069 + fofa-query: icon_hash="-1797138069" tags: cve,cve2024,cacti,rce http: diff --git a/http/cves/2024/CVE-2024-29972.yaml b/http/cves/2024/CVE-2024-29972.yaml index 4e26a9e152e..7178aad5fa3 100644 --- a/http/cves/2024/CVE-2024-29972.yaml +++ b/http/cves/2024/CVE-2024-29972.yaml @@ -22,7 +22,7 @@ info: max-request: 1 vendor: zyxel product: nas326_firmware - fofa-query: app="zyxel-nas326" + fofa-query: app="ZYXEL-NAS326" tags: cve,cve2024,zyxel,backdoor http: diff --git a/http/cves/2024/CVE-2024-29973.yaml b/http/cves/2024/CVE-2024-29973.yaml index eeb3168f523..62096b42d47 100644 --- a/http/cves/2024/CVE-2024-29973.yaml +++ b/http/cves/2024/CVE-2024-29973.yaml @@ -10,22 +10,20 @@ info: - https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/ - https://x.com/sirifu4k1/status/1803267896656929099/photo/1 - https://nvd.nist.gov/vuln/detail/CVE-2024-29973 - - https://github.com/0xlf/CVE-2024-29973 - - https://github.com/DMW11525708/wiki classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-score: 9.88 cve-id: CVE-2024-29973 cwe-id: CWE-78 - epss-score: 0.93696 - epss-percentile: 0.99836 + epss-score: 0.96901 + epss-percentile: 0.9971 cpe: cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: zyxel product: nas326_firmware - fofa-query: app="zyxel-nas326" + fofa-query: app="ZYXEL-NAS326" tags: cve,cve2024,zyxel,rce,intrusive variables: string: "{{randstr}}" diff --git a/http/cves/2024/CVE-2024-30188.yaml b/http/cves/2024/CVE-2024-30188.yaml index 5b181e01725..32df1167689 100644 --- a/http/cves/2024/CVE-2024-30188.yaml +++ b/http/cves/2024/CVE-2024-30188.yaml @@ -18,14 +18,15 @@ info: epss-percentile: 0.16536 cpe: cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 2 + verified: true vendor: apache product: dolphinscheduler shodan-query: http.title:"dolphinscheduler" fofa-query: title="dolphinscheduler" google-query: intitle:"dolphinscheduler" tags: cve,cve2024,dolphinscheduler,lfi,apache,authenticated + variables: username: "{{username}}" password: "{{password}}" diff --git a/http/cves/2024/CVE-2024-30269.yaml b/http/cves/2024/CVE-2024-30269.yaml index fae13f27322..263c46196f6 100644 --- a/http/cves/2024/CVE-2024-30269.yaml +++ b/http/cves/2024/CVE-2024-30269.yaml @@ -23,8 +23,8 @@ info: max-request: 1 vendor: dataease product: dataease - shodan-query: http.html:"dataease" fofa-query: body="dataease" + shodan-query: http.html:"dataease" tags: cve,cve2024,dataease,exposure http: diff --git a/http/cves/2024/CVE-2024-3032.yaml b/http/cves/2024/CVE-2024-3032.yaml index 03d0d107db8..7dcd827ae0f 100644 --- a/http/cves/2024/CVE-2024-3032.yaml +++ b/http/cves/2024/CVE-2024-3032.yaml @@ -20,8 +20,8 @@ info: vendor: themify product: builder fofa-query: body="wp-content/plugins/themify-builder/" - shodan-query: http.html:"wp-content/plugins/themify-builder/" - tags: wpscan,cve,cve2024,wp,wordpress,wp-plugin,redirect,themify-builder,themify + tags: cve,cve2024,wp,wordpress,wp-plugin,redirect,themify-builder + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-30568.yaml b/http/cves/2024/CVE-2024-30568.yaml index 1a1b96a094b..7d5f02ccb60 100644 --- a/http/cves/2024/CVE-2024-30568.yaml +++ b/http/cves/2024/CVE-2024-30568.yaml @@ -12,23 +12,20 @@ info: - https://github.com/funny-mud-peee/IoT-vuls/blob/main/netgear%20R6850/Netgear-R6850%20V1.1.0.88%20Command%20Injection(ping_test).md - https://nvd.nist.gov/vuln/detail/CVE-2024-30568 - https://www.netgear.com/about/security/ - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-30568 cwe-id: CWE-94 - epss-score: 0.88902 - epss-percentile: 0.99485 - cpe: cpe:2.3:o:netgear:r6850_firmware:1.1.0.88:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 - vendor: netgear - product: r6850_firmware + max-request: 1 + product: Netgear R6850 Router + vendor: Netgear + version: V1.1.0.88 fofa-query: app="NETGEAR" && "R6850" - version: "V1.1.0.88" - tags: cve,netgear,router,rce,oast,iot,command-injection,cve2024,Netgear + tags: cve,cve2024,cve2024-30568,netgear,router,rce,oast,iot,rce,command-injection + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-30569.yaml b/http/cves/2024/CVE-2024-30569.yaml index e6bd6a4bb4a..990be2fc01f 100644 --- a/http/cves/2024/CVE-2024-30569.yaml +++ b/http/cves/2024/CVE-2024-30569.yaml @@ -3,7 +3,7 @@ id: CVE-2024-30569 info: name: Netgear R6850 - Information Disclosure author: ritikchaddha - severity: high + severity: medium description: | Netgear R6850 router firmware version V1.1.0.88 contains an information leakage vulnerability in the currentsetting.htm page.This hidden interface is not protected by authentication, allowing unauthenticated attackers to access sensitive informationsuch as firmware version, model details, connection status, and other system configuration data. remediation: | @@ -17,14 +17,9 @@ info: cvss-score: 7.5 cve-id: CVE-2024-30569 cwe-id: CWE-200 - epss-score: 0.19606 - epss-percentile: 0.95091 - cpe: cpe:2.3:o:netgear:r6850_firmware:1.1.0.88:*:*:*:*:*:*:* metadata: verified: true max-request: 1 - vendor: netgear - product: r6850_firmware fofa-query: app="NETGEAR" && "R6850" tags: cve,cve2024,netgear,router,exposure diff --git a/http/cves/2024/CVE-2024-30570.yaml b/http/cves/2024/CVE-2024-30570.yaml index b06bf492f86..c3db05fffd9 100644 --- a/http/cves/2024/CVE-2024-30570.yaml +++ b/http/cves/2024/CVE-2024-30570.yaml @@ -12,21 +12,18 @@ info: - https://github.com/funny-mud-peee/IoT-vuls/blob/main/netgear%20R6850/Info%20Leak%20in%20Netgear-R6850%EF%BC%88debuginfo.htm%EF%BC%89.md - https://nvd.nist.gov/vuln/detail/CVE-2024-30570 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2024-30570 cwe-id: CWE-200 - epss-score: 0.09143 - epss-percentile: 0.9224 - cpe: cpe:2.3:o:netgear:r6850_firmware:1.1.0.88:*:*:*:*:*:*:* metadata: verified: true max-request: 1 - vendor: netgear - product: r6850_firmware - fofa-query: app="NETGEAR" && "R6850" + product: Netgear R6850 Router + vendor: Netgear version: V1.1.0.88 - tags: cve,cve2024,netgear,router,exposure,unauth,Netgear + fofa-query: app="NETGEAR" && "R6850" + tags: cve,cve2024,netgear,router,exposure,unauth http: - method: GET diff --git a/http/cves/2024/CVE-2024-3097.yaml b/http/cves/2024/CVE-2024-3097.yaml index 70182352466..7ae1b2bad16 100644 --- a/http/cves/2024/CVE-2024-3097.yaml +++ b/http/cves/2024/CVE-2024-3097.yaml @@ -16,8 +16,8 @@ info: cvss-score: 5.3 cve-id: CVE-2024-3097 cwe-id: CWE-862 - epss-score: 0.09355 - epss-percentile: 0.92335 + epss-score: 0.04672 + epss-percentile: 0.92605 cpe: cpe:2.3:a:imagely:nextgen_gallery:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 @@ -26,7 +26,7 @@ info: framework: wordpress shodan-query: - "cpe:\"cpe:2.3:a:imagely:nextgen_gallery\"" - - http.html:"/wp-content/plugins/nextgen-gallery/" + - http.html:/wp-content/plugins/nextgen-gallery/ fofa-query: "body=/wp-content/plugins/nextgen-gallery/" publicwww-query: "/wp-content/plugins/nextgen-gallery/" tags: cve,cve2024,wordpress,nextgen-gallery,wp-plugin,info-leak,imagely diff --git a/http/cves/2024/CVE-2024-3136.yaml b/http/cves/2024/CVE-2024-3136.yaml index bc50c48fe8d..6c538d59176 100644 --- a/http/cves/2024/CVE-2024-3136.yaml +++ b/http/cves/2024/CVE-2024-3136.yaml @@ -19,23 +19,16 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-3136 - epss-score: 0.51031 - epss-percentile: 0.97702 - cpe: cpe:2.3:a:stylemixthemes:masterstudy_lms:*:*:*:*:*:wordpress:*:* + epss-score: 0.00065 + epss-percentile: 0.28259 + cpe: cpe:2.3:a:stylemixthemes:masterstudy_lms:*:*:*:*:wordpress:*:*:* metadata: verified: true max-request: 2 - vendor: stylemixthemes - product: masterstudy_lms - framework: wordpress publicwww-query: "/wp-content/plugins/masterstudy-lms-learning-management-system" - fofa-query: - - body="wp-content/plugins/masterstudy-lms-learning-management-system/" - - body=/wp-content/plugins/masterstudy-lms-learning-management-system - shodan-query: - - http.html:"wp-content/plugins/masterstudy-lms-learning-management-system/" - - http.html:"/wp-content/plugins/masterstudy-lms-learning-management-system" - tags: cve,cve2024,wp,wordpress,unauth,lfi,stylemixthemes + product: masterstudy_lms + vendor: stylemixthemes + tags: cve,cve2024,wp,wordpress,unauth,lfi variables: randomstr: "{{randstr_1}}" marker: "{{base64(randomstr)}}" diff --git a/http/cves/2024/CVE-2024-31621.yaml b/http/cves/2024/CVE-2024-31621.yaml index 5d23a063d39..4f642180ae1 100644 --- a/http/cves/2024/CVE-2024-31621.yaml +++ b/http/cves/2024/CVE-2024-31621.yaml @@ -10,14 +10,9 @@ info: - https://www.exploit-db.com/exploits/52001 - https://github.com/FlowiseAI/Flowise/releases - https://flowiseai.com/ - - https://github.com/komodoooo/Some-things classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L - cvss-score: 7.6 - cve-id: CVE-2024-31621 - cwe-id: CWE-94 - epss-score: 0.2203 - epss-percentile: 0.95447 + epss-score: 0.00381 + epss-percentile: 0.72907 metadata: verified: true max-request: 1 diff --git a/http/cves/2024/CVE-2024-31750.yaml b/http/cves/2024/CVE-2024-31750.yaml index e4b8493f466..2ace20cd1f6 100644 --- a/http/cves/2024/CVE-2024-31750.yaml +++ b/http/cves/2024/CVE-2024-31750.yaml @@ -3,7 +3,7 @@ id: CVE-2024-31750 info: name: F-logic DataCube3 - SQL Injection author: DhiyaneshDK - severity: critical + severity: high description: | SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter. reference: @@ -13,12 +13,9 @@ info: - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 cve-id: CVE-2024-31750 - cwe-id: CWE-89 - epss-score: 0.92685 - epss-percentile: 0.99735 + epss-score: 0.00043 + epss-percentile: 0.0866 metadata: verified: true max-request: 1 diff --git a/http/cves/2024/CVE-2024-31850.yaml b/http/cves/2024/CVE-2024-31850.yaml index 0ddcd964ed5..a678b0eb512 100644 --- a/http/cves/2024/CVE-2024-31850.yaml +++ b/http/cves/2024/CVE-2024-31850.yaml @@ -21,15 +21,9 @@ info: metadata: verified: true max-request: 2 - vendor: cdata + shodan-query: "title:\"CData Arc\"" product: arc - shodan-query: - - http.title:"cdata arc" - - http.favicon.hash:"163538942" - fofa-query: - - icon_hash="163538942" - - title="cdata arc" - google-query: intitle:"cdata arc" + vendor: cdata tags: cve,cve2024,cdata,lfi flow: http(1) && http(2) diff --git a/http/cves/2024/CVE-2024-31851.yaml b/http/cves/2024/CVE-2024-31851.yaml index facacb0b4c6..6c2439cae8a 100644 --- a/http/cves/2024/CVE-2024-31851.yaml +++ b/http/cves/2024/CVE-2024-31851.yaml @@ -14,8 +14,8 @@ info: cvss-score: 8.6 cve-id: CVE-2024-31851 cwe-id: CWE-22 - epss-score: 0.76274 - epss-percentile: 0.98855 + epss-score: 0.00054 + epss-percentile: 0.21518 metadata: verified: true max-request: 2 diff --git a/http/cves/2024/CVE-2024-31982.yaml b/http/cves/2024/CVE-2024-31982.yaml index f31b7214f70..7cd49d3670e 100644 --- a/http/cves/2024/CVE-2024-31982.yaml +++ b/http/cves/2024/CVE-2024-31982.yaml @@ -14,24 +14,20 @@ info: - https://jira.xwiki.org/browse/XWIKI-21472 - https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2858-8cfx-69m9 - https://jira.xwiki.org/browse/XWIKI-21110 - - https://github.com/12442RF/POC - - https://github.com/Ostorlab/KEV classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2024-31982 - cwe-id: CWE-95,CWE-94 - epss-score: 0.94158 - epss-percentile: 0.99902 + cwe-id: CWE-95 + epss-score: 0.0015 + epss-percentile: 0.50461 cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 2 + verified: true vendor: xwiki product: xwiki - shodan-query: - - http.html:"data-xwiki-reference" - - xwiki + shodan-query: html:"data-xwiki-reference" fofa-query: body="data-xwiki-reference" tags: cve,cve2024,xwiki,rce diff --git a/http/cves/2024/CVE-2024-32113.yaml b/http/cves/2024/CVE-2024-32113.yaml index 969f32665d1..37b48808ad1 100644 --- a/http/cves/2024/CVE-2024-32113.yaml +++ b/http/cves/2024/CVE-2024-32113.yaml @@ -23,15 +23,9 @@ info: metadata: verified: true max-request: 1 - vendor: apache + fofa-query: app="Apache_OFBiz" product: ofbiz - fofa-query: - - app="apache_ofbiz" - - body="apache ofbiz" - shodan-query: - - http.html:"apache ofbiz" - - http.html:"ofbiz" - - ofbiz.visitor= + vendor: apache tags: cve,cve2024,apache,obiz,rce,kev http: diff --git a/http/cves/2024/CVE-2024-32231.yaml b/http/cves/2024/CVE-2024-32231.yaml index 595d9a5602e..90ed69687b7 100644 --- a/http/cves/2024/CVE-2024-32231.yaml +++ b/http/cves/2024/CVE-2024-32231.yaml @@ -3,7 +3,7 @@ id: CVE-2024-32231 info: name: Stash < 0.26.0 - SQL Injection author: iamnoooob,rootxharsh,pdresearch - severity: medium + severity: critical description: | Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter. reference: @@ -13,12 +13,9 @@ info: - https://github.com/advisories/GHSA-75jf-52jg-qqh4 - https://nvd.nist.gov/vuln/detail/CVE-2024-32231 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L - cvss-score: 6.3 cve-id: CVE-2024-32231 - cwe-id: CWE-89 - epss-score: 0.06015 - epss-percentile: 0.90205 + epss-score: 0.00045 + epss-percentile: 0.16348 metadata: verified: true max-request: 1 diff --git a/http/cves/2024/CVE-2024-32238.yaml b/http/cves/2024/CVE-2024-32238.yaml index 4f6439e4ffa..f3d248151af 100644 --- a/http/cves/2024/CVE-2024-32238.yaml +++ b/http/cves/2024/CVE-2024-32238.yaml @@ -17,13 +17,14 @@ info: cvss-score: 9.8 cve-id: CVE-2024-32238 cwe-id: CWE-522 - epss-score: 0.82322 - epss-percentile: 0.99159 + epss-score: 0.00053 + epss-percentile: 0.23191 metadata: verified: true max-request: 2 fofa-query: body="icg_helpScript.js" tags: cve,cve2024,h3c,router,info-leak + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-3234.yaml b/http/cves/2024/CVE-2024-3234.yaml index fc5692e6fb8..fb043a92151 100644 --- a/http/cves/2024/CVE-2024-3234.yaml +++ b/http/cves/2024/CVE-2024-3234.yaml @@ -19,7 +19,7 @@ info: max-request: 1 vendor: gaizhenbiao product: chuanhuchatgpt - tags: cve,cve2024,chuanhuchatgpt,lfi,gaizhenbiao + tags: cve,cve2024,chuanhuchatgpt,lfi http: - raw: diff --git a/http/cves/2024/CVE-2024-32399.yaml b/http/cves/2024/CVE-2024-32399.yaml index 8e0434ff5e1..5395ab6f689 100644 --- a/http/cves/2024/CVE-2024-32399.yaml +++ b/http/cves/2024/CVE-2024-32399.yaml @@ -13,21 +13,16 @@ info: - https://github.com/NN0b0dy/CVE-2024-32399 - https://github.com/nomi-sec/PoC-in-GitHub classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L - cvss-score: 7.6 - cve-id: CVE-2024-32399 - cwe-id: CWE-22 - epss-score: 0.71872 - epss-percentile: 0.98639 + epss-score: 0.00053 + epss-percentile: 0.21091 cpe: cpe:2.3:a:raidenmaild:raidenmaild:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 - vendor: raidenmaild + shodan-query: html:"RaidenMAILD" product: raidenmaild - shodan-query: http.html:"raidenmaild" - fofa-query: body="raidenmaild" - tags: cve,cve2024,lfi,raiden,mail,server,raidenmaild + vendor: raidenmaild + tags: cve,cve2024,lfi,raiden,mail,server http: - method: GET diff --git a/http/cves/2024/CVE-2024-32640.yaml b/http/cves/2024/CVE-2024-32640.yaml index f6e2c9c6594..74f7016592a 100644 --- a/http/cves/2024/CVE-2024-32640.yaml +++ b/http/cves/2024/CVE-2024-32640.yaml @@ -18,7 +18,9 @@ info: max-request: 1 vendor: masacms product: masacms - shodan-query: generator:"masa cms" + shodan-query: + - 'Generator: Masa CMS' + - "generator: masa cms" tags: cve,cve2024,sqli,cms,masa,masacms http: diff --git a/http/cves/2024/CVE-2024-32709.yaml b/http/cves/2024/CVE-2024-32709.yaml index 753fb8b80c7..310ba94b25f 100644 --- a/http/cves/2024/CVE-2024-32709.yaml +++ b/http/cves/2024/CVE-2024-32709.yaml @@ -11,25 +11,22 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2024-32709 - https://github.com/truonghuuphuc/CVE-2024-32709-Poc - https://patchstack.com/database/vulnerability/wp-recall/wordpress-wp-recall-plugin-16-26-5-sql-injection-vulnerability?_s_id=cve - - https://github.com/adminlove520/pocWiki - - https://github.com/cisp-pte/POC-20241008-sec-fork classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L cvss-score: 9.3 cve-id: CVE-2024-32709 cwe-id: CWE-89 - epss-score: 0.8989 - epss-percentile: 0.99538 + epss-score: 0.00043 + epss-percentile: 0.0866 cpe: cpe:2.3:a:plechevandrey:wp-recall:*:*:*:*:wordpress:*:*:* metadata: verified: true max-request: 1 - vendor: plechevandrey - product: wp-recall publicwww-query: "/wp-content/plugins/wp-recall/" - shodan-query: http.html:"/wp-content/plugins/wp-recall/" - fofa-query: body="/wp-content/plugins/wp-recall/" - tags: cve,cve2024,wp-plugin,wp-recall,wordpress,wp,sqli,plechevandrey + product: wp-recall + vendor: plechevandrey + tags: cve,cve2024,wp-plugin,wp-recall,wordpress,wp,sqli + variables: num: "999999999" diff --git a/http/cves/2024/CVE-2024-3273.yaml b/http/cves/2024/CVE-2024-3273.yaml index 28fb9b5e660..068635446e0 100644 --- a/http/cves/2024/CVE-2024-3273.yaml +++ b/http/cves/2024/CVE-2024-3273.yaml @@ -2,7 +2,7 @@ id: CVE-2024-3273 info: name: D-Link Network Attached Storage - Command Injection and Backdoor Account author: pussycat0x - severity: high + severity: critical description: | UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. reference: @@ -12,19 +12,19 @@ info: - https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383 - https://vuldb.com/?ctiid.259284 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L - cvss-score: 7.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2024-3273 cwe-id: CWE-77 - epss-score: 0.94405 - epss-percentile: 0.99969 - cpe: cpe:2.3:o:dlink:dns-320l_firmware:1.01.0702.2013:*:*:*:*:*:*:* + cpe: cpe:2.3:o:dlink:dns-320l_firmware:-:*:*:*:*:*:*:* + epss-score: 0.83361 + epss-percentile: 0.98438 metadata: verified: true - max-request: 1 vendor: dlink product: "dns-320l_firmware" - fofa-query: app="d_link-dns-sharecenter" + fofa-query: "app=\"D_Link-DNS-ShareCenter\"" + max-request: 1 tags: cve,cve2024,dlink,nas,kev variables: cmd: "id" diff --git a/http/cves/2024/CVE-2024-32735.yaml b/http/cves/2024/CVE-2024-32735.yaml index 0f86900a81d..efdc70775af 100644 --- a/http/cves/2024/CVE-2024-32735.yaml +++ b/http/cves/2024/CVE-2024-32735.yaml @@ -12,15 +12,13 @@ info: - https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNote - https://www.tenable.com/security/research/tra-2024-14 - https://nvd.nist.gov/vuln/detail/CVE-2024-32735 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-32735 cwe-id: CWE-306 - epss-score: 0.72767 - epss-percentile: 0.98682 + epss-score: 0.00043 + epss-percentile: 0.09691 metadata: verified: true max-request: 1 diff --git a/http/cves/2024/CVE-2024-32736.yaml b/http/cves/2024/CVE-2024-32736.yaml index 02fca6f79a2..e4001daaadc 100644 --- a/http/cves/2024/CVE-2024-32736.yaml +++ b/http/cves/2024/CVE-2024-32736.yaml @@ -12,15 +12,12 @@ info: - https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNote - https://www.tenable.com/security/research/tra-2024-14 - https://nvd.nist.gov/vuln/detail/CVE-2024-32736 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-32736 - cwe-id: CWE-89 - epss-score: 0.68786 - epss-percentile: 0.98511 + epss-score: 0.00043 + epss-percentile: 0.09691 metadata: verified: true max-request: 1 diff --git a/http/cves/2024/CVE-2024-32737.yaml b/http/cves/2024/CVE-2024-32737.yaml index 33c2f3efe7c..2861be87790 100644 --- a/http/cves/2024/CVE-2024-32737.yaml +++ b/http/cves/2024/CVE-2024-32737.yaml @@ -12,15 +12,13 @@ info: - https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNote - https://www.tenable.com/security/research/tra-2024-14 - https://nvd.nist.gov/vuln/detail/CVE-2024-32737 - - https://github.com/cyberdyne-ventures/predictions - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-32737 cwe-id: CWE-89 - epss-score: 0.68786 - epss-percentile: 0.98511 + epss-score: 0.00043 + epss-percentile: 0.09691 metadata: verified: true max-request: 1 diff --git a/http/cves/2024/CVE-2024-32738.yaml b/http/cves/2024/CVE-2024-32738.yaml index 565ef219638..d6b30968fb0 100644 --- a/http/cves/2024/CVE-2024-32738.yaml +++ b/http/cves/2024/CVE-2024-32738.yaml @@ -12,15 +12,13 @@ info: - https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNote - https://www.tenable.com/security/research/tra-2024-14 - https://nvd.nist.gov/vuln/detail/CVE-2024-32738 - - https://github.com/cyberdyne-ventures/predictions - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-32738 cwe-id: CWE-89 - epss-score: 0.68786 - epss-percentile: 0.98511 + epss-score: 0.00043 + epss-percentile: 0.09691 metadata: verified: true max-request: 1 diff --git a/http/cves/2024/CVE-2024-32739.yaml b/http/cves/2024/CVE-2024-32739.yaml index 830e8613b0b..ddd3ccd8eb0 100644 --- a/http/cves/2024/CVE-2024-32739.yaml +++ b/http/cves/2024/CVE-2024-32739.yaml @@ -12,15 +12,12 @@ info: - https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNote - https://www.tenable.com/security/research/tra-2024-14 - https://nvd.nist.gov/vuln/detail/CVE-2024-32739 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-32739 - cwe-id: CWE-89 - epss-score: 0.69573 - epss-percentile: 0.98547 + epss-score: 0.00043 + epss-percentile: 0.09691 metadata: verified: true max-request: 1 diff --git a/http/cves/2024/CVE-2024-3274.yaml b/http/cves/2024/CVE-2024-3274.yaml index ad667f09587..c0461f4e3af 100644 --- a/http/cves/2024/CVE-2024-3274.yaml +++ b/http/cves/2024/CVE-2024-3274.yaml @@ -21,12 +21,9 @@ info: metadata: verified: true max-request: 1 - vendor: dlink + fofa-query: body="Text:In order to access the ShareCenter" product: dns-320l - fofa-query: - - body="text:in order to access the sharecenter" - - body=in order to access the sharecenter" - shodan-query: http.html:"in order to access the sharecenter"" + vendor: dlink tags: cve,cve2024,dlink,exposure http: diff --git a/http/cves/2024/CVE-2024-32870.yaml b/http/cves/2024/CVE-2024-32870.yaml index 2257ae29a1f..6d83b48c63e 100644 --- a/http/cves/2024/CVE-2024-32870.yaml +++ b/http/cves/2024/CVE-2024-32870.yaml @@ -15,23 +15,16 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N cvss-score: 5.8 cve-id: CVE-2024-32870 - cwe-id: CWE-200,NVD-CWE-noinfo - epss-score: 0.09011 - epss-percentile: 0.92167 + cwe-id: CWE-200 + epss-score: 0.00059 + epss-percentile: 0.18723 cpe: cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:* metadata: - max-request: 1 vendor: combodo product: itop - shodan-query: - - http.html:"itop login" - - http.html:" itop login" - - http.html:"installation" html:"itop" - fofa-query: - - body="itop login" - - body=" itop login" - - body="installation" html:"itop" - tags: cve,cve2024,itop,disclosure,unauth,exposure,combodo + shodan-query: html:"iTop login" + fofa-query: body="iTop login" + tags: cve,cve2024,itop,disclosure,unauth,exposure http: - method: GET diff --git a/http/cves/2024/CVE-2024-32964.yaml b/http/cves/2024/CVE-2024-32964.yaml index 3b5f9488846..353491d8b9a 100644 --- a/http/cves/2024/CVE-2024-32964.yaml +++ b/http/cves/2024/CVE-2024-32964.yaml @@ -11,22 +11,21 @@ info: - https://github.com/lobehub/lobe-chat/commit/465665a735556669ee30446c7ea9049a20cc7c37 - https://github.com/lobehub/lobe-chat/security/advisories/GHSA-mxhq-xw3g-rphc - https://vulert.com/vuln-db/CVE-2024-32964 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H cvss-score: 9 cve-id: CVE-2024-32964 cwe-id: CWE-918 - epss-score: 0.08482 - epss-percentile: 0.91885 + epss-score: 0.00043 + epss-percentile: 0.09599 metadata: verified: true max-request: 2 vendor: lobehub product: lobe-chat fofa-query: icon_hash="1975020705" - shodan-query: http.favicon.hash:"1975020705" - tags: cve,cve2024,lobechat,ssrf,lobehub + tags: cve,cve2024,lobechat,ssrf + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-33113.yaml b/http/cves/2024/CVE-2024-33113.yaml index c15a510499a..456f78f67bd 100644 --- a/http/cves/2024/CVE-2024-33113.yaml +++ b/http/cves/2024/CVE-2024-33113.yaml @@ -16,9 +16,9 @@ info: metadata: verified: true max-request: 1 - vendor: dlink + shodan-query: "DIR-845L" product: dir-845l - shodan-query: dir-845l + vendor: dlink tags: cve,cve2024,dlink,info-leak http: diff --git a/http/cves/2024/CVE-2024-33288.yaml b/http/cves/2024/CVE-2024-33288.yaml index cbb84671314..5bd86a779e3 100644 --- a/http/cves/2024/CVE-2024-33288.yaml +++ b/http/cves/2024/CVE-2024-33288.yaml @@ -16,10 +16,8 @@ info: max-request: 2 vendor: prison_management_system_project product: prison_management_system - shodan-query: http.title:"prison management system" - fofa-query: title="prison management system" - google-query: intitle:"prison management system" - tags: cve,cve2024,cms,sqli,prison_management_system_project + shodan-query: title:"Prison Management System" + tags: cve,cve2024,cms,sqli http: - raw: diff --git a/http/cves/2024/CVE-2024-33575.yaml b/http/cves/2024/CVE-2024-33575.yaml index ac54488cba6..48ad454af21 100644 --- a/http/cves/2024/CVE-2024-33575.yaml +++ b/http/cves/2024/CVE-2024-33575.yaml @@ -23,7 +23,7 @@ info: vendor: "User Meta" product: "User Meta" framework: wordpress - shodan-query: http.html:"/wp-content/plugins/user-meta/" + shodan-query: "http.html:/wp-content/plugins/user-meta/" fofa-query: "body=/wp-content/plugins/user-meta/" publicwww-query: "/wp-content/plugins/user-meta/" tags: wpscan,cve,cve2024,user-meta,wordpress,wp-plugin,info-leak,User Meta diff --git a/http/cves/2024/CVE-2024-33605.yaml b/http/cves/2024/CVE-2024-33605.yaml index 26e126ca02d..6f5f4f59372 100644 --- a/http/cves/2024/CVE-2024-33605.yaml +++ b/http/cves/2024/CVE-2024-33605.yaml @@ -12,22 +12,18 @@ info: - https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html#pre-auth-arbitrary-directory-listing - https://jvn.jp/en/vu/JVNVU93051062/index.html - https://global.sharp/products/copier/info/info_security_2024-05.html - - https://jp.sharp/business/print/information/info_security_2024-05.html - - https://jvn.jp/en/vu/JVNVU93051062/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-33605 cwe-id: CWE-22 - epss-score: 0.42003 - epss-percentile: 0.97251 cpe: cpe:2.3:o:sharp:mx-3550v_firmware:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 - vendor: sharp + shodan-query: "Set-Cookie: MFPSESSIONID=" product: mx-3550v_firmware - shodan-query: set-cookie:"mfpsessionid=" + vendor: sharp tags: cve,cve2024,sharp,printer,traversal http: diff --git a/http/cves/2024/CVE-2024-33610.yaml b/http/cves/2024/CVE-2024-33610.yaml index 5559e6992c5..cc6b2eb450c 100644 --- a/http/cves/2024/CVE-2024-33610.yaml +++ b/http/cves/2024/CVE-2024-33610.yaml @@ -3,7 +3,7 @@ id: CVE-2024-33610 info: name: Sharp Multifunction Printers - Cookie Exposure author: gy741 - severity: critical + severity: medium description: It was observed that Sharp printers are vulnerable to a listing of session cookies without authentication. Any attacker can list valid cookies by visiting a backdoor webpage and use them to authenticate to the printers. impact: | The exposure of cookies can lead to session hijacking, unauthorized access, and potential data breaches. @@ -13,15 +13,11 @@ info: - https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html#pre-auth-cookies - https://jvn.jp/en/vu/JVNVU93051062/index.html - https://global.sharp/products/copier/info/info_security_2024-05.html - - https://jp.sharp/business/print/information/info_security_2024-05.html - - https://jvn.jp/en/vu/JVNVU93051062/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 9.1 cve-id: CVE-2024-33610 - cwe-id: CWE-288 - epss-score: 0.31735 - epss-percentile: 0.96539 + cwe-id: CWE-284 metadata: verified: true max-request: 1 diff --git a/http/cves/2024/CVE-2024-33724.yaml b/http/cves/2024/CVE-2024-33724.yaml index f1b2efaa9f2..c04b69fb376 100644 --- a/http/cves/2024/CVE-2024-33724.yaml +++ b/http/cves/2024/CVE-2024-33724.yaml @@ -14,7 +14,9 @@ info: max-request: 2 vendor: soplanning product: soplanning - shodan-query: http.html:"soplanning" + shodan-query: + - html:"soplanning" + - http.html:"soplanning" fofa-query: body="soplanning" tags: packetstorm,cve,cve2024,authenticated,soplanning,xss diff --git a/http/cves/2024/CVE-2024-3400.yaml b/http/cves/2024/CVE-2024-3400.yaml index 2a7884fd3d5..aef2640fb97 100644 --- a/http/cves/2024/CVE-2024-3400.yaml +++ b/http/cves/2024/CVE-2024-3400.yaml @@ -26,6 +26,7 @@ info: vendor: paloaltonetworks product: "pan-os" shodan-query: + - "http.favicon.hash:-631559155" - http.favicon.hash:"-631559155" - cpe:"cpe:2.3:o:paloaltonetworks:pan-os" fofa-query: "icon_hash=\"-631559155\"" diff --git a/http/cves/2024/CVE-2024-34102.yaml b/http/cves/2024/CVE-2024-34102.yaml index 841931ffa75..b700c81eabf 100644 --- a/http/cves/2024/CVE-2024-34102.yaml +++ b/http/cves/2024/CVE-2024-34102.yaml @@ -9,29 +9,18 @@ info: reference: - https://github.com/spacewasp/public_docs/blob/main/CVE-2024-34102.md - https://www.assetnote.io/resources/research/why-nested-deserialization-is-harmful-magento-xxe-cve-2024-34102 - - https://github.com/EQSTSeminar/CVE-2024-34102 - - https://github.com/d0rb/CVE-2024-34102 - - https://github.com/gjportegies/Magento-APSB24-40-Security-Patches classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-34102 cwe-id: CWE-611 - epss-score: 0.94136 - epss-percentile: 0.99898 - cpe: cpe:2.3:a:adobe:commerce:2.4.2:-:*:*:*:*:*:* + cpe: cpe:2.3:a:adobe:magento:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 + fofa-query: app="Adobe-Magento" + product: magento vendor: adobe - product: commerce - fofa-query: - - app="adobe-magento" - - title="oracle commerce" - shodan-query: - - cpe:"cpe:2.3:a:oracle:commerce" - - http.title:"oracle commerce" - google-query: intitle:"oracle commerce" tags: cve,cve2024,adobe,magento,xxe,kev http: diff --git a/http/cves/2024/CVE-2024-34257.yaml b/http/cves/2024/CVE-2024-34257.yaml index f6b28a373cc..5272a92e9df 100644 --- a/http/cves/2024/CVE-2024-34257.yaml +++ b/http/cves/2024/CVE-2024-34257.yaml @@ -14,13 +14,13 @@ info: epss-score: 0.00043 epss-percentile: 0.0926 metadata: - max-request: 2 vendor: totolink - product: "a3700r_firmware" + product: a3700r_firmware shodan-query: http.title:"totolink" fofa-query: title="totolink" google-query: intitle:"totolink" - tags: cve,cve2024,rce,unauth,totolink + tags: cve,cve2024,rce,unauth + variables: file: "{{rand_base(6)}}" diff --git a/http/cves/2024/CVE-2024-34351.yaml b/http/cves/2024/CVE-2024-34351.yaml index 56fdffd0550..e21af1edb87 100644 --- a/http/cves/2024/CVE-2024-34351.yaml +++ b/http/cves/2024/CVE-2024-34351.yaml @@ -1,37 +1,34 @@ id: CVE-2024-34351 -info: - name: Next.js - Server Side Request Forgery (SSRF) - author: righettod - severity: high - description: | - Next.Js, inferior to version 14.1.1, have its image optimization built-in component prone to SSRF. - remediation: Upgrade to Next.js version 14.1.1 or higher. - reference: - - https://www.assetnote.io/resources/research/digging-for-ssrf-in-nextjs-apps - - https://nvd.nist.gov/vuln/detail/CVE-2024-34351 - - https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g - - https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085 - - https://github.com/vercel/next.js/pull/62561 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2024-34351 - cwe-id: CWE-918 - epss-score: 0.81036 - epss-percentile: 0.99092 - metadata: - max-request: 2 - product: next.js - shodan-query: - - http.html:"/_next/static" - - cpe:"cpe:2.3:a:zeit:next.js" - - x-middleware-rewrite - fofa-query: - - body="/_next/static" - - x-middleware-rewrite - tags: cve,cve2024,vercel,nextjs,ssrf - +info: + name: Next.js - Server Side Request Forgery (SSRF) + author: righettod + severity: high + description: | + Next.Js, inferior to version 14.1.1, have its image optimization built-in component prone to SSRF. + remediation: Upgrade to Next.js version 14.1.1 or higher. + reference: + - https://www.assetnote.io/resources/research/digging-for-ssrf-in-nextjs-apps + - https://nvd.nist.gov/vuln/detail/CVE-2024-34351 + - https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g + - https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085 + - https://github.com/vercel/next.js/pull/62561 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2024-34351 + cwe-id: CWE-918 + epss-score: 0.00062 + epss-percentile: 0.26843 + metadata: + max-request: 2 + product: next.js + shodan-query: + - http.html:"/_next/static" + - cpe:"cpe:2.3:a:zeit:next.js" + fofa-query: body="/_next/static" + tags: cve,cve2024,vercel,nextjs,ssrf + http: - method: GET path: diff --git a/http/cves/2024/CVE-2024-34470.yaml b/http/cves/2024/CVE-2024-34470.yaml index 62a7b7bd914..8d7ccb21355 100644 --- a/http/cves/2024/CVE-2024-34470.yaml +++ b/http/cves/2024/CVE-2024-34470.yaml @@ -11,19 +11,18 @@ info: - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/fkie-cad/nvd-json-data-feeds - https://nvd.nist.gov/vuln/detail/CVE-2024-34470 - - https://github.com/12442RF/POC classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 - cve-id: CVE-2024-34470 - cwe-id: CWE-29 - epss-score: 0.93222 - epss-percentile: 0.99789 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 + epss-score: 0.00043 + epss-percentile: 0.0866 metadata: verified: true max-request: 2 fofa-query: "mailinspector/public" tags: cve,cve2024,lfi,mailinspector,hsc + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-34982.yaml b/http/cves/2024/CVE-2024-34982.yaml index 6ca0777a8b9..0ae4c442f0b 100644 --- a/http/cves/2024/CVE-2024-34982.yaml +++ b/http/cves/2024/CVE-2024-34982.yaml @@ -3,30 +3,23 @@ id: CVE-2024-34982 info: name: LyLme-Spage - Arbitary File Upload author: DhiyaneshDk - severity: critical + severity: high description: | An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file. reference: - https://github.com/n2ryx/CVE/blob/main/Lylme_pagev1.9.5.md - https://github.com/tanjiti/sec_profile - https://github.com/ATonysan/poc-exp/blob/main/60NavigationPage_CVE-2024-34982_ArbitraryFileUploads.py - - https://github.com/k3ppf0r/2024-PocLib classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2024-34982 - cwe-id: CWE-434 - epss-score: 0.60691 - epss-percentile: 0.98161 cpe: cpe:2.3:a:lylme:lylme_spage:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 + max-request: 1 vendor: lylme - product: "lylme_spage" + product: lylme_spage fofa-query: icon_hash="-282504889" - shodan-query: http.favicon.hash:"-282504889" - tags: cve,cve2024,lylme-spage,rce,intrusive,lylme + tags: cve,cve2024,lylme-spage,rce,intrusive + variables: string: "{{randstr}}" filename: "{{to_lower(rand_text_alpha(5))}}" diff --git a/http/cves/2024/CVE-2024-35219.yaml b/http/cves/2024/CVE-2024-35219.yaml index 50baeaa587b..1720efebb79 100644 --- a/http/cves/2024/CVE-2024-35219.yaml +++ b/http/cves/2024/CVE-2024-35219.yaml @@ -20,9 +20,10 @@ info: epss-score: 0.00045 epss-percentile: 0.16725 metadata: - verified: true max-request: 2 + verified: true tags: cve,cve2024,openapi,intrusive,lfi + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-3552.yaml b/http/cves/2024/CVE-2024-3552.yaml index d8e4996b40b..efaf1d95cf7 100644 --- a/http/cves/2024/CVE-2024-3552.yaml +++ b/http/cves/2024/CVE-2024-3552.yaml @@ -10,27 +10,15 @@ info: reference: - https://vulners.com/wpvulndb/CVE-2024-3552 - https://wpscan.com/vulnerability/34b03ee4-de81-4fec-9f3d-e1bd5b94d136/ - - https://github.com/truonghuuphuc/CVE-2024-3552-Poc - - https://github.com/wjlin0/poc-doc - - https://github.com/nomi-sec/PoC-in-GitHub classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2024-3552 - cwe-id: CWE-89 - epss-score: 0.93202 - epss-percentile: 0.99785 - cpe: cpe:2.3:a:salephpscripts:web_directory_free:*:*:*:*:*:wordpress:*:* + cpe: cpe:2.3:a:salephpscripts:web_directory_free:*:*:*:*:wordpress:*:*:* metadata: verified: true - max-request: 2 + max-request: 1 vendor: salephpscripts - product: "web_directory_free" - framework: wordpress + product: web_directory_free publicwww-query: "/wp-content/plugins/web-directory-free" - shodan-query: http.html:"/wp-content/plugins/web-directory-free" - fofa-query: body=/wp-content/plugins/web-directory-free - tags: time-based-sqli,cve,cve2024,wordpress,wp-plugin,wpscan,wp,web-directory-free,sqli,salephpscripts + tags: time-based-sqli,cve,cve2024,wordpress,wp-plugin,wpscan,wp,web-directory-free flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-35584.yaml b/http/cves/2024/CVE-2024-35584.yaml index 80c5fe2eac0..f7caab6c7fe 100644 --- a/http/cves/2024/CVE-2024-35584.yaml +++ b/http/cves/2024/CVE-2024-35584.yaml @@ -14,12 +14,10 @@ info: - http://opensis.com - https://nvd.nist.gov/vuln/detail/CVE-2024-35584 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2024-35584 cwe-id: CWE-89 - epss-score: 0.71412 - epss-percentile: 0.98621 metadata: max-request: 2 vendor: os4ed @@ -27,7 +25,7 @@ info: shodan-query: http.title:"opensis" fofa-query: title="opensis" google-query: intitle:"opensis" - tags: cve,cve2024,opensis,authenticated,sqli,os4ed + tags: cve,cve2024,opensis,authenticated,sqli http: - raw: diff --git a/http/cves/2024/CVE-2024-36104.yaml b/http/cves/2024/CVE-2024-36104.yaml index c23b368fa9f..deeeecf78e9 100644 --- a/http/cves/2024/CVE-2024-36104.yaml +++ b/http/cves/2024/CVE-2024-36104.yaml @@ -23,15 +23,9 @@ info: metadata: verified: true max-request: 1 - vendor: apache + fofa-query: app="Apache_OFBiz" product: ofbiz - fofa-query: - - app="apache_ofbiz" - - body="apache ofbiz" - shodan-query: - - http.html:"apache ofbiz" - - http.html:"ofbiz" - - ofbiz.visitor= + vendor: apache tags: cve,cve2024,apache,obiz,lfi http: diff --git a/http/cves/2024/CVE-2024-36117.yaml b/http/cves/2024/CVE-2024-36117.yaml index 8e3a75ff031..334d99ee367 100644 --- a/http/cves/2024/CVE-2024-36117.yaml +++ b/http/cves/2024/CVE-2024-36117.yaml @@ -17,16 +17,14 @@ info: cvss-score: 8.6 cve-id: CVE-2024-36117 cwe-id: CWE-22 - epss-score: 0.30151 - epss-percentile: 0.96405 - cpe: cpe:2.3:a:reposilite:reposilite:*:*:*:*:*:*:*:* + epss-score: 0.00045 + epss-percentile: 0.16805 metadata: verified: true max-request: 1 - vendor: reposilite - product: reposilite shodan-query: http.favicon.hash:1212523028 tags: cve,cve2024,reposilite,lfi + variables: javadoc_path: "releases/javadoc/1.0.0/" diff --git a/http/cves/2024/CVE-2024-36401.yaml b/http/cves/2024/CVE-2024-36401.yaml index 82fa338b9d5..cc1255f37b4 100644 --- a/http/cves/2024/CVE-2024-36401.yaml +++ b/http/cves/2024/CVE-2024-36401.yaml @@ -13,29 +13,18 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2024-36401 - https://github.com/vulhub/vulhub/tree/master/geoserver/CVE-2024-36401 - https://github.com/advisories/GHSA-6jj6-gm7p-fcvv - - https://github.com/kkhackz0013/CVE-2024-36401 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2024-36401 - cwe-id: CWE-95,CWE-94 - epss-score: 0.94418 - epss-percentile: 0.99976 - cpe: cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 - vendor: geoserver + max-request: 1 + vendor: osgeo product: geoserver - shodan-query: - - server:"geohttpserver" - - http.title:"geoserver" + shodan-query: "Server: GeoHttpServer" fofa-query: - - '[title="geoserver" app="geoserver"]' - - app="geoserver" - title="geoserver" + - app="geoserver" google-query: intitle:"geoserver" - tags: cve,cve2024,geoserver,rce,unauth,kev,osgeo + tags: cve,cve2024,geoserver,rce,unauth,kev + flow: | if(http(1)) { diff --git a/http/cves/2024/CVE-2024-36404.yaml b/http/cves/2024/CVE-2024-36404.yaml index 95026f4438a..f3963521906 100644 --- a/http/cves/2024/CVE-2024-36404.yaml +++ b/http/cves/2024/CVE-2024-36404.yaml @@ -19,14 +19,11 @@ info: max-request: 1 vendor: osgeo product: geoserver - shodan-query: - - server:"geohttpserver" - - http.title:"geoserver" + shodan-query: "Server: GeoHttpServer" fofa-query: - title="geoserver" - app="geoserver" - google-query: intitle:"geoserver" - tags: cve,cve2024,geoserver,rce,unauth,kev,osgeo + tags: cve,cve2024,geoserver,rce,unauth,kev http: - raw: diff --git a/http/cves/2024/CVE-2024-36412.yaml b/http/cves/2024/CVE-2024-36412.yaml index a3912153c8a..fae504d2819 100644 --- a/http/cves/2024/CVE-2024-36412.yaml +++ b/http/cves/2024/CVE-2024-36412.yaml @@ -11,26 +11,20 @@ info: reference: - https://0x5001.com/web-security/cve-2024-36412-proof-of-concept - https://nvd.nist.gov/vuln/detail/CVE-2024-36412 - - https://github.com/eeeeeeeeee-code/POC - - https://github.com/greenberglinken/2023hvv_1 - - https://github.com/DMW11525708/wiki classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2024-36412 cwe-id: CWE-89 - epss-score: 0.93471 - epss-percentile: 0.99812 cpe: cpe:2.3:a:salesagility:suitecrm:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 1 + verified: true vendor: salesagility product: suitecrm - shodan-query: http.title:"suitecrm" - fofa-query: title="suitecrm" - google-query: intitle:"suitecrm" - tags: time-based-sqli,cve,cve2024,suitecrm,sqli,salesagility + shodan-query: title:"SuiteCRM" + fofa-query: title="SuiteCRM" + tags: time-based-sqli,cve,cve2024,suitecrm,sqli http: - raw: diff --git a/http/cves/2024/CVE-2024-36527.yaml b/http/cves/2024/CVE-2024-36527.yaml index d91de2fbce1..a241a4f977b 100644 --- a/http/cves/2024/CVE-2024-36527.yaml +++ b/http/cves/2024/CVE-2024-36527.yaml @@ -1,23 +1,23 @@ id: CVE-2024-36527 -info: - name: Puppeteer Renderer - Directory Traversal - author: Stux - severity: medium - description: | - puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server. - impact: | - An attacker can exploit this vulnerability to read arbitrary files on the server, potentially gaining access to sensitive information. - remediation: | - Users should update to version 3.3.0 or later where this issue has been addressed. Additionally, ensure that input validation is implemented to restrict the url parameter to only http and https protocols. - reference: - - https://github.com/zenato/puppeteer-renderer/issues/97 - - https://gist.github.com/7a6163/25fef08f75eed219c8ca21e332d6e911 - metadata: - verified: true - max-request: 1 - tags: cve,cve2024,puppeteer-renderer - +info: + name: Puppeteer Renderer - Directory Traversal + author: Stux + severity: medium + description: | + puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server. + impact: | + An attacker can exploit this vulnerability to read arbitrary files on the server, potentially gaining access to sensitive information. + remediation: | + Users should update to version 3.3.0 or later where this issue has been addressed. Additionally, ensure that input validation is implemented to restrict the url parameter to only http and https protocols. + reference: + - https://github.com/zenato/puppeteer-renderer/issues/97 + - https://gist.github.com/7a6163/25fef08f75eed219c8ca21e332d6e911 + metadata: + max-request: 1 + verified: true + tags: cve,cve2024,puppeteer-renderer + http: - method: GET path: diff --git a/http/cves/2024/CVE-2024-3656.yaml b/http/cves/2024/CVE-2024-3656.yaml index 8afb6e90e41..dabea325967 100644 --- a/http/cves/2024/CVE-2024-3656.yaml +++ b/http/cves/2024/CVE-2024-3656.yaml @@ -32,9 +32,9 @@ info: - icon_hash=-1105083093 - body="keycloak" - title="keycloak" - - icon_hash="-1105083093" google-query: intitle:"keycloak" - tags: cve,cve2024,keycloak,auth-bypass,authenticated,redhat + tags: cve,cve2024,keycloak,auth-bypass,authenticated + variables: username: "{{username}}" password: "{{password}}" diff --git a/http/cves/2024/CVE-2024-36683.yaml b/http/cves/2024/CVE-2024-36683.yaml index bd5bedb7541..d84c2766ea4 100644 --- a/http/cves/2024/CVE-2024-36683.yaml +++ b/http/cves/2024/CVE-2024-36683.yaml @@ -3,7 +3,7 @@ id: CVE-2024-36683 info: name: PrestaShop productsalert - SQL Injection author: mastercho - severity: high + severity: critical description: | In the module 'Products Alert' (productsalert) up to version 1.7.4 from Smart Modules for PrestaShop, a guest can perform SQL injection in affected versions. impact: | @@ -11,22 +11,21 @@ info: reference: - https://security.friendsofpresta.org/modules/2024/06/20/productsalert.html - https://nvd.nist.gov/vuln/detail/CVE-2024-36683 - - https://github.com/cyb3r-w0lf/nuclei-template-collection - - https://github.com/20142995/nuclei-templates classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L - cvss-score: 7.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2024-36683 cwe-id: CWE-89 - epss-score: 0.01376 - epss-percentile: 0.7929 + epss-score: 0.04685 + epss-percentile: 0.91818 metadata: verified: true - max-request: 3 + max-request: 2 framework: prestashop shodan-query: html:"/productsalert" fofa-query: body="/productsalert" - tags: time-based-sqli,cve,prestashop,sqli,productsalert,cve2024 + tags: time-based-sqli,cve,cve2023,prestashop,sqli,productsalert + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-3673.yaml b/http/cves/2024/CVE-2024-3673.yaml index 87ddd05c2e8..c9ee6c2f4ee 100644 --- a/http/cves/2024/CVE-2024-3673.yaml +++ b/http/cves/2024/CVE-2024-3673.yaml @@ -11,25 +11,20 @@ info: - https://wpscan.com/vulnerability/0e8930cb-e176-4406-a43f-a6032471debf/ - https://nvd.nist.gov/vuln/detail/CVE-2024-3673 - https://vuldb.com/?id.276216 - - https://github.com/cyb3r-w0lf/nuclei-template-collection - - https://github.com/fkie-cad/nvd-json-data-feeds classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H cvss-score: 9.1 cve-id: CVE-2024-3673 - epss-score: 0.78952 - epss-percentile: 0.98989 - cpe: cpe:2.3:a:salephpscripts:web_directory_free:*:*:*:*:*:wordpress:*:* + epss-score: 0.00043 + epss-percentile: 0.09573 metadata: verified: true max-request: 2 vendor: salephpscripts - product: web_directory_free - framework: wordpress + product: web-directory-free publicwww-query: "/wp-content/plugins/web-directory-free" - shodan-query: http.html:"/wp-content/plugins/web-directory-free" - fofa-query: body=/wp-content/plugins/web-directory-free - tags: wpscan,cve,cve2024,wordpress,wp-plugin,wp,lfi,web-directory-free,salephpscripts + tags: cve,cve2024,wordpress,wp-plugin,wp,lfi,web-directory-free + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-36837.yaml b/http/cves/2024/CVE-2024-36837.yaml index 54d3829dd25..53944f2330e 100644 --- a/http/cves/2024/CVE-2024-36837.yaml +++ b/http/cves/2024/CVE-2024-36837.yaml @@ -9,23 +9,14 @@ info: reference: - https://github.com/phtcloud-dev/CVE-2024-36837 - https://nvd.nist.gov/vuln/detail/CVE-2024-36837 - - https://github.com/lhc321-source/CVE-2024-36837 - - https://github.com/nomi-sec/PoC-in-GitHub - - https://github.com/tanjiti/sec_profile classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2024-36837 - cwe-id: CWE-89 - epss-score: 0.89072 - epss-percentile: 0.99491 - cpe: cpe:2.3:a:crmeb:crmeb:5.2.2:*:*:*:*:*:*:* + cpe: cpe:2.3:a:crmeb:crmeb:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: crmeb product: crmeb - fofa-query: title="crmeb" + fofa-query: title="CRMEB" tags: cve,cve2024,crmeb,sqli variables: num: "{{rand_int(9000000, 9999999)}}" diff --git a/http/cves/2024/CVE-2024-36991.yaml b/http/cves/2024/CVE-2024-36991.yaml index 7d144cde815..4cc89e108b3 100644 --- a/http/cves/2024/CVE-2024-36991.yaml +++ b/http/cves/2024/CVE-2024-36991.yaml @@ -12,9 +12,10 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2024-36991 metadata: verified: true - max-request: 2 + max-request: 1 shodan-query: html:"Login | Splunk" tags: cve,cve2024,splunk,lfi + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-37032.yaml b/http/cves/2024/CVE-2024-37032.yaml index 720f311319a..7ce79cc2989 100644 --- a/http/cves/2024/CVE-2024-37032.yaml +++ b/http/cves/2024/CVE-2024-37032.yaml @@ -14,15 +14,10 @@ info: cpe: cpe:2.3:a:ollama:ollama:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 + max-request: 1 vendor: ollama product: ollama - shodan-query: - - ollama - - ollama is running - zoomeye-query: - - app:"ollama llm" - - app="ollama" + shodan-query: ollama tags: cve,cve2024,ollama,rce http: diff --git a/http/cves/2024/CVE-2024-37152.yaml b/http/cves/2024/CVE-2024-37152.yaml index 69cec2e27a6..b6066a0be81 100644 --- a/http/cves/2024/CVE-2024-37152.yaml +++ b/http/cves/2024/CVE-2024-37152.yaml @@ -9,28 +9,15 @@ info: reference: - https://github.com/argoproj/argo-cd/security/advisories/GHSA-87p9-x75h-p4j2 - https://nvd.nist.gov/vuln/detail/CVE-2024-37152 - - https://github.com/20142995/nuclei-templates classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 - cve-id: CVE-2024-37152 - cwe-id: CWE-287,CWE-306 - epss-score: 0.24372 - epss-percentile: 0.95798 cpe: cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: argoproj product: argo_cd - shodan-query: - - http.html:"argo cd" - - http.title:"argo cd" - fofa-query: - - body="argo cd" - - title="argo cd" - google-query: intitle:"argo cd" - tags: cve,cve2024,argo-cd,info-leak,argoproj + shodan-query: html:"Argo CD" + tags: cve,cve2024,argo-cd,info-leak http: - raw: diff --git a/http/cves/2024/CVE-2024-37393.yaml b/http/cves/2024/CVE-2024-37393.yaml index 97059e3189a..374cdd6ef7e 100644 --- a/http/cves/2024/CVE-2024-37393.yaml +++ b/http/cves/2024/CVE-2024-37393.yaml @@ -2,31 +2,19 @@ id: CVE-2024-37393 info: name: SecurEnvoy Two Factor Authentication - LDAP Injection author: s4e-io - severity: high + severity: critical description: | Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature. reference: - https://www.tenable.com/cve/CVE-2024-37393 - https://www.optistream.io/blogs/tech/securenvoy-cve-2024-37393 - https://securenvoy.com - - https://securenvoy.com/support/ - - https://github.com/nomi-sec/PoC-in-GitHub - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2024-37393 - cwe-id: CWE-319,CWE-89 - epss-score: 0.68671 - epss-percentile: 0.98505 - cpe: cpe:2.3:a:securenvoy:multi-factor_authentication_solutions:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 - vendor: securenvoy - product: multi-factor_authentication_solutions shodan-query: title:"SecurEnvoy" fofa-query: title="SecurEnvoy" tags: cve,cve2024,securenvoy,ldap + variables: userid: "{{to_lower(rand_base(20))}}" diff --git a/http/cves/2024/CVE-2024-3753.yaml b/http/cves/2024/CVE-2024-3753.yaml index 0eedcf5620a..29e819416eb 100644 --- a/http/cves/2024/CVE-2024-3753.yaml +++ b/http/cves/2024/CVE-2024-3753.yaml @@ -13,24 +13,21 @@ info: reference: - https://wpscan.com/vulnerability/e140e109-4176-4b26-bf63-198262a31409/ - https://nvd.nist.gov/vuln/detail/CVE-2024-3753 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L cvss-score: 5.9 cve-id: CVE-2024-3753 cwe-id: CWE-79 - epss-score: 0.0023 - epss-percentile: 0.45887 - cpe: cpe:2.3:a:kibokolabs:hostel:*:*:*:*:*:wordpress:*:* + epss-score: 0.00043 + epss-percentile: 0.09629 + cpe: cpe:2.3:a:kibokolabs:hostel:*:*:*:*:wordpress:*:*:* metadata: max-request: 3 - vendor: kibokolabs - product: hostel - framework: wordpress - shodan-query: http.html:"/wp-content/plugins/hostel/" fofa-query: body="/wp-content/plugins/hostel" publicwww-query: /wp-content/plugins/hostel/ - tags: wpscan,cve,cve2024,wp,wordpress,wp-plugin,hostel,xss + shodan-query: http.html:"/wp-content/plugins/hostel/" + tags: cve,cve2024,wp,wordpress,wp-plugin,hostel,xss + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-37843.yaml b/http/cves/2024/CVE-2024-37843.yaml index 9724d83049d..5e3dd8d8848 100644 --- a/http/cves/2024/CVE-2024-37843.yaml +++ b/http/cves/2024/CVE-2024-37843.yaml @@ -9,31 +9,28 @@ info: reference: - https://blog.smithsecurity.biz/craft-cms-unauthenticated-sqli-via-graphql - https://github.com/gsmith257-cyber/CVE-2024-37843-POC - - https://github.com/nomi-sec/PoC-in-GitHub classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-37843 cwe-id: CWE-89 - epss-score: 0.82214 - epss-percentile: 0.99154 + epss-score: 0.00091 + epss-percentile: 0.39447 cpe: cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:* metadata: - max-request: 1 vendor: craftcms - product: "craft_cms" + product: craft_cms shodan-query: - - '[cpe:"cpe:2.3:a:craftcms:craft_cms" http.html:"craftcms" http.favicon.hash:"-47932290" x-powered-by: craft cms]' - cpe:"cpe:2.3:a:craftcms:craft_cms" - - http.favicon.hash:"-47932290" - http.html:"craftcms" - - x-powered-by:"craft cms" + - http.favicon.hash:"-47932290" + - "X-Powered-By: Craft CMS" fofa-query: - - '[body=craftcms icon_hash=-47932290]' - - body="craftcms" - - icon_hash="-47932290" + - body=craftcms + - icon_hash=-47932290 publicwww-query: craftcms tags: cve,cve2024,craftcms,sqli + variables: matcher: "{{rand_base(4)}}" diff --git a/http/cves/2024/CVE-2024-37881.yaml b/http/cves/2024/CVE-2024-37881.yaml index 47898a380e9..90287cac42a 100644 --- a/http/cves/2024/CVE-2024-37881.yaml +++ b/http/cves/2024/CVE-2024-37881.yaml @@ -13,9 +13,9 @@ info: - https://www.usom.gov.tr/bildirim/tr-24-0726 metadata: verified: true - max-request: 2 + max-request: 1 publicwww-query: "/wp-content/plugins/siteguard/" - tags: cve,cve-2024,siteguard,wp-plugin,cve2024 + tags: cve,cve-2024,siteguard,wp-plugin flow: http(1) && http(2) diff --git a/http/cves/2024/CVE-2024-3822.yaml b/http/cves/2024/CVE-2024-3822.yaml index c7f67865e94..6d166696c36 100644 --- a/http/cves/2024/CVE-2024-3822.yaml +++ b/http/cves/2024/CVE-2024-3822.yaml @@ -6,24 +6,20 @@ info: severity: medium description: | The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. - reference: |- + reference: | - https://wpscan.com/vulnerability/ff5411b1-9e04-4e72-a502-e431d774642a/ - https://nvd.nist.gov/vuln/detail/CVE-2024-3822 - - https://github.com/fkie-cad/nvd-json-data-feeds + - https://wpscan.com/vulnerability/ff5411b1-9e04-4e72-a502-e431d774642a/ classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N - cvss-score: 4.8 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N + cvss-score: 6.5 cve-id: CVE-2024-3822 cwe-id: CWE-79 - epss-score: 0.00168 - epss-percentile: 0.38883 - cpe: cpe:2.3:a:mranderson:base64_encoderdecoder:*:*:*:*:*:wordpress:*:* + epss-score: 0.00043 + epss-percentile: 0.0866 metadata: verified: true max-request: 1 - vendor: mranderson - product: base64_encoderdecoder - framework: wordpress fofa-query: "wp-content/plugins/base64-encoderdecoder/" tags: cve,cve2024,wordpress,wp-plugin,wp,xss,base64-encoderdecoder diff --git a/http/cves/2024/CVE-2024-38288.yaml b/http/cves/2024/CVE-2024-38288.yaml index 0f73e614484..06b5e8b16af 100644 --- a/http/cves/2024/CVE-2024-38288.yaml +++ b/http/cves/2024/CVE-2024-38288.yaml @@ -16,11 +16,11 @@ info: metadata: verified: true max-request: 2 - vendor: rhubcom + shodan-query: html:"TurboMeeting" product: turbomeeting - shodan-query: http.html:"turbomeeting" - fofa-query: body="turbomeeting" - tags: cve,cve2024,rce,turbomeeting,authenticated,rhubcom + vendor: rhubcom + tags: cve,cve2024,rce,turbomeeting,authenticated + variables: username: "{{username}}" password: "{{password}}" diff --git a/http/cves/2024/CVE-2024-38289.yaml b/http/cves/2024/CVE-2024-38289.yaml index 4c45d4fb1e7..dc13850ef15 100644 --- a/http/cves/2024/CVE-2024-38289.yaml +++ b/http/cves/2024/CVE-2024-38289.yaml @@ -8,23 +8,15 @@ info: A Boolean-based SQL injection vulnerability in the "RHUB TurboMeeting" web application. This vulnerability could allow an attacker to execute arbitrary SQL commands on the database server, potentially allowing them to access sensitive data or compromise the server. reference: - https://github.com/google/security-research/security/advisories/GHSA-vx5j-8pgx-v42v - - https://www.rhubcom.com/v5/manuals.html classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2024-38289 - cwe-id: CWE-89 - epss-score: 0.8619 - epss-percentile: 0.99343 cpe: cpe:2.3:a:rhubcom:turbomeeting:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: rhubcom product: turbomeeting - shodan-query: http.html:"turbomeeting" - fofa-query: body="turbomeeting" - tags: cve,cve2024,sqli,turbomeeting,rhubcom + shodan-query: html:"TurboMeeting" + tags: cve,cve2024,sqli,turbomeeting http: - raw: diff --git a/http/cves/2024/CVE-2024-38353.yaml b/http/cves/2024/CVE-2024-38353.yaml index bfb97788943..4515229895a 100644 --- a/http/cves/2024/CVE-2024-38353.yaml +++ b/http/cves/2024/CVE-2024-38353.yaml @@ -14,20 +14,19 @@ info: - https://github.com/hackmdio/codimd/security/advisories/GHSA-2764-jppc-p2hm - https://pulsesecurity.co.nz/advisories/codimd-missing-image-access-controls - https://nvd.nist.gov/vuln/detail/CVE-2024-38353 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2024-38353 cwe-id: CWE-338 - epss-score: 0.01443 - epss-percentile: 0.79735 + epss-score: 0.00043 + epss-percentile: 0.10941 metadata: verified: true max-request: 1 shodan-query: html:"CodiMD" tags: cve,cve2024,file-upload,intrusive,codimd + variables: filename: "{{to_lower(rand_text_alpha(5))}}" diff --git a/http/cves/2024/CVE-2024-38472.yaml b/http/cves/2024/CVE-2024-38472.yaml index ef5fb000f4c..b53a92f0b31 100644 --- a/http/cves/2024/CVE-2024-38472.yaml +++ b/http/cves/2024/CVE-2024-38472.yaml @@ -17,10 +17,8 @@ info: cvss-score: 7.5 cve-id: CVE-2024-38472 cwe-id: CWE-918 - epss-score: 0.83541 - epss-percentile: 0.99213 - metadata: - max-request: 1 + epss-score: 0.00043 + epss-percentile: 0.09568 tags: cve,cve2024,apache,ssrf,oast,httpd http: diff --git a/http/cves/2024/CVE-2024-38473.yaml b/http/cves/2024/CVE-2024-38473.yaml index 84ea1f3d640..6245ca7ed8b 100644 --- a/http/cves/2024/CVE-2024-38473.yaml +++ b/http/cves/2024/CVE-2024-38473.yaml @@ -19,17 +19,16 @@ info: cvss-score: 8.1 cve-id: CVE-2024-38473 cwe-id: CWE-116 - epss-score: 0.80898 - epss-percentile: 0.99087 + epss-score: 0.00043 + epss-percentile: 0.09569 cpe: cpe:/a:apache:http_server, cpe:/a:apache:httpd metadata: - max-request: 16 - vendor: "Apache Software Foundation" - product: "Apache HTTP Server" - google-query: intitle:"apache http server" inurl:"/server-status" - shodan-query: http.title:"apache http server" inurl:"/server-status" - fofa-query: title="apache http server" inurl:"/server-status" - tags: cve,cve2024,apache,acl-bypass,mod_proxy,php-fpm,Apache Software Foundation + max-request: 10 + vendor: Apache Software Foundation + product: Apache HTTP Server + google-query: intitle:"Apache HTTP Server" inurl:"/server-status" + tags: cve,cve2024,apache,acl-bypass,mod_proxy,php-fpm + flow: | http(1) && http(2) http(3) diff --git a/http/cves/2024/CVE-2024-38475.yaml b/http/cves/2024/CVE-2024-38475.yaml index 011bf258501..a6615fc3199 100644 --- a/http/cves/2024/CVE-2024-38475.yaml +++ b/http/cves/2024/CVE-2024-38475.yaml @@ -10,39 +10,17 @@ info: - https://github.com/watchtowrlabs/watchTowr-vs-SonicWall-PreAuth-RCE-Chain/blob/main/watchTowr-vs-SonicWall-PreAuth-RCE-Chain.py - https://labs.watchtowr.com/sonicboom-from-stolen-tokens-to-remote-shells-sonicwall-sma100-cve-2023-44221-cve-2024-38475/ - https://nvd.nist.gov/vuln/detail/CVE-2024-38475 - - https://security.netapp.com/advisory/ntap-20240712-0001/ - - http://www.openwall.com/lists/oss-security/2024/07/01/8 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 9.1 cve-id: CVE-2024-38475 cwe-id: CWE-116 - epss-score: 0.92401 - epss-percentile: 0.9971 - cpe: cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* + epss-score: 0.46951 + epss-percentile: 0.97518 metadata: verified: true - max-request: 2 - vendor: apache - product: http_server - shodan-query: - - http.html:"sonicwall" html:"sma" - - apache 2.4.49 - - cpe:"cpe:2.3:a:apache:http_server" - - http.title:"apache http server test page powered by centos" - - http.title:"apache+default","apache+http+server+test","apache2+it+works" - - http.title:"apache2 debian default page:" - - http.title:"test page for the ssl/tls-aware apache installation on web site" - fofa-query: - - title="apache http server test page powered by centos" - - title="apache+default","apache+http+server+test","apache2+it+works" - - title="apache2 debian default page:" - - title="test page for the ssl/tls-aware apache installation on web site" - google-query: - - intitle:"apache http server test page powered by centos" - - intitle:"apache+default","apache+http+server+test","apache2+it+works" - - intitle:"apache2 debian default page:" - - intitle:"test page for the ssl/tls-aware apache installation on web site" + max-request: 1 + shodan-query: html:"SonicWall" html:"SMA" tags: cve,cve2024,sonicwal,sma-100,lfi,kev http: diff --git a/http/cves/2024/CVE-2024-3848.yaml b/http/cves/2024/CVE-2024-3848.yaml index 5249395179d..be99bf9fcd3 100644 --- a/http/cves/2024/CVE-2024-3848.yaml +++ b/http/cves/2024/CVE-2024-3848.yaml @@ -23,16 +23,16 @@ info: cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 7 + max-request: 5 vendor: lfprojects product: mlflow - shodan-query: http.title:"mlflow" + shodan-query: "http.title:\"mlflow\"" fofa-query: - - '[title="mlflow" app="mlflow"]' - - app="mlflow" - title="mlflow" + - app="mlflow" google-query: intitle:"mlflow" tags: cve,cve2024,mlflow,lfi,intrusive,lfprojects + variables: random: "{{to_lower(rand_text_alpha(5))}}" diff --git a/http/cves/2024/CVE-2024-3850.yaml b/http/cves/2024/CVE-2024-3850.yaml index bc10918554f..388e91ccf0b 100644 --- a/http/cves/2024/CVE-2024-3850.yaml +++ b/http/cves/2024/CVE-2024-3850.yaml @@ -13,24 +13,19 @@ info: reference: - https://global.uniview.com/About_Us/Security/Notice/202406/992932_140493_0.htm - https://nvd.nist.gov/vuln/detail/CVE-2024-3850 - - https://www.cisa.gov/news-events/ics-advisories/icsa-24-156-01 - - https://github.com/r3naissance/nuclei-templates/blob/main/http/cves/2024/CVE-2024-3850.yaml - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2024-3850 cwe-id: CWE-79 - epss-score: 0.03882 - epss-percentile: 0.87691 - cpe: cpe:2.3:o:uniview:nvr301-04s2-p4_firmware:*:*:*:*:*:*:*:* + cpe: cpe:2.3:h:uniview:nvr301-04s2-p4:-:*:*:*:*:*:*:* metadata: verified: true max-request: 1 - vendor: uniview - product: nvr301-04s2-p4_firmware + vendor: Uniview + product: NVR301-04S2-P4 fofa-query: title="NVR301-04-P4" - tags: cve,cve2024,xss,uniview,nvr,Uniview + tags: cve,cve2024,xss,uniview,nvr http: - method: GET diff --git a/http/cves/2024/CVE-2024-38816.yaml b/http/cves/2024/CVE-2024-38816.yaml index e0cbc7210a6..1f6e9cca4a4 100644 --- a/http/cves/2024/CVE-2024-38816.yaml +++ b/http/cves/2024/CVE-2024-38816.yaml @@ -11,16 +11,12 @@ info: - https://github.com/masa42/CVE-2024-38816-PoC - https://spring.io/security/cve-2024-38816 - https://github.com/nomi-sec/PoC-in-GitHub - - https://security.netapp.com/advisory/ntap-20241227-0001/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-38816 - cwe-id: CWE-22 - epss-score: 0.92756 - epss-percentile: 0.99741 - metadata: - max-request: 1 + epss-score: 0.00043 + epss-percentile: 0.09632 tags: cve,cve2024,spring http: diff --git a/http/cves/2024/CVE-2024-38856.yaml b/http/cves/2024/CVE-2024-38856.yaml index 59f3a0298be..09e09489474 100644 --- a/http/cves/2024/CVE-2024-38856.yaml +++ b/http/cves/2024/CVE-2024-38856.yaml @@ -19,15 +19,9 @@ info: metadata: verified: true max-request: 1 - vendor: apache + fofa-query: app="Apache_OFBiz" product: ofbiz - fofa-query: - - app="apache_ofbiz" - - body="apache ofbiz" - shodan-query: - - http.html:"apache ofbiz" - - http.html:"ofbiz" - - ofbiz.visitor= + vendor: apache tags: cve,cve2024,ofbiz,apache,rce,kev http: diff --git a/http/cves/2024/CVE-2024-3922.yaml b/http/cves/2024/CVE-2024-3922.yaml index 45d7c8274c7..36411ffac9a 100644 --- a/http/cves/2024/CVE-2024-3922.yaml +++ b/http/cves/2024/CVE-2024-3922.yaml @@ -13,25 +13,15 @@ info: reference: - https://dokan.co/docs/wordpress/changelog/ - https://nvd.nist.gov/vuln/detail/CVE-2024-3922 - - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9de41de-f2f7-4b16-8ec9-d30bbd3d8786?source=cve - - https://github.com/nomi-sec/PoC-in-GitHub - - https://github.com/truonghuuphuc/CVE-2024-3922-Poc classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 - cve-id: CVE-2024-3922 - cwe-id: CWE-89 - epss-score: 0.89672 - epss-percentile: 0.99524 - cpe: cpe:2.3:a:dokan:dokan_pro_plugin:*:*:*:*:*:wordpress:*:* + cpe: cpe:2.3:a:wedevs:dokan:*:*:*:*:wordpress:*:*:* metadata: verified: true max-request: 2 - vendor: dokan - product: dokan_pro_plugin - framework: wordpress + vendor: wedevs + product: dokan publicwww-query: "/wp-content/plugins/dokan-pro/" - tags: time-based-sqli,cve,cve2024,dokan,wp-plugin,wordpress,wp,dokan-pro,sqli,wedevs + tags: time-based-sqli,cve,cve2024,dokan,wp-plugin,wordpress,wp,dokan-pro,sqli flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-39250.yaml b/http/cves/2024/CVE-2024-39250.yaml index 1272f505a30..a5e744bbaa5 100644 --- a/http/cves/2024/CVE-2024-39250.yaml +++ b/http/cves/2024/CVE-2024-39250.yaml @@ -3,7 +3,7 @@ id: CVE-2024-39250 info: name: EfroTech Timetrax v8.3 - Sql Injection author: s4e-io,efran - severity: critical + severity: high description: | EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface. reference: @@ -11,21 +11,15 @@ info: - https://www.tenable.com/cve/CVE-2024-39250 - https://github.com/efrann/CVE-2024-39250 - https://vuldb.com/?id.272268 - - https://github.com/nomi-sec/PoC-in-GitHub classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2024-39250 - cwe-id: CWE-89 - epss-score: 0.73371 - epss-percentile: 0.98707 + epss-score: 0.00043 + epss-percentile: 0.09359 metadata: - max-request: 2 vendor: efroTech product: timetrax fofa-query: icon_hash="-661694518" - shodan-query: http.favicon.hash:"-661694518" - tags: cve,cve2024,sqli,timetrax,efroTech + tags: cve,cve2024,sqli,timetrax + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-39713.yaml b/http/cves/2024/CVE-2024-39713.yaml index 0a296db9537..0adfc78e6de 100644 --- a/http/cves/2024/CVE-2024-39713.yaml +++ b/http/cves/2024/CVE-2024-39713.yaml @@ -19,13 +19,12 @@ info: epss-percentile: 0.37765 cpe: cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:* metadata: - max-request: 1 - vendor: "rocket.chat" - product: "rocket.chat" + vendor: rocket.chat + product: rocket.chat shodan-query: http.title:"rocket.chat" fofa-query: title="rocket.chat" google-query: intitle:"rocket.chat" - tags: cve,cve2024,hackerone,ssrf,oast,rocket-chat,rocket.chat + tags: cve,cve2024,hackerone,ssrf,oast,rocket-chat http: - raw: diff --git a/http/cves/2024/CVE-2024-39887.yaml b/http/cves/2024/CVE-2024-39887.yaml index 43c93f805d0..f4a19dc8cf2 100644 --- a/http/cves/2024/CVE-2024-39887.yaml +++ b/http/cves/2024/CVE-2024-39887.yaml @@ -12,15 +12,13 @@ info: - http://www.openwall.com/lists/oss-security/2024/07/16/5 - https://lists.apache.org/thread/j55vm41jg3l0x6w49zrmvbf3k0ts5fqz - https://nvd.nist.gov/vuln/detail/CVE-2024-39887 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N cvss-score: 4.3 cve-id: CVE-2024-39887 cwe-id: CWE-89 - epss-score: 0.572 - epss-percentile: 0.97989 - cpe: cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:* + epss-score: 0.00043 + epss-percentile: 0.10702 metadata: verified: true max-request: 3 @@ -32,8 +30,8 @@ info: fofa-query: - body="apache superset" - icon_hash=1582430156 - - icon_hash="1582430156" tags: cve,cve2024,apache,superset,sqli,authenticated + variables: marker: "{{randstr}}" diff --git a/http/cves/2024/CVE-2024-39903.yaml b/http/cves/2024/CVE-2024-39903.yaml index 19485158049..569bce4a1df 100644 --- a/http/cves/2024/CVE-2024-39903.yaml +++ b/http/cves/2024/CVE-2024-39903.yaml @@ -10,22 +10,17 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2024-39903 - https://github.com/widgetti/solara/commit/df2fd66a7f4e8ffd36e8678697a8a4f76760dc54 - https://github.com/widgetti/solara/security/advisories/GHSA-9794-pc4r-438w - - https://github.com/20142995/nuclei-templates - - https://github.com/fkie-cad/nvd-json-data-feeds classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L cvss-score: 8.6 cve-id: CVE-2024-39903 cwe-id: CWE-22 - epss-score: 0.17849 - epss-percentile: 0.94776 - cpe: cpe:2.3:a:widgetti:solara:*:*:*:*:*:*:*:* + epss-score: 0.00044 + epss-percentile: 0.109 metadata: + fofa-query: icon_hash="-223126228" verified: true max-request: 1 - vendor: widgetti - product: solara - fofa-query: icon_hash="-223126228" tags: cve,cve2024,solara,lfi http: diff --git a/http/cves/2024/CVE-2024-39907.yaml b/http/cves/2024/CVE-2024-39907.yaml index 23868fb60f5..b86342dc1c8 100644 --- a/http/cves/2024/CVE-2024-39907.yaml +++ b/http/cves/2024/CVE-2024-39907.yaml @@ -8,23 +8,22 @@ info: 1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues. reference: - https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6 - - https://github.com/20142995/nuclei-templates - - https://github.com/fkie-cad/nvd-json-data-feeds classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-39907 cwe-id: CWE-89 - epss-score: 0.61323 - epss-percentile: 0.9819 + epss-score: 0.00043 + epss-percentile: 0.09387 cpe: cpe:2.3:a:fit2cloud:1panel:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 - vendor: fit2cloud + fofa-query: icon_hash="1300107149" || icon_hash="1453309674" || cert.issuer.cn="1Panel Intermediate CA" product: 1panel - fofa-query: icon_hash="1300107149" || icon_hash="1453309674" || cert.issuer.cn="1panel intermediate ca" - tags: cve,cve2024,sqli,1panel,authenticated,fit2cloud + vendor: fit2cloud + tags: cve,cve2024,sqli,1panel,authenticated + variables: username: "{{username}}" password: "{{password}}" diff --git a/http/cves/2024/CVE-2024-39914.yaml b/http/cves/2024/CVE-2024-39914.yaml index 2785758968c..a05741648a3 100644 --- a/http/cves/2024/CVE-2024-39914.yaml +++ b/http/cves/2024/CVE-2024-39914.yaml @@ -12,21 +12,19 @@ info: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39914 - https://github.com/FOGProject/fogproject/security/advisories/GHSA-7h44-6vq6-cq8j - https://blog.csdn.net/qq_39894062/article/details/140550009 - - https://github.com/FOGProject/fogproject/commit/2413bc034753c32799785e9bf08164ccd0a2759f classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-39914 cwe-id: CWE-77 - epss-score: 0.92665 - epss-percentile: 0.99732 + epss-score: 0.00043 + epss-percentile: 0.09367 metadata: - max-request: 2 vendor: fogproject product: fogproject fofa-query: icon_hash="-1952619005" - shodan-query: http.favicon.hash:"-1952619005" - tags: cve,cve2024,rce,fog,fogproject + tags: cve,cve2024,rce,fog + variables: filename: "{{to_lower(rand_text_alpha(12))}}" num: "{{rand_int(1000, 9999)}}" diff --git a/http/cves/2024/CVE-2024-40348.yaml b/http/cves/2024/CVE-2024-40348.yaml index aa76a8afc92..b8acbb8cac2 100644 --- a/http/cves/2024/CVE-2024-40348.yaml +++ b/http/cves/2024/CVE-2024-40348.yaml @@ -18,8 +18,9 @@ info: max-request: 2 vendor: morpheus65535 product: bazarr - fofa-query: title=="bazarr" && icon_hash="-1983413099" - tags: cve,cve2024,bazarr,lfi,morpheus65535 + fofa-query: title=="Bazarr" && icon_hash="-1983413099" + tags: cve,cve2024,bazarr,lfi + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-4040.yaml b/http/cves/2024/CVE-2024-4040.yaml index d35c73a78f9..508ed89837e 100644 --- a/http/cves/2024/CVE-2024-4040.yaml +++ b/http/cves/2024/CVE-2024-4040.yaml @@ -29,14 +29,9 @@ info: vendor: crushftp product: crushftp shodan-query: + - "html:\"CrushFTP\"" - http.html:"crushftp" - - http.favicon.hash:"-1022206565" - - http.title:"crushftp webinterface" - fofa-query: - - "body=\"crushftp\"" - - icon_hash="-1022206565" - - title="crushftp webinterface" - google-query: intitle:"crushftp webinterface" + fofa-query: "body=\"crushftp\"" tags: cve,cve2024,lfr,crushftp,vfs,kev flow: | if ( !template.hasOwnProperty('username') || !template.hasOwnProperty('password') ) { diff --git a/http/cves/2024/CVE-2024-40422.yaml b/http/cves/2024/CVE-2024-40422.yaml index 143546f7d8a..79b1de40b38 100644 --- a/http/cves/2024/CVE-2024-40422.yaml +++ b/http/cves/2024/CVE-2024-40422.yaml @@ -17,16 +17,16 @@ info: cvss-score: 9.1 cve-id: CVE-2024-40422 cwe-id: CWE-22 - epss-score: 0.87981 - epss-percentile: 0.9943 + epss-score: 0.0087 + epss-percentile: 0.82513 cpe: cpe:2.3:a:stitionai:devika:1.0:*:*:*:*:*:*:* metadata: - max-request: 2 + max-request: 1 vendor: stitionai product: devika fofa-query: icon_hash="-1429839495" - shodan-query: http.favicon.hash:"-1429839495" - tags: cve,cve2024,devika,lfi,stitionai + tags: cve,cve2024,devika,lfi + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-41107.yaml b/http/cves/2024/CVE-2024-41107.yaml index a876a93294c..e6d843633a6 100644 --- a/http/cves/2024/CVE-2024-41107.yaml +++ b/http/cves/2024/CVE-2024-41107.yaml @@ -19,14 +19,11 @@ info: metadata: verified: true max-request: 1 - vendor: apache + fofa-query: app="APACHE-CloudStack" product: cloudstack - fofa-query: - - app="apache-cloudstack" - - title="apache cloudstack" - shodan-query: http.title:"apache cloudstack" - google-query: intitle:"apache cloudstack" + vendor: apache tags: cve,cve2024,apache,cloudstack,auth-bypass + variables: username: "{{username}}" entityid: "{{entityid}}" diff --git a/http/cves/2024/CVE-2024-41667.yaml b/http/cves/2024/CVE-2024-41667.yaml index f4d11bd0bc7..538ce8c6038 100644 --- a/http/cves/2024/CVE-2024-41667.yaml +++ b/http/cves/2024/CVE-2024-41667.yaml @@ -11,18 +11,18 @@ info: - https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-7726-43hg-m23v - https://github.com/OpenIdentityPlatform/OpenAM/commit/fcb8432aa77d5b2e147624fe954cb150c568e0b8 - https://nvd.nist.gov/vuln/detail/CVE-2024-41667 - - https://github.com/Mr-xn/Penetration_Testing_POC classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2024-41667 cwe-id: CWE-94 - epss-score: 0.39887 - epss-percentile: 0.97127 + epss-score: 0.00043 + epss-percentile: 0.09527 metadata: - verified: true max-request: 12 + verified: true tags: cve,cve2024,intrusive,openam,ssti,authenticated + flow: http(1) && http(2) && http(3) && http(4) && http(5) && http(6) && http(7) && http(8) && http(9) && http(10) && http(11) && http(12) variables: diff --git a/http/cves/2024/CVE-2024-41713.yaml b/http/cves/2024/CVE-2024-41713.yaml index 9948d48bf0d..38f2cf0314b 100644 --- a/http/cves/2024/CVE-2024-41713.yaml +++ b/http/cves/2024/CVE-2024-41713.yaml @@ -3,36 +3,28 @@ id: CVE-2024-41713 info: name: Mitel MiCollab - Authentication Bypass author: DhiyaneshDK,watchTowr - severity: critical + severity: high description: | A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations. reference: - https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029 - https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/?123 - https://nvd.nist.gov/vuln/detail/CVE-2024-41713 - - https://github.com/Sanandd/cve-2024-CVE-2024-41713 - - https://github.com/uklad/Micollab-Script classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N - cvss-score: 9.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 cve-id: CVE-2024-41713 cwe-id: CWE-22 - epss-score: 0.93914 - epss-percentile: 0.99863 - cpe: cpe:2.3:a:mitel:micollab:*:*:*:*:*:-:*:* + epss-score: 0.00044 + epss-percentile: 0.12006 metadata: verified: true max-request: 1 vendor: mitel - product: micollab - framework: "-" - shodan-query: - - http.html:"mitel networks" - - http.html:"micollab end user portal" - fofa-query: - - body="mitel networks" - - body="micollab end user portal" - tags: cve,cve204,mitel,cmg-suite,auth-bypass,cve2024,kev + product: cmg_suite + shodan-query: http.html:"Mitel Networks" + fofa-query: body="mitel networks" + tags: cve,cve204,mitel,cmg-suite,auth-bypass http: - raw: diff --git a/http/cves/2024/CVE-2024-41810.yaml b/http/cves/2024/CVE-2024-41810.yaml index 336b04d272e..0b6308d4a99 100644 --- a/http/cves/2024/CVE-2024-41810.yaml +++ b/http/cves/2024/CVE-2024-41810.yaml @@ -6,26 +6,20 @@ info: severity: medium description: | Twisted is an event-based framework for internet applications, supporting Python 3.6+. The Twisted web framework's redirectTo function is vulnerable to reflected XSS if an attacker can control the redirect URL. This template tests for an open redirect and XSS vulnerability in the URL parameter. This vulnerability is fixed in 24.7.0rc1. - reference: - - https://github.com/advisories/GHSA-cf56-g6w6-pqq2 - - https://nvd.nist.gov/vuln/detail/CVE-2024-41810 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2024-41810 - cwe-id: CWE-79 - epss-score: 0.24186 - epss-percentile: 0.9577 - cpe: cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:* + cpe: cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:* + reference: + - https://github.com/advisories/GHSA-cf56-g6w6-pqq2 + - https://nvd.nist.gov/vuln/detail/CVE-2024-41810 metadata: max-request: 2 - vendor: twisted - product: twisted shodan-query: html:'Twisted' html:"python" fofa-query: body="twisted" && "python" - tags: xss,redirect,twisted,python,cve,cve2024 + tags: xss,redirect,twisted,python + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-41955.yaml b/http/cves/2024/CVE-2024-41955.yaml index 139468e66bb..59d10b906c5 100644 --- a/http/cves/2024/CVE-2024-41955.yaml +++ b/http/cves/2024/CVE-2024-41955.yaml @@ -19,11 +19,11 @@ info: cve-id: CVE-2024-41955 cwe-id: CWE-601 metadata: + max-request: 1 verified: true - max-request: 2 vendor: mobsf product: mobsf - fofa-query: mobsf + fofa-query: "MobSF" tags: cve,cve2024,open-redirect,mobsf,authenticated http: diff --git a/http/cves/2024/CVE-2024-4257.yaml b/http/cves/2024/CVE-2024-4257.yaml index 964870de6cc..6b1c2da7a82 100644 --- a/http/cves/2024/CVE-2024-4257.yaml +++ b/http/cves/2024/CVE-2024-4257.yaml @@ -19,7 +19,7 @@ info: epss-percentile: 0.15929 metadata: verified: true - max-request: 2 + max-request: 1 fofa-query: app="LANWON-临床浏览系统" tags: time-based-sqli,cve,cve2024,sqli,blunet diff --git a/http/cves/2024/CVE-2024-42640.yaml b/http/cves/2024/CVE-2024-42640.yaml index 99237d085fa..3b39156386b 100644 --- a/http/cves/2024/CVE-2024-42640.yaml +++ b/http/cves/2024/CVE-2024-42640.yaml @@ -20,7 +20,8 @@ info: epss-percentile: 0.09695 metadata: max-request: 4 - tags: cve,cve2024,angular,rce,intrusive + tags: cve,cve2024,angular,rce + variables: filename: "{{to_lower(rand_text_alpha(12))}}" num: "{{rand_int(1000000,9999999)}}" diff --git a/http/cves/2024/CVE-2024-4295.yaml b/http/cves/2024/CVE-2024-4295.yaml index 98f2e66c6d4..2379d7f8d1a 100644 --- a/http/cves/2024/CVE-2024-4295.yaml +++ b/http/cves/2024/CVE-2024-4295.yaml @@ -6,8 +6,8 @@ info: severity: critical description: | Email Subscribers by Icegram Express <= 5.7.20 contains an unauthenticated SQL injection vulnerability via the hash parameter. - impact: This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. remediation: Fixed in 5.7.21 + impact: This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. reference: - https://www.wordfence.com/threat-intel/vulnerabilities/id/641123af-1ec6-4549-a58c-0a08b4678f45?source=cve - https://github.com/cve-2024/CVE-2024-4295-Poc @@ -22,15 +22,15 @@ info: epss-percentile: 0.39447 cpe: cpe:2.3:a:icegram:email_subscribers_\&_newsletters:*:*:*:*:*:wordpress:*:* metadata: - verified: true - max-request: 1 vendor: icegram product: email_subscribers_\&_newsletters framework: wordpress - fofa-query: body="/wp-content/plugins/email-subscribers/" + verified: true + max-request: 1 publicwww-query: "/wp-content/plugins/email-subscribers/" - shodan-query: http.html:"/wp-content/plugins/email-subscribers/" - tags: time-based-sqli,cve,cve2024,wordpress,wp-plugin,wp,email-subscribers,sqli,icegram + fofa-query: body="/wp-content/plugins/email-subscribers/" + tags: time-based-sqli,cve,cve2024,wordpress,wp-plugin,wp,email-subscribers,sqli + variables: contact_id: "{{contact_id}}" email: "{{email}}" diff --git a/http/cves/2024/CVE-2024-43160.yaml b/http/cves/2024/CVE-2024-43160.yaml index a7345ea95f4..79a45c1700f 100644 --- a/http/cves/2024/CVE-2024-43160.yaml +++ b/http/cves/2024/CVE-2024-43160.yaml @@ -24,9 +24,8 @@ info: product: BerqWP framework: wordpress publicwww-query: "/wp-content/plugins/searchpro" - shodan-query: http.html:"/wp-content/plugins/searchpro" - fofa-query: body=/wp-content/plugins/searchpro - tags: cve,cve2024,file-upload,shell,intrusive,wp,wp-plugin,wordpress,searchpro,BerqWP + tags: cve,cve2024,file-upload,shell,intrusive,wp,wp-plugin,wordpress,searchpro + variables: filename: "{{rand_base(12)}}" num: "{{rand_int(10000000000, 999999999999999)}}" diff --git a/http/cves/2024/CVE-2024-43360.yaml b/http/cves/2024/CVE-2024-43360.yaml index a147466e35c..91a40b4416a 100644 --- a/http/cves/2024/CVE-2024-43360.yaml +++ b/http/cves/2024/CVE-2024-43360.yaml @@ -10,30 +10,20 @@ info: - https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-9cmr-7437-v9fj - https://medium.com/techpioneers/cve-2024-43360-in-depth-analysis-and-implications-for-security-75ceccc746b4 - https://nvd.nist.gov/vuln/detail/CVE-2024-43360 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-43360 cwe-id: CWE-89 - epss-score: 0.55172 - epss-percentile: 0.97895 + epss-score: 0.00068 + epss-percentile: 0.30893 cpe: cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: zoneminder product: zoneminder - fofa-query: - - icon_hash="-1218152116" - - body="zm - login" - - title="zoneminder" - shodan-query: - - http.favicon.hash:"-1218152116" - - http.html:"zm - login" - - http.title:"zoneminder" - google-query: intitle:"zoneminder" + fofa-query: icon_hash="-1218152116" tags: cve,cve2024,zoneminder,sqli http: diff --git a/http/cves/2024/CVE-2024-43425.yaml b/http/cves/2024/CVE-2024-43425.yaml index 376aa387cd2..8e03f51939c 100644 --- a/http/cves/2024/CVE-2024-43425.yaml +++ b/http/cves/2024/CVE-2024-43425.yaml @@ -3,7 +3,7 @@ id: CVE-2024-43425 info: name: Moodle - Remote Code Execution author: iamnoooob,rootxharsh,pdresearch - severity: high + severity: critical description: | Attackers with the permission to create or modify questions in Moodle courses are able to craft malicious inputs for calculated questions, which can be abused to execute arbitrary commands on the underlying system. reference: @@ -11,33 +11,18 @@ info: - https://blog.redteam-pentesting.de/2024/moodle-rce/ - https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-009/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43425 - - https://bugzilla.redhat.com/show_bug.cgi?id=2304253 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.1 + cvss-score: 9.8 cve-id: CVE-2024-43425 - cwe-id: CWE-94 - epss-score: 0.88589 - epss-percentile: 0.99462 cpe: cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 7 - vendor: moodle + max-request: 1 + shodan-query: title:"Moodle" product: moodle - shodan-query: - - http.title:"moodle" - - cpe:"cpe:2.3:a:moodle:moodle" - - http.html:"moodle" - - http.title:"installation moodle" - fofa-query: - - body="moodle" - - title="installation moodle" - - title="moodle" - google-query: - - intitle:"installation moodle" - - intitle:"moodle" - tags: cve,cve2024,moodile,rce,authenticated,moodle + vendor: moodle + tags: cve,cve2024,moodile,rce,authenticated + flow: http(1) && http(2) && http(3) && http(4) && http(5) && http(6) http: diff --git a/http/cves/2024/CVE-2024-4348.yaml b/http/cves/2024/CVE-2024-4348.yaml index 77b0c46a463..131ccb45af6 100644 --- a/http/cves/2024/CVE-2024-4348.yaml +++ b/http/cves/2024/CVE-2024-4348.yaml @@ -17,16 +17,15 @@ info: cvss-score: 4.3 cve-id: CVE-2024-4348 cwe-id: CWE-79 - epss-score: 0.06425 - epss-percentile: 0.90538 + epss-score: 0.00065 + epss-percentile: 0.28259 cpe: cpe:2.3:a:oscommerce:oscommerce:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 - vendor: oscommerce + shodan-query: html:"osCommerce" product: oscommerce - shodan-query: http.html:"oscommerce" - fofa-query: body="oscommerce" + vendor: oscommerce tags: packetstorm,xss,rxss,oscommerce,cve2024,cve http: diff --git a/http/cves/2024/CVE-2024-4358.yaml b/http/cves/2024/CVE-2024-4358.yaml index 49af4ae9644..dda4468cfad 100644 --- a/http/cves/2024/CVE-2024-4358.yaml +++ b/http/cves/2024/CVE-2024-4358.yaml @@ -12,22 +12,14 @@ info: - https://summoning.team/blog/progress-report-server-rce-cve-2024-4358-cve-2024-1800/ - https://github.com/sinsinology/CVE-2024-4358 - https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358 - - https://github.com/12442RF/POC - - https://github.com/DMW11525708/wiki classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2024-4358 - cwe-id: CWE-290 - epss-score: 0.94254 - epss-percentile: 0.99921 - cpe: cpe:2.3:a:telerik:report_server_2024:*:*:*:*:*:*:*:* + cpe: cpe:2.3:a:progress:telerik_report_server:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 - vendor: telerik - product: report_server_2024 shodan-query: title:"Log in | Telerik Report Server" + product: telerik_report_server + vendor: progress tags: cve,cve2024,telerik,progress,auth-bypass,instrusive,kev variables: user: "{{rand_base(6)}}" diff --git a/http/cves/2024/CVE-2024-43917.yaml b/http/cves/2024/CVE-2024-43917.yaml index c8c23bb59f6..e51af171096 100644 --- a/http/cves/2024/CVE-2024-43917.yaml +++ b/http/cves/2024/CVE-2024-43917.yaml @@ -10,15 +10,13 @@ info: - https://patchstack.com/articles/unpatched-sql-injection-vulnerability-in-ti-woocommerce-wishlist-plugin/ - https://patchstack.com/database/vulnerability/ti-woocommerce-wishlist/wordpress-ti-woocommerce-wishlist-plugin-2-8-2-sql-injection-vulnerability?_s_id=cve - https://nvd.nist.gov/vuln/detail/CVE-2024-43917 - - https://github.com/20142995/nuclei-templates - - https://github.com/nomi-sec/PoC-in-GitHub classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L - cvss-score: 9.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2024-43917 cwe-id: CWE-89 - epss-score: 0.8202 - epss-percentile: 0.99145 + epss-score: 0.00091 + epss-percentile: 0.39641 cpe: cpe:2.3:a:templateinvaders:ti_woocommerce_wishlist:*:*:*:*:free:wordpress:*:* metadata: verified: true @@ -28,8 +26,8 @@ info: framework: wordpress fofa-query: body="/wp-content/plugins/ti-woocommerce-wishlist/" publicwww-query: "/wp-content/plugins/ti-woocommerce-wishlist/" - shodan-query: http.html:"/wp-content/plugins/ti-woocommerce-wishlist/" - tags: time-based-sqli,cve,cve2024,wp,wordpress,ti-woocommerce-wishlist,wp-plugin,sqli,templateinvaders,intrusive + tags: time-based-sqli,cve,cve2024,wp,wordpress,ti-woocommerce-wishlist,wp-plugin,sqli + flow: http(1) && http(2) && http(3) && http(4) http: diff --git a/http/cves/2024/CVE-2024-43919.yaml b/http/cves/2024/CVE-2024-43919.yaml index 982c0ec8000..11659d1c7b4 100644 --- a/http/cves/2024/CVE-2024-43919.yaml +++ b/http/cves/2024/CVE-2024-43919.yaml @@ -21,13 +21,13 @@ info: cpe: cpe:2.3:a:yarpp:yet_another_related_posts_plugin:*:*:*:*:*:wordpress:*:* metadata: verified: true - max-request: 2 + max-request: 1 vendor: yarpp - product: "yet_another_related_posts_plugin" + product: yet_another_related_posts_plugin framework: wordpress fofa-query: body="wp-content/plugins/yet-another-related-posts-plugin/" - shodan-query: http.html:"wp-content/plugins/yet-another-related-posts-plugin/" - tags: cve,cve2024,wp,wordpress,wp-plugin,auth-bypass,yet-another-related-posts-plugin,yarpp + tags: cve,cve2024,wp,wordpress,wp-plugin,auth-bypass,yet-another-related-posts-plugin + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-4399.yaml b/http/cves/2024/CVE-2024-4399.yaml index 55b9983e877..24d30ea8a3c 100644 --- a/http/cves/2024/CVE-2024-4399.yaml +++ b/http/cves/2024/CVE-2024-4399.yaml @@ -9,19 +9,17 @@ info: reference: - https://wpscan.com/vulnerability/0690327e-da60-4d71-8b3c-ac9533d82302 - https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-4399 - - https://wpscan.com/vulnerability/0690327e-da60-4d71-8b3c-ac9533d82302/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 9.1 cve-id: CVE-2024-4399 cwe-id: CWE-918 - epss-score: 0.44028 - epss-percentile: 0.9737 metadata: max-request: 2 product: cas fofa-query: body="wp-content/themes/cas/" - tags: wpscan,cve,cve2024,wp,wordpress,wp-theme,ssrf,cas,oast + tags: cve,cve2024,wp,wordpress,wp-theme,ssrf,cas,oast + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-44000.yaml b/http/cves/2024/CVE-2024-44000.yaml index 68d60f4c9b4..8645c3f2459 100644 --- a/http/cves/2024/CVE-2024-44000.yaml +++ b/http/cves/2024/CVE-2024-44000.yaml @@ -24,9 +24,8 @@ info: product: liteSpeed-cache framework: wordpress publicwww-query: "/wp-content/plugins/litespeed-cache" - shodan-query: http.html:"/wp-content/plugins/litespeed-cache" - fofa-query: body=/wp-content/plugins/litespeed-cache - tags: cve,cve2024,info-leak,takeover,wordpress,wp-plugin,litespeed-cache,wp,liteSpeed-technologies + tags: cve,cve2024,info-leak,takeover,wordpress,wp-plugin,litespeed-cache,wp + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-4434.yaml b/http/cves/2024/CVE-2024-4434.yaml index 4642dcb4377..4750219e323 100644 --- a/http/cves/2024/CVE-2024-4434.yaml +++ b/http/cves/2024/CVE-2024-4434.yaml @@ -11,30 +11,21 @@ info: - https://inky-knuckle-2c2.notion.site/Unauthenticated-SQLI-in-Learnpress-plugin-Version-4-2-6-5-a86fe63bcc7b4c9988802688211817fd - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/learnpress/learnpress-wordpress-lms-plugin-4265-unauthenticated-time-based-sql-injection - https://nvd.nist.gov/vuln/detail/CVE-2024-4434 - - https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.5/inc/Databases/class-lp-course-db.php#L508 - - https://plugins.trac.wordpress.org/changeset/3082204/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-4434 - cwe-id: CWE-89 - epss-score: 0.8153 - epss-percentile: 0.99117 - cpe: cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:wordpress:*:* + epss-score: 0.00063 + epss-percentile: 0.2659 + cpe: cpe:2.3:a:thimpress:learnpress:*:*:*:*:wordpress:*:*:* metadata: verified: true max-request: 2 - vendor: thimpress - product: learnpress - framework: wordpress publicwww-query: "/wp-content/plugins/learnpress" - shodan-query: - - http.html:"/wp-content/plugins/learnpress" - - http.html:"wp-content/plugins/learnpress" - fofa-query: - - body="/wp-content/plugins/learnpress" - - body="wp-content/plugins/learnpress" - tags: cve,cve2024,wp,wp-plugin,wordpress,sqli,learnpress,thimpress + product: learnpress + vendor: thimpress + tags: cve,cve2024,wp,wp-plugin,wordpress,sqli,learnpress + variables: num: "{{rand_int(10000, 99999)}}" diff --git a/http/cves/2024/CVE-2024-44349.yaml b/http/cves/2024/CVE-2024-44349.yaml index 0d200ec7a0e..0627d9a0d7d 100644 --- a/http/cves/2024/CVE-2024-44349.yaml +++ b/http/cves/2024/CVE-2024-44349.yaml @@ -9,21 +9,17 @@ info: reference: - https://blog.cybergon.com/posts/cve-2024-44349/ - http://nvd.nist.gov/vuln/detail/CVE-2024-44349 - - https://cybergon.com/ - - https://github.com/AndreaF17/PoC-CVE-2024-44349 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-44349 cwe-id: CWE-89 - epss-score: 0.77309 - epss-percentile: 0.98906 metadata: verified: true max-request: 2 shodan-query: html:"ANTEEO" tags: cve,cve2024,sqli,anteeowms + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-4439.yaml b/http/cves/2024/CVE-2024-4439.yaml index e3bea03bcfc..0f7db3b1bfe 100644 --- a/http/cves/2024/CVE-2024-4439.yaml +++ b/http/cves/2024/CVE-2024-4439.yaml @@ -19,9 +19,9 @@ info: epss-score: 0.00064 epss-percentile: 0.28966 metadata: - max-request: 9 + max-request: 10 framework: wordpress - tags: wpscan,xss,wp,wordpress,footnote,sxss,post,cve2024,cve + tags: wpscan,xss,wp,wordpress,footnote,sxss,post http: - raw: diff --git a/http/cves/2024/CVE-2024-4443.yaml b/http/cves/2024/CVE-2024-4443.yaml index d26116d1e0b..6ca9450e96c 100644 --- a/http/cves/2024/CVE-2024-4443.yaml +++ b/http/cves/2024/CVE-2024-4443.yaml @@ -15,25 +15,20 @@ info: - https://plugins.trac.wordpress.org/changeset/3089626/ - https://www.wordfence.com/threat-intel/vulnerabilities/id/982fb304-08d6-4195-97a3-f18e94295492?source=cve - https://nvd.nist.gov/vuln/detail/CVE-2024-4443 - - https://github.com/WhosGa/MyWiki classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-4443 - cwe-id: CWE-89 - epss-score: 0.93381 - epss-percentile: 0.998 - cpe: cpe:2.3:a:businessdirectoryplugin:business_directory:*:*:*:*:*:wordpress:*:* + epss-score: 0.00063 + epss-percentile: 0.27036 + cpe: cpe:2.3:a:businessdirectoryplugin:business_directory:*:*:*:*:wordpress:*:*:* metadata: verified: true max-request: 1 - vendor: businessdirectoryplugin - product: business_directory - framework: wordpress publicwww-query: "/wp-content/plugins/business-directory-plugin/" - shodan-query: http.html:"/wp-content/plugins/business-directory-plugin/" - fofa-query: body=/wp-content/plugins/business-directory-plugin/ - tags: time-based-sqli,cve,cve2024,sqli,business-directory,wordpress,wp-plugin,businessdirectoryplugin + product: business_directory + vendor: businessdirectoryplugin + tags: time-based-sqli,cve,cve2024,sqli,business-directory,wordpress,wp-plugin http: - raw: diff --git a/http/cves/2024/CVE-2024-44762.yaml b/http/cves/2024/CVE-2024-44762.yaml index ce6e4f8fd90..a246e390bac 100644 --- a/http/cves/2024/CVE-2024-44762.yaml +++ b/http/cves/2024/CVE-2024-44762.yaml @@ -13,21 +13,18 @@ info: - https://www.webmin.com/usermin.html - https://senscybersecurity.nl/cve-2024-44762-explained/ - https://nvd.nist.gov/vuln/detail/CVE-2024-44762 - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2024-44762 cwe-id: CWE-209 - epss-score: 0.21871 - epss-percentile: 0.95422 metadata: verified: true max-request: 1 vendor: webmin product: usermin - shodan-query: http.title:"usermin" - fofa-query: app="usermin" + shodan-query: title:"Usermin" + fofa-query: app="Usermin" tags: cve,cve2024,usermin,webmin,exposure,usernames http: diff --git a/http/cves/2024/CVE-2024-44849.yaml b/http/cves/2024/CVE-2024-44849.yaml index 42e9182d765..a07a2b43a85 100644 --- a/http/cves/2024/CVE-2024-44849.yaml +++ b/http/cves/2024/CVE-2024-44849.yaml @@ -17,18 +17,14 @@ info: cvss-score: 9.8 cve-id: CVE-2024-44849 cwe-id: CWE-434 - epss-score: 0.86437 - epss-percentile: 0.99354 metadata: verified: true max-request: 2 vendor: qualitor product: qualitor - fofa-query: - - qualitor - - icon_hash="-1217039701" - shodan-query: http.favicon.hash:"-1217039701" + fofa-query: "Qualitor" tags: cve,cve2024,rce,file-upload,qualitor,intrusive + variables: filename: "{{rand_base(12)}}" num: "{{rand_int(1000, 9999)}}" diff --git a/http/cves/2024/CVE-2024-45195.yaml b/http/cves/2024/CVE-2024-45195.yaml index 0205fa0112d..39e6ecf87f7 100644 --- a/http/cves/2024/CVE-2024-45195.yaml +++ b/http/cves/2024/CVE-2024-45195.yaml @@ -12,30 +12,25 @@ info: - https://www.rapid7.com/blog/post/2024/09/05/cve-2024-45195-apache-ofbiz-unauthenticated-remote-code-execution-fixed/ - https://ofbiz.apache.org/download.html - https://nvd.nist.gov/vuln/detail/CVE-2024-45195 - - http://www.openwall.com/lists/oss-security/2024/09/03/6 - - https://github.com/fkie-cad/nvd-json-data-feeds classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-45195 cwe-id: CWE-425 - epss-score: 0.94081 - epss-percentile: 0.9989 + epss-score: 0.00045 + epss-percentile: 0.16342 cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* metadata: - max-request: 2 vendor: apache product: ofbiz shodan-query: - - '[ofbiz.visitor= http.html:"ofbiz"]' - - http.html:"apache ofbiz" - - http.html:"ofbiz" - ofbiz.visitor= + - http.html:"ofbiz" fofa-query: - - '[app="apache_ofbiz" body="ofbiz"]' - app="apache_ofbiz" - - body="apache ofbiz" + - body="ofbiz" tags: cve,cve2024,apache,ofbiz,rce,instrusive,kev + variables: filename: "{{to_lower(rand_text_alpha(5))}}" diff --git a/http/cves/2024/CVE-2024-45216.yaml b/http/cves/2024/CVE-2024-45216.yaml index 58ce0191e00..3398bc66b3c 100644 --- a/http/cves/2024/CVE-2024-45216.yaml +++ b/http/cves/2024/CVE-2024-45216.yaml @@ -1,30 +1,30 @@ id: CVE-2024-45216 -info: - name: Apache Solr - Authentication Bypass - author: gumgum - severity: critical - description: | - Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass.A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path.This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing.This issue affects Apache Solr- from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0. - impact: | - Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the issue. - reference: - - https://shfsec.com/cve-2024-45216-authentication-bypass-in-apache-solr - - https://nvd.nist.gov/vuln/detail/CVE-2024-45216 - - https://solr.apache.org/security html#cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2024-45216 - cwe-id: CWE-863,CWE-287 - epss-score: 0.00043 - epss-percentile: 0.09834 - metadata: - verified: true - max-request: 1 - shodan-query: http.html:"Apache Solr" - tags: cve,cve2024,apache,solr,auth-bypass - +info: + name: Apache Solr - Authentication Bypass + author: gumgum + severity: critical + description: | + Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass.A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path.This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing.This issue affects Apache Solr- from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0. + impact: | + Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the issue. + reference: + - https://shfsec.com/cve-2024-45216-authentication-bypass-in-apache-solr + - https://nvd.nist.gov/vuln/detail/CVE-2024-45216 + - https://solr.apache.org/security html#cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-45216 + cwe-id: CWE-863,CWE-287 + epss-score: 0.00043 + epss-percentile: 0.09834 + metadata: + verified: true + max-request: 1 + shodan-query: http.html:"Apache Solr" + tags: cve,cve2024,apache,solr,auth-bypass + http: - raw: - | diff --git a/http/cves/2024/CVE-2024-45241.yaml b/http/cves/2024/CVE-2024-45241.yaml index 7bab95bb7cf..e04ff2946c1 100644 --- a/http/cves/2024/CVE-2024-45241.yaml +++ b/http/cves/2024/CVE-2024-45241.yaml @@ -17,11 +17,12 @@ info: cpe: cpe:2.3:a:centralsquare:crywolf:2024-08-09:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 + max-request: 1 vendor: centralsquare product: crywolf - fofa-query: false alarm reduction website + fofa-query: "False Alarm Reduction Website" tags: cve,cve2024,lfi,centralsquare,crywolf + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-45293.yaml b/http/cves/2024/CVE-2024-45293.yaml index 7d84169bba3..409e22087ff 100644 --- a/http/cves/2024/CVE-2024-45293.yaml +++ b/http/cves/2024/CVE-2024-45293.yaml @@ -15,23 +15,21 @@ info: - https://wpscan.com/vulnerability/c9c13e5b-22ac-44c1-aca7-e2b34238e045/ - https://wordpress.org/plugins/tablepress/ - https://nvd.nist.gov/vuln/detail/CVE-2024-45293 - - https://github.com/20142995/nuclei-templates classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 7.5 cve-id: CVE-2024-45293 cwe-id: CWE-611 - epss-score: 0.21472 - epss-percentile: 0.95366 - cpe: cpe:2.3:a:phpoffice:phpspreadsheet:*:*:*:*:*:*:*:* + cpe: cpe:2.3:a:tablepress:tablepress:*:*:*:*:*:wordpress:* metadata: verified: true max-request: 4 - vendor: phpoffice - product: phpspreadsheet + vendor: wordpress + product: tablepress fofa-query: body="/wp-content/plugins/tablepress" google-query: inurl:"/wp-content/plugins/tablepress" - tags: wpscan,cve2024,cve,tablepress,wp,wp-plugin,wordpress,xxe,intrusive + tags: cve2024,cve,tablepress,wp,wp-plugin,wordpress,xxe,intrusive + flow: http(1) && http(2) variables: diff --git a/http/cves/2024/CVE-2024-45309.yaml b/http/cves/2024/CVE-2024-45309.yaml index b48072da087..6dc70ca8d96 100644 --- a/http/cves/2024/CVE-2024-45309.yaml +++ b/http/cves/2024/CVE-2024-45309.yaml @@ -14,24 +14,21 @@ info: - https://x.com/Siebene7/status/1848727539046617324 - https://github.com/theonedev/onedev/security/advisories/GHSA-7wg5-6864-v489 - https://nvd.nist.gov/vuln/detail/CVE-2024-45309 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-45309 - cwe-id: CWE-22,CWE-200 - epss-score: 0.80448 - epss-percentile: 0.99067 + cwe-id: CWE-22 cpe: cpe:2.3:a:onedev_project:onedev:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 3 - vendor: onedev_project + max-request: 2 + vendor: onedev + shodan-query: html:"onedev.io" product: onedev framework: java - shodan-query: http.html:"onedev.io" - tags: cve,cve2024,lfi,onedev,java + tags: cve,cve2024,lfi,onedev + flow: | http(1) for (let projectName of iterate(template.project)) { diff --git a/http/cves/2024/CVE-2024-45388.yaml b/http/cves/2024/CVE-2024-45388.yaml index 03452feb585..24d1577b6fb 100644 --- a/http/cves/2024/CVE-2024-45388.yaml +++ b/http/cves/2024/CVE-2024-45388.yaml @@ -9,22 +9,14 @@ info: reference: - https://github.com/advisories/GHSA-6xx4-x46f-f897 - https://nvd.nist.gov/vuln/detail/CVE-2024-45388 - - https://codeql.github.com/codeql-query-help/go/go-path-injection - - https://github.com/SpectoLabs/hoverfly/releases/tag/v1.10.3 - - https://github.com/spectolabs/hoverfly/blob/15d6ee9ea4e0de67aec5a41c28d21dc147243da0/core/handlers/v2/simulation_handler.go#L87 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-45388 - cwe-id: CWE-200,CWE-22 - epss-score: 0.91503 - epss-percentile: 0.99637 - cpe: cpe:2.3:a:hoverfly:hoverfly:*:*:*:*:*:*:*:* + cwe-id: CWE-20 metadata: - verified: true max-request: 1 - vendor: hoverfly - product: hoverfly + verified: true shodan-query: http.favicon.hash:1357234275 tags: cve,cve2024,hoverfly,lfi,intrusive diff --git a/http/cves/2024/CVE-2024-45440.yaml b/http/cves/2024/CVE-2024-45440.yaml index e9638920c21..826c0d459c6 100644 --- a/http/cves/2024/CVE-2024-45440.yaml +++ b/http/cves/2024/CVE-2024-45440.yaml @@ -9,20 +9,17 @@ info: reference: - https://senscybersecurity.nl/CVE-2024-45440-Explained/ - https://nvd.nist.gov/vuln/detail/CVE-2024-45440 - - https://www.exploit-db.com/exploits/52266 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2024-45440 cwe-id: CWE-209 - epss-score: 0.76485 - epss-percentile: 0.98864 + epss-score: 0.00046 + epss-percentile: 0.17715 cpe: cpe:2.3:a:drupal:drupal:2023-05-09:*:*:*:*:*:*:* metadata: - verified: true max-request: 1 + verified: true vendor: drupal product: drupal shodan-query: diff --git a/http/cves/2024/CVE-2024-45488.yaml b/http/cves/2024/CVE-2024-45488.yaml index f57c17c5558..77a9765eed8 100644 --- a/http/cves/2024/CVE-2024-45488.yaml +++ b/http/cves/2024/CVE-2024-45488.yaml @@ -20,7 +20,7 @@ info: epss-percentile: 0.09691 metadata: verified: true - max-request: 2 + max-request: 1 shodan-query: html:"Safeguard for Privileged Passwords" tags: cve,cve2024,auth-bypass,safeguard code: diff --git a/http/cves/2024/CVE-2024-45507.yaml b/http/cves/2024/CVE-2024-45507.yaml index 0b99a1ac56d..35caace7565 100644 --- a/http/cves/2024/CVE-2024-45507.yaml +++ b/http/cves/2024/CVE-2024-45507.yaml @@ -24,19 +24,16 @@ info: epss-percentile: 0.7714 cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* metadata: - max-request: 1 vendor: apache product: ofbiz shodan-query: - - '[ofbiz.visitor= http.html:"ofbiz"]' - - http.html:"apache ofbiz" - - http.html:"ofbiz" - ofbiz.visitor= + - http.html:"ofbiz" fofa-query: - - '[app="apache_ofbiz" body="ofbiz"]' - app="apache_ofbiz" - - body="apache ofbiz" + - body="ofbiz" tags: cve,cve2024,apache,obiz,rce,oast + variables: oast: "{{interactsh-url}}" xml: '
' diff --git a/http/cves/2024/CVE-2024-45591.yaml b/http/cves/2024/CVE-2024-45591.yaml index d8a0a0efb0e..6d2e5519981 100644 --- a/http/cves/2024/CVE-2024-45591.yaml +++ b/http/cves/2024/CVE-2024-45591.yaml @@ -21,12 +21,11 @@ info: cwe-id: CWE-359,CWE-862 cpe: cpe:2.3:a:xwiki:platform:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 1 + verified: true vendor: xwiki product: xwiki-platform shodan-query: http.html:"data-xwiki-reference" - fofa-query: body="data-xwiki-reference" tags: cve,cve2024,xwiki,exposure,rest-api http: diff --git a/http/cves/2024/CVE-2024-45622.yaml b/http/cves/2024/CVE-2024-45622.yaml index ee355c5e3db..5396a3085eb 100644 --- a/http/cves/2024/CVE-2024-45622.yaml +++ b/http/cves/2024/CVE-2024-45622.yaml @@ -23,8 +23,9 @@ info: max-request: 3 vendor: asis product: asis - google-query: asis | aplikasi sistem sekolah - tags: packetstorm,cve,cve2024,asis,auth-bypass,sqli + google-query: "ASIS | Aplikasi Sistem Sekolah" + tags: cve,cve2024,asis,auth-bypass,sqli + variables: pass: "{{rand_base(10)}}" diff --git a/http/cves/2024/CVE-2024-4577.yaml b/http/cves/2024/CVE-2024-4577.yaml index 65a51aec9ac..60ef567e36c 100644 --- a/http/cves/2024/CVE-2024-4577.yaml +++ b/http/cves/2024/CVE-2024-4577.yaml @@ -15,22 +15,19 @@ info: - http://www.openwall.com/lists/oss-security/2024/06/07/1 - https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html - https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately - - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-4577 cwe-id: CWE-78 - epss-score: 0.94376 - epss-percentile: 0.99956 + epss-score: 0.95842 + epss-percentile: 0.99612 cpe: cpe:2.3:a:php:php:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 4 vendor: php product: php shodan-query: - - '[cpe:"cpe:2.3:a:php:php" http.title:"php warning" || "fatal error" php.ini the requested resource x-powered-by:"php"]' - cpe:"cpe:2.3:a:php:php" - http.title:"php warning" || "fatal error" - php.ini diff --git a/http/cves/2024/CVE-2024-46310.yaml b/http/cves/2024/CVE-2024-46310.yaml index 1898f59e484..363d045b687 100644 --- a/http/cves/2024/CVE-2024-46310.yaml +++ b/http/cves/2024/CVE-2024-46310.yaml @@ -3,22 +3,13 @@ id: CVE-2024-46310 info: name: FXServer < v9601 - Information Exposure author: s4e-io - severity: critical + severity: medium description: | Incorrect Access Control in FXServer version's v9601 and prior, for CFX.re FiveM, allows unauthenticated users to modify and read userdata via exposed api endpoint. reference: - https://github.com/UwUtisum/CVE-2024-46310 - https://vulmon.com/vulnerabilitydetails?qid=CVE-2024-46310 - https://vulners.com/githubexploit/D31ED8EC-1E21-54F9-AD42-778DAFBC8B4E - - http://cfxre.com - - https://github.com/PRX5Y/CVE-2024-46310 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N - cvss-score: 9.1 - cve-id: CVE-2024-46310 - cwe-id: CWE-281 - epss-score: 0.68747 - epss-percentile: 0.98508 metadata: verified: true max-request: 1 diff --git a/http/cves/2024/CVE-2024-46507.yaml b/http/cves/2024/CVE-2024-46507.yaml index 77fcc4c0c4b..d476760f807 100644 --- a/http/cves/2024/CVE-2024-46507.yaml +++ b/http/cves/2024/CVE-2024-46507.yaml @@ -13,10 +13,11 @@ info: reference: - https://rhinosecuritylabs.com/research/cve-2024-46507-yeti-server-side-template-injection-ssti/ metadata: + shodan-query: html:"Yeti" verified: true max-request: 4 - shodan-query: html:"Yeti" tags: cve,cve2024,yeti,platform,ssti,rce,intrusive + variables: username: "{{username}}" password: "{{password}}" diff --git a/http/cves/2024/CVE-2024-46627.yaml b/http/cves/2024/CVE-2024-46627.yaml index b5db8ae8f78..80307dd7576 100644 --- a/http/cves/2024/CVE-2024-46627.yaml +++ b/http/cves/2024/CVE-2024-46627.yaml @@ -19,16 +19,14 @@ info: cvss-score: 9.1 cve-id: CVE-2024-46627 cwe-id: CWE-284 - epss-score: 0.81787 - epss-percentile: 0.99132 + epss-score: 0.00045 + epss-percentile: 0.16328 metadata: verified: true max-request: 1 vendor: becon product: datagerry shodan-query: http.title:"datagerry" - fofa-query: title="datagerry" - google-query: intitle:"datagerry" tags: cve,cve2024,becon,datagerry,unauth,auth-bypass http: diff --git a/http/cves/2024/CVE-2024-46938.yaml b/http/cves/2024/CVE-2024-46938.yaml index f3108012ad1..f714b4cad1b 100644 --- a/http/cves/2024/CVE-2024-46938.yaml +++ b/http/cves/2024/CVE-2024-46938.yaml @@ -9,26 +9,23 @@ info: reference: - https://www.assetnote.io/resources/research/leveraging-an-order-of-operations-bug-to-achieve-rce-in-sitecore-8-x---10-x - https://nvd.nist.gov/vuln/detail/CVE-2024-46938 - - https://github.com/Linxloop/fork_POC - - https://github.com/Ostorlab/KEV - - https://github.com/eeeeeeeeee-code/POC classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-46938 - cwe-id: CWE-200,NVD-CWE-noinfo - epss-score: 0.91947 - epss-percentile: 0.99672 + epss-score: 0.00087 + epss-percentile: 0.3838 cpe: cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 46 + max-request: 45 vendor: sitecore - product: "experience_commerce" + product: experience_commerce shodan-query: http.title:"sitecore" fofa-query: title="sitecore" google-query: intitle:"sitecore" tags: cve,cve2024,sitecore,lfi,rce + flow: http(1) && http(2) && http(3) http: diff --git a/http/cves/2024/CVE-2024-46986.yaml b/http/cves/2024/CVE-2024-46986.yaml index 93b29135485..4a1f9ccc8d9 100644 --- a/http/cves/2024/CVE-2024-46986.yaml +++ b/http/cves/2024/CVE-2024-46986.yaml @@ -21,18 +21,14 @@ info: epss-percentile: 0.39015 cpe: cpe:2.3:a:tuzitio:camaleon_cms:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 4 + verified: true vendor: tuzitio product: camaleon_cms - shodan-query: - - http.title:"camaleon cms" - - http.html:"camaleon_cms" - fofa-query: - - title="camaleon cms" - - body="camaleon_cms" - google-query: intitle:"camaleon cms" - tags: cve,cve2024,camaleon,intrusive,rce,file-upload,authenticated,tuzitio + shodan-query: title:"Camaleon CMS" + fofa-query: title="Camaleon CMS" + tags: cve,cve2024,camaleon,intrusive,rce,file-upload,authenticated + variables: username: "{{username}}" password: "{{password}}" diff --git a/http/cves/2024/CVE-2024-47062.yaml b/http/cves/2024/CVE-2024-47062.yaml index d6fba474c30..e3fd2e279b3 100644 --- a/http/cves/2024/CVE-2024-47062.yaml +++ b/http/cves/2024/CVE-2024-47062.yaml @@ -10,16 +10,15 @@ info: - https://github.com/advisories/GHSA-58vj-cv5w-v4v6 - https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6 - https://nvd.nist.gov/vuln/detail/CVE-2024-47062 - - https://github.com/20142995/nuclei-templates - - https://github.com/ARPSyndicate/cve-scores classification: - epss-score: 0.46898 - epss-percentile: 0.97512 + epss-score: 0.00043 + epss-percentile: 0.09612 metadata: verified: true max-request: 2 shodan-query: html:"content="Navidrome"" tags: cve,cve2024,sqli,orm-leak,navidrome,authenticated + variables: username: "{{username}}" password: "{{password}}" diff --git a/http/cves/2024/CVE-2024-48248.yaml b/http/cves/2024/CVE-2024-48248.yaml index 5436ca7e68e..a81729849c9 100644 --- a/http/cves/2024/CVE-2024-48248.yaml +++ b/http/cves/2024/CVE-2024-48248.yaml @@ -8,26 +8,13 @@ info: NAKIVO Backup & Replication is a data protection solution used for backing up and restoring virtualized and physical environments. A vulnerability has been identified in certain versions of NAKIVO Backup & Replication that allows an unauthenticated attacker to read arbitrary files on the underlying system. reference: - https://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/ - - https://helpcenter.nakivo.com/Release-Notes/Content/Release-Notes.htm - - https://github.com/watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-48248 - - https://github.com/20142995/nuclei-templates - - https://github.com/Ostorlab/KEV - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 - cve-id: CVE-2024-48248 - cwe-id: CWE-36,NVD-CWE-Other - epss-score: 0.93529 - epss-percentile: 0.99819 - cpe: cpe:2.3:a:nakivo:backup_\&_replication_director:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 - vendor: nakivo - product: backup_\&_replication_director + max-request: 1 shodan-query: title:"NAKIVO" fofa-query: title="NAKIVO" - tags: cve,cve2024,nakivo,backup,lfi,kev + tags: cve,cve2024,nakivo,backup,lfi + variables: string: "{{to_lower(rand_base(5))}}" diff --git a/http/cves/2024/CVE-2024-48307.yaml b/http/cves/2024/CVE-2024-48307.yaml index 0b80a6666d9..f6769ef9b7a 100644 --- a/http/cves/2024/CVE-2024-48307.yaml +++ b/http/cves/2024/CVE-2024-48307.yaml @@ -11,29 +11,24 @@ info: reference: - https://github.com/wy876/POC/blob/main/JeecgBoot/JeecgBoot%E6%8E%A5%E5%8F%A3getTotalData%E5%AD%98%E5%9C%A8%E6%9C%AA%E6%8E%88%E6%9D%83SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E(CVE-2024-48307).md - https://github.com/jeecgboot/JeecgBoot/issues/7237 - - https://github.com/jeecgboot - - https://github.com/jeecgboot/JeecgBoot - - https://github.com/12442RF/POC classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-48307 cwe-id: CWE-89 - epss-score: 0.92631 - epss-percentile: 0.9973 + epss-score: 0.00045 + epss-percentile: 0.17463 metadata: max-request: 2 vendor: jeecg product: jeecg_boot - shodan-query: - - http.favicon.hash:"1380908726" - - http.favicon.hash:"-250963920" fofa-query: - icon_hash="-250963920" - icon_hash=1380908726 - title="jeecg-boot" - - icon_hash="1380908726" + shodan-query: http.favicon.hash:"1380908726" tags: cve2024,cve,jeecg,sqli + variables: num: "999999999" diff --git a/http/cves/2024/CVE-2024-4836.yaml b/http/cves/2024/CVE-2024-4836.yaml index 0d0f7ab3b1d..0cf5ffb78d2 100644 --- a/http/cves/2024/CVE-2024-4836.yaml +++ b/http/cves/2024/CVE-2024-4836.yaml @@ -10,19 +10,11 @@ info: - https://cert.pl/en/posts/2024/07/CVE-2024-4836/ - https://github.com/sleep46/CVE-2024-4836_Check - https://nvd.nist.gov/vuln/detail/CVE-2024-4836 - - https://cert.pl/en/posts/2024/07/CVE-2024-4836 - - https://cert.pl/posts/2024/07/CVE-2024-4836 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2024-4836 - cwe-id: CWE-552 - epss-score: 0.28632 - epss-percentile: 0.96252 metadata: max-request: 5 fofa-query: icon_hash="1491301339" tags: cve,cve2024,cms,edito,info-leak + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-48360.yaml b/http/cves/2024/CVE-2024-48360.yaml index 2f6448d481a..7216481465b 100644 --- a/http/cves/2024/CVE-2024-48360.yaml +++ b/http/cves/2024/CVE-2024-48360.yaml @@ -10,25 +10,21 @@ info: - https://github.com/OpenXP-Research/CVE-2024-48360 - https://packetstormsecurity.com/files/182427/Qualitor-8.24-Server-Side-Request-Forgery.html - https://nvd.nist.gov/vuln/detail/CVE-2024-48360 - - https://www.qualitor.com.br/qualitor-8-20 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-48360 cwe-id: CWE-918 - epss-score: 0.70626 - epss-percentile: 0.98586 + epss-score: 0.00043 + epss-percentile: 0.09945 metadata: verified: true max-request: 2 vendor: qualitor product: qualitor - fofa-query: - - icon_hash="-1217039701" - - qualitor - shodan-query: http.favicon.hash:"-1217039701" - tags: packetstorm,cve,cve2024,ssrf,qualitor + fofa-query: icon_hash="-1217039701" + tags: cve,cve2024,ssrf,qualitor + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-4841.yaml b/http/cves/2024/CVE-2024-4841.yaml index 5e2a3726dc9..c574db1fefa 100644 --- a/http/cves/2024/CVE-2024-4841.yaml +++ b/http/cves/2024/CVE-2024-4841.yaml @@ -11,19 +11,18 @@ info: reference: - https://huntr.com/bounties/740dda3e-7104-4ccf-9ac4-8870e4d6d602 - https://nvd.nist.gov/vuln/detail/CVE-2024-4841 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 4 cve-id: CVE-2024-4841 cwe-id: CWE-29 - epss-score: 0.01173 - epss-percentile: 0.77632 + epss-score: 0.00043 + epss-percentile: 0.09834 metadata: - max-request: 2 + max-request: 1 fofa-query: "LoLLMS WebUI - Welcome" tags: cve,cve2024,lollms-webui,traversal + variables: folder: "{{to_upper(rand_text_alpha(10))}}" diff --git a/http/cves/2024/CVE-2024-48455.yaml b/http/cves/2024/CVE-2024-48455.yaml index 7deebf2c283..514bce79537 100644 --- a/http/cves/2024/CVE-2024-48455.yaml +++ b/http/cves/2024/CVE-2024-48455.yaml @@ -3,26 +3,24 @@ id: CVE-2024-48455 info: name: Netis Wifi Router - Information Disclosure author: s4e-io - severity: low + severity: high description: | An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and 1.0.1.3031 allows a remote attacker to obtain sensitive information via the mode_name, wl_link parameters of the skk_get.cgi component. reference: - https://attackerkb.com/topics/L6qgmDIMa1/cve-2024-48455 - https://github.com/users/h00die-gr3y/projects/1/views/1 - https://nvd.nist.gov/vuln/detail/CVE-2024-48455 - - https://github.com/users/h00die-gr3y/projects/1/views/1?pane=issue&itemId=92065458&issue=h00die-gr3y%7Ch00die-gr3y%7C2 - - https://github.com/20142995/nuclei-templates classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N - cvss-score: 2.7 + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 cve-id: CVE-2024-48455 cwe-id: CWE-200 - epss-score: 0.63495 - epss-percentile: 0.98273 + epss-score: 0.00043 + epss-percentile: 0.11049 metadata: max-request: 1 fofa-query: title="Netis" - tags: netis,router,exposure,cve2024,cve + tags: netis,router,exposure http: - raw: diff --git a/http/cves/2024/CVE-2024-48766.yaml b/http/cves/2024/CVE-2024-48766.yaml index 1e33c4f7d4f..0753f8a7c62 100644 --- a/http/cves/2024/CVE-2024-48766.yaml +++ b/http/cves/2024/CVE-2024-48766.yaml @@ -3,7 +3,7 @@ id: CVE-2024-48766 info: name: NetAlert X - Arbitary File Read author: s4e-io - severity: high + severity: critical description: | A directory traversal vulnerability has been identified in NetAlertX versions v24.7.18 - v24.9.12. impact: | @@ -14,22 +14,14 @@ info: - https://advisories.checkpoint.com/defense/advisories/public/2025/cpai-2024-1358.html - https://github.com/rapid7/metasploit-framework/pull/19881 - https://github.com/jokob-sk/NetAlertX - - https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/scanner/http/netalertx_file_read.rb - - https://rhinosecuritylabs.com/research/cve-2024-46506-rce-in-netalertx/ - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 - cve-id: CVE-2024-48766 - cwe-id: CWE-698 - epss-score: 0.65361 - epss-percentile: 0.98358 metadata: verified: true max-request: 1 vendor: jokob-sk product: netalertx - fofa-query: netalert x - tags: cve,cve2024,netalertx,lfi,jokob-sk + fofa-query: "NetAlert X" + tags: cve,cve2024,netalertx,lfi + variables: filename: "{{rand_base(6)}}" diff --git a/http/cves/2024/CVE-2024-4879.yaml b/http/cves/2024/CVE-2024-4879.yaml index e20b5a52679..c728383d9d4 100644 --- a/http/cves/2024/CVE-2024-4879.yaml +++ b/http/cves/2024/CVE-2024-4879.yaml @@ -22,7 +22,6 @@ info: fofa-query: - icon_hash=1701804003 - title="servicenow" - - icon_hash="1701804003" google-query: intitle:"servicenow" tags: cve,cve2024,servicenow,ssti,kev diff --git a/http/cves/2024/CVE-2024-4885.yaml b/http/cves/2024/CVE-2024-4885.yaml index 5fc535bfee9..e7bd62e43af 100644 --- a/http/cves/2024/CVE-2024-4885.yaml +++ b/http/cves/2024/CVE-2024-4885.yaml @@ -17,22 +17,16 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-4885 - cwe-id: CWE-22,NVD-CWE-noinfo - epss-score: 0.94278 - epss-percentile: 0.99926 + cwe-id: CWE-22 + epss-score: 0.00066 + epss-percentile: 0.29461 cpe: cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 - vendor: progress + shodan-query: html:"WhatsUp Gold" product: whatsup_gold - shodan-query: - - http.html:"whatsup gold" - - http.title:"whatsup gold" http.favicon.hash:-2107233094 - fofa-query: - - body="whatsup gold" - - title="whatsup gold" http.favicon.hash:-2107233094 - google-query: intitle:"whatsup gold" http.favicon.hash:-2107233094 + vendor: progress tags: cve,cve2024,rce,progress,whatsup,lfi,kev http: diff --git a/http/cves/2024/CVE-2024-48914.yaml b/http/cves/2024/CVE-2024-48914.yaml index c1760ff7f62..855f179bb12 100644 --- a/http/cves/2024/CVE-2024-48914.yaml +++ b/http/cves/2024/CVE-2024-48914.yaml @@ -28,8 +28,8 @@ info: max-request: 1 vendor: vendure-ecommerce product: vendure - fofa-query: vendure - tags: cve,cve2024,vendure,lfi,file-read,vendure-ecommerce + fofa-query: "Vendure" + tags: cve,cve2024,vendure,lfi,file-read http: - method: GET diff --git a/http/cves/2024/CVE-2024-49380.yaml b/http/cves/2024/CVE-2024-49380.yaml index 5fc3d22e025..b177f08dcfd 100644 --- a/http/cves/2024/CVE-2024-49380.yaml +++ b/http/cves/2024/CVE-2024-49380.yaml @@ -3,29 +3,25 @@ id: CVE-2024-49380 info: name: Plenti < v0.7.2 - OS Command Injection author: iamnoooob,rootxharsh,pdresearch - severity: high + severity: critical description: | Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the vulnerability. reference: - https://securitylab.github.com/advisories/GHSL-2024-297_GHSL-2024-298_plenti/ - https://nvd.nist.gov/vuln/detail/CVE-2024-49380 - - https://github.com/plentico/plenti/blob/01825e0dcd3505fac57adc2edf29f772d585c008/cmd/serve.go#L205 - - https://github.com/plentico/plenti/releases/tag/v0.7.2 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N - cvss-score: 7.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2024-49380 - cwe-id: CWE-74,CWE-78 - epss-score: 0.26034 - epss-percentile: 0.95971 - cpe: cpe:2.3:a:plenti:plenti:*:*:*:*:*:*:*:* + cwe-id: CWE-78 + epss-score: 0.00046 + epss-percentile: 0.17681 metadata: - verified: true max-request: 2 - vendor: plenti - product: plenti + verified: true shodan-query: title:"Plenti" tags: cve,cve2024,plenti,rce,injection,intrusive + variables: filename: "{{rand_base(6)}}" diff --git a/http/cves/2024/CVE-2024-4940.yaml b/http/cves/2024/CVE-2024-4940.yaml index cdb01511265..c1498dc21a8 100644 --- a/http/cves/2024/CVE-2024-4940.yaml +++ b/http/cves/2024/CVE-2024-4940.yaml @@ -8,15 +8,13 @@ info: An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others. This issue is due to improper validation of user-supplied input in the handling of URLs. Attackers can exploit this vulnerability by crafting a malicious URL that, when processed by the application, redirects the user to an attacker-controlled web page. reference: - https://huntr.com/bounties/35aaea93-6895-4f03-9c1b-cd992665aa60 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2024-4940 cwe-id: CWE-601 - epss-score: 0.00982 - epss-percentile: 0.75659 + epss-score: 0.00061 + epss-percentile: 0.26739 metadata: verified: true max-request: 1 @@ -29,7 +27,7 @@ info: - body="__gradio_mode__" - title="gradio" google-query: intitle:"gradio" - tags: cve,cve2024,redirect,oast,gradio,xss,gradio_project + tags: cve,cve2024,redirect,oast,gradio http: - raw: diff --git a/http/cves/2024/CVE-2024-4956.yaml b/http/cves/2024/CVE-2024-4956.yaml index e41f1207749..1ec8f8fe324 100644 --- a/http/cves/2024/CVE-2024-4956.yaml +++ b/http/cves/2024/CVE-2024-4956.yaml @@ -11,21 +11,22 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2024-4956 - https://support.sonatype.com/hc/en-us/articles/29416509323923 - https://github.com/fkie-cad/nvd-json-data-feeds - - https://github.com/k3ppf0r/2024-PocLib classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-4956 cwe-id: CWE-22 - epss-score: 0.93976 - epss-percentile: 0.99872 + epss-score: 0.00044 + epss-percentile: 0.10128 cpe: cpe:2.3:a:sonatype:nexus:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: sonatype product: nexus - fofa-query: title="nexus repository manager" + fofa-query: + - title="Nexus Repository Manager" + - title="nexus repository manager" tags: cve,cve2024,nexus,lfi,sonatype http: diff --git a/http/cves/2024/CVE-2024-50340.yaml b/http/cves/2024/CVE-2024-50340.yaml index 0fff8cf7cc1..a8fdff9a19b 100644 --- a/http/cves/2024/CVE-2024-50340.yaml +++ b/http/cves/2024/CVE-2024-50340.yaml @@ -19,13 +19,14 @@ info: cvss-score: 7.3 cve-id: CVE-2024-50340 cwe-id: CWE-74 - epss-score: 0.85487 - epss-percentile: 0.99311 + epss-score: 0.00043 + epss-percentile: 0.10043 metadata: verified: true - max-request: 2 + max-request: 1 fofa-query: 'body="
" || header="Set-Cookie: symfony"' tags: cve,cve2024,symfony,phpinfo + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-50498.yaml b/http/cves/2024/CVE-2024-50498.yaml index a067b2031a0..e29ce12ac14 100644 --- a/http/cves/2024/CVE-2024-50498.yaml +++ b/http/cves/2024/CVE-2024-50498.yaml @@ -26,8 +26,7 @@ info: product: wp_query_console framework: wordpress fofa-query: body="wp-content/plugins/wp-query-console/" - shodan-query: http.html:"wp-content/plugins/wp-query-console/" - tags: cve,cve2024,wp,wordpress,wp-plugin,wp-query-console,rce,lubus + tags: cve,cve2024,wp,wordpress,wp-plugin,wp-query-console,rce http: - raw: diff --git a/http/cves/2024/CVE-2024-50603.yaml b/http/cves/2024/CVE-2024-50603.yaml index 1d6edab5f12..6227e9fe882 100644 --- a/http/cves/2024/CVE-2024-50603.yaml +++ b/http/cves/2024/CVE-2024-50603.yaml @@ -11,15 +11,13 @@ info: - https://docs.aviatrix.com/documentation/latest/network-security/index.html - https://docs.aviatrix.com/documentation/latest/release-notices/psirt-advisories/psirt-advisories.html?expand=true#remote-code-execution-vulnerability-in-aviatrix-controllers - https://nvd.nist.gov/vuln/detail/CVE-2024-50603 - - https://github.com/newlinesec/CVE-2024-50603 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cve-id: CVE-2024-50603 cwe-id: CWE-78 - epss-score: 0.94331 - epss-percentile: 0.99941 - cpe: cpe:2.3:a:aviatrix:controller:*:*:*:*:*:*:*:* + epss-score: 0.00046 + epss-percentile: 0.1845 metadata: verified: true max-request: 1 @@ -31,12 +29,10 @@ info: fofa-query: - app="aviatrix-controller" - title="aviatrix cloud controller" - - title="aviatrix controller" - google-query: - - intitle:"aviatrix cloud controller" - - intitle:"aviatrix controller" - zoomeye-query: app="aviatrix controller" + google-query: intitle:"aviatrix cloud controller" + zoomeye-query: app="Aviatrix Controller" tags: cve,cve2024,aviatrix,controller,rce,oast,kev + variables: oast: "{{interactsh-url}}" diff --git a/http/cves/2024/CVE-2024-5082.yaml b/http/cves/2024/CVE-2024-5082.yaml index d451f38a852..d0c8b3c19b1 100644 --- a/http/cves/2024/CVE-2024-5082.yaml +++ b/http/cves/2024/CVE-2024-5082.yaml @@ -9,15 +9,15 @@ info: reference: - https://github.blog/security/vulnerability-research/attacks-on-maven-proxy-repositories/ - https://support.sonatype.com/hc/en-us/articles/30694125380755 - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: - epss-score: 0.10034 - epss-percentile: 0.92645 + epss-score: 0.00043 + epss-percentile: 0.11435 metadata: verified: true max-request: 3 shodan-query: html:"Nexus Repository" tags: cve,cve2024,intrusive,nexus,sonartype + flow: http(1) && http(2) && http(3) variables: diff --git a/http/cves/2024/CVE-2024-5084.yaml b/http/cves/2024/CVE-2024-5084.yaml index ca606419b81..934e89a616b 100644 --- a/http/cves/2024/CVE-2024-5084.yaml +++ b/http/cves/2024/CVE-2024-5084.yaml @@ -11,24 +11,21 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2024-5084 - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/hash-form/hash-form-drag-drop-form-builder-110-unauthenticated-arbitrary-file-upload-to-remote-code-execution - https://github.com/WOOOOONG/CVE-2024-5084/blob/main/CVE-2024-5084_exploit.py - - https://plugins.trac.wordpress.org/browser/hash-form/trunk/admin/classes/HashFormBuilder.php#L764 - - https://www.wordfence.com/threat-intel/vulnerabilities/id/eef9e2fa-d8f0-42bf-95ac-ee4cafff0b14?source=cve classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-5084 - cwe-id: CWE-434 - epss-score: 0.90768 - epss-percentile: 0.99593 - cpe: cpe:2.3:a:hashthemes:hash_form:*:*:*:*:*:wordpress:*:* + epss-score: 0.00063 + epss-percentile: 0.27036 metadata: verified: true - max-request: 3 - vendor: hashthemes - product: hash_form + max-request: 1 + vendor: HashThemes + product: Hash Form framework: wordpress publicwww-query: "/wp-content/plugins/hash-form/" - tags: cve,cve2024,wp-plugin,wordpress,file-upload,rce,intrusive,HashThemes + tags: cve,cve2024,wp-plugin,wordpress,file-upload,rce,intrusive + variables: filename: "{{rand_base(5)}}" num: "{{rand_int(1000, 9999)}}" diff --git a/http/cves/2024/CVE-2024-50967.yaml b/http/cves/2024/CVE-2024-50967.yaml index 32a8fe91741..be21be6e7f3 100644 --- a/http/cves/2024/CVE-2024-50967.yaml +++ b/http/cves/2024/CVE-2024-50967.yaml @@ -3,22 +3,18 @@ id: CVE-2024-50967 info: name: DATAGERRY - Improper Access Control author: s4e-io,0xByteHunter - severity: medium + severity: high description: | The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely access this endpoint without authentication, leading to unauthorized disclosure of sensitive information. reference: - https://medium.com/@0xbytehunter/my-first-cve-discovery-of-broken-access-control-in-the-datagerry-platform-7b0404f88a43 - https://github.com/0xByteHunter/CVE-2024-50967 - https://nvd.nist.gov/vuln/detail/CVE-2024-50967 - - https://datagerry.readthedocs.io/en/latest/api/rest/user-management.html#rights - - https://github.com/ARPSyndicate/cve-scores classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N - cvss-score: 6.5 cve-id: CVE-2024-50967 - cwe-id: CWE-862 - epss-score: 0.39062 - epss-percentile: 0.97078 + cwe-id: CWE-200 + epss-score: 0.00045 + epss-percentile: 0.17796 metadata: verified: true max-request: 1 @@ -27,7 +23,7 @@ info: shodan-query: http.title:"datagerry" fofa-query: title="datagerry" google-query: intitle:"datagerry" - tags: cve,cve2024,datagerry,auth-bypass,becon + tags: cve,cve2024,datagerry,auth-bypass http: - method: GET diff --git a/http/cves/2024/CVE-2024-51378.yaml b/http/cves/2024/CVE-2024-51378.yaml index 6f46918269a..48eb65a998d 100644 --- a/http/cves/2024/CVE-2024-51378.yaml +++ b/http/cves/2024/CVE-2024-51378.yaml @@ -12,22 +12,19 @@ info: - https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/ - https://refr4g.github.io/posts/cyberpanel-command-injection-vulnerability/ - https://nvd.nist.gov/vuln/detail/CVE-2024-51378 - - https://cwe.mitre.org/data/definitions/420.html - - https://cwe.mitre.org/data/definitions/78.html classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2024-51378 - cwe-id: CWE-78,CWE-276 - epss-score: 0.93956 - epss-percentile: 0.9987 + cwe-id: CWE-78 + epss-score: 0.97854 + epss-percentile: 0.99967 cpe: cpe:2.3:a:cyberpanel:cyberpanel:*:*:*:*:*:*:*:* metadata: + max-request: 1 verified: true - max-request: 4 - vendor: cyberpanel - product: cyberpanel - shodan-query: http.html:"cyberpanel" + product: CyberPanel + shodan-query: html:"CyberPanel" fofa-query: app="CyberPanel" tags: cve,cve2024,cyberpanel,rce,kev diff --git a/http/cves/2024/CVE-2024-51482.yaml b/http/cves/2024/CVE-2024-51482.yaml index 18e3340fefb..cbc11643e43 100644 --- a/http/cves/2024/CVE-2024-51482.yaml +++ b/http/cves/2024/CVE-2024-51482.yaml @@ -10,30 +10,19 @@ info: - https://securityonline.info/zoneminders-cve-2024-51482-a-10-10-severity-vulnerability-exposes-sql-databases/ - https://github-production-user-asset-6210df.s3.amazonaws.com/104687644/381894613-3cc50e51-68cf-4540-8225-4288f73e0c08.mp4?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20241129%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241129T074108Z&X-Amz-Expires=300&X-Amz-Signature=9cc5b01b0482cbd5573c223a1d44e9ffed10afd7d042d76e8308dfcf3bb7e8a5&X-Amz-SignedHeaders=host - https://nvd.nist.gov/vuln/detail/CVE-2024-51482 - - https://github.com/ZoneMinder/zoneminder/commit/9e7d31841ed9678a7dd06869037686fc9925e59f - - https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-qm8h-3xvf-m7j3 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H cvss-score: 9.9 cve-id: CVE-2024-51482 cwe-id: CWE-89 - epss-score: 0.23664 - epss-percentile: 0.95684 cpe: cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:* metadata: max-request: 4 vendor: zoneminder product: zoneminder - shodan-query: - - http.title:"zoneminder" - - http.favicon.hash:"-1218152116" - - http.html:"zm - login" - fofa-query: - - body="zm - login" - - icon_hash="-1218152116" - - title="zoneminder" - google-query: intitle:"zoneminder" + shodan-query: title:"ZoneMinder" tags: cve,cve2024,zoneminder,sqli,authenticated + flow: http(1) && http(2) && http(3) http: diff --git a/http/cves/2024/CVE-2024-51483.yaml b/http/cves/2024/CVE-2024-51483.yaml index 4220951d33f..d5b5562187e 100644 --- a/http/cves/2024/CVE-2024-51483.yaml +++ b/http/cves/2024/CVE-2024-51483.yaml @@ -15,8 +15,8 @@ info: classification: cve-id: CVE-2024-51483 cwe-id: CWE-22 - epss-score: 0.12064 - epss-percentile: 0.93403 + epss-score: 0.00065 + epss-percentile: 0.3006 cpe: cpe:2.3:a:changedetection:changedetection:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2024/CVE-2024-51567.yaml b/http/cves/2024/CVE-2024-51567.yaml index 8787035b9df..3ef2873e883 100644 --- a/http/cves/2024/CVE-2024-51567.yaml +++ b/http/cves/2024/CVE-2024-51567.yaml @@ -18,15 +18,15 @@ info: cvss-score: 10 cve-id: CVE-2024-51567 cwe-id: CWE-306 - epss-score: 0.94261 - epss-percentile: 0.99922 + epss-score: 0.36703 + epss-percentile: 0.97306 cpe: cpe:2.3:a:cyberpanel:cyberpanel:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: cyberpanel product: cyberpanel - shodan-query: http.html:"cyberpanel" + shodan-query: html:"CyberPanel" tags: cve,cve2024,cyberpanel,rce,intrusive,kev flow: http(1) && http(2) diff --git a/http/cves/2024/CVE-2024-51739.yaml b/http/cves/2024/CVE-2024-51739.yaml index 8390e3305ce..ea15ace42cd 100644 --- a/http/cves/2024/CVE-2024-51739.yaml +++ b/http/cves/2024/CVE-2024-51739.yaml @@ -3,36 +3,28 @@ id: CVE-2024-51739 info: name: iTop - User Enumeration via REST Endpoint author: DhiyaneshDk - severity: high + severity: medium description: | From the webservices/rest.php file, several operations are accessible from an unauthenticated user. One of them is `do_reset_pwd`, allowing to reset a user password. This feature can be abused to perform user enumeration when a non-existent user is provided. reference: - https://www.synacktiv.com/en/advisories/multiple-vulnerabilities-on-itop - https://github.com/Combodo/iTop/security/advisories/GHSA-2hmf-p27w-phf9 - https://nvd.nist.gov/vuln/detail/CVE-2024-51739 - - https://github.com/ARPSyndicate/cve-scores - - https://github.com/fkie-cad/nvd-json-data-feeds classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 cve-id: CVE-2024-51739 - cwe-id: CWE-200,CWE-203 - epss-score: 0.46896 - epss-percentile: 0.97512 + cwe-id: CWE-200 + epss-score: 0.00137 + epss-percentile: 0.34912 cpe: cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: combodo product: itop - shodan-query: - - http.html:" itop login" - - http.html:"installation" html:"itop" - - http.html:"itop login" - fofa-query: - - body=" itop login" - - body="installation" html:"itop" - - body="itop login" - tags: cve,cve2024,itop,enum,unauth,combodo + shodan-query: http.html:" itop login" + fofa-query: body=" itop login" + tags: cve,cve2024,itop,enum,unauth http: - method: GET diff --git a/http/cves/2024/CVE-2024-5217.yaml b/http/cves/2024/CVE-2024-5217.yaml index b71c4e51f72..ba9bc14627b 100644 --- a/http/cves/2024/CVE-2024-5217.yaml +++ b/http/cves/2024/CVE-2024-5217.yaml @@ -22,7 +22,6 @@ info: fofa-query: - icon_hash=1701804003 - title="servicenow" - - icon_hash="1701804003" google-query: intitle:"servicenow" tags: cve,cve2024,servicenow,rce,kev diff --git a/http/cves/2024/CVE-2024-52433.yaml b/http/cves/2024/CVE-2024-52433.yaml index f2b60a4dd34..9cebafdeb2c 100644 --- a/http/cves/2024/CVE-2024-52433.yaml +++ b/http/cves/2024/CVE-2024-52433.yaml @@ -25,7 +25,7 @@ info: vendor: mindstien product: my_geo_posts_free framework: wordpress - tags: cve,cve2024,wordpress,wp,wp-plugin,my-geo-posts-free,php,injection,mindstien + tags: cve,cve2024,wordpress,wp,wp-plugin,my-geo-posts-free,php,injection variables: string: '{{rand_text_alpha(5)}}' diff --git a/http/cves/2024/CVE-2024-5276.yaml b/http/cves/2024/CVE-2024-5276.yaml index cd52e969cf1..c2008cbff8d 100644 --- a/http/cves/2024/CVE-2024-5276.yaml +++ b/http/cves/2024/CVE-2024-5276.yaml @@ -19,10 +19,11 @@ info: epss-score: 0.00198 epss-percentile: 0.57788 metadata: - verified: true max-request: 6 + verified: true fofa-query: body="FileCatalyst file transfer solution, easily transfer large files" - tags: cve,sqli,auth-bypass,fortra,filecatalyst,instrusive,cve2024 + tags: cve,cve2024,sqli,auth-bypass,fortra,filecatalyst,instrusive,sqli + variables: ctxpath: "workflow" username: "{{randstr}}" diff --git a/http/cves/2024/CVE-2024-52763.yaml b/http/cves/2024/CVE-2024-52763.yaml index 67b6a70c234..c339d6b86b2 100644 --- a/http/cves/2024/CVE-2024-52763.yaml +++ b/http/cves/2024/CVE-2024-52763.yaml @@ -13,13 +13,12 @@ info: cvss-score: 5.4 cve-id: CVE-2024-52763 cwe-id: CWE-79 - epss-score: 0.00171 - epss-percentile: 0.3928 + epss-score: 0.00045 + epss-percentile: 0.16715 cpe: cpe:2.3:a:ganglia:ganglia-web:*:*:*:*:*:*:*:* metadata: - max-request: 1 vendor: ganglia - product: "ganglia-web" + product: ganglia-web shodan-query: http.html:"ganglia_form.submit()" fofa-query: body="ganglia_form.submit()" tags: cve,cve2024,xss,ganglia diff --git a/http/cves/2024/CVE-2024-5315.yaml b/http/cves/2024/CVE-2024-5315.yaml index 0fc42848a65..e668091f7e0 100644 --- a/http/cves/2024/CVE-2024-5315.yaml +++ b/http/cves/2024/CVE-2024-5315.yaml @@ -16,19 +16,17 @@ info: cvss-score: 9.1 cve-id: CVE-2024-5315 cwe-id: CWE-89 - epss-score: 0.35998 - epss-percentile: 0.96884 - cpe: cpe:2.3:a:dolibarr:dolibarr_erp\/crm:9.0.1:*:*:*:*:*:*:* + epss-score: 0.00043 + epss-percentile: 0.09367 + cpe: cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 + max-request: 1 + shodan-query: http.title:"Dolibarr" + product: dolibarr_erp\\/crm vendor: dolibarr - product: dolibarr_erp\/crm - shodan-query: - - http.title:"dolibarr" - - http.favicon.hash:"440258421" - fofa-query: icon_hash=440258421 tags: cve,cve2024,dolibarr,erp,sqli,authenticated + variables: username: "{{username}}" password: "{{password}}" diff --git a/http/cves/2024/CVE-2024-5334.yaml b/http/cves/2024/CVE-2024-5334.yaml index 62e2cd631ab..e3d46ef5e30 100644 --- a/http/cves/2024/CVE-2024-5334.yaml +++ b/http/cves/2024/CVE-2024-5334.yaml @@ -1,34 +1,32 @@ id: CVE-2024-5334 -info: - name: Devika - Local File Inclusion - author: nechyo,nukunga,harksu,olfloralo,gy741 - severity: high - description: | - A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshot_path' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with a malicious 'snapshot_path' parameter, leading to arbitrary file read from the system. This issue impacts the security of the application by allowing unauthorized access to sensitive files on the server. - impact: | - Successful exploitation could lead to unauthorized access to sensitive files and data. - remediation: | - Ensure input validation is implemented to prevent malicious file inclusions and use whitelists for allowed file paths. - reference: - - https://huntr.com/bounties/7eec128b-1bf5-4922-a95c-551ad3695cf6 - - https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2 - - https://nvd.nist.gov/vuln/detail/CVE-2024-5334 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2024-5334 - cwe-id: CWE-73 - epss-score: 0.09011 - epss-percentile: 0.92166 - metadata: - max-request: 1 - shodan-query: title:"Devika AI" - fofa-query: title="Devika AI" - tags: cve,cve2024,devika-ai,lfi - +info: + name: Devika - Local File Inclusion + author: nechyo,nukunga,harksu,olfloralo,gy741 + severity: high + description: | + A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshot_path' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with a malicious 'snapshot_path' parameter, leading to arbitrary file read from the system. This issue impacts the security of the application by allowing unauthorized access to sensitive files on the server. + impact: | + Successful exploitation could lead to unauthorized access to sensitive files and data. + remediation: | + Ensure input validation is implemented to prevent malicious file inclusions and use whitelists for allowed file paths. + reference: + - https://huntr.com/bounties/7eec128b-1bf5-4922-a95c-551ad3695cf6 + - https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2 + - https://nvd.nist.gov/vuln/detail/CVE-2024-5334 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2024-5334 + cwe-id: CWE-73 + epss-score: 0.00043 + epss-percentile: 0.09666 + metadata: + max-request: 1 + shodan-query: title:"Devika AI" + fofa-query: title="Devika AI" + tags: cve,cve2024,devika-ai,lfi + http: - raw: - | diff --git a/http/cves/2024/CVE-2024-53991.yaml b/http/cves/2024/CVE-2024-53991.yaml index 50652081156..6515625c966 100644 --- a/http/cves/2024/CVE-2024-53991.yaml +++ b/http/cves/2024/CVE-2024-53991.yaml @@ -19,9 +19,8 @@ info: epss-score: 0.00121 epss-percentile: 0.28736 metadata: - max-request: 2 shodan-query: http.component:"Discourse" - tags: cve,cve2024,discourse,disclosure,intrusive + tags: cve,cve2024,discourse,disclosure http: - raw: diff --git a/http/cves/2024/CVE-2024-5421.yaml b/http/cves/2024/CVE-2024-5421.yaml index 8ff1d459e0a..43bcaa38da6 100644 --- a/http/cves/2024/CVE-2024-5421.yaml +++ b/http/cves/2024/CVE-2024-5421.yaml @@ -19,7 +19,7 @@ info: verified: true max-request: 1 shodan-query: "SEH HTTP Server" - tags: seclists,cve,cve2024,utnserver,seh,exposure + tags: cve,cve2024,utnserver,seh,exposure http: - method: GET diff --git a/http/cves/2024/CVE-2024-54330.yaml b/http/cves/2024/CVE-2024-54330.yaml index 61763b6b73e..4c7b0551a9c 100644 --- a/http/cves/2024/CVE-2024-54330.yaml +++ b/http/cves/2024/CVE-2024-54330.yaml @@ -11,23 +11,23 @@ info: - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/hurrakify/hurrakify-24-unauthenticated-server-side-request-forgery - https://nvd.nist.gov/vuln/detail/CVE-2024-54330 - https://patchstack.com/database/wordpress/plugin/hurrakify/vulnerability/wordpress-hurrakify-plugin-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N cvss-score: 7.2 cve-id: CVE-2024-54330 cwe-id: CWE-918 - epss-score: 0.55838 - epss-percentile: 0.97929 + epss-score: 0.00043 + epss-percentile: 0.11007 metadata: verified: true max-request: 2 vendor: by_hep_hep_hurra product: hurrakify framework: wordpress - shodan-query: http.html:"wp-content/plugins/hurrakify" fofa-query: body="wp-content/plugins/hurrakify" - tags: cve,cve2024,wordpress,wp-plugin,hurrakify,ssrf,oob,oast,by_hep_hep_hurra + shodan-query: http.html:"wp-content/plugins/hurrakify" + tags: cve,cve2024,wordpress,wp-plugin,hurrakify,ssrf,oob,oast + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-54385.yaml b/http/cves/2024/CVE-2024-54385.yaml index a58252fce51..30983a5bed3 100644 --- a/http/cves/2024/CVE-2024-54385.yaml +++ b/http/cves/2024/CVE-2024-54385.yaml @@ -26,7 +26,7 @@ info: framework: wordpress shodan-query: http.html:"/wp-content/plugins/radio-player" fofa-query: body="/wp-content/plugins/radio-player" - tags: cve,cve2024,wordpress,wp,wp-plugin,radio-player,ssrf,softLab + tags: cve,cve2024,wordpress,wp,wp-plugin,radio-player,ssrf flow: http(1) && http(2) diff --git a/http/cves/2024/CVE-2024-54763.yaml b/http/cves/2024/CVE-2024-54763.yaml index 26e9044598a..28a5dac178f 100644 --- a/http/cves/2024/CVE-2024-54763.yaml +++ b/http/cves/2024/CVE-2024-54763.yaml @@ -19,10 +19,9 @@ info: max-request: 1 vendor: ipTIME product: A2004 - shodan-query: http.title:"iptime" - fofa-query: title="iptime" - google-query: intitle:"iptime" - tags: cve,cve2024,iptime,router,unauth,exposure,ipTIME + shodan-query: http.title:"ipTIME" + fofa-query: title="ipTIME" + tags: cve,cve2024,iptime,router,unauth,exposure http: - method: GET diff --git a/http/cves/2024/CVE-2024-54764.yaml b/http/cves/2024/CVE-2024-54764.yaml index dc52ccefddc..5f6f604eb9b 100644 --- a/http/cves/2024/CVE-2024-54764.yaml +++ b/http/cves/2024/CVE-2024-54764.yaml @@ -19,10 +19,9 @@ info: max-request: 1 vendor: ipTIME product: A2004 - shodan-query: http.title:"iptime" - fofa-query: title="iptime" - google-query: intitle:"iptime" - tags: cve,cve2024,iptime,router,unauth,exposure,ipTIME + shodan-query: http.title:"ipTIME" + fofa-query: title="ipTIME" + tags: cve,cve2024,iptime,router,unauth,exposure http: - method: GET diff --git a/http/cves/2024/CVE-2024-5488.yaml b/http/cves/2024/CVE-2024-5488.yaml index ec7765a72bb..0a5ff1c71ce 100644 --- a/http/cves/2024/CVE-2024-5488.yaml +++ b/http/cves/2024/CVE-2024-5488.yaml @@ -15,17 +15,13 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-5488 - cwe-id: CWE-502 - epss-score: 0.59702 - epss-percentile: 0.98115 - cpe: cpe:2.3:a:seopress:seopress:*:*:*:*:*:wordpress:*:* + epss-score: 0.00043 + epss-percentile: 0.09608 metadata: verified: true max-request: 3 - vendor: seopress - product: seopress - framework: wordpress - tags: wpscan,cve,cve2024,wp,wordpress,wp-plugin,seopress,auth-bypass,intrusive + tags: cve,cve2024,wp,wordpress,wp-plugin,seopress,auth-bypass + flow: http(1) && http(2) && http(3) variables: diff --git a/http/cves/2024/CVE-2024-55218.yaml b/http/cves/2024/CVE-2024-55218.yaml index 5c89db0a34a..17ce2f123bb 100644 --- a/http/cves/2024/CVE-2024-55218.yaml +++ b/http/cves/2024/CVE-2024-55218.yaml @@ -9,16 +9,13 @@ info: reference: - https://resources.s4e.io/blog/icewarp-server-10-2-1-reflected-xss-vulnerability-cve-2024-55218/ - https://nvd.nist.gov/vuln/detail/CVE-2024-55218 - - https://www.icewarp.com/ - - https://github.com/fkie-cad/nvd-json-data-feeds - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2024-55218 cwe-id: CWE-79 - epss-score: 0.04794 - epss-percentile: 0.88925 + epss-score: 0.00043 + epss-percentile: 0.11128 metadata: verified: true max-request: 1 diff --git a/http/cves/2024/CVE-2024-5522.yaml b/http/cves/2024/CVE-2024-5522.yaml index 1962a818f33..8292b917ffc 100644 --- a/http/cves/2024/CVE-2024-5522.yaml +++ b/http/cves/2024/CVE-2024-5522.yaml @@ -3,36 +3,28 @@ id: CVE-2024-5522 info: name: WordPress HTML5 Video Player < 2.5.27 - SQL Injection author: JohnDoeAnonITA - severity: medium + severity: critical description: | The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks remediation: Fixed in 2.5.27 reference: - https://wpscan.com/vulnerability/bc76ef95-a2a9-4185-8ed9-1059097a506a/ - https://nvd.nist.gov/vuln/detail/CVE-2024-5522 - - https://github.com/geniuszly/CVE-2024-5522 - - https://github.com/geniuszlyy/CVE-2024-5522 - - https://github.com/kryptonproject/CVE-2024-5522-PoC classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N - cvss-score: 6.5 - cve-id: CVE-2024-5522 + cvss-score: 9.8 cwe-id: CWE-89 - epss-score: 0.73098 - epss-percentile: 0.98693 - cpe: cpe:2.3:a:bplugins:html5_video_player:*:*:*:*:*:wordpress:*:* + cve-id: CVE-2024-5522 + epss-score: 0.04 + epss-percentile: 9 + cpe: cpe:2.3:a:bplugins:html5_video_player:*:*:*:*:wordpress:*:*:* metadata: verified: true max-request: 1 - vendor: bplugins - product: html5_video_player - framework: wordpress publicwww-query: "/wp-content/plugins/html5-video-player" - fofa-query: - - '"wordpress" && body="html5-video-player"' - - body=/wp-content/plugins/html5-video-player - shodan-query: http.html:"/wp-content/plugins/html5-video-player" - tags: wpscan,cve,cve2024,wordpress,wp-plugin,wp,sqli,html5-video-player,bplugins + product: html5_video_player + vendor: bplugins + tags: wpscan,cve,cve2024,wordpress,wp-plugin,wp,sqli,html5-video-player + variables: num: "999999999" diff --git a/http/cves/2024/CVE-2024-55415.yaml b/http/cves/2024/CVE-2024-55415.yaml index e2ec7a3f517..35facc835b9 100644 --- a/http/cves/2024/CVE-2024-55415.yaml +++ b/http/cves/2024/CVE-2024-55415.yaml @@ -3,7 +3,7 @@ id: CVE-2024-55415 info: name: DevDojo Voyager <=1.8.0 - Arbitrary File Read author: iamnoooob,rootxharsh,pdresearch - severity: medium + severity: high description: | DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass. reference: @@ -11,26 +11,16 @@ info: - https://github.com/thedevdojo/voyager/blob/1.6/src/Http/Controllers/VoyagerCompassController.php#L213 - https://github.com/thedevdojo/voyager/blob/1.6/src/Http/Controllers/VoyagerCompassController.php#L44 - https://nvd.nist.gov/vuln/detail/CVE-2024-55415 - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N - cvss-score: 5.7 cve-id: CVE-2024-55415 - cwe-id: CWE-22 - epss-score: 0.35701 - epss-percentile: 0.96865 - cpe: cpe:2.3:a:thecontrolgroup:voyager:*:*:*:*:*:laravel:*:* + epss-score: 0.00045 + epss-percentile: 0.1783 metadata: verified: true - max-request: 3 - vendor: thecontrolgroup - product: voyager - framework: laravel - shodan-query: - - http.title:"voyager" - - http.html:"voyager-assets" - fofa-query: body="voyager-assets" + max-request: 4 + shodan-query: title:"Voyager" tags: cve,cve2024,devdojo,voyager,lfr,lfi + variables: username: "admin@admin.com" password: "password" diff --git a/http/cves/2024/CVE-2024-55416.yaml b/http/cves/2024/CVE-2024-55416.yaml index 3abf3afb8a5..1faa06b5f4e 100644 --- a/http/cves/2024/CVE-2024-55416.yaml +++ b/http/cves/2024/CVE-2024-55416.yaml @@ -11,26 +11,17 @@ info: - https://github.com/thedevdojo/voyager/blob/1.6/resources/views/master.blade.php#L132 - https://github.com/thedevdojo/voyager/blob/1.6/src/Http/Controllers/VoyagerCompassController.php#L44 - https://nvd.nist.gov/vuln/detail/CVE-2024-55416 - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N - cvss-score: 3.5 cve-id: CVE-2024-55416 - cwe-id: CWE-79 - epss-score: 0.0014 - epss-percentile: 0.3532 - cpe: cpe:2.3:a:thecontrolgroup:voyager:*:*:*:*:*:laravel:*:* + epss-score: 0.00045 + epss-percentile: 0.1783 metadata: verified: true max-request: 4 - vendor: thecontrolgroup - product: voyager - framework: laravel - shodan-query: - - http.title:"voyager" - - http.html:"voyager-assets" - fofa-query: body="voyager-assets" + shodan-query: title:"Voyager" tags: cve,cve2024,devdojo,xss,authenticated + variables: username: "admin@admin.com" password: "password" diff --git a/http/cves/2024/CVE-2024-55457.yaml b/http/cves/2024/CVE-2024-55457.yaml index 5803ad76f2b..eb5a57ee3fd 100644 --- a/http/cves/2024/CVE-2024-55457.yaml +++ b/http/cves/2024/CVE-2024-55457.yaml @@ -3,21 +3,12 @@ id: CVE-2024-55457 info: name: MasterSAM Star Gate v11 - Local File Inclusion author: DhiyaneshDK - severity: medium + severity: high description: | MasterSAM Star Gate v11 is vulnerable to a directory traversal attack via the endpoint /adama/adama/downloadService. An attacker can exploit this vulnerability by manipulating the file parameter to access arbitrary files on the server, potentially leading to the exposure of sensitive information. reference: - https://github.com/h13nh04ng/CVE-2024-55457-PoC - https://x.com/cyber_advising/status/1876034270852231257 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N - cvss-score: 6.5 - cve-id: CVE-2024-55457 - cwe-id: CWE-22 - epss-score: 0.75763 - epss-percentile: 0.98829 metadata: verified: true max-request: 1 diff --git a/http/cves/2024/CVE-2024-55550.yaml b/http/cves/2024/CVE-2024-55550.yaml index 372cab97bfb..4fd90635cf6 100644 --- a/http/cves/2024/CVE-2024-55550.yaml +++ b/http/cves/2024/CVE-2024-55550.yaml @@ -3,7 +3,7 @@ id: CVE-2024-55550 info: name: Mitel MiCollab - Arbitary File Read author: DhiyaneshDk,watchTowr - severity: low + severity: critical description: | The Mitel Collab Arbitrary File Read vulnerability allows an unauthenticated attacker to read arbitrary files from the underlying file system on a Mitel Collab server. Exploiting this flaw involves sending specially crafted requests to the server, bypassing access controls and allowing the attacker to retrieve sensitive files. remediation: | @@ -12,29 +12,15 @@ info: - https://github.com/watchtowrlabs/Mitel-MiCollab-Auth-Bypass_CVE-2024-41713 - https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ - https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N - cvss-score: 2.7 - cve-id: CVE-2024-55550 - cwe-id: CWE-22 - epss-score: 0.15002 - epss-percentile: 0.94191 - cpe: cpe:2.3:a:mitel:micollab:*:*:*:*:*:-:*:* metadata: verified: true max-request: 2 vendor: mitel - product: micollab - framework: "-" - shodan-query: - - http.html:"mitel networks" - - http.html:"micollab end user portal" - fofa-query: - - body="mitel networks" - - body="micollab end user portal" + product: cmg_suite + shodan-query: http.html:"Mitel Networks" + fofa-query: body="mitel networks" tags: cve,cve2024,mitel,lfi,cmg-suite,auth-bypass,kev + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-55591.yaml b/http/cves/2024/CVE-2024-55591.yaml index 9db16318fe6..6683b988411 100644 --- a/http/cves/2024/CVE-2024-55591.yaml +++ b/http/cves/2024/CVE-2024-55591.yaml @@ -8,17 +8,13 @@ info: Fortinet FortiOS is vulnerable to an information disclosure via service-worker.js that could allow an attacker to access sensitive information.This vulnerability affects FortiOS and could potentially lead to unauthorized access to the system. reference: - https://github.com/watchtowrlabs/fortios-auth-bypass-poc-CVE-2024-55591/blob/main/CVE-2024-55591-PoC.py - - https://github.com/sysirq/fortios-auth-bypass-poc-CVE-2024-55591 - - https://github.com/tanjiti/sec_profile - - https://github.com/watchtowrlabs/fortios-auth-bypass-check-CVE-2024-55591 - - https://github.com/watchtowrlabs/fortios-auth-bypass-poc-CVE-2024-55591 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-55591 cwe-id: CWE-288,NVD-CWE-Other - epss-score: 0.94036 - epss-percentile: 0.99883 + epss-score: 0.88415 + epss-percentile: 0.99475 cpe: cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2024/CVE-2024-56145.yaml b/http/cves/2024/CVE-2024-56145.yaml index de70be0b4ca..67966edd843 100644 --- a/http/cves/2024/CVE-2024-56145.yaml +++ b/http/cves/2024/CVE-2024-56145.yaml @@ -22,8 +22,8 @@ info: cvss-score: 9.3 cve-id: CVE-2024-56145 cwe-id: CWE-94 - epss-score: 0.93039 - epss-percentile: 0.99768 + epss-score: 0.00043 + epss-percentile: 0.10941 cpe: cpe:2.3:a:craftcms:craft:*:*:*:*:*:*:*:* metadata: verified: true @@ -33,14 +33,12 @@ info: shodan-query: - http.html:"craftcms" - http.favicon.hash:"-47932290" - - http.title:"ilch" fofa-query: - icon_hash=-47932290 - body=craftcms - - title="ilch" publicwww-query: craftcms - google-query: intitle:"ilch" tags: cve,cve2024,rce,craftcms,ssti + variables: nonce: "{{rand_int(1000000000,9999999999)}}" diff --git a/http/cves/2024/CVE-2024-56512.yaml b/http/cves/2024/CVE-2024-56512.yaml index 02055d42c8f..bf06d1f68a6 100644 --- a/http/cves/2024/CVE-2024-56512.yaml +++ b/http/cves/2024/CVE-2024-56512.yaml @@ -17,7 +17,7 @@ info: epss-percentile: 0.11049 metadata: verified: true - max-request: 2 + max-request: 1 shodan-query: title:"Nifi" tags: cve,cve2024,nifi,exposure diff --git a/http/cves/2024/CVE-2024-57045.yaml b/http/cves/2024/CVE-2024-57045.yaml index 379a8093c27..3c708136107 100644 --- a/http/cves/2024/CVE-2024-57045.yaml +++ b/http/cves/2024/CVE-2024-57045.yaml @@ -15,12 +15,13 @@ info: cve-id: CVE-2024-57045 cwe-id: CWE-200 metadata: - verified: true max-request: 1 - vendor: D-Link + verified: true shodan-query: title:"D-Link" fofa-query: title="D-Link" - tags: cve,cve2024,dlink,disclosure,unauth,D-Link + vendor: D-Link + tags: cve,cve2024,dlink,disclosure,unauth + http: - raw: diff --git a/http/cves/2024/CVE-2024-57046.yaml b/http/cves/2024/CVE-2024-57046.yaml index b5385a6d9e1..f54d1452276 100644 --- a/http/cves/2024/CVE-2024-57046.yaml +++ b/http/cves/2024/CVE-2024-57046.yaml @@ -20,12 +20,9 @@ info: max-request: 2 vendor: Netgear product: DGN2200 - shodan-query: http.title:"dgn2200" - fofa-query: - - title="netgear dgn2200" - - title="dgn2200" - google-query: intitle:"dgn2200" - tags: cve,cve2024,netgear,router,auth-bypass,dgn2200,Netgear + shodan-query: http.title:"DGN2200" + fofa-query: title="NETGEAR DGN2200" + tags: cve,cve2024,netgear,router,auth-bypass,dgn2200 http: - raw: diff --git a/http/cves/2024/CVE-2024-57049.yaml b/http/cves/2024/CVE-2024-57049.yaml index 98f5411dc62..d28ccbde753 100644 --- a/http/cves/2024/CVE-2024-57049.yaml +++ b/http/cves/2024/CVE-2024-57049.yaml @@ -12,17 +12,14 @@ info: - https://github.com/Shuanunio/CVE_Requests/blob/main/TP-Link/archer%20c20/ACL%20bypass%20Vulnerability%20in%20TP-Link%20archer%20c20.md - https://nvd.nist.gov/vuln/detail/CVE-2024-57049 - https://github.com/advisories/GHSA-qr32-fcm4-m5h9 - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-57049 cwe-id: CWE-287 - epss-score: 0.28792 - epss-percentile: 0.96282 metadata: - verified: true max-request: 1 + verified: true fofa-query: body="Archer C20" tags: cve,cve2024,tp-link,auth-bypass,archer-c20 diff --git a/http/cves/2024/CVE-2024-57050.yaml b/http/cves/2024/CVE-2024-57050.yaml index 9fb6fe1311c..ce1ea0abf5b 100644 --- a/http/cves/2024/CVE-2024-57050.yaml +++ b/http/cves/2024/CVE-2024-57050.yaml @@ -9,14 +9,13 @@ info: reference: - https://github.com/Shuanunio/CVE_Requests/blob/main/TP-Link/WR840N%20v6/ACL%20bypass%20Vulnerability%20in%20TP-Link%20TL-WR840N.md - https://nvd.nist.gov/vuln/detail/CVE-2024-57050 - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-57050 cwe-id: CWE-287 - epss-score: 0.39579 - epss-percentile: 0.97105 + epss-score: 0.00043 + epss-percentile: 0.1187 metadata: verified: true max-request: 1 diff --git a/http/cves/2024/CVE-2024-57514.yaml b/http/cves/2024/CVE-2024-57514.yaml index b25211ee151..909a3ef9afe 100644 --- a/http/cves/2024/CVE-2024-57514.yaml +++ b/http/cves/2024/CVE-2024-57514.yaml @@ -20,7 +20,7 @@ info: max-request: 1 vendor: tp-link product: tp-link-archer-a20-v3-router - tags: cve,cve2024,tplink,router,xss,tp-link + tags: cve,cve2024,tplink,router,xss http: - method: GET diff --git a/http/cves/2024/CVE-2024-5765.yaml b/http/cves/2024/CVE-2024-5765.yaml index 76cdea3cc2f..0d043353986 100644 --- a/http/cves/2024/CVE-2024-5765.yaml +++ b/http/cves/2024/CVE-2024-5765.yaml @@ -14,10 +14,11 @@ info: cve-id: CVE-2024-5765 cwe-id: CWE-89 metadata: - verified: true max-request: 2 + verified: true fofa-query: body="/plugins/wpstickybar-sticky-bar-sticky-header" tags: time-based-sqli,cve,cve2024,sqli,wpscan,wordpress,wp-plugin,wp,wpstickybar,unauth + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-57727.yaml b/http/cves/2024/CVE-2024-57727.yaml index 002feb0f308..8670d71603d 100644 --- a/http/cves/2024/CVE-2024-57727.yaml +++ b/http/cves/2024/CVE-2024-57727.yaml @@ -9,24 +9,21 @@ info: reference: - https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier - https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/ - - https://github.com/cyb3r-w0lf/nuclei-template-collection - - https://github.com/imjdl/CVE-2024-57727 - - https://github.com/nvn1729/advisories classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-57727 cwe-id: CWE-22 - epss-score: 0.93456 - epss-percentile: 0.99809 + epss-score: 0.0009 + epss-percentile: 0.401 cpe: cpe:2.3:a:simple-help:simplehelp:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: simple-help product: simplehelp - shodan-query: http.html:"simplehelp" - tags: cvec,simplehelp,lfi,kev,cve2024,cve,simple-help + shodan-query: html:"SimpleHelp" + tags: cvec,cve2024,simplehelp,lfi,kev http: - raw: diff --git a/http/cves/2024/CVE-2024-5827.yaml b/http/cves/2024/CVE-2024-5827.yaml index 0ee22ea1154..ba5504148ca 100644 --- a/http/cves/2024/CVE-2024-5827.yaml +++ b/http/cves/2024/CVE-2024-5827.yaml @@ -11,19 +11,19 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2024-5827 - https://huntr.com/bounties/e4e64a51-618b-41d0-8f56-1d2146d8825e - https://github.com/fkie-cad/nvd-json-data-feeds - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-5827 cwe-id: CWE-434 - epss-score: 0.46228 - epss-percentile: 0.97481 + epss-score: 0.00043 + epss-percentile: 0.09524 metadata: verified: true max-request: 2 fofa-query: body='vanna.ai' tags: cve,cve2024,vanna,sqli + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-5910.yaml b/http/cves/2024/CVE-2024-5910.yaml index 1963166e6fb..04780abf999 100644 --- a/http/cves/2024/CVE-2024-5910.yaml +++ b/http/cves/2024/CVE-2024-5910.yaml @@ -11,8 +11,8 @@ info: - https://security.paloaltonetworks.com/CVE-2024-5910 - https://nvd.nist.gov/vuln/detail/CVE-2024-5910 classification: - cvss-score: 9.3 cve-id: CVE-2024-5910 + cvss-score: 9.3 cwe-id: CWE-306 epss-score: 0.00043 epss-percentile: 0.10397 @@ -21,9 +21,8 @@ info: max-request: 1 vendor: paloaltonetworks product: expedition - shodan-query: http.favicon.hash:"1499876150" - fofa-query: icon_hash=1499876150 - tags: cve,cve2024,palo-alto,auth-bypass,kev,paloaltonetworks + shodan-query: http.favicon.hash:1499876150 + tags: cve,cve2024,palo-alto,auth-bypass,kev http: - method: GET diff --git a/http/cves/2024/CVE-2024-5932.yaml b/http/cves/2024/CVE-2024-5932.yaml index be7c1bfb1f7..775a1db2cac 100644 --- a/http/cves/2024/CVE-2024-5932.yaml +++ b/http/cves/2024/CVE-2024-5932.yaml @@ -18,12 +18,12 @@ info: - https://www.rcesecurity.com/2024/08/wordpress-givewp-pop-to-rce-cve-2024-5932/ - https://thehackernews.com/2024/08/givewp-wordpress-plugin-vulnerability.html classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2024-5932 cwe-id: CWE-502 - epss-score: 0.94104 - epss-percentile: 0.99893 + epss-score: 0.00178 + epss-percentile: 0.55631 cpe: cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -32,9 +32,8 @@ info: product: givewp framework: wordpress publicwww-query: "/wp-content/plugins/give/" - shodan-query: http.html:"/wp-content/plugins/give/" - fofa-query: body=/wp-content/plugins/give/ tags: cve,cve2024,rce,wp,wp-plugin,wordpress,oast,givewp + flow: http(1) && http(2) && http(3) variables: diff --git a/http/cves/2024/CVE-2024-5936.yaml b/http/cves/2024/CVE-2024-5936.yaml index 18606ae25ff..2c4849460a7 100644 --- a/http/cves/2024/CVE-2024-5936.yaml +++ b/http/cves/2024/CVE-2024-5936.yaml @@ -18,8 +18,8 @@ info: metadata: verified: true max-request: 1 - product: private-gpt shodan-query: html:"private gpt" + product: private-gpt tags: cve2024,cve,private-gpt,redirect http: diff --git a/http/cves/2024/CVE-2024-5947.yaml b/http/cves/2024/CVE-2024-5947.yaml index 2b46617bb37..d8adbac7322 100644 --- a/http/cves/2024/CVE-2024-5947.yaml +++ b/http/cves/2024/CVE-2024-5947.yaml @@ -10,23 +10,14 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2024-5947 - https://packetstormsecurity.com/files/179342/Deep-Sea-Electronics-DSE855-Remote-Authentication-Bypass.html - https://www.zerodayinitiative.com/advisories/ZDI-24-671/ - - https://github.com/20142995/nuclei-templates - - https://github.com/Cappricio-Securities/CVE-2024-5947 - classification: - cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 6.5 - cve-id: CVE-2024-5947 - cwe-id: CWE-306 - epss-score: 0.6124 - epss-percentile: 0.98187 - cpe: cpe:2.3:o:deepseaelectronics:dse855_firmware:1.1.0:*:*:*:*:*:*:* metadata: verified: "true" - max-request: 2 - vendor: deepseaelectronics - product: dse855_firmware + max-request: 1 + vendor: Deep Sea Electronics + product: DSE855 fofa-query: "Deep Sea Electronics" - tags: packetstorm,cve,cve2024,bypass,info-leak,Deep Sea Electronics + tags: packetstorm,cve,cve2024,bypass,info-leak + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-5975.yaml b/http/cves/2024/CVE-2024-5975.yaml index 40c45c2d1a7..e7378768d69 100644 --- a/http/cves/2024/CVE-2024-5975.yaml +++ b/http/cves/2024/CVE-2024-5975.yaml @@ -17,14 +17,12 @@ info: epss-score: 0.00043 epss-percentile: 0.09404 metadata: - max-request: 2 - vendor: "team-contriverz" - product: "cz-loan-management" + vendor: team-contriverz + product: cz-loan-management framework: wordpress publicwww-query: "/wp-content/plugins/cz-loan-management" - shodan-query: http.html:"/wp-content/plugins/cz-loan-management" - fofa-query: body=/wp-content/plugins/cz-loan-management - tags: time-based-sqli,cve,cve2024,wpscan,wp-plugin,wordpress,wp,cz-loan-management,sqli,team-contriverz + tags: time-based-sqli,cve,cve2024,wpscan,wp-plugin,wordpress,wp,cz-loan-management + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-6028.yaml b/http/cves/2024/CVE-2024-6028.yaml index 91407db3472..31ccfc31476 100644 --- a/http/cves/2024/CVE-2024-6028.yaml +++ b/http/cves/2024/CVE-2024-6028.yaml @@ -19,12 +19,10 @@ info: metadata: verified: true max-request: 1 - vendor: ays-pro - product: quiz_maker publicwww-query: "/wp-content/plugins/quiz-maker/" - shodan-query: http.html:"/wp-content/plugins/quiz-maker/" - fofa-query: body=/wp-content/plugins/quiz-maker/ - tags: time-based-sqli,cve,cve2024,wordpress,wp,wp-plugin,quiz-maker,sqli,ays-pro + product: quiz_maker + vendor: ays-pro + tags: time-based-sqli,cve,cve2024,wordpress,wp,wp-plugin,quiz-maker,sqli http: - raw: diff --git a/http/cves/2024/CVE-2024-6049.yaml b/http/cves/2024/CVE-2024-6049.yaml index b9f6a304de9..8c597a1200a 100644 --- a/http/cves/2024/CVE-2024-6049.yaml +++ b/http/cves/2024/CVE-2024-6049.yaml @@ -17,11 +17,12 @@ info: cvss-score: 7.5 cve-id: CVE-2024-6049 cwe-id: CWE-32 - epss-score: 0.74231 - epss-percentile: 0.98756 + epss-score: 0.00043 + epss-percentile: 0.09833 metadata: max-request: 2 - tags: packetstorm,cve,cve2024,lawo,vtimesync,lfi + tags: cve,cve2024,lawo,vtimesync,lfi + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-6095.yaml b/http/cves/2024/CVE-2024-6095.yaml index 67a29d6f3fd..8ebd482d65d 100644 --- a/http/cves/2024/CVE-2024-6095.yaml +++ b/http/cves/2024/CVE-2024-6095.yaml @@ -23,11 +23,9 @@ info: max-request: 2 vendor: mudler product: localai - shodan-query: http.favicon.hash:"-976853304" - fofa-query: - - icon_hash=-976853304 - - localai api + shodan-query: http.favicon.hash:-976853304 tags: cve,cve2024,localai,mudler,lfi + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-6159.yaml b/http/cves/2024/CVE-2024-6159.yaml index 35c7154493c..68639a5097b 100644 --- a/http/cves/2024/CVE-2024-6159.yaml +++ b/http/cves/2024/CVE-2024-6159.yaml @@ -18,7 +18,7 @@ info: max-request: 2 framework: wordpress publicwww-query: "/wp-content/plugins/push-notification-for-post-and-buddypress" - tags: time-based-sqli,cve,cve2024,wpscan,wp-plugin,wordpress,push-notification,sqli + tags: time-based-sqli,cve,cve2024,wpscan,wp-plugin,wordpress,push-notification flow: http(1) && http(2) diff --git a/http/cves/2024/CVE-2024-6188.yaml b/http/cves/2024/CVE-2024-6188.yaml index e6ce968c921..4d293101ec3 100644 --- a/http/cves/2024/CVE-2024-6188.yaml +++ b/http/cves/2024/CVE-2024-6188.yaml @@ -12,20 +12,12 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2024-6188 - https://www.incibe.es/en/incibe-cert/early-warning/vulnerabilities/cve-2024-6188 - https://debricked.com/vulnerability-database/vulnerability/CVE-2024-6188 - - https://vuldb.com/?ctiid.269159 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 - cve-id: CVE-2024-6188 - cwe-id: CWE-425 - epss-score: 0.20548 - epss-percentile: 0.9524 metadata: verified: true max-request: 1 vendor: parsec-automation product: tracksys - tags: cve,cve2024,traksys,idor,info-leak,parsec-automation + tags: cve,cve2024,traksys,idor,info-leak http: - raw: diff --git a/http/cves/2024/CVE-2024-6205.yaml b/http/cves/2024/CVE-2024-6205.yaml index d0b240f91af..ca26d54f0ce 100644 --- a/http/cves/2024/CVE-2024-6205.yaml +++ b/http/cves/2024/CVE-2024-6205.yaml @@ -11,23 +11,20 @@ info: - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/payplus-payment-gateway/payplus-payment-gateway-668-unauthenticated-sql-injection - https://wpscan.com/vulnerability/7e2c5032-2917-418c-aee3-092bdb78a087 - https://nvd.nist.gov/vuln/detail/CVE-2024-6205 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyberdyne-ventures/predictions classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-6205 cwe-id: CWE-89 - epss-score: 0.86625 - epss-percentile: 0.99364 - cpe: cpe:2.3:a:payplus:payplus_payment_gateway:*:*:*:*:*:wordpress:*:* + epss-score: 0.00043 + epss-percentile: 0.09301 metadata: max-request: 1 - vendor: payplus - product: payplus_payment_gateway + vendor: payplus-ltd + product: payplus-payment-gateway framework: wordpress publicwww-query: "/wp-content/plugins/payplus-payment-gateway" - tags: time-based-sqli,wpscan,cve,cve2024,sqli,wordpress,wp-plugin,wp,payplus-payment,payplus-ltd + tags: time-based-sqli,wpscan,cve,cve2024,sqli,wordpress,wp-plugin,wp,payplus-payment http: - raw: diff --git a/http/cves/2024/CVE-2024-6289.yaml b/http/cves/2024/CVE-2024-6289.yaml index 6173b296592..71d88f4d312 100644 --- a/http/cves/2024/CVE-2024-6289.yaml +++ b/http/cves/2024/CVE-2024-6289.yaml @@ -16,14 +16,13 @@ info: epss-percentile: 0.09266 metadata: verified: true - max-request: 2 + max-request: 1 vendor: wpserveur - product: "wps_hide_login" + product: wps_hide_login framework: wordpress publicwww-query: "/wp-content/plugins/wps-hide-login/" - shodan-query: http.html:"/wp-content/plugins/wps-hide-login/" - fofa-query: body=/wp-content/plugins/wps-hide-login/ - tags: cve,cve2024,bypass,wp-plugin,wpscan,wordpress,wps-hide-login,wpserveur + tags: cve,cve2024,bypass,wp-plugin,wpscan,wordpress,wps-hide-login + flow: http(1) && http(2) variables: diff --git a/http/cves/2024/CVE-2024-6366.yaml b/http/cves/2024/CVE-2024-6366.yaml index 3c0d45835c9..f6ce34fafa4 100644 --- a/http/cves/2024/CVE-2024-6366.yaml +++ b/http/cves/2024/CVE-2024-6366.yaml @@ -15,14 +15,12 @@ info: epss-score: 0.00043 epss-percentile: 0.09351 metadata: - max-request: 2 vendor: cozmoslabs - product: "user-profile-builder" + product: user-profile-builder framework: wordpress publicwww-query: "/wp-content/plugins/profile-builder" - shodan-query: http.html:"/wp-content/plugins/profile-builder" - fofa-query: body=/wp-content/plugins/profile-builder - tags: cve,cve2024,wpscan,file-upload,instrusive,wp-plugin,wordpress,wp,profile-builder,cozmoslabs,intrusive + tags: cve,cve2024,wpscan,file-upload,instrusive,wp-plugin,wordpress,wp,profile-builder + flow: http(1) && http(2) variables: diff --git a/http/cves/2024/CVE-2024-6396.yaml b/http/cves/2024/CVE-2024-6396.yaml index 33fe2cea645..8ff9f4ff03a 100644 --- a/http/cves/2024/CVE-2024-6396.yaml +++ b/http/cves/2024/CVE-2024-6396.yaml @@ -6,25 +6,20 @@ info: severity: critical description: | A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution. - reference: - - https://huntr.com/bounties/c1b17afd-4656-47bb-8310-686a9e1b04a0 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-6396 cwe-id: CWE-29 - epss-score: 0.80159 - epss-percentile: 0.99049 cpe: cpe:2.3:a:aimstack:aim:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 3 - vendor: aimstack - product: aim + verified: true fofa-query: icon_hash="-1047157256" - shodan-query: http.favicon.hash:"-1047157256" - tags: cve,cve2024,aim,aimhubio,file-write,aimstack + product: aim + vendor: aimstack + tags: cve,cve2024,aim,aimhubio,file-write + variables: filename: "{{rand_base(7)}}" args: "{{ concat(hex_decode('000000000001000000060a000000fe0000000000000000fe004b000000042e2e2f2e2e2f2e2e2f2e2e2f7573722f6c6f63616c2f6c69622f707974686f6e332e392f736974652d7061636b616765732f61696d5f75692f6275696c642f'),filename, hex_decode('2e747874')) }}" diff --git a/http/cves/2024/CVE-2024-6460.yaml b/http/cves/2024/CVE-2024-6460.yaml index 0fb5b1188c4..1134845262b 100644 --- a/http/cves/2024/CVE-2024-6460.yaml +++ b/http/cves/2024/CVE-2024-6460.yaml @@ -19,8 +19,8 @@ info: vendor: WordPress product: tradedoubler-affiliate-tracker fofa-query: body="wp-content/plugins/tradedoubler-affiliate-tracker/" - shodan-query: http.html:"wp-content/plugins/tradedoubler-affiliate-tracker/" - tags: wpscan,cve,cve2024,wp,wordpress,wp-plugin,lfi,tradedoubler-affiliate-tracker,WordPress + tags: cve,cve2024,wp,wordpress,wp-plugin,lfi,tradedoubler-affiliate-tracker + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-6517.yaml b/http/cves/2024/CVE-2024-6517.yaml index caa8bec3399..e0ab8fa423d 100644 --- a/http/cves/2024/CVE-2024-6517.yaml +++ b/http/cves/2024/CVE-2024-6517.yaml @@ -9,25 +9,23 @@ info: reference: - https://wpscan.com/vulnerability/d04bab9c-7cb4-4d21-b70b-a4a7fabc3c20/ - https://nvd.nist.gov/vuln/detail/CVE-2024-6517 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection - - https://github.com/fkie-cad/nvd-json-data-feeds classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2024-6517 cwe-id: CWE-79 - epss-score: 0.01349 - epss-percentile: 0.79101 + epss-score: 0.00043 + epss-percentile: 0.09608 cpe: cpe:2.3:a:dotsquares:contact_form_7_math_captcha:*:*:*:*:*:wordpress:*:* metadata: verified: true max-request: 2 - vendor: dotsquares - product: contact_form_7_math_captcha + vendor: dotsquares-wpteam + product: ds-cf7-math-captcha framework: wordpress publicwww-query: "/wp-content/plugins/ds-cf7-math-captcha" - tags: wpscan,cve,cve2024,wp,wordpress,wp-plugin,xss,ds-cf7-math-captcha,dotsquares-wpteam + tags: cve,cve2024,wp,wordpress,wp-plugin,xss,ds-cf7-math-captcha + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-6586.yaml b/http/cves/2024/CVE-2024-6586.yaml index db6b65ab697..b9d77a028c8 100644 --- a/http/cves/2024/CVE-2024-6586.yaml +++ b/http/cves/2024/CVE-2024-6586.yaml @@ -9,26 +9,20 @@ info: reference: - https://github.com/google/security-research/security/advisories/GHSA-4h7x-6vxh-7hjf - https://nvd.nist.gov/vuln/detail/CVE-2024-6586 - - https://github.com/lightdash/lightdash - - https://github.com/lightdash/lightdash/pull/9295 - - https://github.com/lightdash/lightdash/releases/tag/0.1027.2 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N cvss-score: 7.3 cve-id: CVE-2024-6586 cwe-id: CWE-201 - epss-score: 0.15049 - epss-percentile: 0.94202 cpe: cpe:2.3:a:lightdash:lightdash:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 5 + verified: true + shodan-query: title:"Lightdash" vendor: lightdash product: lightdash - shodan-query: http.title:"lightdash" - fofa-query: title="lightdash" - google-query: intitle:"lightdash" tags: cve,cve2024,lightdash,ssrf,oast,authenticated + flow: http(1) && http(2) && http(3) && http(4) && http(5) variables: diff --git a/http/cves/2024/CVE-2024-6587.yaml b/http/cves/2024/CVE-2024-6587.yaml index e35f26b4785..76951cd7710 100644 --- a/http/cves/2024/CVE-2024-6587.yaml +++ b/http/cves/2024/CVE-2024-6587.yaml @@ -9,22 +9,9 @@ info: reference: - https://huntr.com/bounties/4001e1a2-7b7a-4776-a3ae-e6692ec3d997 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6587 - - https://github.com/fkie-cad/nvd-json-data-feeds - - https://github.com/lambdasawa/_lambdasawa - - https://github.com/lambdasawa/lambdasawa - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cve-id: CVE-2024-6587 - cwe-id: CWE-918 - epss-score: 0.44491 - epss-percentile: 0.97391 - cpe: cpe:2.3:a:litellm:litellm:1.38.10:*:*:*:*:*:*:* metadata: verified: true max-request: 1 - vendor: litellm - product: litellm shodan-query: http.favicon.hash:439373620 tags: cve,cve2024,ssrf,openai,litellm diff --git a/http/cves/2024/CVE-2024-6646.yaml b/http/cves/2024/CVE-2024-6646.yaml index a8b36ca09f7..d5c6a580c2d 100644 --- a/http/cves/2024/CVE-2024-6646.yaml +++ b/http/cves/2024/CVE-2024-6646.yaml @@ -17,14 +17,13 @@ info: cvss-score: 5.3 cve-id: CVE-2024-6646 cwe-id: CWE-200 - epss-score: 0.92124 - epss-percentile: 0.99688 + epss-score: 0.00045 + epss-percentile: 0.16001 cpe: cpe:2.3:h:netgear:wn604:*:*:*:*:*:*:*:* metadata: - max-request: 1 - vendor: netgear + fofa-query: title=="Netgear" product: wn604 - fofa-query: title=="netgear" + vendor: netgear tags: cve,cve2024,netgear http: diff --git a/http/cves/2024/CVE-2024-6651.yaml b/http/cves/2024/CVE-2024-6651.yaml index 4484c23c3ee..159f11359c7 100644 --- a/http/cves/2024/CVE-2024-6651.yaml +++ b/http/cves/2024/CVE-2024-6651.yaml @@ -3,29 +3,24 @@ id: CVE-2024-6651 info: name: WordPress File Upload Plugin < 4.24.8 - Cross-Site Scripting author: ritikchaddha - severity: medium + severity: high description: | The WordPress File Upload plugin before version 4.24.8 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'dir' parameter in the file browser page before outputting it back, which could allow attackers to execute arbitrary JavaScript code in an administrator's browser context. reference: - https://wpscan.com/vulnerability/65e2c77d-09bd-4a44-81d9-d7a5db0e0f84 - https://nvd.nist.gov/vuln/detail/CVE-2024-6651 - - https://github.com/20142995/nuclei-templates - - https://github.com/fkie-cad/nvd-json-data-feeds classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N + cvss-score: 7.1 cve-id: CVE-2024-6651 cwe-id: CWE-79 - epss-score: 0.0185 - epss-percentile: 0.82087 - cpe: cpe:2.3:a:iptanus:wordpress_file_upload:*:*:*:*:*:wordpress:*:* metadata: max-request: 3 - vendor: iptanus - product: wordpress_file_upload - framework: wordpress + vendor: WordPress + product: wp-file-upload fofa-query: body='wp-content/plugins/wp-file-upload/' - tags: wpscan,cve,cve2024,wp,wordpress,wp-plugin,xss,wp-file-upload,authenticated,WordPress + tags: cve,cve2024,wp,wordpress,wp-plugin,xss,wp-file-upload,authenticated + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-6670.yaml b/http/cves/2024/CVE-2024-6670.yaml index bbdd7e9324c..a1ecd4eb5d5 100644 --- a/http/cves/2024/CVE-2024-6670.yaml +++ b/http/cves/2024/CVE-2024-6670.yaml @@ -20,17 +20,12 @@ info: cpe: cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 5 + max-request: 4 + shodan-query: title:"WhatsUp Gold" http.favicon.hash:-2107233094 + product: whatsup_gold vendor: progress - product: "whatsup_gold" - shodan-query: - - http.title:"whatsup gold" http.favicon.hash:-2107233094 - - http.html:"whatsup gold" - fofa-query: - - body="whatsup gold" - - title="whatsup gold" http.favicon.hash:-2107233094 - google-query: intitle:"whatsup gold" http.favicon.hash:-2107233094 - tags: cve,cve2024,whatsup-gold,auth-bypass,sqli,intrusive,kev,progress + tags: cve,cve2024,whatsup-gold,auth-bypass,sqli,intrusive,kev + flow: | http(1); http(2); diff --git a/http/cves/2024/CVE-2024-6746.yaml b/http/cves/2024/CVE-2024-6746.yaml index 7274c6b1941..2971d6c5d18 100644 --- a/http/cves/2024/CVE-2024-6746.yaml +++ b/http/cves/2024/CVE-2024-6746.yaml @@ -17,15 +17,14 @@ info: cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 4.3 cve-id: CVE-2024-6746 - cwe-id: CWE-24,CWE-22 - epss-score: 0.69642 - epss-percentile: 0.98551 - cpe: cpe:2.3:a:easyspider:easyspider:0.6.2:*:*:*:*:*:*:* + cwe-id: CWE-24 + epss-score: 0.00045 + epss-percentile: 0.1594 metadata: - max-request: 2 - vendor: easyspider + vendor: naibowang product: easyspider - tags: cve,cve2024,lfi,network,naibowang + tags: cve,cve2024,lfi,network + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-6781.yaml b/http/cves/2024/CVE-2024-6781.yaml index 807433a8bb7..8ffa42ef2d2 100644 --- a/http/cves/2024/CVE-2024-6781.yaml +++ b/http/cves/2024/CVE-2024-6781.yaml @@ -12,14 +12,12 @@ info: cpe: cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 vendor: calibre-ebook product: calibre - shodan-query: http.html:"calibre" - fofa-query: - - "server: calibre" - - body="calibre" - tags: cve,cve2024,calibre,lfi,calibre-ebook + shodan-query: html:"Calibre" + fofa-query: "Server: calibre" + max-request: 2 + tags: cve,cve2024,calibre,lfi http: - raw: diff --git a/http/cves/2024/CVE-2024-6782.yaml b/http/cves/2024/CVE-2024-6782.yaml index fea81771510..4f25cf70731 100644 --- a/http/cves/2024/CVE-2024-6782.yaml +++ b/http/cves/2024/CVE-2024-6782.yaml @@ -12,14 +12,12 @@ info: cpe: cpe:2.3:a:calibre-ebook:calibre:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 vendor: calibre-ebook product: calibre - shodan-query: http.html:"calibre" - fofa-query: - - "server: calibre" - - body="calibre" - tags: cve,cve2024,calibre,rce,calibre-ebook + shodan-query: html:"Calibre" + fofa-query: "Server: calibre" + max-request: 2 + tags: cve,cve2024,calibre,rce http: - raw: diff --git a/http/cves/2024/CVE-2024-6842.yaml b/http/cves/2024/CVE-2024-6842.yaml index 53eb431e0b2..37075899877 100644 --- a/http/cves/2024/CVE-2024-6842.yaml +++ b/http/cves/2024/CVE-2024-6842.yaml @@ -11,24 +11,18 @@ info: reference: - https://huntr.com/bounties/cd911fc7-ac6b-4974-acd0-9cc926fa8d9e - https://nvd.nist.gov/vuln/detail/CVE-2024-6842 - - https://github.com/mintplex-labs/anything-llm/commit/8b1ceb30c159cf3a10efa16275bc6849d84e4ea8 - - https://github.com/20142995/nuclei-templates classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-6842 cwe-id: CWE-200 - epss-score: 0.1036 - epss-percentile: 0.92788 metadata: - verified: true max-request: 1 + verified: true vendor: Mintplex Labs product: anything-llm - shodan-query: http.title:"anythingllm" - fofa-query: title="anythingllm" - google-query: intitle:"anythingllm" - tags: cve,cve2024,unauth,exposure,anything-llm,mintplex-Labs,Mintplex Labs + shodan-query: title:"AnythingLLM" + tags: cve,cve2024,unauth,exposure,anything-llm,mintplex-Labs http: - method: GET diff --git a/http/cves/2024/CVE-2024-6845.yaml b/http/cves/2024/CVE-2024-6845.yaml index 60f9ba0cdc2..36000312071 100644 --- a/http/cves/2024/CVE-2024-6845.yaml +++ b/http/cves/2024/CVE-2024-6845.yaml @@ -10,27 +10,16 @@ info: reference: - https://wpscan.com/vulnerability/cfaaa843-d89e-42d4-90d9-988293499d26/ - https://nvd.nist.gov/vuln/detail/CVE-2024-6845 - - https://github.com/fkie-cad/nvd-json-data-feeds - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 - cve-id: CVE-2024-6845 - cwe-id: CWE-862 - epss-score: 0.03199 - epss-percentile: 0.86379 - cpe: cpe:2.3:a:smartsearchwp:smartsearchwp:*:*:*:*:*:wordpress:*:* metadata: - verified: true max-request: 2 - vendor: smartsearchwp + verified: true + vendor: webdigit product: smartsearchwp framework: wordpress - fofa-query: body="/wp-content/plugins/smartsearchwp" publicwww-query: "/wp-content/plugins/smartsearchwp" - shodan-query: http.html:"/wp-content/plugins/smartsearchwp" - tags: wpscan,cve,cve2024,exposure,wp,wordpress,wp-plugin,smartsearchwp,webdigit + fofa-query: body="/wp-content/plugins/smartsearchwp" + tags: cve,cve2024,exposure,wp,wordpress,wp-plugin,smartsearchwp + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-6846.yaml b/http/cves/2024/CVE-2024-6846.yaml index e9bafb191eb..a0bba931b73 100644 --- a/http/cves/2024/CVE-2024-6846.yaml +++ b/http/cves/2024/CVE-2024-6846.yaml @@ -9,25 +9,19 @@ info: reference: - https://wpscan.com/vulnerability/d48fdab3-669c-4870-a2f9-6c39a7c25fd8/ - https://nvd.nist.gov/vuln/detail/CVE-2024-6846 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection - - https://github.com/fkie-cad/nvd-json-data-feeds classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N cvss-score: 5.3 cve-id: CVE-2024-6846 - epss-score: 0.00958 - epss-percentile: 0.75327 - cpe: cpe:2.3:a:webdigit:chatbot_with_chatgpt:*:*:*:*:*:wordpress:*:* metadata: - verified: true max-request: 1 + verified: true vendor: webdigit - product: chatbot_with_chatgpt + product: smartsearchwp framework: wordpress - fofa-query: body="/wp-content/plugins/smartsearchwp" publicwww-query: "/wp-content/plugins/smartsearchwp" - tags: wpscan,cve,cve2024,wp,wordpress,wp-plugin,smartsearchwp,chatgpt,webdigit + fofa-query: body="/wp-content/plugins/smartsearchwp" + tags: wpscan,cve,cve2024,wp,wordpress,wp-plugin,smartsearchwp,chatgpt http: - raw: diff --git a/http/cves/2024/CVE-2024-6886.yaml b/http/cves/2024/CVE-2024-6886.yaml index 27d33dc4fda..3abb6ca960e 100644 --- a/http/cves/2024/CVE-2024-6886.yaml +++ b/http/cves/2024/CVE-2024-6886.yaml @@ -9,37 +9,19 @@ info: reference: - https://www.exploit-db.com/exploits/52077 - https://nvd.nist.gov/vuln/detail/CVE-2024-6886 - - https://blog.gitea.com/release-of-1.22.1/ - - https://github.com/go-gitea/gitea/pull/31200 - - https://github.com/20142995/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L cvss-score: 6.7 cve-id: CVE-2024-6886 cwe-id: CWE-79 - epss-score: 0.07252 - epss-percentile: 0.91131 cpe: cpe:2.3:a:gitea:gitea:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 5 + max-request: 4 vendor: gitea product: gitea - shodan-query: - - cpe:"cpe:2.3:a:gitea:gitea" - - http.html:"powered by gitea version" - - http.html:"powered by gitea" - - http.title:"gitea" - - 'http.title:"installation - gitea: git with a cup of tea"' - fofa-query: - - body="powered by gitea version" - - body="powered by gitea" - - title="gitea" - - 'title="installation - gitea: git with a cup of tea"' - google-query: - - intitle:"gitea" - - 'intitle:"installation - gitea: git with a cup of tea"' tags: cve,cve2024,gitea,xss,authenticated + variables: username: "{{username}}" password: "{{password}}" diff --git a/http/cves/2024/CVE-2024-6892.yaml b/http/cves/2024/CVE-2024-6892.yaml index 28e0ee7e4f6..f619b69f787 100644 --- a/http/cves/2024/CVE-2024-6892.yaml +++ b/http/cves/2024/CVE-2024-6892.yaml @@ -23,7 +23,7 @@ info: max-request: 1 vendor: journyx product: journyx - shodan-query: http.html:"journyx" + shodan-query: html:"Journyx" tags: cve,cve2024,xss,journyx,seclists http: diff --git a/http/cves/2024/CVE-2024-6893.yaml b/http/cves/2024/CVE-2024-6893.yaml index 74006742fac..3eb8866bbf3 100644 --- a/http/cves/2024/CVE-2024-6893.yaml +++ b/http/cves/2024/CVE-2024-6893.yaml @@ -11,23 +11,18 @@ info: - https://korelogic.com/Resources/Advisories/KL-001-2024-010.txt - https://packetstormsecurity.com/files/180005/Journyx-11.5.4-XML-Injection.html - https://nvd.nist.gov/vuln/detail/CVE-2024-6893 - - http://seclists.org/fulldisclosure/2024/Aug/8 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-6893 cwe-id: CWE-611 - epss-score: 0.89632 - epss-percentile: 0.99522 - cpe: cpe:2.3:a:journyx:journyx:11.5.4:*:*:*:*:linux:*:* metadata: max-request: 1 vendor: journyx - product: journyx - framework: linux + product: journyx-jtime fofa-query: icon_hash="-109972155" - shodan-query: http.html:"journyx" - tags: packetstorm,cve,cve2024,journyx,xxe + tags: cve,cve2024,journyx,xxe + variables: pass: "{{rand_text_alpha(5)}}" diff --git a/http/cves/2024/CVE-2024-6911.yaml b/http/cves/2024/CVE-2024-6911.yaml index 5bb9d9fa65b..8b2c61516e3 100644 --- a/http/cves/2024/CVE-2024-6911.yaml +++ b/http/cves/2024/CVE-2024-6911.yaml @@ -11,21 +11,21 @@ info: - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-perten-processplus/ - https://nvd.nist.gov/vuln/detail/CVE-2024-6911 - https://github.com/adminlove520/pocWiki - - https://github.com/greenberglinken/2023hvv_1 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 + cvss-metrics: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N + cvss-score: 8.7 cve-id: CVE-2024-6911 cwe-id: CWE-552 - epss-score: 0.92756 - epss-percentile: 0.9974 - cpe: cpe:2.3:a:perkinelmer:processplus:*:*:*:*:*:*:*:* + epss-score: 0.00043 + epss-percentile: 0.09524 + cpe: cpe:2.3:a:perkinelmer:processplus:1.11.6507:*:*:*:*:*:*:* metadata: - max-request: 2 + max-request: 1 vendor: perkinelmer product: processplus - fofa-query: '"process plus" && icon_hash="1772087922"' - tags: cve,cve2024,processplus,intrusive,lfi,seclists,perkinelmer + fofa-query: '"Process Plus" && icon_hash="1772087922"' + tags: cve,cve2024,processplus,intrusive,lfi,seclists + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-6922.yaml b/http/cves/2024/CVE-2024-6922.yaml index 887910f8d71..90fda808494 100644 --- a/http/cves/2024/CVE-2024-6922.yaml +++ b/http/cves/2024/CVE-2024-6922.yaml @@ -17,11 +17,12 @@ info: metadata: verified: true max-request: 1 - vendor: automationanywhere - product: automation_360 - shodan-query: http.favicon.hash:"-1005691603" + shodan-query: http.favicon.hash:-1005691603 fofa-query: icon_hash="-1005691603" - tags: cve,cve2024,ssrf,oast,automation,anywhere,automationanywhere + product: automation_360 + vendor: automationanywhere + tags: cve,cve2024,ssrf,oast,automation,anywhere + http: - raw: diff --git a/http/cves/2024/CVE-2024-6924.yaml b/http/cves/2024/CVE-2024-6924.yaml index 9b0cf09a5a5..bf654c44c24 100644 --- a/http/cves/2024/CVE-2024-6924.yaml +++ b/http/cves/2024/CVE-2024-6924.yaml @@ -3,31 +3,19 @@ id: CVE-2024-6924 info: name: TrueBooker <= 1.0.2 - SQL Injection author: s4e-io - severity: critical + severity: high description: | The TrueBooker Appointment Booking and Scheduler Plugin. plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. reference: - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/truebooker-appointment-booking/truebooker-102-unauthenticated-sql-injection - https://wpscan.com/vulnerability/39e79801-6ec7-4579-bc6b-fd7e899733a8/ - - https://github.com/20142995/nuclei-templates - - https://github.com/fkie-cad/nvd-json-data-feeds - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 - cve-id: CVE-2024-6924 - cwe-id: CWE-89 - epss-score: 0.7255 - epss-percentile: 0.98672 - cpe: cpe:2.3:a:themetechmount:truebooker:*:*:*:*:*:wordpress:*:* metadata: - max-request: 2 vendor: themetechmount product: truebooker framework: wordpress publicwww-query: "/wp-content/plugins/truebooker-appointment-booking" - shodan-query: http.html:"/wp-content/plugins/truebooker-appointment-booking" - fofa-query: body=/wp-content/plugins/truebooker-appointment-booking - tags: time-based-sqli,wpscan,cve,cve2024,sqli,wp,wp-plugin,wordpress,truebooker,themetechmount + tags: time-based-sqli,wpscan,cve,cve2024,sqli,wp,wp-plugin,wordpress,truebooker + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-6926.yaml b/http/cves/2024/CVE-2024-6926.yaml index bf35e7c732d..2d596cb8ae2 100644 --- a/http/cves/2024/CVE-2024-6926.yaml +++ b/http/cves/2024/CVE-2024-6926.yaml @@ -11,22 +11,18 @@ info: - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/viral-signup/viral-signup-21-unauthenticated-sql-injection - https://wpscan.com/vulnerability/9ce96ce5-fcf0-4d7a-b562-f63ea3418d93/ - https://nvd.nist.gov/vuln/detail/CVE-2024-6926 - - https://github.com/fkie-cad/nvd-json-data-feeds classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-6926 - cwe-id: CWE-89 - epss-score: 0.71358 - epss-percentile: 0.98618 - cpe: cpe:2.3:a:wow-company:viral_signup:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 - vendor: wow-company - product: viral_signup + vendor: viral-signup + product: viral-signup framework: wordpress publicwww-query: "/wp-content/plugins/viral-signup" - tags: time-based-sqli,cve,cve2024,wpscan,wp-plugin,wordpress,viral-signup,sqli + tags: time-based-sqli,cve,cve2024,wpscan,wp-plugin,wordpress,viral-signup + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-6928.yaml b/http/cves/2024/CVE-2024-6928.yaml index 77140ed2a19..50cadeff74c 100644 --- a/http/cves/2024/CVE-2024-6928.yaml +++ b/http/cves/2024/CVE-2024-6928.yaml @@ -3,30 +3,25 @@ id: CVE-2024-6928 info: name: Opti Marketing <= 2.0.9 - SQL Injection author: s4e-io - severity: critical + severity: high description: | The Opti Marketing plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. reference: - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/opti-marketing/opti-marketing-209-unauthenticated-sql-injection - https://wpscan.com/vulnerability/7bb9474f-2b9d-4856-b36d-a43da3db0245/ - https://nvd.nist.gov/vuln/detail/cve-2024-6928 - - https://github.com/20142995/nuclei-templates - - https://github.com/fkie-cad/nvd-json-data-feeds classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 cve-id: CVE-2024-6928 - cwe-id: CWE-89 - epss-score: 0.71358 - epss-percentile: 0.98617 - cpe: cpe:2.3:a:opti.marketing:opti_marketing:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 - vendor: opti.marketing - product: opti_marketing + vendor: opti-marketing + product: opti-marketing framework: wordpress publicwww-query: "/wp-content/plugins/opti-marketing" tags: time-based-sqli,cve,cve2024,wpscan,wp-plugin,wp,wordpress,opti-marketing,sqli + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-7008.yaml b/http/cves/2024/CVE-2024-7008.yaml index 50f9cc4dced..aef97b5f4f8 100644 --- a/http/cves/2024/CVE-2024-7008.yaml +++ b/http/cves/2024/CVE-2024-7008.yaml @@ -10,9 +10,9 @@ info: - https://starlabs.sg/advisories/24/24-7008/ metadata: verified: true - max-request: 1 shodan-query: html:"Calibre" fofa-query: "Server: calibre" + max-request: 1 tags: cve,cve2024,calibre,xss http: diff --git a/http/cves/2024/CVE-2024-7029.yaml b/http/cves/2024/CVE-2024-7029.yaml index 6dea3b7f120..067eb7fc0f1 100644 --- a/http/cves/2024/CVE-2024-7029.yaml +++ b/http/cves/2024/CVE-2024-7029.yaml @@ -18,16 +18,14 @@ info: cvss-score: 8.8 cve-id: CVE-2024-7029 cwe-id: CWE-77 - epss-score: 0.88753 - epss-percentile: 0.99471 - cpe: cpe:2.3:o:avtech:avm1203_firmware:*:*:*:*:*:*:*:* + epss-score: 0.00043 + epss-percentile: 0.09555 metadata: verified: true max-request: 1 - vendor: avtech - product: avm1203_firmware fofa-query: body="AVTECH Software" tags: cve,cve2024,avtech,rce,kev,intrusive + variables: string: "{{randstr}}" diff --git a/http/cves/2024/CVE-2024-7188.yaml b/http/cves/2024/CVE-2024-7188.yaml index 38e81a27195..4f9cf0944ed 100644 --- a/http/cves/2024/CVE-2024-7188.yaml +++ b/http/cves/2024/CVE-2024-7188.yaml @@ -23,9 +23,9 @@ info: max-request: 1 vendor: bylancer product: quicklancer - shodan-query: http.favicon.hash:"1099370896" + shodan-query: http.favicon.hash:1099370896 fofa-query: icon_hash="1099370896" - tags: time-based-sqli,cve,cve2024,sqli,quicklancer,bylancer + tags: time-based-sqli,cve,cve2024,sqli,quicklancer http: - raw: diff --git a/http/cves/2024/CVE-2024-7313.yaml b/http/cves/2024/CVE-2024-7313.yaml index 767878c7c42..21e36f4e148 100644 --- a/http/cves/2024/CVE-2024-7313.yaml +++ b/http/cves/2024/CVE-2024-7313.yaml @@ -20,10 +20,10 @@ info: metadata: verified: true max-request: 2 - shodan-query: 'wp-content/plugins/wp-simple-firewall/' fofa-query: body="wp-content/plugins/wp-simple-firewall/" google-query: inurl:"/wp-content/plugins/wp-simple-firewall/" - tags: wpscan,cve,cve2024,wp,wordpress,xss,wp-plugin,authenticated,wp-simple-firewall + shodan-query: 'wp-content/plugins/wp-simple-firewall/' + tags: cve,cve2024,wp,wordpress,xss,wp-plugin,authenticated,wp-simple-firewall http: - raw: diff --git a/http/cves/2024/CVE-2024-7314.yaml b/http/cves/2024/CVE-2024-7314.yaml index 76a288a6bc3..d061d8d3bc7 100644 --- a/http/cves/2024/CVE-2024-7314.yaml +++ b/http/cves/2024/CVE-2024-7314.yaml @@ -16,19 +16,16 @@ info: classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 - cve-id: CVE-2024-7314 cwe-id: CWE-280 + cve-id: CVE-2024-7314 cpe: cpe:2.3:a:anji-plus:report:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: anji-plus product: report - shodan-query: http.title:"aj-report" - fofa-query: - - app="aj-report" - - title="aj-report" - google-query: intitle:"aj-report" + fofa-query: app="AJ-Report" + shodan-query: http.title:"AJ-Report" tags: cve,cve2024,aj-report,anji-plus,rce,swagger http: diff --git a/http/cves/2024/CVE-2024-7332.yaml b/http/cves/2024/CVE-2024-7332.yaml index b70787b3b29..31e409f4344 100644 --- a/http/cves/2024/CVE-2024-7332.yaml +++ b/http/cves/2024/CVE-2024-7332.yaml @@ -11,19 +11,18 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2024-7332 - https://cvefeed.io/vuln/detail/CVE-2024-7332 - https://www.tenable.com/cve/CVE-2024-7332 - - https://vuldb.com/?ctiid.273255 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-7332 - cwe-id: CWE-259,CWE-798 - epss-score: 0.64981 - epss-percentile: 0.98342 - cpe: cpe:2.3:o:totolink:cp450_firmware:4.1.0cu.747_b20191224:*:*:*:*:*:*:* + cwe-id: CWE-259 + epss-score: 0.00045 + epss-percentile: 0.16226 + cpe: cpe:2.3:a:totolink:cp450:4.1.0cu.747_b20191224:*:*:*:*:*:*:* metadata: - max-request: 1 + max-request: 2 vendor: totolink - product: "cp450_firmware" + product: cp450_firmware fofa-query: title="totolink" tags: cve,cve2024,totolink diff --git a/http/cves/2024/CVE-2024-7339.yaml b/http/cves/2024/CVE-2024-7339.yaml index 82b707b7614..40d70119303 100644 --- a/http/cves/2024/CVE-2024-7339.yaml +++ b/http/cves/2024/CVE-2024-7339.yaml @@ -20,15 +20,12 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2024-7339 - cwe-id: CWE-200,NVD-CWE-noinfo - epss-score: 0.81285 - epss-percentile: 0.99107 - cpe: cpe:2.3:o:provision-isr:sh-4050a5-5l\(mm\)_firmware:-:*:*:*:*:*:*:* + cwe-id: CWE-200 + epss-score: 0.00045 + epss-percentile: 0.16163 metadata: verified: true max-request: 1 - vendor: provision-isr - product: sh-4050a5-5l\(mm\)_firmware tags: cve,cve2024,dvr,tvt,info-leak http: diff --git a/http/cves/2024/CVE-2024-7340.yaml b/http/cves/2024/CVE-2024-7340.yaml index 5501d88f773..f44c57b7cbd 100644 --- a/http/cves/2024/CVE-2024-7340.yaml +++ b/http/cves/2024/CVE-2024-7340.yaml @@ -10,15 +10,12 @@ info: - https://github.com/advisories/GHSA-r49h-6qxq-624f - https://github.com/wandb/weave/pull/1657 - https://research.jfrog.com/vulnerabilities/wandb-weave-server-remote-arbitrary-file-leak-jfsa-2024-001039248/ - - https://github.com/20142995/nuclei-templates - - https://github.com/fkie-cad/nvd-json-data-feeds classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2024-7340 - cwe-id: CWE-22,CWE-20 - epss-score: 0.6003 - epss-percentile: 0.98129 + epss-score: 0.00043 + epss-percentile: 0.09404 metadata: verified: true max-request: 1 diff --git a/http/cves/2024/CVE-2024-7354.yaml b/http/cves/2024/CVE-2024-7354.yaml index c5b0a15f763..d105e9cf358 100644 --- a/http/cves/2024/CVE-2024-7354.yaml +++ b/http/cves/2024/CVE-2024-7354.yaml @@ -13,30 +13,24 @@ info: reference: - https://wpscan.com/vulnerability/3c871dcd-51d7-4d3b-b036-efa9e066ff41/ - https://nvd.nist.gov/vuln/detail/CVE-2024-7354 - - https://github.com/fkie-cad/nvd-json-data-feeds - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2024-7354 cwe-id: CWE-79 - epss-score: 0.00758 - epss-percentile: 0.72113 + epss-score: 0.00043 + epss-percentile: 0.09629 cpe: cpe:2.3:a:ninjaforms:ninja_forms:*:*:*:*:*:wordpress:*:* metadata: max-request: 3 vendor: ninjaforms product: ninja_forms framework: wordpress - shodan-query: - - http.html:"/wp-content/plugins/ninja-forms/" - - http.html:"/wp-content/plugins/ninja-forms" - fofa-query: - - body="/wp-content/plugins/ninja-forms" - - body="/wp-content/plugins/ninja-forms/" + fofa-query: body="/wp-content/plugins/ninja-forms" publicwww-query: /wp-content/plugins/ninja-forms/ - tags: wpscan,cve,cve2024,wp,wordpress,wp-plugin,ninja-forms,xss,authenticated,ninjaforms + shodan-query: http.html:"/wp-content/plugins/ninja-forms/" + tags: cve,cve2024,wp,wordpress,wp-plugin,ninja-forms,xss,authenticated + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-7591.yaml b/http/cves/2024/CVE-2024-7591.yaml index 651cf586eb7..46a625bbd94 100644 --- a/http/cves/2024/CVE-2024-7591.yaml +++ b/http/cves/2024/CVE-2024-7591.yaml @@ -11,22 +11,22 @@ info: - https://nvd.nist.gov/vuln/detail/cve-2024-7591 - https://support.kemptechnologies.com/hc/en-us/articles/29196371689613-LoadMaster-Security-Vulnerability-CVE-2024-7591 - https://insinuator.net/2024/11/vulnerability-disclosure-command-injection-in-kemp-loadmaster-load-balancer-cve-2024-7591 - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cve-id: CVE-2024-7591 cwe-id: CWE-78 - epss-score: 0.30709 - epss-percentile: 0.96459 + epss-score: 0.00933 + epss-percentile: 0.74906 cpe: cpe:2.3:a:kemptechnologies:loadmaster:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 vendor: kemptechnologies product: loadmaster - shodan-query: http.html:"kemp login screen" + max-request: 2 + shodan-query: html:"Kemp Login Screen" tags: cve,cve2024,loadmaster,rce,oast,kemptechnologies + variables: oast: ".{{interactsh-url}}" payload: "{{padding(oast,'a',50,'prefix')}}" diff --git a/http/cves/2024/CVE-2024-7593.yaml b/http/cves/2024/CVE-2024-7593.yaml index 078866a8d53..8c712206ad8 100644 --- a/http/cves/2024/CVE-2024-7593.yaml +++ b/http/cves/2024/CVE-2024-7593.yaml @@ -25,11 +25,8 @@ info: vendor: ivanti product: virtual traffic manager shodan-query: - - http.favicon.hash:"1862800928" - - http.html:"apps/zxtm/login.cgi" - fofa-query: - - body="apps/zxtm/login.cgi" - - icon_hash=1862800928 + - http.favicon.hash:1862800928 + - html:"apps/zxtm/login.cgi" tags: packetstorm,cve2024,cve,auth-bypass,ivanti,intrusive,kev flow: http(1) && http(2) diff --git a/http/cves/2024/CVE-2024-7714.yaml b/http/cves/2024/CVE-2024-7714.yaml index 3fe584c83f0..f9aa989681f 100644 --- a/http/cves/2024/CVE-2024-7714.yaml +++ b/http/cves/2024/CVE-2024-7714.yaml @@ -3,32 +3,28 @@ id: CVE-2024-7714 info: name: AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls author: s4e-io - severity: high + severity: medium description: | The plugin lacks sufficient access controls allowing an unauthenticated user to disconnect the plugin from OpenAI, thereby disabling the plugin. Multiple actions are accessible: ays_chatgpt_disconnect, ays_chatgpt_connect, and ays_chatgpt_save_feedback remediation: Fixed in 2.1.0 reference: - https://nvd.nist.gov/vuln/detail/CVE-2024-7714 - https://wpscan.com/vulnerability/04447c76-a61b-4091-a510-c76fc8ca5664/ - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection - - https://github.com/fkie-cad/nvd-json-data-feeds classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N - cvss-score: 7.5 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N + cvss-score: 6.5 cve-id: CVE-2024-7714 cwe-id: CWE-284 - epss-score: 0.03194 - epss-percentile: 0.86367 - cpe: cpe:2.3:a:ays-pro:chatgpt_assistant:*:*:*:*:free:wordpress:*:* + epss-score: 0.00043 + epss-percentile: 0.09599 metadata: verified: true max-request: 1 - vendor: ays-pro - product: chatgpt_assistant + vendor: ays-chatgpt-assistant-team + product: ays-chatgpt-assistant framework: wordpress publicwww-query: "/wp-content/plugins/ays-chatgpt-assistant" - tags: wpscan,cve,cve2024,ays-chatgpt-assistant,wordpress,wp-plugin,wp,iac,ays-chatgpt-assistant-team + tags: cve,cve2024,ays-chatgpt-assistant,wordpress,wp-plugin,wp,iac http: - method: GET diff --git a/http/cves/2024/CVE-2024-7786.yaml b/http/cves/2024/CVE-2024-7786.yaml index 90a8e47845a..43b0694f70e 100755 --- a/http/cves/2024/CVE-2024-7786.yaml +++ b/http/cves/2024/CVE-2024-7786.yaml @@ -3,31 +3,29 @@ id: CVE-2024-7786 info: name: Sensei LMS < 4.24.2 - Email Template Leak author: s4e-io - severity: medium + severity: high description: | The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates. reference: - https://wpscan.com/vulnerability/f44e6f8f-3ef2-45c9-ae9c-9403305a548a/ - https://nvd.nist.gov/vuln/detail/CVE-2024-7786 - https://www.usom.gov.tr/bildirim/tr-24-1387 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 cve-id: CVE-2024-7786 - epss-score: 0.2797 - epss-percentile: 0.96186 - cpe: cpe:2.3:a:automattic:sensei_lms:*:*:*:*:*:wordpress:*:* + epss-score: 0.00043 + epss-percentile: 0.09568 metadata: - verified: true max-request: 2 + verified: true vendor: automattic - product: sensei_lms + product: sensei-lms framework: wordpress - fofa-query: body="/wp-content/plugins/sensei-lms" publicwww-query: "/wp-content/plugins/sensei-lms" - tags: cve,cve2024,wpscan,wp,wp-plugin,wordpress,sensei-lms,exposure,automattic + fofa-query: body="/wp-content/plugins/sensei-lms" + tags: cve,cve2024,wpscan,wp,wp-plugin,wordpress,sensei-lms,exposure + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-7854.yaml b/http/cves/2024/CVE-2024-7854.yaml index bb1992da8d8..f1522bf775a 100644 --- a/http/cves/2024/CVE-2024-7854.yaml +++ b/http/cves/2024/CVE-2024-7854.yaml @@ -10,15 +10,13 @@ info: - https://github.com/RandomRobbieBF/CVE-2024-7854 - https://www.wordfence.com/threat-intel/vulnerabilities/id/312a6601-c914-4661-82ff-6f8bac849442?source=cve - https://nvd.nist.gov/vuln/detail/CVE-2024-7854 - - https://plugins.trac.wordpress.org/browser/woo-inquiry/trunk/includes/functions.php?rev=2088873#L307 - - https://github.com/fkie-cad/nvd-json-data-feeds classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2024-7854 cwe-id: CWE-89 - epss-score: 0.77442 - epss-percentile: 0.98912 + epss-score: 0.00091 + epss-percentile: 0.39655 cpe: cpe:2.3:a:sjhoo:woo_inquiry:0.1:*:*:*:*:*:*:* metadata: verified: true @@ -27,9 +25,8 @@ info: product: woo_inquiry framework: wordpress publicwww-query: "/wp-content/plugins/woo-inquiry" - shodan-query: http.html:"/wp-content/plugins/woo-inquiry" - fofa-query: body=/wp-content/plugins/woo-inquiry - tags: time-based-sqli,cve,cve2024,wp,wordpress,wp-plugin,sqli,woo-inquiry,sjhoo + tags: time-based-sqli,cve,cve2024,wp,wordpress,wp-plugin,sqli,woo-inquiry + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-7928.yaml b/http/cves/2024/CVE-2024-7928.yaml index 357786970a9..0b61d0bfe10 100644 --- a/http/cves/2024/CVE-2024-7928.yaml +++ b/http/cves/2024/CVE-2024-7928.yaml @@ -10,24 +10,17 @@ info: - https://wiki.shikangsi.com/post/share/da0292b8-0f92-4e6e-bdb7-73f47b901acd - https://github.com/bigb0x/CVE-2024-7928 - https://nvd.nist.gov/vuln/detail/CVE-2024-7928 - - https://vuldb.com/?ctiid.275114 - - https://vuldb.com/?id.275114 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N cvss-score: 4.3 cve-id: CVE-2024-7928 cwe-id: CWE-22 - epss-score: 0.91554 - epss-percentile: 0.99641 - cpe: cpe:2.3:a:fastadmin:fastadmin:*:*:*:*:*:*:*:* + cpe: cpe:2.3:a:fastadmin:fastadmin:1.3.3.20220121:*:*:*:*:*:*:* metadata: max-request: 1 vendor: fastadmin product: fastadmin - fofa-query: - - icon_hash="-1036943727" - - app="fastadmin-框架" - shodan-query: http.favicon.hash:"-1036943727" + fofa-query: icon_hash="-1036943727" tags: cve,cve2024,fastadmin,lfi http: diff --git a/http/cves/2024/CVE-2024-7954.yaml b/http/cves/2024/CVE-2024-7954.yaml index 78c1a59a5a2..1adbea3bbea 100644 --- a/http/cves/2024/CVE-2024-7954.yaml +++ b/http/cves/2024/CVE-2024-7954.yaml @@ -23,12 +23,7 @@ info: max-request: 1 vendor: spip product: spip - fofa-query: - - app="spip" - - body="spip.php?page=backend" - shodan-query: - - cpe:"cpe:2.3:a:spip:spip" - - http.html:"spip.php?page=backend" + fofa-query: app="SPIP" tags: cve,cve2024,spip,rce http: diff --git a/http/cves/2024/CVE-2024-8021.yaml b/http/cves/2024/CVE-2024-8021.yaml index 4b6cf13618c..61a178665eb 100644 --- a/http/cves/2024/CVE-2024-8021.yaml +++ b/http/cves/2024/CVE-2024-8021.yaml @@ -8,22 +8,11 @@ info: Gradio allows an open redirect bypass via URL encoding, enabling attackers to redirect users to malicious sites. This can lead to phishing attacks and loss of trust in the application. reference: - https://huntr.com/bounties/adc23067-ec04-47ef-9265-afd452071888 - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2024-8021 - cwe-id: CWE-601 - epss-score: 0.01054 - epss-percentile: 0.76488 - cpe: cpe:2.3:a:gradio_project:gradio:-:*:*:*:*:python:*:* metadata: verified: true max-request: 1 vendor: gradio_project product: gradio - framework: python shodan-query: - http.html:"__gradio_mode__" - http.title:"gradio" @@ -31,7 +20,7 @@ info: - body="__gradio_mode__" - title="gradio" google-query: intitle:"gradio" - tags: cve,cve2024,redirect,oast,gradio,gradio_project + tags: cve,cve2024,redirect,oast,gradio http: - raw: diff --git a/http/cves/2024/CVE-2024-8181.yaml b/http/cves/2024/CVE-2024-8181.yaml index 414aabbf832..419b0905e46 100644 --- a/http/cves/2024/CVE-2024-8181.yaml +++ b/http/cves/2024/CVE-2024-8181.yaml @@ -3,28 +3,22 @@ id: CVE-2024-8181 info: name: Flowise <= 1.8.2 Authentication Bypass author: iamnoooob,rootxharsh,pdresearch - severity: critical + severity: high description: | An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality. reference: - https://www.tenable.com/security/research/tra-2024-33 - https://tenable.com/security/research/tra-2024-22-0 - https://nvd.nist.gov/vuln/detail/CVE-2024-8181 - - https://tenable.com/security/research/tra-2024-33 - - https://github.com/fa-rrel/Flowise-1.8.2-Authentication-Bypass classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N + cvss-score: 7.3 cve-id: CVE-2024-8181 - cwe-id: CWE-287 - epss-score: 0.71291 - epss-percentile: 0.98614 - cpe: cpe:2.3:a:flowiseai:flowise:1.8.2:*:*:*:*:*:*:* + epss-score: 0.00043 + epss-percentile: 0.09544 metadata: verified: true max-request: 1 - vendor: flowiseai - product: flowise shodan-query: http.favicon.hash:-2051052918 fofa-query: title:"Flowise" tags: tenable,cve,cve2024,flowise,auth-bypass diff --git a/http/cves/2024/CVE-2024-8484.yaml b/http/cves/2024/CVE-2024-8484.yaml index 543d1d66ad9..fc88e84242f 100644 --- a/http/cves/2024/CVE-2024-8484.yaml +++ b/http/cves/2024/CVE-2024-8484.yaml @@ -26,9 +26,8 @@ info: product: rest-api-to-miniprogram framework: wordpress publicwww-query: "/wp-content/plugins/rest-api-to-miniprogram" - shodan-query: http.html:"/wp-content/plugins/rest-api-to-miniprogram" - fofa-query: body=/wp-content/plugins/rest-api-to-miniprogram - tags: time-based-sqli,cve,cve2024,wp,wp-plugin,wordpress,sqli,miniprogram,jianbo + tags: time-based-sqli,cve,cve2024,wp,wp-plugin,wordpress,sqli,miniprogram + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-8503.yaml b/http/cves/2024/CVE-2024-8503.yaml index 56517082fcc..d1d1e6f23a7 100644 --- a/http/cves/2024/CVE-2024-8503.yaml +++ b/http/cves/2024/CVE-2024-8503.yaml @@ -23,8 +23,8 @@ info: vendor: vicidial product: vicidial fofa-query: icon_hash="1375401192" - shodan-query: http.favicon.hash:"1375401192" tags: time-based-sqli,cve,cve2024,vicidial,sqli + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-8522.yaml b/http/cves/2024/CVE-2024-8522.yaml index 1660a981ff7..ab8f8b4ed99 100644 --- a/http/cves/2024/CVE-2024-8522.yaml +++ b/http/cves/2024/CVE-2024-8522.yaml @@ -11,30 +11,22 @@ info: reference: - https://github.com/advisories/GHSA-3w3r-r6g6-w8x5 - https://nvd.nist.gov/vuln/detail/CVE-2024-8522 - - https://plugins.trac.wordpress.org/browser/learnpress/trunk/inc/jwt/rest-api/version1/class-lp-rest-courses-v1-controller.php#L441 - - https://www.wordfence.com/threat-intel/vulnerabilities/id/e495507d-7eac-4f38-ab6f-b8f0809b2be4?source=cve - - https://github.com/12442RF/POC classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 cve-id: CVE-2024-8522 cwe-id: CWE-89 - epss-score: 0.80501 - epss-percentile: 0.9907 + epss-score: 0.04685 + epss-percentile: 0.91818 cpe: cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:wordpress:*:* metadata: max-request: 4 vendor: thimpress product: learnpress - framework: wordpress - shodan-query: - - http.html:"/wp-content/plugins/learnpress" - - http.html:"wp-content/plugins/learnpress" - fofa-query: - - body="/wp-content/plugins/learnpress" - - body="wp-content/plugins/learnpress" - publicwww-query: /wp-content/plugins/learnpress - tags: time-based-sqli,cve,cve2024,learnpress,sqli,wp,wordpress,wp-plugin,authenticated,thimpress + shodan-query: html:"/wp-content/plugins/learnpress" + fofa-query: body="/wp-content/plugins/learnpress" + tags: time-based-sqli,cve,cve2024,learnpress,sqli,wp,wordpress,wp-plugin,authenticated + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-8529.yaml b/http/cves/2024/CVE-2024-8529.yaml index 35ac82430a2..59f67a67214 100644 --- a/http/cves/2024/CVE-2024-8529.yaml +++ b/http/cves/2024/CVE-2024-8529.yaml @@ -12,30 +12,19 @@ info: - https://wpscan.com/vulnerability/6b86c089-177b-45b4-979e-4ae08e586e83/ - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2b2671e-0db7-4ba9-b574-a0122959e8fc - https://nvd.nist.gov/vuln/detail/CVE-2024-8529 - - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2b2671e-0db7-4ba9-b574-a0122959e8fc?source=cve - - https://github.com/20142995/nuclei-templates classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 cve-id: CVE-2024-8529 cwe-id: CWE-89 - epss-score: 0.29026 - epss-percentile: 0.96303 cpe: cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:wordpress:*:* metadata: - verified: true max-request: 1 + verified: true + fofa-query: body="wp-content/plugins/learnpress" vendor: thimpress product: learnpress - framework: wordpress - fofa-query: - - body="wp-content/plugins/learnpress" - - body="/wp-content/plugins/learnpress" - publicwww-query: /wp-content/plugins/learnpress - shodan-query: - - http.html:"/wp-content/plugins/learnpress" - - http.html:"wp-content/plugins/learnpress" - tags: wpscan,cve,cve2024,wordpress,wp-plugin,wp,learnpress,sqli,kev,time-based-sqli,thimpress + tags: cve,cve2024,wordpress,wp-plugin,wp,learnpress,sqli,kev,time-based-sqli http: - raw: diff --git a/http/cves/2024/CVE-2024-8673.yaml b/http/cves/2024/CVE-2024-8673.yaml index e1c28714c01..bbf1216d70b 100644 --- a/http/cves/2024/CVE-2024-8673.yaml +++ b/http/cves/2024/CVE-2024-8673.yaml @@ -10,14 +10,15 @@ info: reference: - https://wpscan.com/vulnerability/fed2cd26-7ccb-419d-b589-978410953bf4/ classification: - cvss-score: 3.5 cve-id: CVE-2024-8673 + cvss-score: 3.5 cwe-id: CWE-79 metadata: verified: true max-request: 5 framework: wordpress - tags: cve,cve2024,wpscan,wp-plugin,wp,authenticated,wordpress,z-downloads,intrusive + tags: cve,cve2024,wpscan,wp-plugin,wp,authenticated,wordpress,z-downloads + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-8698.yaml b/http/cves/2024/CVE-2024-8698.yaml index 18951c1073e..0f4ccafbb1b 100644 --- a/http/cves/2024/CVE-2024-8698.yaml +++ b/http/cves/2024/CVE-2024-8698.yaml @@ -17,24 +17,18 @@ info: cvss-score: 7.7 cve-id: CVE-2024-8698 cwe-id: CWE-347 - epss-score: 0.7958 - epss-percentile: 0.99023 + epss-score: 0.00125 + epss-percentile: 0.47937 metadata: verified: true - max-request: 2 + max-request: 1 vendor: redhat product: keycloak - shodan-query: - - http.favicon.hash:"-1105083093" - - http.html:"keycloak" - - http.title:"keycloak" - fofa-query: - - "icon_hash=-1105083093" - - body="keycloak" - - icon_hash="-1105083093" - - title="keycloak" + shodan-query: http.favicon.hash:"-1105083093" + fofa-query: icon_hash=-1105083093 google-query: intitle:"keycloak" - tags: cve,cve2024,keycloak,saml,signature,redhat + tags: cve,cve2024,keycloak,saml,signature + variables: AUTH_SESSION_ID_LEGACY: "{{auth_cookie}}" # Cookie of the valid SAMLResponse message RELAYSTATE: "{{relayState}}" # Relaystate linked to the Cookie diff --git a/http/cves/2024/CVE-2024-8752.yaml b/http/cves/2024/CVE-2024-8752.yaml index 0965c029be3..e23c07588f4 100644 --- a/http/cves/2024/CVE-2024-8752.yaml +++ b/http/cves/2024/CVE-2024-8752.yaml @@ -9,25 +9,16 @@ info: reference: - https://www.tenable.com/security/research/tra-2024-38 - https://nvd.nist.gov/vuln/detail/CVE-2024-8752 - - https://github.com/20142995/nuclei-templates - - https://github.com/D3anSPGDMS/CVE-2024-8752 - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-8752 - cwe-id: CWE-22 - epss-score: 0.86069 - epss-percentile: 0.99338 - cpe: cpe:2.3:a:smart-hmi:webiq:2.15.9:*:*:*:*:*:*:* metadata: verified: true max-request: 1 - vendor: smart-hmi + vendor: webiq product: webiq - shodan-query: http.title:"webiq" - fofa-query: title="webiq" - google-query: intitle:"webiq" + shodan-query: title:"WebIQ" tags: cve,cve2024,webiq,lfi http: diff --git a/http/cves/2024/CVE-2024-8856.yaml b/http/cves/2024/CVE-2024-8856.yaml index 899c3080d8e..1712c3227ff 100644 --- a/http/cves/2024/CVE-2024-8856.yaml +++ b/http/cves/2024/CVE-2024-8856.yaml @@ -18,14 +18,15 @@ info: cvss-score: 9.8 cve-id: CVE-2024-8856 cwe-id: CWE-434 - epss-score: 0.91922 - epss-percentile: 0.9967 + epss-score: 0.00065 + epss-percentile: 0.3056 metadata: verified: true max-request: 2 fofa-query: body="/wp-content/plugins/wp-time-capsule/" publicwww-query: "/wp-content/plugins/wp-time-capsule/" tags: cve,cve2024,intrusive,file-upload,wordpress,wp-plugin,wp,wp-time-capsule,rce + variables: marker: "{{randstr}}" filename: "{{randbase(2)}}" diff --git a/http/cves/2024/CVE-2024-8859.yaml b/http/cves/2024/CVE-2024-8859.yaml index 88f7c654514..e6d80f2353a 100644 --- a/http/cves/2024/CVE-2024-8859.yaml +++ b/http/cves/2024/CVE-2024-8859.yaml @@ -22,7 +22,6 @@ info: fofa-query: - title="mlflow" - app="mlflow" - google-query: intitle:"mlflow" tags: cve2024,cve,mlflow,oss,lfi,huntr,intrusive,lfprojects http: diff --git a/http/cves/2024/CVE-2024-8877.yaml b/http/cves/2024/CVE-2024-8877.yaml index a0b0a6af1b1..57d9fab8543 100644 --- a/http/cves/2024/CVE-2024-8877.yaml +++ b/http/cves/2024/CVE-2024-8877.yaml @@ -10,34 +10,24 @@ info: - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-riello-netman-204/index.html - https://0day.today/exploit/39757 - https://nvd.nist.gov/vuln/detail/CVE-2024-8877 - - https://github.com/cyb3r-w0lf/nuclei-template-collection - - https://github.com/fkie-cad/nvd-json-data-feeds classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-8877 cwe-id: CWE-89 - epss-score: 0.87387 - epss-percentile: 0.99405 + epss-score: 0.00091 + epss-percentile: 0.39654 cpe: cpe:2.3:o:riello-ups:netman_204_firmware:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: riello-ups product: netman_204_firmware - shodan-query: - - http.title:"netman 204" - - http.html:"ups network management card 4" - - http.title:"netman" - fofa-query: - - title="netman 204" - - body="ups network management card 4" - - title="netman" + shodan-query: title:"netman 204" + fofa-query: title="netman 204" censys-query: services.http.response.body:"netman204" - google-query: - - intitle:"netman 204" - - intitle:"netman" - tags: cve,cve2024,netman,sqli,riello-ups + google-query: intitle:"netman 204" + tags: cve,cve2024,netman,sqli http: - method: GET diff --git a/http/cves/2024/CVE-2024-8883.yaml b/http/cves/2024/CVE-2024-8883.yaml index b0ae3b4756d..8feb264e8be 100644 --- a/http/cves/2024/CVE-2024-8883.yaml +++ b/http/cves/2024/CVE-2024-8883.yaml @@ -15,10 +15,11 @@ info: cve-id: CVE-2024-8883 cwe-id: CWE-601 metadata: + max-request: 1 verified: true - max-request: 36 shodan-query: title:"keycloak" tags: cve,cve2024,keycloak,redirect + variables: redirect_uri: "oast.me" diff --git a/http/cves/2024/CVE-2024-8963.yaml b/http/cves/2024/CVE-2024-8963.yaml index 0fd2783a2b1..b10caca6592 100644 --- a/http/cves/2024/CVE-2024-8963.yaml +++ b/http/cves/2024/CVE-2024-8963.yaml @@ -10,15 +10,13 @@ info: - https://www.fortinet.com/blog/threat-research/burning-zero-days-suspected-nation-state-adversary-targets-ivanti-csa - https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963?language=en_US - https://nvd.nist.gov/vuln/detail/CVE-2024-8963 - - https://github.com/fkie-cad/nvd-json-data-feeds - - https://github.com/fl4m3-s/IvantiCSA_Unauth_RCE classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L - cvss-score: 9.4 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N + cvss-score: 9.1 cve-id: CVE-2024-8963 cwe-id: CWE-22 - epss-score: 0.94325 - epss-percentile: 0.99938 + epss-score: 0.30991 + epss-percentile: 0.97075 cpe: cpe:2.3:a:ivanti:endpoint_manager_cloud_services_appliance:4.6:-:*:*:*:*:*:* metadata: verified: true @@ -28,12 +26,8 @@ info: shodan-query: - http.title:"cloud services appliance" - http.title:"landesk(r) cloud services appliance" - fofa-query: - - title="landesk(r) cloud services appliance" - - title="cloud services appliance" - google-query: - - intitle:"landesk(r) cloud services appliance" - - intitle:"cloud services appliance" + fofa-query: title="landesk(r) cloud services appliance" + google-query: intitle:"landesk(r) cloud services appliance" tags: cve,cve2024,ivanti,kev http: diff --git a/http/cves/2024/CVE-2024-9014.yaml b/http/cves/2024/CVE-2024-9014.yaml index 5e5913604f4..817e4a6c9a1 100644 --- a/http/cves/2024/CVE-2024-9014.yaml +++ b/http/cves/2024/CVE-2024-9014.yaml @@ -10,22 +10,20 @@ info: - https://github.com/EQSTLab/CVE-2024-9014 - https://github.com/pgadmin-org/pgadmin4/issues/7945 - https://nvd.nist.gov/vuln/detail/CVE-2024-9014 - - https://github.com/Threekiii/CVE - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H cvss-score: 9.9 cve-id: CVE-2024-9014 cwe-id: CWE-522 - epss-score: 0.92322 - epss-percentile: 0.99703 + epss-score: 0.00043 + epss-percentile: 0.09595 metadata: verified: true max-request: 1 vendor: pgadmin-org product: pgadmin4 fofa-query: "pgadmin4" - tags: cve,cve2024,pgadmin,exposure,auth-bypass,pgadmin-org + tags: cve,cve2024,pgadmin,exposure,auth-bypass http: - raw: diff --git a/http/cves/2024/CVE-2024-9047.yaml b/http/cves/2024/CVE-2024-9047.yaml index 098c43861fe..c26d50954f0 100644 --- a/http/cves/2024/CVE-2024-9047.yaml +++ b/http/cves/2024/CVE-2024-9047.yaml @@ -19,18 +19,18 @@ info: cvss-score: 9.8 cve-id: CVE-2024-9047 cwe-id: CWE-22 - epss-score: 0.91432 - epss-percentile: 0.99632 - cpe: cpe:2.3:a:iptanus:wordpress_file_upload:*:*:*:*:*:wordpress:*:* + epss-score: 0.00091 + epss-percentile: 0.40349 metadata: max-request: 1 - vendor: iptanus - product: wordpress_file_upload + vendor: nickolas_bossinas + product: wordpress-file-upload framework: wordpress shodan-query: http.html:"/wp-content/plugins/wp-file-upload/" fofa-query: body="/wp-content/plugins/wp-file-upload" publicwww-query: /wp-content/plugins/wp-file-upload/ - tags: cve,cve2024,wp,wordpress,wp-plugin,wp-file-upload,lfi,nickolas_bossinas + tags: cve,cve2024,wp,wordpress,wp-plugin,wp-file-upload,lfi + variables: file: "{{rand_base(16)}}" ticket: "{{rand_base(16)}}" diff --git a/http/cves/2024/CVE-2024-9061.yaml b/http/cves/2024/CVE-2024-9061.yaml index 00835549156..4f55fec8038 100644 --- a/http/cves/2024/CVE-2024-9061.yaml +++ b/http/cves/2024/CVE-2024-9061.yaml @@ -18,14 +18,14 @@ info: epss-score: 0.00046 epss-percentile: 0.18015 metadata: - verified: true max-request: 2 + verified: true vendor: themehunk product: wp-popup-builder framework: wordpress fofa-query: body="/wp-content/plugins/wp-popup-builder/" - shodan-query: http.html:"/wp-content/plugins/wp-popup-builder/" - tags: cve,cve2024,wp,wordpress,wp-plugin,wp-popup-builder,shortcode,themehunk + tags: cve,cve2024,wp,wordpress,wp-plugin,wp-popup-builder,shortcode + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-9186.yaml b/http/cves/2024/CVE-2024-9186.yaml index a147023f2dd..b9e4dad10b9 100644 --- a/http/cves/2024/CVE-2024-9186.yaml +++ b/http/cves/2024/CVE-2024-9186.yaml @@ -13,19 +13,19 @@ info: classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N cvss-score: 8.6 - cve-id: CVE-2024-9186 cwe-id: CWE-89 - epss-score: 0.17249 - epss-percentile: 0.94665 - cpe: cpe:2.3:a:funnelkit:funnelkit_automations:*:*:*:*:*:wordpress:*:* + cve-id: CVE-2024-9186 + epss-score: 0.00043 + epss-percentile: 0.10302 metadata: verified: true max-request: 2 vendor: funnelkit - product: funnelkit_automations + product: wp-marketing-automations framework: wordpress fofa-query: body="wp-content/plugins/wp-marketing-automations/" - tags: wpscan,cve,cve2024,wp,wordpress,wp-plugin,sqli,wp-marketing-automations,time-based-sqli,funnelkit + tags: cve,cve2024,wp,wordpress,wp-plugin,sqli,wp-marketing-automations,time-based-sqli + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-9193.yaml b/http/cves/2024/CVE-2024-9193.yaml index bf073b18e06..48102a7dd53 100644 --- a/http/cves/2024/CVE-2024-9193.yaml +++ b/http/cves/2024/CVE-2024-9193.yaml @@ -10,23 +10,18 @@ info: - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/academist-membership/academist-membership-116-authentication-bypass-via-account-takeover - https://whmpress.com/docs/change-log/ - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f3b0e75-d2f0-48b7-ba33-75c4e998030e?source=cve - - https://github.com/20142995/nuclei-templates - - https://github.com/fkie-cad/nvd-json-data-feeds classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-9193 cwe-id: CWE-98 - epss-score: 0.24222 - epss-percentile: 0.95774 - cpe: cpe:2.3:a:whmpress:whmcs:*:*:*:*:*:wordpress:*:* + epss-score: 0.00091 + epss-percentile: 0.41188 metadata: verified: true max-request: 2 - vendor: whmpress - product: whmcs - framework: wordpress tags: cve,cve2024,whmpress,whmcs,wordpress,wp,intrusive + variables: randomstr: "{{randstr_1}}" marker: "{{base64(randomstr)}}" diff --git a/http/cves/2024/CVE-2024-9234.yaml b/http/cves/2024/CVE-2024-9234.yaml index a61f1274ac9..6a729480176 100644 --- a/http/cves/2024/CVE-2024-9234.yaml +++ b/http/cves/2024/CVE-2024-9234.yaml @@ -23,8 +23,8 @@ info: product: gutenkit framework: wordpress fofa-query: body="wp-content/plugins/gutenkit-blocks-addon" - shodan-query: http.html:"wp-content/plugins/gutenkit-blocks-addon" - tags: cve,cve2024,wordpress,wp-plugin,gutenkit,file-upload,intrusive,wpmet + tags: cve,cve2024,wordpress,wp-plugin,gutenkit,file-upload,intrusive + variables: filename: "{{rand_text_alpha(12)}}" diff --git a/http/cves/2024/CVE-2024-9463.yaml b/http/cves/2024/CVE-2024-9463.yaml index 752b41c872b..b3c87560201 100644 --- a/http/cves/2024/CVE-2024-9463.yaml +++ b/http/cves/2024/CVE-2024-9463.yaml @@ -3,35 +3,32 @@ id: CVE-2024-9463 info: name: PaloAlto Networks Expedition - Remote Code Execution author: princechaddha - severity: high + severity: critical description: | An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. impact: | Successful exploitation could result in unauthorized access and control of the affected device. remediation: | Apply the necessary security patches provided by Palo Alto Networks to mitigate the CVE-2024-9463 vulnerability. - reference: |- + reference: | - https://x.com/watchtowrcyber/status/1844306954245767623 - https://security.paloaltonetworks.com/PAN-SA-2024-0010 - https://github.com/fkie-cad/nvd-json-data-feeds - https://nvd.nist.gov/vuln/detail/CVE-2024-9463 - - https://github.com/nothe1senberg/CVE-2024-9463 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 + cvss-metrics: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/S + cvss-score: 9.9 cve-id: CVE-2024-9463 cwe-id: CWE-78 - epss-score: 0.94264 - epss-percentile: 0.99923 - cpe: cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:* + epss-score: 0.00043 + epss-percentile: 0.10347 metadata: verified: true max-request: 1 vendor: paloaltonetworks product: expedition - shodan-query: http.favicon.hash:"1499876150" - fofa-query: icon_hash=1499876150 - tags: cve,cve2024,palo-alto,rce,kev,paloaltonetworks + shodan-query: http.favicon.hash:1499876150 + tags: cve,cve2024,palo-alto,rce,kev http: - raw: diff --git a/http/cves/2024/CVE-2024-9465.yaml b/http/cves/2024/CVE-2024-9465.yaml index 6f20a5c60fb..fb4fcf0d924 100644 --- a/http/cves/2024/CVE-2024-9465.yaml +++ b/http/cves/2024/CVE-2024-9465.yaml @@ -3,7 +3,7 @@ id: CVE-2024-9465 info: name: Palo Alto Expedition - SQL Injection author: DhiyaneshDK - severity: critical + severity: high description: | An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system. reference: @@ -11,23 +11,21 @@ info: - https://github.com/horizon3ai/CVE-2024-9465/tree/main - https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/ - https://nvd.nist.gov/vuln/detail/CVE-2024-9465 - - https://github.com/fkie-cad/nvd-json-data-feeds classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N - cvss-score: 9.1 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N + cvss-score: 8.2 cve-id: CVE-2024-9465 cwe-id: CWE-89 - epss-score: 0.94244 - epss-percentile: 0.99917 - cpe: cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:* + epss-score: 0.00043 + epss-percentile: 0.09688 metadata: verified: true max-request: 2 vendor: paloaltonetworks product: expedition - shodan-query: http.favicon.hash:"1499876150" - fofa-query: icon_hash=1499876150 - tags: time-based-sqli,cve,cve2024,palo-alto,sqli,kev,paloaltonetworks + shodan-query: http.favicon.hash:1499876150 + tags: time-based-sqli,cve,cve2024,palo-alto,sqli,kev + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-9474.yaml b/http/cves/2024/CVE-2024-9474.yaml index d61c0d741c4..6e376c0f362 100644 --- a/http/cves/2024/CVE-2024-9474.yaml +++ b/http/cves/2024/CVE-2024-9474.yaml @@ -7,19 +7,13 @@ info: description: | A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability. - reference: - - https://github.com/DMW11525708/wiki - - https://github.com/watchtowrlabs/palo-alto-panos-cve-2024-0012 - - https://github.com/XiaomingX/cve-2024-0012-poc - - https://github.com/eeeeeeeeee-code/POC - - https://github.com/laoa1573/wy876 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2024-9474 cwe-id: CWE-78 - epss-score: 0.94283 - epss-percentile: 0.99927 + epss-score: 0.02252 + epss-percentile: 0.89926 cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* metadata: verified: true @@ -30,7 +24,8 @@ info: - cpe:"cpe:2.3:o:paloaltonetworks:pan-os" - http.favicon.hash:"-631559155" fofa-query: icon_hash="-631559155" - tags: cve,cve2024,panos,rce,kev,paloaltonetworks + tags: cve,cve2024,panos,rce,kev + flow: http(1) && http(2) && http(3) variables: diff --git a/http/cves/2024/CVE-2024-9487.yaml b/http/cves/2024/CVE-2024-9487.yaml index 5c292fdef1c..1ee5ba214cc 100644 --- a/http/cves/2024/CVE-2024-9487.yaml +++ b/http/cves/2024/CVE-2024-9487.yaml @@ -9,26 +9,14 @@ info: reference: - https://projectdiscovery.io/blog/github-enterprise-saml-authentication-bypass - https://github.com/advisories/GHSA-g83h-4727-5rpv - - https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.16 - - https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.10 - - https://docs.github.com/en/enterprise-server@3.13/admin/release-notes#3.13.5 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N - cvss-score: 9.1 - cve-id: CVE-2024-9487 - cwe-id: CWE-347 - epss-score: 0.36767 - epss-percentile: 0.96927 - cpe: cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:* + epss-score: 0.00045 + epss-percentile: 0.16808 metadata: verified: true - max-request: 2 - vendor: github - product: enterprise_server - shodan-query: - - http.title:"github enterprise" - - micro focus dsd + shodan-query: title:"GitHub Enterprise" tags: cve,cve2024,github,ghe,saml,auth-bypass,sso + code: - engine: - ruby diff --git a/http/cves/2024/CVE-2024-9593.yaml b/http/cves/2024/CVE-2024-9593.yaml index e100c2b0f0b..afea8b284a4 100644 --- a/http/cves/2024/CVE-2024-9593.yaml +++ b/http/cves/2024/CVE-2024-9593.yaml @@ -10,24 +10,22 @@ info: - https://www.wordfence.com/threat-intel/vulnerabilities/detail/time-clock-122-unauthenticated-limited-remote-code-execution - https://nvd.nist.gov/vuln/detail/CVE-2024-9593 - https://github.com/RandomRobbieBF/CVE-2024-9593 - - https://plugins.trac.wordpress.org/browser/time-clock/tags/1.2.2/includes/admin/ajax_functions_admin.php#L58 - - https://plugins.trac.wordpress.org/changeset/3171046/time-clock#file40 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L cvss-score: 8.3 cve-id: CVE-2024-9593 cwe-id: CWE-94 - epss-score: 0.71945 - epss-percentile: 0.98645 - cpe: cpe:2.3:a:wpplugin:time_clock:*:*:*:*:pro:wordpress:*:* + epss-score: 0.00052 + epss-percentile: 0.21567 metadata: - verified: true max-request: 2 - vendor: wpplugin - product: time_clock + verified: true + vendor: scott_paterson + product: time-clock & time-clock-pro framework: wordpress fofa-query: body="/wp-content/plugins/time-clock/" || body="/wp-content/plugins/time-clock-pro/" - tags: cve,cve2024,time-clock,wp,wordpress,wp-plugin,rce,time-clock-pro,scott_paterson + tags: cve,cve2024,time-clock,wp,wordpress,wp-plugin,rce,time-clock-pro + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-9617.yaml b/http/cves/2024/CVE-2024-9617.yaml index 802003771d4..50a17749261 100644 --- a/http/cves/2024/CVE-2024-9617.yaml +++ b/http/cves/2024/CVE-2024-9617.yaml @@ -20,8 +20,7 @@ info: vendor: danswer-ai product: danswer fofa-query: icon_hash="484766002" - shodan-query: http.favicon.hash:"484766002" - tags: cve,cve2024,danswer,idor,danswer-ai + tags: cve,cve2024,danswer,idor http: - method: GET diff --git a/http/cves/2024/CVE-2024-9796.yaml b/http/cves/2024/CVE-2024-9796.yaml index 9d0e8f68bad..d240729428f 100644 --- a/http/cves/2024/CVE-2024-9796.yaml +++ b/http/cves/2024/CVE-2024-9796.yaml @@ -10,25 +10,21 @@ info: - https://wpscan.com/vulnerability/2ddd6839-6bcb-4bb8-97e0-1516b8c2b99b/ - https://github.com/RandomRobbieBF/CVE-2024-9796 - https://nvd.nist.gov/vuln/detail/CVE-2024-9796 - - https://github.com/issamjr/CVE-2024-9796 - - https://github.com/nomi-sec/PoC-in-GitHub classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-9796 cwe-id: CWE-89 - epss-score: 0.71478 - epss-percentile: 0.98623 - cpe: cpe:2.3:a:internet-formation:wp-advanced-search:*:*:*:*:*:wordpress:*:* + epss-score: 0.00106 + epss-percentile: 0.44161 metadata: - verified: true max-request: 1 - vendor: internet-formation + verified: true + vendor: mathieu_chartier product: wp-advanced-search framework: wordpress fofa-query: body="/wp-content/plugins/wp-advanced-search/" - shodan-query: http.html:"/wp-content/plugins/wp-advanced-search/" - tags: wpscan,cve,cve2024,wp,wordpress,wp-plugin,sqli,wp-advanced-search,mathieu_chartier + tags: cve,cve2024,wp,wordpress,wp-plugin,sqli,wp-advanced-search http: - method: GET diff --git a/http/cves/2024/CVE-2024-9935.yaml b/http/cves/2024/CVE-2024-9935.yaml index 4bee01db48b..a56adc28af1 100644 --- a/http/cves/2024/CVE-2024-9935.yaml +++ b/http/cves/2024/CVE-2024-9935.yaml @@ -25,8 +25,8 @@ info: product: pdf-generator-addon-for-elementor-page-builder framework: wordpress fofa-query: body="wp-content/plugins/pdf-generator-addon-for-elementor-page-builder/" - shodan-query: http.html:"wp-content/plugins/pdf-generator-addon-for-elementor-page-builder/" - tags: cve,cve2024,wp,wordpress,wp-plugin,lfi,pdf-generator,RedefiningTheWeb + tags: cve,cve2024,wp,wordpress,wp-plugin,lfi,pdf-generator + flow: http(1) && http(2) http: diff --git a/http/cves/2024/CVE-2024-9989.yaml b/http/cves/2024/CVE-2024-9989.yaml index b527b49ef9b..949f59249f9 100644 --- a/http/cves/2024/CVE-2024-9989.yaml +++ b/http/cves/2024/CVE-2024-9989.yaml @@ -17,8 +17,8 @@ info: cvss-score: 9.8 cve-id: CVE-2024-9989 cwe-id: CWE-288 - epss-score: 0.91188 - epss-percentile: 0.99619 + epss-score: 0.00063 + epss-percentile: 0.29451 cpe: cpe:2.3:a:odude:crypto_tool:*:*:*:*:*:wordpress:*:* metadata: verified: true @@ -28,7 +28,8 @@ info: framework: wordpress shodan-query: http.html:"wp-content/plugins/crypto" fofa-query: body="wp-content/plugins/crypto" - tags: cve,cve2024,wordpress,wp,wp-plugin,crypto,auth-bypass,odude + tags: cve,cve2024,wordpress,wp,wp-plugin,crypto,auth-bypass + flow: http(1) && http(2) http: diff --git a/http/cves/2025/CVE-2025-0108.yaml b/http/cves/2025/CVE-2025-0108.yaml index 1f1d3086a2b..771a28ed9db 100644 --- a/http/cves/2025/CVE-2025-0108.yaml +++ b/http/cves/2025/CVE-2025-0108.yaml @@ -10,7 +10,7 @@ info: - https://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 + cvss-score: 10.0 cve-id: CVE-2025-0108 cwe-id: CWE-287 metadata: @@ -18,11 +18,11 @@ info: max-request: 1 vendor: paloaltonetworks product: pan-os + fofa-query: icon_hash="-631559155" shodan-query: - cpe:"cpe:2.3:o:paloaltonetworks:pan-os" - http.favicon.hash:"-631559155" - fofa-query: icon_hash="-631559155" - tags: cve,cve2025,panos,auth-bypass,kev,paloaltonetworks + tags: cve,cve2025,panos,auth-bypass,kev http: - method: GET diff --git a/http/cves/2025/CVE-2025-0868.yaml b/http/cves/2025/CVE-2025-0868.yaml index 3229fca20ac..3bc17c771c9 100644 --- a/http/cves/2025/CVE-2025-0868.yaml +++ b/http/cves/2025/CVE-2025-0868.yaml @@ -10,11 +10,9 @@ info: - https://cert.pl/posts/2025/02/CVE-2025-0868/ - https://cert.pl/en/posts/2025/02/CVE-2025-0868/ - https://github.com/arc53/DocsGPT - - https://github.com/20142995/nuclei-templates - - https://github.com/cyb3r-w0lf/nuclei-template-collection classification: - epss-score: 0.21021 - epss-percentile: 0.95306 + epss-score: 0.00045 + epss-percentile: 0.17965 metadata: verified: true max-request: 1 diff --git a/http/cves/2025/CVE-2025-1025.yaml b/http/cves/2025/CVE-2025-1025.yaml index 8446c211c73..388cc5aad6b 100644 --- a/http/cves/2025/CVE-2025-1025.yaml +++ b/http/cves/2025/CVE-2025-1025.yaml @@ -9,21 +9,17 @@ info: reference: - https://github.com/advisories/GHSA-wp68-xrfg-xvq4 - https://nvd.nist.gov/vuln/detail/CVE-2025-1025 - - https://gist.github.com/CHOOCS/fe1227443544d5d74c33982814f290af - - https://github.com/Cockpit-HQ/Cockpit/commit/984ef9ad270357b843af63c81db95178eae42cae - - https://github.com/Cockpit-HQ/Cockpit/commit/becca806c7071ecc732521bb5ad0bb9c64299592 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N cvss-score: 7.5 cve-id: CVE-2025-1025 cwe-id: CWE-434 - epss-score: 0.07329 - epss-percentile: 0.91188 metadata: - verified: true max-request: 4 + verified: true shodan-query: title:"Cockpit" tags: cve,cve2025,cockpit,file-upload,rce,intrusive + flow: http(1) && http(2) && http(3) variables: diff --git a/http/cves/2025/CVE-2025-1035.yaml b/http/cves/2025/CVE-2025-1035.yaml index 931e144039e..042d8c3ecd1 100644 --- a/http/cves/2025/CVE-2025-1035.yaml +++ b/http/cves/2025/CVE-2025-1035.yaml @@ -20,7 +20,7 @@ info: max-request: 2 vendor: klogserver product: klog_server - tags: cve,cve2025,klog-server,lfi,klogserver + tags: cve,cve2025,klog-server,lfi variables: filename: "{{to_lower(rand_text_alpha(6))}}" diff --git a/http/cves/2025/CVE-2025-1097.yaml b/http/cves/2025/CVE-2025-1097.yaml index da8e1736513..21305591a2a 100644 --- a/http/cves/2025/CVE-2025-1097.yaml +++ b/http/cves/2025/CVE-2025-1097.yaml @@ -19,8 +19,8 @@ info: epss-percentile: 0.34177 metadata: verified: true - max-request: 10 - shodan-query: "ssl:\"ingress-nginx\" port:8443" + max-request: 1 + shodan-query: ssl:"ingress-nginx" port:8443 tags: cve,cve2025,cloud,devops,kubernetes,ingress,nginx,k8s variables: diff --git a/http/cves/2025/CVE-2025-1098.yaml b/http/cves/2025/CVE-2025-1098.yaml index 69c786d7c17..09ad5019160 100644 --- a/http/cves/2025/CVE-2025-1098.yaml +++ b/http/cves/2025/CVE-2025-1098.yaml @@ -10,20 +10,19 @@ info: - https://github.com/kubernetes/kubernetes/issues/131008 - https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities - https://nvd.nist.gov/vuln/detail/CVE-2025-1098 - - https://github.com/giterlizzi/secdb-feeds - - https://github.com/0xMarcio/cve classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2025-1098 cwe-id: CWE-20 - epss-score: 0.27949 - epss-percentile: 0.96184 + epss-score: 0.00224 + epss-percentile: 0.42238 metadata: verified: true max-request: 1 shodan-query: ssl:"ingress-nginx" port:8443 tags: cve,cve2025,cloud,devops,kubernetes,ingress,nginx,k8s,rce + variables: string: "{{to_lower('{{randstr}}')}}" diff --git a/http/cves/2025/CVE-2025-1323.yaml b/http/cves/2025/CVE-2025-1323.yaml index d88a585a43b..5a813a1a428 100644 --- a/http/cves/2025/CVE-2025-1323.yaml +++ b/http/cves/2025/CVE-2025-1323.yaml @@ -10,27 +10,23 @@ info: reference: - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-recall/wp-recall-registration-profile-commerce-more-162610-unauthenticated-sql-injection - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae5b4d81-c2f1-4d0d-b7b0-5556bf0451f5?source=cve - - https://github.com/fkie-cad/nvd-json-data-feeds - - https://github.com/nomi-sec/PoC-in-GitHub classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2025-1323 cwe-id: CWE-89 - epss-score: 0.4727 - epss-percentile: 0.97526 + epss-score: 0.00087 + epss-percentile: 0.39704 cpe: cpe:2.3:a:plechevandrey:wp-recall:*:*:*:*:*:wordpress:*:* metadata: - max-request: 2 vendor: plechevandrey - product: "wp-recall" + product: wp-recall framework: wordpress shodan-query: http.html:"/wp-content/plugins/wp-recall/" - fofa-query: - - "body=/wp-content/plugins/wp-recall/" - - body="/wp-content/plugins/wp-recall/" - publicwww-query: "/wp-content/plugins/wp-recall/" - tags: cve,cve2025,wp-recall,wordpress,wp-plugin,sqli,wp,plechevandrey + fofa-query: body=/wp-content/plugins/wp-recall/ + publicwww-query: /wp-content/plugins/wp-recall/ + tags: cve,cve2025,wp-recall,wordpress,wp-plugin,sqli,wp + variables: marker: "{{randstr}}" token: "{{base64('private:1:5')}}" diff --git a/http/cves/2025/CVE-2025-1661.yaml b/http/cves/2025/CVE-2025-1661.yaml index cc6e9a181a5..56d696adc0f 100644 --- a/http/cves/2025/CVE-2025-1661.yaml +++ b/http/cves/2025/CVE-2025-1661.yaml @@ -18,17 +18,14 @@ info: cvss-score: 9.8 cve-id: CVE-2025-1661 cwe-id: CWE-22 - epss-score: 0.87622 - epss-percentile: 0.99416 - cpe: cpe:2.3:a:pluginus:husky_-_products_filter_professional_for_woocommerce:*:*:*:*:*:wordpress:*:* + epss-score: 0.00061 + epss-percentile: 0.29153 metadata: verified: true max-request: 2 - vendor: pluginus - product: husky_-_products_filter_professional_for_woocommerce - framework: wordpress publicwww-query: "/wp-content/plugins/woocommerce-products-filter/" tags: cve,cve2025,woocommerce-products-filter,wordpress,wp-plugin,wp,woocommerce + flow: http(1) && http(2) http: diff --git a/http/cves/2025/CVE-2025-1743.yaml b/http/cves/2025/CVE-2025-1743.yaml index d4f0a98fff8..11b1ba59200 100644 --- a/http/cves/2025/CVE-2025-1743.yaml +++ b/http/cves/2025/CVE-2025-1743.yaml @@ -3,30 +3,27 @@ id: CVE-2025-1743 info: name: Pichome 2.1.0 - Arbitrary File Read author: 3th1c_yuk1 - severity: medium + severity: high description: | A vulnerability, which was classified as critical, was found in zyx0814 Pichome 2.1.0. This affects an unknown part of the file /index.php?mod=textviewer. The manipulation of the argument src leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. reference: - https://github.com/sheratan4/cve/issues/4 - https://nvd.nist.gov/vuln/detail/CVE-2025-1743 - - https://vuldb.com/?ctiid.297831 - - https://vuldb.com/?id.297831 - - https://vuldb.com/?submit.502168 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 - cve-id: CVE-2025-1743 cwe-id: CWE-22 - epss-score: 0.08115 - epss-percentile: 0.91695 + cve-id: CVE-2025-1743 + epss-score: 0.00512 + epss-percentile: 0.72134 cpe: cpe:2.3:a:zyx0814:pichome:2.1.0:*:*:*:*:*:*:* metadata: - verified: true max-request: 1 + verified: true + shodan-query: title:"PicHome" + fofa-query: title="PicHome" vendor: zyx0814 product: Pichome - shodan-query: http.title:"pichome" - fofa-query: title="pichome" tags: cve,cve2025,lfi,pichome,zyx0814 http: diff --git a/http/cves/2025/CVE-2025-1974.yaml b/http/cves/2025/CVE-2025-1974.yaml index 4463ddb03e2..59d179ea734 100644 --- a/http/cves/2025/CVE-2025-1974.yaml +++ b/http/cves/2025/CVE-2025-1974.yaml @@ -21,13 +21,14 @@ info: cvss-score: 9.8 cve-id: CVE-2025-1974 cwe-id: CWE-653 - epss-score: 0.87026 - epss-percentile: 0.99387 + epss-score: 0.83735 + epss-percentile: 0.99242 metadata: verified: true max-request: 1 shodan-query: ssl:"ingress-nginx" port:8443 tags: cve,cve2025,cloud,devops,kubernetes,ingress,nginx,k8s + variables: string: "{{to_lower('{{randstr}}')}}" diff --git a/http/cves/2025/CVE-2025-2011.yaml b/http/cves/2025/CVE-2025-2011.yaml index 29ac30beb69..1e5ec1749b2 100644 --- a/http/cves/2025/CVE-2025-2011.yaml +++ b/http/cves/2025/CVE-2025-2011.yaml @@ -17,8 +17,8 @@ info: cvss-score: 7.5 cve-id: CVE-2025-2011 cwe-id: CWE-89 - epss-score: 0.02659 - epss-percentile: 0.85035 + epss-score: 0.0058 + epss-percentile: 0.67681 metadata: verified: true max-request: 1 diff --git a/http/cves/2025/CVE-2025-2075.yaml b/http/cves/2025/CVE-2025-2075.yaml index e1d37b7b621..303b6ea774a 100644 --- a/http/cves/2025/CVE-2025-2075.yaml +++ b/http/cves/2025/CVE-2025-2075.yaml @@ -13,20 +13,20 @@ info: - https://plugins.trac.wordpress.org/changeset/3257300/uncanny-automator/trunk/src/core/classes/class-background-actions.php - https://plugins.trac.wordpress.org/changeset/3265280/uncanny-automator/trunk/src/core/classes/class-background-actions.php - https://nvd.nist.gov/vuln/detail/CVE-2025-2075 - - https://www.wordfence.com/threat-intel/vulnerabilities/id/86b4b0d6-bda2-47f3-a0b5-9733cb7a11f6?source=cve classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2025-2075 cwe-id: CWE-862 - epss-score: 0.1323 - epss-percentile: 0.93749 + epss-score: 0.00071 + epss-percentile: 0.18784 metadata: verified: true max-request: 4 - fofa-query: body="/wp-content/plugins/uncanny-automator/" publicwww-query: "/wp-content/plugins/uncanny-automator/" + fofa-query: body="/wp-content/plugins/uncanny-automator/" tags: cve,cve2025,wordpress,wp-plugin,authenticated,wp,uncanny-automator + variables: username: "{{username}}" password: "{{password}}" diff --git a/http/cves/2025/CVE-2025-2127.yaml b/http/cves/2025/CVE-2025-2127.yaml index 143ce41c150..3cb8f9c32f9 100644 --- a/http/cves/2025/CVE-2025-2127.yaml +++ b/http/cves/2025/CVE-2025-2127.yaml @@ -19,14 +19,13 @@ info: epss-percentile: 0.08308 cpe: cpe:2.3:a:joomlaux:jux_real_estate:3.4.0:*:*:*:*:joomla:*:* metadata: - verified: true - max-request: 2 vendor: joomlaux product: jux_real_estate framework: joomla fofa-query: body="joomlaux" - shodan-query: http.html:"joomlaux" - tags: cve,cve2025,joomlaux,joomla,xss + verified: true + max-request: 2 + tags: cve,cve2025,joomlaux,joomla http: - method: GET diff --git a/http/cves/2025/CVE-2025-2264.yaml b/http/cves/2025/CVE-2025-2264.yaml index 48365b1b505..54031ce664d 100644 --- a/http/cves/2025/CVE-2025-2264.yaml +++ b/http/cves/2025/CVE-2025-2264.yaml @@ -8,24 +8,21 @@ info: A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed. reference: - https://www.tenable.com/security/research/tra-2025-08 - - https://github.com/fkie-cad/nvd-json-data-feeds - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2025-2264 cwe-id: CWE-22 - epss-score: 0.69528 - epss-percentile: 0.98544 + epss-score: 0.00167 + epss-percentile: 0.34559 cpe: cpe:2.3:a:santesoft:sante_pacs_server:4.1.0:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: santesoft product: sante_pacs_server - shodan-query: http.favicon.hash:"1185161484" - fofa-query: icon_hash=1185161484 - tags: cve,cve2024,sante,pacs,lfi,santesoft + shodan-query: http.favicon.hash:1185161484 + tags: cve,cve2024,sante,pacs,lfi http: - raw: diff --git a/http/cves/2025/CVE-2025-22952.yaml b/http/cves/2025/CVE-2025-22952.yaml index cb57385e6c9..a1e6922e000 100644 --- a/http/cves/2025/CVE-2025-22952.yaml +++ b/http/cves/2025/CVE-2025-22952.yaml @@ -17,8 +17,8 @@ info: cvss-score: 9.8 cve-id: CVE-2025-22952 cwe-id: CWE-918 - epss-score: 0.26481 - epss-percentile: 0.96027 + epss-score: 0.00045 + epss-percentile: 0.18242 metadata: verified: true max-request: 1 diff --git a/http/cves/2025/CVE-2025-24016.yaml b/http/cves/2025/CVE-2025-24016.yaml index 6321d71d0cb..fda02cee539 100644 --- a/http/cves/2025/CVE-2025-24016.yaml +++ b/http/cves/2025/CVE-2025-24016.yaml @@ -14,26 +14,20 @@ info: - https://github.com/MuhammadWaseem29/CVE-2025-24016 - https://github.com/wazuh/wazuh/security/advisories/GHSA-hcrc-79hj-m3qh - https://nvd.nist.gov/vuln/detail/CVE-2025-24016 - - https://github.com/nomi-sec/PoC-in-GitHub - - https://github.com/tanjiti/sec_profile classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H cvss-score: 9.9 cve-id: CVE-2025-24016 cwe-id: CWE-502 - epss-score: 0.76067 - epss-percentile: 0.98847 cpe: cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: wazuh product: wazuh - shodan-query: http.title:"wazuh" - fofa-query: - - app="wazuh" - - title="wazuh" - google-query: intitle:"wazuh" + shodan-query: title:"Wazuh" + fofa-query: app="Wazuh" tags: cve,cve2025,wazuh,deserialization,rce,authenticated + flow: http(1) && http(2) variables: diff --git a/http/cves/2025/CVE-2025-24514.yaml b/http/cves/2025/CVE-2025-24514.yaml index 422717a2aae..2b73211dafe 100644 --- a/http/cves/2025/CVE-2025-24514.yaml +++ b/http/cves/2025/CVE-2025-24514.yaml @@ -10,15 +10,13 @@ info: - https://github.com/kubernetes/kubernetes/issues/131006 - https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities - https://nvd.nist.gov/vuln/detail/CVE-2025-24514 - - https://github.com/0xMarcio/cve - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2025-24514 cwe-id: CWE-20 - epss-score: 0.27967 - epss-percentile: 0.96186 + epss-score: 0.00224 + epss-percentile: 0.42238 metadata: verified: true max-request: 1 diff --git a/http/cves/2025/CVE-2025-24799.yaml b/http/cves/2025/CVE-2025-24799.yaml index 489ae1a0ad6..173a2b0cd19 100644 --- a/http/cves/2025/CVE-2025-24799.yaml +++ b/http/cves/2025/CVE-2025-24799.yaml @@ -19,8 +19,8 @@ info: cwe-id: CWE-89 metadata: verified: true - max-request: 1 product: GLPI + max-request: 1 shodan-query: title:"GLPI" fofa-query: title="GLPI" tags: cve,cve2025,glpi,sqli diff --git a/http/cves/2025/CVE-2025-24813.yaml b/http/cves/2025/CVE-2025-24813.yaml index 3dd0ebd6ff3..37e07c59edc 100644 --- a/http/cves/2025/CVE-2025-24813.yaml +++ b/http/cves/2025/CVE-2025-24813.yaml @@ -24,25 +24,22 @@ info: cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 + max-request: 3 vendor: apache product: tomcat shodan-query: - - '[http.component:"apache tomcat" cpe:"cpe:2.3:a:apache:tomcat" http.html:"apache tomcat" http.html:"jk status manager" http.title:"apache tomcat" product:"tomcat"]' - - cpe:"cpe:2.3:a:apache:tomcat" - http.component:"apache tomcat" + - cpe:"cpe:2.3:a:apache:tomcat" - http.html:"apache tomcat" - http.html:"jk status manager" - http.title:"apache tomcat" - product:"tomcat" fofa-query: - - '[server=="apache tomcat" body="apache tomcat" body="jk status manager" title="apache tomcat"]' + - server=="apache tomcat" - body="apache tomcat" - body="jk status manager" - - server=="apache tomcat" - title="apache tomcat" google-query: - - '[intitle:"apache tomcat" site:*/examples/jsp/snp/snoop.jsp]' - intitle:"apache tomcat" - site:*/examples/jsp/snp/snoop.jsp tags: cve,cve2025,apache,tomcat,rce,intrusive,kev diff --git a/http/cves/2025/CVE-2025-24893.yaml b/http/cves/2025/CVE-2025-24893.yaml index e29a5afcb06..1ebea46f7ed 100644 --- a/http/cves/2025/CVE-2025-24893.yaml +++ b/http/cves/2025/CVE-2025-24893.yaml @@ -13,25 +13,18 @@ info: reference: - https://github.com/advisories/GHSA-rr6p-3pfg-562j - https://nvd.nist.gov/vuln/detail/CVE-2025-24893 - - https://github.com/xwiki/xwiki-platform/blob/568447cad5172d97d6bbcfda9f6183689c2cf086/xwiki-platform-core/xwiki-platform-search/xwiki-platform-search-solr/xwiki-platform-search-solr-ui/src/main/resources/Main/SolrSearchMacros.xml#L955 - - https://github.com/xwiki/xwiki-platform/blob/67021db9b8ed26c2236a653269302a86bf01ef40/xwiki-platform-core/xwiki-platform-web/xwiki-platform-web-templates/src/main/resources/templates/macros.vm#L2824 - - https://github.com/iSee857/CVE-2025-24893-PoC classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2025-24893 - cwe-id: CWE-95,CWE-94 - epss-score: 0.92165 - epss-percentile: 0.99691 + cwe-id: CWE-95 cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: xwiki product: xwiki - shodan-query: - - http.html:"data-xwiki-reference" - - xwiki + shodan-query: html:"data-xwiki-reference" fofa-query: body="data-xwiki-reference" tags: cve,cve2025,xwiki,rce diff --git a/http/cves/2025/CVE-2025-24963.yaml b/http/cves/2025/CVE-2025-24963.yaml index 6475fb7b6b8..ab65ce5edae 100644 --- a/http/cves/2025/CVE-2025-24963.yaml +++ b/http/cves/2025/CVE-2025-24963.yaml @@ -18,8 +18,6 @@ info: cvss-score: 5.9 cve-id: CVE-2025-24963 cwe-id: CWE-22 - epss-score: 0.09028 - epss-percentile: 0.92177 metadata: verified: true max-request: 1 diff --git a/http/cves/2025/CVE-2025-2539.yaml b/http/cves/2025/CVE-2025-2539.yaml index c3c04d4eafb..03feeb20a96 100644 --- a/http/cves/2025/CVE-2025-2539.yaml +++ b/http/cves/2025/CVE-2025-2539.yaml @@ -17,13 +17,14 @@ info: cvss-score: 7.5 cve-id: CVE-2025-2539 cwe-id: CWE-327 - epss-score: 0.18859 - epss-percentile: 0.94955 + epss-score: 0.00038 + epss-percentile: 0.08036 metadata: verified: true - max-request: 3 + max-request: 1 publicwww-query: "/wp-content/plugins/file-away/" tags: cve,cve2025,lfi,file-away,wordpress,wp-plugin,wp + flow: http(1) && http(2) && http(3) http: diff --git a/http/cves/2025/CVE-2025-2563.yaml b/http/cves/2025/CVE-2025-2563.yaml index a714d18bd81..c7f8b86996c 100644 --- a/http/cves/2025/CVE-2025-2563.yaml +++ b/http/cves/2025/CVE-2025-2563.yaml @@ -3,7 +3,7 @@ id: CVE-2025-2563 info: name: User Registration & Membership <= 4.1.1 - Unauthenticated Privilege Escalation author: iamnoooob,rootxharsh,pdresearch - severity: high + severity: critical description: | The User Registration & Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 4.1.1. This is due to insufficient restrictions on role type in the 'prepare_members_data()' function. This makes it possible for unauthenticated attackers to create newuser accounts with the 'administrator' role, allowing complete control over the affected WordPress site. remediation: | @@ -12,24 +12,17 @@ info: - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/user-registration/user-registration-membership-411-unauthenticated-privilege-escalation - https://patchstack.com/database/wordpress/plugin/user-registration/vulnerability/wordpress-user-registration-membership-plugin-4-1-2-unauthenticated-privilege-escalation-vulnerability - https://nvd.nist.gov/vuln/detail/CVE-2025-2563 - - https://github.com/eeeeeeeeee-code/POC - - https://github.com/laoa1573/wy876 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.1 - cve-id: CVE-2025-2563 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cwe-id: CWE-269 - epss-score: 0.85704 - epss-percentile: 0.9932 - cpe: cpe:2.3:a:wpeverest:user_registration_\&_membership:*:*:*:*:free:wordpress:*:* + cve-id: CVE-2025-2563 metadata: verified: true max-request: 6 - vendor: wpeverest - product: user_registration_\&_membership - framework: wordpress fofa-query: body="/wp-content/plugins/user-registration" tags: cve,cve2025,wp,wordpress,wp-plugin,user-registration,privilege-escalation + variables: username: "{{randbase(8)}}" email: "{{username}}@oast.fun" diff --git a/http/cves/2025/CVE-2025-2609.yaml b/http/cves/2025/CVE-2025-2609.yaml index ad4ddf1b828..de6f3de33ae 100644 --- a/http/cves/2025/CVE-2025-2609.yaml +++ b/http/cves/2025/CVE-2025-2609.yaml @@ -23,9 +23,10 @@ info: max-request: 4 vendor: magnussolution product: magnusbilling - shodan-query: http.html:"magnusbilling" - fofa-query: body="magnusbilling" - tags: cve,cve2025,mbilling,stored,xss,kev,authenticated,magnussolution + shodan-query: html:"MagnusBilling" + fofa-query: body="MagnusBilling" + tags: cve,cve2025,mbilling,stored,xss,kev,authenticated + flow: http(1) && http(2) && http(3) && http(4) variables: diff --git a/http/cves/2025/CVE-2025-2610.yaml b/http/cves/2025/CVE-2025-2610.yaml index 823bcd589ef..478ccc51092 100644 --- a/http/cves/2025/CVE-2025-2610.yaml +++ b/http/cves/2025/CVE-2025-2610.yaml @@ -20,12 +20,13 @@ info: cpe: cpe:2.3:a:magnussolution:magnusbilling:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 4 + max-request: 1 vendor: magnussolution product: magnusbilling shodan-query: http.html:"magnusbilling" fofa-query: body="magnusbilling" - tags: cve,cve2025,mbilling,xss,magnusbilling,authenticated,magnussolution + tags: cve,cve2025,mbilling,xss,magnusbilling,authenticated + flow: http(1) && http(2) && http(3) && http(4) variables: diff --git a/http/cves/2025/CVE-2025-26319.yaml b/http/cves/2025/CVE-2025-26319.yaml index 7e22638ea12..f5a083b4f58 100644 --- a/http/cves/2025/CVE-2025-26319.yaml +++ b/http/cves/2025/CVE-2025-26319.yaml @@ -12,7 +12,7 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2025-26319 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 + cvss-score: 10.0 cve-id: CVE-2025-26319 cwe-id: CWE-434 metadata: @@ -20,9 +20,10 @@ info: max-request: 3 vendor: FlowiseAI product: Flowise - shodan-query: http.title:"flowise" - fofa-query: title="flowise" - tags: cve,cve2025,flowise,fileupload,intrusive,FlowiseAI + shodan-query: title:"Flowise" + fofa-query: title="Flowise" + tags: cve,cve2025,flowise,fileupload,intrusive + flow: http(1) && http(2) http: diff --git a/http/cves/2025/CVE-2025-2636.yaml b/http/cves/2025/CVE-2025-2636.yaml index 2cc8bac609e..96837544d1d 100644 --- a/http/cves/2025/CVE-2025-2636.yaml +++ b/http/cves/2025/CVE-2025-2636.yaml @@ -3,7 +3,7 @@ id: CVE-2025-2636 info: name: InstaWP Connect < 0.1.0.86 - Local PHP File Inclusion author: iamnoooob,pdresearch - severity: critical + severity: high description: | The InstaWP Connect - 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. remediation: | @@ -12,20 +12,16 @@ info: - https://wpscan.com/vulnerability/d1b64725-d4ae-4d73-950a-b772a877022b/ - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c8f2c6f-c231-477c-895b-df892569ef95 - https://nvd.nist.gov/vuln/detail/CVE-2025-2636 - - https://plugins.trac.wordpress.org/browser/instawp-connect/trunk/includes/database-manager/loader.php#L77 - - https://plugins.trac.wordpress.org/changeset/3269681/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2025-2636 cwe-id: CWE-22 - epss-score: 0.00489 - epss-percentile: 0.64397 metadata: - verified: true max-request: 1 + verified: true fofa-query: body="/wp-content/plugins/instawp-connect" - tags: wpscan,cve,cve2025,wp,wordpress,wp-plugin,instawp-connect,lfi + tags: cve,cve2025,wp,wordpress,wp-plugin,instawp-connect,lfi http: - raw: diff --git a/http/cves/2025/CVE-2025-26793.yaml b/http/cves/2025/CVE-2025-26793.yaml index e4533f8886d..59a58bb5b60 100644 --- a/http/cves/2025/CVE-2025-26793.yaml +++ b/http/cves/2025/CVE-2025-26793.yaml @@ -11,13 +11,14 @@ info: - https://news.ycombinator.com/item?id=43160884 - https://support.identiv.com/products/physical-access/hirsch/ classification: - epss-score: 0.09826 - epss-percentile: 0.92551 + epss-score: 0.00045 + epss-percentile: 0.18319 metadata: verified: true max-request: 1 fofa-query: title="FREEDOM Administration" tags: cve,cve2025,freedom,admin,mesh + variables: username: "freedom" password: "viscount" diff --git a/http/cves/2025/CVE-2025-27112.yaml b/http/cves/2025/CVE-2025-27112.yaml index dc5790c4ffc..faf8d264aa9 100644 --- a/http/cves/2025/CVE-2025-27112.yaml +++ b/http/cves/2025/CVE-2025-27112.yaml @@ -13,8 +13,8 @@ info: cvss-score: 6.5 cve-id: CVE-2025-27112 cwe-id: CWE-287 - epss-score: 0.14662 - epss-percentile: 0.94111 + epss-score: 0.00046 + epss-percentile: 0.19748 cpe: cpe:2.3:a:navidrome:navidrome:*:*:*:*:*:go:*:* metadata: verified: true @@ -22,8 +22,9 @@ info: vendor: navidrome product: navidrome framework: go - shodan-query: http.html:"content="navidrome"" - tags: cve,cve2025,navidrome,go + shodan-query: html:"content="Navidrome"" + tags: cve,cve2025,navidrome + variables: username: "{{randstr}}" diff --git a/http/cves/2025/CVE-2025-27218.yaml b/http/cves/2025/CVE-2025-27218.yaml index e9e4bd94448..928d55dee33 100644 --- a/http/cves/2025/CVE-2025-27218.yaml +++ b/http/cves/2025/CVE-2025-27218.yaml @@ -9,14 +9,13 @@ info: reference: - https://slcyber.io/blog/sitecore-unsafe-deserialization-again-cve-2025-27218/ - https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003535 - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2025-27218 cwe-id: CWE-94 - epss-score: 0.66142 - epss-percentile: 0.98396 + epss-score: 0.00043 + epss-percentile: 0.11847 metadata: verified: true max-request: 1 diff --git a/http/cves/2025/CVE-2025-2775.yaml b/http/cves/2025/CVE-2025-2775.yaml index 26959a394c2..11eefacb87a 100644 --- a/http/cves/2025/CVE-2025-2775.yaml +++ b/http/cves/2025/CVE-2025-2775.yaml @@ -19,10 +19,9 @@ info: vendor: sysaid product: sysaid shodan-query: http.favicon.hash:"1540720428" - fofa-query: - - icon_hash=1540720428 - - icon_hash="1540720428" + fofa-query: icon_hash=1540720428 tags: cve,cve2025,oast,sysaid,xxe + variables: filename: "{{to_lower(rand_text_alpha(5))}}" diff --git a/http/cves/2025/CVE-2025-2776.yaml b/http/cves/2025/CVE-2025-2776.yaml index 387552f617a..de224005d11 100644 --- a/http/cves/2025/CVE-2025-2776.yaml +++ b/http/cves/2025/CVE-2025-2776.yaml @@ -9,23 +9,19 @@ info: reference: - https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/ - https://documentation.sysaid.com/docs/24-40-60 - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L cvss-score: 9.3 cve-id: CVE-2025-2776 cwe-id: CWE-611 - epss-score: 0.11026 - epss-percentile: 0.93062 metadata: max-request: 1 vendor: sysaid product: sysaid shodan-query: http.favicon.hash:"1540720428" - fofa-query: - - icon_hash=1540720428 - - icon_hash="1540720428" + fofa-query: icon_hash=1540720428 tags: cve,cve2025,sysaid,xxe,oast + variables: filename: "{{to_lower(rand_text_alpha(5))}}" diff --git a/http/cves/2025/CVE-2025-2777.yaml b/http/cves/2025/CVE-2025-2777.yaml index ebe06c3ac4f..b4bcc6d0896 100644 --- a/http/cves/2025/CVE-2025-2777.yaml +++ b/http/cves/2025/CVE-2025-2777.yaml @@ -19,10 +19,9 @@ info: vendor: sysaid product: sysaid shodan-query: http.favicon.hash:"1540720428" - fofa-query: - - icon_hash=1540720428 - - icon_hash="1540720428" + fofa-query: icon_hash=1540720428 tags: cve,cve2025,oast,sysaid,xxe + variables: filename: "{{to_lower(rand_text_alpha(5))}}" diff --git a/http/cves/2025/CVE-2025-27892.yaml b/http/cves/2025/CVE-2025-27892.yaml index 296bfbafbee..941e3be2d16 100644 --- a/http/cves/2025/CVE-2025-27892.yaml +++ b/http/cves/2025/CVE-2025-27892.yaml @@ -3,34 +3,24 @@ id: CVE-2025-27892 info: name: Shopware < 6.5.8.13 - SQL Injection author: iamnoooob,rootxharsh,pdresearch - severity: medium + severity: critical description: | The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the "aggregations" object. The name field in this "aggregations" in nested object is vulnerable SQL-injection and can be exploited using SQL parameters. reference: - https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-001/ - https://nvd.nist.gov/vuln/detail/CVE-2025-27892 - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L cvss-score: 6.8 cve-id: CVE-2025-27892 cwe-id: CWE-89 - epss-score: 0.01123 - epss-percentile: 0.77164 - cpe: cpe:2.3:a:shopware:shopware:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 1 vendor: shopware product: shopware - shodan-query: - - cpe:"cpe:2.3:a:shopware:shopware" - - http.title:"shopware ag" - fofa-query: - - title="installation | shopware 6" - - title="shopware ag" - google-query: intitle:"shopware ag" + verified: true tags: cve,cve2025,shopware,sqli,time-based-sqli + variables: token: "{{token}}" diff --git a/http/cves/2025/CVE-2025-28228.yaml b/http/cves/2025/CVE-2025-28228.yaml index d1756912553..31ff441ac73 100644 --- a/http/cves/2025/CVE-2025-28228.yaml +++ b/http/cves/2025/CVE-2025-28228.yaml @@ -8,15 +8,13 @@ info: A credential exposure vulnerability in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08, v01.07, and Display v1.4, v1.2 allows unauthorized attackers to access credentials in plaintext. reference: - https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-28228 - - https://github.com/ARPSyndicate/cve-scores - - https://github.com/tanjiti/sec_profile classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2025-28228 cwe-id: CWE-522 - epss-score: 0.09064 - epss-percentile: 0.92193 + epss-score: 0.00042 + epss-percentile: 0.12139 metadata: verified: true max-request: 1 diff --git a/http/cves/2025/CVE-2025-28367.yaml b/http/cves/2025/CVE-2025-28367.yaml index 6f59e5f1c7c..636d77d9431 100644 --- a/http/cves/2025/CVE-2025-28367.yaml +++ b/http/cves/2025/CVE-2025-28367.yaml @@ -10,15 +10,11 @@ info: - https://github.com/i7MEDIA/mojoportal - https://www.0xlanks.me/blog/cve-2025-28367-advisory/ - https://nvd.nist.gov/vuln/detail/CVE-2025-28367 - - https://github.com/Ostorlab/KEV - - https://github.com/tanjiti/sec_profile classification: cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N cvss-score: 6.5 cve-id: CVE-2025-28367 cwe-id: CWE-284 - epss-score: 0.13477 - epss-percentile: 0.93816 metadata: verified: true max-request: 1 diff --git a/http/cves/2025/CVE-2025-2907.yaml b/http/cves/2025/CVE-2025-2907.yaml index 130e0cb7414..70d3a210da0 100644 --- a/http/cves/2025/CVE-2025-2907.yaml +++ b/http/cves/2025/CVE-2025-2907.yaml @@ -11,23 +11,17 @@ info: reference: - https://wpscan.com/vulnerability/2e513930-ec01-4dc6-8991-645c5267e14c/ - https://nvd.nist.gov/vuln/detail/CVE-2025-2907 - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2025-2907 - cwe-id: CWE-352 - epss-score: 0.03356 - epss-percentile: 0.86717 - cpe: cpe:2.3:a:tychesoftwares:order_delivery_date_pro_for_woocommerce:*:*:*:*:*:wordpress:*:* + cwe-id: CWE-862 metadata: verified: true max-request: 4 - vendor: tychesoftwares - product: order_delivery_date_pro_for_woocommerce - framework: wordpress fofa-query: body="wp-content/plugins/order-delivery-date-for-woocommerce" - tags: wpscan,cve,cve2025,wp,wordpress,wp-plugin,takeover,order-delivery-date,intrusive + tags: cve,cve2025,wp,wordpress,wp-plugin,takeover,order-delivery-date + flow: http(1) && http(2) && http(3) http: diff --git a/http/cves/2025/CVE-2025-29085.yaml b/http/cves/2025/CVE-2025-29085.yaml index 570171670ee..16c1a5faa8f 100644 --- a/http/cves/2025/CVE-2025-29085.yaml +++ b/http/cves/2025/CVE-2025-29085.yaml @@ -14,11 +14,10 @@ info: cvss-score: 9.8 cve-id: CVE-2025-29085 cwe-id: CWE-89 - epss-score: 0.13002 - epss-percentile: 0.93678 + epss-score: 0.00162 + epss-percentile: 0.33866 metadata: verified: true - max-request: 1 tags: cve,cve2025,vipshop,sqli http: diff --git a/http/cves/2025/CVE-2025-29306.yaml b/http/cves/2025/CVE-2025-29306.yaml index a28dda05801..e58d0f093a6 100644 --- a/http/cves/2025/CVE-2025-29306.yaml +++ b/http/cves/2025/CVE-2025-29306.yaml @@ -19,10 +19,10 @@ info: cwe-id: CWE-94 metadata: verified: true - max-request: 2 - shodan-query: html:"foxcms-logo" + max-request: 1 fofa-query: (body="foxcms-logo" || body="foxcms-container") && body="div" google-query: intitle:"FOXCMS" intext:"foxcms-logo" + shodan-query: html:"foxcms-logo" tags: cve,cve2025,rce,foxcms,unauth,oast http: diff --git a/http/cves/2025/CVE-2025-29927.yaml b/http/cves/2025/CVE-2025-29927.yaml index 23a4125c71f..c570f08de94 100644 --- a/http/cves/2025/CVE-2025-29927.yaml +++ b/http/cves/2025/CVE-2025-29927.yaml @@ -8,29 +8,25 @@ info: Next.js contains a critical middleware bypass vulnerability affecting versions 11.1.4 through 15.2.2. The vulnerability allows attackers to bypass middleware security controls by sending a specially crafted 'x-middleware-subrequest' header, which can lead to authorization bypass and other security control circumvention. - remediation: | - Upgrade to Next.js 14.2.25 or 15.2.3 or later. - If upgrading is not possible, block the x-middleware-subrequest header at the WAF or server level. reference: - https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware - https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw - https://slcyber.io/assetnote-security-research-center/doing-the-due-diligence-analysing-the-next-js-middleware-bypass-cve-2025-29927/ + remediation: | + Upgrade to Next.js 14.2.25 or 15.2.3 or later. + If upgrading is not possible, block the x-middleware-subrequest header at the WAF or server level. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 9.1 cwe-id: CWE-287 metadata: - max-request: 5 + max-request: 1 + shodan-query: "x-middleware-rewrite" + fofa-query: "x-middleware-rewrite" + product: next.js vendor: zeit - product: "next.js" - shodan-query: - - "x-middleware-rewrite" - - cpe:"cpe:2.3:a:zeit:next.js" - - http.html:"/_next/static" - fofa-query: - - "x-middleware-rewrite" - - body="/_next/static" - tags: cve,cve2025,nextjs,middleware,auth-bypass,zeit + tags: cve,cve2025,nextjs,middleware,auth-bypass + flow: | http(1) && http(2) http(3) diff --git a/http/cves/2025/CVE-2025-30208.yaml b/http/cves/2025/CVE-2025-30208.yaml index 0374aa04ee8..4a8dcd6c518 100644 --- a/http/cves/2025/CVE-2025-30208.yaml +++ b/http/cves/2025/CVE-2025-30208.yaml @@ -9,21 +9,17 @@ info: reference: - https://github.com/vitejs/vite/security/advisories/GHSA-x574-m823-4x7w - https://nvd.nist.gov/vuln/detail/CVE-2025-30208 - - https://github.com/vitejs/vite/commit/315695e9d97cc6cfa7e6d9e0229fb50cdae3d9f4 - - https://github.com/vitejs/vite/commit/80381c38d6f068b12e6e928cd3c616bd1d64803c - - https://github.com/vitejs/vite/commit/807d7f06d33ab49c48a2a3501da3eea1906c0d41 classification: cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N cvss-score: 5.3 cve-id: CVE-2025-30208 - cwe-id: CWE-200 - epss-score: 0.5563 - epss-percentile: 0.97918 + cwe-id: CWE-284 metadata: verified: true - max-request: 3 - fofa-query: body="/@vite/client" + max-request: 1 + fofa-query: 'body="/@vite/client"' tags: cve,cve2025,arbitrary-file-read,vite,CVE-2025-30208 + flow: http(1) && http(2) http: diff --git a/http/cves/2025/CVE-2025-30406.yaml b/http/cves/2025/CVE-2025-30406.yaml index 5f8270f13e7..cd6319b2e75 100644 --- a/http/cves/2025/CVE-2025-30406.yaml +++ b/http/cves/2025/CVE-2025-30406.yaml @@ -10,21 +10,14 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2025-30406 - https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf - https://www.centrestack.com/p/gce_latest_release.html - - https://github.com/ARPSyndicate/cve-scores - - https://github.com/W01fh4cker/CVE-2025-30406 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 9 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2025-30406 - cwe-id: CWE-321,CWE-798 - epss-score: 0.74858 - epss-percentile: 0.98788 - cpe: cpe:2.3:a:gladinet:centrestack:*:*:*:*:*:*:*:* + cwe-id: CWE-502 metadata: verified: true max-request: 1 - vendor: gladinet - product: centrestack shodan-query: http.favicon.hash:1163764264 tags: cve,cve2025,gladinet,rce,centrestack,deserialization,kev diff --git a/http/cves/2025/CVE-2025-30567.yaml b/http/cves/2025/CVE-2025-30567.yaml index dd9af7fd9ae..047cf12b5a0 100644 --- a/http/cves/2025/CVE-2025-30567.yaml +++ b/http/cves/2025/CVE-2025-30567.yaml @@ -23,7 +23,7 @@ info: vendor: wp01ru product: wp01 framework: wordpress - tags: cve,cve2025,lfi,wp-plugin,wordpress,wp01,wp,wp01ru + tags: cve,cve2025,lfi,wp-plugin,wordpress,wp01,wp flow: http(1) && http(2) diff --git a/http/cves/2025/CVE-2025-3102.yaml b/http/cves/2025/CVE-2025-3102.yaml index 7e872e0a6ee..aa70a9251ef 100644 --- a/http/cves/2025/CVE-2025-3102.yaml +++ b/http/cves/2025/CVE-2025-3102.yaml @@ -11,7 +11,6 @@ info: - https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3266499%40suretriggers%2Ftrunk&old=3264905%40suretriggers%2Ftrunk&sfp_email=&sfph_mail= - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec017311-f150-4a14-a4b4-b5634f574e2b?source=cve - https://github.com/Nxploited/CVE-2025-3102 - - https://github.com/ARPSyndicate/cve-scores classification: cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 @@ -24,6 +23,7 @@ info: max-request: 1 public-query: "/wp-content/plugins/suretriggers" tags: cve,cve2025,ottokit,intrusive,priv,wordpress,wp-plugin,wp,suretriggers + variables: username: "{{rand_base(6)}}" password: "{{rand_base(8)}}" diff --git a/http/cves/2025/CVE-2025-31125.yaml b/http/cves/2025/CVE-2025-31125.yaml index 9273f949b8d..58288f170e4 100644 --- a/http/cves/2025/CVE-2025-31125.yaml +++ b/http/cves/2025/CVE-2025-31125.yaml @@ -1,34 +1,30 @@ id: CVE-2025-31125 -info: - name: Vite Development Server - Path Traversal - author: martian,ritikchaddha,v2htw - severity: medium - description: | - Path traversal vulnerability in Vite development server's @fs endpoint allows attackers to access files outside the intended directory. When exposed to the network, attackers can exploit this via crafted URLs to access sensitive system files. - remediation: | - Upgrade to the patched version or avoid exposing the Vite development server to the network (do not use --host flag or configure server.host); if upgrading is not immediately possible, implement access restrictions to the Vite development server - reference: - - https://github.com/vitejs/vite/issues/8498 - - https://github.com/vitejs/vite/pull/8804 - - https://github.com/vitejs/vite/pull/8979 - - https://nvd.nist.gov/vuln/detail/CVE-2025-31125 - - https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949 - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N - cvss-score: 5.3 - cve-id: CVE-2025-31125 - cwe-id: CWE-200 - epss-score: 0.08284 - epss-percentile: 0.91785 - metadata: - verified: true - max-request: 4 - shodan-query: title:"Vite App" - fofa-query: title="Vite App" - max-requests: 4 - tags: cve,cve2025,vite,lfi - +info: + name: Vite Development Server - Path Traversal + author: martian,ritikchaddha,v2htw + severity: medium + description: | + Path traversal vulnerability in Vite development server's @fs endpoint allows attackers to access files outside the intended directory. When exposed to the network, attackers can exploit this via crafted URLs to access sensitive system files. + remediation: | + Upgrade to the patched version or avoid exposing the Vite development server to the network (do not use --host flag or configure server.host); if upgrading is not immediately possible, implement access restrictions to the Vite development server + reference: + - https://github.com/vitejs/vite/issues/8498 + - https://github.com/vitejs/vite/pull/8804 + - https://github.com/vitejs/vite/pull/8979 + - https://nvd.nist.gov/vuln/detail/CVE-2025-31125 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2025-31125 + cwe-id: CWE-200 + metadata: + verified: true + max-requests: 4 + shodan-query: title:"Vite App" + fofa-query: title="Vite App" + tags: cve,cve2025,vite,lfi + http: - raw: - | diff --git a/http/cves/2025/CVE-2025-31161.yaml b/http/cves/2025/CVE-2025-31161.yaml index 58f29c8b1d2..5fdfb19bff5 100644 --- a/http/cves/2025/CVE-2025-31161.yaml +++ b/http/cves/2025/CVE-2025-31161.yaml @@ -11,29 +11,27 @@ info: - https://www.rapid7.com/blog/post/2025/03/25/etr-notable-vulnerabilities-in-next-js-cve-2025-29927/ - https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update - https://nvd.nist.gov/vuln/detail/CVE-2025-31161 - - https://outpost24.com/blog/crushftp-auth-bypass-vulnerability/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2025-31161 - cwe-id: CWE-305,NVD-CWE-Other - epss-score: 0.8174 - epss-percentile: 0.99127 - cpe: cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:* + cwe-id: CWE-287 + epss-score: 0.00039 + epss-percentile: 0.08378 metadata: max-request: 2 vendor: crushftp product: crushftp shodan-query: - - http.title:"crushftp webinterface" - - http.favicon.hash:"-1022206565" + - http.title:"CrushFTP WebInterface" + - http.favicon.hash:-1022206565 - http.html:"crushftp" fofa-query: - icon_hash="-1022206565" - - title="crushftp webinterface" + - title="CrushFTP WebInterface" - body="crushftp" - google-query: intitle:"crushftp webinterface" tags: cve,cve2025,crushftp,unauth,auth-bypass,rce,kev + variables: string_1: "{{rand_text_numeric(13)}}" string_2: "{{rand_text_alpha(28)}}" diff --git a/http/cves/2025/CVE-2025-31324.yaml b/http/cves/2025/CVE-2025-31324.yaml index 7c43e198283..1c23d388386 100644 --- a/http/cves/2025/CVE-2025-31324.yaml +++ b/http/cves/2025/CVE-2025-31324.yaml @@ -11,26 +11,19 @@ info: - https://www.theregister.com/2025/04/25/sap_netweaver_patch/ - https://me.sap.com/notes/3594142 - https://url.sap/sapsecuritypatchday - - https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cve-id: CVE-2025-31324 cwe-id: CWE-434 - epss-score: 0.79541 - epss-percentile: 0.9902 - cpe: cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:* + epss-score: 0.00043 + epss-percentile: 0.12532 metadata: verified: true max-request: 1 - vendor: sap - product: netweaver - shodan-query: - - http.html:"sap netweaver application server java" - - cpe:"cpe:2.3:a:sap:netweaver" - - http.favicon.hash:"-266008933" - fofa-query: icon_hash=-266008933 + shodan-query: html:"SAP NetWeaver Application Server Java" tags: cve,cve2025,sap,netweaver,rce,deserialization,kev + variables: oast: ".{{interactsh-url}}" payload: "{{padding(oast,'a',54,'prefix')}}" diff --git a/http/cves/2025/CVE-2025-31489.yaml b/http/cves/2025/CVE-2025-31489.yaml index 3d7e16f84b6..96b3eef133f 100644 --- a/http/cves/2025/CVE-2025-31489.yaml +++ b/http/cves/2025/CVE-2025-31489.yaml @@ -12,8 +12,8 @@ info: - https://github.com/minio/minio/pull/21103 - https://github.com/minio/minio/security/advisories/GHSA-wg47-6jq2-q2hh classification: - epss-score: 0.02308 - epss-percentile: 0.83944 + epss-score: 0.0003 + epss-percentile: 0.05353 metadata: verified: true max-request: 1 @@ -25,6 +25,7 @@ info: - title="minio console" google-query: intitle:"minio console" tags: cve,cve2025,minio,signature-bypass,intrusive + variables: bucket: "{{bucket}}" access_key_id: "{{access_key_id}}" diff --git a/http/cves/2025/CVE-2025-32432.yaml b/http/cves/2025/CVE-2025-32432.yaml index aa04ae4300d..16e3d013888 100644 --- a/http/cves/2025/CVE-2025-32432.yaml +++ b/http/cves/2025/CVE-2025-32432.yaml @@ -17,25 +17,16 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L cvss-score: 10 cve-id: CVE-2025-32432 - cwe-id: CWE-94,NVD-CWE-noinfo - epss-score: 0.76265 - epss-percentile: 0.98854 - cpe: cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:* + cwe-id: CWE-94 + epss-score: 0.00088 + epss-percentile: 0.26473 metadata: max-request: 2 vendor: craftcms - product: craft_cms - shodan-query: - - http.component:"craft cms" - - cpe:"cpe:2.3:a:craftcms:craft_cms" - - http.favicon.hash:"-47932290" - - http.html:"craftcms" - - x-powered-by:"craft cms" - publicwww-query: craftcms - fofa-query: - - body="craftcms" - - icon_hash="-47932290" + product: craftcms + shodan-query: http.component:"Craft CMS" tags: cve,cve2025,craftcms,rce + flow: http(1) && http(2) http: diff --git a/http/cves/2025/CVE-2025-3248.yaml b/http/cves/2025/CVE-2025-3248.yaml index 3461c10723f..30ef575cc03 100644 --- a/http/cves/2025/CVE-2025-3248.yaml +++ b/http/cves/2025/CVE-2025-3248.yaml @@ -9,22 +9,16 @@ info: reference: - https://github.com/langflow-ai/langflow/pull/6911 - https://github.com/langflow-ai/langflow/releases/tag/1.3.0 - - https://github.com/PuddinCat/GithubRepoSpider - - https://github.com/Threekiii/CVE - - https://github.com/eeeeeeeeee-code/POC classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2025-3248 - cwe-id: CWE-306,CWE-94 - epss-score: 0.92602 - epss-percentile: 0.99726 - cpe: cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:* + cwe-id: CWE-306 + epss-score: 0.00049 + epss-percentile: 0.12268 metadata: verified: true max-request: 1 - vendor: langflow - product: langflow shodan-query: html:"Langflow" tags: cve,cve2025,python,rce,injection,kev,langflow diff --git a/http/cves/2025/CVE-2025-34026.yaml b/http/cves/2025/CVE-2025-34026.yaml index 875112a22bf..97bb4ee1864 100644 --- a/http/cves/2025/CVE-2025-34026.yaml +++ b/http/cves/2025/CVE-2025-34026.yaml @@ -10,20 +10,15 @@ info: - https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce/ - https://versa-networks.com/documents/datasheets/versa-concerto.pdf - https://www.cve.org/CVERecord?id=CVE-2025-34026 - - https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce - - https://github.com/ARPSyndicate/cve-scores classification: - epss-score: 0.03417 - epss-percentile: 0.86855 cpe: cpe:2.3:a:versa-networks:concerto:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 1 vendor: versa-networks product: concerto - shodan-query: http.favicon.hash:"-534530225" - fofa-query: icon_hash=-534530225 - tags: versa,concerto,actuator,auth-bypass,springboot,cve,cve2025,versa-networks + max-request: 1 + shodan-query: http.favicon.hash:-534530225 + tags: versa,concerto,actuator,auth-bypass,springboot,cve,cve2025 http: - raw: diff --git a/http/cves/2025/CVE-2025-34027.yaml b/http/cves/2025/CVE-2025-34027.yaml index ab474391942..d9aed1b070d 100644 --- a/http/cves/2025/CVE-2025-34027.yaml +++ b/http/cves/2025/CVE-2025-34027.yaml @@ -10,20 +10,15 @@ info: - https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce/ - https://versa-networks.com/documents/datasheets/versa-concerto.pdf - https://www.cve.org/CVERecord?id=CVE-2025-34027 - - https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce - - https://github.com/ARPSyndicate/cve-scores classification: - epss-score: 0.02609 - epss-percentile: 0.84876 cpe: cpe:2.3:a:versa-networks:concerto:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 1 vendor: versa-networks product: concerto - shodan-query: http.favicon.hash:"-534530225" - fofa-query: icon_hash=-534530225 - tags: cve,cve2025,versa,concerto,auth-bypass,versa-networks + max-request: 1 + shodan-query: http.favicon.hash:-534530225 + tags: cve,cve2025,versa,concerto,auth-bypass http: - raw: diff --git a/http/cves/2025/CVE-2025-34028.yaml b/http/cves/2025/CVE-2025-34028.yaml index 92af4872609..ea85638796f 100644 --- a/http/cves/2025/CVE-2025-34028.yaml +++ b/http/cves/2025/CVE-2025-34028.yaml @@ -10,23 +10,19 @@ info: - https://documentation.commvault.com/securityadvisories/CV_2025_04_1.html - https://labs.watchtowr.com/fire-in-the-hole-were-breaching-the-vault-commvault-remote-code-execution-cve-2025-34028/ - https://nvd.nist.gov/vuln/detail/CVE-2025-34028 - - https://github.com/nomi-sec/PoC-in-GitHub - - https://github.com/tanjiti/sec_profile classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H cvss-score: 10 cve-id: CVE-2025-34028 cwe-id: CWE-22 - epss-score: 0.65371 - epss-percentile: 0.98359 - cpe: cpe:2.3:a:commvault:commvault:*:*:*:*:*:*:*:* + epss-score: 0.00202 + epss-percentile: 0.42778 metadata: verified: true max-request: 1 - vendor: commvault - product: commvault fofa-query: icon_hash="1209838013" tags: cve,cve2025,ssrf,oast,commvault,kev + variables: string: "{{to_lower(rand_base(5))}}" diff --git a/http/cves/2025/CVE-2025-4123.yaml b/http/cves/2025/CVE-2025-4123.yaml index 5e7bded859f..be03718574c 100644 --- a/http/cves/2025/CVE-2025-4123.yaml +++ b/http/cves/2025/CVE-2025-4123.yaml @@ -6,25 +6,18 @@ info: severity: high description: | An open redirect vulnerability in Grafana can be chained with other issues, such as XSS or SSRF, to increase impact. An attacker may exploit the redirect to target internal services or deliver malicious JavaScript, potentially leading to internal data exposure or account takeover. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N + cvss-score: 7.6 reference: - https://medium.com/@Nightbloodz/grafana-cve-2025-4123-full-read-ssrf-account-takeover-d12abd13cd53 - https://grafana.com/blog/2025/05/21/grafana-security-release-high-severity-security-fix-for-cve-2025-4123/ - - https://grafana.com/security/security-advisories/cve-2025-4123/ - - https://github.com/PuddinCat/GithubRepoSpider - - https://github.com/nomi-sec/PoC-in-GitHub - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L - cvss-score: 7.6 - cve-id: CVE-2025-4123 - cwe-id: CWE-79 - epss-score: 0.03175 - epss-percentile: 0.86319 metadata: verified: true - max-request: 2 + max-request: 1 shodan-query: product:"Grafana" fofa-query: app="Grafana" - tags: cve,cve2025,grafana,redirect,unauth,oss,xss + tags: cve,cve2025,grafana,redirect,unauth,oss http: - raw: diff --git a/http/cves/2025/CVE-2025-4388.yaml b/http/cves/2025/CVE-2025-4388.yaml index 6eba32819db..a7c8f84ba26 100644 --- a/http/cves/2025/CVE-2025-4388.yaml +++ b/http/cves/2025/CVE-2025-4388.yaml @@ -8,10 +8,9 @@ info: A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the modules/apps/marketplace/marketplace-app-manager-web. reference: - https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-4388 - - https://github.com/ARPSyndicate/cve-scores classification: - epss-score: 0.01965 - epss-percentile: 0.82577 + epss-score: 0.00047 + epss-percentile: 0.14324 metadata: verified: true max-request: 1 diff --git a/http/cves/2025/CVE-2025-4396.yaml b/http/cves/2025/CVE-2025-4396.yaml index a88605602e3..ba90918396a 100644 --- a/http/cves/2025/CVE-2025-4396.yaml +++ b/http/cves/2025/CVE-2025-4396.yaml @@ -17,13 +17,11 @@ info: cvss-score: 7.5 cve-id: CVE-2025-4396 cwe-id: CWE-89 - epss-score: 0.13327 - epss-percentile: 0.93776 metadata: verified: true max-request: 1 publicwww-query: "/wp-content/plugins/relevanssi/" - tags: cve,cve2025,wordpress,wp-plugin,wp,relevanssi,time-based-sqli,sqli + tags: cve,cve2025,wordpress,wp-plugin,wp,relevanssi,time-based-sqli http: - raw: diff --git a/http/cves/2025/CVE-2025-4427.yaml b/http/cves/2025/CVE-2025-4427.yaml index 0f1417a95a9..6f6fe091243 100644 --- a/http/cves/2025/CVE-2025-4427.yaml +++ b/http/cves/2025/CVE-2025-4427.yaml @@ -18,10 +18,10 @@ info: metadata: verified: true max-request: 2 - vendor: ivanti - product: endpoint_manager_mobile shodan-query: http.favicon.hash:"362091310" fofa-query: icon_hash="362091310" + product: endpoint_manager_mobile + vendor: ivanti tags: cve,cve2025,ivanti,epmm,rce,ssti,kev http: diff --git a/http/cves/2025/CVE-2025-47204.yaml b/http/cves/2025/CVE-2025-47204.yaml index 3427bb1f59b..e979f36eb95 100644 --- a/http/cves/2025/CVE-2025-47204.yaml +++ b/http/cves/2025/CVE-2025-47204.yaml @@ -12,16 +12,6 @@ info: Only use the necessary components (css/js) in production applications reference: - https://nvd.nist.gov/vuln/detail/CVE-2025-47204 - - https://github.com/davidstutz/bootstrap-multiselect/releases - - https://github.com/projectdiscovery/nuclei-templates/commit/11e1a6c11d3954f44acfb0274b6dad4bd8045103 - - https://github.com/ARPSyndicate/cve-scores - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cve-id: CVE-2025-47204 - cwe-id: CWE-352 - epss-score: 0.01013 - epss-percentile: 0.75991 metadata: verified: true max-request: 1 diff --git a/http/cves/2025/CVE-2025-47916.yaml b/http/cves/2025/CVE-2025-47916.yaml index 77e78036733..abdbd134084 100644 --- a/http/cves/2025/CVE-2025-47916.yaml +++ b/http/cves/2025/CVE-2025-47916.yaml @@ -22,9 +22,10 @@ info: metadata: verified: true max-request: 1 - shodan-query: "Set-Cookie: ips4_" fofa-query: body="Invision" && body="ips4" + shodan-query: "Set-Cookie: ips4_" tags: cve,cve2025,invision,rce,ssti,unauth,seclists + variables: marker: "{{randstr}}" diff --git a/http/default-logins/abb/cs141-default-login.yaml b/http/default-logins/abb/cs141-default-login.yaml index 0a97d4a3268..a3ae4e138f1 100644 --- a/http/default-logins/abb/cs141-default-login.yaml +++ b/http/default-logins/abb/cs141-default-login.yaml @@ -12,10 +12,10 @@ info: cpe: cpe:2.3:h:generex:cs141:*:*:*:*:*:*:*:* metadata: max-request: 3 - vendor: generex - product: cs141 shodan-query: http.html:"CS141" - tags: hiawatha,iot,default-login,generex + product: cs141 + vendor: generex + tags: hiawatha,iot,default-login http: - raw: diff --git a/http/default-logins/aem/aem-default-login.yaml b/http/default-logins/aem/aem-default-login.yaml index c3d1f290751..9a046f76b72 100644 --- a/http/default-logins/aem/aem-default-login.yaml +++ b/http/default-logins/aem/aem-default-login.yaml @@ -14,14 +14,9 @@ info: cpe: cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:* metadata: max-request: 8 - vendor: adobe + shodan-query: http.component:"Adobe Experience Manager" product: experience_manager - shodan-query: - - http.component:"adobe experience manager" - - cpe:"cpe:2.3:a:adobe:experience_manager" - - http.title:"aem sign in" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" + vendor: adobe tags: aem,default-login,adobe http: diff --git a/http/default-logins/aem/aem-felix-console.yaml b/http/default-logins/aem/aem-felix-console.yaml index e705ae69fe3..a80f72799d2 100644 --- a/http/default-logins/aem/aem-felix-console.yaml +++ b/http/default-logins/aem/aem-felix-console.yaml @@ -15,13 +15,11 @@ info: cpe: cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:* metadata: max-request: 2 - vendor: adobe - product: experience_manager_cloud_service shodan-query: - - http.title:"aem sign in" - - http.component:"adobe experience manager" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" + - http.title:"AEM Sign In" + - http.component:"Adobe Experience Manager" + product: experience_manager_cloud_service + vendor: adobe tags: default-login,misconfig,aem,adobe http: diff --git a/http/default-logins/apache/apache-apollo-default-login.yaml b/http/default-logins/apache/apache-apollo-default-login.yaml index 14eebc102b7..17831c1f43a 100644 --- a/http/default-logins/apache/apache-apollo-default-login.yaml +++ b/http/default-logins/apache/apache-apollo-default-login.yaml @@ -8,12 +8,10 @@ info: cpe: cpe:2.3:a:apache:activemq_apollo:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 + max-request: 1 vendor: apache - product: "activemq_apollo" - shodan-query: http.title:"apache apollo" - fofa-query: title="apache apollo" - google-query: intitle:"apache apollo" + product: activemq_apollo + shodan-query: title:"Apache Apollo" tags: apache,apollo,default-login,misconfig variables: username: 'admin' diff --git a/http/default-logins/apache/apache-hertzbeat-default-login.yaml b/http/default-logins/apache/apache-hertzbeat-default-login.yaml index 8f5608ca959..a2dc7b5f600 100644 --- a/http/default-logins/apache/apache-hertzbeat-default-login.yaml +++ b/http/default-logins/apache/apache-hertzbeat-default-login.yaml @@ -9,10 +9,11 @@ info: reference: - https://github.com/apache/hertzbeat metadata: - verified: true max-request: 4 + verified: true shodan-query: title:"HertzBeat" tags: apache,hertzbeat,default-login + variables: password: hertzbeat diff --git a/http/default-logins/apache/cloudstack-default-login.yaml b/http/default-logins/apache/cloudstack-default-login.yaml index 428fa151c89..eb463534125 100644 --- a/http/default-logins/apache/cloudstack-default-login.yaml +++ b/http/default-logins/apache/cloudstack-default-login.yaml @@ -13,11 +13,7 @@ info: max-request: 1 vendor: apache product: cloudstack - shodan-query: http.title:"apache cloudstack" - fofa-query: - - app="apache-cloudstack" - - title="apache cloudstack" - google-query: intitle:"apache cloudstack" + shodan-query: http.title:"Apache CloudStack" tags: default-login,apache,cloudstack http: diff --git a/http/default-logins/apache/dolphinscheduler-default-login.yaml b/http/default-logins/apache/dolphinscheduler-default-login.yaml index c31e9642a2f..b6be86274c3 100644 --- a/http/default-logins/apache/dolphinscheduler-default-login.yaml +++ b/http/default-logins/apache/dolphinscheduler-default-login.yaml @@ -14,11 +14,9 @@ info: cpe: cpe:2.3:a:apache:dolphinscheduler:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: apache + shodan-query: http.title:"DolphinScheduler" product: dolphinscheduler - shodan-query: http.title:"dolphinscheduler" - fofa-query: title="dolphinscheduler" - google-query: intitle:"dolphinscheduler" + vendor: apache tags: apache,dolphinscheduler,default-login,oss http: diff --git a/http/default-logins/apache/doris-default-login.yaml b/http/default-logins/apache/doris-default-login.yaml index df231850571..f8076790329 100644 --- a/http/default-logins/apache/doris-default-login.yaml +++ b/http/default-logins/apache/doris-default-login.yaml @@ -12,9 +12,7 @@ info: vendor: apache product: doris shodan-query: http.favicon.hash:"24048806" - fofa-query: - - icon_hash=24048806 - - icon_hash="24048806" + fofa-query: icon_hash=24048806 tags: apache,default-login,doris http: diff --git a/http/default-logins/apache/karaf-default-login.yaml b/http/default-logins/apache/karaf-default-login.yaml index eda6ed4cfc0..9d61d0984d4 100644 --- a/http/default-logins/apache/karaf-default-login.yaml +++ b/http/default-logins/apache/karaf-default-login.yaml @@ -15,9 +15,9 @@ info: metadata: verified: true max-request: 1 - vendor: apache - product: karaf shodan-query: realm="karaf" + product: karaf + vendor: apache tags: default-login,apache,karaf http: diff --git a/http/default-logins/apache/kylin-default-login.yaml b/http/default-logins/apache/kylin-default-login.yaml index 430b0b116a8..c304c9d5379 100644 --- a/http/default-logins/apache/kylin-default-login.yaml +++ b/http/default-logins/apache/kylin-default-login.yaml @@ -16,10 +16,7 @@ info: max-request: 6 vendor: apache product: kylin - fofa-query: - - app="apache-kylin" - - icon_hash=-186961397 - shodan-query: http.favicon.hash:"-186961397" + fofa-query: app="APACHE-kylin" tags: kylin,default-login,apache http: diff --git a/http/default-logins/apache/ranger-default-login.yaml b/http/default-logins/apache/ranger-default-login.yaml index 05859a63221..3efeae62264 100644 --- a/http/default-logins/apache/ranger-default-login.yaml +++ b/http/default-logins/apache/ranger-default-login.yaml @@ -14,11 +14,9 @@ info: cpe: cpe:2.3:a:apache:ranger:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: apache + shodan-query: http.title:"Ranger - Sign In" product: ranger - shodan-query: http.title:"ranger - sign in" - fofa-query: title="ranger - sign in" - google-query: intitle:"ranger - sign in" + vendor: apache tags: apache,ranger,default-login http: diff --git a/http/default-logins/apache/tomcat-default-login.yaml b/http/default-logins/apache/tomcat-default-login.yaml index fce7fedf3a3..3ea012ff0e5 100644 --- a/http/default-logins/apache/tomcat-default-login.yaml +++ b/http/default-logins/apache/tomcat-default-login.yaml @@ -14,21 +14,7 @@ info: max-request: 405 vendor: apache product: tomcat - shodan-query: - - http.title:"apache tomcat" - - cpe:"cpe:2.3:a:apache:tomcat" - - http.component:"apache tomcat" - - http.html:"apache tomcat" - - http.html:"jk status manager" - - product:"tomcat" - fofa-query: - - body="apache tomcat" - - body="jk status manager" - - server=="apache tomcat" - - title="apache tomcat" - google-query: - - intitle:"apache tomcat" - - site:*/examples/jsp/snp/snoop.jsp + shodan-query: title:"Apache Tomcat" tags: tomcat,apache,default-login http: diff --git a/http/default-logins/apollo/apollo-default-login.yaml b/http/default-logins/apollo/apollo-default-login.yaml index 2e35ba5d41f..9035cd3281a 100644 --- a/http/default-logins/apollo/apollo-default-login.yaml +++ b/http/default-logins/apollo/apollo-default-login.yaml @@ -14,15 +14,10 @@ info: cpe: cpe:2.3:a:ctrip:apollo:*:*:*:*:*:*:*:* metadata: max-request: 2 - vendor: ctrip + shodan-query: http.favicon.hash:11794165 product: apollo - shodan-query: - - http.favicon.hash:"11794165" - - http.html:"apollo-adminservice" - fofa-query: - - body="apollo-adminservice" - - icon_hash=11794165 - tags: apollo,default-login,ctrip + vendor: ctrip + tags: apollo,default-login http: - raw: diff --git a/http/default-logins/asus/asus-rtn16-default-login.yaml b/http/default-logins/asus/asus-rtn16-default-login.yaml index 6aa201bb6fe..1e304e74f1e 100644 --- a/http/default-logins/asus/asus-rtn16-default-login.yaml +++ b/http/default-logins/asus/asus-rtn16-default-login.yaml @@ -13,9 +13,7 @@ info: max-request: 1 vendor: asus product: rt-n16 - shodan-query: - - rt-n16 - - cpe:"cpe:2.3:h:asus:rt-n16" + shodan-query: "RT-N16" tags: default-login,asus,rt-n16 http: diff --git a/http/default-logins/azkaban/azkaban-default-login.yaml b/http/default-logins/azkaban/azkaban-default-login.yaml index 6c63f6f3b27..7e97dca0ae2 100644 --- a/http/default-logins/azkaban/azkaban-default-login.yaml +++ b/http/default-logins/azkaban/azkaban-default-login.yaml @@ -10,12 +10,10 @@ info: cpe: cpe:2.3:a:azkaban_project:azkaban:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: azkaban_project + shodan-query: http.title:"Azkaban Web Client" product: azkaban - shodan-query: http.title:"azkaban web client" - fofa-query: title="azkaban web client" - google-query: intitle:"azkaban web client" - tags: default-login,azkaban,azkaban_project + vendor: azkaban_project + tags: default-login,azkaban http: - raw: diff --git a/http/default-logins/barco-clickshare-default-login.yaml b/http/default-logins/barco-clickshare-default-login.yaml index 887a8424259..a9579ffd5ff 100644 --- a/http/default-logins/barco-clickshare-default-login.yaml +++ b/http/default-logins/barco-clickshare-default-login.yaml @@ -12,7 +12,7 @@ info: max-request: 3 vendor: barco product: clickshare_cs-100_huddle_firmware - shodan-query: clicksharesession + shodan-query: "ClickShareSession" tags: default-login,barco,clickshare http: diff --git a/http/default-logins/batflat/batflat-default-login.yaml b/http/default-logins/batflat/batflat-default-login.yaml index f2b3b53e262..bed5cf912a1 100644 --- a/http/default-logins/batflat/batflat-default-login.yaml +++ b/http/default-logins/batflat/batflat-default-login.yaml @@ -16,9 +16,7 @@ info: max-request: 1 vendor: batflat product: batflat - google-query: intext:"powered by batflat." - shodan-query: http.html:"powered by batflat." - fofa-query: body="powered by batflat." + google-query: intext:"Powered by Batflat." tags: default-login,batflat http: diff --git a/http/default-logins/bloofoxcms-default-login.yaml b/http/default-logins/bloofoxcms-default-login.yaml index 88832b46c14..b2f462bc1aa 100644 --- a/http/default-logins/bloofoxcms-default-login.yaml +++ b/http/default-logins/bloofoxcms-default-login.yaml @@ -16,7 +16,7 @@ info: max-request: 1 vendor: bloofox product: bloofoxcms - fofa-query: powered by bloofoxcms + fofa-query: "Powered by bloofoxCMS" tags: bloofox,cms,default-login http: diff --git a/http/default-logins/camaleon/camaleon-default-login.yaml b/http/default-logins/camaleon/camaleon-default-login.yaml index 223a83aeef0..10098bc2f0a 100644 --- a/http/default-logins/camaleon/camaleon-default-login.yaml +++ b/http/default-logins/camaleon/camaleon-default-login.yaml @@ -7,17 +7,11 @@ info: description: | Camaleon CMS default login credentials was discovered. metadata: - max-request: 2 vendor: tuzitio - product: "camaleon_cms" - shodan-query: - - http.html:"camaleon_cms" - - http.title:"camaleon cms" - fofa-query: - - body="camaleon_cms" - - title="camaleon cms" - google-query: intitle:"camaleon cms" - tags: camaleon,default-login,tuzitio + product: camaleon_cms + shodan-query: html:"camaleon_cms" + tags: camaleon,default-login + variables: username: "admin" password: "admin123" diff --git a/http/default-logins/cobbler/hue-default-credential.yaml b/http/default-logins/cobbler/hue-default-credential.yaml index d12aef94ec0..5916f206f6d 100644 --- a/http/default-logins/cobbler/hue-default-credential.yaml +++ b/http/default-logins/cobbler/hue-default-credential.yaml @@ -14,14 +14,9 @@ info: cpe: cpe:2.3:a:cloudera:hue:*:*:*:*:*:*:*:* metadata: max-request: 8 - vendor: cloudera + shodan-query: title:"Hue - Welcome to Hue" product: hue - shodan-query: - - http.title:"hue - welcome to hue" - - cpe:"cpe:2.3:h:philips:hue" - - http.title:"hue personal wireless lighting" - fofa-query: title="hue personal wireless lighting" - google-query: intitle:"hue personal wireless lighting" + vendor: cloudera tags: hue,default-login,oss,cloudera http: diff --git a/http/default-logins/couchdb/couchdb-default-login.yaml b/http/default-logins/couchdb/couchdb-default-login.yaml index 62753da44fa..be90606aab8 100644 --- a/http/default-logins/couchdb/couchdb-default-login.yaml +++ b/http/default-logins/couchdb/couchdb-default-login.yaml @@ -14,13 +14,10 @@ info: metadata: verified: true max-request: 16 - vendor: apache + fofa-query: app="APACHE-CouchDB" product: couchdb - fofa-query: app="apache-couchdb" - shodan-query: - - cpe:"cpe:2.3:a:apache:couchdb" - - product:"couchdb" - tags: default-login,couchdb,misconfig,apache + vendor: apache + tags: default-login,couchdb,misconfig http: - raw: diff --git a/http/default-logins/crushftp/crushftp-anonymous-login.yaml b/http/default-logins/crushftp/crushftp-anonymous-login.yaml index e20f589753c..2c45f4729f9 100644 --- a/http/default-logins/crushftp/crushftp-anonymous-login.yaml +++ b/http/default-logins/crushftp/crushftp-anonymous-login.yaml @@ -13,15 +13,7 @@ info: max-request: 2 vendor: crushftp product: crushftp - shodan-query: - - http.html:"crushftp" - - http.favicon.hash:"-1022206565" - - http.title:"crushftp webinterface" - fofa-query: - - body="crushftp" - - icon_hash="-1022206565" - - title="crushftp webinterface" - google-query: intitle:"crushftp webinterface" + shodan-query: html:"CrushFTP" tags: default-logins,anonymous,crushftp,default-login http: diff --git a/http/default-logins/crushftp/crushftp-default-login.yaml b/http/default-logins/crushftp/crushftp-default-login.yaml index 030a642ecea..b8303d0b0d7 100644 --- a/http/default-logins/crushftp/crushftp-default-login.yaml +++ b/http/default-logins/crushftp/crushftp-default-login.yaml @@ -13,15 +13,7 @@ info: max-request: 2 vendor: crushftp product: crushftp - shodan-query: - - http.html:"crushftp" - - http.favicon.hash:"-1022206565" - - http.title:"crushftp webinterface" - fofa-query: - - body="crushftp" - - icon_hash="-1022206565" - - title="crushftp webinterface" - google-query: intitle:"crushftp webinterface" + shodan-query: html:"CrushFTP" tags: default-login,crushftp http: diff --git a/http/default-logins/dataease/dataease-default-login.yaml b/http/default-logins/dataease/dataease-default-login.yaml index b1dd116c36a..0235e56e78a 100644 --- a/http/default-logins/dataease/dataease-default-login.yaml +++ b/http/default-logins/dataease/dataease-default-login.yaml @@ -16,9 +16,8 @@ info: max-request: 1 vendor: dataease_project product: dataease - shodan-query: http.html:"dataease" - fofa-query: body="dataease" - tags: default-login,dataease,dataease_project + shodan-query: html:"Dataease" + tags: default-login,dataease http: - method: POST diff --git a/http/default-logins/datagerry/datagerry-default-login.yaml b/http/default-logins/datagerry/datagerry-default-login.yaml index 0d669fca2c8..9ca2dda0bc9 100644 --- a/http/default-logins/datagerry/datagerry-default-login.yaml +++ b/http/default-logins/datagerry/datagerry-default-login.yaml @@ -10,11 +10,8 @@ info: verified: true max-request: 1 shodan-query: http.title:"datagerry" - product: datagerry - vendor: becon - fofa-query: title="datagerry" - google-query: intitle:"datagerry" tags: datagerry,default-login + variables: username: "admin" password: "admin" diff --git a/http/default-logins/datahub/datahub-metadata-default-login.yaml b/http/default-logins/datahub/datahub-metadata-default-login.yaml index 31da5805596..2d8f4a994a1 100644 --- a/http/default-logins/datahub/datahub-metadata-default-login.yaml +++ b/http/default-logins/datahub/datahub-metadata-default-login.yaml @@ -15,12 +15,10 @@ info: metadata: verified: true max-request: 1 - vendor: datahub_project + shodan-query: http.title:"DataHub" product: datahub - shodan-query: http.title:"datahub" - fofa-query: title="datahub" - google-query: intitle:"datahub" - tags: datahub,default-login,datahub_project + vendor: datahub_project + tags: datahub,default-login http: - raw: diff --git a/http/default-logins/dataiku/dataiku-default-login.yaml b/http/default-logins/dataiku/dataiku-default-login.yaml index 75c0c898110..066e735ae62 100644 --- a/http/default-logins/dataiku/dataiku-default-login.yaml +++ b/http/default-logins/dataiku/dataiku-default-login.yaml @@ -15,11 +15,9 @@ info: metadata: verified: true max-request: 1 - vendor: dataiku + shodan-query: title:"dataiku" product: data_science_studio - shodan-query: http.title:"dataiku" - fofa-query: title="dataiku" - google-query: intitle:"dataiku" + vendor: dataiku tags: default-login,dataiku http: diff --git a/http/default-logins/deluge/deluge-default-login.yaml b/http/default-logins/deluge/deluge-default-login.yaml index e1ace6bf573..66a00717cbb 100644 --- a/http/default-logins/deluge/deluge-default-login.yaml +++ b/http/default-logins/deluge/deluge-default-login.yaml @@ -9,8 +9,8 @@ info: reference: - https://docs.linuxserver.io/images/docker-deluge/#:~:text=The%20admin%20interface%20is%20available,%2D%3EInterface%2D%3EPassword. metadata: - verified: true max-request: 1 + verified: true shodan-query: title:"Deluge" tags: deluge,default-login diff --git a/http/default-logins/devdojo/devdojo-voyager-default-login.yaml b/http/default-logins/devdojo/devdojo-voyager-default-login.yaml index 130829002de..e5cb2d8c45c 100644 --- a/http/default-logins/devdojo/devdojo-voyager-default-login.yaml +++ b/http/default-logins/devdojo/devdojo-voyager-default-login.yaml @@ -10,7 +10,7 @@ info: - https://voyager-docs.devdojo.com/getting-started/installation metadata: verified: true - max-request: 2 + max-request: 5 shodan-query: title:"Voyager" tags: default-login,voyager,devdojo diff --git a/http/default-logins/elasticsearch/elasticsearch-default-login.yaml b/http/default-logins/elasticsearch/elasticsearch-default-login.yaml index da11da03469..ff6aa1a5aa8 100644 --- a/http/default-logins/elasticsearch/elasticsearch-default-login.yaml +++ b/http/default-logins/elasticsearch/elasticsearch-default-login.yaml @@ -17,8 +17,7 @@ info: vendor: elastic product: elasticsearch shodan-query: http.title:"Elastic" || http.favicon.hash:1328449667 - fofa-query: index_not_found_exception - tags: default-login,elasticsearch,elastic + tags: default-login,elasticsearch http: - raw: diff --git a/http/default-logins/emqx/emqx-default-login.yaml b/http/default-logins/emqx/emqx-default-login.yaml index c4c4eaf6eb7..e6a3eb75ad2 100644 --- a/http/default-logins/emqx/emqx-default-login.yaml +++ b/http/default-logins/emqx/emqx-default-login.yaml @@ -10,7 +10,7 @@ info: cvss-score: 8.3 cwe-id: CWE-522 metadata: - max-request: 2 + max-request: 1 shodan-query: http.favicon.hash:"-670975485" tags: emqx,default-login diff --git a/http/default-logins/esafenet-cdg-default-login.yaml b/http/default-logins/esafenet-cdg-default-login.yaml index 0704e371f20..1360fca3072 100644 --- a/http/default-logins/esafenet-cdg-default-login.yaml +++ b/http/default-logins/esafenet-cdg-default-login.yaml @@ -13,9 +13,7 @@ info: max-request: 32 vendor: esafenet product: cdg - fofa-query: - - esafenet - - title="电子文档安全管理系统",body="cdgserver3/" + fofa-query: esafenet tags: esafenet,cdg,default-login http: diff --git a/http/default-logins/eurotel/etl3100-default-login.yaml b/http/default-logins/eurotel/etl3100-default-login.yaml index f332da65b6f..5eec4b546fd 100644 --- a/http/default-logins/eurotel/etl3100-default-login.yaml +++ b/http/default-logins/eurotel/etl3100-default-login.yaml @@ -16,8 +16,8 @@ info: max-request: 2 vendor: eurotel product: etl3100 - shodan-query: http.html:"etl3100" - fofa-query: body="etl3100" + shodan-query: html:"ETL3100" + fofa-query: body="ETL3100" tags: misconfig,default-login,eurotel http: diff --git a/http/default-logins/franklin-fueling-default-login.yaml b/http/default-logins/franklin-fueling-default-login.yaml index 56451c647d6..d96b83b8917 100644 --- a/http/default-logins/franklin-fueling-default-login.yaml +++ b/http/default-logins/franklin-fueling-default-login.yaml @@ -16,7 +16,7 @@ info: vendor: franklinfueling product: ts-550_evo_firmware google-query: inurl:"relay_status.html" - tags: default-login,franklin,franklinfueling + tags: default-login,franklin http: - raw: diff --git a/http/default-logins/fuji-xerox/fuji-xerox-default-login.yaml b/http/default-logins/fuji-xerox/fuji-xerox-default-login.yaml index 2c63a417210..db728c11a94 100644 --- a/http/default-logins/fuji-xerox/fuji-xerox-default-login.yaml +++ b/http/default-logins/fuji-xerox/fuji-xerox-default-login.yaml @@ -16,7 +16,7 @@ info: vendor: fujixerox product: apeosport-v_c3375 fofa-query: '"prop.htm" && "docucentre"' - tags: default-login,fuji,fuji-xerox,printer,fujixerox + tags: default-login,fuji,fuji-xerox,printer http: - raw: diff --git a/http/default-logins/geoserver/geoserver-default-login.yaml b/http/default-logins/geoserver/geoserver-default-login.yaml index 3b9e30767e4..f8e6295a10f 100644 --- a/http/default-logins/geoserver/geoserver-default-login.yaml +++ b/http/default-logins/geoserver/geoserver-default-login.yaml @@ -15,15 +15,9 @@ info: metadata: verified: true max-request: 2 - vendor: geoserver + fofa-query: app="GeoServer" product: geoserver - fofa-query: - - app="geoserver" - - title="geoserver" - shodan-query: - - http.title:"geoserver" - - server:"geohttpserver" - google-query: intitle:"geoserver" + vendor: geoserver tags: geoserver,default-login http: diff --git a/http/default-logins/gitblit/gitblit-default-login.yaml b/http/default-logins/gitblit/gitblit-default-login.yaml index 993c5bd9ef8..3b922aa529b 100644 --- a/http/default-logins/gitblit/gitblit-default-login.yaml +++ b/http/default-logins/gitblit/gitblit-default-login.yaml @@ -15,13 +15,7 @@ info: max-request: 1 vendor: gitblit product: gitblit - shodan-query: - - http.title:"gitblit" - - http.html:"gitblit" - fofa-query: - - body="gitblit" - - title="gitblit" - google-query: intitle:"gitblit" + shodan-query: title:"Gitblit" tags: gitblit,default-login http: diff --git a/http/default-logins/gitlab/gitlab-weak-login.yaml b/http/default-logins/gitlab/gitlab-weak-login.yaml index de38bddb4c2..b5bdc5afb57 100644 --- a/http/default-logins/gitlab/gitlab-weak-login.yaml +++ b/http/default-logins/gitlab/gitlab-weak-login.yaml @@ -13,18 +13,9 @@ info: cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* metadata: max-request: 6 - vendor: gitlab + shodan-query: http.title:"GitLab" product: gitlab - shodan-query: - - http.title:"gitlab" - - cpe:"cpe:2.3:a:gitlab:gitlab" - - http.html:"gitlab enterprise edition" - - http.html:"gitlab-ci.yml" - fofa-query: - - body="gitlab enterprise edition" - - body="gitlab-ci.yml" - - title="gitlab" - google-query: intitle:"gitlab" + vendor: gitlab tags: gitlab,default-login http: diff --git a/http/default-logins/grafana/grafana-default-login.yaml b/http/default-logins/grafana/grafana-default-login.yaml index fb57369d89f..73887d3137d 100644 --- a/http/default-logins/grafana/grafana-default-login.yaml +++ b/http/default-logins/grafana/grafana-default-login.yaml @@ -16,15 +16,9 @@ info: cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:* metadata: max-request: 2 - vendor: grafana + shodan-query: title:"Grafana" product: grafana - shodan-query: - - http.title:"grafana" - - cpe:"cpe:2.3:a:grafana:grafana" - fofa-query: - - app="grafana" - - title="grafana" - google-query: intitle:"grafana" + vendor: grafana tags: grafana,default-login http: diff --git a/http/default-logins/huawei/huawei-HG532e-default-router-login.yaml b/http/default-logins/huawei/huawei-HG532e-default-router-login.yaml index 036e95fc865..c08d6ce9580 100644 --- a/http/default-logins/huawei/huawei-HG532e-default-router-login.yaml +++ b/http/default-logins/huawei/huawei-HG532e-default-router-login.yaml @@ -12,10 +12,9 @@ info: cpe: cpe:2.3:h:huawei:hg532e:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: huawei + shodan-query: http.html:"HG532e" product: hg532e - shodan-query: http.html:"hg532e" - fofa-query: body="hg532e" + vendor: huawei tags: default-login,huawei http: diff --git a/http/default-logins/hybris/hybris-default-login.yaml b/http/default-logins/hybris/hybris-default-login.yaml index dfd1d1abad6..2c7ccb32b45 100644 --- a/http/default-logins/hybris/hybris-default-login.yaml +++ b/http/default-logins/hybris/hybris-default-login.yaml @@ -12,13 +12,11 @@ info: cpe: cpe:2.3:a:sap:hybris:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 9 - vendor: sap + max-request: 3 + shodan-query: title:"Hybris" product: hybris - shodan-query: http.title:"hybris" - fofa-query: title="hybris" - google-query: intitle:"hybris" - tags: default-login,hybris,sap + vendor: sap + tags: default-login,hybris http: - raw: diff --git a/http/default-logins/ibm/imm-default-login.yaml b/http/default-logins/ibm/imm-default-login.yaml index b84dcc63bc3..6d524cc4950 100644 --- a/http/default-logins/ibm/imm-default-login.yaml +++ b/http/default-logins/ibm/imm-default-login.yaml @@ -15,12 +15,10 @@ info: metadata: verified: true max-request: 1 - vendor: ibm + shodan-query: html:"ibmdojo" + fofa-query: "integrated management module" product: integrated_management_module - shodan-query: http.html:"ibmdojo" - fofa-query: - - "integrated management module" - - body="ibmdojo" + vendor: ibm tags: imm,ibm,default-login http: diff --git a/http/default-logins/idemia/idemia-biometrics-default-login.yaml b/http/default-logins/idemia/idemia-biometrics-default-login.yaml index e6eaa83ab5c..d6e14aa0587 100644 --- a/http/default-logins/idemia/idemia-biometrics-default-login.yaml +++ b/http/default-logins/idemia/idemia-biometrics-default-login.yaml @@ -16,11 +16,9 @@ info: metadata: verified: true max-request: 1 - vendor: idemia + shodan-query: title:"IDEMIA" product: sigma_wide - shodan-query: http.title:"idemia" - fofa-query: title="idemia" - google-query: intitle:"idemia" + vendor: idemia tags: idemia,biometrics,default-login http: diff --git a/http/default-logins/ispconfig/ispconfig-hcp-default-login.yaml b/http/default-logins/ispconfig/ispconfig-hcp-default-login.yaml index 569c73cdd6d..891b52b99f6 100644 --- a/http/default-logins/ispconfig/ispconfig-hcp-default-login.yaml +++ b/http/default-logins/ispconfig/ispconfig-hcp-default-login.yaml @@ -13,9 +13,7 @@ info: max-request: 1 vendor: ispconfig product: ispconfig - shodan-query: http.title:"ispconfig" http.favicon.hash:483383992 - fofa-query: title="ispconfig" http.favicon.hash:483383992 - google-query: intitle:"ispconfig" http.favicon.hash:483383992 + shodan-query: title:"ISPConfig" http.favicon.hash:483383992 tags: ispconfig,hsp,default-login http: diff --git a/http/default-logins/jboss/jboss-jbpm-default-login.yaml b/http/default-logins/jboss/jboss-jbpm-default-login.yaml index ec890693f3c..56571962ad4 100644 --- a/http/default-logins/jboss/jboss-jbpm-default-login.yaml +++ b/http/default-logins/jboss/jboss-jbpm-default-login.yaml @@ -15,11 +15,10 @@ info: metadata: verified: true max-request: 12 - vendor: redhat + shodan-query: html:"JBossWS" product: jbpm - shodan-query: http.html:"jbossws" - fofa-query: body="jbossws" - tags: jboss,jbpm,default-login,redhat + vendor: redhat + tags: jboss,jbpm,default-login http: - raw: diff --git a/http/default-logins/jeedom/jeedom-default-login.yaml b/http/default-logins/jeedom/jeedom-default-login.yaml index bf8bdc938d7..b9c61113a3e 100644 --- a/http/default-logins/jeedom/jeedom-default-login.yaml +++ b/http/default-logins/jeedom/jeedom-default-login.yaml @@ -13,9 +13,7 @@ info: max-request: 2 vendor: jeedom product: jeedom - shodan-query: http.title:"jeedom" - fofa-query: title="jeedom" - google-query: intitle:"jeedom" + shodan-query: title:"Jeedom" tags: jeedom,default-login,misconfig variables: username: admin diff --git a/http/default-logins/jellyfin/jellyfin-default-login.yaml b/http/default-logins/jellyfin/jellyfin-default-login.yaml index e5a602d5896..89ef0a65b61 100644 --- a/http/default-logins/jellyfin/jellyfin-default-login.yaml +++ b/http/default-logins/jellyfin/jellyfin-default-login.yaml @@ -12,17 +12,9 @@ info: cpe: cpe:2.3:a:jellyfin:jellyfin:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 12 - vendor: jellyfin + fofa-query: title="Jellyfin" product: jellyfin - fofa-query: - - title="jellyfin" - - body="jellyfin" - - title="jellyfin" || body="http://jellyfin.media" - shodan-query: - - http.html:"jellyfin" - - http.title:"jellyfin" - google-query: intitle:"jellyfin" + vendor: jellyfin tags: default-login,jellyfin,misconfig http: diff --git a/http/default-logins/jupyterhub/jupyterhub-default-login.yaml b/http/default-logins/jupyterhub/jupyterhub-default-login.yaml index 83299bb1b45..1cdea15693c 100644 --- a/http/default-logins/jupyterhub/jupyterhub-default-login.yaml +++ b/http/default-logins/jupyterhub/jupyterhub-default-login.yaml @@ -14,12 +14,10 @@ info: cpe: cpe:2.3:a:jupyter:jupyterhub:*:*:*:*:*:*:*:* metadata: max-request: 2 - vendor: jupyter + shodan-query: http.title:"JupyterHub" product: jupyterhub - shodan-query: http.title:"jupyterhub" - fofa-query: title="jupyterhub" - google-query: intitle:"jupyterhub" - tags: jupyterhub,default-login,jupyter + vendor: jupyter + tags: jupyterhub,default-login http: - raw: diff --git a/http/default-logins/kanboard-default-login.yaml b/http/default-logins/kanboard-default-login.yaml index 9563245ada9..ba29f89ce17 100644 --- a/http/default-logins/kanboard-default-login.yaml +++ b/http/default-logins/kanboard-default-login.yaml @@ -17,12 +17,9 @@ info: metadata: verified: true max-request: 2 - vendor: kanboard + fofa-query: app="Kanboard" product: kanboard - fofa-query: - - app="kanboard" - - icon_hash=2056442365 - shodan-query: http.favicon.hash:"2056442365" + vendor: kanboard tags: default-login,kanboard http: diff --git a/http/default-logins/klog-server-default-login.yaml b/http/default-logins/klog-server-default-login.yaml index 3b42e36637a..929e99f2242 100644 --- a/http/default-logins/klog-server-default-login.yaml +++ b/http/default-logins/klog-server-default-login.yaml @@ -12,7 +12,7 @@ info: max-request: 2 vendor: klogserver product: klog_server - tags: default-login,klog-server,klogserver + tags: default-login,klog-server http: - raw: diff --git a/http/default-logins/leostream/leostream-default-login.yaml b/http/default-logins/leostream/leostream-default-login.yaml index 416fc254cc7..c6683c6bc71 100644 --- a/http/default-logins/leostream/leostream-default-login.yaml +++ b/http/default-logins/leostream/leostream-default-login.yaml @@ -14,11 +14,9 @@ info: metadata: verified: true max-request: 1 - vendor: leostream + shodan-query: http.title:"Leostream" product: connection_broker - shodan-query: http.title:"leostream" - fofa-query: title="leostream" - google-query: intitle:"leostream" + vendor: leostream tags: leostream,default-login http: diff --git a/http/default-logins/loytec/loytec-default-password.yaml b/http/default-logins/loytec/loytec-default-password.yaml index bc8350aec59..5ff66a68615 100644 --- a/http/default-logins/loytec/loytec-default-password.yaml +++ b/http/default-logins/loytec/loytec-default-password.yaml @@ -7,9 +7,10 @@ info: description: | Identified Loytec PLC web interfaces that were accessible using default credentials (admin:loytec4u). These devices were commonly deployed in building automation and industrial control environments. When left unchanged, default credentials could have allowed unauthorized users to gain administrative access to the system. metadata: - max-request: 1 verifed: true + max-request: 1 tags: loytec,default-login + variables: username: admin password: loytec4u diff --git a/http/default-logins/magnolia-default-login.yaml b/http/default-logins/magnolia-default-login.yaml index cfda85283ce..7bcd1161770 100644 --- a/http/default-logins/magnolia-default-login.yaml +++ b/http/default-logins/magnolia-default-login.yaml @@ -15,16 +15,10 @@ info: metadata: verified: true max-request: 3 - vendor: magnolia-cms + shodan-query: html:"Magnolia is a registered trademark" product: magnolia_cms - shodan-query: - - http.html:"magnolia is a registered trademark" - - http.title:"magnolia installation" - fofa-query: - - body="magnolia is a registered trademark" - - title="magnolia installation" - google-query: intitle:"magnolia installation" - tags: magnolia,default-login,magnolia-cms + vendor: magnolia-cms + tags: magnolia,default-login http: - raw: diff --git a/http/default-logins/mantisbt/mantisbt-anonymous-login.yaml b/http/default-logins/mantisbt/mantisbt-anonymous-login.yaml index 37c75a96526..68f85288943 100644 --- a/http/default-logins/mantisbt/mantisbt-anonymous-login.yaml +++ b/http/default-logins/mantisbt/mantisbt-anonymous-login.yaml @@ -13,16 +13,7 @@ info: max-request: 1 vendor: mantisbt product: mantisbt - shodan-query: - - http.favicon.hash:"662709064" - - cpe:"cpe:2.3:a:mantisbt:mantisbt" - - http.html:"administration - installation - mantisbt" - - http.title:"mantisbt" - fofa-query: - - body="administration - installation - mantisbt" - - icon_hash=662709064 - - title="mantisbt" - google-query: intitle:"mantisbt" + shodan-query: http.favicon.hash:662709064 tags: default-logins,anonymous,mantisbt,default-login http: diff --git a/http/default-logins/mantisbt/mantisbt-default-credential.yaml b/http/default-logins/mantisbt/mantisbt-default-credential.yaml index 6f7fee7d81e..a0425305a25 100644 --- a/http/default-logins/mantisbt/mantisbt-default-credential.yaml +++ b/http/default-logins/mantisbt/mantisbt-default-credential.yaml @@ -13,19 +13,10 @@ info: cwe-id: CWE-522 cpe: cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:* metadata: - max-request: 4 - vendor: mantisbt + max-request: 1 + shodan-query: title:"MantisBT" product: mantisbt - shodan-query: - - http.title:"mantisbt" - - cpe:"cpe:2.3:a:mantisbt:mantisbt" - - http.favicon.hash:"662709064" - - http.html:"administration - installation - mantisbt" - fofa-query: - - body="administration - installation - mantisbt" - - icon_hash=662709064 - - title="mantisbt" - google-query: intitle:"mantisbt" + vendor: mantisbt tags: mantisbt,default-login http: diff --git a/http/default-logins/minio/minio-default-login.yaml b/http/default-logins/minio/minio-default-login.yaml index 061fb0b7673..042fa856467 100644 --- a/http/default-logins/minio/minio-default-login.yaml +++ b/http/default-logins/minio/minio-default-login.yaml @@ -15,21 +15,9 @@ info: metadata: verified: true max-request: 2 - vendor: minio + shodan-query: http.html:"symfony Profiler" product: minio - shodan-query: - - http.html:"symfony profiler" - - cpe:"cpe:2.3:a:minio:minio" - - http.title:"minio browser" - - http.title:"minio console" - fofa-query: - - app="minio" - - body="symfony profiler" - - title="minio browser" - - title="minio console" - google-query: - - intitle:"minio browser" - - intitle:"minio console" + vendor: minio tags: default-login,minio http: diff --git a/http/default-logins/mobotix/mobotix-default-login.yaml b/http/default-logins/mobotix/mobotix-default-login.yaml index d043ea56048..1461feb3b93 100644 --- a/http/default-logins/mobotix/mobotix-default-login.yaml +++ b/http/default-logins/mobotix/mobotix-default-login.yaml @@ -12,11 +12,9 @@ info: cpe: cpe:2.3:h:mobotix:s14:*:*:*:*:*:*:*:* metadata: max-request: 2 - vendor: mobotix + shodan-query: title:"Mobotix" product: s14 - shodan-query: http.title:"mobotix" - fofa-query: title="mobotix" - google-query: intitle:"mobotix" + vendor: mobotix tags: mobotix,default-login,webcam,iot http: diff --git a/http/default-logins/nacos/nacos-default-login.yaml b/http/default-logins/nacos/nacos-default-login.yaml index 2ed0a98ae80..5511f756cd7 100644 --- a/http/default-logins/nacos/nacos-default-login.yaml +++ b/http/default-logins/nacos/nacos-default-login.yaml @@ -13,12 +13,7 @@ info: max-request: 2 vendor: alibaba product: nacos - fofa-query: - - title=="nacos" - - app="nacos" - - title="nacos" - shodan-query: http.title:"nacos" - google-query: intitle:"nacos" + fofa-query: title=="Nacos" tags: nacos,default-login,alibaba http: diff --git a/http/default-logins/nagios/nagiosxi-default-login.yaml b/http/default-logins/nagios/nagiosxi-default-login.yaml index 6a7dfb99ddb..d354a4a21fa 100644 --- a/http/default-logins/nagios/nagiosxi-default-login.yaml +++ b/http/default-logins/nagios/nagiosxi-default-login.yaml @@ -15,16 +15,9 @@ info: metadata: verified: true max-request: 6 - vendor: nagios + shodan-query: title:"Nagios XI" product: nagios_xi - shodan-query: - - http.title:"nagios xi" - - http.favicon.hash:"1460499495" - fofa-query: - - app="nagios-xi" - - icon_hash="1460499495" - - title="nagios xi" - google-query: intitle:"nagios xi" + vendor: nagios tags: nagios,nagiosxi,default-login http: diff --git a/http/default-logins/netflow/netflow-default-login.yaml b/http/default-logins/netflow/netflow-default-login.yaml index 7cbe77700c9..6120a3675c4 100644 --- a/http/default-logins/netflow/netflow-default-login.yaml +++ b/http/default-logins/netflow/netflow-default-login.yaml @@ -13,9 +13,8 @@ info: max-request: 1 vendor: zohocorp product: manageengine_netflow_analyzer - shodan-query: http.html:"login - netflow analyzer" - fofa-query: body="login - netflow analyzer" - tags: default-login,netflow,misconfig,zohocorp + shodan-query: html:"Login - Netflow Analyzer" + tags: default-login,netflow,misconfig http: - raw: diff --git a/http/default-logins/nginx/nginx-proxy-manager-default-login.yaml b/http/default-logins/nginx/nginx-proxy-manager-default-login.yaml index 865c7437625..b2dded24c33 100644 --- a/http/default-logins/nginx/nginx-proxy-manager-default-login.yaml +++ b/http/default-logins/nginx/nginx-proxy-manager-default-login.yaml @@ -7,9 +7,9 @@ info: description: | Default Nginx Proxy Manager credentials was discovered. metadata: + shodan-query: html:"Nginx Proxy Manager" verified: true max-request: 1 - shodan-query: html:"Nginx Proxy Manager" tags: nginx,proxy-manager,default-login http: diff --git a/http/default-logins/node-red/nodered-default-login.yaml b/http/default-logins/node-red/nodered-default-login.yaml index d15e9d49c53..ac76498df76 100644 --- a/http/default-logins/node-red/nodered-default-login.yaml +++ b/http/default-logins/node-red/nodered-default-login.yaml @@ -15,9 +15,8 @@ info: max-request: 1 vendor: nodered product: node-red - shodan-query: http.favicon.hash:"321591353" - fofa-query: icon_hash=321591353 - tags: default-login,node-red,dashboard,nodered + shodan-query: http.favicon.hash:321591353 + tags: default-login,node-red,dashboard http: - raw: diff --git a/http/default-logins/nsicg/nsicg-default-login.yaml b/http/default-logins/nsicg/nsicg-default-login.yaml index 5d06b9473f6..0f315b7a2f0 100644 --- a/http/default-logins/nsicg/nsicg-default-login.yaml +++ b/http/default-logins/nsicg/nsicg-default-login.yaml @@ -16,10 +16,10 @@ info: metadata: verified: true max-request: 2 - vendor: netentsec + fofa-query: "NS-ICG" product: application_security_gateway - fofa-query: ns-icg - tags: nsicg,default-login,netentsec + vendor: netentsec + tags: nsicg,default-login http: - raw: diff --git a/http/default-logins/o2oa/o2oa-default-login.yaml b/http/default-logins/o2oa/o2oa-default-login.yaml index 87294c3e2dc..5679dcb0ead 100755 --- a/http/default-logins/o2oa/o2oa-default-login.yaml +++ b/http/default-logins/o2oa/o2oa-default-login.yaml @@ -13,8 +13,8 @@ info: max-request: 1 vendor: zoneland product: o2oa - shodan-query: http.title=="o2oa" - tags: o2oa,default-login,zoneland + shodan-query: title=="O2OA" + tags: o2oa,default-login http: - raw: diff --git a/http/default-logins/octobercms/octobercms-default-login.yaml b/http/default-logins/octobercms/octobercms-default-login.yaml index 5e5f5a5a701..7eef92e03a4 100644 --- a/http/default-logins/octobercms/octobercms-default-login.yaml +++ b/http/default-logins/octobercms/octobercms-default-login.yaml @@ -16,9 +16,9 @@ info: metadata: verified: true max-request: 4 - vendor: octobercms + shodan-query: http.component:"October CMS" product: october - shodan-query: http.component:"october cms" + vendor: octobercms tags: octobercms,default-login,oss http: diff --git a/http/default-logins/openemr/openemr-default-login.yaml b/http/default-logins/openemr/openemr-default-login.yaml index cccd4955b45..4d61e9ae519 100644 --- a/http/default-logins/openemr/openemr-default-login.yaml +++ b/http/default-logins/openemr/openemr-default-login.yaml @@ -14,23 +14,11 @@ info: cpe: cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: open-emr + shodan-query: http.html:"OpenEMR" + fofa-query: app="OpenEMR" product: openemr - shodan-query: - - http.html:"openemr" - - http.favicon.hash:"1971268439" - - http.title:"openemr setup tool" - - http.title:"openemr" - fofa-query: - - app="openemr" - - body="openemr" - - icon_hash=1971268439 - - title="openemr setup tool" - - title="openemr" - google-query: - - intitle:"openemr setup tool" - - intitle:"openemr" - tags: openemr,default-login,open-emr + vendor: open-emr + tags: openemr,default-login http: - raw: diff --git a/http/default-logins/openmediavault/openmediavault-default-login.yaml b/http/default-logins/openmediavault/openmediavault-default-login.yaml index 952cd2627dd..9d08c4d885b 100644 --- a/http/default-logins/openmediavault/openmediavault-default-login.yaml +++ b/http/default-logins/openmediavault/openmediavault-default-login.yaml @@ -15,11 +15,9 @@ info: metadata: verified: true max-request: 1 - vendor: openmediavault + shodan-query: title:"OpenMediaVault" product: openmediavault - shodan-query: http.title:"openmediavault" - fofa-query: title="openmediavault" - google-query: intitle:"openmediavault" + vendor: openmediavault tags: default-login,openmediavault http: diff --git a/http/default-logins/oracle/peoplesoft-default-login.yaml b/http/default-logins/oracle/peoplesoft-default-login.yaml index 4ce97f40ad3..e87e25ce149 100644 --- a/http/default-logins/oracle/peoplesoft-default-login.yaml +++ b/http/default-logins/oracle/peoplesoft-default-login.yaml @@ -16,11 +16,9 @@ info: metadata: verified: true max-request: 200 - vendor: oracle + shodan-query: title:"Oracle PeopleSoft Sign-in" product: peoplesoft_enterprise_peopletools - shodan-query: http.title:"oracle peoplesoft sign-in" - fofa-query: title="oracle peoplesoft sign-in" - google-query: intitle:"oracle peoplesoft sign-in" + vendor: oracle tags: default-login,peoplesoft,oracle,fuzz http: diff --git a/http/default-logins/others/aruba-instant-default-login.yaml b/http/default-logins/others/aruba-instant-default-login.yaml index 6ec72de0a9d..d5542a0ffd9 100755 --- a/http/default-logins/others/aruba-instant-default-login.yaml +++ b/http/default-logins/others/aruba-instant-default-login.yaml @@ -16,7 +16,7 @@ info: vendor: arubanetworks product: aruba_instant fofa-query: body="jscripts/third_party/raphael-treemap.min.js" || body="jscripts/third_party/highcharts.src.js" - tags: aruba,default-login,arubanetworks + tags: aruba,default-login http: - raw: diff --git a/http/default-logins/others/inspur-clusterengine-default-login.yaml b/http/default-logins/others/inspur-clusterengine-default-login.yaml index 43e46de73a8..d4d4baa214c 100644 --- a/http/default-logins/others/inspur-clusterengine-default-login.yaml +++ b/http/default-logins/others/inspur-clusterengine-default-login.yaml @@ -13,7 +13,7 @@ info: max-request: 1 vendor: inspur product: clusterengine - fofa-query: title="tscev4.0" + fofa-query: title="TSCEV4.0" tags: default-login,inspur,clusterengine http: diff --git a/http/default-logins/others/opencats-default-login.yaml b/http/default-logins/others/opencats-default-login.yaml index 255f4b2ae1a..5682d202d45 100644 --- a/http/default-logins/others/opencats-default-login.yaml +++ b/http/default-logins/others/opencats-default-login.yaml @@ -13,11 +13,9 @@ info: metadata: verified: true max-request: 4 - vendor: opencats + shodan-query: title:"opencats" product: opencats - shodan-query: http.title:"opencats" - fofa-query: title="opencats" - google-query: intitle:"opencats" + vendor: opencats tags: default-login,opencats http: diff --git a/http/default-logins/pentaho/pentaho-default-login.yaml b/http/default-logins/pentaho/pentaho-default-login.yaml index 2428446dde3..145d1536e28 100644 --- a/http/default-logins/pentaho/pentaho-default-login.yaml +++ b/http/default-logins/pentaho/pentaho-default-login.yaml @@ -13,10 +13,10 @@ info: cwe-id: CWE-522 metadata: max-request: 1 - vendor: hitachi - product: vantara_pentaho shodan-query: pentaho - tags: pentaho,default-login,hitachi + product: vantara_pentaho + vendor: hitachi + tags: pentaho,default-login http: - raw: diff --git a/http/default-logins/phpmyadmin/phpmyadmin-default-login.yaml b/http/default-logins/phpmyadmin/phpmyadmin-default-login.yaml index d333d4e4c99..8a66e799592 100644 --- a/http/default-logins/phpmyadmin/phpmyadmin-default-login.yaml +++ b/http/default-logins/phpmyadmin/phpmyadmin-default-login.yaml @@ -15,21 +15,9 @@ info: metadata: verified: true max-request: 16 - vendor: phpmyadmin + shodan-query: http.title:phpMyAdmin product: phpmyadmin - shodan-query: - - http.title:"phpmyadmin" - - cpe:"cpe:2.3:a:phpmyadmin:phpmyadmin" - - http.component:"phpmyadmin" - - http.html:"phpmyadmin" - - http.html:"server_databases.php" - fofa-query: - - body="phpmyadmin" - - body="pma_servername" && body="4.8.4" - - body="server_databases.php" - - title="phpmyadmin" - google-query: intitle:"phpmyadmin" - hunter-query: app.name="phpmyadmin"&&web.body="pma_servername"&&web.body="4.8.4" + vendor: phpmyadmin tags: default-login,phpmyadmin http: diff --git a/http/default-logins/powerjob-default-login.yaml b/http/default-logins/powerjob-default-login.yaml index 4035da659b2..481deb6c0cc 100644 --- a/http/default-logins/powerjob-default-login.yaml +++ b/http/default-logins/powerjob-default-login.yaml @@ -15,14 +15,8 @@ info: max-request: 1 vendor: powerjob product: powerjob - shodan-query: - - http.title:"powerjob" - - http.html:"powerjob" - fofa-query: - - title="powerjob" - - app="powerjob" - - body="powerjob" - google-query: intitle:"powerjob" + shodan-query: http.title:"PowerJob" + fofa-query: title="PowerJob" tags: powerjob,default-login http: diff --git a/http/default-logins/prtg/prtg-default-login.yaml b/http/default-logins/prtg/prtg-default-login.yaml index 360671edd65..64e33fab2c8 100644 --- a/http/default-logins/prtg/prtg-default-login.yaml +++ b/http/default-logins/prtg/prtg-default-login.yaml @@ -12,16 +12,10 @@ info: cpe: cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: paessler + shodan-query: http.favicon.hash:-655683626 product: prtg_network_monitor - shodan-query: - - http.favicon.hash:"-655683626" - - http.title:"prtg" - fofa-query: - - icon_hash="-655683626" - - title="prtg" - google-query: intitle:"prtg" - tags: prtg,default-login,paessler + vendor: paessler + tags: prtg,default-login http: - raw: diff --git a/http/default-logins/pyload/pyload-default-login.yaml b/http/default-logins/pyload/pyload-default-login.yaml index 6af3006636f..a32cb30938b 100644 --- a/http/default-logins/pyload/pyload-default-login.yaml +++ b/http/default-logins/pyload/pyload-default-login.yaml @@ -15,20 +15,7 @@ info: max-request: 1 vendor: pyload product: pyload - shodan-query: - - http.html:"pyload" - - http.title:"login - pyload" - - http.title:"pyload" - fofa-query: - - body="pyload" - - title="login - pyload" - - title="pyload" - google-query: - - intitle:"login - pyload" - - intitle:"pyload" - zoomeye-query: - - app:"pyload" - - app="pyload" + shodan-query: html:"pyload" tags: default-login,pyload http: diff --git a/http/default-logins/rainloop/rainloop-default-login.yaml b/http/default-logins/rainloop/rainloop-default-login.yaml index 53a4a4a6a4b..b0424a04d7b 100644 --- a/http/default-logins/rainloop/rainloop-default-login.yaml +++ b/http/default-logins/rainloop/rainloop-default-login.yaml @@ -15,9 +15,6 @@ info: vendor: rainloop product: webmail fofa-query: app="RAINLOOP-WebMail" - shodan-query: - - cpe:"cpe:2.3:a:roundcube:webmail" - - http.component:"roundcube" tags: default-login,rainloop,webmail,foss http: diff --git a/http/default-logins/rconfig-default-login.yaml b/http/default-logins/rconfig-default-login.yaml index 24ed944d17f..367186976da 100644 --- a/http/default-logins/rconfig-default-login.yaml +++ b/http/default-logins/rconfig-default-login.yaml @@ -15,9 +15,7 @@ info: max-request: 2 vendor: rconfig product: rconfig - shodan-query: http.title:"rconfig" - fofa-query: title="rconfig" - google-query: intitle:"rconfig" + shodan-query: http.title:"rConfig" tags: rconfig,default-login http: diff --git a/http/default-logins/riello/netman-default-login.yaml b/http/default-logins/riello/netman-default-login.yaml index 83d75ced552..91f0fd6ba7e 100644 --- a/http/default-logins/riello/netman-default-login.yaml +++ b/http/default-logins/riello/netman-default-login.yaml @@ -15,19 +15,9 @@ info: max-request: 1 vendor: riello-ups product: netman_204_firmware - shodan-query: - - http.title:"netman" - - http.html:"ups network management card 4" - - http.title:"netman 204" - censys-query: services.http.response.body:"netman204" - fofa-query: - - body="ups network management card 4" - - title="netman 204" - - title="netman" - google-query: - - intitle:"netman 204" - - intitle:"netman" - tags: default-login,netman,riello-ups + shodan-query: title:"Netman" + censys-query: services.http.response.body:"Netman204" + tags: default-login,netman http: - raw: diff --git a/http/default-logins/ruijie/ruijie-nbr-default-login.yaml b/http/default-logins/ruijie/ruijie-nbr-default-login.yaml index 2fe1248c88e..a1d4ce6ba5d 100644 --- a/http/default-logins/ruijie/ruijie-nbr-default-login.yaml +++ b/http/default-logins/ruijie/ruijie-nbr-default-login.yaml @@ -7,8 +7,8 @@ info: description: | Ruijie NBR Series Routers Default Login username and password was discovered. metadata: - verified: true max-request: 1 + verified: true fofa-query: body="上层网络出现异常,请检查外网线路或联系ISP运营商协助排查" tags: default-login,ruijie-nbr diff --git a/http/default-logins/rundeck/rundeck-default-login.yaml b/http/default-logins/rundeck/rundeck-default-login.yaml index 31bc8fdaa67..22a81d2b8e3 100644 --- a/http/default-logins/rundeck/rundeck-default-login.yaml +++ b/http/default-logins/rundeck/rundeck-default-login.yaml @@ -16,12 +16,8 @@ info: max-request: 2 vendor: pagerduty product: rundeck - fofa-query: - - app="rundeck-login" - - title="rundeck" - shodan-query: http.title:"rundeck" - google-query: intitle:"rundeck" - tags: default-login,rundeck,pagerduty + fofa-query: app="Rundeck-Login" + tags: default-login,rundeck variables: username: admin password: admin diff --git a/http/default-logins/samsung/samsung-printer-default-login.yaml b/http/default-logins/samsung/samsung-printer-default-login.yaml index 28be78c42f2..9b1948a5155 100644 --- a/http/default-logins/samsung/samsung-printer-default-login.yaml +++ b/http/default-logins/samsung/samsung-printer-default-login.yaml @@ -16,11 +16,9 @@ info: metadata: verified: true max-request: 1 - vendor: samsung + shodan-query: title:"SyncThru Web Service" product: scx-6555n - shodan-query: http.title:"syncthru web service" - fofa-query: title="syncthru web service" - google-query: intitle:"syncthru web service" + vendor: samsung tags: default-login,iot,samsung,printer http: diff --git a/http/default-logins/sato/sato-default-login.yaml b/http/default-logins/sato/sato-default-login.yaml index 0bba1bb69c5..b85108e7a3e 100644 --- a/http/default-logins/sato/sato-default-login.yaml +++ b/http/default-logins/sato/sato-default-login.yaml @@ -8,7 +8,7 @@ info: Sato using default credentials was discovered. metadata: verified: true - max-request: 2 + max-request: 1 shodan-query: title:"Sato" tags: sato,default-login,printer diff --git a/http/default-logins/seeddms/seeddms-default-login.yaml b/http/default-logins/seeddms/seeddms-default-login.yaml index 186ffd845ec..5b2f9bf7aad 100644 --- a/http/default-logins/seeddms/seeddms-default-login.yaml +++ b/http/default-logins/seeddms/seeddms-default-login.yaml @@ -15,11 +15,9 @@ info: cpe: cpe:2.3:a:seeddms:seeddms:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: seeddms + shodan-query: http.title:"SeedDMS" product: seeddms - shodan-query: http.title:"seeddms" - fofa-query: title="seeddms" - google-query: intitle:"seeddms" + vendor: seeddms tags: default-login,seeddms http: diff --git a/http/default-logins/siemens/siemens-simatic-default-login.yaml b/http/default-logins/siemens/siemens-simatic-default-login.yaml index 32778b4b785..6f11aef1560 100644 --- a/http/default-logins/siemens/siemens-simatic-default-login.yaml +++ b/http/default-logins/siemens/siemens-simatic-default-login.yaml @@ -7,8 +7,8 @@ info: description: | Identified Siemens SIMATIC HMI MiniWeb interfaces that were accessible using default credentials.These interfaces are used to remotely monitor and control Human-Machine Interface (HMI) panels deployed in industrial environments. Leaving the default login in place posed a significant risk to operational technology (OT) systems. metadata: - verified: true max-request: 1 + verified: true shodan-query: title:"Miniweb Start Page" tags: ics,siemens,default-login diff --git a/http/default-logins/softether/softether-vpn-default-login.yaml b/http/default-logins/softether/softether-vpn-default-login.yaml index 083b649601e..720a37af797 100644 --- a/http/default-logins/softether/softether-vpn-default-login.yaml +++ b/http/default-logins/softether/softether-vpn-default-login.yaml @@ -15,9 +15,7 @@ info: max-request: 1 vendor: softether product: vpn - shodan-query: http.title:"softether vpn server" - fofa-query: title="softether vpn server" - google-query: intitle:"softether vpn server" + shodan-query: title:"SoftEther VPN Server" tags: misconfig,vpn,softether,default-login http: diff --git a/http/default-logins/sonarqube/sonarqube-default-login.yaml b/http/default-logins/sonarqube/sonarqube-default-login.yaml index f6a4ded7e98..dc02079ffc3 100644 --- a/http/default-logins/sonarqube/sonarqube-default-login.yaml +++ b/http/default-logins/sonarqube/sonarqube-default-login.yaml @@ -16,14 +16,10 @@ info: metadata: verified: true max-request: 4 - vendor: sonarsource + shodan-query: title:"Sonarqube" product: sonarqube - shodan-query: http.title:"sonarqube" - fofa-query: - - app="sonarqube-代码管理" - - title="sonarqube" - google-query: intitle:"sonarqube" - tags: default-login,sonarqube,sonarsource + vendor: sonarsource + tags: default-login,sonarqube http: - raw: diff --git a/http/default-logins/soplanning/soplanning-default-login.yaml b/http/default-logins/soplanning/soplanning-default-login.yaml index 21585f89df9..b30ee2d288f 100644 --- a/http/default-logins/soplanning/soplanning-default-login.yaml +++ b/http/default-logins/soplanning/soplanning-default-login.yaml @@ -13,7 +13,9 @@ info: max-request: 1 vendor: soplanning product: soplanning - shodan-query: http.html:"soplanning" + shodan-query: + - html:"soplanning" + - http.html:"soplanning" fofa-query: body="soplanning" tags: soplanning,default-login diff --git a/http/default-logins/splunk/splunk-default-login.yaml b/http/default-logins/splunk/splunk-default-login.yaml index cf182d2dc14..73c9f181a97 100644 --- a/http/default-logins/splunk/splunk-default-login.yaml +++ b/http/default-logins/splunk/splunk-default-login.yaml @@ -13,15 +13,7 @@ info: max-request: 9 vendor: splunk product: splunk - shodan-query: - - http.title:"splunk" - - http.title:"login - splunk" - fofa-query: - - title="login - splunk" - - title="splunk" - google-query: - - intitle:"login - splunk" - - intitle:"splunk" + shodan-query: http.title:"Splunk" tags: default-login,splunk http: diff --git a/http/default-logins/stackstorm/stackstorm-default-login.yaml b/http/default-logins/stackstorm/stackstorm-default-login.yaml index a2b7e9d7251..10fcd3bda2d 100644 --- a/http/default-logins/stackstorm/stackstorm-default-login.yaml +++ b/http/default-logins/stackstorm/stackstorm-default-login.yaml @@ -14,9 +14,9 @@ info: cpe: cpe:2.3:a:stackstorm:stackstorm:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: stackstorm - product: stackstorm fofa-query: app="stackstorm" + product: stackstorm + vendor: stackstorm tags: stackstorm,default-login http: diff --git a/http/default-logins/steve/steve-default-login.yaml b/http/default-logins/steve/steve-default-login.yaml index 52668e50cf9..a6c594a279b 100644 --- a/http/default-logins/steve/steve-default-login.yaml +++ b/http/default-logins/steve/steve-default-login.yaml @@ -17,12 +17,11 @@ info: metadata: verified: true max-request: 2 - vendor: steve-community + shodan-query: http.title:"SteVe - Steckdosenverwaltung" + google-query: intitle:"SteVe - Steckdosenverwaltung" product: steve - shodan-query: http.title:"steve - steckdosenverwaltung" - google-query: intitle:"steve - steckdosenverwaltung" - fofa-query: title="steve - steckdosenverwaltung" - tags: panel,default-login,steve,steve-community + vendor: steve-community + tags: panel,default-login,steve http: - raw: diff --git a/http/default-logins/structurizr/structurizr-default-login.yaml b/http/default-logins/structurizr/structurizr-default-login.yaml index ef9db41b5f7..e27f586bee7 100644 --- a/http/default-logins/structurizr/structurizr-default-login.yaml +++ b/http/default-logins/structurizr/structurizr-default-login.yaml @@ -11,9 +11,9 @@ info: metadata: verified: true max-request: 3 - vendor: structurizr + shodan-query: http.favicon.hash:1199592666 product: on-premises_installation - shodan-query: http.favicon.hash:"1199592666" + vendor: structurizr fofa-query: icon_hash=1199592666 tags: structurizr,default-login diff --git a/http/default-logins/timekeeper/timekeeper-default-login.yaml b/http/default-logins/timekeeper/timekeeper-default-login.yaml index d0fd67b7fc6..0f6f8164ab4 100644 --- a/http/default-logins/timekeeper/timekeeper-default-login.yaml +++ b/http/default-logins/timekeeper/timekeeper-default-login.yaml @@ -11,11 +11,11 @@ info: metadata: verified: true max-request: 1 - vendor: fsmlabs + shodan-query: http.favicon.hash:2134367771 product: timekeeper - shodan-query: http.favicon.hash:"2134367771" + vendor: fsmlabs fofa-query: icon_hash=2134367771 - tags: timekeeper,default-login,fsmlabs + tags: timekeeper,default-login http: - raw: diff --git a/http/default-logins/tiny-file-manager-default-login.yaml b/http/default-logins/tiny-file-manager-default-login.yaml index e04b015a40b..125b5f9571b 100644 --- a/http/default-logins/tiny-file-manager-default-login.yaml +++ b/http/default-logins/tiny-file-manager-default-login.yaml @@ -16,11 +16,10 @@ info: metadata: verified: true max-request: 3 - vendor: tinyfilemanager_project + shodan-query: html:"Tiny File Manager" product: tinyfilemanager - shodan-query: http.html:"tiny file manager" - fofa-query: body="tiny file manager" - tags: default-login,tiny,filemanager,tinyfilemanager_project + vendor: tinyfilemanager_project + tags: default-login,tiny,filemanager http: - raw: diff --git a/http/default-logins/tooljet/tooljet-default-login.yaml b/http/default-logins/tooljet/tooljet-default-login.yaml index f70048da652..23f2f035bff 100644 --- a/http/default-logins/tooljet/tooljet-default-login.yaml +++ b/http/default-logins/tooljet/tooljet-default-login.yaml @@ -16,17 +16,9 @@ info: metadata: verified: true max-request: 1 - vendor: tooljet + shodan-query: title:"tooljet" product: tooljet - shodan-query: - - http.title:"tooljet" - - http.title:"tooljet - dashboard" - fofa-query: - - title="tooljet - dashboard" - - title="tooljet" - google-query: - - intitle:"tooljet - dashboard" - - intitle:"tooljet" + vendor: tooljet tags: default-login,tooljet http: diff --git a/http/default-logins/unify/unify-hipath-default-login.yaml b/http/default-logins/unify/unify-hipath-default-login.yaml index fd5911f74af..a38b5309e42 100644 --- a/http/default-logins/unify/unify-hipath-default-login.yaml +++ b/http/default-logins/unify/unify-hipath-default-login.yaml @@ -20,8 +20,8 @@ info: metadata: verified: true max-request: 2 - vendor: unify product: hipath + vendor: unify tags: default-login,unify,hipath http: diff --git a/http/default-logins/versa/versa-flexvnf-default-login.yaml b/http/default-logins/versa/versa-flexvnf-default-login.yaml index 1e8a4a3bf63..95e7477d25a 100644 --- a/http/default-logins/versa/versa-flexvnf-default-login.yaml +++ b/http/default-logins/versa/versa-flexvnf-default-login.yaml @@ -15,12 +15,10 @@ info: metadata: verified: true max-request: 4 - vendor: versa-networks + shodan-query: title:"Flex VNF Web-UI" product: versa_operating_system - shodan-query: http.title:"flex vnf web-ui" - fofa-query: title="flex vnf web-ui" - google-query: intitle:"flex vnf web-ui" - tags: default-login,versa,flexvnf,versa-networks + vendor: versa-networks + tags: default-login,versa,flexvnf http: - raw: diff --git a/http/default-logins/wago/wago-webbased-default-login.yaml b/http/default-logins/wago/wago-webbased-default-login.yaml index 992d0273171..b30efeeaac1 100644 --- a/http/default-logins/wago/wago-webbased-default-login.yaml +++ b/http/default-logins/wago/wago-webbased-default-login.yaml @@ -5,11 +5,11 @@ info: author: biero-el-corridor severity: high description: | - Identified WAGO Web-Based Management interfaces that were accessible using default credentials (admin:wago).These interfaces are used to configure and monitor WAGO programmable logic controllers (PLCs) and automation systems. Use of factory-default credentials exposed critical OT infrastructure to unauthorized access. + Identified WAGO Web-Based Management interfaces that were accessible using default credentials (admin:wago).These interfaces are used to configure and monitor WAGO programmable logic controllers (PLCs) and automation systems. Use of factory-default credentials exposed critical OT infrastructure to unauthorized access. metadata: + shodan-query: html:"WAGO Ethernet Web-based Management" verified: true max-request: 1 - shodan-query: html:"WAGO Ethernet Web-based Management" tags: wago,default-login http: diff --git a/http/default-logins/wazuh-default-login.yaml b/http/default-logins/wazuh-default-login.yaml index e316ee19f38..db0312b5aef 100644 --- a/http/default-logins/wazuh-default-login.yaml +++ b/http/default-logins/wazuh-default-login.yaml @@ -17,11 +17,7 @@ info: max-request: 7 vendor: wazuh product: wazuh - shodan-query: http.title:"wazuh" - fofa-query: - - app="wazuh" - - title="wazuh" - google-query: intitle:"wazuh" + shodan-query: "title:\"Wazuh\"" tags: wazuh,default-login http: diff --git a/http/default-logins/webmethod/webmethod-integration-default-login.yaml b/http/default-logins/webmethod/webmethod-integration-default-login.yaml index e62734749a0..8966c54abda 100644 --- a/http/default-logins/webmethod/webmethod-integration-default-login.yaml +++ b/http/default-logins/webmethod/webmethod-integration-default-login.yaml @@ -11,11 +11,10 @@ info: metadata: verified: true max-request: 5 - vendor: softwareag + shodan-query: "http.favicon.hash:-234335289" product: webmethods - shodan-query: http.favicon.hash:"-234335289" - fofa-query: icon_hash=-234335289 - tags: default-login,webmethod,softwareag + vendor: softwareag + tags: default-login,webmethod flow: http(1) && http(2) http: diff --git a/http/default-logins/webmin-default-login.yaml b/http/default-logins/webmin-default-login.yaml index fc1feb80142..c4e7af8f0c0 100644 --- a/http/default-logins/webmin-default-login.yaml +++ b/http/default-logins/webmin-default-login.yaml @@ -15,11 +15,9 @@ info: metadata: verified: true max-request: 2 - vendor: webmin + shodan-query: title:"Webmin" product: webmin - shodan-query: http.title:"webmin" - fofa-query: title="webmin" - google-query: intitle:"webmin" + vendor: webmin tags: webmin,default-login http: diff --git a/http/default-logins/xnat/xnat-default-login.yaml b/http/default-logins/xnat/xnat-default-login.yaml index 6117009b2c6..c784c154d87 100644 --- a/http/default-logins/xnat/xnat-default-login.yaml +++ b/http/default-logins/xnat/xnat-default-login.yaml @@ -15,11 +15,9 @@ info: metadata: verified: true max-request: 1 - vendor: xnat + shodan-query: http.title:"XNAT" product: xnat - shodan-query: http.title:"xnat" - fofa-query: title="xnat" - google-query: intitle:"xnat" + vendor: xnat tags: default-login,xnat http: diff --git a/http/default-logins/xui/xui-default-login.yaml b/http/default-logins/xui/xui-default-login.yaml index e0883cbd777..175e42ddcfd 100644 --- a/http/default-logins/xui/xui-default-login.yaml +++ b/http/default-logins/xui/xui-default-login.yaml @@ -15,12 +15,11 @@ info: metadata: verified: true max-request: 2 - vendor: vaxilu + fofa-query: title="X-UI Login" + shodan-query: title:"X-UI Login" product: x-ui - shodan-query: http.title:"x-ui login" - fofa-query: title="x-ui login" - google-query: intitle:"x-ui login" - tags: x-ui,default-login,vaxilu + vendor: vaxilu + tags: x-ui,default-login http: - method: GET diff --git a/http/default-logins/xxljob/xxljob-default-login.yaml b/http/default-logins/xxljob/xxljob-default-login.yaml index 386609dc10b..ff8e42579d4 100644 --- a/http/default-logins/xxljob/xxljob-default-login.yaml +++ b/http/default-logins/xxljob/xxljob-default-login.yaml @@ -14,13 +14,11 @@ info: metadata: verified: true max-request: 2 - vendor: xuxueli + shodan-query: http.favicon.hash:1691956220 product: xxl-job - shodan-query: http.favicon.hash:"1691956220" - fofa-query: - - icon_hash=1691956220 - - app="xxl-job" - tags: default-login,xxljob,xuxueli + vendor: xuxueli + fofa-query: icon_hash=1691956220 + tags: default-login,xxljob http: - raw: diff --git a/http/default-logins/zebra/zebra-printer-default-login.yaml b/http/default-logins/zebra/zebra-printer-default-login.yaml index d94d7e6a77d..2710c1690f2 100644 --- a/http/default-logins/zebra/zebra-printer-default-login.yaml +++ b/http/default-logins/zebra/zebra-printer-default-login.yaml @@ -8,7 +8,7 @@ info: Zebra default login credentials was discovered. metadata: verified: true - max-request: 2 + max-request: 4 shodan-query: title:"Zebra" tags: zebra,default-login,misconfig,printer diff --git a/http/default-logins/zoho/app-manager-default-login.yaml b/http/default-logins/zoho/app-manager-default-login.yaml index 8393d47a0db..d85cfa0bd68 100644 --- a/http/default-logins/zoho/app-manager-default-login.yaml +++ b/http/default-logins/zoho/app-manager-default-login.yaml @@ -9,10 +9,11 @@ info: reference: - https://www.manageengine.com/products/applications_manager/ metadata: - verified: true - max-request: 3 shodan-query: title:"Applications Manager Login Screen" + verified: true + max-request: 1 tags: default-login,manageengine,zoho + variables: username: "admin" password: "admin" diff --git a/http/exposed-panels/3cx-phone-management-panel.yaml b/http/exposed-panels/3cx-phone-management-panel.yaml index ff51a3aca64..00e95d82c6b 100644 --- a/http/exposed-panels/3cx-phone-management-panel.yaml +++ b/http/exposed-panels/3cx-phone-management-panel.yaml @@ -18,16 +18,18 @@ info: vendor: 3cx product: 3cx shodan-query: - - http.title:"3cx phone system management console" - - http.favicon.hash:"970132176" + - http.title:"3CX Phone System Management Console" + - http.favicon.hash:970132176 - http.title:"3cx webclient" + - http.title:"3cx phone system management console" + google-query: + - intitle:"3CX Phone System Management Console" + - intitle:"3cx phone system management console" + - intitle:"3cx webclient" fofa-query: - icon_hash=970132176 - title="3cx phone system management console" - title="3cx webclient" - google-query: - - intitle:"3cx phone system management console" - - intitle:"3cx webclient" tags: panel,3cx http: diff --git a/http/exposed-panels/3cx-phone-webclient-management-panel.yaml b/http/exposed-panels/3cx-phone-webclient-management-panel.yaml index 7a14faf9fea..f16f01ed3cf 100644 --- a/http/exposed-panels/3cx-phone-webclient-management-panel.yaml +++ b/http/exposed-panels/3cx-phone-webclient-management-panel.yaml @@ -18,16 +18,18 @@ info: vendor: 3cx product: 3cx shodan-query: + - http.title:"3CX Webclient" - http.title:"3cx webclient" - http.title:"3cx phone system management console" - - http.favicon.hash:"970132176" + - http.favicon.hash:970132176 + google-query: + - intitle:"3CX Webclient" + - intitle:"3cx phone system management console" + - intitle:"3cx webclient" fofa-query: - icon_hash=970132176 - title="3cx phone system management console" - title="3cx webclient" - google-query: - - intitle:"3cx webclient" - - intitle:"3cx phone system management console" tags: panel,3cx http: diff --git a/http/exposed-panels/acemanager-login.yaml b/http/exposed-panels/acemanager-login.yaml index 6b92d768369..493259a6b61 100644 --- a/http/exposed-panels/acemanager-login.yaml +++ b/http/exposed-panels/acemanager-login.yaml @@ -12,7 +12,9 @@ info: max-request: 1 vendor: sierrawireless product: airlink_mobility_manager - fofa-query: app="acemanager" + fofa-query: + - app="ACEmanager" + - app="acemanager" tags: panel,login,tech,acemanager,sierrawireless http: diff --git a/http/exposed-panels/acti-panel.yaml b/http/exposed-panels/acti-panel.yaml index 8651b915043..3ded16f0a1c 100644 --- a/http/exposed-panels/acti-panel.yaml +++ b/http/exposed-panels/acti-panel.yaml @@ -11,16 +11,8 @@ info: max-request: 1 vendor: acti product: camera_firmware - shodan-query: - - http.title:"web configurator" html:"acti" - - http.title:"web configurator" - fofa-query: - - app="acti-视频监控" - - title="web configurator" - - title="web configurator" html:"acti" - google-query: - - intitle:"web configurator" - - intitle:"web configurator" html:"acti" + shodan-query: title:"Web Configurator" html:"ACTi" + fofa-query: app="ACTi-视频监控" tags: acti,panel,login,detect http: diff --git a/http/exposed-panels/activemq-panel.yaml b/http/exposed-panels/activemq-panel.yaml index eed8e69e103..5732df0ad7b 100644 --- a/http/exposed-panels/activemq-panel.yaml +++ b/http/exposed-panels/activemq-panel.yaml @@ -12,16 +12,13 @@ info: cwe-id: CWE-200 cpe: cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:* metadata: - max-request: 3 + max-request: 1 vendor: apache product: activemq shodan-query: - - '[cpe:"cpe:2.3:a:apache:activemq" product:"activemq openwire transport" http.title:"apache activemq"]' - cpe:"cpe:2.3:a:apache:activemq" - - http.title:"apache activemq" - product:"activemq openwire transport" - fofa-query: title="apache activemq" - google-query: intitle:"apache activemq" + - http.title:"Apache ActiveMQ" tags: panel,activemq,apache,login http: diff --git a/http/exposed-panels/acunetix-login.yaml b/http/exposed-panels/acunetix-login.yaml index 0273dc4453b..d2af74e9922 100644 --- a/http/exposed-panels/acunetix-login.yaml +++ b/http/exposed-panels/acunetix-login.yaml @@ -12,11 +12,9 @@ info: metadata: verified: true max-request: 1 - vendor: acunetix + shodan-query: title:"Acunetix" product: web_vulnerability_scanner - shodan-query: http.title:"acunetix" - fofa-query: title="acunetix" - google-query: intitle:"acunetix" + vendor: acunetix tags: panel,acunetix http: diff --git a/http/exposed-panels/adapt-panel.yaml b/http/exposed-panels/adapt-panel.yaml index e5f002fee7d..0699af0641e 100644 --- a/http/exposed-panels/adapt-panel.yaml +++ b/http/exposed-panels/adapt-panel.yaml @@ -9,9 +9,9 @@ info: classification: cwe-id: CWE-200 metadata: - verified: true max-request: 1 shodan-query: http.title:"Adapt authoring tool" + verified: true tags: panel,adapt,login,detect http: diff --git a/http/exposed-panels/adfinity-panel.yaml b/http/exposed-panels/adfinity-panel.yaml index 216c543e719..e54ecb3d694 100644 --- a/http/exposed-panels/adfinity-panel.yaml +++ b/http/exposed-panels/adfinity-panel.yaml @@ -1,19 +1,19 @@ id: adfinity-panel -info: - name: Adfinity Login Panel - Detect - author: righettod - severity: info - description: | - Adfinity products was detected. - reference: - - https://easi.net/en/solutions/adfinity - metadata: - verified: true - max-request: 1 - shodan-query: http.html:"Adfinity" - tags: panel,adfinity,login - +info: + name: Adfinity Login Panel - Detect + author: righettod + severity: info + description: | + Adfinity products was detected. + reference: + - https://easi.net/en/solutions/adfinity + metadata: + max-request: 1 + verified: true + shodan-query: http.html:"Adfinity" + tags: panel,adfinity,login + http: - method: GET path: diff --git a/http/exposed-panels/adguard-panel.yaml b/http/exposed-panels/adguard-panel.yaml index 66ecaa11c4e..58cf7714d7a 100644 --- a/http/exposed-panels/adguard-panel.yaml +++ b/http/exposed-panels/adguard-panel.yaml @@ -13,9 +13,7 @@ info: max-request: 1 vendor: adguard product: adguard - fofa-query: - - title="adguard home" - - title="setup adguard home" + fofa-query: title="AdGuard Home" tags: adguard,panel,login,detect http: diff --git a/http/exposed-panels/adhoc-transfer-panel.yaml b/http/exposed-panels/adhoc-transfer-panel.yaml index e432722165e..0a039c5d1c4 100644 --- a/http/exposed-panels/adhoc-transfer-panel.yaml +++ b/http/exposed-panels/adhoc-transfer-panel.yaml @@ -11,16 +11,17 @@ info: vendor: progress product: ws_ftp shodan-query: + - http.title:"Ad Hoc Transfer" + - ws_ftp port:22 - http.title:"ad hoc transfer" - - ws_ftp port:"22" - http.title:"ws_ftp server web transfer" fofa-query: - title="ws_ftp server web transfer" - title="ad hoc transfer" - censys-query: services.http.request.uri="*/thinclient/wtm/public/index.html" google-query: - intitle:"ws_ftp server web transfer" - intitle:"ad hoc transfer" + censys-query: services.http.request.uri="*/thinclient/wtm/public/index.html" tags: panel,wsftp,ad-hoc,detect,login,progress http: diff --git a/http/exposed-panels/adminer-panel-detect.yaml b/http/exposed-panels/adminer-panel-detect.yaml index c342c04679f..e7b811c4db3 100644 --- a/http/exposed-panels/adminer-panel-detect.yaml +++ b/http/exposed-panels/adminer-panel-detect.yaml @@ -12,19 +12,17 @@ info: cwe-id: CWE-200 cpe: cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* metadata: - max-request: 777 + max-request: 741 vendor: adminer product: adminer shodan-query: - - '[cpe:"cpe:2.3:a:adminer:adminer" http.title:"login - adminer"]' - cpe:"cpe:2.3:a:adminer:adminer" - http.title:"login - adminer" fofa-query: - - '[title="login - adminer" app="adminer" && body="4.7.8"]' - - app="adminer" && body="4.7.8" - title="login - adminer" - google-query: intitle:"login - adminer" + - app="adminer" && body="4.7.8" hunter-query: app.name="adminer"&&web.body="4.7.8" + google-query: intitle:"login - adminer" tags: panel,fuzz,adminer,login,sqli http: diff --git a/http/exposed-panels/adminer-panel.yaml b/http/exposed-panels/adminer-panel.yaml index 728764d92ac..74fc7bf86a0 100644 --- a/http/exposed-panels/adminer-panel.yaml +++ b/http/exposed-panels/adminer-panel.yaml @@ -12,19 +12,18 @@ info: cpe: cpe:2.3:a:adminer:adminer:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 9 + max-request: 8 vendor: adminer product: adminer shodan-query: - - '[title:"login - adminer" cpe:"cpe:2.3:a:adminer:adminer" http.title:"login - adminer"]' + - title:"Login - Adminer" - cpe:"cpe:2.3:a:adminer:adminer" - http.title:"login - adminer" fofa-query: - - '[title="login - adminer" app="adminer" && body="4.7.8"]' - - app="adminer" && body="4.7.8" - title="login - adminer" - google-query: intitle:"login - adminer" + - app="adminer" && body="4.7.8" hunter-query: app.name="adminer"&&web.body="4.7.8" + google-query: intitle:"login - adminer" tags: panel,adminer http: diff --git a/http/exposed-panels/adobe/adobe-component-login.yaml b/http/exposed-panels/adobe/adobe-component-login.yaml index 69d5482fb85..809721d019a 100644 --- a/http/exposed-panels/adobe/adobe-component-login.yaml +++ b/http/exposed-panels/adobe/adobe-component-login.yaml @@ -15,6 +15,7 @@ info: vendor: adobe product: coldfusion shodan-query: + - http.component:"Adobe ColdFusion" - http.component:"adobe coldfusion" - http.title:"coldfusion administrator login" - cpe:"cpe:2.3:a:adobe:coldfusion" diff --git a/http/exposed-panels/adobe/adobe-connect-central-login.yaml b/http/exposed-panels/adobe/adobe-connect-central-login.yaml index e4847260737..08d2f24861c 100644 --- a/http/exposed-panels/adobe/adobe-connect-central-login.yaml +++ b/http/exposed-panels/adobe/adobe-connect-central-login.yaml @@ -14,15 +14,9 @@ info: max-request: 1 vendor: adobe product: connect - shodan-query: - - http.title:"openvpn connect" - - http.title:"ovpn config download" - fofa-query: - - title="openvpn connect" - - title="ovpn config download" - google-query: - - intitle:"openvpn connect" - - intitle:"ovpn config download" + shodan-query: http.title:"openvpn connect" + fofa-query: title="openvpn connect" + google-query: intitle:"openvpn connect" tags: adobe,panel,connect-central http: diff --git a/http/exposed-panels/adobe/adobe-experience-manager-login.yaml b/http/exposed-panels/adobe/adobe-experience-manager-login.yaml index 28e0cece03c..c67be4c0f56 100644 --- a/http/exposed-panels/adobe/adobe-experience-manager-login.yaml +++ b/http/exposed-panels/adobe/adobe-experience-manager-login.yaml @@ -15,8 +15,9 @@ info: vendor: adobe product: experience_manager shodan-query: - - http.title:"aem sign in" + - http.title:"AEM Sign In" - http.component:"adobe experience manager" + - http.title:"aem sign in" - cpe:"cpe:2.3:a:adobe:experience_manager" fofa-query: title="aem sign in" google-query: intitle:"aem sign in" diff --git a/http/exposed-panels/adobe/aem-crx-package-manager.yaml b/http/exposed-panels/adobe/aem-crx-package-manager.yaml index d5b3eac7a0d..6de3390aa9f 100644 --- a/http/exposed-panels/adobe/aem-crx-package-manager.yaml +++ b/http/exposed-panels/adobe/aem-crx-package-manager.yaml @@ -16,8 +16,10 @@ info: vendor: adobe product: experience_manager shodan-query: - - http.title:"aem sign in" + - http.title:"AEM Sign In" + - http.component:"Adobe Experience Manager" - http.component:"adobe experience manager" + - http.title:"aem sign in" - cpe:"cpe:2.3:a:adobe:experience_manager" fofa-query: title="aem sign in" google-query: intitle:"aem sign in" diff --git a/http/exposed-panels/adobe/aem-sling-login.yaml b/http/exposed-panels/adobe/aem-sling-login.yaml index 3cfc967e877..1de285ffe4a 100644 --- a/http/exposed-panels/adobe/aem-sling-login.yaml +++ b/http/exposed-panels/adobe/aem-sling-login.yaml @@ -16,8 +16,10 @@ info: vendor: adobe product: experience_manager shodan-query: - - http.title:"aem sign in" + - http.title:"AEM Sign In" + - http.component:"Adobe Experience Manager" - http.component:"adobe experience manager" + - http.title:"aem sign in" - cpe:"cpe:2.3:a:adobe:experience_manager" fofa-query: title="aem sign in" google-query: intitle:"aem sign in" diff --git a/http/exposed-panels/aerohive-netconfig-ui.yaml b/http/exposed-panels/aerohive-netconfig-ui.yaml index 2bcb60d55cb..d69e178bc3d 100644 --- a/http/exposed-panels/aerohive-netconfig-ui.yaml +++ b/http/exposed-panels/aerohive-netconfig-ui.yaml @@ -12,12 +12,10 @@ info: cpe: cpe:2.3:h:extremenetworks:aerohive_netconfig:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: extremenetworks + shodan-query: http.title:"Aerohive NetConfig UI" product: aerohive_netconfig - shodan-query: http.title:"aerohive netconfig ui" - fofa-query: title="aerohive netconfig ui" - google-query: intitle:"aerohive netconfig ui" - tags: panel,tech,hiveos,aerohive,extremenetworks + vendor: extremenetworks + tags: panel,tech,hiveos,aerohive http: - method: GET diff --git a/http/exposed-panels/aethra-panel.yaml b/http/exposed-panels/aethra-panel.yaml index 76065c1d496..4da3ca5a460 100644 --- a/http/exposed-panels/aethra-panel.yaml +++ b/http/exposed-panels/aethra-panel.yaml @@ -9,9 +9,9 @@ info: classification: cwe-id: CWE-200 metadata: - verified: true max-request: 1 shodan-query: http.title:"Aethra Telecommunications Operating System" + verified: true tags: panel,aethra,login,detect http: diff --git a/http/exposed-panels/afterlogic-webmail-login.yaml b/http/exposed-panels/afterlogic-webmail-login.yaml index 4ab221ac931..807d3d64ced 100644 --- a/http/exposed-panels/afterlogic-webmail-login.yaml +++ b/http/exposed-panels/afterlogic-webmail-login.yaml @@ -10,10 +10,10 @@ info: cwe-id: CWE-200 cpe: cpe:2.3:a:afterlogic:aurora:*:*:*:*:*:*:*:* metadata: + fofa-query: 'X-Server: AfterlogicDAVServer' max-request: 1 - vendor: afterlogic product: aurora - fofa-query: "x-server: afterlogicdavserver" + vendor: afterlogic tags: panel,afterlogic,login,detect http: diff --git a/http/exposed-panels/aircube-dashboard-panel.yaml b/http/exposed-panels/aircube-dashboard-panel.yaml index a67810c9d8d..bbccc234a0c 100644 --- a/http/exposed-panels/aircube-dashboard-panel.yaml +++ b/http/exposed-panels/aircube-dashboard-panel.yaml @@ -12,16 +12,10 @@ info: metadata: verified: true max-request: 1 - vendor: ui + shodan-query: http.title:"AirCube Dashboard" product: aircube - shodan-query: - - http.title:"aircube dashboard" - - http.favicon.hash:"1249285083" - fofa-query: - - icon_hash=1249285083 - - title="aircube dashboard" - google-query: intitle:"aircube dashboard" - tags: panel,aircube,ui + vendor: ui + tags: panel,aircube http: - method: GET diff --git a/http/exposed-panels/aircube-login.yaml b/http/exposed-panels/aircube-login.yaml index 51b46e2ef39..82a4e659993 100644 --- a/http/exposed-panels/aircube-login.yaml +++ b/http/exposed-panels/aircube-login.yaml @@ -12,16 +12,10 @@ info: metadata: verified: true max-request: 1 - vendor: ui + shodan-query: http.favicon.hash:1249285083 product: aircube - shodan-query: - - http.favicon.hash:"1249285083" - - http.title:"aircube dashboard" - fofa-query: - - icon_hash=1249285083 - - title="aircube dashboard" - google-query: intitle:"aircube dashboard" - tags: panel,aircube,ubiquiti,ui + vendor: ui + tags: panel,aircube,ubiquiti http: - method: GET diff --git a/http/exposed-panels/airflow-panel.yaml b/http/exposed-panels/airflow-panel.yaml index 8347a137a73..56b141c1109 100644 --- a/http/exposed-panels/airflow-panel.yaml +++ b/http/exposed-panels/airflow-panel.yaml @@ -16,21 +16,17 @@ info: vendor: apache product: airflow shodan-query: - - http.title:"sign in - airflow" + - title:"Sign In - Airflow" - http.title:"airflow - dags" || http.html:"apache airflow" + - http.title:"sign in - airflow" - product:"redis" - - http.html:"apache airflow" - - http.title:"airflow - dags" fofa-query: - apache airflow - title="airflow - dags" || http.html:"apache airflow" - title="sign in - airflow" - - body="apache airflow" - - title="airflow - dags" google-query: - intitle:"airflow - dags" || http.html:"apache airflow" - intitle:"sign in - airflow" - - intitle:"airflow - dags" tags: panel,apache,airflow,admin http: diff --git a/http/exposed-panels/airos-panel.yaml b/http/exposed-panels/airos-panel.yaml index 3796fab9375..60a3977b641 100644 --- a/http/exposed-panels/airos-panel.yaml +++ b/http/exposed-panels/airos-panel.yaml @@ -13,9 +13,8 @@ info: max-request: 1 vendor: ui product: airos - shodan-query: http.favicon.hash:"-697231354" - fofa-query: icon_hash=-697231354 - tags: airos,panel,ui + shodan-query: "http.favicon.hash:-697231354" + tags: airos,panel http: - method: GET diff --git a/http/exposed-panels/akuiteo-panel.yaml b/http/exposed-panels/akuiteo-panel.yaml index 461ec1f695b..57abcef59f1 100644 --- a/http/exposed-panels/akuiteo-panel.yaml +++ b/http/exposed-panels/akuiteo-panel.yaml @@ -1,18 +1,19 @@ id: akuiteo-panel -info: - name: Akuiteo Login Panel - Detect - author: righettod - severity: info - description: | - Akuiteo products was detected. - reference: - - https://www.akuiteo.com/en/ - metadata: - verified: true - max-request: 3 - shodan-query: title:"Akuiteo" - tags: panel,akuiteo,login,detect +info: + name: Akuiteo Login Panel - Detect + author: righettod + severity: info + description: | + Akuiteo products was detected. + reference: + - https://www.akuiteo.com/en/ + metadata: + verified: true + max-request: 1 + shodan-query: title:"Akuiteo" + tags: panel,akuiteo,login,detect + http: - method: GET path: diff --git a/http/exposed-panels/allied-telesis-exposure.yaml b/http/exposed-panels/allied-telesis-exposure.yaml index ddfc59c6e7b..95ecefb8247 100644 --- a/http/exposed-panels/allied-telesis-exposure.yaml +++ b/http/exposed-panels/allied-telesis-exposure.yaml @@ -15,7 +15,9 @@ info: max-request: 1 vendor: allied_telesis product: device_gui - shodan-query: http.title:"allied telesis device gui" + shodan-query: + - title:"Allied Telesis Device GUI" + - http.title:"allied telesis device gui" fofa-query: title="allied telesis device gui" google-query: intitle:"allied telesis device gui" tags: panel,allied,allied_telesis diff --git a/http/exposed-panels/amcrest-login.yaml b/http/exposed-panels/amcrest-login.yaml index 878bbce8757..aa01a74da46 100644 --- a/http/exposed-panels/amcrest-login.yaml +++ b/http/exposed-panels/amcrest-login.yaml @@ -15,12 +15,15 @@ info: vendor: amcrest product: ip2m-853ew shodan-query: - - http.html:"amcrest" + - html:"amcrest" - http.html:"amcrest" "ldap user" + - http.html:"amcrest" + google-query: + - intext:"amcrest" "LDAP User" + - intext:"amcrest" "ldap user" fofa-query: - body="amcrest" "ldap user" - body="amcrest" - google-query: intext:"amcrest" "ldap user" tags: panel,camera,amcrest,edb http: diff --git a/http/exposed-panels/amp-application-panel.yaml b/http/exposed-panels/amp-application-panel.yaml index 0185bf27fb0..7a6502be8ae 100644 --- a/http/exposed-panels/amp-application-panel.yaml +++ b/http/exposed-panels/amp-application-panel.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: cubecoders product: amp - shodan-query: http.title:"amp - application management panel" + shodan-query: + - title:"AMP - Application Management Panel" + - http.title:"amp - application management panel" fofa-query: title="amp - application management panel" google-query: intitle:"amp - application management panel" tags: panel,amp,cubecoders diff --git a/http/exposed-panels/ampache-panel.yaml b/http/exposed-panels/ampache-panel.yaml index eaa7f6dd034..0fa83421721 100644 --- a/http/exposed-panels/ampache-panel.yaml +++ b/http/exposed-panels/ampache-panel.yaml @@ -15,19 +15,10 @@ info: vendor: ampache product: ampache shodan-query: + - http.title:"For the Love of Music" - http.title:"for the love of music" - - http.html:"ampache update" - - http.title:"ampache -- debug page" - - http.title:"for the love of music - installation" - fofa-query: - - title="for the love of music" - - body="ampache update" - - title="ampache -- debug page" - - title="for the love of music - installation" - google-query: - - intitle:"for the love of music" - - intitle:"ampache -- debug page" - - intitle:"for the love of music - installation" + fofa-query: title="for the love of music" + google-query: intitle:"for the love of music" tags: panel,ampache http: diff --git a/http/exposed-panels/ansible-semaphore-panel.yaml b/http/exposed-panels/ansible-semaphore-panel.yaml index a509b4f35b9..6bd39280dc3 100644 --- a/http/exposed-panels/ansible-semaphore-panel.yaml +++ b/http/exposed-panels/ansible-semaphore-panel.yaml @@ -13,11 +13,10 @@ info: cpe: cpe:2.3:a:ansible-semaphore:ansible_semaphore:*:*:*:*:ansible:*:*:* metadata: max-request: 1 - vendor: ansible-semaphore + shodan-query: http.html:"Semaphore" product: ansible_semaphore - shodan-query: http.html:"semaphore" - fofa-query: body="semaphore" - tags: panel,ansible,semaphore,cicd,oss,ansible-semaphore + vendor: ansible-semaphore + tags: panel,ansible,semaphore,cicd,oss http: - method: GET diff --git a/http/exposed-panels/ansible-tower-exposure.yaml b/http/exposed-panels/ansible-tower-exposure.yaml index ff8c207113b..5ab551f381b 100644 --- a/http/exposed-panels/ansible-tower-exposure.yaml +++ b/http/exposed-panels/ansible-tower-exposure.yaml @@ -16,9 +16,13 @@ info: max-request: 1 vendor: redhat product: ansible_tower - shodan-query: http.title:"ansible tower" + shodan-query: + - title:"Ansible Tower" + - http.title:"ansible tower" + google-query: + - intitle:"Ansible Tower" + - intitle:"ansible tower" fofa-query: title="ansible tower" - google-query: intitle:"ansible tower" tags: panel,ansible,redhat http: diff --git a/http/exposed-panels/apache-jmeter-dashboard.yaml b/http/exposed-panels/apache-jmeter-dashboard.yaml index 8afa7253756..e9ff09e60ee 100644 --- a/http/exposed-panels/apache-jmeter-dashboard.yaml +++ b/http/exposed-panels/apache-jmeter-dashboard.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: apache product: jmeter - shodan-query: http.title:"apache jmeter dashboard" + shodan-query: + - title:"Apache JMeter Dashboard" + - http.title:"apache jmeter dashboard" fofa-query: title="apache jmeter dashboard" google-query: intitle:"apache jmeter dashboard" tags: apache,jmeter,panel diff --git a/http/exposed-panels/apache/apache-apisix-panel.yaml b/http/exposed-panels/apache/apache-apisix-panel.yaml index 6720f521154..2138f37cc46 100644 --- a/http/exposed-panels/apache/apache-apisix-panel.yaml +++ b/http/exposed-panels/apache/apache-apisix-panel.yaml @@ -12,8 +12,10 @@ info: max-request: 1 vendor: apache product: apisix + fofa-query: + - title="Apache APISIX Dashboard" + - title="apache apisix dashboard" shodan-query: http.title:"apache apisix dashboard" - fofa-query: title="apache apisix dashboard" google-query: intitle:"apache apisix dashboard" tags: apache,apisix,panel,login,detect diff --git a/http/exposed-panels/apache/apache-apollo-panel.yaml b/http/exposed-panels/apache/apache-apollo-panel.yaml index 034c0c28514..5894a419fea 100644 --- a/http/exposed-panels/apache/apache-apollo-panel.yaml +++ b/http/exposed-panels/apache/apache-apollo-panel.yaml @@ -11,9 +11,7 @@ info: max-request: 1 vendor: apache product: activemq_apollo - shodan-query: http.title:"apache apollo" - fofa-query: title="apache apollo" - google-query: intitle:"apache apollo" + shodan-query: title:"Apache Apollo" tags: panel,apache,apollo,login,detect http: diff --git a/http/exposed-panels/apache/apache-mesos-panel.yaml b/http/exposed-panels/apache/apache-mesos-panel.yaml index 9a772422240..b53e227c86c 100644 --- a/http/exposed-panels/apache/apache-mesos-panel.yaml +++ b/http/exposed-panels/apache/apache-mesos-panel.yaml @@ -14,8 +14,11 @@ info: max-request: 2 vendor: apache product: mesos - shodan-query: http.title:"mesos" + shodan-query: + - http.title:"Mesos" + - http.title:"mesos" fofa-query: + - app="APACHE-MESOS" - app="apache-mesos" - title="mesos" google-query: intitle:"mesos" diff --git a/http/exposed-panels/apache/public-tomcat-manager.yaml b/http/exposed-panels/apache/public-tomcat-manager.yaml index bb18ef57398..c6a127f9ca4 100644 --- a/http/exposed-panels/apache/public-tomcat-manager.yaml +++ b/http/exposed-panels/apache/public-tomcat-manager.yaml @@ -14,20 +14,14 @@ info: vendor: apache product: tomcat shodan-query: + - title:"Apache Tomcat" - http.title:"apache tomcat" - http.html:"apache tomcat" - cpe:"cpe:2.3:a:apache:tomcat" - - http.component:"apache tomcat" - - http.html:"jk status manager" - - product:"tomcat" fofa-query: - body="apache tomcat" - title="apache tomcat" - - body="jk status manager" - - server=="apache tomcat" - google-query: - - intitle:"apache tomcat" - - site:*/examples/jsp/snp/snoop.jsp + google-query: intitle:"apache tomcat" tags: panel,tomcat,apache http: diff --git a/http/exposed-panels/appspace-panel.yaml b/http/exposed-panels/appspace-panel.yaml index 3fb899af203..e263477b4b2 100644 --- a/http/exposed-panels/appspace-panel.yaml +++ b/http/exposed-panels/appspace-panel.yaml @@ -14,7 +14,9 @@ info: max-request: 3 vendor: appspace product: appspace - shodan-query: http.title:"appspace" + shodan-query: + - title:"Appspace" + - http.title:"appspace" fofa-query: title="appspace" google-query: intitle:"appspace" tags: appspace,panel,detect diff --git a/http/exposed-panels/appsuite-panel.yaml b/http/exposed-panels/appsuite-panel.yaml index fb690de7ad1..c5f541462be 100644 --- a/http/exposed-panels/appsuite-panel.yaml +++ b/http/exposed-panels/appsuite-panel.yaml @@ -11,7 +11,9 @@ info: max-request: 1 vendor: open-xchange product: open-xchange_appsuite - shodan-query: http.html:"appsuite" + shodan-query: + - html:"Appsuite" + - http.html:"appsuite" fofa-query: body="appsuite" tags: panel,appsuite,detect,open-xchange diff --git a/http/exposed-panels/appwrite-panel.yaml b/http/exposed-panels/appwrite-panel.yaml index 7a5bcb4c85d..1170b6b74bd 100644 --- a/http/exposed-panels/appwrite-panel.yaml +++ b/http/exposed-panels/appwrite-panel.yaml @@ -15,7 +15,7 @@ info: vendor: appwrite product: appwrite shodan-query: - - http.favicon.hash:"-633108100" + - http.favicon.hash:-633108100 - http.title:"sign in - appwrite" fofa-query: - icon_hash=-633108100 diff --git a/http/exposed-panels/aptus-panel.yaml b/http/exposed-panels/aptus-panel.yaml index e8cf88889d8..3a4b5238253 100644 --- a/http/exposed-panels/aptus-panel.yaml +++ b/http/exposed-panels/aptus-panel.yaml @@ -11,12 +11,10 @@ info: cpe: cpe:2.3:a:intelliantech:aptus:*:*:*:*:android:*:*:* metadata: max-request: 1 - vendor: intelliantech + shodan-query: http.title:"Aptus Login" product: aptus - shodan-query: http.title:"aptus login" - fofa-query: title="aptus login" - google-query: intitle:"aptus login" - tags: panel,aptus,intelliantech + vendor: intelliantech + tags: panel,aptus http: - method: GET diff --git a/http/exposed-panels/arangodb-web-Interface.yaml b/http/exposed-panels/arangodb-web-Interface.yaml index 37a1e109774..b902754e3d5 100644 --- a/http/exposed-panels/arangodb-web-Interface.yaml +++ b/http/exposed-panels/arangodb-web-Interface.yaml @@ -15,7 +15,9 @@ info: max-request: 1 vendor: arangodb product: arangodb - shodan-query: http.title:"arangodb web interface" + shodan-query: + - http.title:"ArangoDB Web Interface" + - http.title:"arangodb web interface" fofa-query: title="arangodb web interface" google-query: intitle:"arangodb web interface" tags: panel,arangodb,login diff --git a/http/exposed-panels/arcgis/arcgis-services.yaml b/http/exposed-panels/arcgis/arcgis-services.yaml index b41e4a85f1f..66602900a98 100644 --- a/http/exposed-panels/arcgis/arcgis-services.yaml +++ b/http/exposed-panels/arcgis/arcgis-services.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: esri product: arcgis_server - shodan-query: http.title:"arcgis" + shodan-query: + - title:"ArcGIS" + - http.title:"arcgis" fofa-query: title="arcgis" google-query: intitle:"arcgis" tags: panel,arcgis,rest,api,detect,esri diff --git a/http/exposed-panels/archibus-webcentral-panel.yaml b/http/exposed-panels/archibus-webcentral-panel.yaml index 61e2107e02c..3a0b12c6e57 100644 --- a/http/exposed-panels/archibus-webcentral-panel.yaml +++ b/http/exposed-panels/archibus-webcentral-panel.yaml @@ -16,7 +16,7 @@ info: max-request: 3 vendor: archibus product: web_central - shodan-query: http.favicon.hash:"889652940" + shodan-query: http.favicon.hash:889652940 fofa-query: icon_hash=889652940 tags: panel,archibus diff --git a/http/exposed-panels/arcserve-panel.yaml b/http/exposed-panels/arcserve-panel.yaml index 0a04756b54e..69ff0e66e81 100644 --- a/http/exposed-panels/arcserve-panel.yaml +++ b/http/exposed-panels/arcserve-panel.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: arcserve product: udp - shodan-query: http.favicon.hash:"-1889244460" + shodan-query: + - http.favicon.hash:-1889244460 + - http.favicon.hash:"-1889244460" fofa-query: icon_hash="-1889244460" tags: panel,login,arcserve,detect diff --git a/http/exposed-panels/argocd-login.yaml b/http/exposed-panels/argocd-login.yaml index b4d8bbf4aea..6d8d24b720b 100644 --- a/http/exposed-panels/argocd-login.yaml +++ b/http/exposed-panels/argocd-login.yaml @@ -12,16 +12,10 @@ info: cpe: cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:* metadata: max-request: 2 - vendor: argoproj + shodan-query: http.title:"Argo CD" product: argo_cd - shodan-query: - - http.title:"argo cd" - - http.html:"argo cd" - fofa-query: - - body="argo cd" - - title="argo cd" - google-query: intitle:"argo cd" - tags: panel,argocd,login,kubernetes,argoproj + vendor: argoproj + tags: panel,argocd,login,kubernetes http: - method: GET diff --git a/http/exposed-panels/arris-modem-detect.yaml b/http/exposed-panels/arris-modem-detect.yaml index 82ba29ec570..b0650678729 100644 --- a/http/exposed-panels/arris-modem-detect.yaml +++ b/http/exposed-panels/arris-modem-detect.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: commscope product: dg3450 - shodan-query: http.html:"phy.htm" + shodan-query: + - html:"phy.htm" + - http.html:"phy.htm" fofa-query: body="phy.htm" tags: panel,arris,commscope diff --git a/http/exposed-panels/aspcms-backend-panel.yaml b/http/exposed-panels/aspcms-backend-panel.yaml index 5fee2e3cd2d..4c3a903748a 100644 --- a/http/exposed-panels/aspcms-backend-panel.yaml +++ b/http/exposed-panels/aspcms-backend-panel.yaml @@ -15,8 +15,8 @@ info: max-request: 2 vendor: asp4cms product: aspcms - fofa-query: app="aspcms" - tags: panel,login,aspcms,admin,asp4cms + fofa-query: app="ASPCMS" + tags: panel,login,aspcms,admin http: - raw: diff --git a/http/exposed-panels/aspect-control-panel.yaml b/http/exposed-panels/aspect-control-panel.yaml index ef2f740daf2..e5cc1ae0d87 100644 --- a/http/exposed-panels/aspect-control-panel.yaml +++ b/http/exposed-panels/aspect-control-panel.yaml @@ -13,11 +13,10 @@ info: metadata: verified: true max-request: 1 - vendor: abb + shodan-query: http.favicon.hash:1011076161 product: aspect-ent-256 - shodan-query: http.favicon.hash:"1011076161" - fofa-query: icon_hash=1011076161 - tags: panel,aspect,login,abb + vendor: abb + tags: panel,aspect,login http: - method: GET diff --git a/http/exposed-panels/asus-router-panel.yaml b/http/exposed-panels/asus-router-panel.yaml index 18f89b3cd0c..7a864c2350e 100644 --- a/http/exposed-panels/asus-router-panel.yaml +++ b/http/exposed-panels/asus-router-panel.yaml @@ -12,11 +12,9 @@ info: metadata: verified: true max-request: 1 - vendor: asus + shodan-query: 'Server: httpd/2.0 port:8080' product: rt-n53 - shodan-query: - - server:"httpd/2.0 port8080" - - cpe:"cpe:2.3:h:asus:rt-n53" + vendor: asus tags: panel,asus,router,iot http: diff --git a/http/exposed-panels/atlantis-detect.yaml b/http/exposed-panels/atlantis-detect.yaml index c3e016c6b80..191438c0049 100644 --- a/http/exposed-panels/atlantis-detect.yaml +++ b/http/exposed-panels/atlantis-detect.yaml @@ -16,10 +16,8 @@ info: max-request: 1 vendor: runatlantis product: atlantis - shodan-query: http.favicon.hash:"-1706783005" - fofa-query: - - icon_hash=-1706783005 - - icon_hash="-1706783005" + shodan-query: http.favicon.hash:-1706783005 + fofa-query: icon_hash=-1706783005 tags: panel,atlantis,runatlantis http: diff --git a/http/exposed-panels/atlassian-bamboo-panel.yaml b/http/exposed-panels/atlassian-bamboo-panel.yaml index 812b64fce58..d4f2035ee0f 100644 --- a/http/exposed-panels/atlassian-bamboo-panel.yaml +++ b/http/exposed-panels/atlassian-bamboo-panel.yaml @@ -15,21 +15,8 @@ info: max-request: 1 vendor: atlassian product: bamboo - shodan-query: - - http.title:"bamboo" - - http.favicon.hash:"-1379982221" - - http.title:"bamboo setup wizard" - - http.title:"build dashboard - atlassian bamboo" - fofa-query: - - icon_hash=-1379982221 - - title="bamboo setup wizard" - - title="bamboo" - - title="build dashboard - atlassian bamboo" - google-query: - - intitle:"bamboo setup wizard" - - intitle:"bamboo" - - intitle:"build dashboard - atlassian bamboo" - tags: panel,bamboo,login,detect,atlassian + shodan-query: http.title:"Bamboo" + tags: panel,bamboo,login,detect http: - method: GET diff --git a/http/exposed-panels/atlassian-crowd-panel.yaml b/http/exposed-panels/atlassian-crowd-panel.yaml index e7e022aa33f..e1b28ad7c9f 100644 --- a/http/exposed-panels/atlassian-crowd-panel.yaml +++ b/http/exposed-panels/atlassian-crowd-panel.yaml @@ -14,8 +14,8 @@ info: max-request: 1 vendor: atlassian product: crowd - shodan-query: http.component:"atlassian jira" category: sso + shodan-query: http.component:"atlassian jira" tags: panel,atlassian http: diff --git a/http/exposed-panels/atvise-login.yaml b/http/exposed-panels/atvise-login.yaml index 8379523edc1..f950924defc 100644 --- a/http/exposed-panels/atvise-login.yaml +++ b/http/exposed-panels/atvise-login.yaml @@ -12,13 +12,11 @@ info: cwe-id: CWE-200 cpe: cpe:2.3:a:bachmann:atvise:*:*:*:*:*:*:*:* metadata: - max-request: 1 - vendor: bachmann - product: atvise google-query: intitle:"atvise - next generation" - shodan-query: http.title:"atvise - next generation" - fofa-query: title="atvise - next generation" - tags: panel,atvise,edb,bachmann + max-request: 1 + product: atvise + vendor: bachmann + tags: panel,atvise,edb http: - method: GET diff --git a/http/exposed-panels/audiobookshelf-panel.yaml b/http/exposed-panels/audiobookshelf-panel.yaml index 442bc3fe2cd..eb1ca6bbee2 100644 --- a/http/exposed-panels/audiobookshelf-panel.yaml +++ b/http/exposed-panels/audiobookshelf-panel.yaml @@ -11,11 +11,9 @@ info: metadata: verified: true max-request: 2 - vendor: audiobookshelf + shodan-query: title:"Audiobookshelf" product: audiobookshelf - shodan-query: http.title:"audiobookshelf" - fofa-query: title="audiobookshelf" - google-query: intitle:"audiobookshelf" + vendor: audiobookshelf tags: panel,audiobookshelf,detect http: diff --git a/http/exposed-panels/audiocodes-detect.yaml b/http/exposed-panels/audiocodes-detect.yaml index 24579c91295..c20b2dd461f 100644 --- a/http/exposed-panels/audiocodes-detect.yaml +++ b/http/exposed-panels/audiocodes-detect.yaml @@ -12,10 +12,9 @@ info: metadata: verified: true max-request: 1 - vendor: audiocodes + shodan-query: http.html:"Audiocodes" product: 420hd_ip_phone_firmware - shodan-query: http.html:"audiocodes" - fofa-query: body="audiocodes" + vendor: audiocodes tags: panel,audiocodes http: diff --git a/http/exposed-panels/authelia-panel.yaml b/http/exposed-panels/authelia-panel.yaml index 58143a17d83..c9017b81501 100644 --- a/http/exposed-panels/authelia-panel.yaml +++ b/http/exposed-panels/authelia-panel.yaml @@ -16,9 +16,7 @@ info: max-request: 1 vendor: authelia product: authelia - shodan-query: http.title:"login - authelia" - fofa-query: title="login - authelia" - google-query: intitle:"login - authelia" + shodan-query: title:"Login - Authelia" tags: login,panel,authelia http: diff --git a/http/exposed-panels/authentik-panel.yaml b/http/exposed-panels/authentik-panel.yaml index 8c6a553d1a1..66b007690b9 100644 --- a/http/exposed-panels/authentik-panel.yaml +++ b/http/exposed-panels/authentik-panel.yaml @@ -9,9 +9,9 @@ info: reference: - https://github.com/searxng/searxng metadata: + max-request: 1 verified: true - max-request: 2 - shodan-query: "http.favicon.hash:-178113786" + shodan-query: http.favicon.hash:-178113786 tags: authentik,sso,mfa,panel,detect http: diff --git a/http/exposed-panels/avantfax-panel.yaml b/http/exposed-panels/avantfax-panel.yaml index 72f5629db32..7c7d19c31a1 100644 --- a/http/exposed-panels/avantfax-panel.yaml +++ b/http/exposed-panels/avantfax-panel.yaml @@ -15,7 +15,9 @@ info: max-request: 1 vendor: avantfax product: avantfax - shodan-query: http.title:"avantfax - login" + shodan-query: + - http.title:"AvantFAX - Login" + - http.title:"avantfax - login" fofa-query: title="avantfax - login" google-query: intitle:"avantfax - login" tags: panel,avantfax,login diff --git a/http/exposed-panels/aviatrix-panel.yaml b/http/exposed-panels/aviatrix-panel.yaml index 30952be1ac8..f3fbb1dec04 100644 --- a/http/exposed-panels/aviatrix-panel.yaml +++ b/http/exposed-panels/aviatrix-panel.yaml @@ -15,16 +15,10 @@ info: vendor: aviatrix product: controller shodan-query: + - http.title:"Aviatrix Cloud Controller" - http.title:"aviatrix cloud controller" - - http.title:"aviatrix controller" - fofa-query: - - title="aviatrix cloud controller" - - app="aviatrix-controller" - - title="aviatrix controller" - google-query: - - intitle:"aviatrix cloud controller" - - intitle:"aviatrix controller" - zoomeye-query: app="aviatrix controller" + fofa-query: title="aviatrix cloud controller" + google-query: intitle:"aviatrix cloud controller" tags: panel,aviatrix http: diff --git a/http/exposed-panels/avigilon-panel.yaml b/http/exposed-panels/avigilon-panel.yaml index 025576b5a1f..b0181d0b77b 100644 --- a/http/exposed-panels/avigilon-panel.yaml +++ b/http/exposed-panels/avigilon-panel.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: avigilon product: avigilon_control_center - shodan-query: http.title:"login - avigilon control center" + shodan-query: + - http.title:"Login - Avigilon Control Center" + - http.title:"login - avigilon control center" fofa-query: title="login - avigilon control center" google-query: intitle:"login - avigilon control center" tags: panel,avigilon diff --git a/http/exposed-panels/axigen-webadmin.yaml b/http/exposed-panels/axigen-webadmin.yaml index c956b0e3e74..9654ab05faf 100644 --- a/http/exposed-panels/axigen-webadmin.yaml +++ b/http/exposed-panels/axigen-webadmin.yaml @@ -12,17 +12,9 @@ info: cpe: cpe:2.3:a:axigen:axigen_mail_server:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: axigen + shodan-query: http.title:"Axigen WebAdmin" product: axigen_mail_server - shodan-query: - - http.title:"axigen webadmin" - - http.title:"axigen webmail" - fofa-query: - - title="axigen webmail" - - title="axigen webadmin" - google-query: - - intitle:"axigen webmail" - - intitle:"axigen webadmin" + vendor: axigen tags: axigen,panel http: diff --git a/http/exposed-panels/axigen-webmail.yaml b/http/exposed-panels/axigen-webmail.yaml index b534f2c4682..c47bd38998c 100644 --- a/http/exposed-panels/axigen-webmail.yaml +++ b/http/exposed-panels/axigen-webmail.yaml @@ -12,17 +12,9 @@ info: cpe: cpe:2.3:a:axigen:axigen_mail_server:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: axigen + shodan-query: http.title:"Axigen WebMail" product: axigen_mail_server - shodan-query: - - http.title:"axigen webmail" - - http.title:"axigen webadmin" - fofa-query: - - title="axigen webmail" - - title="axigen webadmin" - google-query: - - intitle:"axigen webmail" - - intitle:"axigen webadmin" + vendor: axigen tags: axigen,panel http: diff --git a/http/exposed-panels/axway-api-manager-panel.yaml b/http/exposed-panels/axway-api-manager-panel.yaml index fefc6d83e78..76a7f5d8dfb 100644 --- a/http/exposed-panels/axway-api-manager-panel.yaml +++ b/http/exposed-panels/axway-api-manager-panel.yaml @@ -11,7 +11,7 @@ info: - https://www.postman.com/api-evangelist/axway/api/ce2ac156-4353-46b9-b148-944ab7721ed6 metadata: verified: true - max-request: 2 + max-request: 1 shodan-query: http.title:"Axway API Manager Login" tags: panel,axway,detect,login diff --git a/http/exposed-panels/axway-securetransport-panel.yaml b/http/exposed-panels/axway-securetransport-panel.yaml index 68a1f8a81c2..de6c4feb37b 100644 --- a/http/exposed-panels/axway-securetransport-panel.yaml +++ b/http/exposed-panels/axway-securetransport-panel.yaml @@ -18,14 +18,15 @@ info: vendor: axway product: securetransport shodan-query: - - http.title:"securetransport" || http.favicon.hash:1330269434 + - http.title:"SecureTransport" || http.favicon.hash:1330269434 - http.title:"st web client" - fofa-query: - - title="securetransport" || http.favicon.hash:1330269434 - - title="st web client" + - http.title:"securetransport" || http.favicon.hash:1330269434 google-query: - intitle:"st web client" - intitle:"securetransport" || http.favicon.hash:1330269434 + fofa-query: + - title="securetransport" || http.favicon.hash:1330269434 + - title="st web client" tags: panel,axway,securetransport http: diff --git a/http/exposed-panels/axway-securetransport-webclient.yaml b/http/exposed-panels/axway-securetransport-webclient.yaml index af9e1e9b30a..09edc12508f 100644 --- a/http/exposed-panels/axway-securetransport-webclient.yaml +++ b/http/exposed-panels/axway-securetransport-webclient.yaml @@ -16,15 +16,16 @@ info: max-request: 1 vendor: axway product: securetransport + google-query: + - intitle:"ST Web Client" + - intitle:"st web client" + - intitle:"securetransport" || http.favicon.hash:1330269434 shodan-query: - http.title:"st web client" - http.title:"securetransport" || http.favicon.hash:1330269434 fofa-query: - title="securetransport" || http.favicon.hash:1330269434 - title="st web client" - google-query: - - intitle:"st web client" - - intitle:"securetransport" || http.favicon.hash:1330269434 tags: panel,axway,securetransport,webclient http: diff --git a/http/exposed-panels/axxon-client-panel.yaml b/http/exposed-panels/axxon-client-panel.yaml index bb350539c92..beccdce24b8 100644 --- a/http/exposed-panels/axxon-client-panel.yaml +++ b/http/exposed-panels/axxon-client-panel.yaml @@ -16,7 +16,9 @@ info: max-request: 1 vendor: axxonsoft product: axxon_next - shodan-query: http.title:"axxon next client" + shodan-query: + - title:"Axxon Next client" + - http.title:"axxon next client" fofa-query: title="axxon next client" google-query: intitle:"axxon next client" tags: panel,axxon,vms,login,detect,axxonsoft diff --git a/http/exposed-panels/azkaban-web-client.yaml b/http/exposed-panels/azkaban-web-client.yaml index 271108cd63c..3a3f003b224 100644 --- a/http/exposed-panels/azkaban-web-client.yaml +++ b/http/exposed-panels/azkaban-web-client.yaml @@ -12,12 +12,10 @@ info: cpe: cpe:2.3:a:azkaban_project:azkaban:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: azkaban_project + shodan-query: http.title:"Azkaban Web Client" product: azkaban - shodan-query: http.title:"azkaban web client" - fofa-query: title="azkaban web client" - google-query: intitle:"azkaban web client" - tags: panel,azkaban,azkaban_project + vendor: azkaban_project + tags: panel,azkaban http: - method: GET diff --git a/http/exposed-panels/backpack/backpack-admin-panel.yaml b/http/exposed-panels/backpack/backpack-admin-panel.yaml index 2cbea192814..7b8485b2fa7 100644 --- a/http/exposed-panels/backpack/backpack-admin-panel.yaml +++ b/http/exposed-panels/backpack/backpack-admin-panel.yaml @@ -11,14 +11,12 @@ info: cwe-id: CWE-200 cpe: cpe:2.3:a:backpackforlaravel:backpack\\\\crud:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 1 - vendor: backpackforlaravel + shodan-query: title:"Backpack Admin" + verified: true product: backpack\\\\crud - shodan-query: http.title:"backpack admin" - fofa-query: title="backpack admin" - google-query: intitle:"backpack admin" - tags: panel,backpack,admin,backpackforlaravel + vendor: backpackforlaravel + tags: panel,backpack,admin http: - method: GET diff --git a/http/exposed-panels/bedita-panel.yaml b/http/exposed-panels/bedita-panel.yaml index 617e8dca5e7..2074a857097 100644 --- a/http/exposed-panels/bedita-panel.yaml +++ b/http/exposed-panels/bedita-panel.yaml @@ -15,7 +15,9 @@ info: max-request: 1 vendor: bedita product: bedita - shodan-query: http.title:"bedita" + shodan-query: + - http.title:"BEdita" + - http.title:"bedita" fofa-query: title="bedita" google-query: intitle:"bedita" tags: panel,bedita diff --git a/http/exposed-panels/beego-admin-dashboard.yaml b/http/exposed-panels/beego-admin-dashboard.yaml index f359dd27d91..b22dcb7d7fb 100644 --- a/http/exposed-panels/beego-admin-dashboard.yaml +++ b/http/exposed-panels/beego-admin-dashboard.yaml @@ -18,7 +18,9 @@ info: max-request: 1 vendor: beego product: beego - shodan-query: http.html:"beego admin dashboard" + shodan-query: + - html:"Beego Admin Dashboard" + - http.html:"beego admin dashboard" fofa-query: body="beego admin dashboard" tags: panel,beego,unauth diff --git a/http/exposed-panels/beszel-panel.yaml b/http/exposed-panels/beszel-panel.yaml index f3bb2493730..94d4942cf91 100644 --- a/http/exposed-panels/beszel-panel.yaml +++ b/http/exposed-panels/beszel-panel.yaml @@ -10,8 +10,8 @@ info: - https://github.com/henrygd/beszel - https://beszel.dev/ metadata: - verified: true max-request: 1 + verified: true shodan-query: http.title:"beszel" tags: panel,beszel,login diff --git a/http/exposed-panels/beyondtrust-panel.yaml b/http/exposed-panels/beyondtrust-panel.yaml index 471c856667d..284af068f6b 100644 --- a/http/exposed-panels/beyondtrust-panel.yaml +++ b/http/exposed-panels/beyondtrust-panel.yaml @@ -11,10 +11,9 @@ info: cpe: cpe:2.3:a:beyondtrust:beyondinsight:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: beyondtrust + shodan-query: http.html:"BeyondInsight" product: beyondinsight - shodan-query: http.html:"beyondinsight" - fofa-query: body="beyondinsight" + vendor: beyondtrust tags: beyondtrust,pam,panel http: diff --git a/http/exposed-panels/beyondtrust-priv-panel.yaml b/http/exposed-panels/beyondtrust-priv-panel.yaml index 05a1ddf707b..4887c40d82c 100644 --- a/http/exposed-panels/beyondtrust-priv-panel.yaml +++ b/http/exposed-panels/beyondtrust-priv-panel.yaml @@ -15,8 +15,7 @@ info: max-request: 2 vendor: beyondtrust product: privileged_remote_access - shodan-query: http.html:"beyondtrust privileged remote access login" - fofa-query: body="beyondtrust privileged remote access login" + shodan-query: "http.html:\"BeyondTrust Privileged Remote Access Login\"" tags: panel,beyondtrust,login,detect http: diff --git a/http/exposed-panels/bigfix-login.yaml b/http/exposed-panels/bigfix-login.yaml index f0e2ce49f95..afe079a53eb 100644 --- a/http/exposed-panels/bigfix-login.yaml +++ b/http/exposed-panels/bigfix-login.yaml @@ -13,12 +13,11 @@ info: cpe: cpe:2.3:a:hcltech:bigfix_mobile:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: hcltech + shodan-query: http.title:"BigFix" + google-query: intitle:"BigFix" product: bigfix_mobile - shodan-query: http.title:"bigfix" - google-query: intitle:"bigfix" - fofa-query: title="bigfix" - tags: panel,bigfix,hcltech + vendor: hcltech + tags: panel,bigfix http: - method: GET diff --git a/http/exposed-panels/bigip-rest-panel.yaml b/http/exposed-panels/bigip-rest-panel.yaml index 35105dcdd8d..4a067588481 100644 --- a/http/exposed-panels/bigip-rest-panel.yaml +++ b/http/exposed-panels/bigip-rest-panel.yaml @@ -19,11 +19,9 @@ info: vendor: f5 product: big-ip_access_policy_manager shodan-query: + - http.title:"BIG-IP®-+Redirect" +"Server" - http.title:"big-ip®-+redirect" +"server" - - http.html:"big-ip apm" - fofa-query: - - title="big-ip®-+redirect" +"server" - - body="big-ip apm" + fofa-query: title="big-ip®-+redirect" +"server" google-query: intitle:"big-ip®-+redirect" +"server" tags: panel,bigip,f5 diff --git a/http/exposed-panels/biotime-panel.yaml b/http/exposed-panels/biotime-panel.yaml index f20746a2825..eee6a3a3675 100644 --- a/http/exposed-panels/biotime-panel.yaml +++ b/http/exposed-panels/biotime-panel.yaml @@ -12,12 +12,10 @@ info: metadata: verified: true max-request: 2 - vendor: zkteco + shodan-query: http.title:"BioTime" product: biotime - shodan-query: http.title:"biotime" - fofa-query: title="biotime" - google-query: intitle:"biotime" - tags: panel,biotime,zkteco + vendor: zkteco + tags: panel,biotime http: - method: GET diff --git a/http/exposed-panels/bitdefender-gravityzone.yaml b/http/exposed-panels/bitdefender-gravityzone.yaml index 6bfff85c7ec..4b505a773c5 100644 --- a/http/exposed-panels/bitdefender-gravityzone.yaml +++ b/http/exposed-panels/bitdefender-gravityzone.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: bitdefender product: gravityzone - shodan-query: http.title:"bitdefender gravityzone" + shodan-query: + - title:"Bitdefender GravityZone" + - http.title:"bitdefender gravityzone" fofa-query: title="bitdefender gravityzone" google-query: intitle:"bitdefender gravityzone" tags: panel,bitdefender diff --git a/http/exposed-panels/bitrix-panel.yaml b/http/exposed-panels/bitrix-panel.yaml index 9f8b1e47a8d..f665daf3f2a 100644 --- a/http/exposed-panels/bitrix-panel.yaml +++ b/http/exposed-panels/bitrix-panel.yaml @@ -10,16 +10,12 @@ info: cwe-id: CWE-200 cpe: cpe:2.3:a:bitrix:bitrix24:*:*:*:*:*:*:*:* metadata: + max-request: 1 verified: true - max-request: 2 vendor: bitrix product: bitrix24 - shodan-query: - - http.html:"/bitrix/" - - http.favicon.hash:"-2115208104" - fofa-query: - - body="/bitrix/" - - icon_hash=-2115208104 + shodan-query: http.html:"/bitrix/" + fofa-query: body="/bitrix/" tags: panel,bitrix,login http: diff --git a/http/exposed-panels/bitwarden-vault-panel.yaml b/http/exposed-panels/bitwarden-vault-panel.yaml index 415464df522..18bae8d8aff 100644 --- a/http/exposed-panels/bitwarden-vault-panel.yaml +++ b/http/exposed-panels/bitwarden-vault-panel.yaml @@ -13,7 +13,9 @@ info: max-request: 1 vendor: bitwarden product: bitwarden - shodan-query: http.title:"bitwarden web vault" + shodan-query: + - title:"Bitwarden Web Vault" + - http.title:"bitwarden web vault" fofa-query: title="bitwarden web vault" google-query: intitle:"bitwarden web vault" tags: panel,bitwarden,vault,detect diff --git a/http/exposed-panels/black-duck-panel.yaml b/http/exposed-panels/black-duck-panel.yaml index 973379bc495..2e4bd5963cc 100644 --- a/http/exposed-panels/black-duck-panel.yaml +++ b/http/exposed-panels/black-duck-panel.yaml @@ -16,11 +16,9 @@ info: metadata: verified: true max-request: 1 - vendor: synopsys + shodan-query: http.title:"Black Duck" product: black_duck_hub - shodan-query: http.title:"black duck" - fofa-query: title="black duck" - google-query: intitle:"black duck" + vendor: synopsys tags: panel,blackduck,synopsys http: diff --git a/http/exposed-panels/bloofoxcms-login-panel.yaml b/http/exposed-panels/bloofoxcms-login-panel.yaml index 1897b717426..b60a85ca74f 100644 --- a/http/exposed-panels/bloofoxcms-login-panel.yaml +++ b/http/exposed-panels/bloofoxcms-login-panel.yaml @@ -11,7 +11,9 @@ info: max-request: 2 vendor: bloofox product: bloofoxcms - fofa-query: powered by bloofoxcms + fofa-query: + - Powered by bloofoxCMS + - powered by bloofoxcms tags: panel,bloofox,cms http: diff --git a/http/exposed-panels/blue-yonder-panel.yaml b/http/exposed-panels/blue-yonder-panel.yaml index 20f34ac8c43..f214fcbe161 100644 --- a/http/exposed-panels/blue-yonder-panel.yaml +++ b/http/exposed-panels/blue-yonder-panel.yaml @@ -1,19 +1,19 @@ id: blue-yonder-panel -info: - name: Blue Yonder Panel - Detect - author: sorrowx3 - severity: info - description: Blue Yonder login panel was discovered - classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N - cwe-id: CWE-200 - metadata: - verified: true - max-request: 2 - shodan-query: html:"title=\"blue yonder\"" - tags: panel,login,blue-yonder,detect - +info: + name: Blue Yonder Panel - Detect + author: sorrowx3 + severity: info + description: Blue Yonder login panel was discovered + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cwe-id: CWE-200 + metadata: + verified: true + max-request: 2 + shodan-query: html:"title=\"blue yonder\"" + tags: panel,login,blue-yonder,detect + http: - method: GET path: diff --git a/http/exposed-panels/bmc/bmc-controlm-mft-panel.yaml b/http/exposed-panels/bmc/bmc-controlm-mft-panel.yaml index 37a7cc17b5c..c3cf94c1db3 100644 --- a/http/exposed-panels/bmc/bmc-controlm-mft-panel.yaml +++ b/http/exposed-panels/bmc/bmc-controlm-mft-panel.yaml @@ -1,20 +1,20 @@ id: bmc-controlm-mft-panel -info: - name: BMC Control-M MFT Login Panel - Detect - author: righettod - severity: info - description: | - BMC Control-M MFT products was detected. - reference: - - https://documents.bmc.com/supportu/9.0.21/en-US/Documentation/Managed_File_Transfer.htm - - https://documents.bmc.com/supportu/9.0.21/en-US/Documentation/home.htm - metadata: - verified: true - max-request: 1 - shodan-query: http.title:"File Exchange" - tags: panel,bmc,login,detect - +info: + name: BMC Control-M MFT Login Panel - Detect + author: righettod + severity: info + description: | + BMC Control-M MFT products was detected. + reference: + - https://documents.bmc.com/supportu/9.0.21/en-US/Documentation/Managed_File_Transfer.htm + - https://documents.bmc.com/supportu/9.0.21/en-US/Documentation/home.htm + metadata: + max-request: 1 + verified: true + shodan-query: http.title:"File Exchange" + tags: panel,bmc,login,detect + http: - method: GET path: diff --git a/http/exposed-panels/bonobo-server-panel.yaml b/http/exposed-panels/bonobo-server-panel.yaml index a50594d72e2..afd581fb12d 100644 --- a/http/exposed-panels/bonobo-server-panel.yaml +++ b/http/exposed-panels/bonobo-server-panel.yaml @@ -13,9 +13,8 @@ info: max-request: 2 vendor: bonobogitserver product: bonobo_git_server - shodan-query: http.favicon.hash:"-219625874" - fofa-query: icon_hash=-219625874 - tags: panel,bonobo,git,login,detect,bonobogitserver + shodan-query: http.favicon.hash:-219625874 + tags: panel,bonobo,git,login,detect http: - method: GET diff --git a/http/exposed-panels/bookstack-panel.yaml b/http/exposed-panels/bookstack-panel.yaml index 3c9f5703453..9d997847ad3 100644 --- a/http/exposed-panels/bookstack-panel.yaml +++ b/http/exposed-panels/bookstack-panel.yaml @@ -15,7 +15,9 @@ info: max-request: 1 vendor: bookstackapp product: bookstack - shodan-query: http.title:"bookstack" + shodan-query: + - http.title:"BookStack" + - http.title:"bookstack" fofa-query: title="bookstack" google-query: intitle:"bookstack" tags: panel,bookstack,bookstackapp diff --git a/http/exposed-panels/buildbot-panel.yaml b/http/exposed-panels/buildbot-panel.yaml index 86171a432b3..93b97ae487c 100644 --- a/http/exposed-panels/buildbot-panel.yaml +++ b/http/exposed-panels/buildbot-panel.yaml @@ -16,7 +16,9 @@ info: max-request: 1 vendor: buildbot product: buildbot - shodan-query: http.title:"buildbot" + shodan-query: + - http.title:"BuildBot" + - http.title:"buildbot" fofa-query: title="buildbot" google-query: intitle:"buildbot" tags: panel,buildbot,cicd diff --git a/http/exposed-panels/busybox-repository-browser.yaml b/http/exposed-panels/busybox-repository-browser.yaml index e45c31683c7..d32811f34ac 100644 --- a/http/exposed-panels/busybox-repository-browser.yaml +++ b/http/exposed-panels/busybox-repository-browser.yaml @@ -15,7 +15,7 @@ info: max-request: 1 vendor: busybox product: busybox - fofa-query: title="busybox repository browser" + fofa-query: title="Busybox Repository Browser" tags: detect,busybox,oss,panel http: diff --git a/http/exposed-panels/c2/caldera-c2.yaml b/http/exposed-panels/c2/caldera-c2.yaml index 88a8ec99cca..837e92c7141 100644 --- a/http/exposed-panels/c2/caldera-c2.yaml +++ b/http/exposed-panels/c2/caldera-c2.yaml @@ -16,11 +16,8 @@ info: max-request: 1 vendor: mitre product: caldera - fofa-query: - - http.favicon.hash:-636718605 - - icon_hash=-636718605 - shodan-query: http.favicon.hash:"-636718605" - tags: c2,ir,osint,caldera,panel,mitre + fofa-query: http.favicon.hash:-636718605 + tags: c2,ir,osint,caldera,panel http: - method: GET diff --git a/http/exposed-panels/cacti-panel.yaml b/http/exposed-panels/cacti-panel.yaml index 57050c1e5ff..5f4b4d8b248 100644 --- a/http/exposed-panels/cacti-panel.yaml +++ b/http/exposed-panels/cacti-panel.yaml @@ -17,9 +17,10 @@ info: vendor: cacti product: cacti shodan-query: - - http.favicon.hash:"-1797138069" + - http.favicon.hash:-1797138069 - http.title:"login to cacti" - http.title:"cacti" + - http.favicon.hash:"-1797138069" fofa-query: - icon_hash="-1797138069" - title="cacti" diff --git a/http/exposed-panels/camaleon-panel.yaml b/http/exposed-panels/camaleon-panel.yaml index 965f0fe2d03..0cef69ec974 100644 --- a/http/exposed-panels/camaleon-panel.yaml +++ b/http/exposed-panels/camaleon-panel.yaml @@ -7,17 +7,10 @@ info: description: | Camaleon CMS admin login panel was discovered. metadata: - max-request: 1 vendor: tuzitio - product: "camaleon_cms" - shodan-query: - - http.html:"camaleon_cms" - - http.title:"camaleon cms" - fofa-query: - - body="camaleon_cms" - - title="camaleon cms" - google-query: intitle:"camaleon cms" - tags: camaleon,panel,login,tuzitio + product: camaleon_cms + shodan-query: html:"camaleon_cms" + tags: camaleon,panel,login http: - method: GET diff --git a/http/exposed-panels/canon/canon-iradv-c3325.yaml b/http/exposed-panels/canon/canon-iradv-c3325.yaml index 7fd465a9820..fefb18969fe 100644 --- a/http/exposed-panels/canon/canon-iradv-c3325.yaml +++ b/http/exposed-panels/canon/canon-iradv-c3325.yaml @@ -6,7 +6,7 @@ info: severity: info metadata: verified: true - max-request: 1 + max-request: 2 shodan-query: title:"c3325" tags: canon,c3325,panel,login,detect diff --git a/http/exposed-panels/cas-login.yaml b/http/exposed-panels/cas-login.yaml index 95a0df2ace9..07c4d64b66a 100644 --- a/http/exposed-panels/cas-login.yaml +++ b/http/exposed-panels/cas-login.yaml @@ -13,10 +13,12 @@ info: max-request: 1 vendor: apereo product: central_authentication_service - shodan-query: http.title:'cas - central authentication service' + shodan-query: + - http.title:'CAS - Central Authentication Service' + - http.title:'cas - central authentication service' + github: https://github.com/apereo/cas fofa-query: title='cas - central authentication service' google-query: intitle:'cas - central authentication service' - github: https://github.com/apereo/cas tags: apereo,cas,panel,login http: diff --git a/http/exposed-panels/casaos-panel.yaml b/http/exposed-panels/casaos-panel.yaml index 23eda16169f..628fa7417e0 100644 --- a/http/exposed-panels/casaos-panel.yaml +++ b/http/exposed-panels/casaos-panel.yaml @@ -12,15 +12,10 @@ info: metadata: verified: true max-request: 2 - vendor: icewhale + shodan-query: html:"CasaOS" product: casaos - shodan-query: - - http.html:"casaos" - - http.html:"/casaos-ui/public/index.html" - fofa-query: - - body="/casaos-ui/public/index.html" - - body="casaos" - tags: panel,casaos,login,detect,icewhale + vendor: icewhale + tags: panel,casaos,login,detect http: - method: GET diff --git a/http/exposed-panels/casdoor-login.yaml b/http/exposed-panels/casdoor-login.yaml index 09792fa1dce..52c6b54f080 100644 --- a/http/exposed-panels/casdoor-login.yaml +++ b/http/exposed-panels/casdoor-login.yaml @@ -15,7 +15,9 @@ info: max-request: 1 vendor: casbin product: casdoor - shodan-query: http.title:"casdoor" + shodan-query: + - http.title:"Casdoor" + - http.title:"casdoor" fofa-query: title="casdoor" google-query: intitle:"casdoor" tags: panel,casdoor,casbin diff --git a/http/exposed-panels/centreon-panel.yaml b/http/exposed-panels/centreon-panel.yaml index 6622a25d2f0..ab44ac8a1be 100644 --- a/http/exposed-panels/centreon-panel.yaml +++ b/http/exposed-panels/centreon-panel.yaml @@ -13,7 +13,9 @@ info: max-request: 1 vendor: centreon product: centreon_web - shodan-query: http.title:"centreon" + shodan-query: + - http.title:"Centreon" + - http.title:"centreon" fofa-query: title="centreon" google-query: intitle:"centreon" tags: panel,centreon,login diff --git a/http/exposed-panels/cgit-panel.yaml b/http/exposed-panels/cgit-panel.yaml index 16d2e430f6a..2a5477b7af1 100644 --- a/http/exposed-panels/cgit-panel.yaml +++ b/http/exposed-panels/cgit-panel.yaml @@ -16,7 +16,9 @@ info: max-request: 1 vendor: cgit_project product: cgit - shodan-query: http.title:"git repository browser" + shodan-query: + - http.title:"Git repository browser" + - http.title:"git repository browser" fofa-query: title="git repository browser" google-query: intitle:"git repository browser" tags: panel,git,cgit_project diff --git a/http/exposed-panels/changedetection-panel.yaml b/http/exposed-panels/changedetection-panel.yaml index 8ea7cbf0a09..cb250705d5b 100644 --- a/http/exposed-panels/changedetection-panel.yaml +++ b/http/exposed-panels/changedetection-panel.yaml @@ -16,9 +16,7 @@ info: max-request: 1 vendor: changedetection product: changedetection - shodan-query: http.title:"change detection" - fofa-query: title="change detection" - google-query: intitle:"change detection" + shodan-query: title:"Change Detection" tags: panel,changedetection,detect http: diff --git a/http/exposed-panels/checkmk/checkmarx-panel.yaml b/http/exposed-panels/checkmk/checkmarx-panel.yaml index 0dab3cafca6..d6641def363 100644 --- a/http/exposed-panels/checkmk/checkmarx-panel.yaml +++ b/http/exposed-panels/checkmk/checkmarx-panel.yaml @@ -12,8 +12,8 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cwe-id: CWE-200 metadata: - verified: true max-request: 3 + verified: true shodan-query: http.html:"CxSASTManagerUri" tags: panel,checkmarx,detect,login diff --git a/http/exposed-panels/checkmk/checkmk-login.yaml b/http/exposed-panels/checkmk/checkmk-login.yaml index 681943d71b0..9215eda51d3 100644 --- a/http/exposed-panels/checkmk/checkmk-login.yaml +++ b/http/exposed-panels/checkmk/checkmk-login.yaml @@ -12,13 +12,11 @@ info: cwe-id: CWE-200 cpe: cpe:2.3:a:checkmk:checkmk:*:*:*:*:*:*:*:* metadata: - verified: true - max-request: 1 + max-request: 5 vendor: checkmk product: checkmk - shodan-query: http.title:"check_mk" - fofa-query: title="check_mk" - google-query: intitle:"check_mk" + verified: true + shodan-query: http.title:"Check_MK" tags: panel,checkmk,detect,login http: diff --git a/http/exposed-panels/checkpoint/ssl-network-extender.yaml b/http/exposed-panels/checkpoint/ssl-network-extender.yaml index f0cd51919f1..a5fd647c7d7 100644 --- a/http/exposed-panels/checkpoint/ssl-network-extender.yaml +++ b/http/exposed-panels/checkpoint/ssl-network-extender.yaml @@ -17,14 +17,16 @@ info: vendor: checkpoint product: ssl_network_extender shodan-query: + - http.title:"Check Point SSL Network Extender" - http.title:"check point ssl network extender" - http.title:"ssl network extender login" + google-query: + - intitle:"SSL Network Extender Login" + - intitle:"ssl network extender login" + - intitle:"check point ssl network extender" fofa-query: - title="check point ssl network extender" - title="ssl network extender login" - google-query: - - intitle:"ssl network extender login" - - intitle:"check point ssl network extender" tags: panel,checkpoint,router http: diff --git a/http/exposed-panels/cisco-unity-panel.yaml b/http/exposed-panels/cisco-unity-panel.yaml index 4986d1038ee..56fdd9c5734 100644 --- a/http/exposed-panels/cisco-unity-panel.yaml +++ b/http/exposed-panels/cisco-unity-panel.yaml @@ -13,8 +13,7 @@ info: max-request: 2 vendor: cisco product: unity_connection - shodan-query: http.html:"cisco unity connection" - fofa-query: body="cisco unity connection" + shodan-query: html:"Cisco Unity Connection" tags: panel,cisco,unity,login,detect http: diff --git a/http/exposed-panels/cisco-webui-login.yaml b/http/exposed-panels/cisco-webui-login.yaml index 867486551c5..2bc08d233fd 100644 --- a/http/exposed-panels/cisco-webui-login.yaml +++ b/http/exposed-panels/cisco-webui-login.yaml @@ -8,7 +8,7 @@ info: Detects the presence of Cisco Web UI login panels metadata: verified: true - max-request: 2 + max-request: 1 shodan-query: html:"webui-centerpanel" fofa-query: body="webui-centerpanel" tags: webui,cisco,login,panel,detect diff --git a/http/exposed-panels/cisco/cisco-ace-device-manager.yaml b/http/exposed-panels/cisco/cisco-ace-device-manager.yaml index 414bb5a317f..f817e3e3ac1 100644 --- a/http/exposed-panels/cisco/cisco-ace-device-manager.yaml +++ b/http/exposed-panels/cisco/cisco-ace-device-manager.yaml @@ -11,10 +11,9 @@ info: cpe: cpe:2.3:h:cisco:ace_4710_application_control_engine:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: cisco + shodan-query: html:"ACE 4710 Device Manager" product: ace_4710_application_control_engine - shodan-query: http.html:"ace 4710 device manager" - fofa-query: body="ace 4710 device manager" + vendor: cisco tags: panel,cisco http: diff --git a/http/exposed-panels/cisco/cisco-edge-340.yaml b/http/exposed-panels/cisco/cisco-edge-340.yaml index cc84d6495b2..4cd00521f08 100644 --- a/http/exposed-panels/cisco/cisco-edge-340.yaml +++ b/http/exposed-panels/cisco/cisco-edge-340.yaml @@ -13,7 +13,9 @@ info: max-request: 1 vendor: cisco product: edge_340_firmware - shodan-query: http.title:"cisco edge 340" + shodan-query: + - http.title:"Cisco Edge 340" + - http.title:"cisco edge 340" fofa-query: title="cisco edge 340" google-query: intitle:"cisco edge 340" tags: panel,cisco diff --git a/http/exposed-panels/cisco/cisco-expressway-panel.yaml b/http/exposed-panels/cisco/cisco-expressway-panel.yaml index 39ee0112e97..d06cbff1561 100644 --- a/http/exposed-panels/cisco/cisco-expressway-panel.yaml +++ b/http/exposed-panels/cisco/cisco-expressway-panel.yaml @@ -15,8 +15,7 @@ info: max-request: 1 vendor: cisco product: expressway_software - shodan-query: http.html:"cisco expressway" - fofa-query: body="cisco expressway" + shodan-query: html:"Cisco Expressway" tags: panel,cisco,login,detect http: diff --git a/http/exposed-panels/cisco/cisco-ios-xe-panel.yaml b/http/exposed-panels/cisco/cisco-ios-xe-panel.yaml index 7d3135f74ef..c25715b650c 100644 --- a/http/exposed-panels/cisco/cisco-ios-xe-panel.yaml +++ b/http/exposed-panels/cisco/cisco-ios-xe-panel.yaml @@ -17,7 +17,7 @@ info: max-request: 2 vendor: cisco product: ios_xe - shodan-query: http.html_hash:"1076109428" + shodan-query: http.html_hash:1076109428 tags: panel,cisco,ssl ssl: - address: "{{Host}}:{{Port}}" diff --git a/http/exposed-panels/cisco/cisco-onprem-panel.yaml b/http/exposed-panels/cisco/cisco-onprem-panel.yaml index 3a283e57ff9..42e5264199c 100644 --- a/http/exposed-panels/cisco/cisco-onprem-panel.yaml +++ b/http/exposed-panels/cisco/cisco-onprem-panel.yaml @@ -16,8 +16,12 @@ info: max-request: 2 vendor: cisco product: smart_software_manager_on-prem - shodan-query: http.title:"on-prem license workspace" - fofa-query: title="on-prem license workspace" + shodan-query: + - title:"On-Prem License Workspace" + - http.title:"on-prem license workspace" + fofa-query: + - title="On-Prem License Workspace" + - title="on-prem license workspace" google-query: intitle:"on-prem license workspace" tags: cisco,manager,login,panel diff --git a/http/exposed-panels/cisco/cisco-telepresence.yaml b/http/exposed-panels/cisco/cisco-telepresence.yaml index 3d24fd4d5f4..a83b5c495f1 100644 --- a/http/exposed-panels/cisco/cisco-telepresence.yaml +++ b/http/exposed-panels/cisco/cisco-telepresence.yaml @@ -12,11 +12,9 @@ info: metadata: verified: true max-request: 1 - vendor: cisco + shodan-query: http.title:"Cisco Telepresence" product: telepresence_tc - shodan-query: http.title:"cisco telepresence" - fofa-query: title="cisco telepresence" - google-query: intitle:"cisco telepresence" + vendor: cisco tags: panel,cisco http: diff --git a/http/exposed-panels/cisco/cisco-ucs-kvm-login.yaml b/http/exposed-panels/cisco/cisco-ucs-kvm-login.yaml index 921ff1601b3..c5f1bc8a9a0 100644 --- a/http/exposed-panels/cisco/cisco-ucs-kvm-login.yaml +++ b/http/exposed-panels/cisco/cisco-ucs-kvm-login.yaml @@ -15,7 +15,9 @@ info: max-request: 1 vendor: cisco product: unified_computing_system - shodan-query: http.title:"cisco ucs kvm direct" + shodan-query: + - http.title:"Cisco UCS KVM Direct" + - http.title:"cisco ucs kvm direct" fofa-query: title="cisco ucs kvm direct" google-query: intitle:"cisco ucs kvm direct" tags: panel,cisco,ucs,kvm diff --git a/http/exposed-panels/clearpass-policy-manager.yaml b/http/exposed-panels/clearpass-policy-manager.yaml index 181c23a66e6..0310a842d8a 100644 --- a/http/exposed-panels/clearpass-policy-manager.yaml +++ b/http/exposed-panels/clearpass-policy-manager.yaml @@ -13,7 +13,9 @@ info: max-request: 1 vendor: arubanetworks product: clearpass_policy_manager - shodan-query: http.title:"clearpass policy manager" + shodan-query: + - http.title:"ClearPass Policy Manager" + - http.title:"clearpass policy manager" fofa-query: title="clearpass policy manager" google-query: intitle:"clearpass policy manager" tags: panel,aruba,arubanetworks diff --git a/http/exposed-panels/cloudlog-panel.yaml b/http/exposed-panels/cloudlog-panel.yaml index 27d830d5ea6..930104987fd 100644 --- a/http/exposed-panels/cloudlog-panel.yaml +++ b/http/exposed-panels/cloudlog-panel.yaml @@ -11,7 +11,7 @@ info: - https://lab.uberspace.de/guide_cloudlog/ metadata: verified: true - max-request: 2 + max-request: 1 fofa-query: title="Login - Cloudlog" tags: panel,login,cloudlog,detect diff --git a/http/exposed-panels/cloudpanel-login.yaml b/http/exposed-panels/cloudpanel-login.yaml index 2a8f3b8d505..dd63dd7a69a 100644 --- a/http/exposed-panels/cloudpanel-login.yaml +++ b/http/exposed-panels/cloudpanel-login.yaml @@ -12,8 +12,9 @@ info: vendor: mgt-commerce product: cloudpanel shodan-query: - - http.favicon.hash:"151132309" + - http.favicon.hash:151132309 - http.title:"cloudpanel" + - http.favicon.hash:"151132309" fofa-query: - icon_hash="151132309" - title="cloudpanel" diff --git a/http/exposed-panels/cobbler-webgui.yaml b/http/exposed-panels/cobbler-webgui.yaml index 7bb837a1605..c0ce11c793f 100644 --- a/http/exposed-panels/cobbler-webgui.yaml +++ b/http/exposed-panels/cobbler-webgui.yaml @@ -13,7 +13,9 @@ info: max-request: 1 vendor: cobblerd product: cobbler - shodan-query: http.title:"cobbler web interface" + shodan-query: + - http.title:"Cobbler Web Interface" + - http.title:"cobbler web interface" fofa-query: title="cobbler web interface" google-query: intitle:"cobbler web interface" tags: cobbler,webserver,panel,cobblerd diff --git a/http/exposed-panels/cockpit-project-panel.yaml b/http/exposed-panels/cockpit-project-panel.yaml index ead74e08f8a..7a554a8bb80 100644 --- a/http/exposed-panels/cockpit-project-panel.yaml +++ b/http/exposed-panels/cockpit-project-panel.yaml @@ -1,20 +1,20 @@ id: cockpit-project-panel -info: - name: Cockpit Project Login Panel - Detect - author: righettod - severity: info - description: | - Cockpit Project products was detected. - reference: - - https://github.com/cockpit-project/cockpit - - https://cockpit-project.org/ - metadata: - verified: true - max-request: 1 - shodan-query: http.html:"cockpit/static/login.css" - tags: panel,cockpit,login - +info: + name: Cockpit Project Login Panel - Detect + author: righettod + severity: info + description: | + Cockpit Project products was detected. + reference: + - https://github.com/cockpit-project/cockpit + - https://cockpit-project.org/ + metadata: + max-request: 1 + verified: true + shodan-query: http.html:"cockpit/static/login.css" + tags: panel,cockpit,login + http: - method: GET path: diff --git a/http/exposed-panels/codemeter-webadmin-panel.yaml b/http/exposed-panels/codemeter-webadmin-panel.yaml index 96745e73abc..a4ccd4143f6 100644 --- a/http/exposed-panels/codemeter-webadmin-panel.yaml +++ b/http/exposed-panels/codemeter-webadmin-panel.yaml @@ -13,8 +13,6 @@ info: max-request: 1 vendor: wibu product: codemeter - shodan-query: http.html:"codemeter" - fofa-query: body="codemeter" tags: codemeter,webadmin,panel,wibu http: diff --git a/http/exposed-panels/coldfusion-administrator-login.yaml b/http/exposed-panels/coldfusion-administrator-login.yaml index c784904504b..160f9ab7337 100644 --- a/http/exposed-panels/coldfusion-administrator-login.yaml +++ b/http/exposed-panels/coldfusion-administrator-login.yaml @@ -14,8 +14,9 @@ info: vendor: adobe product: coldfusion shodan-query: - - http.title:"coldfusion administrator login" + - http.title:"ColdFusion Administrator Login" - http.component:"adobe coldfusion" + - http.title:"coldfusion administrator login" - cpe:"cpe:2.3:a:adobe:coldfusion" fofa-query: - app="adobe-coldfusion" diff --git a/http/exposed-panels/concourse-ci-panel.yaml b/http/exposed-panels/concourse-ci-panel.yaml index b7911b98c42..116a5c9e70c 100644 --- a/http/exposed-panels/concourse-ci-panel.yaml +++ b/http/exposed-panels/concourse-ci-panel.yaml @@ -14,12 +14,10 @@ info: cpe: cpe:2.3:a:pivotal_software:concourse:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: pivotal_software + shodan-query: title:"Concourse" product: concourse - shodan-query: http.title:"concourse" - fofa-query: title="concourse" - google-query: intitle:"concourse" - tags: panel,concourse,oss,pivotal_software + vendor: pivotal_software + tags: panel,concourse,oss http: - method: GET diff --git a/http/exposed-panels/concrete5/concrete5-install.yaml b/http/exposed-panels/concrete5/concrete5-install.yaml index b55825c2937..27a7313a09d 100644 --- a/http/exposed-panels/concrete5/concrete5-install.yaml +++ b/http/exposed-panels/concrete5/concrete5-install.yaml @@ -15,8 +15,9 @@ info: vendor: concrete5 product: concrete5 shodan-query: - - http.title:"install concrete5" + - http.title:"Install concrete5" - cpe:"cpe:2.3:a:concrete5:concrete5" + - http.title:"install concrete5" - http.title:"concrete5" fofa-query: - title="install concrete5" diff --git a/http/exposed-panels/connect-box-login.yaml b/http/exposed-panels/connect-box-login.yaml index 95b0b1c2b18..0aa4c1e1f9f 100644 --- a/http/exposed-panels/connect-box-login.yaml +++ b/http/exposed-panels/connect-box-login.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: upc product: connect_box_eurodocsis_firmware - shodan-query: net-dk/1.0 + shodan-query: + - NET-DK/1.0 + - net-dk/1.0 tags: panel,connectbox,iot,upc http: diff --git a/http/exposed-panels/connectwise-panel.yaml b/http/exposed-panels/connectwise-panel.yaml index f7977233dcc..e1456579f0b 100644 --- a/http/exposed-panels/connectwise-panel.yaml +++ b/http/exposed-panels/connectwise-panel.yaml @@ -13,14 +13,12 @@ info: max-request: 1 vendor: connectwise product: screenconnect - shodan-query: http.favicon.hash:"-82958153" + shodan-query: http.favicon.hash:-82958153 fofa-query: - app="screenconnect-remote-support-software" - icon_hash=-82958153 hunter-query: app.name="connectwise screenconnect software" - zoomeye-query: - - app="screenconnect remote management software" - - app:"screenconnect remote management software" + zoomeye-query: app="screenconnect remote management software" tags: screenconnect,panel,connectwise,detect http: diff --git a/http/exposed-panels/contao-login-panel.yaml b/http/exposed-panels/contao-login-panel.yaml index 648ac36dd93..2bc46f89651 100644 --- a/http/exposed-panels/contao-login-panel.yaml +++ b/http/exposed-panels/contao-login-panel.yaml @@ -15,8 +15,9 @@ info: vendor: contao product: contao shodan-query: - - http.html:"contao open source cms" + - http.html:"Contao Open Source CMS" - http.title:"contao" + - http.html:"contao open source cms" - cpe:"cpe:2.3:a:contao:contao" fofa-query: - title="contao" diff --git a/http/exposed-panels/cortex-xsoar-login.yaml b/http/exposed-panels/cortex-xsoar-login.yaml index 2c7e6f009d0..987202421c3 100644 --- a/http/exposed-panels/cortex-xsoar-login.yaml +++ b/http/exposed-panels/cortex-xsoar-login.yaml @@ -13,7 +13,9 @@ info: max-request: 1 vendor: paloaltonetworks product: cortex_xsoar - shodan-query: http.title:"cortex xsoar" + shodan-query: + - http.title:"Cortex XSOAR" + - http.title:"cortex xsoar" fofa-query: title="cortex xsoar" google-query: intitle:"cortex xsoar" tags: panel,soar,login,paloaltonetworks diff --git a/http/exposed-panels/couchdb-exposure.yaml b/http/exposed-panels/couchdb-exposure.yaml index 333e8a1eadd..1e4255ac69a 100644 --- a/http/exposed-panels/couchdb-exposure.yaml +++ b/http/exposed-panels/couchdb-exposure.yaml @@ -16,7 +16,6 @@ info: shodan-query: - product:"couchdb" - cpe:"cpe:2.3:a:apache:couchdb" - fofa-query: app="apache-couchdb" tags: panel,couchdb,apache http: diff --git a/http/exposed-panels/couchdb-fauxton.yaml b/http/exposed-panels/couchdb-fauxton.yaml index e13de0496cc..8cfed330d57 100644 --- a/http/exposed-panels/couchdb-fauxton.yaml +++ b/http/exposed-panels/couchdb-fauxton.yaml @@ -16,7 +16,6 @@ info: shodan-query: - product:"couchdb" - cpe:"cpe:2.3:a:apache:couchdb" - fofa-query: app="apache-couchdb" tags: panel,apache,couchdb http: diff --git a/http/exposed-panels/cpanel-api-codes.yaml b/http/exposed-panels/cpanel-api-codes.yaml index 30dc3d1a9aa..c84282d83b0 100644 --- a/http/exposed-panels/cpanel-api-codes.yaml +++ b/http/exposed-panels/cpanel-api-codes.yaml @@ -15,9 +15,10 @@ info: vendor: cpanel product: cpanel shodan-query: - - http.title:"cpanel - api codes" + - title:"CPanel - API Codes" - http.title:"cpanel" - cpe:"cpe:2.3:a:cpanel:cpanel" + - http.title:"cpanel - api codes" fofa-query: - title="cpanel - api codes" - title="cpanel" diff --git a/http/exposed-panels/craftcms-admin-panel.yaml b/http/exposed-panels/craftcms-admin-panel.yaml index d0000976ed7..2bef7034d9e 100644 --- a/http/exposed-panels/craftcms-admin-panel.yaml +++ b/http/exposed-panels/craftcms-admin-panel.yaml @@ -14,8 +14,9 @@ info: vendor: nystudio107 product: seomatic shodan-query: - - x-powered-by:"craft cms" - - x-powered-by:"craft cms html"seomatic"" + - 'X-Powered-By: Craft CMS' + - "x-powered-by: craft cms" + - 'x-powered-by: craft cms html:"seomatic"' tags: panel,craftcms,nystudio107 http: diff --git a/http/exposed-panels/craftercms-panel.yaml b/http/exposed-panels/craftercms-panel.yaml index 51509bad33c..aed721715a9 100644 --- a/http/exposed-panels/craftercms-panel.yaml +++ b/http/exposed-panels/craftercms-panel.yaml @@ -16,8 +16,6 @@ info: vendor: craftercms product: craftercms shodan-query: http.title:"craftercms" - fofa-query: title="craftercms" - google-query: intitle:"craftercms" tags: panel,craftercms,login,detect http: diff --git a/http/exposed-panels/crush-ftp-login.yaml b/http/exposed-panels/crush-ftp-login.yaml index fd5bf8136e5..182b593a886 100644 --- a/http/exposed-panels/crush-ftp-login.yaml +++ b/http/exposed-panels/crush-ftp-login.yaml @@ -16,15 +16,8 @@ info: max-request: 1 vendor: crushftp product: crushftp - shodan-query: - - http.html:"crushftp" - - http.favicon.hash:"-1022206565" - - http.title:"crushftp webinterface" - fofa-query: - - body="crushftp" - - icon_hash="-1022206565" - - title="crushftp webinterface" - google-query: intitle:"crushftp webinterface" + shodan-query: http.html:"crushftp" + fofa-query: body="crushftp" tags: panel,edb,crushftp,detect http: diff --git a/http/exposed-panels/cwp-webpanel.yaml b/http/exposed-panels/cwp-webpanel.yaml index 0cd581e3725..6a033ed0ee0 100644 --- a/http/exposed-panels/cwp-webpanel.yaml +++ b/http/exposed-panels/cwp-webpanel.yaml @@ -11,14 +11,10 @@ info: cpe: cpe:2.3:a:control-webpanel:webpanel:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: control-webpanel + fofa-query: title=="CWP |用户" || title=="Login | CentOS WebPanel" || body="CentOS WebPanel" product: webpanel - fofa-query: - - title=="cwp |用户" || title=="login | centos webpanel" || body="centos webpanel" - - title="login | control webpanel" - shodan-query: http.title:"login | control webpanel" - google-query: intitle:"login | control webpanel" - tags: panel,centos,control-webpanel + vendor: control-webpanel + tags: panel,centos http: - method: GET diff --git a/http/exposed-panels/cyberchef-panel.yaml b/http/exposed-panels/cyberchef-panel.yaml index 23293598720..0ce3a589db1 100644 --- a/http/exposed-panels/cyberchef-panel.yaml +++ b/http/exposed-panels/cyberchef-panel.yaml @@ -15,10 +15,8 @@ info: max-request: 1 vendor: gchq product: cyberchef - shodan-query: http.title:"cyberchef" - fofa-query: title="cyberchef" - google-query: intitle:"cyberchef" - tags: panel,cyberchef,login,detect,gchq + shodan-query: title:"CyberChef" + tags: panel,cyberchef,login,detect http: - method: GET diff --git a/http/exposed-panels/cyberoam-ssl-vpn-panel.yaml b/http/exposed-panels/cyberoam-ssl-vpn-panel.yaml index 79a780ac122..e1660e93037 100644 --- a/http/exposed-panels/cyberoam-ssl-vpn-panel.yaml +++ b/http/exposed-panels/cyberoam-ssl-vpn-panel.yaml @@ -15,9 +15,13 @@ info: max-request: 1 vendor: sophos product: cyberoam - shodan-query: http.title:"cyberoam ssl vpn portal" + shodan-query: + - title:"Cyberoam SSL VPN Portal" + - http.title:"cyberoam ssl vpn portal" + google-query: + - intitle:"Cyberoam SSL VPN Portal" + - intitle:"cyberoam ssl vpn portal" fofa-query: title="cyberoam ssl vpn portal" - google-query: intitle:"cyberoam ssl vpn portal" tags: panel,cyberoam,vpn,sophos http: diff --git a/http/exposed-panels/cyberpanel-panel.yaml b/http/exposed-panels/cyberpanel-panel.yaml index 3285efe1608..d88c78b31f9 100644 --- a/http/exposed-panels/cyberpanel-panel.yaml +++ b/http/exposed-panels/cyberpanel-panel.yaml @@ -13,9 +13,9 @@ info: cwe-id: CWE-200 metadata: max-request: 1 - product: cyberpanel - shodan-query: http.html:"cyberpanel" + shodan-query: html:"cyberpanel" fofa-query: app="Cyberpanel" + product: cyberpanel tags: cyberpanel,panel,login,detect http: diff --git a/http/exposed-panels/dahua-web-panel.yaml b/http/exposed-panels/dahua-web-panel.yaml index c7abd899d36..74b82922953 100644 --- a/http/exposed-panels/dahua-web-panel.yaml +++ b/http/exposed-panels/dahua-web-panel.yaml @@ -14,11 +14,10 @@ info: metadata: verified: true max-request: 1 - vendor: dahuasecurity + shodan-query: http.favicon.hash:1653394551 product: sd22204db-gny-w - shodan-query: http.favicon.hash:"1653394551" - fofa-query: icon_hash=1653394551 - tags: edb,panel,dahua,detect,dahuasecurity + vendor: dahuasecurity + tags: edb,panel,dahua,detect http: - method: GET diff --git a/http/exposed-panels/danswer-panel.yaml b/http/exposed-panels/danswer-panel.yaml index 133cfcca7af..47013a7ccc0 100644 --- a/http/exposed-panels/danswer-panel.yaml +++ b/http/exposed-panels/danswer-panel.yaml @@ -14,8 +14,7 @@ info: vendor: danswer-ai product: danswer fofa-query: icon_hash="484766002" - shodan-query: http.favicon.hash:"484766002" - tags: panel,login,danswer,detect,danswer-ai + tags: panel,login,danswer,detect http: - method: GET diff --git a/http/exposed-panels/darktrace-threat-visualizer.yaml b/http/exposed-panels/darktrace-threat-visualizer.yaml index 4fba349ba91..a17335c6b02 100644 --- a/http/exposed-panels/darktrace-threat-visualizer.yaml +++ b/http/exposed-panels/darktrace-threat-visualizer.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: darktrace product: threat_visualizer - shodan-query: http.html:"darktrace threat visualizer" + shodan-query: + - html:"Darktrace Threat Visualizer" + - http.html:"darktrace threat visualizer" fofa-query: body="darktrace threat visualizer" tags: panel,darktrace diff --git a/http/exposed-panels/dashy-panel.yaml b/http/exposed-panels/dashy-panel.yaml index 1d5482eef8c..b44a6d74054 100644 --- a/http/exposed-panels/dashy-panel.yaml +++ b/http/exposed-panels/dashy-panel.yaml @@ -13,7 +13,7 @@ info: max-request: 1 vendor: dashy product: dashy - shodan-query: http.favicon.hash:"-1013024216" + shodan-query: http.favicon.hash:-1013024216 fofa-query: icon_hash=-1013024216 tags: panel,dashy,detect diff --git a/http/exposed-panels/dataease-panel.yaml b/http/exposed-panels/dataease-panel.yaml index 3e87b251b0d..2bc7a5590c8 100644 --- a/http/exposed-panels/dataease-panel.yaml +++ b/http/exposed-panels/dataease-panel.yaml @@ -15,7 +15,9 @@ info: max-request: 1 vendor: dataease product: dataease - shodan-query: http.html:"dataease" + shodan-query: + - html:"Dataease" + - http.html:"dataease" fofa-query: body="dataease" tags: login,panel,dataease diff --git a/http/exposed-panels/datagerry-panel.yaml b/http/exposed-panels/datagerry-panel.yaml index d6d8a997c5b..07d48d8c0fc 100644 --- a/http/exposed-panels/datagerry-panel.yaml +++ b/http/exposed-panels/datagerry-panel.yaml @@ -10,13 +10,13 @@ info: - https://datagerry.com/ metadata: verified: true - max-request: 2 + max-request: 1 vendor: becon product: datagerry shodan-query: http.title:"datagerry" fofa-query: title="datagerry" google-query: intitle:"datagerry" - tags: panel,login,datagerry,detect,becon + tags: panel,login,datagerry,detect http: - method: GET diff --git a/http/exposed-panels/dataiku-panel.yaml b/http/exposed-panels/dataiku-panel.yaml index eff7a3e9fad..8d3a4b8b056 100644 --- a/http/exposed-panels/dataiku-panel.yaml +++ b/http/exposed-panels/dataiku-panel.yaml @@ -12,11 +12,9 @@ info: metadata: verified: true max-request: 1 - vendor: dataiku + shodan-query: title:"dataiku" product: data_science_studio - shodan-query: http.title:"dataiku" - fofa-query: title="dataiku" - google-query: intitle:"dataiku" + vendor: dataiku tags: panel,dataiku http: diff --git a/http/exposed-panels/daybyday-panel.yaml b/http/exposed-panels/daybyday-panel.yaml index a7d3a775eab..7718807d20b 100644 --- a/http/exposed-panels/daybyday-panel.yaml +++ b/http/exposed-panels/daybyday-panel.yaml @@ -13,7 +13,9 @@ info: max-request: 1 vendor: daybydaycrm product: daybyday - shodan-query: http.title:"daybyday" + shodan-query: + - http.title:"Daybyday" + - http.title:"daybyday" fofa-query: title="daybyday" google-query: intitle:"daybyday" tags: panel,daybyday,daybydaycrm diff --git a/http/exposed-panels/deepmail-panel.yaml b/http/exposed-panels/deepmail-panel.yaml index 35eca7271de..4c5e9ea9715 100644 --- a/http/exposed-panels/deepmail-panel.yaml +++ b/http/exposed-panels/deepmail-panel.yaml @@ -9,9 +9,9 @@ info: classification: cwe-id: CWE-200 metadata: - verified: true max-request: 1 shodan-query: http.title:"Advanced eMail Solution DEEPMail" + verified: true tags: panel,deepmail,login,detect http: diff --git a/http/exposed-panels/defectdojo-panel.yaml b/http/exposed-panels/defectdojo-panel.yaml index aa32e52df59..13dd76de7f3 100644 --- a/http/exposed-panels/defectdojo-panel.yaml +++ b/http/exposed-panels/defectdojo-panel.yaml @@ -11,11 +11,10 @@ info: cpe: cpe:2.3:a:owasp:defectdojo:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: owasp + shodan-query: html:"DefectDojo Logo" product: defectdojo - shodan-query: http.html:"defectdojo logo" - fofa-query: body="defectdojo logo" - tags: panel,defectdojo,owasp + vendor: owasp + tags: panel,defectdojo http: - method: GET diff --git a/http/exposed-panels/dell-idrac.yaml b/http/exposed-panels/dell-idrac.yaml index 0102c5bdd67..c3499f6c777 100644 --- a/http/exposed-panels/dell-idrac.yaml +++ b/http/exposed-panels/dell-idrac.yaml @@ -12,10 +12,9 @@ info: metadata: verified: true max-request: 2 - vendor: dell + shodan-query: html:"thisIDRACText" product: emc_idrac_service_module - shodan-query: http.html:"thisidractext" - fofa-query: body="thisidractext" + vendor: dell tags: panel,idrac,dell,detect http: diff --git a/http/exposed-panels/dell-openmanager-login.yaml b/http/exposed-panels/dell-openmanager-login.yaml index 76c10c2e65b..ca31026bd2e 100644 --- a/http/exposed-panels/dell-openmanager-login.yaml +++ b/http/exposed-panels/dell-openmanager-login.yaml @@ -11,10 +11,9 @@ info: cpe: cpe:2.3:a:dell:openmanage:*:*:*:*:*:*:*:* metadata: max-request: 2 - vendor: dell + shodan-query: html:"Dell OpenManage Switch Administrator" product: openmanage - shodan-query: http.html:"dell openmanage switch administrator" - fofa-query: body="dell openmanage switch administrator" + vendor: dell tags: panel,dell http: diff --git a/http/exposed-panels/deluge-webui-panel.yaml b/http/exposed-panels/deluge-webui-panel.yaml index f784493833f..2a5a3ada5e9 100644 --- a/http/exposed-panels/deluge-webui-panel.yaml +++ b/http/exposed-panels/deluge-webui-panel.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: deluge-torrent product: deluge - shodan-query: http.title:"deluge webui" + shodan-query: + - title:"Deluge WebUI" + - http.title:"deluge webui" fofa-query: title="deluge webui" google-query: intitle:"deluge webui" tags: panel,deluge,deluge-torrent diff --git a/http/exposed-panels/dialogic-xms-console.yaml b/http/exposed-panels/dialogic-xms-console.yaml index c96c35c7bcf..4d2bbdf20cd 100644 --- a/http/exposed-panels/dialogic-xms-console.yaml +++ b/http/exposed-panels/dialogic-xms-console.yaml @@ -11,9 +11,7 @@ info: max-request: 1 vendor: dialogic product: powermedia_xms - shodan-query: http.title:"dialogic xms admin console" - fofa-query: title="dialogic xms admin console" - google-query: intitle:"dialogic xms admin console" + shodan-query: title:"Dialogic XMS Admin Console" tags: panel,dialogic,admin,login,detect http: diff --git a/http/exposed-panels/dify-panel.yaml b/http/exposed-panels/dify-panel.yaml index 5e2337e0fd5..53e4527ea77 100644 --- a/http/exposed-panels/dify-panel.yaml +++ b/http/exposed-panels/dify-panel.yaml @@ -14,8 +14,7 @@ info: vendor: langgenius product: dify fofa-query: icon_hash="97378986" - shodan-query: http.favicon.hash:"97378986" - tags: panel,login,dify,detect,langgenius + tags: panel,login,dify,detect http: - method: GET diff --git a/http/exposed-panels/directadmin-login-panel.yaml b/http/exposed-panels/directadmin-login-panel.yaml index 556a4b97e78..a254732ae1f 100644 --- a/http/exposed-panels/directadmin-login-panel.yaml +++ b/http/exposed-panels/directadmin-login-panel.yaml @@ -15,7 +15,9 @@ info: max-request: 1 vendor: directadmin product: directadmin - shodan-query: http.title:"directadmin login" + shodan-query: + - title:"DirectAdmin Login" + - http.title:"directadmin login" fofa-query: title="directadmin login" google-query: intitle:"directadmin login" tags: panel,directadmin diff --git a/http/exposed-panels/directum-login.yaml b/http/exposed-panels/directum-login.yaml index 0e765efc3e0..716face6bff 100644 --- a/http/exposed-panels/directum-login.yaml +++ b/http/exposed-panels/directum-login.yaml @@ -11,9 +11,9 @@ info: cpe: cpe:2.3:a:directum:directum:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: directum + fofa-query: title="Directum" product: directum - fofa-query: title="directum" + vendor: directum tags: directum,panel http: diff --git a/http/exposed-panels/discuz-panel.yaml b/http/exposed-panels/discuz-panel.yaml index 0beaf56d585..98a11673c30 100644 --- a/http/exposed-panels/discuz-panel.yaml +++ b/http/exposed-panels/discuz-panel.yaml @@ -11,10 +11,9 @@ info: max-request: 1 vendor: comsenz product: discuz\\! - shodan-query: http.title:"discuz!" - fofa-query: title="discuz!" - google-query: intitle:"discuz!" - tags: panel,discuz,detect,login,comsenz + shodan-query: title:"Discuz!" + fofa-query: title="Discuz!" + tags: panel,discuz,detect,login http: - method: GET diff --git a/http/exposed-panels/django-admin-panel.yaml b/http/exposed-panels/django-admin-panel.yaml index aebe86683cb..ad198e21946 100644 --- a/http/exposed-panels/django-admin-panel.yaml +++ b/http/exposed-panels/django-admin-panel.yaml @@ -10,18 +10,10 @@ info: cwe-id: CWE-200 cpe: cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:* metadata: - max-request: 1 + max-request: 2 vendor: djangoproject product: django - shodan-query: - - cpe:"cpe:2.3:a:djangoproject:django" || http.title:"django administration" - - cpe:"cpe:2.3:a:djangoproject:django" - - http.html:"settings.py" - - http.title:"the install worked successfully! congratulations!" - fofa-query: - - body=settings.py - - title="the install worked successfully! congratulations!" - google-query: intitle:"the install worked successfully! congratulations!" + shodan-query: cpe:"cpe:2.3:a:djangoproject:django" || http.title:"Django administration" tags: panel,django,python,djangoproject,login http: diff --git a/http/exposed-panels/docebo-elearning-panel.yaml b/http/exposed-panels/docebo-elearning-panel.yaml index b8f8f4ebd46..a6502e9630a 100644 --- a/http/exposed-panels/docebo-elearning-panel.yaml +++ b/http/exposed-panels/docebo-elearning-panel.yaml @@ -12,9 +12,9 @@ info: metadata: verified: true max-request: 1 - vendor: docebo + fofa-query: title="Docebo E-learning" product: docebo - fofa-query: title="docebo e-learning" + vendor: docebo tags: panel,docebo http: diff --git a/http/exposed-panels/dockge-panel.yaml b/http/exposed-panels/dockge-panel.yaml index c260676bac4..a8fd6bf4d18 100644 --- a/http/exposed-panels/dockge-panel.yaml +++ b/http/exposed-panels/dockge-panel.yaml @@ -16,10 +16,8 @@ info: max-request: 1 vendor: dockge.kuma product: dockge - shodan-query: http.title:"dockge" - fofa-query: title="dockge" - google-query: intitle:"dockge" - tags: panel,dockge,login,dockge.kuma + shodan-query: title:"Dockge" + tags: panel,dockge,login http: - method: GET diff --git a/http/exposed-panels/dokuwiki-panel.yaml b/http/exposed-panels/dokuwiki-panel.yaml index fcfe419f84a..ac7f8b92dee 100644 --- a/http/exposed-panels/dokuwiki-panel.yaml +++ b/http/exposed-panels/dokuwiki-panel.yaml @@ -15,14 +15,7 @@ info: max-request: 1 vendor: dokuwiki product: dokuwiki - shodan-query: - - http.html:"/dokuwiki/" - - cpe:"cpe:2.3:a:dokuwiki:dokuwiki" - - http.title:"dokuwiki" - fofa-query: - - body="/dokuwiki/" - - title="dokuwiki" - google-query: intitle:"dokuwiki" + shodan-query: http.html:"/dokuwiki/" tags: panel,dokuwiki,login http: diff --git a/http/exposed-panels/doris-panel.yaml b/http/exposed-panels/doris-panel.yaml index d2dfec775e2..5b12d23b800 100644 --- a/http/exposed-panels/doris-panel.yaml +++ b/http/exposed-panels/doris-panel.yaml @@ -12,9 +12,8 @@ info: max-request: 1 vendor: apache product: doris - shodan-query: http.favicon.hash:"24048806" - fofa-query: icon_hash="24048806" - tags: doris,panel,login,detect,apache + shodan-query: http.favicon.hash:24048806 + tags: doris,panel,login,detect http: - method: GET diff --git a/http/exposed-panels/dotclear-panel.yaml b/http/exposed-panels/dotclear-panel.yaml index e0b79431193..4837beed6ad 100644 --- a/http/exposed-panels/dotclear-panel.yaml +++ b/http/exposed-panels/dotclear-panel.yaml @@ -13,7 +13,9 @@ info: max-request: 2 vendor: dotclear product: dotclear - shodan-query: http.title:"dotclear" + shodan-query: + - http.title:"Dotclear" + - http.title:"dotclear" fofa-query: title="dotclear" google-query: intitle:"dotclear" tags: panel,dotclear diff --git a/http/exposed-panels/dradis-pro-panel.yaml b/http/exposed-panels/dradis-pro-panel.yaml index 0ef8eec96a6..32a288dc914 100644 --- a/http/exposed-panels/dradis-pro-panel.yaml +++ b/http/exposed-panels/dradis-pro-panel.yaml @@ -14,12 +14,10 @@ info: metadata: verified: true max-request: 1 - vendor: dradisframework + shodan-query: title:"Dradis Professional Edition" product: dradis - shodan-query: http.title:"dradis professional edition" - fofa-query: title="dradis professional edition" - google-query: intitle:"dradis professional edition" - tags: panel,dradis,dradisframework + vendor: dradisframework + tags: panel,dradis http: - method: GET diff --git a/http/exposed-panels/drawio-flowchartmaker-panel.yaml b/http/exposed-panels/drawio-flowchartmaker-panel.yaml index afce9df08d8..3a695ff2997 100644 --- a/http/exposed-panels/drawio-flowchartmaker-panel.yaml +++ b/http/exposed-panels/drawio-flowchartmaker-panel.yaml @@ -17,11 +17,9 @@ info: vendor: diagrams product: drawio shodan-query: + - http.title:"Flowchart Maker" - http.title:"flowchart maker" - - http.html:"draw.io" - fofa-query: - - title="flowchart maker" - - body="draw.io" + fofa-query: title="flowchart maker" google-query: intitle:"flowchart maker" tags: panel,drawio,oss,diagrams diff --git a/http/exposed-panels/druid-console-exposure.yaml b/http/exposed-panels/druid-console-exposure.yaml index 0f632e41c97..842d6d3761f 100644 --- a/http/exposed-panels/druid-console-exposure.yaml +++ b/http/exposed-panels/druid-console-exposure.yaml @@ -13,9 +13,6 @@ info: max-request: 1 vendor: alibaba product: druid - shodan-query: http.title:"apache druid" - fofa-query: title="apache druid" - google-query: intitle:"apache druid" tags: panel,alibaba,druid http: diff --git a/http/exposed-panels/druid-panel.yaml b/http/exposed-panels/druid-panel.yaml index 8e6b77ef682..bfb61de9eaf 100644 --- a/http/exposed-panels/druid-panel.yaml +++ b/http/exposed-panels/druid-panel.yaml @@ -13,9 +13,6 @@ info: max-request: 1 vendor: apache product: druid - shodan-query: http.title:"apache druid" - fofa-query: title="apache druid" - google-query: intitle:"apache druid" tags: panel,druid,apache http: diff --git a/http/exposed-panels/dzzoffice/dzzoffice-install.yaml b/http/exposed-panels/dzzoffice/dzzoffice-install.yaml index 80ad30b3acc..59496aedd16 100644 --- a/http/exposed-panels/dzzoffice/dzzoffice-install.yaml +++ b/http/exposed-panels/dzzoffice/dzzoffice-install.yaml @@ -15,13 +15,10 @@ info: max-request: 1 vendor: dzzoffice product: dzzoffice - shodan-query: - - http.favicon.hash:"-1961736892" - - http.html:"dzzoffice" + shodan-query: http.favicon.hash:-1961736892 fofa-query: - title="dzzoffice" - icon_hash=-1961736892 - - body="dzzoffice" tags: panel,dzzoffice,install http: diff --git a/http/exposed-panels/dzzoffice/dzzoffice-panel.yaml b/http/exposed-panels/dzzoffice/dzzoffice-panel.yaml index e88d0504ebb..a46f8e5e35f 100644 --- a/http/exposed-panels/dzzoffice/dzzoffice-panel.yaml +++ b/http/exposed-panels/dzzoffice/dzzoffice-panel.yaml @@ -11,15 +11,12 @@ info: metadata: verified: true max-request: 3 - vendor: dzzoffice + shodan-query: http.favicon.hash:-1961736892 product: dzzoffice - shodan-query: - - http.favicon.hash:"-1961736892" - - http.html:"dzzoffice" + vendor: dzzoffice fofa-query: - title="dzzoffice" - icon_hash=-1961736892 - - body="dzzoffice" tags: dzzoffice,panel http: diff --git a/http/exposed-panels/eMerge-panel.yaml b/http/exposed-panels/eMerge-panel.yaml index a6fca2607bc..239261a4624 100644 --- a/http/exposed-panels/eMerge-panel.yaml +++ b/http/exposed-panels/eMerge-panel.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: nortekcontrol product: linear_emerge_essential_firmware - shodan-query: http.title:"emerge" + shodan-query: + - http.title:"eMerge" + - http.title:"emerge" fofa-query: title="emerge" google-query: intitle:"emerge" tags: panel,emerge,nortek,nortekcontrol diff --git a/http/exposed-panels/eclipse-birt-panel.yaml b/http/exposed-panels/eclipse-birt-panel.yaml index cee5523c360..9edd77d9ebe 100644 --- a/http/exposed-panels/eclipse-birt-panel.yaml +++ b/http/exposed-panels/eclipse-birt-panel.yaml @@ -14,12 +14,11 @@ info: metadata: verified: true max-request: 2 - vendor: eclipse + shodan-query: title:"Eclipse BIRT Home" + google-query: intitle:"Eclipse BIRT Home" product: business_intelligence_and_reporting_tools - shodan-query: http.title:"eclipse birt home" - google-query: intitle:"eclipse birt home" - fofa-query: title="eclipse birt home" - tags: panel,eclipsebirt,detect,eclipse + vendor: eclipse + tags: panel,eclipsebirt,detect http: - method: GET diff --git a/http/exposed-panels/ekare-insight-panel.yaml b/http/exposed-panels/ekare-insight-panel.yaml index 555da5c55f7..86a4a7636ac 100644 --- a/http/exposed-panels/ekare-insight-panel.yaml +++ b/http/exposed-panels/ekare-insight-panel.yaml @@ -10,7 +10,6 @@ info: - https://www.ekare.ai/insight metadata: verified: true - max-request: 1 fofa-query: icon_hash="125375398" tags: panel,login,ekare,insight diff --git a/http/exposed-panels/emqx-panel.yaml b/http/exposed-panels/emqx-panel.yaml index 6b587a71584..602f1f8149c 100644 --- a/http/exposed-panels/emqx-panel.yaml +++ b/http/exposed-panels/emqx-panel.yaml @@ -15,9 +15,7 @@ info: max-request: 1 vendor: emqx product: emqx - shodan-query: http.title:"emqx dashboard" - fofa-query: title="emqx dashboard" - google-query: intitle:"emqx dashboard" + shodan-query: http.title:"EMQX Dashboard" tags: panel,emqx,login,detect http: diff --git a/http/exposed-panels/ems-webclient-panel.yaml b/http/exposed-panels/ems-webclient-panel.yaml index 1e5c71cde34..96db29a35c7 100644 --- a/http/exposed-panels/ems-webclient-panel.yaml +++ b/http/exposed-panels/ems-webclient-panel.yaml @@ -11,10 +11,10 @@ info: cpe: cpe:2.3:a:ems_project:ems:*:*:*:*:*:*:*:* metadata: max-request: 2 - vendor: ems_project + google-query: inurl:EMSWebClient/ product: ems - google-query: inurl:emswebclient/ - tags: panel,ems,ems_project + vendor: ems_project + tags: panel,ems http: - method: GET diff --git a/http/exposed-panels/endpoint-protector-panel.yaml b/http/exposed-panels/endpoint-protector-panel.yaml index a98ba364e1e..8052fa0dfbe 100644 --- a/http/exposed-panels/endpoint-protector-panel.yaml +++ b/http/exposed-panels/endpoint-protector-panel.yaml @@ -13,10 +13,8 @@ info: max-request: 1 vendor: cososys product: endpoint_protector - shodan-query: http.title:"endpoint protector" - fofa-query: title="endpoint protector" - google-query: intitle:"endpoint protector" - tags: panel,endpoint,login,detect,endpoint-protector,cososys + shodan-query: http.title:"Endpoint Protector" + tags: panel,endpoint,login,detect,endpoint-protector http: - method: GET diff --git a/http/exposed-panels/episerver-panel.yaml b/http/exposed-panels/episerver-panel.yaml index 22e4abc0183..e6d8037e02d 100644 --- a/http/exposed-panels/episerver-panel.yaml +++ b/http/exposed-panels/episerver-panel.yaml @@ -14,12 +14,9 @@ info: metadata: verified: true max-request: 1 - vendor: episerver + shodan-query: html:"epihash" product: episerver - shodan-query: - - http.html:"epihash" - - cpe:"cpe:2.3:a:episerver:episerver" - fofa-query: body="epihash" + vendor: episerver tags: panel,optimizely,episerver http: diff --git a/http/exposed-panels/esphome-panel.yaml b/http/exposed-panels/esphome-panel.yaml index 60f0956b845..9ca06d5b340 100644 --- a/http/exposed-panels/esphome-panel.yaml +++ b/http/exposed-panels/esphome-panel.yaml @@ -15,14 +15,10 @@ info: vendor: esphome product: esphome shodan-query: + - title:"Login - ESPHome" - http.title:"login - esphome" - - http.title:"dashboard - esphome" - fofa-query: - - title="login - esphome" - - title="dashboard - esphome" - google-query: - - intitle:"login - esphome" - - intitle:"dashboard - esphome" + fofa-query: title="login - esphome" + google-query: intitle:"login - esphome" tags: panel,esphome,iot http: diff --git a/http/exposed-panels/esxi-system.yaml b/http/exposed-panels/esxi-system.yaml index 075b13e3e13..f7912442e7b 100644 --- a/http/exposed-panels/esxi-system.yaml +++ b/http/exposed-panels/esxi-system.yaml @@ -14,6 +14,7 @@ info: vendor: vmware product: esxi shodan-query: + - html:"esxUiApp" - http.html:"esxuiapp" - cpe:"cpe:2.3:o:vmware:esxi" fofa-query: body="esxuiapp" diff --git a/http/exposed-panels/eventum-panel.yaml b/http/exposed-panels/eventum-panel.yaml index d4f2183eb05..f0bc57d7e29 100644 --- a/http/exposed-panels/eventum-panel.yaml +++ b/http/exposed-panels/eventum-panel.yaml @@ -14,7 +14,7 @@ info: max-request: 1 vendor: mysql product: eventum - shodan-query: http.favicon.hash:"305412257" + shodan-query: http.favicon.hash:305412257 fofa-query: icon_hash=305412257 tags: panel,eventum,mysql diff --git a/http/exposed-panels/evlink/evse-web-panel.yaml b/http/exposed-panels/evlink/evse-web-panel.yaml index 05a5228e01f..cfdb1d0e1ae 100644 --- a/http/exposed-panels/evlink/evse-web-panel.yaml +++ b/http/exposed-panels/evlink/evse-web-panel.yaml @@ -11,8 +11,12 @@ info: max-request: 2 vendor: schneider-electric product: evlink_charging_station_firmware - shodan-query: http.title:"evse web interface" - fofa-query: title="evse web interface" + shodan-query: + - title:"EVSE Web Interface" + - http.title:"evse web interface" + fofa-query: + - title="EVSE Web Interface" + - title="evse web interface" google-query: intitle:"evse web interface" tags: panel,evlink,evse,login,detect,schneider-electric diff --git a/http/exposed-panels/exagrid-manager-panel.yaml b/http/exposed-panels/exagrid-manager-panel.yaml index 917ccf4c12d..66f269dc068 100644 --- a/http/exposed-panels/exagrid-manager-panel.yaml +++ b/http/exposed-panels/exagrid-manager-panel.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: exagrid product: backup_appliance - shodan-query: http.title:"exagrid manager" + shodan-query: + - title:"ExaGrid Manager" + - http.title:"exagrid manager" fofa-query: title="exagrid manager" google-query: intitle:"exagrid manager" tags: exagrid,manager,login,panel diff --git a/http/exposed-panels/extron-cms-panel.yaml b/http/exposed-panels/extron-cms-panel.yaml index 0eb95ae9f94..e2414e2d009 100644 --- a/http/exposed-panels/extron-cms-panel.yaml +++ b/http/exposed-panels/extron-cms-panel.yaml @@ -15,9 +15,11 @@ info: vendor: ektron product: ektron_content_management_system shodan-query: + - http.html:"Ektron" - http.html:"ektron" - cpe:"cpe:2.3:a:ektron:ektron_content_management_system" fofa-query: + - app="Ektron-CMS" - app="ektron-cms" - body="ektron" tags: panel,ektron,cms diff --git a/http/exposed-panels/ez-publish-panel.yaml b/http/exposed-panels/ez-publish-panel.yaml index c992d02544a..a0cba9a9e82 100644 --- a/http/exposed-panels/ez-publish-panel.yaml +++ b/http/exposed-panels/ez-publish-panel.yaml @@ -12,12 +12,9 @@ info: metadata: verified: true max-request: 1 - vendor: ez + shodan-query: http.html:"eZ Publish" product: ez_publish - shodan-query: - - http.html:"ez publish" - - cpe:"cpe:2.3:a:ez:ez_publish" - fofa-query: body="ez publish" + vendor: ez tags: panel,ez http: diff --git a/http/exposed-panels/f-secure-policy-manager.yaml b/http/exposed-panels/f-secure-policy-manager.yaml index 199d44e6884..00cb9a7a203 100644 --- a/http/exposed-panels/f-secure-policy-manager.yaml +++ b/http/exposed-panels/f-secure-policy-manager.yaml @@ -13,7 +13,9 @@ info: max-request: 1 vendor: withsecure product: f-secure_policy_manager - shodan-query: http.title:"f-secure policy manager server" + shodan-query: + - http.title:"F-Secure Policy Manager Server" + - http.title:"f-secure policy manager server" fofa-query: title="f-secure policy manager server" google-query: intitle:"f-secure policy manager server" tags: login,panel,withsecure diff --git a/http/exposed-panels/falcosidekick-panel.yaml b/http/exposed-panels/falcosidekick-panel.yaml index d127277a4b9..91348a4f641 100644 --- a/http/exposed-panels/falcosidekick-panel.yaml +++ b/http/exposed-panels/falcosidekick-panel.yaml @@ -8,8 +8,8 @@ info: reference: - https://github.com/falcosecurity/falcosidekick-ui metadata: - verified: true max-request: 1 + verified: true shodan-query: http.title:"Falcosidekick" tags: panel,falco,detect,login diff --git a/http/exposed-panels/faraday-login.yaml b/http/exposed-panels/faraday-login.yaml index e3e767837a9..2efe0c61931 100644 --- a/http/exposed-panels/faraday-login.yaml +++ b/http/exposed-panels/faraday-login.yaml @@ -11,11 +11,10 @@ info: cpe: cpe:2.3:a:faraday_project:faraday:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: faraday_project + shodan-query: html:"faradayApp" product: faraday - shodan-query: http.html:"faradayapp" - fofa-query: body="faradayapp" - tags: panel,faraday,faraday_project + vendor: faraday_project + tags: panel,faraday http: - method: GET diff --git a/http/exposed-panels/filebrowser-login-panel.yaml b/http/exposed-panels/filebrowser-login-panel.yaml index eb62a7c74a9..2884268ef17 100644 --- a/http/exposed-panels/filebrowser-login-panel.yaml +++ b/http/exposed-panels/filebrowser-login-panel.yaml @@ -13,7 +13,7 @@ info: max-request: 3 vendor: filebrowser product: filebrowser - shodan-query: http.favicon.hash:"1052926265" + shodan-query: http.favicon.hash:1052926265 fofa-query: icon_hash=1052926265 tags: panel,filebrowser,detect diff --git a/http/exposed-panels/filegator-panel.yaml b/http/exposed-panels/filegator-panel.yaml index e318c5807d3..0d5ac1bf091 100644 --- a/http/exposed-panels/filegator-panel.yaml +++ b/http/exposed-panels/filegator-panel.yaml @@ -8,7 +8,7 @@ info: - https://serverpilot.io/docs/how-to-install-a-file-manager-on-your-server/#:~:text=You%20should%20see%20the%20FileGator,Password%3A%20admin123 metadata: verified: true - max-request: 1 + max-request: 2 shodan-query: title:"FileGator" tags: filegator,panel,login,detect diff --git a/http/exposed-panels/fiori-launchpad.yaml b/http/exposed-panels/fiori-launchpad.yaml index cbea65fd457..7342a36c5bf 100644 --- a/http/exposed-panels/fiori-launchpad.yaml +++ b/http/exposed-panels/fiori-launchpad.yaml @@ -16,7 +16,9 @@ info: max-request: 1 vendor: sap product: fiori_launchpad - google-query: sap/bc/ui5_ui5/ui2/ushell/shells/abap/fiorilaunchpad.html -site:sap.com + google-query: + - sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html -site:sap.com + - sap/bc/ui5_ui5/ui2/ushell/shells/abap/fiorilaunchpad.html -site:sap.com tags: sap,fiori,edb,panel http: diff --git a/http/exposed-panels/fireware-xtm-user-authentication.yaml b/http/exposed-panels/fireware-xtm-user-authentication.yaml index a8c5aa7e404..646b2d91756 100644 --- a/http/exposed-panels/fireware-xtm-user-authentication.yaml +++ b/http/exposed-panels/fireware-xtm-user-authentication.yaml @@ -13,7 +13,9 @@ info: max-request: 1 vendor: watchguard product: fireware_xtm - shodan-query: http.title:"fireware xtm user authentication" + shodan-query: + - http.title:"Fireware XTM User Authentication" + - http.title:"fireware xtm user authentication" fofa-query: title="fireware xtm user authentication" google-query: intitle:"fireware xtm user authentication" tags: panel,watchguard diff --git a/http/exposed-panels/footprints-panel.yaml b/http/exposed-panels/footprints-panel.yaml index 69a2cafcdc3..f978865edf0 100644 --- a/http/exposed-panels/footprints-panel.yaml +++ b/http/exposed-panels/footprints-panel.yaml @@ -12,12 +12,10 @@ info: metadata: verified: true max-request: 2 - vendor: bmc + shodan-query: title:"FootPrints Service Core Login" product: footprints_service_core - shodan-query: http.title:"footprints service core login" - fofa-query: title="footprints service core login" - google-query: intitle:"footprints service core login" - tags: tech,panel,footprints,bmc + vendor: bmc + tags: tech,panel,footprints http: - method: GET diff --git a/http/exposed-panels/forti/fortiadc-panel.yaml b/http/exposed-panels/forti/fortiadc-panel.yaml index 3a1b4d96345..d284e4d3fb8 100644 --- a/http/exposed-panels/forti/fortiadc-panel.yaml +++ b/http/exposed-panels/forti/fortiadc-panel.yaml @@ -16,7 +16,9 @@ info: max-request: 1 vendor: fortinet product: fortiadc - shodan-query: http.title:"fortiadc" + shodan-query: + - title:"FortiADC" + - http.title:"fortiadc" fofa-query: title="fortiadc" google-query: intitle:"fortiadc" tags: panel,fortinet diff --git a/http/exposed-panels/fortinet/fortiap-panel.yaml b/http/exposed-panels/fortinet/fortiap-panel.yaml index a756e7cb424..ab26806d852 100644 --- a/http/exposed-panels/fortinet/fortiap-panel.yaml +++ b/http/exposed-panels/fortinet/fortiap-panel.yaml @@ -16,7 +16,9 @@ info: max-request: 1 vendor: fortinet product: fortiap - shodan-query: http.title:"fortiap" + shodan-query: + - title:"FortiAP" + - http.title:"fortiap" fofa-query: title="fortiap" google-query: intitle:"fortiap" tags: panel,fortinet,fortiap diff --git a/http/exposed-panels/fortinet/fortiauthenticator-detect.yaml b/http/exposed-panels/fortinet/fortiauthenticator-detect.yaml index ad1519573a2..eb26c7908e2 100644 --- a/http/exposed-panels/fortinet/fortiauthenticator-detect.yaml +++ b/http/exposed-panels/fortinet/fortiauthenticator-detect.yaml @@ -14,7 +14,7 @@ info: max-request: 1 vendor: fortinet product: fortiauthenticator - shodan-query: http.favicon.hash:"-1653412201" + shodan-query: http.favicon.hash:-1653412201 fofa-query: icon_hash=-1653412201 tags: panel,fortinet,fortiauthenticator,detect diff --git a/http/exposed-panels/fortinet/forticlientems-panel.yaml b/http/exposed-panels/fortinet/forticlientems-panel.yaml index 2596f91520a..8cc6c024699 100644 --- a/http/exposed-panels/fortinet/forticlientems-panel.yaml +++ b/http/exposed-panels/fortinet/forticlientems-panel.yaml @@ -11,8 +11,7 @@ info: max-request: 1 vendor: fortinet product: forticlient_endpoint_management_server - shodan-query: http.favicon.hash:"-800551065" - fofa-query: icon_hash=-800551065 + shodan-query: http.favicon.hash:-800551065 tags: panel,fortinet,forticlient,ems,login,detect http: diff --git a/http/exposed-panels/fortinet/fortimail-panel.yaml b/http/exposed-panels/fortinet/fortimail-panel.yaml index a952ab3c2d5..49740e00f9b 100644 --- a/http/exposed-panels/fortinet/fortimail-panel.yaml +++ b/http/exposed-panels/fortinet/fortimail-panel.yaml @@ -13,8 +13,11 @@ info: max-request: 1 vendor: fortinet product: fortimail - shodan-query: http.title:"fortimail" + shodan-query: + - title:"Fortimail" + - http.title:"fortimail" fofa-query: + - Fortimail && port=443 - fortimail && port=443 - title="fortimail" google-query: intitle:"fortimail" diff --git a/http/exposed-panels/fortinet/fortinet-fortiddos-panel.yaml b/http/exposed-panels/fortinet/fortinet-fortiddos-panel.yaml index 224227f58f0..2998ef5dde2 100644 --- a/http/exposed-panels/fortinet/fortinet-fortiddos-panel.yaml +++ b/http/exposed-panels/fortinet/fortinet-fortiddos-panel.yaml @@ -15,7 +15,9 @@ info: max-request: 1 vendor: fortinet product: fortiddos - shodan-query: http.title:"fortiddos" + shodan-query: + - http.title:"FortiDDoS" + - http.title:"fortiddos" fofa-query: title="fortiddos" google-query: intitle:"fortiddos" tags: panel,fortinet,fortiddos,login diff --git a/http/exposed-panels/fortinet/fortinet-fortinac-panel.yaml b/http/exposed-panels/fortinet/fortinet-fortinac-panel.yaml index 613a131615d..a2b452a4f7f 100644 --- a/http/exposed-panels/fortinet/fortinet-fortinac-panel.yaml +++ b/http/exposed-panels/fortinet/fortinet-fortinac-panel.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: fortinet product: fortinac - shodan-query: http.title:"fortinac" + shodan-query: + - http.title:"Fortinac" + - http.title:"fortinac" fofa-query: title="fortinac" google-query: intitle:"fortinac" tags: panel,fortinet,fortinac,login diff --git a/http/exposed-panels/fortinet/fortinet-panel.yaml b/http/exposed-panels/fortinet/fortinet-panel.yaml index c22f5c396ab..0cf1894a7bf 100644 --- a/http/exposed-panels/fortinet/fortinet-panel.yaml +++ b/http/exposed-panels/fortinet/fortinet-panel.yaml @@ -12,15 +12,9 @@ info: metadata: verified: true max-request: 2 - vendor: fortinet + shodan-query: http.title:"FORTINET LOGIN" product: fortiportal - shodan-query: - - http.title:"fortinet login" - - http.html:"fortiportal" - fofa-query: - - body="fortiportal" - - title="fortinet login" - google-query: intitle:"fortinet login" + vendor: fortinet tags: panel,fortinet,login,detect http: diff --git a/http/exposed-panels/fortinet/fortios-management-panel.yaml b/http/exposed-panels/fortinet/fortios-management-panel.yaml index 13a32463be6..742de6e0896 100644 --- a/http/exposed-panels/fortinet/fortios-management-panel.yaml +++ b/http/exposed-panels/fortinet/fortios-management-panel.yaml @@ -15,9 +15,9 @@ info: vendor: fortinet product: fortios shodan-query: - - http.favicon.hash:"945408572" + - http.favicon.hash:945408572 - cpe:"cpe:2.3:o:fortinet:fortios" - - port:"10443 http.favicon.hash945408572" + - port:10443 http.favicon.hash:945408572 - http.html:"/remote/login" "xxxxxxxx" fofa-query: - body="/remote/login" "xxxxxxxx" diff --git a/http/exposed-panels/fortinet/fortios-panel.yaml b/http/exposed-panels/fortinet/fortios-panel.yaml index c16f143b621..5a028f1cb44 100644 --- a/http/exposed-panels/fortinet/fortios-panel.yaml +++ b/http/exposed-panels/fortinet/fortios-panel.yaml @@ -18,9 +18,9 @@ info: vendor: fortinet product: fortios shodan-query: - - http.favicon.hash:"945408572" + - http.favicon.hash:945408572 - cpe:"cpe:2.3:o:fortinet:fortios" - - port:"10443 http.favicon.hash945408572" + - port:10443 http.favicon.hash:945408572 - http.html:"/remote/login" "xxxxxxxx" fofa-query: - body="/remote/login" "xxxxxxxx" diff --git a/http/exposed-panels/fortinet/fortisiem-panel.yaml b/http/exposed-panels/fortinet/fortisiem-panel.yaml index 4dbd9c88fd3..e626521c878 100644 --- a/http/exposed-panels/fortinet/fortisiem-panel.yaml +++ b/http/exposed-panels/fortinet/fortisiem-panel.yaml @@ -10,11 +10,10 @@ info: metadata: verified: true max-request: 2 - vendor: fortinet + shodan-query: "http.favicon.hash:-1341442175" product: fortisiem - shodan-query: http.favicon.hash:"-1341442175" - fofa-query: icon_hash=-1341442175 - tags: panel,fortisiem,fortinet + vendor: fortinet + tags: panel,fortisiem flow: http(1) && http(2) http: - method: GET diff --git a/http/exposed-panels/fortinet/fortitester-login-panel.yaml b/http/exposed-panels/fortinet/fortitester-login-panel.yaml index bdb8d477f68..d5df0deb040 100644 --- a/http/exposed-panels/fortinet/fortitester-login-panel.yaml +++ b/http/exposed-panels/fortinet/fortitester-login-panel.yaml @@ -16,7 +16,9 @@ info: max-request: 2 vendor: fortinet product: fortitester - shodan-query: http.title:"fortitester" + shodan-query: + - title:"FortiTester" + - http.title:"fortitester" fofa-query: title="fortitester" google-query: intitle:"fortitester" tags: panel,fortinet diff --git a/http/exposed-panels/fortinet/fortiweb-panel.yaml b/http/exposed-panels/fortinet/fortiweb-panel.yaml index 4adde9cce6e..c5e38915f11 100644 --- a/http/exposed-panels/fortinet/fortiweb-panel.yaml +++ b/http/exposed-panels/fortinet/fortiweb-panel.yaml @@ -13,7 +13,9 @@ info: max-request: 1 vendor: fortinet product: fortiweb - shodan-query: http.title:"fortiweb - " + shodan-query: + - http.title:"FortiWeb - " + - http.title:"fortiweb - " fofa-query: title="fortiweb - " google-query: intitle:"fortiweb - " tags: panel,fortinet,fortiweb,login diff --git a/http/exposed-panels/fortinet/fortiwlm-panel.yaml b/http/exposed-panels/fortinet/fortiwlm-panel.yaml index c9372d9251b..11f00f433c8 100644 --- a/http/exposed-panels/fortinet/fortiwlm-panel.yaml +++ b/http/exposed-panels/fortinet/fortiwlm-panel.yaml @@ -17,6 +17,7 @@ info: vendor: fortinet product: fortiwlm shodan-query: + - html:"fortiwlm" - http.html:"fortiwlm" - http.title:"fortiwlm" fofa-query: diff --git a/http/exposed-panels/fortiswitch-panel.yaml b/http/exposed-panels/fortiswitch-panel.yaml index b2372b12d53..35e3327d535 100644 --- a/http/exposed-panels/fortiswitch-panel.yaml +++ b/http/exposed-panels/fortiswitch-panel.yaml @@ -1,19 +1,19 @@ id: fortiswitch-panel -info: - name: Fortiswitch Panel - Detect - author: rxerium - severity: info - description: | - Fortiswitch panel was detected. - metadata: - verified: true - max-request: 1 - vendor: fortinet - product: fortiswitch - fofa-query: app="fortiswitch" - tags: login,panel,fortiswitch,fortinet - +info: + name: Fortiswitch Panel - Detect + author: rxerium + severity: info + description: | + Fortiswitch panel was detected. + metadata: + verified: true + max-request: 1 + vendor: fortinet + product: fortiswitch + fofa-query: app="FortiSwitch" + tags: login,panel,fortiswitch + http: - method: GET path: diff --git a/http/exposed-panels/fossbilling-panel.yaml b/http/exposed-panels/fossbilling-panel.yaml index 0d2da16d2d7..1e15c2a6ef9 100644 --- a/http/exposed-panels/fossbilling-panel.yaml +++ b/http/exposed-panels/fossbilling-panel.yaml @@ -13,9 +13,7 @@ info: max-request: 1 vendor: fossbilling product: fossbilling - shodan-query: http.title:"fossbilling" - fofa-query: title="fossbilling" - google-query: intitle:"fossbilling" + shodan-query: title:"FOSSBilling" tags: fossbilling,panel,detect http: diff --git a/http/exposed-panels/frappe-helpdesk-panel.yaml b/http/exposed-panels/frappe-helpdesk-panel.yaml index 24f6788d94b..91f7094c746 100644 --- a/http/exposed-panels/frappe-helpdesk-panel.yaml +++ b/http/exposed-panels/frappe-helpdesk-panel.yaml @@ -10,8 +10,8 @@ info: - https://frappe.io/helpdesk - https://github.com/frappe/helpdesk metadata: - verified: true max-request: 1 + verified: true shodan-query: http.html:"window.frappe_version" tags: panel,frappe,login diff --git a/http/exposed-panels/frappe-panel.yaml b/http/exposed-panels/frappe-panel.yaml index 0c1ea47f9f7..02cb1012a84 100644 --- a/http/exposed-panels/frappe-panel.yaml +++ b/http/exposed-panels/frappe-panel.yaml @@ -12,7 +12,7 @@ info: verified: true max-request: 1 shodan-query: html:"Login to Frappe" - tags: frappe,login,web,erp,detect,panel + tags: frappe,login,web,erp,detect http: - method: GET diff --git a/http/exposed-panels/freeipa-panel.yaml b/http/exposed-panels/freeipa-panel.yaml index 9d0cea8258b..e251de47737 100644 --- a/http/exposed-panels/freeipa-panel.yaml +++ b/http/exposed-panels/freeipa-panel.yaml @@ -14,7 +14,9 @@ info: max-request: 2 vendor: freeipa product: freeipa - shodan-query: http.html:"freeipa" + shodan-query: + - html:"FreeIPA" + - http.html:"freeipa" fofa-query: body="freeipa" tags: panel,login,freeipa diff --git a/http/exposed-panels/freepbx-administration-panel.yaml b/http/exposed-panels/freepbx-administration-panel.yaml index fa0e431d720..7f721e149b5 100644 --- a/http/exposed-panels/freepbx-administration-panel.yaml +++ b/http/exposed-panels/freepbx-administration-panel.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: sangoma product: freepbx - shodan-query: http.title:"freepbx administration" + shodan-query: + - http.title:"FreePBX Administration" + - http.title:"freepbx administration" fofa-query: title="freepbx administration" google-query: intitle:"freepbx administration" tags: freepbx,panel,sangoma diff --git a/http/exposed-panels/freshrss-panel.yaml b/http/exposed-panels/freshrss-panel.yaml index 779bf33fad2..2459d2f7658 100644 --- a/http/exposed-panels/freshrss-panel.yaml +++ b/http/exposed-panels/freshrss-panel.yaml @@ -13,11 +13,7 @@ info: max-request: 1 vendor: freshrss product: freshrss - shodan-query: http.title:"freshrss" - fofa-query: - - title="freshrss" - - title="installation · freshrss" - google-query: intitle:"freshrss" + shodan-query: title:"Freshrss" tags: freshrss,panel,detect http: diff --git a/http/exposed-panels/friendica-panel.yaml b/http/exposed-panels/friendica-panel.yaml index 3ed334e4980..82b2df4cb05 100644 --- a/http/exposed-panels/friendica-panel.yaml +++ b/http/exposed-panels/friendica-panel.yaml @@ -15,7 +15,9 @@ info: max-request: 1 vendor: friendica product: friendica - shodan-query: http.title:"friendica" + shodan-query: + - http.title:"Friendica" + - http.title:"friendica" fofa-query: title="friendica" google-query: intitle:"friendica" tags: friendica,panel,login,detect diff --git a/http/exposed-panels/froxlor-management-panel.yaml b/http/exposed-panels/froxlor-management-panel.yaml index 09b2f4a1f5e..40680eff774 100644 --- a/http/exposed-panels/froxlor-management-panel.yaml +++ b/http/exposed-panels/froxlor-management-panel.yaml @@ -14,10 +14,10 @@ info: max-request: 1 vendor: froxlor product: froxlor - shodan-query: http.title:"froxlor server management panel" - fofa-query: - - title="froxlor server management panel" - - title="froxlor server management panel - installation" + shodan-query: + - title:"Froxlor Server Management Panel" + - http.title:"froxlor server management panel" + fofa-query: title="froxlor server management panel" google-query: intitle:"froxlor server management panel" tags: panel,froxlor diff --git a/http/exposed-panels/ftm-manager-panel.yaml b/http/exposed-panels/ftm-manager-panel.yaml index 0243e971336..9b72647360e 100644 --- a/http/exposed-panels/ftm-manager-panel.yaml +++ b/http/exposed-panels/ftm-manager-panel.yaml @@ -15,12 +15,15 @@ info: vendor: ibm product: financial_transaction_manager shodan-query: + - http.html:"FTM manager" - http.html:"ftm manager" - http.title:"ftm manager" + google-query: + - intitle:"FTM manager" + - intitle:"ftm manager" fofa-query: - title="ftm manager" - body="ftm manager" - google-query: intitle:"ftm manager" tags: panel,ftm,ibm http: diff --git a/http/exposed-panels/fusionauth-admin-panel.yaml b/http/exposed-panels/fusionauth-admin-panel.yaml index b440a31c66f..47c957de7f2 100644 --- a/http/exposed-panels/fusionauth-admin-panel.yaml +++ b/http/exposed-panels/fusionauth-admin-panel.yaml @@ -12,14 +12,10 @@ info: vendor: fusionauth product: fusionauth shodan-query: + - title:"FusionAuth" - http.title:"fusionauth" - - http.title:"fusionauth setup wizard" - fofa-query: - - title="fusionauth" - - title="fusionauth setup wizard" - google-query: - - intitle:"fusionauth" - - intitle:"fusionauth setup wizard" + fofa-query: title="fusionauth" + google-query: intitle:"fusionauth" tags: panel,fusionauth,detect,login http: diff --git a/http/exposed-panels/gargoyle-router.yaml b/http/exposed-panels/gargoyle-router.yaml index 9adfff167d1..98460c01826 100644 --- a/http/exposed-panels/gargoyle-router.yaml +++ b/http/exposed-panels/gargoyle-router.yaml @@ -14,12 +14,10 @@ info: metadata: verified: true max-request: 1 - vendor: gargoyle-router + shodan-query: title:"Gargoyle Router Management Utility" product: gargoyle - shodan-query: http.title:"gargoyle router management utility" - fofa-query: title="gargoyle router management utility" - google-query: intitle:"gargoyle router management utility" - tags: panel,iot,gargoyle,router,edb,gargoyle-router + vendor: gargoyle-router + tags: panel,iot,gargoyle,router,edb http: - method: GET diff --git a/http/exposed-panels/geoserver-login-panel.yaml b/http/exposed-panels/geoserver-login-panel.yaml index 35e147a1a8a..3857c7f067a 100644 --- a/http/exposed-panels/geoserver-login-panel.yaml +++ b/http/exposed-panels/geoserver-login-panel.yaml @@ -15,8 +15,8 @@ info: vendor: osgeo product: geoserver shodan-query: + - title:"GeoServer" - http.title:"geoserver" - - server:"geohttpserver" fofa-query: - app="geoserver" - title="geoserver" diff --git a/http/exposed-panels/gespage-panel.yaml b/http/exposed-panels/gespage-panel.yaml index 13509141a7c..77753bc18a5 100644 --- a/http/exposed-panels/gespage-panel.yaml +++ b/http/exposed-panels/gespage-panel.yaml @@ -11,9 +11,9 @@ info: cpe: cpe:2.3:a:gespage:gespage:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: gespage + shodan-query: Path=/gespage product: gespage - shodan-query: path=/gespage + vendor: gespage tags: panel,gespage http: diff --git a/http/exposed-panels/ghe-encrypt-saml.yaml b/http/exposed-panels/ghe-encrypt-saml.yaml index fd5620c4fef..9d64c0fd966 100644 --- a/http/exposed-panels/ghe-encrypt-saml.yaml +++ b/http/exposed-panels/ghe-encrypt-saml.yaml @@ -12,7 +12,7 @@ info: verified: true max-request: 1 shodan-query: title:"GitHub Enterprise" - tags: github,ghe,saml,panel + tags: github,ghe,saml http: - method: GET diff --git a/http/exposed-panels/ghost-panel.yaml b/http/exposed-panels/ghost-panel.yaml index c4bebd0065a..0740341f584 100644 --- a/http/exposed-panels/ghost-panel.yaml +++ b/http/exposed-panels/ghost-panel.yaml @@ -15,8 +15,7 @@ info: max-request: 1 vendor: ghost product: ghost - fofa-query: app="ghost" - shodan-query: http.component:"ghost" + fofa-query: app="Ghost" tags: panel,ghost,login,detect http: diff --git a/http/exposed-panels/gira-homeserver-homepage.yaml b/http/exposed-panels/gira-homeserver-homepage.yaml index e1c82481cf0..8322727e9ef 100644 --- a/http/exposed-panels/gira-homeserver-homepage.yaml +++ b/http/exposed-panels/gira-homeserver-homepage.yaml @@ -12,11 +12,9 @@ info: metadata: verified: true max-request: 1 - vendor: gira + shodan-query: title:"Gira HomeServer 4" product: gira_home_server_firmware - shodan-query: http.title:"gira homeserver 4" - fofa-query: title="gira homeserver 4" - google-query: intitle:"gira homeserver 4" + vendor: gira tags: panel,gira http: diff --git a/http/exposed-panels/gitblit-panel.yaml b/http/exposed-panels/gitblit-panel.yaml index 9ee1d944c9e..97b4e080d69 100644 --- a/http/exposed-panels/gitblit-panel.yaml +++ b/http/exposed-panels/gitblit-panel.yaml @@ -15,6 +15,7 @@ info: vendor: gitblit product: gitblit shodan-query: + - http.title:"Gitblit" - http.title:"gitblit" - http.html:"gitblit" fofa-query: diff --git a/http/exposed-panels/gitea-login.yaml b/http/exposed-panels/gitea-login.yaml index 5800e944619..1a63bac497a 100644 --- a/http/exposed-panels/gitea-login.yaml +++ b/http/exposed-panels/gitea-login.yaml @@ -14,19 +14,14 @@ info: vendor: gitea product: gitea shodan-query: + - html:"Powered by Gitea Version" - http.html:"powered by gitea version" - http.title:"gitea" - cpe:"cpe:2.3:a:gitea:gitea" - - http.html:"powered by gitea" - - 'http.title:"installation - gitea: git with a cup of tea"' fofa-query: - title="gitea" - body="powered by gitea version" - - body="powered by gitea" - - 'title="installation - gitea: git with a cup of tea"' - google-query: - - intitle:"gitea" - - 'intitle:"installation - gitea: git with a cup of tea"' + google-query: intitle:"gitea" tags: gitea,panel http: diff --git a/http/exposed-panels/github-enterprise-detect.yaml b/http/exposed-panels/github-enterprise-detect.yaml index 4ec36895719..3b6575f7fee 100644 --- a/http/exposed-panels/github-enterprise-detect.yaml +++ b/http/exposed-panels/github-enterprise-detect.yaml @@ -15,7 +15,7 @@ info: vendor: github product: enterprise_server shodan-query: - - http.title:"setup github enterprise" + - title:"Setup GitHub Enterprise" - micro focus dsd tags: panel,github diff --git a/http/exposed-panels/gitlab-detect.yaml b/http/exposed-panels/gitlab-detect.yaml index 1fc91a89476..a56de417f53 100644 --- a/http/exposed-panels/gitlab-detect.yaml +++ b/http/exposed-panels/gitlab-detect.yaml @@ -14,14 +14,10 @@ info: vendor: gitlab product: gitlab shodan-query: - - http.title:"gitlab" + - http.title:"GitLab" - cpe:"cpe:2.3:a:gitlab:gitlab" - - http.html:"gitlab enterprise edition" - - http.html:"gitlab-ci.yml" - fofa-query: - - title="gitlab" - - body="gitlab enterprise edition" - - body="gitlab-ci.yml" + - http.title:"gitlab" + fofa-query: title="gitlab" google-query: intitle:"gitlab" tags: panel,gitlab diff --git a/http/exposed-panels/gitlab-saml.yaml b/http/exposed-panels/gitlab-saml.yaml index 223adca9e94..e708147b8a7 100644 --- a/http/exposed-panels/gitlab-saml.yaml +++ b/http/exposed-panels/gitlab-saml.yaml @@ -15,11 +15,9 @@ info: - http.title:"gitlab" - cpe:"cpe:2.3:a:gitlab:gitlab" - http.html:"gitlab enterprise edition" - - http.html:"gitlab-ci.yml" fofa-query: - body="gitlab enterprise edition" - title="gitlab" - - body="gitlab-ci.yml" google-query: intitle:"gitlab" tags: panel,saml,gitlab diff --git a/http/exposed-panels/gladinet-centrestack-panel.yaml b/http/exposed-panels/gladinet-centrestack-panel.yaml index 3fab7525701..2d4dec4469e 100644 --- a/http/exposed-panels/gladinet-centrestack-panel.yaml +++ b/http/exposed-panels/gladinet-centrestack-panel.yaml @@ -1,20 +1,20 @@ id: gladinet-centrestack-panel -info: - name: CentreStack Login Panel - Detect - author: rxerium - severity: info - description: | - Gladinet CentreStack login panel was detected. - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N - cwe-id: CWE-200 - metadata: - verified: true - max-request: 1 - shodan-query: title:"CentreStack" - tags: panel,centrestack,login,gladinet - +info: + name: CentreStack Login Panel - Detect + author: rxerium + severity: info + description: | + Gladinet CentreStack login panel was detected. + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cwe-id: CWE-200 + metadata: + verified: true + max-request: 1 + shodan-query: title:"CentreStack" + tags: panel,centrestack,login,gladinet + http: - method: GET path: diff --git a/http/exposed-panels/glpi-panel.yaml b/http/exposed-panels/glpi-panel.yaml index 7c5f1d204c1..5ec19e1ffb4 100644 --- a/http/exposed-panels/glpi-panel.yaml +++ b/http/exposed-panels/glpi-panel.yaml @@ -18,13 +18,12 @@ info: vendor: glpi-project product: glpi shodan-query: + - http.title:"GLPI" - http.title:"glpi" - http.favicon.hash:"-1474875778" - - http.html:"setup glpi" fofa-query: - title="glpi" - icon_hash="-1474875778" - - body="setup glpi" google-query: intitle:"glpi" tags: glpi,edb,panel,glpi-project diff --git a/http/exposed-panels/gnu-mailman.yaml b/http/exposed-panels/gnu-mailman.yaml index a1c80ebb1b7..5d849a9ae0e 100644 --- a/http/exposed-panels/gnu-mailman.yaml +++ b/http/exposed-panels/gnu-mailman.yaml @@ -16,6 +16,7 @@ info: vendor: gnu product: mailman shodan-query: + - title:"Mailing Lists" - http.title:"mailing lists" - cpe:"cpe:2.3:a:gnu:mailman" fofa-query: title="mailing lists" diff --git a/http/exposed-panels/goanywhere-mft-login.yaml b/http/exposed-panels/goanywhere-mft-login.yaml index 990c555d1e0..ef4bf1211b2 100644 --- a/http/exposed-panels/goanywhere-mft-login.yaml +++ b/http/exposed-panels/goanywhere-mft-login.yaml @@ -12,21 +12,10 @@ info: metadata: verified: true max-request: 2 - vendor: fortra + shodan-query: http.html:"GoAnywhere Managed File Transfer" product: goanywhere_managed_file_transfer - shodan-query: - - http.html:"goanywhere managed file transfer" - - http.favicon.hash:"1484947000" - - http.favicon.hash:"1484947000,1828756398,1170495932" - fofa-query: - - app="goanywhere-mft" - - body="goanywhere managed file transfer" - - icon_hash=1484947000 - - icon_hash=1484947000,1828756398,1170495932 - zoomeye-query: - - app:"fortra goanywhere-mft" - - app="fortra goanywhere-mft" - tags: panel,goanywhere,login,filetransfer,fortra + vendor: fortra + tags: panel,goanywhere,login,filetransfer http: - method: GET diff --git a/http/exposed-panels/gocd-login.yaml b/http/exposed-panels/gocd-login.yaml index 0295543e5dc..8576b9f0163 100644 --- a/http/exposed-panels/gocd-login.yaml +++ b/http/exposed-panels/gocd-login.yaml @@ -14,6 +14,7 @@ info: vendor: thoughtworks product: gocd shodan-query: + - html:"GoCD Version" - http.html:"gocd version" - http.title:"create a pipeline - go" html:"gocd version" fofa-query: diff --git a/http/exposed-panels/gocron-panel.yaml b/http/exposed-panels/gocron-panel.yaml index 3231d75319f..1e645eb8f27 100644 --- a/http/exposed-panels/gocron-panel.yaml +++ b/http/exposed-panels/gocron-panel.yaml @@ -11,10 +11,10 @@ info: cpe: cpe:2.3:a:gocron_project:gocron:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: gocron_project - product: gocron fofa-query: app="gocron-定时任务系统" - tags: gocron,panel,gocron_project + product: gocron + vendor: gocron_project + tags: gocron,panel http: - method: GET diff --git a/http/exposed-panels/gogs-panel.yaml b/http/exposed-panels/gogs-panel.yaml index 0b106bda3ac..6787aada377 100644 --- a/http/exposed-panels/gogs-panel.yaml +++ b/http/exposed-panels/gogs-panel.yaml @@ -17,15 +17,13 @@ info: vendor: gogs product: gogs shodan-query: + - title:"Sign In - Gogs" - http.title:"sign in - gogs" - cpe:"cpe:2.3:a:gogs:gogs" - - http.title:"installation - gogs" - fofa-query: - - title="sign in - gogs" - - title="installation - gogs" google-query: + - intitle:"Sign In - Gogs" - intitle:"sign in - gogs" - - intitle:"installation - gogs" + fofa-query: title="sign in - gogs" tags: panel,gogs http: diff --git a/http/exposed-panels/gophish-login.yaml b/http/exposed-panels/gophish-login.yaml index e557ba0c67b..c762320ae06 100644 --- a/http/exposed-panels/gophish-login.yaml +++ b/http/exposed-panels/gophish-login.yaml @@ -11,12 +11,10 @@ info: cpe: cpe:2.3:a:getgophish:gophish:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: getgophish + shodan-query: http.title:"Gophish - Login" product: gophish - shodan-query: http.title:"gophish - login" - fofa-query: title="gophish - login" - google-query: intitle:"gophish - login" - tags: panel,gophish,getgophish + vendor: getgophish + tags: panel,gophish http: - method: GET diff --git a/http/exposed-panels/gotify-panel.yaml b/http/exposed-panels/gotify-panel.yaml index b6850d90627..d79653d4d87 100644 --- a/http/exposed-panels/gotify-panel.yaml +++ b/http/exposed-panels/gotify-panel.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: gotify product: server - shodan-query: http.title:"gotify" + shodan-query: + - http.title:"Gotify" + - http.title:"gotify" fofa-query: title="gotify" google-query: intitle:"gotify" tags: panel,gotify,login,detect diff --git a/http/exposed-panels/gradle/gradle-cache-node-detect.yaml b/http/exposed-panels/gradle/gradle-cache-node-detect.yaml index e49aad7192d..3e5f784b1fe 100644 --- a/http/exposed-panels/gradle/gradle-cache-node-detect.yaml +++ b/http/exposed-panels/gradle/gradle-cache-node-detect.yaml @@ -11,8 +11,8 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cwe-id: CWE-200 metadata: - verified: true max-request: 1 + verified: true shodan-query: http.html:"Gradle Enterprise Build Cache Node" tags: panel,gradle,detect diff --git a/http/exposed-panels/gradle/gradle-develocity-panel.yaml b/http/exposed-panels/gradle/gradle-develocity-panel.yaml index 724d2ab4a06..eb0f6bfb61b 100644 --- a/http/exposed-panels/gradle/gradle-develocity-panel.yaml +++ b/http/exposed-panels/gradle/gradle-develocity-panel.yaml @@ -14,8 +14,7 @@ info: max-request: 1 vendor: gradle product: build_cache_node - shodan-query: http.html:"develocity build cache node" - fofa-query: body="develocity build cache node" + shodan-query: http.html:"Develocity Build Cache Node" tags: panel,gradle,detect,login http: diff --git a/http/exposed-panels/grafana-detect.yaml b/http/exposed-panels/grafana-detect.yaml index ff106726503..b53f486b081 100644 --- a/http/exposed-panels/grafana-detect.yaml +++ b/http/exposed-panels/grafana-detect.yaml @@ -14,13 +14,14 @@ info: vendor: grafana product: grafana shodan-query: - - http.title:"grafana" + - title:"Grafana" - cpe:"cpe:2.3:a:grafana:grafana" + - http.title:"grafana" + category: devops fofa-query: - title="grafana" - app="grafana" google-query: intitle:"grafana" - category: devops tags: panel,grafana,detect http: diff --git a/http/exposed-panels/graphite-browser.yaml b/http/exposed-panels/graphite-browser.yaml index 6e7ca6bed45..7baeecd625a 100644 --- a/http/exposed-panels/graphite-browser.yaml +++ b/http/exposed-panels/graphite-browser.yaml @@ -13,12 +13,10 @@ info: cpe: cpe:2.3:a:graphite_project:graphite:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: graphite_project + shodan-query: http.title:"Graphite Browser" product: graphite - shodan-query: http.title:"graphite browser" - fofa-query: title="graphite browser" - google-query: intitle:"graphite browser" - tags: graphite,panel,graphite_project + vendor: graphite_project + tags: graphite,panel http: - method: GET diff --git a/http/exposed-panels/graylog-panel.yaml b/http/exposed-panels/graylog-panel.yaml index bddc10054c5..8297baab9c2 100644 --- a/http/exposed-panels/graylog-panel.yaml +++ b/http/exposed-panels/graylog-panel.yaml @@ -15,11 +15,7 @@ info: max-request: 1 vendor: graylog product: graylog - shodan-query: - - http.title:"graylog web interface" - - graylog - fofa-query: title="graylog web interface" - google-query: intitle:"graylog web interface" + shodan-query: http.title:"Graylog Web Interface" tags: panel,graylog,login,detect http: diff --git a/http/exposed-panels/greenbone-panel.yaml b/http/exposed-panels/greenbone-panel.yaml index 41e78eff83d..33031c8987a 100644 --- a/http/exposed-panels/greenbone-panel.yaml +++ b/http/exposed-panels/greenbone-panel.yaml @@ -13,12 +13,12 @@ info: max-request: 1 vendor: greenbone product: greenbone_security_assistant - shodan-query: http.title:"greenbone security assistant" + shodan-query: + - http.title:"Greenbone Security Assistant" + - http.title:"greenbone security assistant" + zoomeye-query: title="Greenbone Security Assistant" fofa-query: title="greenbone security assistant" google-query: intitle:"greenbone security assistant" - zoomeye-query: - - title="greenbone security assistant" - - title:"greenbone security assistant" tags: panel,greenbone,login http: diff --git a/http/exposed-panels/h2console-panel.yaml b/http/exposed-panels/h2console-panel.yaml index e71d226d2ee..f86a03b1da3 100644 --- a/http/exposed-panels/h2console-panel.yaml +++ b/http/exposed-panels/h2console-panel.yaml @@ -17,12 +17,10 @@ info: vendor: h2database product: h2 shodan-query: + - http.title:"H2 Console" - http.title:"h2 console" - cpe:"cpe:2.3:a:h2database:h2" - - http.favicon.hash:"116323821" - fofa-query: - - title="h2 console" - - icon_hash=116323821 + fofa-query: title="h2 console" google-query: intitle:"h2 console" tags: panel,h2,console,h2database diff --git a/http/exposed-panels/hangfire-dashboard.yaml b/http/exposed-panels/hangfire-dashboard.yaml index aa326a2670d..c4b479799fb 100644 --- a/http/exposed-panels/hangfire-dashboard.yaml +++ b/http/exposed-panels/hangfire-dashboard.yaml @@ -14,7 +14,9 @@ info: max-request: 2 vendor: hangfire product: hangfire - shodan-query: http.title:"overview – hangfire dashboard" + shodan-query: + - title:"Overview – Hangfire Dashboard" + - http.title:"overview – hangfire dashboard" fofa-query: title="overview – hangfire dashboard" google-query: intitle:"overview – hangfire dashboard" tags: panel,hangfire diff --git a/http/exposed-panels/harbor-panel.yaml b/http/exposed-panels/harbor-panel.yaml index 883aa3b4373..ff3e3df4530 100644 --- a/http/exposed-panels/harbor-panel.yaml +++ b/http/exposed-panels/harbor-panel.yaml @@ -16,7 +16,7 @@ info: max-request: 4 vendor: linuxfoundation product: harbor - shodan-query: http.favicon.hash:"657337228" + shodan-query: http.favicon.hash:657337228 fofa-query: icon_hash=657337228 tags: panel,harbor,linuxfoundation,detect,login diff --git a/http/exposed-panels/hashicorp-consul-webgui.yaml b/http/exposed-panels/hashicorp-consul-webgui.yaml index efbdfc78a47..3ff06616d41 100644 --- a/http/exposed-panels/hashicorp-consul-webgui.yaml +++ b/http/exposed-panels/hashicorp-consul-webgui.yaml @@ -14,6 +14,7 @@ info: vendor: hashicorp product: consul shodan-query: + - http.title:"Consul by HashiCorp" - http.title:"consul by hashicorp" - cpe:"cpe:2.3:a:hashicorp:consul" fofa-query: title="consul by hashicorp" diff --git a/http/exposed-panels/hestia-panel.yaml b/http/exposed-panels/hestia-panel.yaml index 8997f85a869..d2fafddfdff 100644 --- a/http/exposed-panels/hestia-panel.yaml +++ b/http/exposed-panels/hestia-panel.yaml @@ -17,8 +17,9 @@ info: vendor: hestiacp product: control_panel shodan-query: + - title:"Hestia Control Panel" + - http.favicon.hash:-476299640 - http.title:"hestia control panel" - - http.favicon.hash:"-476299640" fofa-query: - icon_hash=-476299640 - title="hestia control panel" diff --git a/http/exposed-panels/highmail-admin-panel.yaml b/http/exposed-panels/highmail-admin-panel.yaml index 5d8f8bc5e07..d79b2f76eec 100644 --- a/http/exposed-panels/highmail-admin-panel.yaml +++ b/http/exposed-panels/highmail-admin-panel.yaml @@ -13,8 +13,12 @@ info: max-request: 2 vendor: aryanic product: high_cms - shodan-query: http.title:"highmail" - fofa-query: title="highmail" + shodan-query: + - title:"HighMail" + - http.title:"highmail" + fofa-query: + - title="HighMail" + - title="highmail" google-query: intitle:"highmail" tags: highmail,panel,aryanic diff --git a/http/exposed-panels/hivemanager-login-panel.yaml b/http/exposed-panels/hivemanager-login-panel.yaml index e77cf8e2606..250a9f9beca 100644 --- a/http/exposed-panels/hivemanager-login-panel.yaml +++ b/http/exposed-panels/hivemanager-login-panel.yaml @@ -12,10 +12,9 @@ info: metadata: verified: true max-request: 1 - vendor: aerohive + shodan-query: http.favicon.hash:1604363273 product: hivemanager_classic - shodan-query: http.favicon.hash:"1604363273" - fofa-query: icon_hash=1604363273 + vendor: aerohive tags: panel,hivemanager,aerohive http: diff --git a/http/exposed-panels/home-assistant-panel.yaml b/http/exposed-panels/home-assistant-panel.yaml index 40bcb2c3aaa..82fe03cae92 100644 --- a/http/exposed-panels/home-assistant-panel.yaml +++ b/http/exposed-panels/home-assistant-panel.yaml @@ -12,14 +12,10 @@ info: metadata: verified: true max-request: 1 - vendor: home-assistant + shodan-query: http.title:"Home Assistant" product: home-assistant - shodan-query: - - http.title:"home assistant" - - cpe:"cpe:2.3:a:home-assistant:home-assistant" - fofa-query: title="home assistant" - google-query: intitle:"home assistant" - tags: panel,iot,homeassistant,home-assistant + vendor: home-assistant + tags: panel,iot,homeassistant http: - method: GET diff --git a/http/exposed-panels/homematic-panel.yaml b/http/exposed-panels/homematic-panel.yaml index e4f66078ad7..05005837578 100644 --- a/http/exposed-panels/homematic-panel.yaml +++ b/http/exposed-panels/homematic-panel.yaml @@ -13,7 +13,9 @@ info: max-request: 1 vendor: eq-3 product: homematic_ccu3_firmware - shodan-query: http.html:"homematic" + shodan-query: + - http.html:"Homematic" + - http.html:"homematic" fofa-query: body="homematic" tags: panel,homematic,iot,eq-3 diff --git a/http/exposed-panels/hospital-management-panel.yaml b/http/exposed-panels/hospital-management-panel.yaml index b86db0289fa..83747e24231 100644 --- a/http/exposed-panels/hospital-management-panel.yaml +++ b/http/exposed-panels/hospital-management-panel.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: hospital_management_system_project product: hospital_management_system - shodan-query: http.html:"hospital management system" + shodan-query: + - http.html:"Hospital Management System" + - http.html:"hospital management system" fofa-query: body="hospital management system" tags: panel,hms,cms,hospital_management_system_project diff --git a/http/exposed-panels/hp-service-manager.yaml b/http/exposed-panels/hp-service-manager.yaml index d1ad50189ae..e2b11968b3c 100644 --- a/http/exposed-panels/hp-service-manager.yaml +++ b/http/exposed-panels/hp-service-manager.yaml @@ -13,7 +13,9 @@ info: max-request: 2 vendor: hp product: service_manager - shodan-query: http.title:"hp service manager" + shodan-query: + - http.title:"HP Service Manager" + - http.title:"hp service manager" fofa-query: title="hp service manager" google-query: intitle:"hp service manager" tags: panel,hp,service diff --git a/http/exposed-panels/huawei-hg532e-panel.yaml b/http/exposed-panels/huawei-hg532e-panel.yaml index fa059e08a34..b70fa3079b0 100644 --- a/http/exposed-panels/huawei-hg532e-panel.yaml +++ b/http/exposed-panels/huawei-hg532e-panel.yaml @@ -14,10 +14,9 @@ info: cpe: cpe:2.3:h:huawei:hg532e:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: huawei + shodan-query: http.html:"HG532e" product: hg532e - shodan-query: http.html:"hg532e" - fofa-query: body="hg532e" + vendor: huawei tags: huawei,panel http: diff --git a/http/exposed-panels/huginn-panel.yaml b/http/exposed-panels/huginn-panel.yaml index 2e0128a1287..1f820b866cb 100644 --- a/http/exposed-panels/huginn-panel.yaml +++ b/http/exposed-panels/huginn-panel.yaml @@ -9,8 +9,8 @@ info: reference: - https://github.com/huginn/huginn metadata: - verified: true max-request: 1 + verified: true shodan-query: http.favicon.hash:-1951475503 tags: panel,huginn,login diff --git a/http/exposed-panels/huly-panel.yaml b/http/exposed-panels/huly-panel.yaml index 1ddba6cf29f..7cf2dea507e 100644 --- a/http/exposed-panels/huly-panel.yaml +++ b/http/exposed-panels/huly-panel.yaml @@ -9,8 +9,8 @@ info: reference: - https://huly.io/ metadata: - verified: true max-request: 1 + verified: true shodan-query: http.html:"Huly" tags: panel,huly,login diff --git a/http/exposed-panels/hybris-administration-console.yaml b/http/exposed-panels/hybris-administration-console.yaml index b845a42a23a..efda2d29bd1 100644 --- a/http/exposed-panels/hybris-administration-console.yaml +++ b/http/exposed-panels/hybris-administration-console.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: sap product: hybris - shodan-query: http.title:"hybris" + shodan-query: + - title:"Hybris" + - http.title:"hybris" fofa-query: title="hybris" google-query: intitle:"hybris" tags: panel,hybris,sap diff --git a/http/exposed-panels/hydra-dashboard.yaml b/http/exposed-panels/hydra-dashboard.yaml index f07cbf253c8..cbfdf48bd42 100644 --- a/http/exposed-panels/hydra-dashboard.yaml +++ b/http/exposed-panels/hydra-dashboard.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: hydra_project product: hydra - shodan-query: http.title:"hydra router dashboard" + shodan-query: + - title:"Hydra Router Dashboard" + - http.title:"hydra router dashboard" fofa-query: title="hydra router dashboard" google-query: intitle:"hydra router dashboard" tags: panel,exposure,hydra,hydra_project diff --git a/http/exposed-panels/hyperplanning-panel.yaml b/http/exposed-panels/hyperplanning-panel.yaml index b596a95eb54..1f52c5031c0 100644 --- a/http/exposed-panels/hyperplanning-panel.yaml +++ b/http/exposed-panels/hyperplanning-panel.yaml @@ -1,18 +1,18 @@ id: hyperplanning-panel -info: - name: HYPERPLANNING Login Panel - Detect - author: righettod - severity: info - description: | - HYPERPLANNING products was detected. - reference: - - https://www.index-education.com/fr/presentation-hyperplanning.php - metadata: - max-request: 1 - shodan-query: http.title:"HYPERPLANNING" - tags: panel,hyperplanning,login,detect - +info: + name: HYPERPLANNING Login Panel - Detect + author: righettod + severity: info + description: | + HYPERPLANNING products was detected. + reference: + - https://www.index-education.com/fr/presentation-hyperplanning.php + metadata: + max-request: 1 + shodan-query: http.title:"HYPERPLANNING" + tags: panel,hyperplanning,login,detect + http: - method: GET path: diff --git a/http/exposed-panels/ibm/ibm-advanced-system-management.yaml b/http/exposed-panels/ibm/ibm-advanced-system-management.yaml index 0dcffe53ac6..b54ccb02249 100644 --- a/http/exposed-panels/ibm/ibm-advanced-system-management.yaml +++ b/http/exposed-panels/ibm/ibm-advanced-system-management.yaml @@ -11,8 +11,8 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cwe-id: CWE-200 metadata: - verified: true max-request: 2 + verified: true shodan-query: title:"Advanced System Management" fofa-query: title="Advanced System Management" tags: panel,ibm,login,detect diff --git a/http/exposed-panels/ibm/ibm-api-connect-panel.yaml b/http/exposed-panels/ibm/ibm-api-connect-panel.yaml index 2bfde47fc89..80fc0f336ae 100644 --- a/http/exposed-panels/ibm/ibm-api-connect-panel.yaml +++ b/http/exposed-panels/ibm/ibm-api-connect-panel.yaml @@ -8,7 +8,7 @@ info: reference: - https://www.ibm.com/products/api-connect/developer-portal metadata: - max-request: 2 + max-request: 1 tags: panel,ibm,api,detect,login http: diff --git a/http/exposed-panels/ibm/ibm-maximo-login.yaml b/http/exposed-panels/ibm/ibm-maximo-login.yaml index 84397834f98..d9020d4bb83 100644 --- a/http/exposed-panels/ibm/ibm-maximo-login.yaml +++ b/http/exposed-panels/ibm/ibm-maximo-login.yaml @@ -17,7 +17,7 @@ info: max-request: 1 vendor: ibm product: maximo_asset_management - shodan-query: http.favicon.hash:"-399298961" + shodan-query: http.favicon.hash:-399298961 fofa-query: icon_hash=-399298961 tags: maximo,panel,ibm,login,detect diff --git a/http/exposed-panels/ibm/ibm-note-login.yaml b/http/exposed-panels/ibm/ibm-note-login.yaml index 11521cc697f..ce09dd93fc4 100644 --- a/http/exposed-panels/ibm/ibm-note-login.yaml +++ b/http/exposed-panels/ibm/ibm-note-login.yaml @@ -12,12 +12,10 @@ info: cwe-id: CWE-200 cpe: cpe:2.3:a:ibm:inotes:*:*:*:*:*:*:*:* metadata: - max-request: 3 + max-request: 2 vendor: ibm + shodan-query: http.title:"IBM iNotes Login" product: inotes - shodan-query: http.title:"ibm inotes login" - fofa-query: title="ibm inotes login" - google-query: intitle:"ibm inotes login" tags: ibm,edb,panel,login,detect http: diff --git a/http/exposed-panels/ibm/ibm-odm-panel.yaml b/http/exposed-panels/ibm/ibm-odm-panel.yaml index 82cf02a7d7f..ed464083819 100644 --- a/http/exposed-panels/ibm/ibm-odm-panel.yaml +++ b/http/exposed-panels/ibm/ibm-odm-panel.yaml @@ -16,16 +16,8 @@ info: max-request: 1 vendor: ibm product: operational_decision_manager - shodan-query: - - http.title:"decision center | business console" - - http.favicon.hash:"707491698" - - http.html:"ibm odm" - fofa-query: - - title="decision center | business console" - - body="ibm odm" - - icon_hash="707491698" - - title="ibm odm" - google-query: intitle:"decision center | business console" + shodan-query: http.title:"Decision Center | Business Console" + fofa-query: title="Decision Center | Business Console" tags: panel,ibm,login,detect,decision-center http: diff --git a/http/exposed-panels/ibm/ibm-security-access-manager.yaml b/http/exposed-panels/ibm/ibm-security-access-manager.yaml index 8f3cfe9a2a6..ded0e1ba0fe 100644 --- a/http/exposed-panels/ibm/ibm-security-access-manager.yaml +++ b/http/exposed-panels/ibm/ibm-security-access-manager.yaml @@ -14,10 +14,8 @@ info: metadata: max-request: 1 vendor: ibm + shodan-query: http.title:"IBM Security Access Manager" product: security_access_manager - shodan-query: http.title:"ibm security access manager" - fofa-query: title="ibm security access manager" - google-query: intitle:"ibm security access manager" tags: panel,ibm,login,detect http: diff --git a/http/exposed-panels/ibm/ibm-websphere-admin-panel.yaml b/http/exposed-panels/ibm/ibm-websphere-admin-panel.yaml index 8ce8d4ac3b6..81ace22e950 100644 --- a/http/exposed-panels/ibm/ibm-websphere-admin-panel.yaml +++ b/http/exposed-panels/ibm/ibm-websphere-admin-panel.yaml @@ -16,7 +16,7 @@ info: max-request: 1 vendor: ibm product: websphere_application_server - shodan-query: http.favicon.hash:"1337147129" + shodan-query: http.favicon.hash:1337147129 fofa-query: icon_hash=1337147129 tags: websphere,panel,ibm diff --git a/http/exposed-panels/ibm/ibm-websphere-panel.yaml b/http/exposed-panels/ibm/ibm-websphere-panel.yaml index e0360972901..28ed1b1dc44 100644 --- a/http/exposed-panels/ibm/ibm-websphere-panel.yaml +++ b/http/exposed-panels/ibm/ibm-websphere-panel.yaml @@ -14,6 +14,7 @@ info: vendor: ibm product: websphere_portal shodan-query: + - http.html:"IBM WebSphere Portal" - http.html:"ibm websphere portal" - cpe:"cpe:2.3:a:ibm:websphere_portal" fofa-query: body="ibm websphere portal" diff --git a/http/exposed-panels/icewarp-panel-detect.yaml b/http/exposed-panels/icewarp-panel-detect.yaml index cd2e350f6a6..d7c18520e2f 100644 --- a/http/exposed-panels/icewarp-panel-detect.yaml +++ b/http/exposed-panels/icewarp-panel-detect.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: icewarp product: icewarp_server - shodan-query: http.title:"icewarp" + shodan-query: + - title:"icewarp" + - http.title:"icewarp" fofa-query: title="icewarp" google-query: intitle:"icewarp" tags: icewarp,panel diff --git a/http/exposed-panels/icinga-web-login.yaml b/http/exposed-panels/icinga-web-login.yaml index 535ac05fbab..00fcfa8ef3d 100644 --- a/http/exposed-panels/icinga-web-login.yaml +++ b/http/exposed-panels/icinga-web-login.yaml @@ -14,8 +14,9 @@ info: vendor: icinga product: icinga_web_2 shodan-query: - - http.title:"icinga web 2 login" + - http.title:"Icinga Web 2 Login" - http.title:"icinga" + - http.title:"icinga web 2 login" fofa-query: - title="icinga web 2 login" - title="icinga" diff --git a/http/exposed-panels/ictprotege-login-panel.yaml b/http/exposed-panels/ictprotege-login-panel.yaml index 39caee632dd..ff616c4472d 100644 --- a/http/exposed-panels/ictprotege-login-panel.yaml +++ b/http/exposed-panels/ictprotege-login-panel.yaml @@ -13,7 +13,9 @@ info: max-request: 1 vendor: ict product: protege_wx_firmware - shodan-query: http.title:"ict protege wx®" + shodan-query: + - title:"ICT Protege WX®" + - http.title:"ict protege wx®" fofa-query: title="ict protege wx®" google-query: intitle:"ict protege wx®" tags: panel,ictprotege,ict diff --git a/http/exposed-panels/identity-services-engine.yaml b/http/exposed-panels/identity-services-engine.yaml index b8ed1626138..47a556725a3 100644 --- a/http/exposed-panels/identity-services-engine.yaml +++ b/http/exposed-panels/identity-services-engine.yaml @@ -13,7 +13,9 @@ info: max-request: 2 vendor: cisco product: identity_services_engine - shodan-query: http.title:"identity services engine" + shodan-query: + - http.title:"Identity Services Engine" + - http.title:"identity services engine" fofa-query: title="identity services engine" google-query: intitle:"identity services engine" tags: panel,cisco diff --git a/http/exposed-panels/ilch-admin-panel.yaml b/http/exposed-panels/ilch-admin-panel.yaml index b3eebd3f31a..dded0a137ee 100644 --- a/http/exposed-panels/ilch-admin-panel.yaml +++ b/http/exposed-panels/ilch-admin-panel.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: ilch product: cms - shodan-query: http.title:"ilch" + shodan-query: + - http.title:"Ilch" + - http.title:"ilch" fofa-query: title="ilch" google-query: intitle:"ilch" tags: panel,ilch,cms diff --git a/http/exposed-panels/incapptic-connect-panel.yaml b/http/exposed-panels/incapptic-connect-panel.yaml index 9f00aef52d6..7728077289f 100644 --- a/http/exposed-panels/incapptic-connect-panel.yaml +++ b/http/exposed-panels/incapptic-connect-panel.yaml @@ -17,7 +17,7 @@ info: product: incapptic_connect shodan-query: - http.title:"incapptic" - - http.favicon.hash:"-1067582922" + - http.favicon.hash:-1067582922 fofa-query: - icon_hash=-1067582922 - title="incapptic" diff --git a/http/exposed-panels/influxdb-panel.yaml b/http/exposed-panels/influxdb-panel.yaml index dccaf54254d..51f5b492076 100644 --- a/http/exposed-panels/influxdb-panel.yaml +++ b/http/exposed-panels/influxdb-panel.yaml @@ -16,9 +16,9 @@ info: vendor: influxdata product: influxdb shodan-query: + - http.title:"InfluxDB - Admin Interface" - http.title:"influxdb - admin interface" - influxdb - - x-influxdb- fofa-query: title="influxdb - admin interface" google-query: intitle:"influxdb - admin interface" tags: panel,influxdb,influxdata diff --git a/http/exposed-panels/infoblox-nios-panel.yaml b/http/exposed-panels/infoblox-nios-panel.yaml index c5c401b99d3..fa3968333bb 100644 --- a/http/exposed-panels/infoblox-nios-panel.yaml +++ b/http/exposed-panels/infoblox-nios-panel.yaml @@ -16,9 +16,7 @@ info: max-request: 1 vendor: infoblox product: nios - shodan-query: http.title:"infoblox" - fofa-query: title="infoblox" - google-query: intitle:"infoblox" + shodan-query: http.title:"Infoblox" tags: panel,infoblox,nios,login,detect http: diff --git a/http/exposed-panels/intelbras-login.yaml b/http/exposed-panels/intelbras-login.yaml index a44a7f82dc3..f5f7ef5966b 100644 --- a/http/exposed-panels/intelbras-login.yaml +++ b/http/exposed-panels/intelbras-login.yaml @@ -13,18 +13,11 @@ info: cpe: cpe:2.3:h:intelbras:iwr_3000n:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: intelbras + shodan-query: http.title:"Intelbras" + google-query: intitle:"Intelbras" "All Rights Reserved" -.com product: iwr_3000n - shodan-query: - - http.title:"intelbras" - - http.title:"intelbras" "all rights reserved" -.com - google-query: - - intitle:"intelbras" "all rights reserved" -.com - - intitle:"intelbras" - fofa-query: - - title="intelbras" - - title="intelbras" "all rights reserved" -.com - tags: panel,edb,intelbras + vendor: intelbras + tags: panel,edb http: - method: GET diff --git a/http/exposed-panels/intelbras-panel.yaml b/http/exposed-panels/intelbras-panel.yaml index 1fd64243fb6..8be1efb9fd8 100644 --- a/http/exposed-panels/intelbras-panel.yaml +++ b/http/exposed-panels/intelbras-panel.yaml @@ -14,10 +14,13 @@ info: max-request: 1 vendor: intelbras product: cip_92200_firmware - shodan-query: http.title:"intelbras" + shodan-query: + - http.title:"Intelbras" + - http.title:"intelbras" fofa-query: - - app="intelbras" + - app="Intelbras" - title="intelbras" + - app="intelbras" google-query: intitle:"intelbras" tags: panel,intelbras diff --git a/http/exposed-panels/intellian-aptus-panel.yaml b/http/exposed-panels/intellian-aptus-panel.yaml index 2150653117c..ebaaaf24650 100644 --- a/http/exposed-panels/intellian-aptus-panel.yaml +++ b/http/exposed-panels/intellian-aptus-panel.yaml @@ -13,7 +13,9 @@ info: max-request: 1 vendor: intelliantech product: aptus_web - shodan-query: http.title:"intellian aptus web" + shodan-query: + - http.title:"Intellian Aptus Web" + - http.title:"intellian aptus web" fofa-query: title="intellian aptus web" google-query: intitle:"intellian aptus web" tags: panel,intellian,aptus,intelliantech diff --git a/http/exposed-panels/irisnext-panel.yaml b/http/exposed-panels/irisnext-panel.yaml index 30004023818..0b3a2317e6f 100644 --- a/http/exposed-panels/irisnext-panel.yaml +++ b/http/exposed-panels/irisnext-panel.yaml @@ -9,8 +9,8 @@ info: reference: - https://www.irislink.com/ metadata: - verified: true max-request: 1 + verified: true shodan-query: http.title:"irisnext" tags: panel,irisnext,login diff --git a/http/exposed-panels/isams-panel.yaml b/http/exposed-panels/isams-panel.yaml index 963f62e1219..4c5103eebb7 100644 --- a/http/exposed-panels/isams-panel.yaml +++ b/http/exposed-panels/isams-panel.yaml @@ -15,9 +15,8 @@ info: max-request: 1 vendor: iris product: isams - shodan-query: http.favicon.hash:"-81573405" - fofa-query: icon_hash=-81573405 - tags: panel,isams,login,iris + shodan-query: http.favicon.hash:-81573405 + tags: panel,isams,login http: - method: GET diff --git a/http/exposed-panels/issabel-login.yaml b/http/exposed-panels/issabel-login.yaml index 4798073b83b..f7450aa0aff 100644 --- a/http/exposed-panels/issabel-login.yaml +++ b/http/exposed-panels/issabel-login.yaml @@ -11,9 +11,9 @@ info: cpe: cpe:2.3:a:issabel:pbx:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: issabel + fofa-query: title="Issabel" product: pbx - fofa-query: title="issabel" + vendor: issabel tags: issabel,panel http: diff --git a/http/exposed-panels/itop-panel.yaml b/http/exposed-panels/itop-panel.yaml index d250a9413c4..82cad734f72 100644 --- a/http/exposed-panels/itop-panel.yaml +++ b/http/exposed-panels/itop-panel.yaml @@ -13,14 +13,6 @@ info: max-request: 2 vendor: combodo product: itop - shodan-query: - - http.html:" itop login" - - http.html:"installation" html:"itop" - - http.html:"itop login" - fofa-query: - - body=" itop login" - - body="installation" html:"itop" - - body="itop login" tags: panel,itop,combodo http: diff --git a/http/exposed-panels/ivanti-connect-secure-panel.yaml b/http/exposed-panels/ivanti-connect-secure-panel.yaml index 2dee1ed87b8..fde2815bca7 100644 --- a/http/exposed-panels/ivanti-connect-secure-panel.yaml +++ b/http/exposed-panels/ivanti-connect-secure-panel.yaml @@ -16,6 +16,7 @@ info: vendor: ivanti product: connect_secure shodan-query: + - title:"Ivanti Connect Secure" - http.title:"ivanti connect secure" - http.html:"welcome.cgi?p=logo" fofa-query: diff --git a/http/exposed-panels/ivanti-csa-panel.yaml b/http/exposed-panels/ivanti-csa-panel.yaml index 2a87793e397..8515c7c110c 100644 --- a/http/exposed-panels/ivanti-csa-panel.yaml +++ b/http/exposed-panels/ivanti-csa-panel.yaml @@ -1,19 +1,19 @@ id: ivanti-csa-panel -info: - name: Ivanti(R) Cloud Services Appliance - Panel - author: rxerium - severity: info - description: | - An Ivanti Cloud Services Appliance panel was detected. - reference: - - https://help.ivanti.com/ld/help/en_US/LDMS/10.0/Windows/csa-h-help.htm - metadata: - verified: true - max-request: 1 - shodan-query: title:"Cloud Services Appliance" - tags: ivanti,csa,panel,login - +info: + name: Ivanti(R) Cloud Services Appliance - Panel + author: rxerium + severity: info + description: | + An Ivanti Cloud Services Appliance panel was detected. + reference: + - https://help.ivanti.com/ld/help/en_US/LDMS/10.0/Windows/csa-h-help.htm + metadata: + verified: true + max-request: 1 + shodan-query: title:"Cloud Services Appliance" + tags: ivanti,csa,panel,login + http: - method: GET path: diff --git a/http/exposed-panels/ivanti-traffic-manager-panel.yaml b/http/exposed-panels/ivanti-traffic-manager-panel.yaml index 043bbe56a1a..337bcf79226 100644 --- a/http/exposed-panels/ivanti-traffic-manager-panel.yaml +++ b/http/exposed-panels/ivanti-traffic-manager-panel.yaml @@ -1,19 +1,19 @@ id: ivanti-traffic-manager-panel -info: - name: Ivanti Traffic Manager Panel - Detect - author: rxerium - severity: info - description: | - An Ivanti Traffic Manager Login Panel was detected. - reference: - - https://www.ivanti.com/resources/v/doc/ivi/2528/2ef03e8ed03d - metadata: - verified: true - max-request: 1 - shodan-query: http.html:"Login (Virtual Traffic Manager" - tags: detect,traffic-manager,panel,login - +info: + name: Ivanti Traffic Manager Panel - Detect + author: rxerium + severity: info + description: | + An Ivanti Traffic Manager Login Panel was detected. + reference: + - https://www.ivanti.com/resources/v/doc/ivi/2528/2ef03e8ed03d + metadata: + verified: true + max-request: 1 + shodan-query: http.html:"Login (Virtual Traffic Manager" + tags: detect,traffic-manager,panel,login + http: - method: GET path: diff --git a/http/exposed-panels/jamf-login.yaml b/http/exposed-panels/jamf-login.yaml index 895debbc5ac..6e1742db1c5 100644 --- a/http/exposed-panels/jamf-login.yaml +++ b/http/exposed-panels/jamf-login.yaml @@ -12,17 +12,9 @@ info: metadata: verified: true max-request: 1 - vendor: jamf + shodan-query: title:"Jamf Pro" product: jamf - shodan-query: - - http.title:"jamf pro" - - http.favicon.hash:"1262005940" - - http.html:"jamf pro setup" - fofa-query: - - body="jamf pro setup" - - icon_hash=1262005940 - - title="jamf pro" - google-query: intitle:"jamf pro" + vendor: jamf tags: panel,jamf http: diff --git a/http/exposed-panels/jamf-panel.yaml b/http/exposed-panels/jamf-panel.yaml index 25499becb16..f413ddd4c63 100644 --- a/http/exposed-panels/jamf-panel.yaml +++ b/http/exposed-panels/jamf-panel.yaml @@ -11,17 +11,9 @@ info: cpe: cpe:2.3:a:jamf:jamf:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: jamf + shodan-query: http.favicon.hash:1262005940 product: jamf - shodan-query: - - http.favicon.hash:"1262005940" - - http.html:"jamf pro setup" - - http.title:"jamf pro" - fofa-query: - - body="jamf pro setup" - - icon_hash=1262005940 - - title="jamf pro" - google-query: intitle:"jamf pro" + vendor: jamf tags: jamf,panel,mdm http: diff --git a/http/exposed-panels/jamf-setup-assistant.yaml b/http/exposed-panels/jamf-setup-assistant.yaml index 450e34c510d..9d8c1b062f8 100644 --- a/http/exposed-panels/jamf-setup-assistant.yaml +++ b/http/exposed-panels/jamf-setup-assistant.yaml @@ -12,17 +12,9 @@ info: metadata: verified: true max-request: 1 - vendor: jamf + shodan-query: http.html:"Jamf Pro Setup" product: jamf - shodan-query: - - http.html:"jamf pro setup" - - http.favicon.hash:"1262005940" - - http.title:"jamf pro" - fofa-query: - - body="jamf pro setup" - - icon_hash=1262005940 - - title="jamf pro" - google-query: intitle:"jamf pro" + vendor: jamf tags: jamf,setup,panel http: diff --git a/http/exposed-panels/jaspersoft-panel.yaml b/http/exposed-panels/jaspersoft-panel.yaml index 22b201b2bf6..bef9474c963 100644 --- a/http/exposed-panels/jaspersoft-panel.yaml +++ b/http/exposed-panels/jaspersoft-panel.yaml @@ -13,7 +13,9 @@ info: max-request: 2 vendor: tibco product: jaspersoft - shodan-query: http.title:"jaspersoft" + shodan-query: + - http.title:"Jaspersoft" + - http.title:"jaspersoft" fofa-query: title="jaspersoft" google-query: intitle:"jaspersoft" tags: panel,jaspersoft,tibco diff --git a/http/exposed-panels/jboss/jboss-jbpm-admin.yaml b/http/exposed-panels/jboss/jboss-jbpm-admin.yaml index 0cdc5c57d14..c67daa266a0 100644 --- a/http/exposed-panels/jboss/jboss-jbpm-admin.yaml +++ b/http/exposed-panels/jboss/jboss-jbpm-admin.yaml @@ -16,7 +16,9 @@ info: max-request: 1 vendor: redhat product: jbpm - shodan-query: http.html:"jbossws" + shodan-query: + - html:"JBossWS" + - http.html:"jbossws" fofa-query: body="jbossws" tags: jboss,panel,login,redhat diff --git a/http/exposed-panels/jboss/jboss-juddi.yaml b/http/exposed-panels/jboss/jboss-juddi.yaml index 3e794385af5..1e063eb61a5 100644 --- a/http/exposed-panels/jboss/jboss-juddi.yaml +++ b/http/exposed-panels/jboss/jboss-juddi.yaml @@ -18,7 +18,9 @@ info: max-request: 2 vendor: redhat product: jboss_enterprise_web_platform - shodan-query: http.html:"jboss ws" + shodan-query: + - html:"JBoss WS" + - http.html:"jboss ws" fofa-query: body="jboss ws" tags: panel,jboss,juddi,redhat diff --git a/http/exposed-panels/jboss/jboss-soa-platform.yaml b/http/exposed-panels/jboss/jboss-soa-platform.yaml index 3c261b80313..b749cdaf88b 100644 --- a/http/exposed-panels/jboss/jboss-soa-platform.yaml +++ b/http/exposed-panels/jboss/jboss-soa-platform.yaml @@ -11,11 +11,11 @@ info: cpe: cpe:2.3:a:redhat:jboss_soa_platform:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 2 + max-request: 1 vendor: redhat - product: "jboss_soa_platform" + product: jboss_soa_platform shodan-query: - - '[http.title:"welcome to the jboss soa platform" http.title:"welcome to the jboss soa platform"]' + - http.title:"Welcome to the JBoss SOA Platform" - http.title:"welcome to the jboss soa platform" fofa-query: title="welcome to the jboss soa platform" google-query: intitle:"welcome to the jboss soa platform" diff --git a/http/exposed-panels/jcms-panel.yaml b/http/exposed-panels/jcms-panel.yaml index 8bac0cf3370..b970604ca0b 100644 --- a/http/exposed-panels/jcms-panel.yaml +++ b/http/exposed-panels/jcms-panel.yaml @@ -16,7 +16,9 @@ info: max-request: 2 vendor: jalios product: jcms - shodan-query: http.html:"jalios jcms" + shodan-query: + - html:"Jalios JCMS" + - http.html:"jalios jcms" fofa-query: body="jalios jcms" tags: panel,jalios,jcms diff --git a/http/exposed-panels/jedox-web-panel.yaml b/http/exposed-panels/jedox-web-panel.yaml index 766715e5288..eaa0d397777 100644 --- a/http/exposed-panels/jedox-web-panel.yaml +++ b/http/exposed-panels/jedox-web-panel.yaml @@ -16,14 +16,16 @@ info: vendor: jedox product: jedox shodan-query: + - title:"Jedox Web - Login" - http.title:"jedox web - login" - http.title:"jedox web login" + google-query: + - intitle:"Jedox Web Login" + - intitle:"jedox web login" + - intitle:"jedox web - login" fofa-query: - title="jedox web login" - title="jedox web - login" - google-query: - - intitle:"jedox web login" - - intitle:"jedox web - login" tags: panel,jedox,detect http: diff --git a/http/exposed-panels/jeedom-panel.yaml b/http/exposed-panels/jeedom-panel.yaml index 4a52aae95d0..97013d12ee5 100644 --- a/http/exposed-panels/jeedom-panel.yaml +++ b/http/exposed-panels/jeedom-panel.yaml @@ -13,7 +13,9 @@ info: max-request: 1 vendor: jeedom product: jeedom - shodan-query: http.title:"jeedom" + shodan-query: + - http.title:"Jeedom" + - http.title:"jeedom" fofa-query: title="jeedom" google-query: intitle:"jeedom" tags: panel,jeedom,login diff --git a/http/exposed-panels/jenkins-api-panel.yaml b/http/exposed-panels/jenkins-api-panel.yaml index 900137934c3..63c164c3faa 100644 --- a/http/exposed-panels/jenkins-api-panel.yaml +++ b/http/exposed-panels/jenkins-api-panel.yaml @@ -15,12 +15,9 @@ info: product: jenkins shodan-query: - cpe:"cpe:2.3:a:jenkins:jenkins" - - http.favicon.hash:"81586312" + - http.favicon.hash:81586312 - product:"jenkins" - - x-jenkins - fofa-query: - - icon_hash=81586312 - - icon_hash="81586312" + fofa-query: icon_hash=81586312 tags: panel,api,jenkins http: diff --git a/http/exposed-panels/jenkins-login.yaml b/http/exposed-panels/jenkins-login.yaml index 39869b351aa..1aa95f98e04 100644 --- a/http/exposed-panels/jenkins-login.yaml +++ b/http/exposed-panels/jenkins-login.yaml @@ -17,12 +17,9 @@ info: product: jenkins shodan-query: - cpe:"cpe:2.3:a:jenkins:jenkins" - - http.favicon.hash:"81586312" + - http.favicon.hash:81586312 - product:"jenkins" - - x-jenkins - fofa-query: - - icon_hash=81586312 - - icon_hash="81586312" + fofa-query: icon_hash=81586312 tags: panel,jenkins http: diff --git a/http/exposed-panels/jfrog-login.yaml b/http/exposed-panels/jfrog-login.yaml index fd2bfea5393..a527f3e0113 100644 --- a/http/exposed-panels/jfrog-login.yaml +++ b/http/exposed-panels/jfrog-login.yaml @@ -15,13 +15,9 @@ info: metadata: verified: true max-request: 2 - vendor: jfrog + shodan-query: "http.title:\"JFrog\"" product: artifactory - shodan-query: - - http.title:"jfrog" - - cpe:"cpe:2.3:a:jfrog:artifactory" - fofa-query: title="jfrog" - google-query: intitle:"jfrog" + vendor: jfrog tags: panel,jfrog,edb,detect,login http: diff --git a/http/exposed-panels/joget/joget-panel.yaml b/http/exposed-panels/joget/joget-panel.yaml index 8ccda51a251..234a4d7afd5 100644 --- a/http/exposed-panels/joget/joget-panel.yaml +++ b/http/exposed-panels/joget/joget-panel.yaml @@ -11,10 +11,9 @@ info: cpe: cpe:2.3:a:joget:joget_dx:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: joget + shodan-query: http.favicon.hash:-1343712810 product: joget_dx - shodan-query: http.favicon.hash:"-1343712810" - fofa-query: icon_hash=-1343712810 + vendor: joget tags: panel,joget http: diff --git a/http/exposed-panels/jorani-panel.yaml b/http/exposed-panels/jorani-panel.yaml index 646450748b8..a16f00caae7 100644 --- a/http/exposed-panels/jorani-panel.yaml +++ b/http/exposed-panels/jorani-panel.yaml @@ -12,14 +12,9 @@ info: metadata: verified: true max-request: 2 - vendor: jorani + shodan-query: html:"Login - Jorani" product: jorani - shodan-query: - - http.html:"login - jorani" - - http.favicon.hash:"-2032163853" - fofa-query: - - body="login - jorani" - - icon_hash=-2032163853 + vendor: jorani tags: panel,jorani,login http: diff --git a/http/exposed-panels/jsherp-boot-panel.yaml b/http/exposed-panels/jsherp-boot-panel.yaml index 3b3ecb6c325..46d0193013f 100644 --- a/http/exposed-panels/jsherp-boot-panel.yaml +++ b/http/exposed-panels/jsherp-boot-panel.yaml @@ -11,11 +11,8 @@ info: max-request: 1 vendor: jishenghua product: jsherp - shodan-query: http.favicon.hash:"-1298131932" - fofa-query: - - icon_hash=-1298131932 - - jsherp-boot - tags: panel,jsherp,login,detect,jishenghua + shodan-query: http.favicon.hash:-1298131932 + tags: panel,jsherp,login,detect http: - method: GET diff --git a/http/exposed-panels/jumpserver-panel.yaml b/http/exposed-panels/jumpserver-panel.yaml index 7d61d6ef77f..23e47e2fc21 100644 --- a/http/exposed-panels/jumpserver-panel.yaml +++ b/http/exposed-panels/jumpserver-panel.yaml @@ -16,15 +16,11 @@ info: metadata: verified: true max-request: 2 - vendor: fit2cloud + shodan-query: http.title:'JumpServer' + zoomeye-query: app="JumpServer Bastion Host" product: jumpserver - shodan-query: http.title:'jumpserver' - zoomeye-query: - - app="jumpserver bastion host" - - title:'jumpserver' - fofa-query: title="jumpserver" - google-query: intitle:'jumpserver' - tags: panel,jumpserver,login,fit2cloud + vendor: fit2cloud + tags: panel,jumpserver,login http: - method: GET diff --git a/http/exposed-panels/jupyter-notebook.yaml b/http/exposed-panels/jupyter-notebook.yaml index 63660e44e6c..74f0485452a 100644 --- a/http/exposed-panels/jupyter-notebook.yaml +++ b/http/exposed-panels/jupyter-notebook.yaml @@ -14,22 +14,9 @@ info: cpe: cpe:2.3:a:jupyter:notebook:*:*:*:*:*:*:*:* metadata: max-request: 4 - vendor: jupyter + shodan-query: http.html:"JupyterHub" product: notebook - shodan-query: - - http.html:"jupyterhub" - - http.title:"home page - select or create a notebook" - - http.title:"jupyter notebook" - fofa-query: - - body="jupyterhub" - - title="home page - select or create a notebook" - - title="jupyter notebook" - google-query: - - intitle:"home page - select or create a notebook" - - intitle:"jupyter notebook" - zoomeye-query: - - app="jupyter notebook" - - title:"jupyter notebook" + vendor: jupyter tags: edb,panel,jupyter,notebook,exposure http: diff --git a/http/exposed-panels/kafka-center-login.yaml b/http/exposed-panels/kafka-center-login.yaml index 5f342f4ecb0..b15fc756f27 100644 --- a/http/exposed-panels/kafka-center-login.yaml +++ b/http/exposed-panels/kafka-center-login.yaml @@ -14,17 +14,15 @@ info: vendor: apache product: kafka shodan-query: + - http.title:"Kafka Center" - http.title:"kafka center" - http.title:"kafka consumer offset monitor" - - http.title:"ui for apache kafka" fofa-query: - title="kafka center" - title="kafka consumer offset monitor" - - title="ui for apache kafka" google-query: - intitle:"kafka center" - intitle:"kafka consumer offset monitor" - - intitle:"ui for apache kafka" tags: panel,kafka,apache http: diff --git a/http/exposed-panels/kafka-consumer-monitor.yaml b/http/exposed-panels/kafka-consumer-monitor.yaml index 32670df5832..85e83d35522 100644 --- a/http/exposed-panels/kafka-consumer-monitor.yaml +++ b/http/exposed-panels/kafka-consumer-monitor.yaml @@ -14,17 +14,15 @@ info: vendor: apache product: kafka shodan-query: - - http.title:"kafka consumer offset monitor" + - http.title:"Kafka Consumer Offset Monitor" - http.title:"kafka center" - - http.title:"ui for apache kafka" + - http.title:"kafka consumer offset monitor" fofa-query: - title="kafka center" - title="kafka consumer offset monitor" - - title="ui for apache kafka" google-query: - intitle:"kafka center" - intitle:"kafka consumer offset monitor" - - intitle:"ui for apache kafka" tags: panel,kafka,apache http: diff --git a/http/exposed-panels/kafka-monitoring.yaml b/http/exposed-panels/kafka-monitoring.yaml index 32fb49131e5..721e436daa6 100644 --- a/http/exposed-panels/kafka-monitoring.yaml +++ b/http/exposed-panels/kafka-monitoring.yaml @@ -16,15 +16,12 @@ info: shodan-query: - http.title:"kafka center" - http.title:"kafka consumer offset monitor" - - http.title:"ui for apache kafka" fofa-query: - title="kafka center" - title="kafka consumer offset monitor" - - title="ui for apache kafka" google-query: - intitle:"kafka center" - intitle:"kafka consumer offset monitor" - - intitle:"ui for apache kafka" tags: panel,kafka,apache http: diff --git a/http/exposed-panels/kafka-topics-ui.yaml b/http/exposed-panels/kafka-topics-ui.yaml index 8fd5ed18d2f..a8badb4cd26 100644 --- a/http/exposed-panels/kafka-topics-ui.yaml +++ b/http/exposed-panels/kafka-topics-ui.yaml @@ -17,8 +17,6 @@ info: vendor: provectus product: ui platform: kafka - fofa-query: icon_hash="-1477045616" - shodan-query: http.favicon.hash:"-1477045616" tags: panel,kafka,apache,detect,provectus http: diff --git a/http/exposed-panels/kanboard-login.yaml b/http/exposed-panels/kanboard-login.yaml index 1dd22b596f4..6eeff54eb3b 100644 --- a/http/exposed-panels/kanboard-login.yaml +++ b/http/exposed-panels/kanboard-login.yaml @@ -14,10 +14,8 @@ info: max-request: 1 vendor: kanboard product: kanboard - shodan-query: http.favicon.hash:"2056442365" - fofa-query: - - icon_hash=2056442365 - - app="kanboard" + shodan-query: http.favicon.hash:2056442365 + fofa-query: icon_hash=2056442365 tags: panel,kanboard http: diff --git a/http/exposed-panels/kavita-panel-detect.yaml b/http/exposed-panels/kavita-panel-detect.yaml index cf9a634750f..bff9b691e25 100644 --- a/http/exposed-panels/kavita-panel-detect.yaml +++ b/http/exposed-panels/kavita-panel-detect.yaml @@ -14,16 +14,12 @@ info: metadata: verified: true max-request: 1 - vendor: kavitareader + shodan-query: http.title:"kavita" product: kavita - shodan-query: - - http.title:"kavita" - - http.html:"kavita" - fofa-query: - - title="kavita" - - body="kavita" + vendor: kavitareader + fofa-query: title="kavita" google-query: intitle:"kavita" - tags: panel,kavita,kavitareader + tags: panel,kavita http: - method: GET diff --git a/http/exposed-panels/kerio-connect-client.yaml b/http/exposed-panels/kerio-connect-client.yaml index fc01b53e8c5..7d55d551c9e 100644 --- a/http/exposed-panels/kerio-connect-client.yaml +++ b/http/exposed-panels/kerio-connect-client.yaml @@ -11,12 +11,10 @@ info: cpe: cpe:2.3:a:gfi:kerio_connect:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: gfi + shodan-query: http.title:"Kerio Connect Client" product: kerio_connect - shodan-query: http.title:"kerio connect client" - fofa-query: title="kerio connect client" - google-query: intitle:"kerio connect client" - tags: panel,kerio,gfi + vendor: gfi + tags: panel,kerio http: - method: GET diff --git a/http/exposed-panels/keycloak-admin-panel.yaml b/http/exposed-panels/keycloak-admin-panel.yaml index f0f04f0daee..c41f6a6cd22 100644 --- a/http/exposed-panels/keycloak-admin-panel.yaml +++ b/http/exposed-panels/keycloak-admin-panel.yaml @@ -15,14 +15,13 @@ info: vendor: redhat product: keycloak shodan-query: - - http.favicon.hash:"-1105083093" + - http.favicon.hash:-1105083093 - http.title:"keycloak" - http.html:"keycloak" fofa-query: - icon_hash=-1105083093 - body="keycloak" - title="keycloak" - - icon_hash="-1105083093" google-query: intitle:"keycloak" tags: panel,keycloak,redhat diff --git a/http/exposed-panels/kiali-panel.yaml b/http/exposed-panels/kiali-panel.yaml index b51e9dca87d..528363da384 100644 --- a/http/exposed-panels/kiali-panel.yaml +++ b/http/exposed-panels/kiali-panel.yaml @@ -15,9 +15,7 @@ info: max-request: 2 vendor: kiali product: kiali - shodan-query: http.title:"kiali" - fofa-query: title="kiali" - google-query: intitle:"kiali" + shodan-query: title:"Kiali" tags: panel,kiali,detect,login http: diff --git a/http/exposed-panels/kibana-panel.yaml b/http/exposed-panels/kibana-panel.yaml index 1f368ef5bab..9e48de92e1d 100644 --- a/http/exposed-panels/kibana-panel.yaml +++ b/http/exposed-panels/kibana-panel.yaml @@ -13,7 +13,9 @@ info: max-request: 3 vendor: elastic product: kibana - shodan-query: http.title:"kibana" + shodan-query: + - http.title:"Kibana" + - http.title:"kibana" fofa-query: title="kibana" google-query: intitle:"kibana" tags: panel,kibana,elastic diff --git a/http/exposed-panels/kiteworks-pcn-panel.yaml b/http/exposed-panels/kiteworks-pcn-panel.yaml index c8b85577f2e..5264ebec61e 100644 --- a/http/exposed-panels/kiteworks-pcn-panel.yaml +++ b/http/exposed-panels/kiteworks-pcn-panel.yaml @@ -15,7 +15,7 @@ info: max-request: 1 vendor: accellion product: kiteworks - shodan-query: http.favicon.hash:"-1215318992" + shodan-query: http.favicon.hash:-1215318992 fofa-query: icon_hash=-1215318992 tags: panel,kiteworks,login,detect,accellion diff --git a/http/exposed-panels/kiwitcms-login.yaml b/http/exposed-panels/kiwitcms-login.yaml index 37dc915a602..060aa85455a 100644 --- a/http/exposed-panels/kiwitcms-login.yaml +++ b/http/exposed-panels/kiwitcms-login.yaml @@ -15,7 +15,9 @@ info: max-request: 1 vendor: kiwitcms product: kiwi_tcms - shodan-query: http.title:"kiwi tcms - login" http.favicon.hash:-1909533337 + shodan-query: + - title:"Kiwi TCMS - Login" http.favicon.hash:-1909533337 + - http.title:"kiwi tcms - login" http.favicon.hash:-1909533337 fofa-query: title="kiwi tcms - login" http.favicon.hash:-1909533337 google-query: intitle:"kiwi tcms - login" http.favicon.hash:-1909533337 tags: kiwitcms,panel diff --git a/http/exposed-panels/kkfileview-panel.yaml b/http/exposed-panels/kkfileview-panel.yaml index 2c82b208971..7d2b8bbd211 100644 --- a/http/exposed-panels/kkfileview-panel.yaml +++ b/http/exposed-panels/kkfileview-panel.yaml @@ -12,17 +12,10 @@ info: metadata: verified: true max-request: 1 - vendor: keking + shodan-query: http.title:"kkFileView" product: kkfileview - shodan-query: - - http.title:"kkfileview" - - http.html:"kkfileview" - fofa-query: - - app="kkfileview" - - body="kkfileview" - - title="kkfileview" - google-query: intitle:"kkfileview" - tags: panel,kkfileview,keking + vendor: keking + tags: panel,kkfileview http: - method: GET diff --git a/http/exposed-panels/klog-server-panel.yaml b/http/exposed-panels/klog-server-panel.yaml index 4f29395f66b..1f4a305368c 100644 --- a/http/exposed-panels/klog-server-panel.yaml +++ b/http/exposed-panels/klog-server-panel.yaml @@ -12,7 +12,7 @@ info: max-request: 1 vendor: klogserver product: klog_server - tags: panel,login,klog-server,detect,klogserver + tags: panel,login,klog-server,detect http: - method: GET diff --git a/http/exposed-panels/koel-panel.yaml b/http/exposed-panels/koel-panel.yaml index 79d246315c6..93e70b420ee 100644 --- a/http/exposed-panels/koel-panel.yaml +++ b/http/exposed-panels/koel-panel.yaml @@ -16,9 +16,7 @@ info: max-request: 1 vendor: koel product: koel - shodan-query: http.title:"koel" - fofa-query: title="koel" - google-query: intitle:"koel" + shodan-query: title:"Koel" tags: panel,koel,login http: diff --git a/http/exposed-panels/kopano-webapp-panel.yaml b/http/exposed-panels/kopano-webapp-panel.yaml index bafe55e386f..a830e66c091 100644 --- a/http/exposed-panels/kopano-webapp-panel.yaml +++ b/http/exposed-panels/kopano-webapp-panel.yaml @@ -14,9 +14,7 @@ info: max-request: 1 vendor: kopano product: webapp - shodan-query: http.title:"kopano webapp" - fofa-query: title="kopano webapp" - google-query: intitle:"kopano webapp" + shodan-query: http.title:"Kopano WebApp" tags: panel,kopano,login,detect http: diff --git a/http/exposed-panels/kubernetes-enterprise-manager.yaml b/http/exposed-panels/kubernetes-enterprise-manager.yaml index 1791dfe1129..45fec8947b3 100644 --- a/http/exposed-panels/kubernetes-enterprise-manager.yaml +++ b/http/exposed-panels/kubernetes-enterprise-manager.yaml @@ -13,10 +13,11 @@ info: max-request: 1 vendor: kubernetes product: kubernetes - shodan-query: http.title:"kubernetes web view" fofa-query: - - app="kubernetes-enterprise-manager" + - app="Kubernetes-Enterprise-Manager" - title="kubernetes web view" + - app="kubernetes-enterprise-manager" + shodan-query: http.title:"kubernetes web view" google-query: intitle:"kubernetes web view" tags: tech,kubernetes,panel diff --git a/http/exposed-panels/kubernetes-mirantis.yaml b/http/exposed-panels/kubernetes-mirantis.yaml index 5bd3569ac0c..4d5c4c12f4c 100644 --- a/http/exposed-panels/kubernetes-mirantis.yaml +++ b/http/exposed-panels/kubernetes-mirantis.yaml @@ -12,13 +12,11 @@ info: metadata: verified: true max-request: 1 - vendor: mirantis + shodan-query: http.html:"Mirantis Kubernetes Engine" + fofa-query: app="Mirantis-Kubernetes-Engine" product: kubernetes_engine - shodan-query: http.html:"mirantis kubernetes engine" - fofa-query: - - app="mirantis-kubernetes-engine" - - body="mirantis kubernetes engine" - tags: tech,kubernetes,devops,kube,k8s,panel,mirantis + vendor: mirantis + tags: tech,kubernetes,devops,kube,k8s,panel http: - method: GET diff --git a/http/exposed-panels/kubernetes-web-view.yaml b/http/exposed-panels/kubernetes-web-view.yaml index ecf97f77456..06065a0ea67 100644 --- a/http/exposed-panels/kubernetes-web-view.yaml +++ b/http/exposed-panels/kubernetes-web-view.yaml @@ -15,7 +15,9 @@ info: max-request: 2 vendor: kubernetes product: kubernetes - shodan-query: http.title:"kubernetes web view" + shodan-query: + - title:"Kubernetes Web View" + - http.title:"kubernetes web view" fofa-query: - title="kubernetes web view" - app="kubernetes-enterprise-manager" diff --git a/http/exposed-panels/kubeview-dashboard.yaml b/http/exposed-panels/kubeview-dashboard.yaml index daaa829f88c..cf8366c8663 100644 --- a/http/exposed-panels/kubeview-dashboard.yaml +++ b/http/exposed-panels/kubeview-dashboard.yaml @@ -15,7 +15,7 @@ info: vendor: kubeview_project product: kubeview shodan-query: - - http.favicon.hash:"-379154636" + - http.favicon.hash:-379154636 - http.title:"kubeview" fofa-query: - icon_hash=-379154636 diff --git a/http/exposed-panels/label-studio-panel.yaml b/http/exposed-panels/label-studio-panel.yaml index 1368f3250ed..9c87fb79da6 100644 --- a/http/exposed-panels/label-studio-panel.yaml +++ b/http/exposed-panels/label-studio-panel.yaml @@ -13,9 +13,8 @@ info: max-request: 1 vendor: heartex product: label_studio - shodan-query: http.favicon.hash:"-1649949475" - fofa-query: icon_hash=-1649949475 - tags: label-studio,login,panel,heartex + shodan-query: http.favicon.hash:-1649949475 + tags: label-studio,login,panel http: - raw: diff --git a/http/exposed-panels/labkey-server-login.yaml b/http/exposed-panels/labkey-server-login.yaml index 1426162e984..f1bbed71270 100644 --- a/http/exposed-panels/labkey-server-login.yaml +++ b/http/exposed-panels/labkey-server-login.yaml @@ -15,8 +15,9 @@ info: vendor: labkey product: labkey_server shodan-query: + - 'title:"Sign In: /home"' - 'http.title:"sign in: /home"' - - server:"labkey" + - "server: labkey" fofa-query: 'title="sign in: /home"' google-query: 'intitle:"sign in: /home"' tags: panel,labkey diff --git a/http/exposed-panels/lancom-router-panel.yaml b/http/exposed-panels/lancom-router-panel.yaml index a30405c0899..d23fce237b9 100644 --- a/http/exposed-panels/lancom-router-panel.yaml +++ b/http/exposed-panels/lancom-router-panel.yaml @@ -12,11 +12,10 @@ info: metadata: verified: true max-request: 1 - vendor: lancom-systems + shodan-query: html:"LANCOM Systems GmbH" product: wlc-4006 - shodan-query: http.html:"lancom systems gmbh" - fofa-query: body="lancom systems gmbh" - tags: panel,lancom,router,lancom-systems + vendor: lancom-systems + tags: panel,lancom,router http: - method: GET diff --git a/http/exposed-panels/lansweeper-login.yaml b/http/exposed-panels/lansweeper-login.yaml index 0d93a66533a..cfd1afe838d 100644 --- a/http/exposed-panels/lansweeper-login.yaml +++ b/http/exposed-panels/lansweeper-login.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: lansweeper product: lansweeper - shodan-query: http.title:"lansweeper - login" + shodan-query: + - title:"Lansweeper - Login" + - http.title:"lansweeper - login" fofa-query: title="lansweeper - login" google-query: intitle:"lansweeper - login" tags: lansweeper,tech,panel diff --git a/http/exposed-panels/ldap-account-manager-panel.yaml b/http/exposed-panels/ldap-account-manager-panel.yaml index 7cc4e42e297..fe6e132837b 100644 --- a/http/exposed-panels/ldap-account-manager-panel.yaml +++ b/http/exposed-panels/ldap-account-manager-panel.yaml @@ -15,12 +15,10 @@ info: metadata: verified: true max-request: 2 - vendor: ldap-account-manager + shodan-query: title:"LDAP Account Manager" product: ldap_account_manager - shodan-query: http.title:"ldap account manager" - fofa-query: title="ldap account manager" - google-query: intitle:"ldap account manager" - tags: panel,ldap,ldap-account-manager + vendor: ldap-account-manager + tags: panel,ldap http: - method: GET diff --git a/http/exposed-panels/lenovo-fp-panel.yaml b/http/exposed-panels/lenovo-fp-panel.yaml index c0d4644bb8e..a5c857c6b4d 100644 --- a/http/exposed-panels/lenovo-fp-panel.yaml +++ b/http/exposed-panels/lenovo-fp-panel.yaml @@ -14,7 +14,9 @@ info: max-request: 2 vendor: lenovo product: fan_power_controller - shodan-query: http.html:"fan and power controller" + shodan-query: + - http.html:"Fan and Power Controller" + - http.html:"fan and power controller" fofa-query: body="fan and power controller" tags: panel,lenovo diff --git a/http/exposed-panels/leostream-panel.yaml b/http/exposed-panels/leostream-panel.yaml index 657478551b4..5912fe99e7f 100644 --- a/http/exposed-panels/leostream-panel.yaml +++ b/http/exposed-panels/leostream-panel.yaml @@ -13,11 +13,9 @@ info: cpe: cpe:2.3:a:leostream:connection_broker:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: leostream + shodan-query: http.title:"Leostream" product: connection_broker - shodan-query: http.title:"leostream" - fofa-query: title="leostream" - google-query: intitle:"leostream" + vendor: leostream tags: panel,leostream http: diff --git a/http/exposed-panels/librenms-login.yaml b/http/exposed-panels/librenms-login.yaml index e5ef951386c..7f9bd69f650 100644 --- a/http/exposed-panels/librenms-login.yaml +++ b/http/exposed-panels/librenms-login.yaml @@ -13,10 +13,7 @@ info: max-request: 1 vendor: librenms product: librenms - fofa-query: - - title="librenms" - - body="librenms install" - shodan-query: http.html:"librenms install" + fofa-query: title="librenms" tags: librenms,panel http: diff --git a/http/exposed-panels/librephotos-panel.yaml b/http/exposed-panels/librephotos-panel.yaml index 1a883bd61c8..8bb4cb94131 100644 --- a/http/exposed-panels/librephotos-panel.yaml +++ b/http/exposed-panels/librephotos-panel.yaml @@ -13,10 +13,8 @@ info: max-request: 1 vendor: librephotos_project product: librephotos - shodan-query: http.title:"librephotos" - fofa-query: title="librephotos" - google-query: intitle:"librephotos" - tags: panel,librephotos,detect,login,librephotos_project + shodan-query: title:"LibrePhotos" + tags: panel,librephotos,detect,login http: - method: GET diff --git a/http/exposed-panels/liferay-portal.yaml b/http/exposed-panels/liferay-portal.yaml index cd7fbad0d4e..f319698aa7d 100644 --- a/http/exposed-panels/liferay-portal.yaml +++ b/http/exposed-panels/liferay-portal.yaml @@ -18,15 +18,9 @@ info: vendor: liferay product: liferay_portal shodan-query: - - http.favicon.hash:"129457226" + - http.favicon.hash:129457226 - cpe:"cpe:2.3:a:liferay:liferay_portal" - - http.html:"var liferay" - - http.title:"liferay" - fofa-query: - - icon_hash=129457226 - - body="var liferay" - - title="liferay" - google-query: intitle:"liferay" + fofa-query: icon_hash=129457226 tags: panel,liferay,portal http: diff --git a/http/exposed-panels/linkerd-panel.yaml b/http/exposed-panels/linkerd-panel.yaml index 6c4d41d2e0c..62df60527f9 100644 --- a/http/exposed-panels/linkerd-panel.yaml +++ b/http/exposed-panels/linkerd-panel.yaml @@ -15,7 +15,9 @@ info: max-request: 1 vendor: linkerd product: linkerd - shodan-query: http.html:"data-controller-namespace" + shodan-query: + - html:"data-controller-namespace" + - http.html:"data-controller-namespace" fofa-query: body="data-controller-namespace" tags: panel,misconfig,linkerd,exposure diff --git a/http/exposed-panels/livehelperchat-admin-panel.yaml b/http/exposed-panels/livehelperchat-admin-panel.yaml index 84d55d45fbc..4355d36cb80 100644 --- a/http/exposed-panels/livehelperchat-admin-panel.yaml +++ b/http/exposed-panels/livehelperchat-admin-panel.yaml @@ -14,8 +14,12 @@ info: max-request: 1 vendor: livehelperchat product: live_helper_chat - shodan-query: http.title:"live helper chat" - fofa-query: title="live helper chat" + shodan-query: + - title:"Live Helper Chat" + - http.title:"live helper chat" + fofa-query: + - title="Live Helper Chat" + - title="live helper chat" google-query: intitle:"live helper chat" tags: livehelperchat,panel diff --git a/http/exposed-panels/livezilla-login-panel.yaml b/http/exposed-panels/livezilla-login-panel.yaml index 8e46e087de5..07e422a402f 100644 --- a/http/exposed-panels/livezilla-login-panel.yaml +++ b/http/exposed-panels/livezilla-login-panel.yaml @@ -13,7 +13,7 @@ info: max-request: 1 vendor: livezilla product: livezilla - shodan-query: http.html:"livezilla" + shodan-query: http.html:livezilla fofa-query: body=livezilla tags: panel,livezilla,login diff --git a/http/exposed-panels/lorex-panel.yaml b/http/exposed-panels/lorex-panel.yaml index c49a9daab45..0d663b342f2 100644 --- a/http/exposed-panels/lorex-panel.yaml +++ b/http/exposed-panels/lorex-panel.yaml @@ -1,21 +1,21 @@ id: lorex-panel -info: - name: Lorex Panel - Detect - author: rxerium - severity: info - description: | - A lorex panel was detected. - reference: - - https://www.lorex.com/ - classification: - cwe-id: CWE-200 - metadata: - verified: true - max-request: 1 - shodan-query: "Lorex" - tags: panel,login,detect,lorex - +info: + name: Lorex Panel - Detect + author: rxerium + severity: info + description: | + A lorex panel was detected. + reference: + - https://www.lorex.com/ + classification: + cwe-id: CWE-200 + metadata: + verified: true + max-request: 1 + shodan-query: "Lorex" + tags: panel,login,detect,lorex + http: - method: GET path: diff --git a/http/exposed-panels/mach-proweb-login.yaml b/http/exposed-panels/mach-proweb-login.yaml index 24abbfdada8..491194b9888 100644 --- a/http/exposed-panels/mach-proweb-login.yaml +++ b/http/exposed-panels/mach-proweb-login.yaml @@ -15,12 +15,10 @@ info: metadata: verified: true max-request: 1 - vendor: reliablecontrols + google-query: intitle:"Log on to MACH-ProWeb" product: mach-prowebcom - google-query: intitle:"log on to mach-proweb" - shodan-query: http.title:"log on to mach-proweb" - fofa-query: title="log on to mach-proweb" - tags: panel,machproweb,edb,reliablecontrols + vendor: reliablecontrols + tags: panel,machproweb,edb http: - method: GET diff --git a/http/exposed-panels/machform-admin-panel.yaml b/http/exposed-panels/machform-admin-panel.yaml index a266d1b4e32..a04ce08b736 100644 --- a/http/exposed-panels/machform-admin-panel.yaml +++ b/http/exposed-panels/machform-admin-panel.yaml @@ -14,11 +14,9 @@ info: metadata: verified: true max-request: 1 - vendor: machform + shodan-query: title:"MachForm Admin Panel" product: machform - shodan-query: http.title:"machform admin panel" - fofa-query: title="machform admin panel" - google-query: intitle:"machform admin panel" + vendor: machform tags: panel,machform,admin http: diff --git a/http/exposed-panels/magento-admin-panel.yaml b/http/exposed-panels/magento-admin-panel.yaml index 1ff386a7485..735f327afc1 100644 --- a/http/exposed-panels/magento-admin-panel.yaml +++ b/http/exposed-panels/magento-admin-panel.yaml @@ -18,10 +18,9 @@ info: vendor: magento product: magento shodan-query: - - http.component:"magento" + - http.component:"Magento" - cpe:"cpe:2.3:a:magento:magento" - - http.html:"magento installation" - fofa-query: body="magento installation" + - http.component:"magento" tags: magento,panel http: diff --git a/http/exposed-panels/magento-downloader-panel.yaml b/http/exposed-panels/magento-downloader-panel.yaml index 14f11c85a1b..dc9fb7cf5c8 100644 --- a/http/exposed-panels/magento-downloader-panel.yaml +++ b/http/exposed-panels/magento-downloader-panel.yaml @@ -17,10 +17,9 @@ info: vendor: magento product: magento shodan-query: - - http.component:"magento" + - http.component:"Magento" - cpe:"cpe:2.3:a:magento:magento" - - http.html:"magento installation" - fofa-query: body="magento installation" + - http.component:"magento" tags: magento,exposure,panel http: diff --git a/http/exposed-panels/magnolia-panel.yaml b/http/exposed-panels/magnolia-panel.yaml index 69920363108..e05a09fdfcc 100644 --- a/http/exposed-panels/magnolia-panel.yaml +++ b/http/exposed-panels/magnolia-panel.yaml @@ -15,16 +15,10 @@ info: metadata: verified: true max-request: 2 - vendor: magnolia-cms + shodan-query: html:"Magnolia is a registered trademark" product: magnolia_cms - shodan-query: - - http.html:"magnolia is a registered trademark" - - http.title:"magnolia installation" - fofa-query: - - body="magnolia is a registered trademark" - - title="magnolia installation" - google-query: intitle:"magnolia installation" - tags: magnolia,panel,login,magnolia-cms + vendor: magnolia-cms + tags: magnolia,panel,login http: - method: GET diff --git a/http/exposed-panels/malwared-byob.yaml b/http/exposed-panels/malwared-byob.yaml index 93e43f8990f..e4154a41479 100644 --- a/http/exposed-panels/malwared-byob.yaml +++ b/http/exposed-panels/malwared-byob.yaml @@ -9,8 +9,7 @@ info: reference: - https://github.com/malwaredllc/byob metadata: - max-request: 1 - shodan-query: "http.favicon.hash:487145192" + shodan-query: http.favicon.hash:487145192 fofa-query: icon_hash="487145192" tags: panel,malware,byob,botnet,oss,detect diff --git a/http/exposed-panels/mantisbt-panel.yaml b/http/exposed-panels/mantisbt-panel.yaml index 587587a7346..66b0dcfcf7d 100644 --- a/http/exposed-panels/mantisbt-panel.yaml +++ b/http/exposed-panels/mantisbt-panel.yaml @@ -17,15 +17,9 @@ info: vendor: mantisbt product: mantisbt shodan-query: - - http.favicon.hash:"662709064" + - http.favicon.hash:662709064 - cpe:"cpe:2.3:a:mantisbt:mantisbt" - - http.html:"administration - installation - mantisbt" - - http.title:"mantisbt" - fofa-query: - - icon_hash=662709064 - - body="administration - installation - mantisbt" - - title="mantisbt" - google-query: intitle:"mantisbt" + fofa-query: icon_hash=662709064 tags: panel,mantisbt http: diff --git a/http/exposed-panels/matomo-panel.yaml b/http/exposed-panels/matomo-panel.yaml index 3a394a11599..c85fc0c8d05 100644 --- a/http/exposed-panels/matomo-panel.yaml +++ b/http/exposed-panels/matomo-panel.yaml @@ -19,13 +19,9 @@ info: vendor: matomo product: matomo shodan-query: - - http.favicon.hash:"-2023266783" + - "http.favicon.hash:-2023266783" - cpe:"cpe:2.3:a:matomo:matomo" - - http.title:"matomo" - fofa-query: - - icon_hash=-2023266783 - - title="matomo" - google-query: intitle:"matomo" + fofa-query: icon_hash=-2023266783 tags: panel,matomo,login,detect http: diff --git a/http/exposed-panels/mbilling-panel.yaml b/http/exposed-panels/mbilling-panel.yaml index 87fdb8d72a7..6c1bb57eb41 100644 --- a/http/exposed-panels/mbilling-panel.yaml +++ b/http/exposed-panels/mbilling-panel.yaml @@ -7,9 +7,9 @@ info: description: | Identified an exposed MagnusBilling login panel. metadata: + shodan-query: html:"MagnusBilling" verified: true max-request: 1 - shodan-query: html:"MagnusBilling" tags: mbilling,login,panel,magnusbilling http: diff --git a/http/exposed-panels/memos-panel.yaml b/http/exposed-panels/memos-panel.yaml index 24871570472..afe719e71eb 100644 --- a/http/exposed-panels/memos-panel.yaml +++ b/http/exposed-panels/memos-panel.yaml @@ -16,7 +16,9 @@ info: max-request: 2 vendor: usememos product: memos - shodan-query: http.title:"memos" + shodan-query: + - title:"Memos" + - http.title:"memos" fofa-query: title="memos" google-query: intitle:"memos" tags: panel,memos,detect,usememos diff --git a/http/exposed-panels/meshcentral-login.yaml b/http/exposed-panels/meshcentral-login.yaml index e40043797e2..6caae645d21 100644 --- a/http/exposed-panels/meshcentral-login.yaml +++ b/http/exposed-panels/meshcentral-login.yaml @@ -13,7 +13,9 @@ info: max-request: 1 vendor: meshcentral product: meshcentral - shodan-query: http.title:"meshcentral - login" + shodan-query: + - http.title:"MeshCentral - Login" + - http.title:"meshcentral - login" fofa-query: title="meshcentral - login" google-query: intitle:"meshcentral - login" tags: panel,meshcentral diff --git a/http/exposed-panels/metabase-panel.yaml b/http/exposed-panels/metabase-panel.yaml index 7542fbd52f4..c3fde9529e3 100644 --- a/http/exposed-panels/metabase-panel.yaml +++ b/http/exposed-panels/metabase-panel.yaml @@ -13,7 +13,9 @@ info: max-request: 1 vendor: metabase product: metabase - shodan-query: http.title:"metabase" + shodan-query: + - http.title:"Metabase" + - http.title:"metabase" fofa-query: - title="metabase" - app="metabase" diff --git a/http/exposed-panels/metasploit-panel.yaml b/http/exposed-panels/metasploit-panel.yaml index 5329de36491..9d0a51920d5 100644 --- a/http/exposed-panels/metasploit-panel.yaml +++ b/http/exposed-panels/metasploit-panel.yaml @@ -18,15 +18,13 @@ info: shodan-query: - http.title:"metasploit" - http.title:"metasploit - setup and configuration" + zoomeye-query: app="Metasploit" fofa-query: - title="metasploit" - title="metasploit - setup and configuration" google-query: - intitle:"metasploit" - intitle:"metasploit - setup and configuration" - zoomeye-query: - - app="metasploit" - - title:'metasploit' tags: panel,metasploit,login,rapid7 http: diff --git a/http/exposed-panels/metasploit-setup-page.yaml b/http/exposed-panels/metasploit-setup-page.yaml index 0338ce9a863..de8bd0a4216 100644 --- a/http/exposed-panels/metasploit-setup-page.yaml +++ b/http/exposed-panels/metasploit-setup-page.yaml @@ -15,17 +15,16 @@ info: vendor: rapid7 product: metasploit shodan-query: - - http.title:"metasploit - setup and configuration" + - title:"Metasploit - Setup and Configuration" - http.title:"metasploit" + - http.title:"metasploit - setup and configuration" + zoomeye-query: app="Metasploit" fofa-query: - title="metasploit" - title="metasploit - setup and configuration" google-query: - intitle:"metasploit" - intitle:"metasploit - setup and configuration" - zoomeye-query: - - app="metasploit" - - title:'metasploit' tags: panel,metasploit,setup,rapid7 http: diff --git a/http/exposed-panels/metersphere-login.yaml b/http/exposed-panels/metersphere-login.yaml index fd75aa116c2..840b21ff5c9 100644 --- a/http/exposed-panels/metersphere-login.yaml +++ b/http/exposed-panels/metersphere-login.yaml @@ -15,10 +15,10 @@ info: max-request: 2 vendor: metersphere product: metersphere - shodan-query: http.html:"metersphere" fofa-query: - body="metersphere" - title="metersphere" + shodan-query: http.html:"metersphere" tags: panel,metersphere http: diff --git a/http/exposed-panels/metube-panel.yaml b/http/exposed-panels/metube-panel.yaml index 6093d8f4483..f96ff3ed348 100644 --- a/http/exposed-panels/metube-panel.yaml +++ b/http/exposed-panels/metube-panel.yaml @@ -1,19 +1,19 @@ id: metube-detect -info: - name: MeTube Instance Detected - author: rxerium - severity: info - description: | - A MeTube instance was detected. - reference: - - https://github.com/alexta69/metube - metadata: - verified: true - max-request: 1 - shodan-query: http.title:MeTube - tags: metube,detect,panel,login - +info: + name: MeTube Instance Detected + author: rxerium + severity: info + description: | + A MeTube instance was detected. + reference: + - https://github.com/alexta69/metube + metadata: + verified: true + shodan-query: http.title:MeTube + max-request: 1 + tags: metube,detect,panel,login + http: - method: GET path: diff --git a/http/exposed-panels/mfiles-web-detect.yaml b/http/exposed-panels/mfiles-web-detect.yaml index 7e2f43bbbf6..4f61af32e5b 100644 --- a/http/exposed-panels/mfiles-web-detect.yaml +++ b/http/exposed-panels/mfiles-web-detect.yaml @@ -16,7 +16,9 @@ info: max-request: 2 vendor: m-files product: m-files - shodan-query: http.html:"m-files web" + shodan-query: + - http.html:"M-Files Web" + - http.html:"m-files web" fofa-query: body="m-files web" tags: panel,m-files diff --git a/http/exposed-panels/microfocus-admin-server.yaml b/http/exposed-panels/microfocus-admin-server.yaml index 4f2138b7d72..9362f461f12 100644 --- a/http/exposed-panels/microfocus-admin-server.yaml +++ b/http/exposed-panels/microfocus-admin-server.yaml @@ -14,7 +14,9 @@ info: max-request: 4 vendor: microfocus product: "enterprise_server" - shodan-query: micro focus dsd + shodan-query: + - "Micro Focus DSD" + - micro focus dsd tags: panel,microfocus,detect,login http: diff --git a/http/exposed-panels/microfocus-filr-panel.yaml b/http/exposed-panels/microfocus-filr-panel.yaml index afaa94a9162..6d8c306e511 100644 --- a/http/exposed-panels/microfocus-filr-panel.yaml +++ b/http/exposed-panels/microfocus-filr-panel.yaml @@ -14,7 +14,9 @@ info: max-request: 2 vendor: microfocus product: filr - shodan-query: http.html:"micro focus filr" + shodan-query: + - "http.html:\"Micro Focus Filr\"" + - http.html:"micro focus filr" fofa-query: body="micro focus filr" tags: panel,microfocus,filr,detect diff --git a/http/exposed-panels/microfocus-vibe-panel.yaml b/http/exposed-panels/microfocus-vibe-panel.yaml index 1003c59e1ef..3603a865c4b 100644 --- a/http/exposed-panels/microfocus-vibe-panel.yaml +++ b/http/exposed-panels/microfocus-vibe-panel.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: microfocus product: vibe - shodan-query: http.html:"micro focus vibe" + shodan-query: + - http.html:"Micro Focus Vibe" + - http.html:"micro focus vibe" fofa-query: body="micro focus vibe" tags: panel,microfocus,vibe diff --git a/http/exposed-panels/microsoft-exchange-panel.yaml b/http/exposed-panels/microsoft-exchange-panel.yaml index 2358ae203df..3c7752babcf 100644 --- a/http/exposed-panels/microsoft-exchange-panel.yaml +++ b/http/exposed-panels/microsoft-exchange-panel.yaml @@ -16,18 +16,13 @@ info: vendor: microsoft product: exchange_server shodan-query: - - http.favicon.hash:"1768726119" + - http.favicon.hash:1768726119 - http.title:"outlook" - cpe:"cpe:2.3:a:microsoft:exchange_server" - - http.title:"outlook exchange" - - vuln:"cve-2021-26855" fofa-query: - icon_hash=1768726119 - title="outlook" - - title=outlook exchange - google-query: - - intitle:"outlook" - - intitle:outlook exchange + google-query: intitle:"outlook" tags: microsoft,panel,exchange http: diff --git a/http/exposed-panels/mikrotik/mikrotik-routeros-old.yaml b/http/exposed-panels/mikrotik/mikrotik-routeros-old.yaml index da52d78c070..b80d0646413 100644 --- a/http/exposed-panels/mikrotik/mikrotik-routeros-old.yaml +++ b/http/exposed-panels/mikrotik/mikrotik-routeros-old.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: mikrotik product: routeros - shodan-query: http.title:"mikrotik routeros > administration" + shodan-query: + - title:"mikrotik routeros > administration" + - http.title:"mikrotik routeros > administration" fofa-query: title="mikrotik routeros > administration" google-query: intitle:"mikrotik routeros > administration" tags: panel,login,mikrotik diff --git a/http/exposed-panels/minio-browser.yaml b/http/exposed-panels/minio-browser.yaml index 46e6e53522e..96edd369db0 100644 --- a/http/exposed-panels/minio-browser.yaml +++ b/http/exposed-panels/minio-browser.yaml @@ -14,15 +14,14 @@ info: vendor: minio product: minio shodan-query: + - title:"MinIO Browser" - http.title:"minio browser" - cpe:"cpe:2.3:a:minio:minio" - http.title:"minio console" - - http.html:"symfony profiler" fofa-query: - app="minio" - title="minio browser" - title="minio console" - - body="symfony profiler" google-query: - intitle:"minio browser" - intitle:"minio console" diff --git a/http/exposed-panels/minio-console.yaml b/http/exposed-panels/minio-console.yaml index b98dcb980e7..aa8a4f8495d 100644 --- a/http/exposed-panels/minio-console.yaml +++ b/http/exposed-panels/minio-console.yaml @@ -11,13 +11,10 @@ info: cpe: cpe:2.3:a:minio:console:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: minio + shodan-query: title:"MinIO Console" + fofa-query: app="MinIO-Console" product: console - shodan-query: http.title:"minio console" - fofa-query: - - app="minio-console" - - title="minio console" - google-query: intitle:"minio console" + vendor: minio tags: panel,minio http: diff --git a/http/exposed-panels/misp-panel.yaml b/http/exposed-panels/misp-panel.yaml index e89ff541706..604aa53bd6e 100644 --- a/http/exposed-panels/misp-panel.yaml +++ b/http/exposed-panels/misp-panel.yaml @@ -11,7 +11,9 @@ info: max-request: 1 vendor: misp product: misp - shodan-query: http.title:"users - misp" + shodan-query: + - http.title:"Users - MISP" + - http.title:"users - misp" fofa-query: title="users - misp" google-query: intitle:"users - misp" tags: panel,misp diff --git a/http/exposed-panels/mitel-micollab-panel.yaml b/http/exposed-panels/mitel-micollab-panel.yaml index 59c5d7e509b..7b047614e06 100644 --- a/http/exposed-panels/mitel-micollab-panel.yaml +++ b/http/exposed-panels/mitel-micollab-panel.yaml @@ -15,8 +15,7 @@ info: max-request: 1 vendor: mitel product: micollab - shodan-query: http.html:"micollab end user portal" - fofa-query: body="micollab end user portal" + shodan-query: http.html:"MiCollab End User Portal" tags: panel,mitel,login,detect http: diff --git a/http/exposed-panels/mitel-panel-detect.yaml b/http/exposed-panels/mitel-panel-detect.yaml index f48ce0b9654..a0b484af4ed 100644 --- a/http/exposed-panels/mitel-panel-detect.yaml +++ b/http/exposed-panels/mitel-panel-detect.yaml @@ -14,7 +14,9 @@ info: max-request: 2 vendor: mitel product: cmg_suite - shodan-query: http.html:"mitel networks" + shodan-query: + - http.html:"Mitel Networks" + - http.html:"mitel networks" fofa-query: body="mitel networks" tags: panel,mitel diff --git a/http/exposed-panels/mobile-management-panel.yaml b/http/exposed-panels/mobile-management-panel.yaml index a988a31ca71..6bd29ad6410 100644 --- a/http/exposed-panels/mobile-management-panel.yaml +++ b/http/exposed-panels/mobile-management-panel.yaml @@ -12,10 +12,10 @@ info: metadata: verified: true max-request: 1 - vendor: zohocorp - product: manageengine_mobile_device_manager_plus fofa-query: title="移动管理平台-企业管理" - tags: panel,mobile,management,zohocorp + product: manageengine_mobile_device_manager_plus + vendor: zohocorp + tags: panel,mobile,management http: - method: GET diff --git a/http/exposed-panels/mobileiron-sentry.yaml b/http/exposed-panels/mobileiron-sentry.yaml index cadfd0cb472..c879b8d104c 100644 --- a/http/exposed-panels/mobileiron-sentry.yaml +++ b/http/exposed-panels/mobileiron-sentry.yaml @@ -14,11 +14,7 @@ info: max-request: 1 vendor: mobileiron product: sentry - shodan-query: - - http.favicon.hash:"967636089" - - http.title:"login | sentry" - fofa-query: title="login | sentry" - google-query: intitle:"login | sentry" + shodan-query: http.favicon.hash:967636089 tags: panel,mobileiron http: diff --git a/http/exposed-panels/modoboa-panel.yaml b/http/exposed-panels/modoboa-panel.yaml index 441734ac5f9..d5ec0e14ae3 100644 --- a/http/exposed-panels/modoboa-panel.yaml +++ b/http/exposed-panels/modoboa-panel.yaml @@ -18,7 +18,7 @@ info: vendor: modoboa product: modoboa shodan-query: - - http.favicon.hash:"1949005079" + - http.favicon.hash:1949005079 - http.html:"modoboa" fofa-query: - body="modoboa" diff --git a/http/exposed-panels/mongodb-ops-manager.yaml b/http/exposed-panels/mongodb-ops-manager.yaml index 5903c8ca51f..f223c7c343b 100644 --- a/http/exposed-panels/mongodb-ops-manager.yaml +++ b/http/exposed-panels/mongodb-ops-manager.yaml @@ -11,11 +11,9 @@ info: cpe: cpe:2.3:a:mongodb:ops_manager_server:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: mongodb + shodan-query: http.title:"MongoDB Ops Manager" product: ops_manager_server - shodan-query: http.title:"mongodb ops manager" - fofa-query: title="mongodb ops manager" - google-query: intitle:"mongodb ops manager" + vendor: mongodb tags: panel,mongodb http: diff --git a/http/exposed-panels/monitorr-panel.yaml b/http/exposed-panels/monitorr-panel.yaml index 11191340fef..dbd00027be0 100644 --- a/http/exposed-panels/monitorr-panel.yaml +++ b/http/exposed-panels/monitorr-panel.yaml @@ -11,7 +11,7 @@ info: max-request: 1 vendor: monitorr product: monitorr - shodan-query: http.favicon.hash:"-211006074" + shodan-query: http.favicon.hash:-211006074 fofa-query: icon_hash="-211006074" tags: panel,monitorr,detect diff --git a/http/exposed-panels/monstra-admin-panel.yaml b/http/exposed-panels/monstra-admin-panel.yaml index c54bc4936e9..0e798580ba0 100644 --- a/http/exposed-panels/monstra-admin-panel.yaml +++ b/http/exposed-panels/monstra-admin-panel.yaml @@ -16,13 +16,8 @@ info: max-request: 1 vendor: monstra product: monstra_cms - shodan-query: - - http.favicon.hash:"419828698" - - 'http.title:"monstra :: install"' - fofa-query: - - icon_hash=419828698 - - 'title="monstra :: install"' - google-query: 'intitle:"monstra :: install"' + shodan-query: http.favicon.hash:419828698 + fofa-query: icon_hash=419828698 tags: panel,monstra http: diff --git a/http/exposed-panels/moodle-workplace-panel.yaml b/http/exposed-panels/moodle-workplace-panel.yaml index e3614f20922..1551a429d46 100644 --- a/http/exposed-panels/moodle-workplace-panel.yaml +++ b/http/exposed-panels/moodle-workplace-panel.yaml @@ -15,18 +15,7 @@ info: max-request: 1 vendor: moodle product: moodle - shodan-query: - - http.html:"moodle" - - cpe:"cpe:2.3:a:moodle:moodle" - - http.title:"installation moodle" - - http.title:"moodle" - fofa-query: - - body="moodle" - - title="installation moodle" - - title="moodle" - google-query: - - intitle:"installation moodle" - - intitle:"moodle" + shodan-query: http.html:"moodle" tags: panel,moodle,login,detect http: diff --git a/http/exposed-panels/movable-type-login.yaml b/http/exposed-panels/movable-type-login.yaml index eec1b3741fa..fe0748b929b 100644 --- a/http/exposed-panels/movable-type-login.yaml +++ b/http/exposed-panels/movable-type-login.yaml @@ -14,15 +14,11 @@ info: vendor: sixapart product: movable_type shodan-query: - - http.title:"サインイン | movable type pro" + - title:"サインイン | Movable Type Pro" - cpe:"cpe:2.3:a:sixapart:movable_type" - - http.title:"welcome to movable type" - fofa-query: - - title="サインイン | movable type pro" - - title="welcome to movable type" - google-query: - - intitle:"サインイン | movable type pro" - - intitle:"welcome to movable type" + - http.title:"サインイン | movable type pro" + fofa-query: title="サインイン | movable type pro" + google-query: intitle:"サインイン | movable type pro" tags: panel,movable,sixapart http: diff --git a/http/exposed-panels/ms-exchange-web-service.yaml b/http/exposed-panels/ms-exchange-web-service.yaml index b1fae400353..286d7f7a75c 100644 --- a/http/exposed-panels/ms-exchange-web-service.yaml +++ b/http/exposed-panels/ms-exchange-web-service.yaml @@ -17,18 +17,13 @@ info: vendor: microsoft product: "exchange_server" shodan-query: - - http.favicon.hash:"1768726119" + - "http.favicon.hash:1768726119" - http.title:"outlook" - cpe:"cpe:2.3:a:microsoft:exchange_server" - - http.title:"outlook exchange" - - vuln:"cve-2021-26855" fofa-query: - icon_hash=1768726119 - title="outlook" - - title=outlook exchange - google-query: - - intitle:"outlook" - - intitle:outlook exchange + google-query: intitle:"outlook" tags: ms,microsoft,exchange,tech,panel http: diff --git a/http/exposed-panels/mylittleadmin-panel.yaml b/http/exposed-panels/mylittleadmin-panel.yaml index 1d5396b5b6a..6e8f85d1c90 100644 --- a/http/exposed-panels/mylittleadmin-panel.yaml +++ b/http/exposed-panels/mylittleadmin-panel.yaml @@ -15,11 +15,10 @@ info: metadata: verified: true max-request: 2 - vendor: mylittletools + shodan-query: http.html:"myLittleAdmin" product: mylittleadmin - shodan-query: http.html:"mylittleadmin" - fofa-query: body="mylittleadmin" - tags: panel,mylittleadmin,login,mylittletools + vendor: mylittletools + tags: panel,mylittleadmin,login http: - method: GET diff --git a/http/exposed-panels/mylittlebackup-panel.yaml b/http/exposed-panels/mylittlebackup-panel.yaml index 3df21cead7f..f4a2d55fb4d 100644 --- a/http/exposed-panels/mylittlebackup-panel.yaml +++ b/http/exposed-panels/mylittlebackup-panel.yaml @@ -15,11 +15,10 @@ info: metadata: verified: true max-request: 3 - vendor: mylittletools + shodan-query: http.html:"myLittleBackup" product: mylittlebackup - shodan-query: http.html:"mylittlebackup" - fofa-query: body="mylittlebackup" - tags: panel,mylittlebackup,mylittletools + vendor: mylittletools + tags: panel,mylittlebackup http: - method: GET diff --git a/http/exposed-panels/n8n-panel.yaml b/http/exposed-panels/n8n-panel.yaml index b56edd9e92f..48215659f2a 100644 --- a/http/exposed-panels/n8n-panel.yaml +++ b/http/exposed-panels/n8n-panel.yaml @@ -15,8 +15,7 @@ info: max-request: 1 vendor: n8n product: n8n - shodan-query: http.favicon.hash:"-831756631" - fofa-query: icon_hash=-831756631 + shodan-query: http.favicon.hash:-831756631 tags: panel,n8n,login,detect http: diff --git a/http/exposed-panels/nagios-xi-panel.yaml b/http/exposed-panels/nagios-xi-panel.yaml index 1db8d63344a..ca1b695692f 100644 --- a/http/exposed-panels/nagios-xi-panel.yaml +++ b/http/exposed-panels/nagios-xi-panel.yaml @@ -15,12 +15,11 @@ info: vendor: nagios product: nagios_xi shodan-query: + - http.title:"Nagios XI" - http.title:"nagios xi" - - http.favicon.hash:"1460499495" fofa-query: - title="nagios xi" - app="nagios-xi" - - icon_hash="1460499495" google-query: intitle:"nagios xi" tags: panel,nagios,nagios-xi diff --git a/http/exposed-panels/nagios/nagios-logserver-panel.yaml b/http/exposed-panels/nagios/nagios-logserver-panel.yaml index a32d8afeb13..8c40e2ffc00 100644 --- a/http/exposed-panels/nagios/nagios-logserver-panel.yaml +++ b/http/exposed-panels/nagios/nagios-logserver-panel.yaml @@ -9,8 +9,8 @@ info: metadata: verified: true max-request: 1 - shodan-query: http.favicon.hash:1460499495 fofa-query: icon_hash="1460499495" + shodan-query: http.favicon.hash:1460499495 tags: panel,nagios,nagios-logserver,login,detect http: diff --git a/http/exposed-panels/nagvis-panel.yaml b/http/exposed-panels/nagvis-panel.yaml index ee94f8df7b2..2cae04531a7 100644 --- a/http/exposed-panels/nagvis-panel.yaml +++ b/http/exposed-panels/nagvis-panel.yaml @@ -14,7 +14,9 @@ info: max-request: 2 vendor: nagvis product: nagvis - shodan-query: http.html:"nagvis" + shodan-query: + - http.html:"NagVis" + - http.html:"nagvis" fofa-query: body="nagvis" tags: panel,nagvis diff --git a/http/exposed-panels/ncentral-panel.yaml b/http/exposed-panels/ncentral-panel.yaml index 03e86b4c630..e1996fcc1c7 100644 --- a/http/exposed-panels/ncentral-panel.yaml +++ b/http/exposed-panels/ncentral-panel.yaml @@ -12,12 +12,10 @@ info: metadata: verified: true max-request: 1 - vendor: n-able + shodan-query: http.title:"N-central Login" product: n-central - shodan-query: http.title:"n-central login" - fofa-query: title="n-central login" - google-query: intitle:"n-central login" - tags: panel,n-central,n-able + vendor: n-able + tags: panel,n-central http: - method: GET diff --git a/http/exposed-panels/nconf-panel.yaml b/http/exposed-panels/nconf-panel.yaml index fbaeca8afa1..5443e631a23 100644 --- a/http/exposed-panels/nconf-panel.yaml +++ b/http/exposed-panels/nconf-panel.yaml @@ -12,12 +12,10 @@ info: metadata: verified: true max-request: 1 - vendor: nconf_project - product: nconf shodan-query: http.title:"nconf" - fofa-query: title="nconf" - google-query: intitle:"nconf" - tags: panel,nconf,nconf_project + product: nconf + vendor: nconf_project + tags: panel,nconf http: - method: GET diff --git a/http/exposed-panels/neo4j-browser.yaml b/http/exposed-panels/neo4j-browser.yaml index 99c13fc6790..408e94b6acb 100644 --- a/http/exposed-panels/neo4j-browser.yaml +++ b/http/exposed-panels/neo4j-browser.yaml @@ -13,7 +13,9 @@ info: max-request: 1 vendor: neo4j product: neo4j - shodan-query: http.title:"neo4j browser" + shodan-query: + - http.title:"Neo4j Browser" + - http.title:"neo4j browser" fofa-query: title="neo4j browser" google-query: intitle:"neo4j browser" tags: neo4j,exposure,unauth,panel diff --git a/http/exposed-panels/nessus-panel.yaml b/http/exposed-panels/nessus-panel.yaml index f7ecef2e9b3..1d0e665b895 100644 --- a/http/exposed-panels/nessus-panel.yaml +++ b/http/exposed-panels/nessus-panel.yaml @@ -14,7 +14,9 @@ info: max-request: 2 vendor: tenable product: nessus - shodan-query: http.title:"nessus" + shodan-query: + - title:"Nessus" + - http.title:"nessus" fofa-query: title="nessus" google-query: intitle:"nessus" tags: panel,nessus,tenable diff --git a/http/exposed-panels/netalertx-panel.yaml b/http/exposed-panels/netalertx-panel.yaml index d695740ddde..ad4488688c4 100644 --- a/http/exposed-panels/netalertx-panel.yaml +++ b/http/exposed-panels/netalertx-panel.yaml @@ -13,8 +13,8 @@ info: max-request: 1 vendor: jokob-sk product: netalertx - fofa-query: netalert x - tags: panel,login,netalertx,detect,jokob-sk + fofa-query: "NetAlert X" + tags: panel,login,netalertx,detect http: - method: GET diff --git a/http/exposed-panels/netdata-dashboard-detected.yaml b/http/exposed-panels/netdata-dashboard-detected.yaml index 38a836ad07b..6adcdd4b500 100644 --- a/http/exposed-panels/netdata-dashboard-detected.yaml +++ b/http/exposed-panels/netdata-dashboard-detected.yaml @@ -14,15 +14,11 @@ info: vendor: netdata product: netdata shodan-query: - - server:"netdata embedded http server" + - 'Server: NetData Embedded HTTP Server' - http.title:"netdata dashboard" - - http.title:"netdata console" - fofa-query: - - title="netdata dashboard" - - title="netdata console" - google-query: - - intitle:"netdata dashboard" - - intitle:"netdata console" + - "server: netdata embedded http server" + fofa-query: title="netdata dashboard" + google-query: intitle:"netdata dashboard" tags: netdata,panel,tech http: diff --git a/http/exposed-panels/netdata-panel.yaml b/http/exposed-panels/netdata-panel.yaml index 539f74a9f75..1afae6da307 100644 --- a/http/exposed-panels/netdata-panel.yaml +++ b/http/exposed-panels/netdata-panel.yaml @@ -14,20 +14,15 @@ info: cwe-id: CWE-200 cpe: cpe:2.3:a:netdata:netdata:*:*:*:*:*:*:*:* metadata: - max-request: 2 + max-request: 1 vendor: netdata product: netdata shodan-query: - - '[http.title:"netdata dashboard" http.title:"netdata console" server: netdata embedded http server]' - - http.title:"netdata console" - http.title:"netdata dashboard" - - server:"netdata embedded http server" - fofa-query: - - title="netdata dashboard" - - title="netdata console" - google-query: - - intitle:"netdata dashboard" - - intitle:"netdata console" + - http.title:"Netdata Console" + - "server: netdata embedded http server" + fofa-query: title="netdata dashboard" + google-query: intitle:"netdata dashboard" tags: panel,netdata http: diff --git a/http/exposed-panels/netflix-conductor-ui.yaml b/http/exposed-panels/netflix-conductor-ui.yaml index d2ae5313741..635ab245b97 100644 --- a/http/exposed-panels/netflix-conductor-ui.yaml +++ b/http/exposed-panels/netflix-conductor-ui.yaml @@ -13,7 +13,9 @@ info: max-request: 1 vendor: netflix product: conductor - shodan-query: http.title:"conductor ui", http.title:"workflow ui" + shodan-query: + - http.title:"Conductor UI", http.title:"Workflow UI" + - http.title:"conductor ui", http.title:"workflow ui" fofa-query: title="conductor ui", http.title:"workflow ui" google-query: intitle:"conductor ui", http.title:"workflow ui" tags: webserver,netflix,conductor,panel diff --git a/http/exposed-panels/netflow-analyzer-panel.yaml b/http/exposed-panels/netflow-analyzer-panel.yaml index 4819a067ea3..48051df9c98 100644 --- a/http/exposed-panels/netflow-analyzer-panel.yaml +++ b/http/exposed-panels/netflow-analyzer-panel.yaml @@ -11,9 +11,8 @@ info: max-request: 1 vendor: zohocorp product: manageengine_netflow_analyzer - shodan-query: http.html:"login - netflow analyzer" - fofa-query: body="login - netflow analyzer" - tags: netflow,analyzer,panel,login,zohocorp + shodan-query: html:"Login - Netflow Analyzer" + tags: netflow,analyzer,panel,login http: - raw: diff --git a/http/exposed-panels/netris-dashboard-panel.yaml b/http/exposed-panels/netris-dashboard-panel.yaml index a4d4e813f26..8b43388fb33 100644 --- a/http/exposed-panels/netris-dashboard-panel.yaml +++ b/http/exposed-panels/netris-dashboard-panel.yaml @@ -9,9 +9,9 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cwe-id: CWE-200 metadata: - verified: true max-request: 1 shodan-query: http.title:"Netris Dashboard" + verified: true tags: panel,netris http: diff --git a/http/exposed-panels/netscaler-gateway.yaml b/http/exposed-panels/netscaler-gateway.yaml index b913943c788..78a6d5f645c 100644 --- a/http/exposed-panels/netscaler-gateway.yaml +++ b/http/exposed-panels/netscaler-gateway.yaml @@ -15,8 +15,6 @@ info: max-request: 1 vendor: citrix product: netscaler_gateway - shodan-query: http.favicon.hash:"-1292923998,-1166125415" - fofa-query: icon_hash=-1292923998,-1166125415 tags: panel,netscaler,citrix http: diff --git a/http/exposed-panels/nginx-proxy-manager.yaml b/http/exposed-panels/nginx-proxy-manager.yaml index 99acb368674..58d10d20e9c 100644 --- a/http/exposed-panels/nginx-proxy-manager.yaml +++ b/http/exposed-panels/nginx-proxy-manager.yaml @@ -11,12 +11,10 @@ info: cpe: cpe:2.3:a:nginxproxymanager:nginx_proxy_manager:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: nginxproxymanager + shodan-query: http.title:"Nginx Proxy Manager" product: nginx_proxy_manager - shodan-query: http.title:"nginx proxy manager" - fofa-query: title="nginx proxy manager" - google-query: intitle:"nginx proxy manager" - tags: panel,nginx,proxy,nginxproxymanager + vendor: nginxproxymanager + tags: panel,nginx,proxy http: - method: GET diff --git a/http/exposed-panels/nocodb-panel.yaml b/http/exposed-panels/nocodb-panel.yaml index 636f379595b..a8b6c6e4ab6 100644 --- a/http/exposed-panels/nocodb-panel.yaml +++ b/http/exposed-panels/nocodb-panel.yaml @@ -16,11 +16,8 @@ info: max-request: 2 vendor: xgenecloud product: nocodb - shodan-query: - - http.favicon.hash:"206985584" - - http.favicon.hash:"-2017596142" - fofa-query: icon_hash=-2017596142 - tags: panel,nocodb,login,detect,xgenecloud + shodan-query: "http.favicon.hash:206985584" + tags: panel,nocodb,login,detect http: - method: GET diff --git a/http/exposed-panels/novnc-login-panel.yaml b/http/exposed-panels/novnc-login-panel.yaml index a726fbe64af..fd219f53c2b 100644 --- a/http/exposed-panels/novnc-login-panel.yaml +++ b/http/exposed-panels/novnc-login-panel.yaml @@ -12,11 +12,9 @@ info: metadata: verified: true max-request: 2 - vendor: novnc + shodan-query: http.title:"noVNC" product: novnc - shodan-query: http.title:"novnc" - fofa-query: title="novnc" - google-query: intitle:"novnc" + vendor: novnc tags: panel,novnc http: diff --git a/http/exposed-panels/nport-web-console.yaml b/http/exposed-panels/nport-web-console.yaml index 7a3f197ff02..47d53d89c45 100644 --- a/http/exposed-panels/nport-web-console.yaml +++ b/http/exposed-panels/nport-web-console.yaml @@ -14,12 +14,10 @@ info: metadata: verified: true max-request: 1 - vendor: moxa + shodan-query: title:"NPort Web Console" product: nport_6450-t_firmware - shodan-query: http.title:"nport web console" - fofa-query: title="nport web console" - google-query: intitle:"nport web console" - tags: panel,nport,moxa + vendor: moxa + tags: panel,nport http: - method: GET diff --git a/http/exposed-panels/nuxeo-platform-panel.yaml b/http/exposed-panels/nuxeo-platform-panel.yaml index 5853c214d15..6d3c14e3614 100644 --- a/http/exposed-panels/nuxeo-platform-panel.yaml +++ b/http/exposed-panels/nuxeo-platform-panel.yaml @@ -12,11 +12,9 @@ info: metadata: verified: true max-request: 1 - vendor: nuxeo + shodan-query: title:"Nuxeo Platform" product: nuxeo - shodan-query: http.title:"nuxeo platform" - fofa-query: title="nuxeo platform" - google-query: intitle:"nuxeo platform" + vendor: nuxeo tags: panel,nuxeo http: diff --git a/http/exposed-panels/nzbget-panel.yaml b/http/exposed-panels/nzbget-panel.yaml index ea852a50f30..bf9cd8da2da 100644 --- a/http/exposed-panels/nzbget-panel.yaml +++ b/http/exposed-panels/nzbget-panel.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: nzbget product: nzbget - shodan-query: http.html:"nzbget" + shodan-query: + - html:"NZBGet" + - http.html:"nzbget" fofa-query: body="nzbget" tags: panel,nzbget diff --git a/http/exposed-panels/ocomon-panel.yaml b/http/exposed-panels/ocomon-panel.yaml index 6462d4dd3a4..1f2dab742fc 100644 --- a/http/exposed-panels/ocomon-panel.yaml +++ b/http/exposed-panels/ocomon-panel.yaml @@ -16,7 +16,9 @@ info: max-request: 1 vendor: ocomon_project product: ocomon - shodan-query: http.html:"ocomon" + shodan-query: + - http.html:"OcoMon" + - http.html:"ocomon" fofa-query: body="ocomon" tags: panel,ocomon,oss,ocomon_project diff --git a/http/exposed-panels/ocs-inventory-login.yaml b/http/exposed-panels/ocs-inventory-login.yaml index 6c2d149ccd1..977d298ab3f 100644 --- a/http/exposed-panels/ocs-inventory-login.yaml +++ b/http/exposed-panels/ocs-inventory-login.yaml @@ -12,12 +12,11 @@ info: metadata: verified: true max-request: 2 - vendor: factorfx + shodan-query: title:"OCS Inventory" + fofa-query: title="OCS Inventory" product: ocs_inventory - shodan-query: http.title:"ocs inventory" - fofa-query: title="ocs inventory" - google-query: intitle:"ocs inventory" - tags: ocs-inventory,panel,factorfx + vendor: factorfx + tags: ocs-inventory,panel http: - method: GET diff --git a/http/exposed-panels/octoprint-login.yaml b/http/exposed-panels/octoprint-login.yaml index 11e9b061d83..bc6235e5174 100644 --- a/http/exposed-panels/octoprint-login.yaml +++ b/http/exposed-panels/octoprint-login.yaml @@ -13,15 +13,6 @@ info: max-request: 2 vendor: octoprint product: octoprint - shodan-query: - - http.favicon.hash:"1307375944" - - http.html:"thank you for installing octoprint" - - http.title:"octoprint" - fofa-query: - - body="thank you for installing octoprint" - - icon_hash=1307375944 - - title="octoprint" - google-query: intitle:"octoprint" tags: octoprint,panel http: diff --git a/http/exposed-panels/odoo-database-manager.yaml b/http/exposed-panels/odoo-database-manager.yaml index 708f6015a79..c573e4ade3f 100644 --- a/http/exposed-panels/odoo-database-manager.yaml +++ b/http/exposed-panels/odoo-database-manager.yaml @@ -13,6 +13,7 @@ info: vendor: odoo product: odoo shodan-query: + - title:"Odoo" - http.title:"odoo" - cpe:"cpe:2.3:a:odoo:odoo" fofa-query: title="odoo" diff --git a/http/exposed-panels/odoo-panel.yaml b/http/exposed-panels/odoo-panel.yaml index cc622566522..d2b238e0c85 100644 --- a/http/exposed-panels/odoo-panel.yaml +++ b/http/exposed-panels/odoo-panel.yaml @@ -12,6 +12,7 @@ info: vendor: odoo product: odoo shodan-query: + - title:"Odoo" - http.title:"odoo" - cpe:"cpe:2.3:a:odoo:odoo" fofa-query: title="odoo" diff --git a/http/exposed-panels/office-webapps-panel.yaml b/http/exposed-panels/office-webapps-panel.yaml index d56dd71092c..473fd4dd7d0 100644 --- a/http/exposed-panels/office-webapps-panel.yaml +++ b/http/exposed-panels/office-webapps-panel.yaml @@ -16,7 +16,9 @@ info: max-request: 2 vendor: microsoft product: office_web_apps_server - shodan-query: http.html:"provide a link that opens word" + shodan-query: + - html:"Provide a link that opens Word" + - http.html:"provide a link that opens word" fofa-query: body="provide a link that opens word" tags: panel,office-webapps,login,microsoft diff --git a/http/exposed-panels/ollama-llm-panel.yaml b/http/exposed-panels/ollama-llm-panel.yaml index 20b04c7bce6..0b3e845a923 100644 --- a/http/exposed-panels/ollama-llm-panel.yaml +++ b/http/exposed-panels/ollama-llm-panel.yaml @@ -12,14 +12,10 @@ info: cpe: cpe:2.3:a:ollama:ollama:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: ollama + shodan-query: "Ollama is running" + zoomeye-query: app="Ollama" product: ollama - shodan-query: - - ollama is running - - ollama - zoomeye-query: - - app="ollama" - - app:"ollama llm" + vendor: ollama tags: panel,ollama,llm,detect http: diff --git a/http/exposed-panels/omniampx-panel.yaml b/http/exposed-panels/omniampx-panel.yaml index ce50fe109a4..cb88f6a1f4f 100644 --- a/http/exposed-panels/omniampx-panel.yaml +++ b/http/exposed-panels/omniampx-panel.yaml @@ -12,11 +12,10 @@ info: metadata: verified: true max-request: 1 - vendor: telosalliance + shodan-query: http.html:"Omnia MPX" product: omnia_mpx_node - shodan-query: http.html:"omnia mpx" - fofa-query: body="omnia mpx" - tags: panel,omnia,omniampx,telosalliance + vendor: telosalliance + tags: panel,omnia,omniampx http: - method: GET diff --git a/http/exposed-panels/onedev-panel.yaml b/http/exposed-panels/onedev-panel.yaml index 1a0dd02baa5..99d4d4ee0a7 100644 --- a/http/exposed-panels/onedev-panel.yaml +++ b/http/exposed-panels/onedev-panel.yaml @@ -12,7 +12,7 @@ info: verified: true max-request: 1 shodan-query: title:"OneDev" - tags: tech,detect,onedev,panel + tags: tech,detect,onedev http: - method: GET diff --git a/http/exposed-panels/onlyoffice-login-panel.yaml b/http/exposed-panels/onlyoffice-login-panel.yaml index e74004b96bf..77b6ff089f0 100644 --- a/http/exposed-panels/onlyoffice-login-panel.yaml +++ b/http/exposed-panels/onlyoffice-login-panel.yaml @@ -13,8 +13,9 @@ info: max-request: 2 vendor: onlyoffice product: onlyoffice - fofa-query: app="onlyoffice" && (icon_hash="1928933157" || icon_hash="826083956" || icon_hash="-1380930248" || icon_hash="-285544629" || icon_hash="812741391") - shodan-query: http.html:"portal setup" + fofa-query: + - app="ONLYOFFICE" && (icon_hash="1928933157" || icon_hash="826083956" || icon_hash="-1380930248" || icon_hash="-285544629" || icon_hash="812741391") + - app="onlyoffice" && (icon_hash="1928933157" || icon_hash="826083956" || icon_hash="-1380930248" || icon_hash="-285544629" || icon_hash="812741391") tags: panel,onlyoffice,detect http: diff --git a/http/exposed-panels/open-stack-dashboard-login.yaml b/http/exposed-panels/open-stack-dashboard-login.yaml index 41aecc48a29..81f2e3b432a 100644 --- a/http/exposed-panels/open-stack-dashboard-login.yaml +++ b/http/exposed-panels/open-stack-dashboard-login.yaml @@ -12,12 +12,9 @@ info: cwe-id: CWE-200 cpe: cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:* metadata: - max-request: 3 + max-request: 2 vendor: openstack product: horizon - shodan-query: http.title:"opennms web console" - fofa-query: title="opennms web console" - google-query: intitle:"opennms web console" tags: panel,openstack,edb http: diff --git a/http/exposed-panels/openam-panel.yaml b/http/exposed-panels/openam-panel.yaml index e0d96f4fcd9..1560529af2c 100644 --- a/http/exposed-panels/openam-panel.yaml +++ b/http/exposed-panels/openam-panel.yaml @@ -13,7 +13,9 @@ info: max-request: 20 vendor: forgerock product: openam - shodan-query: http.title:"openam" + shodan-query: + - http.title:"OpenAM" + - http.title:"openam" fofa-query: title="openam" google-query: intitle:"openam" tags: panel,openam,opensso,login,forgerock diff --git a/http/exposed-panels/opencart-panel.yaml b/http/exposed-panels/opencart-panel.yaml index aca3a5a334c..521e4d8ab5c 100644 --- a/http/exposed-panels/opencart-panel.yaml +++ b/http/exposed-panels/opencart-panel.yaml @@ -18,15 +18,10 @@ info: vendor: opencart product: opencart shodan-query: + - html:"OpenCart" - http.html:"opencart" - cpe:"cpe:2.3:a:opencart:opencart" - - http.favicon.hash:"-1443008128" - - http.title:"opencart" - fofa-query: - - body="opencart" - - icon_hash="-1443008128" - - title="opencart" - google-query: intitle:"opencart" + fofa-query: body="opencart" tags: panel,opencart http: diff --git a/http/exposed-panels/opencats-panel.yaml b/http/exposed-panels/opencats-panel.yaml index 73a7e04c3b3..23866934d8d 100644 --- a/http/exposed-panels/opencats-panel.yaml +++ b/http/exposed-panels/opencats-panel.yaml @@ -14,7 +14,9 @@ info: max-request: 2 vendor: opencats product: opencats - shodan-query: http.title:"opencats" + shodan-query: + - title:"opencats" + - http.title:"opencats" fofa-query: title="opencats" google-query: intitle:"opencats" tags: panel,opencats diff --git a/http/exposed-panels/openedge-panel.yaml b/http/exposed-panels/openedge-panel.yaml index 21d7c089432..3acc9595d8d 100644 --- a/http/exposed-panels/openedge-panel.yaml +++ b/http/exposed-panels/openedge-panel.yaml @@ -13,9 +13,8 @@ info: max-request: 1 vendor: progress product: openedge - shodan-query: http.html:"welcome to progress application server for openedge" - fofa-query: body="welcome to progress application server for openedge" - tags: panel,openedge,login,detect,progress + shodan-query: html:"Welcome to Progress Application Server for OpenEdge" + tags: panel,openedge,login,detect http: - method: GET diff --git a/http/exposed-panels/openemr-detect.yaml b/http/exposed-panels/openemr-detect.yaml index b8605dcb285..11b2dec974f 100644 --- a/http/exposed-panels/openemr-detect.yaml +++ b/http/exposed-panels/openemr-detect.yaml @@ -14,19 +14,17 @@ info: vendor: open-emr product: openemr shodan-query: + - http.html:"OpenEMR" - http.html:"openemr" - http.title:"openemr" - - http.favicon.hash:"1971268439" - - http.title:"openemr setup tool" + - http.favicon.hash:1971268439 fofa-query: - - app="openemr" + - app="OpenEMR" - body="openemr" - title="openemr" + - app="openemr" - icon_hash=1971268439 - - title="openemr setup tool" - google-query: - - intitle:"openemr" - - intitle:"openemr setup tool" + google-query: intitle:"openemr" tags: panel,openemr,open-emr http: diff --git a/http/exposed-panels/openfire-admin-panel.yaml b/http/exposed-panels/openfire-admin-panel.yaml index 11b5f12439e..4b05f16d7f2 100644 --- a/http/exposed-panels/openfire-admin-panel.yaml +++ b/http/exposed-panels/openfire-admin-panel.yaml @@ -15,13 +15,12 @@ info: vendor: igniterealtime product: openfire shodan-query: - - http.title:"openfire admin console" + - http.title:"Openfire Admin Console" - http.title:"openfire" - - http.html:"welcome to openfire setup" + - http.title:"openfire admin console" fofa-query: - title="openfire" - title="openfire admin console" - - body="welcome to openfire setup" google-query: - intitle:"openfire admin console" - intitle:"openfire" diff --git a/http/exposed-panels/opengear-panel.yaml b/http/exposed-panels/opengear-panel.yaml index 8c5b8a01951..6fce4bea36c 100644 --- a/http/exposed-panels/opengear-panel.yaml +++ b/http/exposed-panels/opengear-panel.yaml @@ -13,13 +13,10 @@ info: metadata: verified: true max-request: 1 - vendor: opengear + fofa-query: app="opengear-Management-Console" + google-query: intitle:"Opengear Management Console" product: opengear - fofa-query: - - app="opengear-management-console" - - title="opengear management console" - google-query: intitle:"opengear management console" - shodan-query: http.title:"opengear management console" + vendor: opengear tags: panel,opengear http: diff --git a/http/exposed-panels/openobserve-panel.yaml b/http/exposed-panels/openobserve-panel.yaml index 5f740ad6fbf..c23bd0511a2 100644 --- a/http/exposed-panels/openobserve-panel.yaml +++ b/http/exposed-panels/openobserve-panel.yaml @@ -9,8 +9,8 @@ info: reference: - https://github.com/openobserve/openobserve metadata: - verified: true max-request: 1 + verified: true shodan-query: http.title:"OpenObserve" tags: panel,openobserve,login diff --git a/http/exposed-panels/opensis-panel.yaml b/http/exposed-panels/opensis-panel.yaml index 0e1035d310e..52cdec6ceb7 100644 --- a/http/exposed-panels/opensis-panel.yaml +++ b/http/exposed-panels/opensis-panel.yaml @@ -13,7 +13,9 @@ info: max-request: 2 vendor: os4ed product: opensis - shodan-query: http.title:"opensis" + shodan-query: + - http.title:"openSIS" + - http.title:"opensis" fofa-query: title="opensis" google-query: intitle:"opensis" tags: panel,opensis,login,os4ed diff --git a/http/exposed-panels/opentext-contentserver-panel.yaml b/http/exposed-panels/opentext-contentserver-panel.yaml index 714049bf447..66165c414da 100644 --- a/http/exposed-panels/opentext-contentserver-panel.yaml +++ b/http/exposed-panels/opentext-contentserver-panel.yaml @@ -9,8 +9,8 @@ info: reference: - https://www.opentext.com/products/document-management metadata: - verified: true max-request: 1 + verified: true shodan-query: http.title:"Content Server" tags: panel,opentext,login diff --git a/http/exposed-panels/openvas-panel.yaml b/http/exposed-panels/openvas-panel.yaml index d56090c08ef..1c6f3f14550 100644 --- a/http/exposed-panels/openvas-panel.yaml +++ b/http/exposed-panels/openvas-panel.yaml @@ -15,8 +15,7 @@ info: max-request: 1 vendor: openvas product: openvas_manager - shodan-query: http.favicon.hash:"1606029165" - fofa-query: icon_hash=1606029165 + shodan-query: http.favicon.hash:1606029165 tags: panel,openvas,admin,login http: diff --git a/http/exposed-panels/openvpn-admin.yaml b/http/exposed-panels/openvpn-admin.yaml index c29daf1072b..e0e4184ac3a 100644 --- a/http/exposed-panels/openvpn-admin.yaml +++ b/http/exposed-panels/openvpn-admin.yaml @@ -15,8 +15,9 @@ info: vendor: openvpn product: openvpn shodan-query: - - http.title:"openvpn-admin" + - http.title:"OpenVPN-Admin" - http.html:"router management - server openvpn" + - http.title:"openvpn-admin" - cpe:"cpe:2.3:a:openvpn:openvpn" fofa-query: - body="router management - server openvpn" diff --git a/http/exposed-panels/openvpn-connect.yaml b/http/exposed-panels/openvpn-connect.yaml index 6ea09ffc619..4dd88519b7d 100644 --- a/http/exposed-panels/openvpn-connect.yaml +++ b/http/exposed-panels/openvpn-connect.yaml @@ -14,15 +14,9 @@ info: max-request: 1 vendor: openvpn product: connect - shodan-query: - - http.title:"openvpn connect" - - http.title:"ovpn config download" - fofa-query: - - title="openvpn connect" - - title="ovpn config download" - google-query: - - intitle:"openvpn connect" - - intitle:"ovpn config download" + shodan-query: http.title:"openvpn connect" + fofa-query: title="openvpn connect" + google-query: intitle:"openvpn connect" tags: panel,openvpn,connect,vpn http: diff --git a/http/exposed-panels/openvpn-router-management.yaml b/http/exposed-panels/openvpn-router-management.yaml index f653dde192c..374426346cc 100644 --- a/http/exposed-panels/openvpn-router-management.yaml +++ b/http/exposed-panels/openvpn-router-management.yaml @@ -15,6 +15,7 @@ info: vendor: openvpn product: openvpn shodan-query: + - http.html:"Router Management - Server OpenVPN" - http.html:"router management - server openvpn" - http.title:"openvpn-admin" - cpe:"cpe:2.3:a:openvpn:openvpn" diff --git a/http/exposed-panels/openwrt-login.yaml b/http/exposed-panels/openwrt-login.yaml index 778d83fe304..0fb30239bdf 100644 --- a/http/exposed-panels/openwrt-login.yaml +++ b/http/exposed-panels/openwrt-login.yaml @@ -13,7 +13,9 @@ info: max-request: 2 vendor: openwrt product: openwrt - shodan-query: http.title:"openwrt - luci" + shodan-query: + - http.title:"OpenWrt - LuCI" + - http.title:"openwrt - luci" fofa-query: title="openwrt - luci" google-query: intitle:"openwrt - luci" tags: openwrt,router,panel diff --git a/http/exposed-panels/openwrt/openwrt-luci-panel.yaml b/http/exposed-panels/openwrt/openwrt-luci-panel.yaml index 074f559fd8a..ca940c0a327 100644 --- a/http/exposed-panels/openwrt/openwrt-luci-panel.yaml +++ b/http/exposed-panels/openwrt/openwrt-luci-panel.yaml @@ -13,7 +13,9 @@ info: max-request: 1 vendor: x-wrt product: luci - shodan-query: http.title:"openwrt - luci" + shodan-query: + - http.title:"OpenWrt - LuCI" + - http.title:"openwrt - luci" fofa-query: title="openwrt - luci" google-query: intitle:"openwrt - luci" tags: panel,default-login,openwrt,x-wrt diff --git a/http/exposed-panels/openx-panel.yaml b/http/exposed-panels/openx-panel.yaml index 594b56e82a9..a7c87bcb488 100644 --- a/http/exposed-panels/openx-panel.yaml +++ b/http/exposed-panels/openx-panel.yaml @@ -17,12 +17,12 @@ info: vendor: revive-adserver product: revive_adserver shodan-query: + - title:"Revive Adserver" - http.title:"revive adserver" - - http.favicon.hash:"106844876" + - http.favicon.hash:106844876 fofa-query: - icon_hash=106844876 - title="revive adserver" - - icon_hash="106844876" google-query: intitle:"revive adserver" tags: panel,openx,revive,adserver,login,revive-adserver diff --git a/http/exposed-panels/oracle-access-management.yaml b/http/exposed-panels/oracle-access-management.yaml index 4f67cf757dc..bf2b994e830 100644 --- a/http/exposed-panels/oracle-access-management.yaml +++ b/http/exposed-panels/oracle-access-management.yaml @@ -15,9 +15,11 @@ info: vendor: oracle product: access_manager shodan-query: + - "http.title:\"Oracle Access Management\"" - http.title:"oracle access management" - http.html:"/oam/pages/css/login_page.css" fofa-query: + - "title=\"Oracle Access Management\"" - title="oracle access management" - body="/oam/pages/css/login_page.css" google-query: intitle:"oracle access management" diff --git a/http/exposed-panels/oracle-application-server-panel.yaml b/http/exposed-panels/oracle-application-server-panel.yaml index 9a46b3d2d89..a5479733ca1 100644 --- a/http/exposed-panels/oracle-application-server-panel.yaml +++ b/http/exposed-panels/oracle-application-server-panel.yaml @@ -10,7 +10,7 @@ info: - https://www.oracle.com/middleware/technologies/internet-application-server.html metadata: verified: true - max-request: 2 + max-request: 1 shodan-query: http.title:"Oracle Containers for J2EE" tags: panel,oracle,containers,login,detect diff --git a/http/exposed-panels/oracle-business-control.yaml b/http/exposed-panels/oracle-business-control.yaml index d42724e4586..abd0e254c70 100644 --- a/http/exposed-panels/oracle-business-control.yaml +++ b/http/exposed-panels/oracle-business-control.yaml @@ -16,6 +16,7 @@ info: vendor: oracle product: commerce shodan-query: + - "http.title:\"Oracle Commerce\"" - http.title:"oracle commerce" - cpe:"cpe:2.3:a:oracle:commerce" fofa-query: title="oracle commerce" diff --git a/http/exposed-panels/oracle-business-intelligence.yaml b/http/exposed-panels/oracle-business-intelligence.yaml index 7656dfad6c9..525bc7871e2 100644 --- a/http/exposed-panels/oracle-business-intelligence.yaml +++ b/http/exposed-panels/oracle-business-intelligence.yaml @@ -16,7 +16,9 @@ info: max-request: 3 vendor: oracle product: "business_intelligence" - shodan-query: http.title:"oracle business intelligence sign in" + shodan-query: + - "http.title:\"Oracle Business Intelligence Sign In\"" + - http.title:"oracle business intelligence sign in" fofa-query: title="oracle business intelligence sign in" google-query: intitle:"oracle business intelligence sign in" tags: panel,oracle,login,detect diff --git a/http/exposed-panels/oracle-ebusiness-panel.yaml b/http/exposed-panels/oracle-ebusiness-panel.yaml index 5d5470d7cc9..4c757cea225 100644 --- a/http/exposed-panels/oracle-ebusiness-panel.yaml +++ b/http/exposed-panels/oracle-ebusiness-panel.yaml @@ -15,13 +15,7 @@ info: max-request: 1 vendor: oracle product: e-business_suite - shodan-query: - - http.html:"oracle uix" - - http.title:"login" "x-oracle-dms-ecid" 200 - fofa-query: - - body="oracle uix" - - title="login" "x-oracle-dms-ecid" 200 - google-query: intitle:"login" "x-oracle-dms-ecid" 200 + shodan-query: http.html:"Oracle UIX" tags: panel,oracle,login,detect http: diff --git a/http/exposed-panels/oracle-integrated-manager.yaml b/http/exposed-panels/oracle-integrated-manager.yaml index 93e531bef42..c066c45ffeb 100644 --- a/http/exposed-panels/oracle-integrated-manager.yaml +++ b/http/exposed-panels/oracle-integrated-manager.yaml @@ -11,11 +11,9 @@ info: cpe: cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: oracle + shodan-query: http.title:"Oracle(R) Integrated Lights Out Manager" product: integrated_lights_out_manager_firmware - shodan-query: http.title:"oracle(r) integrated lights out manager" - fofa-query: title="oracle(r) integrated lights out manager" - google-query: intitle:"oracle(r) integrated lights out manager" + vendor: oracle tags: oracle,login,panel http: diff --git a/http/exposed-panels/oracle-people-enterprise.yaml b/http/exposed-panels/oracle-people-enterprise.yaml index 3a81ee5a224..7f812d05a6f 100644 --- a/http/exposed-panels/oracle-people-enterprise.yaml +++ b/http/exposed-panels/oracle-people-enterprise.yaml @@ -13,7 +13,9 @@ info: max-request: 1 vendor: oracle product: peoplesoft_enterprise - shodan-query: http.title:"oracle peoplesoft enterprise" + shodan-query: + - http.title:"Oracle Peoplesoft Enterprise" + - http.title:"oracle peoplesoft enterprise" fofa-query: title="oracle peoplesoft enterprise" google-query: intitle:"oracle peoplesoft enterprise" tags: oracle,login,panel diff --git a/http/exposed-panels/oracle-peoplesoft-panel.yaml b/http/exposed-panels/oracle-peoplesoft-panel.yaml index 2ed1d5cc58c..564dc4c95a7 100644 --- a/http/exposed-panels/oracle-peoplesoft-panel.yaml +++ b/http/exposed-panels/oracle-peoplesoft-panel.yaml @@ -14,11 +14,10 @@ info: metadata: verified: true max-request: 12 - vendor: oracle + shodan-query: "http.title:\"Oracle PeopleSoft Sign-in\"" + fofa-query: "title=\"Oracle PeopleSoft Sign-in\"" product: peoplesoft_enterprise_peopletools - shodan-query: http.title:"oracle peoplesoft sign-in" - fofa-query: title="oracle peoplesoft sign-in" - google-query: intitle:"oracle peoplesoft sign-in" + vendor: oracle tags: oracle,peoplesoft,panel,login,detect http: diff --git a/http/exposed-panels/orchid-vms-panel.yaml b/http/exposed-panels/orchid-vms-panel.yaml index b60673ff783..efe84e87b90 100644 --- a/http/exposed-panels/orchid-vms-panel.yaml +++ b/http/exposed-panels/orchid-vms-panel.yaml @@ -13,7 +13,9 @@ info: max-request: 1 vendor: ipconfigure product: orchid_core_vms - shodan-query: http.title:"orchid core vms" + shodan-query: + - http.title:"Orchid Core VMS" + - http.title:"orchid core vms" fofa-query: title="orchid core vms" google-query: intitle:"orchid core vms" tags: panel,orchid,ipconfigure diff --git a/http/exposed-panels/osasi-panel.yaml b/http/exposed-panels/osasi-panel.yaml index a12014631e4..de742f6fd7b 100644 --- a/http/exposed-panels/osasi-panel.yaml +++ b/http/exposed-panels/osasi-panel.yaml @@ -7,9 +7,9 @@ info: description: | OSASI Login panel was discovered. metadata: + shodan-query: html:"/css/osasiasp.css" verified: true max-request: 1 - shodan-query: html:"/css/osasiasp.css" tags: osasi,panel,login,detect http: diff --git a/http/exposed-panels/osnexus-panel.yaml b/http/exposed-panels/osnexus-panel.yaml index 9385e350b37..ab647517443 100644 --- a/http/exposed-panels/osnexus-panel.yaml +++ b/http/exposed-panels/osnexus-panel.yaml @@ -12,11 +12,9 @@ info: cpe: cpe:2.3:a:osnexus:quantastor:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: osnexus + shodan-query: http.title:"OSNEXUS QuantaStor Manager" product: quantastor - shodan-query: http.title:"osnexus quantastor manager" - fofa-query: title="osnexus quantastor manager" - google-query: intitle:"osnexus quantastor manager" + vendor: osnexus tags: panel,osnexus,login http: diff --git a/http/exposed-panels/osticket-panel.yaml b/http/exposed-panels/osticket-panel.yaml index 6f883521e2b..dee7645d85f 100644 --- a/http/exposed-panels/osticket-panel.yaml +++ b/http/exposed-panels/osticket-panel.yaml @@ -15,8 +15,9 @@ info: vendor: osticket product: osticket shodan-query: - - http.html:"powered by osticket" + - http.html:"powered by osTicket" - http.title:"osticket" + - http.html:"powered by osticket" - http.title:"osticket installer" fofa-query: - body="powered by osticket" diff --git a/http/exposed-panels/osticket/osticket-install.yaml b/http/exposed-panels/osticket/osticket-install.yaml index 8977ed5973e..1ead6fea01c 100644 --- a/http/exposed-panels/osticket/osticket-install.yaml +++ b/http/exposed-panels/osticket/osticket-install.yaml @@ -16,9 +16,10 @@ info: vendor: osticket product: osticket shodan-query: - - http.title:"osticket installer" + - http.title:"osTicket Installer" - http.title:"osticket" - http.html:"powered by osticket" + - http.title:"osticket installer" fofa-query: - body="powered by osticket" - title="osticket" diff --git a/http/exposed-panels/outsystems-servicecenter-panel.yaml b/http/exposed-panels/outsystems-servicecenter-panel.yaml index 83476fcdd32..472765254af 100644 --- a/http/exposed-panels/outsystems-servicecenter-panel.yaml +++ b/http/exposed-panels/outsystems-servicecenter-panel.yaml @@ -16,7 +16,6 @@ info: vendor: outsystems product: platform_server shodan-query: "http.html:\"outsystems\"" - fofa-query: body="outsystems" tags: panel,outsystems,login,detect http: diff --git a/http/exposed-panels/paloalto-expedition-panel.yaml b/http/exposed-panels/paloalto-expedition-panel.yaml index dd7a56d62f0..fcab6480bba 100644 --- a/http/exposed-panels/paloalto-expedition-panel.yaml +++ b/http/exposed-panels/paloalto-expedition-panel.yaml @@ -11,9 +11,8 @@ info: max-request: 1 vendor: paloaltonetworks product: expedition - shodan-query: http.favicon.hash:"1499876150" - fofa-query: icon_hash=1499876150 - tags: panel,expedition,palo-alto,login,detect,paloaltonetworks + shodan-query: http.favicon.hash:1499876150 + tags: panel,expedition,palo-alto,login,detect http: - method: GET diff --git a/http/exposed-panels/pandora-fms-console.yaml b/http/exposed-panels/pandora-fms-console.yaml index 43b22e65c4a..19aec006ecf 100644 --- a/http/exposed-panels/pandora-fms-console.yaml +++ b/http/exposed-panels/pandora-fms-console.yaml @@ -15,12 +15,8 @@ info: max-request: 1 vendor: pandorafms product: pandora_fms - shodan-query: - - http.title:"pandora fms" - - http.html:"pandora fms - installation wizard" - fofa-query: - - title="pandora fms" - - body="pandora fms - installation wizard" + shodan-query: http.title:"pandora fms" + fofa-query: title="pandora fms" google-query: intitle:"pandora fms" tags: panel,edb,pandorafms diff --git a/http/exposed-panels/papercut-ng-panel.yaml b/http/exposed-panels/papercut-ng-panel.yaml index 6e6c774438e..1c22f6549f5 100644 --- a/http/exposed-panels/papercut-ng-panel.yaml +++ b/http/exposed-panels/papercut-ng-panel.yaml @@ -13,6 +13,9 @@ info: max-request: 1 vendor: papercut product: papercut_ng + google-query: + - html:'content="PaperCut' + - html:'content="papercut' shodan-query: - http.html:'content="papercut' - cpe:"cpe:2.3:a:papercut:papercut_ng" @@ -20,7 +23,6 @@ info: fofa-query: - body='content="papercut' - body="content=\"papercut\"" - google-query: html:'content="papercut' tags: panel,papercut,detect http: diff --git a/http/exposed-panels/parallels/parallels-hsphere-detect.yaml b/http/exposed-panels/parallels/parallels-hsphere-detect.yaml index 4e2ad084fe7..ad478511082 100644 --- a/http/exposed-panels/parallels/parallels-hsphere-detect.yaml +++ b/http/exposed-panels/parallels/parallels-hsphere-detect.yaml @@ -15,8 +15,9 @@ info: vendor: parallels product: h-sphere shodan-query: - - http.title:"parallels h-sphere" + - title:"Parallels H-Sphere" - http.title:"h-sphere" + - http.title:"parallels h-sphere" fofa-query: - title="h-sphere" - title="parallels h-sphere" diff --git a/http/exposed-panels/parse-dashboard.yaml b/http/exposed-panels/parse-dashboard.yaml index 15752be5049..b2ec048d5d6 100644 --- a/http/exposed-panels/parse-dashboard.yaml +++ b/http/exposed-panels/parse-dashboard.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: parseplatform product: parse-server - shodan-query: http.title:"parse dashboard" + shodan-query: + - title:"Parse Dashboard" + - http.title:"parse dashboard" fofa-query: title="parse dashboard" google-query: intitle:"parse dashboard" tags: panel,parse,exposure,parseplatform diff --git a/http/exposed-panels/passbolt-panel.yaml b/http/exposed-panels/passbolt-panel.yaml index 740838a26ac..a0f1bf8d9ca 100644 --- a/http/exposed-panels/passbolt-panel.yaml +++ b/http/exposed-panels/passbolt-panel.yaml @@ -15,9 +15,7 @@ info: max-request: 1 vendor: passbolt product: passbolt_api - shodan-query: http.title:"passbolt | open source password manager for teams" - fofa-query: title="passbolt | open source password manager for teams" - google-query: intitle:"passbolt | open source password manager for teams" + shodan-query: http.title:"Passbolt | Open source password manager for teams" tags: panel,passbolt,login http: diff --git a/http/exposed-panels/payroll-management-system-panel.yaml b/http/exposed-panels/payroll-management-system-panel.yaml index 35db3fc8332..752a786da3b 100644 --- a/http/exposed-panels/payroll-management-system-panel.yaml +++ b/http/exposed-panels/payroll-management-system-panel.yaml @@ -12,12 +12,10 @@ info: metadata: verified: true max-request: 1 - vendor: payroll_management_system_project + shodan-query: http.title:"Admin | Employee's Payroll Management System" product: payroll_management_system - shodan-query: http.title:"admin | employee's payroll management system" - fofa-query: title="admin | employee's payroll management system" - google-query: intitle:"admin | employee's payroll management system" - tags: panel,payroll,payroll_management_system_project + vendor: payroll_management_system_project + tags: panel,payroll http: - method: GET diff --git a/http/exposed-panels/pega-web-panel.yaml b/http/exposed-panels/pega-web-panel.yaml index aa4852e57eb..62e8362ca5b 100644 --- a/http/exposed-panels/pega-web-panel.yaml +++ b/http/exposed-panels/pega-web-panel.yaml @@ -18,15 +18,13 @@ info: vendor: pega product: platform shodan-query: + - title:"Pega Platform" - http.title:"pega platform" - - http.title:"pega" - fofa-query: - - title="pega platform" - - title="pega" google-query: - - inurl:"/prweb/prauth/app/default" + - inurl:"/prweb/PRAuth/app/default" - intitle:"pega platform" - - intitle:"pega" + - inurl:"/prweb/prauth/app/default" + fofa-query: title="pega platform" tags: panel,pega http: diff --git a/http/exposed-panels/pentaho-panel.yaml b/http/exposed-panels/pentaho-panel.yaml index d62368b692a..1070e9e6f32 100644 --- a/http/exposed-panels/pentaho-panel.yaml +++ b/http/exposed-panels/pentaho-panel.yaml @@ -10,10 +10,10 @@ info: cwe-id: CWE-200 metadata: max-request: 1 - vendor: hitachi - product: vantara_pentaho shodan-query: pentaho - tags: panel,pentaho,hitachi + product: vantara_pentaho + vendor: hitachi + tags: panel,pentaho http: - method: GET diff --git a/http/exposed-panels/persis-panel.yaml b/http/exposed-panels/persis-panel.yaml index 8b978dc3683..99f7cadeccb 100644 --- a/http/exposed-panels/persis-panel.yaml +++ b/http/exposed-panels/persis-panel.yaml @@ -14,11 +14,9 @@ info: metadata: verified: true max-request: 2 - vendor: persis + shodan-query: title:"Persis" product: human_resource_management_portal - shodan-query: http.title:"persis" - fofa-query: title="persis" - google-query: intitle:"persis" + vendor: persis tags: panel,persis http: diff --git a/http/exposed-panels/pfsense-login.yaml b/http/exposed-panels/pfsense-login.yaml index 9a9d4bdb188..cf42a20caf5 100644 --- a/http/exposed-panels/pfsense-login.yaml +++ b/http/exposed-panels/pfsense-login.yaml @@ -16,9 +16,13 @@ info: max-request: 1 vendor: pfsense product: pfsense - shodan-query: http.title:"pfsense - login" + shodan-query: + - http.title:"pfSense - Login" + - http.title:"pfsense - login" + google-query: + - intitle:"pfSense - Login" + - intitle:"pfsense - login" fofa-query: title="pfsense - login" - google-query: intitle:"pfsense - login" tags: panel,pfsense http: diff --git a/http/exposed-panels/phabricator-login.yaml b/http/exposed-panels/phabricator-login.yaml index 55c3bf099e0..f85b5968d28 100644 --- a/http/exposed-panels/phabricator-login.yaml +++ b/http/exposed-panels/phabricator-login.yaml @@ -13,7 +13,9 @@ info: max-request: 1 vendor: phacility product: phabricator - shodan-query: http.html:"phabricator-standard-page" + shodan-query: + - html:"phabricator-standard-page" + - http.html:"phabricator-standard-page" fofa-query: body="phabricator-standard-page" tags: panel,phabricator,phacility diff --git a/http/exposed-panels/photoprism-panel.yaml b/http/exposed-panels/photoprism-panel.yaml index b37445e177a..42cd6da414f 100644 --- a/http/exposed-panels/photoprism-panel.yaml +++ b/http/exposed-panels/photoprism-panel.yaml @@ -1,19 +1,19 @@ id: photoprism-panel -info: - name: PhotoPrism Panel - Detect - author: rxerium - severity: info - description: | - PhotoPrism Panel was Detected - reference: - - https://photoprism.app/ - metadata: - verified: true - max-request: 1 - shodan-query: http.title:PhotoPrism - tags: photoprism,panel - +info: + name: PhotoPrism Panel - Detect + author: rxerium + severity: info + description: | + PhotoPrism Panel was Detected + reference: + - https://photoprism.app/ + metadata: + verified: true + max-request: 1 + shodan-query: http.title:PhotoPrism + tags: photoprism,panel + http: - method: GET path: diff --git a/http/exposed-panels/php-mailer.yaml b/http/exposed-panels/php-mailer.yaml index f25370ce38e..870680453ef 100644 --- a/http/exposed-panels/php-mailer.yaml +++ b/http/exposed-panels/php-mailer.yaml @@ -12,12 +12,10 @@ info: metadata: verified: true max-request: 1 - vendor: phpmailer_project + shodan-query: http.title:"PHP Mailer" product: phpmailer - shodan-query: http.title:"php mailer" - fofa-query: title="php mailer" - google-query: intitle:"php mailer" - tags: panel,php,mailer,phpmailer_project + vendor: phpmailer_project + tags: panel,php,mailer http: - method: GET diff --git a/http/exposed-panels/phpcollab-panel.yaml b/http/exposed-panels/phpcollab-panel.yaml index adaab45e47a..85b9e8b68ee 100644 --- a/http/exposed-panels/phpcollab-panel.yaml +++ b/http/exposed-panels/phpcollab-panel.yaml @@ -13,7 +13,9 @@ info: max-request: 1 vendor: phpcollab product: phpcollab - shodan-query: http.title:"phpcollab" + shodan-query: + - http.title:"PhpCollab" + - http.title:"phpcollab" fofa-query: title="phpcollab" google-query: intitle:"phpcollab" tags: panel,phpcollab,login diff --git a/http/exposed-panels/phpldapadmin-panel.yaml b/http/exposed-panels/phpldapadmin-panel.yaml index 6de1cb2c1da..f58e3118cca 100644 --- a/http/exposed-panels/phpldapadmin-panel.yaml +++ b/http/exposed-panels/phpldapadmin-panel.yaml @@ -11,14 +11,8 @@ info: max-request: 3 vendor: phpldapadmin_project product: phpldapadmin - shodan-query: - - http.title:"phpldapadmin" - - http.html:"phpldapadmin" - fofa-query: - - body="phpldapadmin" - - title="phpldapadmin" - google-query: intitle:"phpldapadmin" - tags: php,phpldapadmin,panel,detect,phpldapadmin_project + shodan-query: title:"phpLDAPadmin" + tags: php,phpldapadmin,panel,detect http: - method: GET diff --git a/http/exposed-panels/phpminiadmin-panel.yaml b/http/exposed-panels/phpminiadmin-panel.yaml index cc7384f3039..d80c1ed1e26 100644 --- a/http/exposed-panels/phpminiadmin-panel.yaml +++ b/http/exposed-panels/phpminiadmin-panel.yaml @@ -15,11 +15,10 @@ info: metadata: verified: true max-request: 1 - vendor: phpminiadmin_project + shodan-query: http.html:"phpMiniAdmin" product: phpminiadmin - shodan-query: http.html:"phpminiadmin" - fofa-query: body="phpminiadmin" - tags: panel,phpminiadmin,phpminiadmin_project + vendor: phpminiadmin_project + tags: panel,phpminiadmin http: - method: GET diff --git a/http/exposed-panels/phpmyadmin-panel.yaml b/http/exposed-panels/phpmyadmin-panel.yaml index 6337b68bd49..fc281cac38e 100644 --- a/http/exposed-panels/phpmyadmin-panel.yaml +++ b/http/exposed-panels/phpmyadmin-panel.yaml @@ -10,21 +10,16 @@ info: cwe-id: CWE-200 cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:* metadata: - max-request: 15 + max-request: 14 vendor: phpmyadmin product: phpmyadmin shodan-query: - - '[http.title:"phpmyadmin http.title"phpmyadmin" http.component"phpmyadmin" cpe"cpe2.3aphpmyadminphpmyadmin"]"' - - cpe:"cpe:2.3:a:phpmyadmin:phpmyadmin" - - http.component:"phpmyadmin" - - http.html:"phpmyadmin" - - http.html:"server_databases.php" + - "http.title:phpMyAdmin" - http.title:"phpmyadmin" + - http.component:"phpmyadmin" + - cpe:"cpe:2.3:a:phpmyadmin:phpmyadmin" fofa-query: - - '[body="pma_servername" && body="4.8.4" title="phpmyadmin"]' - - body="phpmyadmin" - body="pma_servername" && body="4.8.4" - - body="server_databases.php" - title="phpmyadmin" google-query: intitle:"phpmyadmin" hunter-query: app.name="phpmyadmin"&&web.body="pma_servername"&&web.body="4.8.4" diff --git a/http/exposed-panels/phppgadmin-panel.yaml b/http/exposed-panels/phppgadmin-panel.yaml index 405e82ed366..da06997e1ff 100644 --- a/http/exposed-panels/phppgadmin-panel.yaml +++ b/http/exposed-panels/phppgadmin-panel.yaml @@ -18,7 +18,8 @@ info: vendor: phppgadmin_project product: phppgadmin shodan-query: - - http.title:"phppgadmin" + - http.title:phpPgAdmin + - http.title:phppgadmin - cpe:"cpe:2.3:a:phppgadmin_project:phppgadmin" fofa-query: title=phppgadmin google-query: intitle:phppgadmin diff --git a/http/exposed-panels/pichome-panel.yaml b/http/exposed-panels/pichome-panel.yaml index 428b89dde70..f0626a9f1fc 100644 --- a/http/exposed-panels/pichome-panel.yaml +++ b/http/exposed-panels/pichome-panel.yaml @@ -12,11 +12,10 @@ info: metadata: verified: true max-request: 2 - vendor: oaooa + shodan-query: http.favicon.hash:933976300 product: pichome - shodan-query: http.favicon.hash:"933976300" - fofa-query: icon_hash=933976300 - tags: pichome,panel,oaooa + vendor: oaooa + tags: pichome,panel http: - method: GET diff --git a/http/exposed-panels/piwigo-panel.yaml b/http/exposed-panels/piwigo-panel.yaml index ab25c259bab..41c49f1f640 100644 --- a/http/exposed-panels/piwigo-panel.yaml +++ b/http/exposed-panels/piwigo-panel.yaml @@ -14,16 +14,13 @@ info: max-request: 2 vendor: piwigo product: piwigo - shodan-query: - - http.favicon.hash:"540706145" - - http.html:"- installation" - - http.html:"piwigo" html:"- installation" + shodan-query: http.favicon.hash:540706145 fofa-query: - title="piwigo" - icon_hash=540706145 - - body="- installation" - - body="piwigo" html:"- installation" - google-query: powered by piwigo + google-query: + - Powered by Piwigo + - powered by piwigo tags: panel,piwigo,detect http: diff --git a/http/exposed-panels/planet-estream-panel.yaml b/http/exposed-panels/planet-estream-panel.yaml index 43926c7064b..53e63e6c84e 100644 --- a/http/exposed-panels/planet-estream-panel.yaml +++ b/http/exposed-panels/planet-estream-panel.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: planetestream product: planet_estream - shodan-query: http.title:"login - planet estream" + shodan-query: + - title:"Login - Planet eStream" + - http.title:"login - planet estream" fofa-query: title="login - planet estream" google-query: intitle:"login - planet estream" tags: panel,planet,estream,planetestream diff --git a/http/exposed-panels/plesk-obsidian-login.yaml b/http/exposed-panels/plesk-obsidian-login.yaml index 71199b31409..0f84395613f 100644 --- a/http/exposed-panels/plesk-obsidian-login.yaml +++ b/http/exposed-panels/plesk-obsidian-login.yaml @@ -15,6 +15,7 @@ info: vendor: plesk product: obsidian shodan-query: + - http.html:"Plesk Obsidian" - http.html:"plesk obsidian" - http.title:"plesk obsidian" fofa-query: diff --git a/http/exposed-panels/plesk-onyx-login.yaml b/http/exposed-panels/plesk-onyx-login.yaml index a047b68a719..edae0eb59c6 100644 --- a/http/exposed-panels/plesk-onyx-login.yaml +++ b/http/exposed-panels/plesk-onyx-login.yaml @@ -18,12 +18,12 @@ info: vendor: plesk product: onyx shodan-query: + - http.html:"Plesk Onyx" http.html:"plesk-build" - http.html:"plesk onyx" http.html:"plesk-build" - - http.html:"plesk-build" - fofa-query: - - body="plesk onyx" http.html:"plesk-build" - - body="plesk-build" - google-query: inurl:login_up.php "plesk onyx" + google-query: + - inurl:login_up.php "Plesk Onyx" + - inurl:login_up.php "plesk onyx" + fofa-query: body="plesk onyx" http.html:"plesk-build" tags: panel,plesk,login,edb http: diff --git a/http/exposed-panels/polarion-siemens-panel.yaml b/http/exposed-panels/polarion-siemens-panel.yaml index f360d633070..1319830846d 100644 --- a/http/exposed-panels/polarion-siemens-panel.yaml +++ b/http/exposed-panels/polarion-siemens-panel.yaml @@ -10,8 +10,9 @@ info: - https://polarion.plm.automation.siemens.com/ metadata: verified: true - max-request: 1 - shodan-query: '[http.favicon.hash:-1135703796 http.favicon.hash:707299418]' + shodan-query: + - http.favicon.hash:-1135703796 + - http.favicon.hash:707299418 tags: polarion,siemens,login,panel,detect http: diff --git a/http/exposed-panels/portainer-panel.yaml b/http/exposed-panels/portainer-panel.yaml index 1e0ff54b234..dd11dc4d740 100644 --- a/http/exposed-panels/portainer-panel.yaml +++ b/http/exposed-panels/portainer-panel.yaml @@ -13,7 +13,9 @@ info: max-request: 2 vendor: portainer product: portainer - shodan-query: http.title:"portainer" + shodan-query: + - title:"Portainer" + - http.title:"portainer" fofa-query: title="portainer" google-query: intitle:"portainer" tags: panel,portainer,detect diff --git a/http/exposed-panels/posteio-admin-panel.yaml b/http/exposed-panels/posteio-admin-panel.yaml index 931ec88b762..24367264ac6 100644 --- a/http/exposed-panels/posteio-admin-panel.yaml +++ b/http/exposed-panels/posteio-admin-panel.yaml @@ -12,14 +12,8 @@ info: max-request: 1 vendor: analogic product: poste.io - shodan-query: - - http.title:"administration login" html:"posteadmin console" - fofa-query: body="admin console" + shodan-query: html:"Admin Console" tags: exposure,filestash,config http: diff --git a/http/exposures/configs/ftp-credentials-exposure.yaml b/http/exposures/configs/ftp-credentials-exposure.yaml index 5e41b3e8306..3b862cd6649 100644 --- a/http/exposures/configs/ftp-credentials-exposure.yaml +++ b/http/exposures/configs/ftp-credentials-exposure.yaml @@ -13,11 +13,10 @@ info: metadata: verified: true max-request: 1 - vendor: wftpserver - product: wing_ftp_server google-query: inurl:"/ftpsync.settings" - shodan-query: wing ftp server - tags: config,ftp,exposure,wftpserver + product: wing_ftp_server + vendor: wftpserver + tags: config,ftp,exposure http: - method: GET diff --git a/http/exposures/configs/gcloud-config-default.yaml b/http/exposures/configs/gcloud-config-default.yaml index 702a7062c65..b822ea247e3 100644 --- a/http/exposures/configs/gcloud-config-default.yaml +++ b/http/exposures/configs/gcloud-config-default.yaml @@ -14,12 +14,9 @@ info: metadata: verified: true max-request: 2 - vendor: google + shodan-query: html:"access_tokens.db" product: cloud_platform - shodan-query: - - http.html:"access_tokens.db" - - cpe:"cpe:2.3:a:google:cloud_platform" - fofa-query: body="access_tokens.db" + vendor: google tags: google,cloud,devops,exposure http: diff --git a/http/exposures/configs/jkstatus-manager.yaml b/http/exposures/configs/jkstatus-manager.yaml index 8ddbea33710..55a296f7443 100644 --- a/http/exposures/configs/jkstatus-manager.yaml +++ b/http/exposures/configs/jkstatus-manager.yaml @@ -15,22 +15,8 @@ info: max-request: 8 vendor: apache product: tomcat - shodan-query: - - http.html:"jk status manager" - - cpe:"cpe:2.3:a:apache:tomcat" - - http.component:"apache tomcat" - - http.html:"apache tomcat" - - http.title:"apache tomcat" - - product:"tomcat" - fofa-query: - - body="apache tomcat" - - body="jk status manager" - - server=="apache tomcat" - - title="apache tomcat" - google-query: - - intitle:"apache tomcat" - - site:*/examples/jsp/snp/snoop.jsp - tags: config,jk,status,exposure,apache + shodan-query: html:"JK Status Manager" + tags: config,jk,status,exposure http: - method: GET diff --git a/http/exposures/configs/karma-config-js.yaml b/http/exposures/configs/karma-config-js.yaml index ca17db709e1..8000ff111a8 100644 --- a/http/exposures/configs/karma-config-js.yaml +++ b/http/exposures/configs/karma-config-js.yaml @@ -13,11 +13,10 @@ info: metadata: verified: true max-request: 2 - vendor: karma_project + shodan-query: html:"karma.conf.js" product: karma - shodan-query: http.html:"karma.conf.js" - fofa-query: body="karma.conf.js" - tags: config,exposure,devops,karma_project + vendor: karma_project + tags: config,exposure,devops http: - method: GET diff --git a/http/exposures/configs/magento-config-disclosure.yaml b/http/exposures/configs/magento-config-disclosure.yaml index 84aef88256e..dbac5cbd973 100644 --- a/http/exposures/configs/magento-config-disclosure.yaml +++ b/http/exposures/configs/magento-config-disclosure.yaml @@ -16,13 +16,9 @@ info: metadata: verified: true max-request: 3 - vendor: magento + shodan-query: http.component:"Magento" product: magento - shodan-query: - - http.component:"magento" - - cpe:"cpe:2.3:a:magento:magento" - - http.html:"magento installation" - fofa-query: body="magento installation" + vendor: magento tags: magento,exposure,credential,config http: diff --git a/http/exposures/configs/mercurial-hgignore.yaml b/http/exposures/configs/mercurial-hgignore.yaml index a90a0144a07..6bb04faecf7 100644 --- a/http/exposures/configs/mercurial-hgignore.yaml +++ b/http/exposures/configs/mercurial-hgignore.yaml @@ -15,14 +15,9 @@ info: metadata: verified: true max-request: 1 - vendor: mercurial + shodan-query: html:"hgignore" product: mercurial - shodan-query: - - http.html:"hgignore" - - http.html:"mercurial repositories index" - fofa-query: - - body="hgignore" - - body="mercurial repositories index" + vendor: mercurial tags: exposure,hgignore,config,mercurial http: diff --git a/http/exposures/configs/neo4j-neodash-config.yaml b/http/exposures/configs/neo4j-neodash-config.yaml index 9280355e40f..80fbca516f6 100644 --- a/http/exposures/configs/neo4j-neodash-config.yaml +++ b/http/exposures/configs/neo4j-neodash-config.yaml @@ -9,10 +9,10 @@ info: classification: cpe: cpe:2.3:a:neo4j:*:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 1 + verified: true vendor: neo4j - product: "*" + product: neodash shodan-query: title:"NeoDash" tags: config,exposure,neodash,neo4j diff --git a/http/exposures/configs/ovpn-config-exposed.yaml b/http/exposures/configs/ovpn-config-exposed.yaml index 19fc166f8d4..04d16ea1ba0 100644 --- a/http/exposures/configs/ovpn-config-exposed.yaml +++ b/http/exposures/configs/ovpn-config-exposed.yaml @@ -11,18 +11,10 @@ info: metadata: verified: true max-request: 1 - vendor: openvpn + shodan-query: http.title:"OVPN Config Download" product: connect - shodan-query: - - http.title:"ovpn config download" - - http.title:"openvpn connect" - fofa-query: - - title="openvpn connect" - - title="ovpn config download" - google-query: - - intitle:"openvpn connect" - - intitle:"ovpn config download" - tags: config,ovpn,exposure,openvpn + vendor: openvpn + tags: config,ovpn,exposure http: - method: GET diff --git a/http/exposures/configs/phpinfo-files.yaml b/http/exposures/configs/phpinfo-files.yaml index 10ed7d63336..1803834784b 100644 --- a/http/exposures/configs/phpinfo-files.yaml +++ b/http/exposures/configs/phpinfo-files.yaml @@ -10,7 +10,7 @@ info: classification: cwe-id: CWE-200 metadata: - max-request: 27 + max-request: 25 tags: config,exposure,phpinfo http: diff --git a/http/exposures/configs/phpsys-info.yaml b/http/exposures/configs/phpsys-info.yaml index aeb6f40606e..a26d6d8b3c6 100644 --- a/http/exposures/configs/phpsys-info.yaml +++ b/http/exposures/configs/phpsys-info.yaml @@ -14,8 +14,7 @@ info: max-request: 1 vendor: phpsysinfo product: phpsysinfo - shodan-query: http.html:"phpsysinfo" - fofa-query: body="phpsysinfo" + shodan-query: html:"phpSysInfo" tags: config,exposure,phpsysinfo http: diff --git a/http/exposures/configs/rakefile-disclosure.yaml b/http/exposures/configs/rakefile-disclosure.yaml index 7d6b4025743..c0fa3773803 100644 --- a/http/exposures/configs/rakefile-disclosure.yaml +++ b/http/exposures/configs/rakefile-disclosure.yaml @@ -15,15 +15,8 @@ info: max-request: 1 vendor: ruby-lang product: ruby - shodan-query: - - http.html:"rakefile" - - cpe:"cpe:2.3:a:ruby-lang:ruby" - - http.title:"index of" "environment.rb" - google-query: intitle:"index of" "environment.rb" - fofa-query: - - body="rakefile" - - title="index of" "environment.rb" - tags: devops,exposure,rakefile,config,ruby,rails,ruby-lang + shodan-query: html:"Rakefile" + tags: devops,exposure,rakefile,config,ruby,rails http: - method: GET diff --git a/http/exposures/configs/redis-config.yaml b/http/exposures/configs/redis-config.yaml index 73613b2e578..9f521f3cfb2 100644 --- a/http/exposures/configs/redis-config.yaml +++ b/http/exposures/configs/redis-config.yaml @@ -15,16 +15,9 @@ info: metadata: verified: true max-request: 1 - vendor: redis + shodan-query: html:"redis.conf" product: redis - shodan-query: - - http.html:"redis.conf" - - http.html:"redis.exceptions.connectionerror" - - redis - - redis_version - fofa-query: - - body="redis.conf" - - body="redis.exceptions.connectionerror" + vendor: redis tags: redis,exposure,config http: diff --git a/http/exposures/configs/rubocop-config.yaml b/http/exposures/configs/rubocop-config.yaml index b88852ac772..078b629d258 100644 --- a/http/exposures/configs/rubocop-config.yaml +++ b/http/exposures/configs/rubocop-config.yaml @@ -16,11 +16,10 @@ info: metadata: verified: true max-request: 1 - vendor: rubocop_project + shodan-query: html:"rubocop.yml" product: rubocop - shodan-query: http.html:"rubocop.yml" - fofa-query: body="rubocop.yml" - tags: exposure,files,config,ruby,rubocop_project + vendor: rubocop_project + tags: exposure,files,config,ruby http: - method: GET diff --git a/http/exposures/configs/sftp-credentials-exposure.yaml b/http/exposures/configs/sftp-credentials-exposure.yaml index 49f60e90cf2..e3ef535b8ca 100644 --- a/http/exposures/configs/sftp-credentials-exposure.yaml +++ b/http/exposures/configs/sftp-credentials-exposure.yaml @@ -17,10 +17,10 @@ info: metadata: verified: true max-request: 2 - vendor: southrivertech - product: titan_sftp_server github-query: filename:sftp-config.json - tags: sftp,config,exposure,southrivertech + product: titan_sftp_server + vendor: southrivertech + tags: sftp,config,exposure http: - method: GET diff --git a/http/exposures/configs/svnserve-config.yaml b/http/exposures/configs/svnserve-config.yaml index f03bd9063a5..b8da18d872e 100644 --- a/http/exposures/configs/svnserve-config.yaml +++ b/http/exposures/configs/svnserve-config.yaml @@ -14,19 +14,10 @@ info: metadata: verified: true max-request: 1 - vendor: apache + google-query: intext:"configuration of the svnserve daemon" product: subversion - google-query: - - intext:"configuration of the svnserve daemon" - - intitle:"index of" "wc.db" - shodan-query: - - cpe:"cpe:2.3:a:apache:subversion" - - http.html:"configuration of the svnserve daemon" - - http.title:"index of" "wc.db" - fofa-query: - - body="configuration of the svnserve daemon" - - title="index of" "wc.db" - tags: config,exposure,svnserve,apache + vendor: apache + tags: config,exposure,svnserve http: - method: GET diff --git a/http/exposures/configs/symfony-profiler.yaml b/http/exposures/configs/symfony-profiler.yaml index 3a228a043ff..918d14c106d 100644 --- a/http/exposures/configs/symfony-profiler.yaml +++ b/http/exposures/configs/symfony-profiler.yaml @@ -13,25 +13,11 @@ info: cpe: cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 19 - vendor: sensiolabs + max-request: 2 + shodan-query: http.html:"symfony Profiler" product: symfony - shodan-query: - - http.html:"symfony profiler" - - cpe:"cpe:2.3:a:sensiolabs:symfony" - - http.title:"index of" "properties.ini" - - http.title:"index of" "security.yml" - - http.title:"welcome to symfony" - google-query: - - intitle:"index of" "properties.ini" - - intitle:"index of" "security.yml" - - intitle:"welcome to symfony" - fofa-query: - - body="symfony profiler" - - title="index of" "properties.ini" - - title="index of" "security.yml" - - title="welcome to symfony" - tags: config,exposure,symfony,sensiolabs + vendor: sensiolabs + tags: config,exposure,symfony http: - method: GET diff --git a/http/exposures/configs/vbulletin-path-disclosure.yaml b/http/exposures/configs/vbulletin-path-disclosure.yaml index 55499989ded..8c8ec4a5726 100644 --- a/http/exposures/configs/vbulletin-path-disclosure.yaml +++ b/http/exposures/configs/vbulletin-path-disclosure.yaml @@ -11,23 +11,9 @@ info: metadata: verified: true max-request: 11 - vendor: vbulletin + shodan-query: "title:\"vBulletin\"" product: vbulletin - shodan-query: - - http.title:"vbulletin" - - cpe:"cpe:2.3:a:vbulletin:vbulletin" - - http.component:"vbulletin" - - http.html:"powered by vbulletin" - - http.title:"powered by vbulletin" - google-query: - - intext:"powered by vbulletin" - - intitle:"powered by vbulletin" - - intitle:"vbulletin" - fofa-query: - - app="vbulletin" - - body="powered by vbulletin" - - title="powered by vbulletin" - - title="vbulletin" + vendor: vbulletin tags: config,exposure,fpd,vbulletin flow: http(1) && http(2) diff --git a/http/exposures/configs/webpack-config.yaml b/http/exposures/configs/webpack-config.yaml index ffaf7ba7c27..1d8cbab7c89 100644 --- a/http/exposures/configs/webpack-config.yaml +++ b/http/exposures/configs/webpack-config.yaml @@ -12,15 +12,10 @@ info: cpe: cpe:2.3:a:webpack.js:webpack:*:*:*:*:node.js:*:*:* metadata: max-request: 1 - vendor: webpack.js + shodan-query: html:"webpack.config.js" product: webpack - shodan-query: - - http.html:"webpack.config.js" - - http.html:"webpack.mix.js" - fofa-query: - - body="webpack.config.js" - - body="webpack.mix.js" - tags: config,exposure,webpack.js + vendor: webpack.js + tags: config,exposure http: - method: GET diff --git a/http/exposures/configs/wgetrc-config.yaml b/http/exposures/configs/wgetrc-config.yaml index 28f10a0f932..1e0bd30836b 100644 --- a/http/exposures/configs/wgetrc-config.yaml +++ b/http/exposures/configs/wgetrc-config.yaml @@ -14,11 +14,10 @@ info: metadata: verified: true max-request: 2 - vendor: gnu + shodan-query: html:".wgetrc" product: wget - shodan-query: http.html:".wgetrc" - fofa-query: body=".wgetrc" - tags: devops,exposure,gnu + vendor: gnu + tags: devops,exposure http: - method: GET diff --git a/http/exposures/configs/yii-debugger.yaml b/http/exposures/configs/yii-debugger.yaml index 6ffb96027ac..ce3695be9be 100644 --- a/http/exposures/configs/yii-debugger.yaml +++ b/http/exposures/configs/yii-debugger.yaml @@ -14,14 +14,8 @@ info: max-request: 6 vendor: yii_software product: yii - shodan-query: - - http.title:"yii debugger" - - http.html:"yii\base\errorexception" - fofa-query: - - body="yii\base\errorexception" - - title="yii debugger" - google-query: intitle:"yii debugger" - tags: yii,debug,exposure,yii_software + shodan-query: title:"Yii Debugger" + tags: yii,debug,exposure http: - method: GET diff --git a/http/exposures/files/adcs-certificate.yaml b/http/exposures/files/adcs-certificate.yaml index 94501e0caff..fa8bd6fbc71 100644 --- a/http/exposures/files/adcs-certificate.yaml +++ b/http/exposures/files/adcs-certificate.yaml @@ -8,7 +8,6 @@ info: Web Enrollment is a service that can be installed on an AD CS server to allow users and computers in an Active Directory domain to request a certificate through an interactive web page. metadata: verified: true - max-request: 2 shodan-query: html:"/certenroll" tags: ad,adcs,exposure,files diff --git a/http/exposures/files/angular-json.yaml b/http/exposures/files/angular-json.yaml index 2e05de3be30..669ce048b45 100644 --- a/http/exposures/files/angular-json.yaml +++ b/http/exposures/files/angular-json.yaml @@ -12,12 +12,8 @@ info: vendor: angularjs product: angular shodan-query: - - http.html:"angular.json" - - http.html:"angular-cli.json" - - cpe:"cpe:2.3:a:angularjs:angular" - fofa-query: - - body="angular-cli.json" - - body="angular.json" + - html:"angular.json" + - html:"angular-cli.json" tags: exposure,angularjs,files http: diff --git a/http/exposures/files/azure-pipelines-exposed.yaml b/http/exposures/files/azure-pipelines-exposed.yaml index 34a4abe0c53..cb250b71ea1 100644 --- a/http/exposures/files/azure-pipelines-exposed.yaml +++ b/http/exposures/files/azure-pipelines-exposed.yaml @@ -12,8 +12,7 @@ info: max-request: 2 vendor: microsoft product: azure_pipelines_agent - shodan-query: http.html:"azure-pipelines.yml" - fofa-query: body="azure-pipelines.yml" + shodan-query: html:"azure-pipelines.yml" tags: config,exposure,azure,microsoft,cloud,devops,files http: diff --git a/http/exposures/files/bitbucket-pipelines.yaml b/http/exposures/files/bitbucket-pipelines.yaml index 28bfd57a8fd..c5ea0deeb95 100644 --- a/http/exposures/files/bitbucket-pipelines.yaml +++ b/http/exposures/files/bitbucket-pipelines.yaml @@ -11,12 +11,8 @@ info: max-request: 1 vendor: atlassian product: bitbucket - shodan-query: - - http.html:"bitbucket-pipelines.yml" - - cpe:"cpe:2.3:a:atlassian:bitbucket" - - http.component:"bitbucket" - fofa-query: body="bitbucket-pipelines.yml" - tags: exposure,bitbucket,devops,cicd,files,atlassian + shodan-query: html:"bitbucket-pipelines.yml" + tags: exposure,bitbucket,devops,cicd,files http: - method: GET diff --git a/http/exposures/files/cargo-toml-file.yaml b/http/exposures/files/cargo-toml-file.yaml index 1804382fd7d..806cf8e38d6 100644 --- a/http/exposures/files/cargo-toml-file.yaml +++ b/http/exposures/files/cargo-toml-file.yaml @@ -13,9 +13,8 @@ info: max-request: 1 vendor: rust-lang product: cargo - shodan-query: http.html:"cargo.toml" - fofa-query: body="cargo.toml" - tags: exposure,files,cargo,rust-lang + shodan-query: html:"Cargo.toml" + tags: exposure,files,cargo http: - method: GET diff --git a/http/exposures/files/cold-fusion-cfcache-map.yaml b/http/exposures/files/cold-fusion-cfcache-map.yaml index dcf906a6f74..307bb2683ad 100644 --- a/http/exposures/files/cold-fusion-cfcache-map.yaml +++ b/http/exposures/files/cold-fusion-cfcache-map.yaml @@ -13,14 +13,7 @@ info: max-request: 1 vendor: adobe product: coldfusion - shodan-query: - - http.component:"adobe coldfusion" - - cpe:"cpe:2.3:a:adobe:coldfusion" - - http.title:"coldfusion administrator login" - fofa-query: - - app="adobe-coldfusion" - - title="coldfusion administrator login" - google-query: intitle:"coldfusion administrator login" + shodan-query: http.component:"Adobe ColdFusion" tags: exposure,coldfusion,adobe,files http: diff --git a/http/exposures/files/composer-auth-json.yaml b/http/exposures/files/composer-auth-json.yaml index f28c2d9b02a..45cbd123f16 100644 --- a/http/exposures/files/composer-auth-json.yaml +++ b/http/exposures/files/composer-auth-json.yaml @@ -14,9 +14,7 @@ info: vendor: getcomposer product: composer google-query: intext:"index of /" ".composer-auth.json" - shodan-query: http.html:"index of /" ".composer-auth.json" - fofa-query: body="index of /" ".composer-auth.json" - tags: exposure,devops,files,getcomposer + tags: exposure,devops,files http: - method: GET diff --git a/http/exposures/files/django-secret-key.yaml b/http/exposures/files/django-secret-key.yaml index 70cb71e7d8a..186dc5d5fd7 100644 --- a/http/exposures/files/django-secret-key.yaml +++ b/http/exposures/files/django-secret-key.yaml @@ -14,17 +14,9 @@ info: max-request: 7 vendor: djangoproject product: django - shodan-query: - - http.html:"settings.py" - - cpe:"cpe:2.3:a:djangoproject:django" - - cpe:"cpe:2.3:a:djangoproject:django" || http.title:"django administration" - - http.title:"the install worked successfully! congratulations!" + shodan-query: html:settings.py comments: 'This template downloads the manage.py file to check whether it contains line such as: `os.environ.setdefault("DJANGO_SETTINGS_MODULE", "APP_NAME.settings")` if it does, we extract the APP_NAME to know in what folder to look for the settings.py file.' - fofa-query: - - body=settings.py - - title="the install worked successfully! congratulations!" - google-query: intitle:"the install worked successfully! congratulations!" - tags: django,exposure,files,djangoproject + tags: django,exposure,files http: - method: GET diff --git a/http/exposures/files/environment-rb.yaml b/http/exposures/files/environment-rb.yaml index d87bb1d78ae..00e40cc893e 100644 --- a/http/exposures/files/environment-rb.yaml +++ b/http/exposures/files/environment-rb.yaml @@ -13,14 +13,7 @@ info: vendor: ruby-lang product: ruby google-query: intitle:"index of" "environment.rb" - shodan-query: - - cpe:"cpe:2.3:a:ruby-lang:ruby" - - http.html:"rakefile" - - http.title:"index of" "environment.rb" - fofa-query: - - body="rakefile" - - title="index of" "environment.rb" - tags: ruby,devops,exposure,files,ruby-lang + tags: ruby,devops,exposure,files http: - method: GET diff --git a/http/exposures/files/get-access-token-json.yaml b/http/exposures/files/get-access-token-json.yaml index 22ff664b8ed..230aaca1938 100644 --- a/http/exposures/files/get-access-token-json.yaml +++ b/http/exposures/files/get-access-token-json.yaml @@ -13,9 +13,7 @@ info: vendor: constantcontact product: constant_contact_forms google-query: intitle:"index of" "get_access_token.json" - shodan-query: http.title:"index of" "get_access_token.json" - fofa-query: title="index of" "get_access_token.json" - tags: exposure,files,constantcontact + tags: exposure,files http: - method: GET diff --git a/http/exposures/files/git-mailmap.yaml b/http/exposures/files/git-mailmap.yaml index 06b9818aed5..89c15898f48 100644 --- a/http/exposures/files/git-mailmap.yaml +++ b/http/exposures/files/git-mailmap.yaml @@ -13,10 +13,8 @@ info: max-request: 1 vendor: git-scm product: git - shodan-query: - - http.html:"mailmap" - - x-jenkins - tags: config,exposure,git,mailmap,files,git-scm + shodan-query: html:mailmap + tags: config,exposure,git,mailmap,files http: - method: GET diff --git a/http/exposures/files/gitlab-ci-yml.yaml b/http/exposures/files/gitlab-ci-yml.yaml index 517b74cf9c2..c3cca0f42c9 100644 --- a/http/exposures/files/gitlab-ci-yml.yaml +++ b/http/exposures/files/gitlab-ci-yml.yaml @@ -14,19 +14,10 @@ info: cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 3 + max-request: 2 vendor: gitlab product: gitlab - shodan-query: - - http.html:"gitlab-ci.yml" - - cpe:"cpe:2.3:a:gitlab:gitlab" - - http.html:"gitlab enterprise edition" - - http.title:"gitlab" - fofa-query: - - body="gitlab enterprise edition" - - body="gitlab-ci.yml" - - title="gitlab" - google-query: intitle:"gitlab" + shodan-query: html:"gitlab-ci.yml" tags: exposure,config,cicd,gitlab http: diff --git a/http/exposures/files/go-mod-disclosure.yaml b/http/exposures/files/go-mod-disclosure.yaml index 3a0f9cd0372..8a0e58b4a44 100644 --- a/http/exposures/files/go-mod-disclosure.yaml +++ b/http/exposures/files/go-mod-disclosure.yaml @@ -12,10 +12,8 @@ info: max-request: 1 vendor: golang product: go - shodan-query: - - http.html:"go.mod" - - cpe:"cpe:2.3:a:golang:go" - tags: exposure,files,go,golang + shodan-query: html:"go.mod" + tags: exposure,files,go http: - method: GET diff --git a/http/exposures/files/npm-cli-metrics-json.yaml b/http/exposures/files/npm-cli-metrics-json.yaml index 0b02be15f65..a525adab17f 100644 --- a/http/exposures/files/npm-cli-metrics-json.yaml +++ b/http/exposures/files/npm-cli-metrics-json.yaml @@ -12,16 +12,8 @@ info: max-request: 2 vendor: npmjs product: npm - shodan-query: - - http.html:"anonymous-cli-metrics.json" - - http.html:"npm-debug.log" - - http.html:"npm-shrinkwrap.json" - fofa-query: - - body="anonymous-cli-metrics.json" - - body="npm-debug.log" - - body="npm-shrinkwrap.json" - github-query: filename:npm-debug.log - tags: npm,devops,exposure,files,npmjs + shodan-query: html:"anonymous-cli-metrics.json" + tags: npm,devops,exposure,files http: - method: GET diff --git a/http/exposures/files/npm-shrinkwrap-exposure.yaml b/http/exposures/files/npm-shrinkwrap-exposure.yaml index 6b69a488d46..e265216e2dc 100644 --- a/http/exposures/files/npm-shrinkwrap-exposure.yaml +++ b/http/exposures/files/npm-shrinkwrap-exposure.yaml @@ -15,16 +15,8 @@ info: max-request: 1 vendor: npmjs product: npm - shodan-query: - - http.html:"npm-shrinkwrap.json" - - http.html:"anonymous-cli-metrics.json" - - http.html:"npm-debug.log" - fofa-query: - - body="anonymous-cli-metrics.json" - - body="npm-debug.log" - - body="npm-shrinkwrap.json" - github-query: filename:npm-debug.log - tags: config,exposure,npm,files,node,npmjs + shodan-query: html:"npm-shrinkwrap.json" + tags: config,exposure,npm,files,node http: - method: GET diff --git a/http/exposures/files/nuget-package-config.yaml b/http/exposures/files/nuget-package-config.yaml index 4a3d5d6d481..58b1aa91906 100644 --- a/http/exposures/files/nuget-package-config.yaml +++ b/http/exposures/files/nuget-package-config.yaml @@ -14,9 +14,8 @@ info: max-request: 2 vendor: microsoft product: nuget - shodan-query: http.html:"packages.config" - fofa-query: body="packages.config" - tags: exposure,sass,devops,cicd,nuget,files,microsoft + shodan-query: html:"packages.config" + tags: exposure,sass,devops,cicd,nuget,files http: - method: GET diff --git a/http/exposures/files/oracle-test-cgi.yaml b/http/exposures/files/oracle-test-cgi.yaml index ffcd643e988..47525f02ac9 100644 --- a/http/exposures/files/oracle-test-cgi.yaml +++ b/http/exposures/files/oracle-test-cgi.yaml @@ -11,24 +11,7 @@ info: max-request: 1 vendor: oracle product: http_server - shodan-query: - - http.title:"oracle application server" - - apache 2.4.49 - - cpe:"cpe:2.3:a:apache:http_server" - - http.title:"apache http server test page powered by centos" - - http.title:"apache+default","apache+http+server+test","apache2+it+works" - - http.title:"apache2 debian default page:" - - http.title:"test page for the ssl/tls-aware apache installation on web site" - fofa-query: - - title="apache http server test page powered by centos" - - title="apache+default","apache+http+server+test","apache2+it+works" - - title="apache2 debian default page:" - - title="test page for the ssl/tls-aware apache installation on web site" - google-query: - - intitle:"apache http server test page powered by centos" - - intitle:"apache+default","apache+http+server+test","apache2+it+works" - - intitle:"apache2 debian default page:" - - intitle:"test page for the ssl/tls-aware apache installation on web site" + shodan-query: title:"Oracle Application Server" tags: oracle,exposure http: diff --git a/http/exposures/files/php-ini.yaml b/http/exposures/files/php-ini.yaml index 1359a7c4ecb..44f8fbb9677 100644 --- a/http/exposures/files/php-ini.yaml +++ b/http/exposures/files/php-ini.yaml @@ -13,15 +13,8 @@ info: max-request: 1 vendor: php product: php - shodan-query: - - php.ini - - cpe:"cpe:2.3:a:php:php" - - http.title:"php warning" || "fatal error" - - the requested resource - - x-powered-by:"php" - fofa-query: title="php warning" || "fatal error" - google-query: intitle:"php warning" || "fatal error" - tags: config,exposure,files,php + shodan-query: php.ini + tags: config,exposure,files http: - method: GET diff --git a/http/exposures/files/phpunit-result-cache-exposure.yaml b/http/exposures/files/phpunit-result-cache-exposure.yaml index a2930aca3ab..9baf9e0f9ea 100644 --- a/http/exposures/files/phpunit-result-cache-exposure.yaml +++ b/http/exposures/files/phpunit-result-cache-exposure.yaml @@ -13,7 +13,7 @@ info: vendor: phpunit_project product: phpunit shodan-query: ".phpunit.result.cache" - tags: config,exposure,devops,files,phpunit_project + tags: config,exposure,devops,files http: - method: GET diff --git a/http/exposures/files/pipeline-configuration.yaml b/http/exposures/files/pipeline-configuration.yaml index 9312c062724..c9eb3866d51 100644 --- a/http/exposures/files/pipeline-configuration.yaml +++ b/http/exposures/files/pipeline-configuration.yaml @@ -11,9 +11,8 @@ info: max-request: 1 vendor: jenkins product: pipeline\\ - shodan-query: http.html:"pipeline.yaml" - fofa-query: body="pipeline.yaml" - tags: devops,exposure,cicd,files,jenkins + shodan-query: html:"pipeline.yaml" + tags: devops,exposure,cicd,files http: - method: GET diff --git a/http/exposures/files/putty-private-key-disclosure.yaml b/http/exposures/files/putty-private-key-disclosure.yaml index 1767a1c9120..2e7cb98eec2 100644 --- a/http/exposures/files/putty-private-key-disclosure.yaml +++ b/http/exposures/files/putty-private-key-disclosure.yaml @@ -15,7 +15,7 @@ info: vendor: putty product: putty github-query: filename:putty.ppk - tags: exposure,files,putty + tags: exposure,files http: - method: GET diff --git a/http/exposures/files/redmine-config.yaml b/http/exposures/files/redmine-config.yaml index cf9d7c7a90a..383d34d6565 100644 --- a/http/exposures/files/redmine-config.yaml +++ b/http/exposures/files/redmine-config.yaml @@ -15,20 +15,9 @@ info: metadata: verified: true max-request: 3 - vendor: redmine + google-query: intitle:"index of" configuration.yml product: redmine - google-query: - - intitle:"index of" configuration.yml - - intitle:"index of" "settings.yml" - shodan-query: - - cpe:"cpe:2.3:a:redmine:redmine" - - http.html:'content="redmine' - - http.title:"index of" "settings.yml" - - http.title:"index of" configuration.yml - fofa-query: - - body='content="redmine' - - title="index of" "settings.yml" - - title="index of" configuration.yml + vendor: redmine tags: exposure,redmine,devops,edb,files http: diff --git a/http/exposures/files/redmine-settings.yaml b/http/exposures/files/redmine-settings.yaml index b7e2e594371..4bd897a484a 100644 --- a/http/exposures/files/redmine-settings.yaml +++ b/http/exposures/files/redmine-settings.yaml @@ -12,18 +12,7 @@ info: max-request: 3 vendor: redmine product: redmine - google-query: - - intitle:"index of" "settings.yml" - - intitle:"index of" configuration.yml - shodan-query: - - cpe:"cpe:2.3:a:redmine:redmine" - - http.html:'content="redmine' - - http.title:"index of" "settings.yml" - - http.title:"index of" configuration.yml - fofa-query: - - body='content="redmine' - - title="index of" "settings.yml" - - title="index of" configuration.yml + google-query: intitle:"index of" "settings.yml" tags: misconfig,redmine,devops,files,exposure http: diff --git a/http/exposures/files/ruby-rail-storage.yaml b/http/exposures/files/ruby-rail-storage.yaml index 718ec34adeb..3e1d34370b9 100644 --- a/http/exposures/files/ruby-rail-storage.yaml +++ b/http/exposures/files/ruby-rail-storage.yaml @@ -12,20 +12,8 @@ info: max-request: 4 vendor: rubyonrails product: rails - google-query: - - intitle:"index of" storage.yml - - intitle:"index of" "secret_token.rb" - - intitle:"index of" "secrets.yml" - shodan-query: - - cpe:"cpe:2.3:a:rubyonrails:rails" - - http.title:"index of" "secret_token.rb" - - http.title:"index of" "secrets.yml" - - http.title:"index of" storage.yml - fofa-query: - - title="index of" "secret_token.rb" - - title="index of" "secrets.yml" - - title="index of" storage.yml - tags: exposure,ruby,devops,files,rubyonrails + google-query: intitle:"index of" storage.yml + tags: exposure,ruby,devops,files http: - method: GET diff --git a/http/exposures/files/secret-token-rb.yaml b/http/exposures/files/secret-token-rb.yaml index 506690c03e2..4e7cd5aa75e 100644 --- a/http/exposures/files/secret-token-rb.yaml +++ b/http/exposures/files/secret-token-rb.yaml @@ -12,20 +12,8 @@ info: max-request: 3 vendor: rubyonrails product: rails - google-query: - - intitle:"index of" "secret_token.rb" - - intitle:"index of" "secrets.yml" - - intitle:"index of" storage.yml - shodan-query: - - cpe:"cpe:2.3:a:rubyonrails:rails" - - http.title:"index of" "secret_token.rb" - - http.title:"index of" "secrets.yml" - - http.title:"index of" storage.yml - fofa-query: - - title="index of" "secret_token.rb" - - title="index of" "secrets.yml" - - title="index of" storage.yml - tags: redmine,devops,exposure,ruby,files,rubyonrails + google-query: intitle:"index of" "secret_token.rb" + tags: redmine,devops,exposure,ruby,files http: - method: GET diff --git a/http/exposures/files/secrets-file.yaml b/http/exposures/files/secrets-file.yaml index e6e66d95eab..3b36b653c72 100644 --- a/http/exposures/files/secrets-file.yaml +++ b/http/exposures/files/secrets-file.yaml @@ -13,20 +13,8 @@ info: max-request: 4 vendor: rubyonrails product: rails - google-query: - - intitle:"index of" "secrets.yml" - - intitle:"index of" "secret_token.rb" - - intitle:"index of" storage.yml - shodan-query: - - cpe:"cpe:2.3:a:rubyonrails:rails" - - http.title:"index of" "secret_token.rb" - - http.title:"index of" "secrets.yml" - - http.title:"index of" storage.yml - fofa-query: - - title="index of" "secret_token.rb" - - title="index of" "secrets.yml" - - title="index of" storage.yml - tags: cloud,devops,files,exposure,misconfig,rubyonrails + google-query: intitle:"index of" "secrets.yml" + tags: cloud,devops,files,exposure,misconfig http: - method: GET diff --git a/http/exposures/files/sendgrid-env.yaml b/http/exposures/files/sendgrid-env.yaml index 4ed57ae358c..089488f05c1 100644 --- a/http/exposures/files/sendgrid-env.yaml +++ b/http/exposures/files/sendgrid-env.yaml @@ -12,8 +12,7 @@ info: max-request: 1 vendor: sendgrid product: sendgrid - shodan-query: http.html:"sendgrid.env" - fofa-query: body="sendgrid.env" + shodan-query: html:"sendgrid.env" tags: exposure,sendgrid,key,api,files http: diff --git a/http/exposures/files/service-account-credentials.yaml b/http/exposures/files/service-account-credentials.yaml index 44edb70456f..00acd9337fb 100644 --- a/http/exposures/files/service-account-credentials.yaml +++ b/http/exposures/files/service-account-credentials.yaml @@ -9,7 +9,7 @@ info: - https://x.com/KHIZER_JAVED47/status/1864473060109381690 metadata: verified: true - max-request: 3 + max-request: 2 google-query: intitle:"index of" "service-Account-Credentials.json" tags: privatekey,exposure,files diff --git a/http/exposures/files/svn-wc-db.yaml b/http/exposures/files/svn-wc-db.yaml index 522cd21504a..4f6d031f01b 100644 --- a/http/exposures/files/svn-wc-db.yaml +++ b/http/exposures/files/svn-wc-db.yaml @@ -16,17 +16,8 @@ info: max-request: 2 vendor: apache product: subversion - google-query: - - intitle:"index of" "wc.db" - - intext:"configuration of the svnserve daemon" - shodan-query: - - cpe:"cpe:2.3:a:apache:subversion" - - http.html:"configuration of the svnserve daemon" - - http.title:"index of" "wc.db" - fofa-query: - - body="configuration of the svnserve daemon" - - title="index of" "wc.db" - tags: msf,exposure,svn,config,files,apache + google-query: intitle:"index of" "wc.db" + tags: msf,exposure,svn,config,files http: - method: GET diff --git a/http/exposures/files/symfony-properties-ini.yaml b/http/exposures/files/symfony-properties-ini.yaml index 22d07bc3a27..6e9d9b6f8b8 100644 --- a/http/exposures/files/symfony-properties-ini.yaml +++ b/http/exposures/files/symfony-properties-ini.yaml @@ -11,22 +11,8 @@ info: max-request: 2 vendor: sensiolabs product: symfony - google-query: - - intitle:"index of" "properties.ini" - - intitle:"index of" "security.yml" - - intitle:"welcome to symfony" - shodan-query: - - cpe:"cpe:2.3:a:sensiolabs:symfony" - - http.html:"symfony profiler" - - http.title:"index of" "properties.ini" - - http.title:"index of" "security.yml" - - http.title:"welcome to symfony" - fofa-query: - - body="symfony profiler" - - title="index of" "properties.ini" - - title="index of" "security.yml" - - title="welcome to symfony" - tags: symfony,exposure,files,sensiolabs + google-query: intitle:"index of" "properties.ini" + tags: symfony,exposure,files http: - method: GET diff --git a/http/exposures/files/symfony-security.yaml b/http/exposures/files/symfony-security.yaml index 2f4135b9776..8b89e1a36a7 100644 --- a/http/exposures/files/symfony-security.yaml +++ b/http/exposures/files/symfony-security.yaml @@ -11,22 +11,8 @@ info: max-request: 3 vendor: sensiolabs product: symfony - google-query: - - intitle:"index of" "security.yml" - - intitle:"index of" "properties.ini" - - intitle:"welcome to symfony" - shodan-query: - - cpe:"cpe:2.3:a:sensiolabs:symfony" - - http.html:"symfony profiler" - - http.title:"index of" "properties.ini" - - http.title:"index of" "security.yml" - - http.title:"welcome to symfony" - fofa-query: - - body="symfony profiler" - - title="index of" "properties.ini" - - title="index of" "security.yml" - - title="welcome to symfony" - tags: symfony,devops,exposure,files,sensiolabs + google-query: intitle:"index of" "security.yml" + tags: symfony,devops,exposure,files http: - method: GET diff --git a/http/exposures/files/token-info-json.yaml b/http/exposures/files/token-info-json.yaml index ccfa6f51039..398d5f8797b 100644 --- a/http/exposures/files/token-info-json.yaml +++ b/http/exposures/files/token-info-json.yaml @@ -12,9 +12,7 @@ info: vendor: sample_token_project product: sample_token google-query: intitle:"index of" "token_info.json" - shodan-query: http.title:"index of" "token_info.json" - fofa-query: title="index of" "token_info.json" - tags: exposure,files,sample_token_project + tags: exposure,files http: - method: GET diff --git a/http/exposures/files/travis-ci-disclosure.yaml b/http/exposures/files/travis-ci-disclosure.yaml index 556354f6b9b..d73a6fd30b5 100644 --- a/http/exposures/files/travis-ci-disclosure.yaml +++ b/http/exposures/files/travis-ci-disclosure.yaml @@ -14,7 +14,7 @@ info: - https://www.tenable.com/plugins/was/113156 metadata: verified: true - max-request: 3 + max-request: 2 shodan-query: html:"travis.yml" tags: exposure,file,config,tenable diff --git a/http/exposures/files/uwsgi-ini.yaml b/http/exposures/files/uwsgi-ini.yaml index d8fc8e1fbf3..9148d4b2246 100644 --- a/http/exposures/files/uwsgi-ini.yaml +++ b/http/exposures/files/uwsgi-ini.yaml @@ -11,9 +11,8 @@ info: max-request: 1 vendor: unbit product: uwsgi - shodan-query: http.html:"uwsgi.ini" - fofa-query: body="uwsgi.ini" - tags: exposure,uwsgi,files,unbit + shodan-query: html:"uwsgi.ini" + tags: exposure,uwsgi,files http: - method: GET diff --git a/http/exposures/files/viminfo-disclosure.yaml b/http/exposures/files/viminfo-disclosure.yaml index 9e4d9b90477..07210b46c36 100644 --- a/http/exposures/files/viminfo-disclosure.yaml +++ b/http/exposures/files/viminfo-disclosure.yaml @@ -15,9 +15,8 @@ info: max-request: 1 vendor: vim product: vim - shodan-query: http.html:"viminfo" - fofa-query: body="viminfo" - tags: devops,exposure,viminfo,config,vim + shodan-query: html:"Viminfo" + tags: devops,exposure,viminfo,config http: - method: GET diff --git a/http/exposures/files/vscode-launch.yaml b/http/exposures/files/vscode-launch.yaml index 8c796f00ae5..8b674740558 100644 --- a/http/exposures/files/vscode-launch.yaml +++ b/http/exposures/files/vscode-launch.yaml @@ -12,7 +12,7 @@ info: verified: true max-request: 1 shodan-query: title:"index" html:".vscode" - tags: null + tags: vscode,files,debug,exposure http: - method: GET diff --git a/http/exposures/files/vscode-sftp.yaml b/http/exposures/files/vscode-sftp.yaml index e5e4c922de4..e84c381e0ec 100644 --- a/http/exposures/files/vscode-sftp.yaml +++ b/http/exposures/files/vscode-sftp.yaml @@ -13,9 +13,8 @@ info: max-request: 3 vendor: microsoft product: visual_studio_code - shodan-query: http.html:"sftp.json" - fofa-query: body="sftp.json" - tags: exposure,vscode,sftp,ssh,files,microsoft + shodan-query: html:"sftp.json" + tags: exposure,vscode,sftp,ssh,files http: - method: GET diff --git a/http/exposures/files/webpack-mix-js.yaml b/http/exposures/files/webpack-mix-js.yaml index bfbfc5d4df6..eaa46f1f7d9 100644 --- a/http/exposures/files/webpack-mix-js.yaml +++ b/http/exposures/files/webpack-mix-js.yaml @@ -11,13 +11,8 @@ info: max-request: 1 vendor: webpack.js product: webpack - shodan-query: - - http.html:"webpack.mix.js" - - http.html:"webpack.config.js" - fofa-query: - - body="webpack.config.js" - - body="webpack.mix.js" - tags: config,exposure,devops,files,webpack.js + shodan-query: html:"webpack.mix.js" + tags: config,exposure,devops,files http: - method: GET diff --git a/http/exposures/files/wordpress-readme-file.yaml b/http/exposures/files/wordpress-readme-file.yaml index 97a801c9bb8..a39a04f5f5f 100644 --- a/http/exposures/files/wordpress-readme-file.yaml +++ b/http/exposures/files/wordpress-readme-file.yaml @@ -7,12 +7,11 @@ info: metadata: verified: true max-request: 3 - vendor: wordpress - product: wordpress shodan-query: - http.component:"wordpress" - cpe:"cpe:2.3:a:wordpress:wordpress" - fofa-query: body="oembed" && body="wp-" + product: wordpress + vendor: wordpress tags: exposure,wordpress,wp,readme,files http: diff --git a/http/exposures/files/wp-cli-exposure.yaml b/http/exposures/files/wp-cli-exposure.yaml index bbca9c2a0dc..f5d15dccf05 100644 --- a/http/exposures/files/wp-cli-exposure.yaml +++ b/http/exposures/files/wp-cli-exposure.yaml @@ -11,8 +11,7 @@ info: max-request: 1 vendor: wp-cli product: wp-cli - shodan-query: http.html:"wp-cli.yml" - fofa-query: body="wp-cli.yml" + shodan-query: html:"wp-cli.yml" tags: config,exposure,wp-cli,files http: diff --git a/http/exposures/files/ws-ftp-ini.yaml b/http/exposures/files/ws-ftp-ini.yaml index bfb04a44f2c..7d1ab29811b 100644 --- a/http/exposures/files/ws-ftp-ini.yaml +++ b/http/exposures/files/ws-ftp-ini.yaml @@ -12,19 +12,8 @@ info: max-request: 1 vendor: ipswitch product: ws_ftp - google-query: - - intitle:"index of" ws_ftp.ini - - intitle:"ad hoc transfer" - - intitle:"ws_ftp server web transfer" - shodan-query: - - http.title:"ad hoc transfer" - - http.title:"ws_ftp server web transfer" - - ws_ftp port:"22" - fofa-query: - - title="ad hoc transfer" - - title="ws_ftp server web transfer" - censys-query: services.http.request.uri="*/thinclient/wtm/public/index.html" - tags: exposure,ftp,files,ipswitch + google-query: intitle:"Index of" ws_ftp.ini + tags: exposure,ftp,files http: - method: GET diff --git a/http/exposures/logs/action-controller-exception.yaml b/http/exposures/logs/action-controller-exception.yaml index 2b9caa385d8..f14338756d1 100644 --- a/http/exposures/logs/action-controller-exception.yaml +++ b/http/exposures/logs/action-controller-exception.yaml @@ -7,7 +7,7 @@ info: metadata: max-request: 1 fofa-query: 'title="Action Controller: Exception caught"' - tags: error,debug,log,exposure + tags: error,debug,log http: - method: GET diff --git a/http/exposures/logs/delphi-mvc-exception.yaml b/http/exposures/logs/delphi-mvc-exception.yaml index 22623f0db82..bda8c41d7ea 100644 --- a/http/exposures/logs/delphi-mvc-exception.yaml +++ b/http/exposures/logs/delphi-mvc-exception.yaml @@ -7,7 +7,7 @@ info: metadata: max-request: 1 fofa-query: html:"DMVCFramework Exception" - tags: error,dmvc,log,delphi,exposure + tags: error,dmvc,log,delphi http: - method: GET diff --git a/http/exposures/logs/expression-engine-exception.yaml b/http/exposures/logs/expression-engine-exception.yaml index ae2a7c140cd..2419edb95aa 100644 --- a/http/exposures/logs/expression-engine-exception.yaml +++ b/http/exposures/logs/expression-engine-exception.yaml @@ -7,7 +7,7 @@ info: metadata: max-request: 1 fofa-query: body="Exception - ExpressionEngine" - tags: error,expressionengine,log,exposure + tags: error,expressionengine,log http: - method: GET diff --git a/http/exposures/logs/fastcgi-echo.yaml b/http/exposures/logs/fastcgi-echo.yaml index d1333365d9c..2f9d2a4dd13 100644 --- a/http/exposures/logs/fastcgi-echo.yaml +++ b/http/exposures/logs/fastcgi-echo.yaml @@ -17,11 +17,7 @@ info: max-request: 1 vendor: fastcgi product: fcgi - google-query: - - inurl:fcgi-bin/echo - - intitle:"fastcgi" - shodan-query: http.title:"fastcgi" - fofa-query: title="fastcgi" + google-query: inurl:fcgi-bin/echo tags: exposure,logs,oracle,fastcgi,edb http: diff --git a/http/exposures/logs/lua-runtime-error.yaml b/http/exposures/logs/lua-runtime-error.yaml index e1bea6b1f23..e5379ffaf61 100644 --- a/http/exposures/logs/lua-runtime-error.yaml +++ b/http/exposures/logs/lua-runtime-error.yaml @@ -7,7 +7,7 @@ info: metadata: max-request: 1 fofa-query: 'title="Error 500: LUA Runtime Error"' - tags: error,lua,log,exposure + tags: error,lua,log http: - method: GET diff --git a/http/exposures/logs/mako-runtime-error.yaml b/http/exposures/logs/mako-runtime-error.yaml index 5d9cf6bc12e..d38f559a4c0 100644 --- a/http/exposures/logs/mako-runtime-error.yaml +++ b/http/exposures/logs/mako-runtime-error.yaml @@ -8,7 +8,7 @@ info: max-request: 1 vendor: twig fofa-query: title="Mako Runtime Error" - tags: error,mako,log,exposure,twig + tags: error,mako,log http: - method: GET diff --git a/http/exposures/logs/microsoft-runtime-error.yaml b/http/exposures/logs/microsoft-runtime-error.yaml index 17548aefe5c..85703b30d7b 100644 --- a/http/exposures/logs/microsoft-runtime-error.yaml +++ b/http/exposures/logs/microsoft-runtime-error.yaml @@ -8,7 +8,7 @@ info: max-request: 1 vendor: microsoft shodan-query: title:"Runtime Error" - tags: iis,error,microsoft,log,exposure + tags: iis,error,microsoft,log http: - method: GET diff --git a/http/exposures/logs/milesight-system-log.yaml b/http/exposures/logs/milesight-system-log.yaml index 0208992a358..df1becdf016 100644 --- a/http/exposures/logs/milesight-system-log.yaml +++ b/http/exposures/logs/milesight-system-log.yaml @@ -11,11 +11,11 @@ info: metadata: verified: true max-request: 1 - vendor: milesight - product: ur5x_firmware - shodan-query: http.html:"rt_title" - fofa-query: body=rt_title + shodan-query: http.html:rt_title google-query: '"/lang/log/system" ext:log' + product: ur5x_firmware + vendor: milesight + fofa-query: body=rt_title tags: milesight,log,exposure http: diff --git a/http/exposures/logs/mongodb-exception-page.yaml b/http/exposures/logs/mongodb-exception-page.yaml index 2ff900e7816..85194d2ec9b 100644 --- a/http/exposures/logs/mongodb-exception-page.yaml +++ b/http/exposures/logs/mongodb-exception-page.yaml @@ -7,7 +7,7 @@ info: metadata: max-request: 1 fofa-query: html:"MongoDB Exception" - tags: error,mongodb,log,exposure + tags: error,mongodb,log http: - method: GET diff --git a/http/exposures/logs/npm-debug-log.yaml b/http/exposures/logs/npm-debug-log.yaml index 1dd862ea0fa..bb8b30082ba 100644 --- a/http/exposures/logs/npm-debug-log.yaml +++ b/http/exposures/logs/npm-debug-log.yaml @@ -16,15 +16,7 @@ info: vendor: npmjs product: npm github-query: filename:npm-debug.log - shodan-query: - - http.html:"anonymous-cli-metrics.json" - - http.html:"npm-debug.log" - - http.html:"npm-shrinkwrap.json" - fofa-query: - - body="anonymous-cli-metrics.json" - - body="npm-debug.log" - - body="npm-shrinkwrap.json" - tags: exposure,npm,logs,debug,npmjs + tags: exposure,npm,logs,debug http: - method: GET diff --git a/http/exposures/logs/npm-log-file.yaml b/http/exposures/logs/npm-log-file.yaml index 981d4e8b615..99ba968f82d 100644 --- a/http/exposures/logs/npm-log-file.yaml +++ b/http/exposures/logs/npm-log-file.yaml @@ -14,16 +14,8 @@ info: max-request: 2 vendor: npmjs product: npm - shodan-query: - - http.html:"npm-debug.log" - - http.html:"anonymous-cli-metrics.json" - - http.html:"npm-shrinkwrap.json" - fofa-query: - - body="anonymous-cli-metrics.json" - - body="npm-debug.log" - - body="npm-shrinkwrap.json" - github-query: filename:npm-debug.log - tags: npm,logs,exposure,npmjs + shodan-query: html:"npm-debug.log" + tags: npm,logs,exposure http: - method: GET diff --git a/http/exposures/logs/opentsdb-status.yaml b/http/exposures/logs/opentsdb-status.yaml index 5f7f2b43382..803b0d0b70b 100644 --- a/http/exposures/logs/opentsdb-status.yaml +++ b/http/exposures/logs/opentsdb-status.yaml @@ -14,12 +14,7 @@ info: max-request: 1 vendor: opentsdb product: opentsdb - shodan-query: - - http.favicon.hash:"407286339" - - http.html:"opentsdb" - fofa-query: - - body="opentsdb" - - icon_hash=407286339 + shodan-query: http.favicon.hash:407286339 tags: opentsdb,exposure,logs http: diff --git a/http/exposures/logs/redis-exception-error.yaml b/http/exposures/logs/redis-exception-error.yaml index 1f28a6bfead..7466d9a91b7 100644 --- a/http/exposures/logs/redis-exception-error.yaml +++ b/http/exposures/logs/redis-exception-error.yaml @@ -14,14 +14,7 @@ info: max-request: 1 vendor: redis product: redis - shodan-query: - - http.html:"redis.exceptions.connectionerror" - - http.html:"redis.conf" - - redis - - redis_version - fofa-query: - - body="redis.conf" - - body="redis.exceptions.connectionerror" + shodan-query: html:"redis.exceptions.ConnectionError" tags: exposure,redis,logs http: diff --git a/http/exposures/logs/sap-logon-error-message.yaml b/http/exposures/logs/sap-logon-error-message.yaml index 3a0ac6cfa31..5a25d1dfd8f 100644 --- a/http/exposures/logs/sap-logon-error-message.yaml +++ b/http/exposures/logs/sap-logon-error-message.yaml @@ -10,7 +10,7 @@ info: verified: true max-request: 1 shodan-query: html:"Logon Error Message" - tags: sap,logon,error,log,exposure + tags: sap,logon,error,log http: - raw: diff --git a/http/exposures/logs/teampass-ldap.yaml b/http/exposures/logs/teampass-ldap.yaml index dbd435c8cc4..fc4d76c6370 100644 --- a/http/exposures/logs/teampass-ldap.yaml +++ b/http/exposures/logs/teampass-ldap.yaml @@ -16,12 +16,9 @@ info: metadata: verified: true max-request: 1 - vendor: teampass + fofa-query: app="TEAMPASS" product: teampass - fofa-query: - - app="teampass" - - body="teampass" - shodan-query: http.html:"teampass" + vendor: teampass tags: exposure,teampass,ldap,logs http: diff --git a/http/exposures/logs/twig-runtime-error.yaml b/http/exposures/logs/twig-runtime-error.yaml index bba2bded8bc..1f109c30d5f 100644 --- a/http/exposures/logs/twig-runtime-error.yaml +++ b/http/exposures/logs/twig-runtime-error.yaml @@ -8,7 +8,7 @@ info: max-request: 1 vendor: twig shodan-query: html:"Twig Runtime Error" - tags: error,twig,log,exposure + tags: error,twig,log http: - method: GET diff --git a/http/exposures/logs/vugex-source-detect.yaml b/http/exposures/logs/vugex-source-detect.yaml index 14fd31213a8..ffef1c77932 100644 --- a/http/exposures/logs/vugex-source-detect.yaml +++ b/http/exposures/logs/vugex-source-detect.yaml @@ -10,7 +10,7 @@ info: verified: true max-request: 1 shodan-query: html:"Vugex Framework" - tags: vugex,framework,disclosure,info-leak,exposure + tags: vugex,framework,disclosure,info-leak http: - raw: diff --git a/http/exposures/logs/ws-ftp-log.yaml b/http/exposures/logs/ws-ftp-log.yaml index 41df6b09f63..9720a130183 100644 --- a/http/exposures/logs/ws-ftp-log.yaml +++ b/http/exposures/logs/ws-ftp-log.yaml @@ -12,19 +12,8 @@ info: max-request: 2 vendor: ipswitch product: ws_ftp - google-query: - - intitle:"index of" ws_ftp.log - - intitle:"ad hoc transfer" - - intitle:"ws_ftp server web transfer" - shodan-query: - - http.title:"ad hoc transfer" - - http.title:"ws_ftp server web transfer" - - ws_ftp port:"22" - fofa-query: - - title="ad hoc transfer" - - title="ws_ftp server web transfer" - censys-query: services.http.request.uri="*/thinclient/wtm/public/index.html" - tags: exposure,ftp,logs,ipswitch + google-query: intitle:"Index of" ws_ftp.log + tags: exposure,ftp,logs http: - method: GET diff --git a/http/exposures/logs/yii-error-page.yaml b/http/exposures/logs/yii-error-page.yaml index 0c558278579..5f106f0bffc 100644 --- a/http/exposures/logs/yii-error-page.yaml +++ b/http/exposures/logs/yii-error-page.yaml @@ -12,14 +12,8 @@ info: max-request: 1 vendor: yii_software product: yii - shodan-query: - - http.html:"yii\base\errorexception" - - http.title:"yii debugger" - fofa-query: - - body="yii\base\errorexception" - - title="yii debugger" - google-query: intitle:"yii debugger" - tags: exposure,yii,logs,yii_software + shodan-query: html:"yii\base\ErrorException" + tags: exposure,yii,logs http: - method: GET diff --git a/http/exposures/tokens/github/github-personal-access.yaml b/http/exposures/tokens/github/github-personal-access.yaml index b8193c655b9..52db19c3c15 100644 --- a/http/exposures/tokens/github/github-personal-access.yaml +++ b/http/exposures/tokens/github/github-personal-access.yaml @@ -11,7 +11,7 @@ info: - https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/ metadata: verified: true - max-request: 2 + max-request: 1 tags: github,token,exposure flow: http(1) && http(2) diff --git a/http/exposures/tokens/gitlab/gitlab-personal-token.yaml b/http/exposures/tokens/gitlab/gitlab-personal-token.yaml index 99f2f57a6dd..752aaa7bb29 100644 --- a/http/exposures/tokens/gitlab/gitlab-personal-token.yaml +++ b/http/exposures/tokens/gitlab/gitlab-personal-token.yaml @@ -9,7 +9,7 @@ info: - https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html metadata: verified: true - max-request: 2 + max-request: 1 tags: gitlab,token,exposure flow: http(1) && http(2) diff --git a/http/exposures/tokens/jwk-json-leak.yaml b/http/exposures/tokens/jwk-json-leak.yaml index 1c091aaee82..847c90d5ddc 100644 --- a/http/exposures/tokens/jwk-json-leak.yaml +++ b/http/exposures/tokens/jwk-json-leak.yaml @@ -12,12 +12,11 @@ info: cpe: cpe:2.3:a:jwt_project:jwt:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 6 - vendor: "jwt_project" + max-request: 1 + vendor: jwt_project product: jwt - shodan-query: http.html:"jwks.json" - fofa-query: body="jwks.json" - tags: exposure,token,generic,jwt_project + shodan-query: html:"jwks.json" + tags: exposure,token,generic http: - method: GET diff --git a/http/exposures/tokens/npm/npm-access-token.yaml b/http/exposures/tokens/npm/npm-access-token.yaml index 57d57bfddde..38c2ebebf20 100644 --- a/http/exposures/tokens/npm/npm-access-token.yaml +++ b/http/exposures/tokens/npm/npm-access-token.yaml @@ -11,7 +11,7 @@ info: - https://github.blog/changelog/2022-12-06-limit-scope-of-npm-tokens-with-the-new-granular-access-tokens/ metadata: verified: true - max-request: 2 + max-request: 1 tags: npm,token,exposure flow: http(1) && http(2) diff --git a/http/exposures/tokens/rapid/rapidapi-access-token.yaml b/http/exposures/tokens/rapid/rapidapi-access-token.yaml index 60bcf31a2b6..7ae127eff2b 100644 --- a/http/exposures/tokens/rapid/rapidapi-access-token.yaml +++ b/http/exposures/tokens/rapid/rapidapi-access-token.yaml @@ -8,8 +8,8 @@ info: - https://github.com/semgrep/semgrep-rules/blob/develop/generic/secrets/gitleaks/rapidapi-access-token.go - https://github.com/semgrep/semgrep-rules/blob/develop/generic/secrets/gitleaks/rapidapi-access-token.yaml metadata: - verified: true max-request: 1 + verified: true tags: exposure,token,rapidapi http: diff --git a/http/exposures/tokens/readme/readme-api-token.yaml b/http/exposures/tokens/readme/readme-api-token.yaml index 66249e77ef3..ae6c34de6f0 100644 --- a/http/exposures/tokens/readme/readme-api-token.yaml +++ b/http/exposures/tokens/readme/readme-api-token.yaml @@ -8,8 +8,8 @@ info: - https://github.com/semgrep/semgrep-rules/blob/develop/generic/secrets/gitleaks/readme-api-token.go - https://github.com/semgrep/semgrep-rules/blob/develop/generic/secrets/gitleaks/readme-api-token.yaml metadata: - verified: true max-request: 1 + verified: true tags: exposure,token,readme http: diff --git a/http/exposures/tokens/ruby/rubygems-api-key.yaml b/http/exposures/tokens/ruby/rubygems-api-key.yaml index e77cd173a62..c9a32b2501c 100644 --- a/http/exposures/tokens/ruby/rubygems-api-key.yaml +++ b/http/exposures/tokens/ruby/rubygems-api-key.yaml @@ -10,7 +10,7 @@ info: - https://guides.rubygems.org/api-key-scopes/ metadata: verified: true - max-request: 2 + max-request: 1 tags: rubygems,token,exposure,ruby flow: http(1) && http(2) diff --git a/http/exposures/tokens/scalingo/scalingo-api-token.yaml b/http/exposures/tokens/scalingo/scalingo-api-token.yaml index cfb0a1756e6..4f0527fc019 100644 --- a/http/exposures/tokens/scalingo/scalingo-api-token.yaml +++ b/http/exposures/tokens/scalingo/scalingo-api-token.yaml @@ -8,8 +8,8 @@ info: - https://github.com/semgrep/semgrep-rules/blob/develop/generic/secrets/gitleaks/scalingo-api-token.go - https://github.com/semgrep/semgrep-rules/blob/develop/generic/secrets/gitleaks/scalingo-api-token.yaml metadata: - verified: true max-request: 1 + verified: true tags: exposure,token,scalingo http: diff --git a/http/exposures/tokens/sendbird/sendbird-access-id.yaml b/http/exposures/tokens/sendbird/sendbird-access-id.yaml index c4c98c29f0f..f95bab9acc6 100644 --- a/http/exposures/tokens/sendbird/sendbird-access-id.yaml +++ b/http/exposures/tokens/sendbird/sendbird-access-id.yaml @@ -8,8 +8,8 @@ info: - https://github.com/semgrep/semgrep-rules/blob/develop/generic/secrets/gitleaks/sendbird-access-id.go - https://github.com/semgrep/semgrep-rules/blob/develop/generic/secrets/gitleaks/sendbird-access-id.yaml metadata: - verified: true max-request: 1 + verified: true tags: exposure,token,sendbird http: diff --git a/http/exposures/tokens/sendbird/sendbird-access-token.yaml b/http/exposures/tokens/sendbird/sendbird-access-token.yaml index b5115794d1f..3ff39a46dfe 100644 --- a/http/exposures/tokens/sendbird/sendbird-access-token.yaml +++ b/http/exposures/tokens/sendbird/sendbird-access-token.yaml @@ -8,8 +8,8 @@ info: - https://github.com/semgrep/semgrep-rules/blob/develop/generic/secrets/gitleaks/sendbird-access-token.go - https://github.com/semgrep/semgrep-rules/blob/develop/generic/secrets/gitleaks/sendbird-access-token.yaml metadata: - verified: true max-request: 1 + verified: true tags: exposure,token,sendbird http: diff --git a/http/exposures/tokens/slack/slack-bot-token.yaml b/http/exposures/tokens/slack/slack-bot-token.yaml index b9f97421475..453410bda6c 100644 --- a/http/exposures/tokens/slack/slack-bot-token.yaml +++ b/http/exposures/tokens/slack/slack-bot-token.yaml @@ -7,9 +7,10 @@ info: reference: - https://api.slack.com/authentication/token-types metadata: + max-request: 1 verified: true - max-request: 2 - tags: exposure,token,slack,intrusive + tags: exposure,token,slack + flow: http(1) && http(2) http: diff --git a/http/exposures/tokens/slack/slack-user-token.yaml b/http/exposures/tokens/slack/slack-user-token.yaml index b660635dc82..a3409aed3b3 100644 --- a/http/exposures/tokens/slack/slack-user-token.yaml +++ b/http/exposures/tokens/slack/slack-user-token.yaml @@ -11,9 +11,10 @@ info: - https://github.com/semgrep/semgrep-rules/blob/develop/generic/secrets/gitleaks/slack-user-token.yaml - https://github.com/semgrep/semgrep-rules/blob/develop/generic/secrets/gitleaks/slack-user-token.txt metadata: + max-request: 1 verified: true - max-request: 2 - tags: exposure,token,slack,intrusive + tags: exposure,token,slack + flow: http(1) && http(2) http: diff --git a/http/exposures/tokens/sonarqube/sonarqube-cloud-token.yaml b/http/exposures/tokens/sonarqube/sonarqube-cloud-token.yaml index adfa1589dcb..7a4e5ec96c0 100644 --- a/http/exposures/tokens/sonarqube/sonarqube-cloud-token.yaml +++ b/http/exposures/tokens/sonarqube/sonarqube-cloud-token.yaml @@ -8,9 +8,10 @@ info: - https://sonarcloud.io/web_api/api/authentication - https://docs.sonarsource.com/sonarqube/latest/user-guide/user-account/generating-and-using-tokens/#types-of-tokens metadata: + max-request: 1 verified: true - max-request: 2 tags: exposure,token,sonarqube + flow: http(1) && http(2) http: diff --git a/http/exposures/tokens/square/square-access.yaml b/http/exposures/tokens/square/square-access.yaml index 90bc5aa3e95..cc18f2f2e98 100644 --- a/http/exposures/tokens/square/square-access.yaml +++ b/http/exposures/tokens/square/square-access.yaml @@ -10,7 +10,7 @@ info: - https://github.com/semgrep/semgrep-rules/blob/develop/generic/secrets/gitleaks/square-access-token.yaml metadata: verified: true - max-request: 2 + max-request: 1 tags: square,token,exposure flow: http(1) && http(2) diff --git a/http/exposures/tokens/stackhawk/stackhawk-api.yaml b/http/exposures/tokens/stackhawk/stackhawk-api.yaml index 12141068613..58ea27e4bda 100644 --- a/http/exposures/tokens/stackhawk/stackhawk-api.yaml +++ b/http/exposures/tokens/stackhawk/stackhawk-api.yaml @@ -10,7 +10,7 @@ info: - https://docs.stackhawk.com/web-app/ metadata: verified: true - max-request: 2 + max-request: 1 tags: stackhawk,token,exposure flow: http(1) && http(2) diff --git a/http/exposures/tokens/stripe/stripe-secret-key.yaml b/http/exposures/tokens/stripe/stripe-secret-key.yaml index 15c5b0fc394..074841c939c 100755 --- a/http/exposures/tokens/stripe/stripe-secret-key.yaml +++ b/http/exposures/tokens/stripe/stripe-secret-key.yaml @@ -7,9 +7,10 @@ info: reference: - https://stripe.com/docs/keys metadata: - verified: true max-request: 2 + verified: true tags: exposure,token,stripe + flow: http(1) && http(2) http: diff --git a/http/exposures/tokens/zenserp/zenscrape-api-key.yaml b/http/exposures/tokens/zenserp/zenscrape-api-key.yaml index 712518a1e4d..9ea35b1fabd 100644 --- a/http/exposures/tokens/zenserp/zenscrape-api-key.yaml +++ b/http/exposures/tokens/zenserp/zenscrape-api-key.yaml @@ -7,9 +7,10 @@ info: reference: - https://github.com/trufflesecurity/trufflehog/blob/main/pkg/detectors/zenscrape/zenscrape.go metadata: - verified: true max-request: 2 + verified: true tags: exposure,token,zenscrape,apikey + flow: http(1) && http(2) http: diff --git a/http/fuzzing/cache-poisoning-fuzz.yaml b/http/fuzzing/cache-poisoning-fuzz.yaml index 7ec667cf34c..e9d7a574bde 100644 --- a/http/fuzzing/cache-poisoning-fuzz.yaml +++ b/http/fuzzing/cache-poisoning-fuzz.yaml @@ -8,7 +8,7 @@ info: - https://youst.in/posts/cache-poisoning-at-scale/ - https://portswigger.net/web-security/web-cache-poisoning metadata: - max-request: 5838 + max-request: 5834 tags: fuzz,cache,fuzzing http: diff --git a/http/fuzzing/wordpress-plugins-detect.yaml b/http/fuzzing/wordpress-plugins-detect.yaml index 9e0a26d9965..fbfbc59b324 100644 --- a/http/fuzzing/wordpress-plugins-detect.yaml +++ b/http/fuzzing/wordpress-plugins-detect.yaml @@ -5,7 +5,7 @@ info: author: 0xcrypto severity: info metadata: - max-request: 100561 + max-request: 100563 tags: fuzz,wordpress,fuzzing http: diff --git a/http/fuzzing/xff-403-bypass.yaml b/http/fuzzing/xff-403-bypass.yaml index c339a1ccfd7..23a4e762d94 100644 --- a/http/fuzzing/xff-403-bypass.yaml +++ b/http/fuzzing/xff-403-bypass.yaml @@ -6,7 +6,7 @@ info: severity: info description: Template to detect 403 forbidden endpoint bypass behind Nginx/Apache proxy & load balancers, based on X-Forwarded-For header. metadata: - max-request: 2 + max-request: 3 tags: fuzzing,xff-403-bypass http: diff --git a/http/global-matchers/secrets-patterns-rules.yaml b/http/global-matchers/secrets-patterns-rules.yaml index a99df881af8..fdd341015e5 100644 --- a/http/global-matchers/secrets-patterns-rules.yaml +++ b/http/global-matchers/secrets-patterns-rules.yaml @@ -3,9 +3,9 @@ id: secrets-patterns-rules info: name: Secrets Patterns (Rules) author: dwisiswant0 - severity: info reference: - https://github.com/mazen160/secrets-patterns-db # db/rules-stable.yml (151eaf659f3bcac3f81161808765eaa91045f2c7) + severity: info tags: global-matchers,exposure,token,key,api,secret,password,generic http: diff --git a/http/honeypot/citrix-honeypot-detect.yaml b/http/honeypot/citrix-honeypot-detect.yaml index cfec86207f2..113b1875f1f 100644 --- a/http/honeypot/citrix-honeypot-detect.yaml +++ b/http/honeypot/citrix-honeypot-detect.yaml @@ -13,14 +13,10 @@ info: vendor: citrix product: citrix shodan-query: - - http.title:"“citrix login”" - - http.title:"citrix login" - fofa-query: - - title=“citrix login” - - title="citrix login" - google-query: - - intitle:“citrix login” - - intitle:"citrix login" + - http.title:“Citrix Login” + - http.title:“citrix login” + fofa-query: title=“citrix login” + google-query: intitle:“citrix login” tags: citrix,honeypot,ir,cti http: diff --git a/http/honeypot/snare-honeypot-detect.yaml b/http/honeypot/snare-honeypot-detect.yaml index 3dc8ed505a0..935ac95300a 100644 --- a/http/honeypot/snare-honeypot-detect.yaml +++ b/http/honeypot/snare-honeypot-detect.yaml @@ -12,7 +12,9 @@ info: max-request: 1 vendor: snare product: http - shodan-query: '"python/3.10 aiohttp/3.8.3" && bad status' + shodan-query: + - '"Python/3.10 aiohttp/3.8.3" && Bad status' + - '"python/3.10 aiohttp/3.8.3" && bad status' tags: snare,honeypot,ir,cti http: diff --git a/http/iot/automation-direct.yaml b/http/iot/automation-direct.yaml index ae06698e79d..7408945bed3 100644 --- a/http/iot/automation-direct.yaml +++ b/http/iot/automation-direct.yaml @@ -14,12 +14,11 @@ info: cpe: cpe:2.3:h:automationdirect:ea9-t6cl:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: automationdirect + shodan-query: http.title:"C-more -- the best HMI presented by AutomationDirect" + google-query: intitle:"C-more -- the best HMI presented by AutomationDirect" product: ea9-t6cl - shodan-query: http.title:"c-more -- the best hmi presented by automationdirect" - google-query: intitle:"c-more -- the best hmi presented by automationdirect" - fofa-query: title="c-more -- the best hmi presented by automationdirect" - tags: panel,iot,edb,automationdirect + vendor: automationdirect + tags: panel,iot,edb http: - method: GET diff --git a/http/iot/cae-monitor-panel.yaml b/http/iot/cae-monitor-panel.yaml index ef3ed9f719c..fe9096babf4 100644 --- a/http/iot/cae-monitor-panel.yaml +++ b/http/iot/cae-monitor-panel.yaml @@ -7,10 +7,10 @@ info: description: | Identified an exposed CAE Monitoring login panel. metadata: + shodan-query: http.favicon.hash:-268676052 verified: true max-request: 1 - shodan-query: http.favicon.hash:-268676052 - tags: cae,login,panel,detect,iot + tags: cae,login,panel,detect http: - method: GET diff --git a/http/iot/etic-telecom-panel.yaml b/http/iot/etic-telecom-panel.yaml index 71fe516b4d9..f9ec352da78 100644 --- a/http/iot/etic-telecom-panel.yaml +++ b/http/iot/etic-telecom-panel.yaml @@ -8,9 +8,9 @@ info: ETIC Telecom device login panel was discovered metadata: verified: true - max-request: 2 + max-request: 1 shodan-query: html:"ETIC Telecom" - tags: etic,panel,login,iot + tags: etic,panel,login http: - method: GET diff --git a/http/iot/grandstream-device-configuration.yaml b/http/iot/grandstream-device-configuration.yaml index f22e92b181c..c1f31a73f22 100644 --- a/http/iot/grandstream-device-configuration.yaml +++ b/http/iot/grandstream-device-configuration.yaml @@ -11,10 +11,8 @@ info: max-request: 1 vendor: grandstream product: ht801_firmware - shodan-query: http.title:"grandstream device configuration" - fofa-query: title="grandstream device configuration" - google-query: intitle:"grandstream device configuration" - tags: iot,grandstream + shodan-query: http.title:"Grandstream Device Configuration" + tags: iot http: - method: GET diff --git a/http/iot/honeywell-building-control.yaml b/http/iot/honeywell-building-control.yaml index bf7c82d1d6b..d1ba7525b6e 100644 --- a/http/iot/honeywell-building-control.yaml +++ b/http/iot/honeywell-building-control.yaml @@ -11,9 +11,8 @@ info: max-request: 1 vendor: honeywell product: alerton_ascent_control_module - shodan-query: http.html:"honeywell building control" - fofa-query: body="honeywell building control" - tags: panel,iot,honeywell + shodan-query: html:"Honeywell Building Control" + tags: panel,iot http: - method: GET diff --git a/http/iot/hp-color-laserjet-detect.yaml b/http/iot/hp-color-laserjet-detect.yaml index 8f78af74d68..83ebd6361b4 100644 --- a/http/iot/hp-color-laserjet-detect.yaml +++ b/http/iot/hp-color-laserjet-detect.yaml @@ -15,9 +15,8 @@ info: max-request: 2 vendor: hp product: color_laserjet_pro_mfp_m183_7kw56a - shodan-query: http.title:"hp color laserjet" - google-query: intitle:"hp color laserjet" - fofa-query: title="hp color laserjet" + shodan-query: http.title:"HP Color LaserJet" + google-query: intitle:"HP Color LaserJet" tags: iot,hp http: diff --git a/http/iot/hue-personal-wireless-panel.yaml b/http/iot/hue-personal-wireless-panel.yaml index cb66f0f5332..c544f533ec7 100644 --- a/http/iot/hue-personal-wireless-panel.yaml +++ b/http/iot/hue-personal-wireless-panel.yaml @@ -11,12 +11,8 @@ info: max-request: 1 vendor: philips product: hue - shodan-query: - - http.title:"hue personal wireless lighting" - - cpe:"cpe:2.3:h:philips:hue" - fofa-query: title="hue personal wireless lighting" - google-query: intitle:"hue personal wireless lighting" - tags: hue,iot,wireless,philips + shodan-query: title:"hue personal wireless lighting" + tags: hue,iot,wireless http: - method: GET diff --git a/http/iot/kyocera-printer-panel.yaml b/http/iot/kyocera-printer-panel.yaml index 2620ddfe1c0..a7b6050cdc1 100644 --- a/http/iot/kyocera-printer-panel.yaml +++ b/http/iot/kyocera-printer-panel.yaml @@ -9,9 +9,9 @@ info: metadata: verified: true max-request: 1 - vendor: kyocera + shodan-query: http.favicon.hash:-50306417 product: d-copia253mf_plus_firmware - shodan-query: http.favicon.hash:"-50306417" + vendor: kyocera fofa-query: icon_hash=-50306417 tags: iot,panel,kyocera,printer diff --git a/http/iot/moxa-vpn-router-panel.yaml b/http/iot/moxa-vpn-router-panel.yaml index bc4e46bc4dc..75bc1d9084a 100644 --- a/http/iot/moxa-vpn-router-panel.yaml +++ b/http/iot/moxa-vpn-router-panel.yaml @@ -7,10 +7,10 @@ info: description: | Moxa OnCell VPN panel was discovered. metadata: + shodan-query: http.favicon.hash:-234487373 verified: true max-request: 1 - shodan-query: http.favicon.hash:-234487373 - tags: moxo,oncel,vpn,login,panel,iot + tags: moxo,oncel,vpn,login,panel http: - method: GET diff --git a/http/iot/octoprint-3dprinter-detect.yaml b/http/iot/octoprint-3dprinter-detect.yaml index d0a35e83d63..41920026768 100644 --- a/http/iot/octoprint-3dprinter-detect.yaml +++ b/http/iot/octoprint-3dprinter-detect.yaml @@ -12,17 +12,11 @@ info: cpe: cpe:2.3:a:octoprint:octoprint:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: octoprint - product: octoprint shodan-query: - - http.favicon.hash:"1307375944" - - http.title:"octoprint" - - http.html:"thank you for installing octoprint" - fofa-query: - - body="thank you for installing octoprint" - - icon_hash=1307375944 - - title="octoprint" - google-query: intitle:"octoprint" + - http.favicon.hash:1307375944 + - http.title:"OctoPrint" + product: octoprint + vendor: octoprint tags: iot,octoprint,panel http: diff --git a/http/iot/siemens-logo8-panel.yaml b/http/iot/siemens-logo8-panel.yaml index a990ed1b80a..7718947221f 100644 --- a/http/iot/siemens-logo8-panel.yaml +++ b/http/iot/siemens-logo8-panel.yaml @@ -4,12 +4,13 @@ info: name: Siemens Logo! 8 Web - Panel author: biero-el-corridor severity: info - description: Siemens Logo! 8 Web Login Panel was discovered. + description: + Siemens Logo! 8 Web Login Panel was discovered. metadata: - verified: true max-request: 1 + verified: true shodan-query: html:"/logo_login.shtm" - tags: ics,siemens,panel,login,iot + tags: ics,siemens,panel,login http: - method: GET diff --git a/http/iot/siemens-simatic-panel.yaml b/http/iot/siemens-simatic-panel.yaml index 27143da13d8..a83b057e96f 100644 --- a/http/iot/siemens-simatic-panel.yaml +++ b/http/iot/siemens-simatic-panel.yaml @@ -7,10 +7,10 @@ info: description: | Siemens SIMATIC HMI Miniweb Login Panel was discovered. metadata: - verified: true max-request: 1 + verified: true shodan-query: title:"Miniweb Start Page" - tags: ics,siemens,login,panel,miniweb,iot + tags: ics,siemens,login,panel,miniweb http: - method: GET diff --git a/http/iot/wago-webbased-panel.yaml b/http/iot/wago-webbased-panel.yaml index 6208f55bf33..a7ae6ecd192 100644 --- a/http/iot/wago-webbased-panel.yaml +++ b/http/iot/wago-webbased-panel.yaml @@ -5,11 +5,11 @@ info: author: biero-el-corridor severity: info description: | - WAGO WebBased Management was discovered. + WAGO WebBased Management was discovered. metadata: + shodan-query: title:"WAGO Ethernet Web-based Management" verified: true max-request: 1 - shodan-query: title:"WAGO Ethernet Web-based Management" tags: panel,login,wago,iot http: diff --git a/http/iot/zebra-printer-detect.yaml b/http/iot/zebra-printer-detect.yaml index 4dad9b64a6f..1408f004c15 100644 --- a/http/iot/zebra-printer-detect.yaml +++ b/http/iot/zebra-printer-detect.yaml @@ -14,8 +14,7 @@ info: max-request: 1 vendor: zebra product: zt220_firmware - shodan-query: http.html:"zebra technologies" - fofa-query: body="zebra technologies" + shodan-query: html:"Zebra Technologies" tags: iot,zebra,printer http: diff --git a/http/miscellaneous/azure-blob-core-detect.yaml b/http/miscellaneous/azure-blob-core-detect.yaml index 74dc91b4055..25f2d976bf5 100644 --- a/http/miscellaneous/azure-blob-core-detect.yaml +++ b/http/miscellaneous/azure-blob-core-detect.yaml @@ -7,10 +7,10 @@ info: description: | This template detects the presence of 'blob.core.windows.net' in the response body, indicating potential references to Azure Blob Storage. metadata: - verified: true max-request: 1 + verified: true shodan-query: html:"blob.core.windows.net" - tags: azure,blob,detect,miscellaneous + tags: azure,blob,detect http: - method: GET diff --git a/http/miscellaneous/credit-card-number-detect.yaml b/http/miscellaneous/credit-card-number-detect.yaml index 0a85b1c7da6..8831523cbc8 100644 --- a/http/miscellaneous/credit-card-number-detect.yaml +++ b/http/miscellaneous/credit-card-number-detect.yaml @@ -10,9 +10,7 @@ info: - https://www.tenable.com/plugins/was/98129 - https://en.wikipedia.org/wiki/Payment_card_number - https://stackoverflow.com/questions/9315647/regex-credit-card-number-tests - metadata: - max-request: 1 - tags: credit,debit,card,payment,security,pci,miscellaneous + tags: credit,debit,card,payment,security,pci http: - method: GET diff --git a/http/miscellaneous/exposed-file-upload-form.yaml b/http/miscellaneous/exposed-file-upload-form.yaml index 26b33620bbf..24f1c7b3172 100644 --- a/http/miscellaneous/exposed-file-upload-form.yaml +++ b/http/miscellaneous/exposed-file-upload-form.yaml @@ -12,8 +12,7 @@ info: vendor: creativedream_file_uploader_project product: creativedream_file_uploader shodan-query: http.html:"multipart/form-data" html:"file" - fofa-query: body="multipart/form-data" html:"file" - tags: miscellaneous,exposure,upload,form,misc,generic,creativedream_file_uploader_project + tags: miscellaneous,exposure,upload,form,misc,generic http: - method: GET diff --git a/http/miscellaneous/microsoft-azure-error.yaml b/http/miscellaneous/microsoft-azure-error.yaml index d969fd1e348..cfeb9bd3c53 100644 --- a/http/miscellaneous/microsoft-azure-error.yaml +++ b/http/miscellaneous/microsoft-azure-error.yaml @@ -10,9 +10,7 @@ info: max-request: 1 vendor: microsoft product: azure_app_service_on_azure_stack - shodan-query: http.title:"microsoft azure web app - error 404" - fofa-query: title="microsoft azure web app - error 404" - google-query: intitle:"microsoft azure web app - error 404" + shodan-query: title:"Microsoft Azure Web App - Error 404" tags: error,azure,microsoft,misc,takeover,miscellaneous http: diff --git a/http/miscellaneous/netflix-conductor-version.yaml b/http/miscellaneous/netflix-conductor-version.yaml index dce7fb01192..09b5a49524b 100644 --- a/http/miscellaneous/netflix-conductor-version.yaml +++ b/http/miscellaneous/netflix-conductor-version.yaml @@ -14,9 +14,7 @@ info: max-request: 2 vendor: netflix product: conductor - shodan-query: http.title:"conductor ui", http.title:"workflow ui" - fofa-query: title="conductor ui", http.title:"workflow ui" - google-query: intitle:"conductor ui", http.title:"workflow ui" + shodan-query: http.title:"Conductor UI", http.title:"Workflow UI" tags: miscellaneous,tech,netflix,conductor,api,misc http: diff --git a/http/miscellaneous/ntlm-directories.yaml b/http/miscellaneous/ntlm-directories.yaml index 0c348456976..41f5ba53bcc 100644 --- a/http/miscellaneous/ntlm-directories.yaml +++ b/http/miscellaneous/ntlm-directories.yaml @@ -7,7 +7,7 @@ info: reference: - https://medium.com/swlh/internal-information-disclosure-using-hidden-ntlm-authentication-18de17675666 metadata: - max-request: 49 + max-request: 48 tags: miscellaneous,misc,fuzz,windows http: diff --git a/http/miscellaneous/onion-website-supported.yaml b/http/miscellaneous/onion-website-supported.yaml index 93def821e53..8223d56d877 100644 --- a/http/miscellaneous/onion-website-supported.yaml +++ b/http/miscellaneous/onion-website-supported.yaml @@ -1,16 +1,16 @@ id: onion-website-supported -info: - name: Onion Website Supported via Onion-Location Header - author: rxerium - severity: info - description: | - Identified websites that supported Tor network access through the Onion-Location HTTP response header, which pointed to a corresponding .onion service for enhanced privacy and anonymity. - metadata: - verified: true - max-request: 1 - tags: misc,osint,tor,onion,miscellaneous - +info: + name: Onion Website Supported via Onion-Location Header + author: rxerium + severity: info + description: | + Identified websites that supported Tor network access through the Onion-Location HTTP response header, which pointed to a corresponding .onion service for enhanced privacy and anonymity. + metadata: + verified: true + max-request: 1 + tags: misc,osint,tor,onion + http: - method: GET path: diff --git a/http/miscellaneous/seized-site.yaml b/http/miscellaneous/seized-site.yaml index 3684659d6f5..3b5063e80ad 100644 --- a/http/miscellaneous/seized-site.yaml +++ b/http/miscellaneous/seized-site.yaml @@ -1,17 +1,17 @@ id: seized-site -info: - name: Seized Site - author: rxerium - severity: info - description: | - This website has been seized by law enforcement - metadata: - verified: true - max-request: 1 - shodan-query: title:"THIS WEBSITE HAS BEEN SEIZED" - tags: seized,miscellaneous,misc - +info: + name: Seized Site + author: rxerium + severity: info + description: | + This website has been seized by law enforcement + metadata: + max-request: 1 + verified: true + shodan-query: title:"THIS WEBSITE HAS BEEN SEIZED" + tags: seized,miscellaneous,misc + http: - method: GET path: diff --git a/http/miscellaneous/trust-center-detect.yaml b/http/miscellaneous/trust-center-detect.yaml index 9583665f4cf..c84dba06a1d 100644 --- a/http/miscellaneous/trust-center-detect.yaml +++ b/http/miscellaneous/trust-center-detect.yaml @@ -10,7 +10,7 @@ info: verified: true max-request: 6 shodan-query: http.title:"Trust Center" - tags: misc,trust,center,generic,miscellaneous + tags: misc,trust,center,generic http: - method: GET diff --git a/http/misconfiguration/aem/aem-acs-common.yaml b/http/misconfiguration/aem/aem-acs-common.yaml index 77c2f03f629..76bcd87f890 100644 --- a/http/misconfiguration/aem/aem-acs-common.yaml +++ b/http/misconfiguration/aem/aem-acs-common.yaml @@ -14,10 +14,8 @@ info: vendor: adobe product: acs_aem_commons shodan-query: - - http.title:"aem sign in" - - http.component:"adobe experience manager" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" + - http.title:"AEM Sign In" + - http.component:"Adobe Experience Manager" tags: misconfig,aem,adobe http: diff --git a/http/misconfiguration/aem/aem-bg-servlet.yaml b/http/misconfiguration/aem/aem-bg-servlet.yaml index c374822e840..b800551c727 100644 --- a/http/misconfiguration/aem/aem-bg-servlet.yaml +++ b/http/misconfiguration/aem/aem-bg-servlet.yaml @@ -12,13 +12,8 @@ info: max-request: 1 vendor: adobe product: experience_manager - shodan-query: - - http.component:"adobe experience manager" - - cpe:"cpe:2.3:a:adobe:experience_manager" - - http.title:"aem sign in" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" - tags: aem,misconfig,adobe + shodan-query: http.component:"Adobe Experience Manager" + tags: aem,misconfig http: - method: GET diff --git a/http/misconfiguration/aem/aem-bulkeditor.yaml b/http/misconfiguration/aem/aem-bulkeditor.yaml index 156fd0a4d8e..0c12f472759 100644 --- a/http/misconfiguration/aem/aem-bulkeditor.yaml +++ b/http/misconfiguration/aem/aem-bulkeditor.yaml @@ -13,11 +13,8 @@ info: vendor: adobe product: experience_manager shodan-query: - - http.title:"aem sign in" - - http.component:"adobe experience manager" - - cpe:"cpe:2.3:a:adobe:experience_manager" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" + - http.title:"AEM Sign In" + - http.component:"Adobe Experience Manager" tags: misconfig,aem,adobe,editor http: diff --git a/http/misconfiguration/aem/aem-cached-pages.yaml b/http/misconfiguration/aem/aem-cached-pages.yaml index 3dc7365e259..b85c7bc030b 100644 --- a/http/misconfiguration/aem/aem-cached-pages.yaml +++ b/http/misconfiguration/aem/aem-cached-pages.yaml @@ -13,13 +13,8 @@ info: max-request: 1 vendor: adobe product: experience_manager - shodan-query: - - http.component:"adobe experience manager" - - cpe:"cpe:2.3:a:adobe:experience_manager" - - http.title:"aem sign in" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" - tags: aem,misconfig,adobe + shodan-query: http.component:"Adobe Experience Manager" + tags: aem,misconfig http: - method: GET diff --git a/http/misconfiguration/aem/aem-childrenlist-xss.yaml b/http/misconfiguration/aem/aem-childrenlist-xss.yaml index 11543c0d7f3..0673f5f0fee 100644 --- a/http/misconfiguration/aem/aem-childrenlist-xss.yaml +++ b/http/misconfiguration/aem/aem-childrenlist-xss.yaml @@ -14,14 +14,11 @@ info: metadata: verified: true max-request: 2 - vendor: adobe - product: experience_manager shodan-query: - - http.title:"aem sign in" - - http.component:"adobe experience manager" - - cpe:"cpe:2.3:a:adobe:experience_manager" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" + - http.title:"AEM Sign In" + - http.component:"Adobe Experience Manager" + product: experience_manager + vendor: adobe tags: xss,aem,adobe,misconfig http: diff --git a/http/misconfiguration/aem/aem-crx-bypass.yaml b/http/misconfiguration/aem/aem-crx-bypass.yaml index fc11317e9a7..2e1d82335f6 100644 --- a/http/misconfiguration/aem/aem-crx-bypass.yaml +++ b/http/misconfiguration/aem/aem-crx-bypass.yaml @@ -14,12 +14,7 @@ info: max-request: 2 vendor: adobe product: experience_manager - shodan-query: - - http.component:"adobe experience manager" - - cpe:"cpe:2.3:a:adobe:experience_manager" - - http.title:"aem sign in" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" + shodan-query: http.component:"Adobe Experience Manager" tags: aem,adobe,misconfig http: diff --git a/http/misconfiguration/aem/aem-crx-namespace.yaml b/http/misconfiguration/aem/aem-crx-namespace.yaml index ce743cd91a8..7d7d865862c 100644 --- a/http/misconfiguration/aem/aem-crx-namespace.yaml +++ b/http/misconfiguration/aem/aem-crx-namespace.yaml @@ -14,10 +14,8 @@ info: vendor: adobe product: experience_manager_cloud_service shodan-query: - - http.title:"aem sign in" - - http.component:"adobe experience manager" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" + - http.title:"AEM Sign In" + - http.component:"Adobe Experience Manager" tags: exposure,aem,adobe,misconfig http: diff --git a/http/misconfiguration/aem/aem-crx-search.yaml b/http/misconfiguration/aem/aem-crx-search.yaml index 808c2386cdd..9b3faf4cd97 100644 --- a/http/misconfiguration/aem/aem-crx-search.yaml +++ b/http/misconfiguration/aem/aem-crx-search.yaml @@ -13,10 +13,8 @@ info: vendor: adobe product: acs_aem_commons shodan-query: - - http.title:"aem sign in" - - http.component:"adobe experience manager" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" + - http.title:"AEM Sign In" + - http.component:"Adobe Experience Manager" tags: misconfig,aem,adobe,exposure http: diff --git a/http/misconfiguration/aem/aem-custom-script.yaml b/http/misconfiguration/aem/aem-custom-script.yaml index 6412fcbb758..4615e88cfa4 100644 --- a/http/misconfiguration/aem/aem-custom-script.yaml +++ b/http/misconfiguration/aem/aem-custom-script.yaml @@ -13,11 +13,8 @@ info: vendor: adobe product: experience_manager shodan-query: - - http.title:"aem sign in" - - http.component:"adobe experience manager" - - cpe:"cpe:2.3:a:adobe:experience_manager" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" + - http.title:"AEM Sign In" + - http.component:"Adobe Experience Manager" tags: misconfig,aem,adobe http: diff --git a/http/misconfiguration/aem/aem-debugging-libraries.yaml b/http/misconfiguration/aem/aem-debugging-libraries.yaml index 544c4e2bba1..9ab833a2a19 100644 --- a/http/misconfiguration/aem/aem-debugging-libraries.yaml +++ b/http/misconfiguration/aem/aem-debugging-libraries.yaml @@ -15,10 +15,8 @@ info: vendor: adobe product: acs_aem_commons shodan-query: - - http.title:"aem sign in" - - http.component:"adobe experience manager" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" + - http.title:"AEM Sign In" + - http.component:"Adobe Experience Manager" tags: misconfig,aem,adobe http: diff --git a/http/misconfiguration/aem/aem-default-get-servlet.yaml b/http/misconfiguration/aem/aem-default-get-servlet.yaml index 4bde47feed5..ce8d86ae27b 100644 --- a/http/misconfiguration/aem/aem-default-get-servlet.yaml +++ b/http/misconfiguration/aem/aem-default-get-servlet.yaml @@ -14,12 +14,7 @@ info: max-request: 64 vendor: adobe product: experience_manager - shodan-query: - - http.component:"adobe experience manager" - - cpe:"cpe:2.3:a:adobe:experience_manager" - - http.title:"aem sign in" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" + shodan-query: http.component:"Adobe Experience Manager" tags: aem,adobe,misconfig http: diff --git a/http/misconfiguration/aem/aem-disk-usage.yaml b/http/misconfiguration/aem/aem-disk-usage.yaml index 78a43a3f8e0..793cdc8098b 100644 --- a/http/misconfiguration/aem/aem-disk-usage.yaml +++ b/http/misconfiguration/aem/aem-disk-usage.yaml @@ -14,10 +14,8 @@ info: vendor: adobe product: acs_aem_commons shodan-query: - - http.title:"aem sign in" - - http.component:"adobe experience manager" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" + - http.title:"AEM Sign In" + - http.component:"Adobe Experience Manager" tags: misconfig,aem,adobe,exposure http: diff --git a/http/misconfiguration/aem/aem-dump-contentnode.yaml b/http/misconfiguration/aem/aem-dump-contentnode.yaml index 670f25caa79..3515c27007a 100644 --- a/http/misconfiguration/aem/aem-dump-contentnode.yaml +++ b/http/misconfiguration/aem/aem-dump-contentnode.yaml @@ -14,10 +14,8 @@ info: vendor: adobe product: experience_manager_cloud_service shodan-query: - - http.title:"aem sign in" - - http.component:"adobe experience manager" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" + - http.title:"AEM Sign In" + - http.component:"Adobe Experience Manager" tags: misconfig,aem,adobe http: diff --git a/http/misconfiguration/aem/aem-explorer-nodetypes.yaml b/http/misconfiguration/aem/aem-explorer-nodetypes.yaml index 277cf08c6b7..3bd4b4981dc 100644 --- a/http/misconfiguration/aem/aem-explorer-nodetypes.yaml +++ b/http/misconfiguration/aem/aem-explorer-nodetypes.yaml @@ -14,10 +14,8 @@ info: vendor: adobe product: experience_manager_cloud_service shodan-query: - - http.title:"aem sign in" - - http.component:"adobe experience manager" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" + - http.title:"AEM Sign In" + - http.component:"Adobe Experience Manager" tags: misconfig,aem,adobe,exposure http: diff --git a/http/misconfiguration/aem/aem-external-link-checker.yaml b/http/misconfiguration/aem/aem-external-link-checker.yaml index 2ba651f9c48..571944a58db 100644 --- a/http/misconfiguration/aem/aem-external-link-checker.yaml +++ b/http/misconfiguration/aem/aem-external-link-checker.yaml @@ -13,10 +13,8 @@ info: vendor: adobe product: acs_aem_commons shodan-query: - - http.title:"aem sign in" - - http.component:"adobe experience manager" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" + - http.title:"AEM Sign In" + - http.component:"Adobe Experience Manager" tags: misconfig,aem,adobe,exposure http: diff --git a/http/misconfiguration/aem/aem-gql-servlet.yaml b/http/misconfiguration/aem/aem-gql-servlet.yaml index 9595737e178..ba2cecf1860 100644 --- a/http/misconfiguration/aem/aem-gql-servlet.yaml +++ b/http/misconfiguration/aem/aem-gql-servlet.yaml @@ -13,13 +13,8 @@ info: max-request: 29 vendor: adobe product: experience_manager - shodan-query: - - http.component:"adobe experience manager" - - cpe:"cpe:2.3:a:adobe:experience_manager" - - http.title:"aem sign in" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" - tags: aem,misconfig,adobe + shodan-query: http.component:"Adobe Experience Manager" + tags: aem,misconfig http: - method: GET diff --git a/http/misconfiguration/aem/aem-groovyconsole.yaml b/http/misconfiguration/aem/aem-groovyconsole.yaml index f1cd24d1e47..e058656b082 100644 --- a/http/misconfiguration/aem/aem-groovyconsole.yaml +++ b/http/misconfiguration/aem/aem-groovyconsole.yaml @@ -14,11 +14,7 @@ info: max-request: 2 vendor: adobe product: experience_manager_cloud_service - shodan-query: - - http.component:"adobe experience manager" - - http.title:"aem sign in" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" + shodan-query: http.component:"Adobe Experience Manager" tags: aem,adobe,hackerone,misconfig http: diff --git a/http/misconfiguration/aem/aem-hash-querybuilder.yaml b/http/misconfiguration/aem/aem-hash-querybuilder.yaml index 7a0f975c8e4..21af71d212a 100644 --- a/http/misconfiguration/aem/aem-hash-querybuilder.yaml +++ b/http/misconfiguration/aem/aem-hash-querybuilder.yaml @@ -13,12 +13,8 @@ info: max-request: 1 vendor: adobe product: acs_aem_commons - shodan-query: - - http.component:"adobe experience manager" - - http.title:"aem sign in" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" - tags: aem,misconfig,adobe + shodan-query: http.component:"Adobe Experience Manager" + tags: aem,misconfig http: - raw: diff --git a/http/misconfiguration/aem/aem-login-status.yaml b/http/misconfiguration/aem/aem-login-status.yaml index 8a750a9d9a8..9c722149bfb 100644 --- a/http/misconfiguration/aem/aem-login-status.yaml +++ b/http/misconfiguration/aem/aem-login-status.yaml @@ -14,12 +14,7 @@ info: max-request: 3 vendor: adobe product: experience_manager - shodan-query: - - http.component:"adobe experience manager" - - cpe:"cpe:2.3:a:adobe:experience_manager" - - http.title:"aem sign in" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" + shodan-query: http.component:"Adobe Experience Manager" tags: aem,adobe,misconfig http: diff --git a/http/misconfiguration/aem/aem-merge-metadata-servlet.yaml b/http/misconfiguration/aem/aem-merge-metadata-servlet.yaml index 001208d82ec..a0f91088911 100644 --- a/http/misconfiguration/aem/aem-merge-metadata-servlet.yaml +++ b/http/misconfiguration/aem/aem-merge-metadata-servlet.yaml @@ -12,13 +12,8 @@ info: max-request: 1 vendor: adobe product: experience_manager - shodan-query: - - http.component:"adobe experience manager" - - cpe:"cpe:2.3:a:adobe:experience_manager" - - http.title:"aem sign in" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" - tags: aem,misconfig,adobe + shodan-query: http.component:"Adobe Experience Manager" + tags: aem,misconfig http: - method: GET diff --git a/http/misconfiguration/aem/aem-offloading-browser.yaml b/http/misconfiguration/aem/aem-offloading-browser.yaml index 511df7be89e..be71c789a9b 100644 --- a/http/misconfiguration/aem/aem-offloading-browser.yaml +++ b/http/misconfiguration/aem/aem-offloading-browser.yaml @@ -14,10 +14,8 @@ info: vendor: adobe product: acs_aem_commons shodan-query: - - http.title:"aem sign in" - - http.component:"adobe experience manager" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" + - http.title:"AEM Sign In" + - http.component:"Adobe Experience Manager" tags: misconfig,aem,adobe http: diff --git a/http/misconfiguration/aem/aem-osgi-bundles.yaml b/http/misconfiguration/aem/aem-osgi-bundles.yaml index 7d2fbb8da78..9761f87e373 100644 --- a/http/misconfiguration/aem/aem-osgi-bundles.yaml +++ b/http/misconfiguration/aem/aem-osgi-bundles.yaml @@ -14,10 +14,8 @@ info: vendor: adobe product: acs_aem_commons shodan-query: - - http.title:"aem sign in" - - http.component:"adobe experience manager" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" + - http.title:"AEM Sign In" + - http.component:"Adobe Experience Manager" tags: misconfig,aem,adobe http: diff --git a/http/misconfiguration/aem/aem-querybuilder-internal-path-read.yaml b/http/misconfiguration/aem/aem-querybuilder-internal-path-read.yaml index 7eeb2cc95f1..89055512189 100644 --- a/http/misconfiguration/aem/aem-querybuilder-internal-path-read.yaml +++ b/http/misconfiguration/aem/aem-querybuilder-internal-path-read.yaml @@ -13,13 +13,8 @@ info: max-request: 4 vendor: adobe product: experience_manager - shodan-query: - - http.component:"adobe experience manager" - - cpe:"cpe:2.3:a:adobe:experience_manager" - - http.title:"aem sign in" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" - tags: aem,misconfig,adobe + shodan-query: http.component:"Adobe Experience Manager" + tags: aem,misconfig http: - method: GET diff --git a/http/misconfiguration/aem/aem-querybuilder-json-servlet.yaml b/http/misconfiguration/aem/aem-querybuilder-json-servlet.yaml index fe224391bbf..fa8a6b971a2 100644 --- a/http/misconfiguration/aem/aem-querybuilder-json-servlet.yaml +++ b/http/misconfiguration/aem/aem-querybuilder-json-servlet.yaml @@ -14,11 +14,7 @@ info: max-request: 8 vendor: adobe product: acs_aem_commons - shodan-query: - - http.component:"adobe experience manager" - - http.title:"aem sign in" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" + shodan-query: http.component:"Adobe Experience Manager" tags: aem,adobe,misconfig http: diff --git a/http/misconfiguration/aem/aem-setpreferences-xss.yaml b/http/misconfiguration/aem/aem-setpreferences-xss.yaml index 3d776980c65..5951041973f 100644 --- a/http/misconfiguration/aem/aem-setpreferences-xss.yaml +++ b/http/misconfiguration/aem/aem-setpreferences-xss.yaml @@ -16,15 +16,10 @@ info: cpe: cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:* metadata: max-request: 2 - vendor: adobe + shodan-query: http.component:"Adobe Experience Manager" product: experience_manager - shodan-query: - - http.component:"adobe experience manager" - - cpe:"cpe:2.3:a:adobe:experience_manager" - - http.title:"aem sign in" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" - tags: aem,xss,misconfig,adobe + vendor: adobe + tags: aem,xss,misconfig http: - method: GET diff --git a/http/misconfiguration/aem/aem-sling-userinfo.yaml b/http/misconfiguration/aem/aem-sling-userinfo.yaml index cd46b9efbc1..9b4c8ad6772 100644 --- a/http/misconfiguration/aem/aem-sling-userinfo.yaml +++ b/http/misconfiguration/aem/aem-sling-userinfo.yaml @@ -13,11 +13,8 @@ info: vendor: adobe product: experience_manager shodan-query: - - http.title:"aem sign in" - - http.component:"adobe experience manager" - - cpe:"cpe:2.3:a:adobe:experience_manager" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" + - http.title:"AEM Sign In" + - http.component:"Adobe Experience Manager" tags: misconfig,aem,adobe,exposure http: diff --git a/http/misconfiguration/aem/aem-userinfo-servlet.yaml b/http/misconfiguration/aem/aem-userinfo-servlet.yaml index aaefd352544..79eae76248c 100644 --- a/http/misconfiguration/aem/aem-userinfo-servlet.yaml +++ b/http/misconfiguration/aem/aem-userinfo-servlet.yaml @@ -11,13 +11,8 @@ info: max-request: 1 vendor: adobe product: experience_manager - shodan-query: - - http.component:"adobe experience manager" - - cpe:"cpe:2.3:a:adobe:experience_manager" - - http.title:"aem sign in" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" - tags: aem,misconfig,adobe + shodan-query: http.component:"Adobe Experience Manager" + tags: aem,misconfig http: - method: GET diff --git a/http/misconfiguration/aem/crxde-lite.yaml b/http/misconfiguration/aem/crxde-lite.yaml index 11e1f99b429..27e68e9effe 100644 --- a/http/misconfiguration/aem/crxde-lite.yaml +++ b/http/misconfiguration/aem/crxde-lite.yaml @@ -12,8 +12,8 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cwe-id: CWE-200 metadata: - verified: true max-request: 1 + verified: true tags: aem,crxde,exposure,adobe,misconfig http: diff --git a/http/misconfiguration/airflow/airflow-debug.yaml b/http/misconfiguration/airflow/airflow-debug.yaml index 55ace4c6afc..13feabbe2d4 100644 --- a/http/misconfiguration/airflow/airflow-debug.yaml +++ b/http/misconfiguration/airflow/airflow-debug.yaml @@ -12,22 +12,7 @@ info: max-request: 1 vendor: apache product: airflow - shodan-query: - - http.title:"airflow - dags" - - http.html:"apache airflow" - - http.title:"airflow - dags" || http.html:"apache airflow" - - http.title:"sign in - airflow" - - product:"redis" - fofa-query: - - apache airflow - - body="apache airflow" - - title="airflow - dags" - - title="airflow - dags" || http.html:"apache airflow" - - title="sign in - airflow" - google-query: - - intitle:"airflow - dags" - - intitle:"airflow - dags" || http.html:"apache airflow" - - intitle:"sign in - airflow" + shodan-query: title:"Airflow - DAGs" tags: apache,airflow,fpd,misconfig http: diff --git a/http/misconfiguration/airflow/unauthenticated-airflow.yaml b/http/misconfiguration/airflow/unauthenticated-airflow.yaml index 184bf041698..fca5baf54bb 100644 --- a/http/misconfiguration/airflow/unauthenticated-airflow.yaml +++ b/http/misconfiguration/airflow/unauthenticated-airflow.yaml @@ -11,22 +11,7 @@ info: max-request: 2 vendor: apache product: airflow - shodan-query: - - http.title:"airflow - dags" - - http.html:"apache airflow" - - http.title:"airflow - dags" || http.html:"apache airflow" - - http.title:"sign in - airflow" - - product:"redis" - fofa-query: - - apache airflow - - body="apache airflow" - - title="airflow - dags" - - title="airflow - dags" || http.html:"apache airflow" - - title="sign in - airflow" - google-query: - - intitle:"airflow - dags" - - intitle:"airflow - dags" || http.html:"apache airflow" - - intitle:"sign in - airflow" + shodan-query: title:"Airflow - DAGs" tags: apache,airflow,unauth,misconfig http: diff --git a/http/misconfiguration/ampache-update-exposure.yaml b/http/misconfiguration/ampache-update-exposure.yaml index 4f89b7e9008..1836c19161e 100644 --- a/http/misconfiguration/ampache-update-exposure.yaml +++ b/http/misconfiguration/ampache-update-exposure.yaml @@ -12,20 +12,7 @@ info: max-request: 1 vendor: ampache product: ampache - shodan-query: - - http.html:"ampache update" - - http.title:"ampache -- debug page" - - http.title:"for the love of music - installation" - - http.title:"for the love of music" - fofa-query: - - body="ampache update" - - title="ampache -- debug page" - - title="for the love of music - installation" - - title="for the love of music" - google-query: - - intitle:"ampache -- debug page" - - intitle:"for the love of music - installation" - - intitle:"for the love of music" + shodan-query: http.html:"Ampache Update" tags: misconfig,ampache,exposure http: diff --git a/http/misconfiguration/apache-drill-exposure.yaml b/http/misconfiguration/apache-drill-exposure.yaml index 7eb51201daf..2a94ba66cf3 100644 --- a/http/misconfiguration/apache-drill-exposure.yaml +++ b/http/misconfiguration/apache-drill-exposure.yaml @@ -12,9 +12,7 @@ info: max-request: 1 vendor: apache product: drill - shodan-query: http.title:"apache drill" - fofa-query: title="apache drill" - google-query: intitle:"apache drill" + shodan-query: title:"Apache Drill" tags: misconfig,exposure,apache,drill http: diff --git a/http/misconfiguration/apache-druid-unauth.yaml b/http/misconfiguration/apache-druid-unauth.yaml index eb9cd61ed4e..920755e7e2c 100644 --- a/http/misconfiguration/apache-druid-unauth.yaml +++ b/http/misconfiguration/apache-druid-unauth.yaml @@ -12,9 +12,7 @@ info: max-request: 1 vendor: apache product: druid - shodan-query: http.title:"apache druid" - fofa-query: title="apache druid" - google-query: intitle:"apache druid" + shodan-query: title:"Apache Druid" tags: misconfig,druid,unauth,apache http: diff --git a/http/misconfiguration/apache-impala.yaml b/http/misconfiguration/apache-impala.yaml index 8e4a513a7b9..9ce985712d7 100644 --- a/http/misconfiguration/apache-impala.yaml +++ b/http/misconfiguration/apache-impala.yaml @@ -14,8 +14,7 @@ info: max-request: 1 vendor: apache product: impala - shodan-query: http.favicon.hash:"587330928" - fofa-query: icon_hash=587330928 + shodan-query: http.favicon.hash:587330928 tags: misconfig,apache,impala http: diff --git a/http/misconfiguration/apache-struts-showcase.yaml b/http/misconfiguration/apache-struts-showcase.yaml index 36993d5e053..98c499df003 100644 --- a/http/misconfiguration/apache-struts-showcase.yaml +++ b/http/misconfiguration/apache-struts-showcase.yaml @@ -14,15 +14,7 @@ info: max-request: 2 vendor: apache product: struts - shodan-query: - - http.title:"struts2 showcase" - - http.html:"apache struts" - - http.html:"struts problem report" - fofa-query: - - body="apache struts" - - body="struts problem report" - - title="struts2 showcase" - google-query: intitle:"struts2 showcase" + shodan-query: title:"Struts2 Showcase" tags: apache,struts,showcase,misconfig,exposure http: diff --git a/http/misconfiguration/apache/apache-nifi-unauth.yaml b/http/misconfiguration/apache/apache-nifi-unauth.yaml index 925bbbf28ee..5fe0ce89aa0 100644 --- a/http/misconfiguration/apache/apache-nifi-unauth.yaml +++ b/http/misconfiguration/apache/apache-nifi-unauth.yaml @@ -16,13 +16,10 @@ info: metadata: verified: true max-request: 1 - vendor: apache + shodan-query: title:"NiFi" + fofa-query: title="nifi" && body="Did you mean" product: nifi - shodan-query: http.title:"nifi" - fofa-query: - - title="nifi" && body="did you mean" - - title="nifi" - google-query: intitle:"nifi" + vendor: apache tags: misconfig,apache,nifi,unauth http: diff --git a/http/misconfiguration/apache/apache-zeppelin-unauth.yaml b/http/misconfiguration/apache/apache-zeppelin-unauth.yaml index 1ee978d1976..b14909ea6e9 100644 --- a/http/misconfiguration/apache/apache-zeppelin-unauth.yaml +++ b/http/misconfiguration/apache/apache-zeppelin-unauth.yaml @@ -16,13 +16,10 @@ info: metadata: verified: true max-request: 1 - vendor: apache + shodan-query: title:"Zeppelin" + fofa-query: title="Zeppelin" product: zeppelin - shodan-query: http.title:"zeppelin" - fofa-query: - - title="zeppelin" - - app="apache-zeppelin" - google-query: intitle:"zeppelin" + vendor: apache tags: misconfig,apache,zeppelin,unauth http: diff --git a/http/misconfiguration/apollo-adminservice-unauth.yaml b/http/misconfiguration/apollo-adminservice-unauth.yaml index b4930ef691a..5b7c9533943 100644 --- a/http/misconfiguration/apollo-adminservice-unauth.yaml +++ b/http/misconfiguration/apollo-adminservice-unauth.yaml @@ -16,15 +16,10 @@ info: metadata: verified: true max-request: 1 - vendor: ctrip + shodan-query: http.html:"apollo-adminservice" product: apollo - shodan-query: - - http.html:"apollo-adminservice" - - http.favicon.hash:"11794165" - fofa-query: - - body="apollo-adminservice" - - icon_hash=11794165 - tags: misconfig,unauth,apollo,apolloadminservice,ctrip + vendor: ctrip + tags: misconfig,unauth,apollo,apolloadminservice http: - method: GET diff --git a/http/misconfiguration/apple-cups-exposure.yaml b/http/misconfiguration/apple-cups-exposure.yaml index 8c7009728b1..b8292969197 100644 --- a/http/misconfiguration/apple-cups-exposure.yaml +++ b/http/misconfiguration/apple-cups-exposure.yaml @@ -15,8 +15,7 @@ info: max-request: 1 vendor: apple product: cups - shodan-query: http.html:"home - cups" - fofa-query: body="home - cups" + shodan-query: html:"Home - CUPS" tags: apple,cups,exposure,misconfig http: diff --git a/http/misconfiguration/atlantis-dashboard.yaml b/http/misconfiguration/atlantis-dashboard.yaml index 34990bbd32a..2795ef70bdf 100644 --- a/http/misconfiguration/atlantis-dashboard.yaml +++ b/http/misconfiguration/atlantis-dashboard.yaml @@ -12,9 +12,7 @@ info: vendor: runatlantis product: atlantis shodan-query: http.favicon.hash:"-1706783005" - fofa-query: - - icon_hash=-1706783005 - - icon_hash="-1706783005" + fofa-query: icon_hash=-1706783005 tags: misconfig,atlantis,runatlantis,exposure http: diff --git a/http/misconfiguration/atlassian-bamboo-build.yaml b/http/misconfiguration/atlassian-bamboo-build.yaml index 9a47cf43900..b333d83fbde 100644 --- a/http/misconfiguration/atlassian-bamboo-build.yaml +++ b/http/misconfiguration/atlassian-bamboo-build.yaml @@ -11,20 +11,7 @@ info: max-request: 1 vendor: atlassian product: bamboo - shodan-query: - - http.title:"build dashboard - atlassian bamboo" - - http.favicon.hash:"-1379982221" - - http.title:"bamboo setup wizard" - - http.title:"bamboo" - fofa-query: - - icon_hash=-1379982221 - - title="bamboo setup wizard" - - title="bamboo" - - title="build dashboard - atlassian bamboo" - google-query: - - intitle:"bamboo setup wizard" - - intitle:"bamboo" - - intitle:"build dashboard - atlassian bamboo" + shodan-query: title:"Build Dashboard - Atlassian Bamboo" tags: misconfig,atlassian,bamboo http: diff --git a/http/misconfiguration/aws/aws-s3-explorer.yaml b/http/misconfiguration/aws/aws-s3-explorer.yaml index 1b24f285538..e8e2d2eebcd 100644 --- a/http/misconfiguration/aws/aws-s3-explorer.yaml +++ b/http/misconfiguration/aws/aws-s3-explorer.yaml @@ -15,9 +15,9 @@ info: metadata: verified: true max-request: 1 - vendor: amazon + google-query: inurl:s3.amazonaws.com intitle:"AWS S3 Explorer" product: aws_javascript_s3_explorer - google-query: inurl:s3.amazonaws.com intitle:"aws s3 explorer" + vendor: amazon tags: s3,edb,misconfig,aws,amazon http: diff --git a/http/misconfiguration/bitbucket-auth-bypass.yaml b/http/misconfiguration/bitbucket-auth-bypass.yaml index 4fbff2f4802..c4cb4e4cb00 100644 --- a/http/misconfiguration/bitbucket-auth-bypass.yaml +++ b/http/misconfiguration/bitbucket-auth-bypass.yaml @@ -15,9 +15,8 @@ info: max-request: 1 vendor: atlassian product: bitbucket_data_center - shodan-query: http.title:"log in - bitbucket" - fofa-query: title="log in - bitbucket" - google-query: intitle:"log in - bitbucket" + shodan-query: title:"Log in - Bitbucket" + fofa-query: title="Log in - Bitbucket" tags: misconfig,atlassian,bitbucket,auth-bypass http: diff --git a/http/misconfiguration/bitbucket-public-repository.yaml b/http/misconfiguration/bitbucket-public-repository.yaml index 106077efd24..5f3209d4b76 100644 --- a/http/misconfiguration/bitbucket-public-repository.yaml +++ b/http/misconfiguration/bitbucket-public-repository.yaml @@ -12,12 +12,8 @@ info: max-request: 2 vendor: atlassian product: bitbucket - shodan-query: - - http.component:"bitbucket" - - cpe:"cpe:2.3:a:atlassian:bitbucket" - - http.html:"bitbucket-pipelines.yml" - fofa-query: body="bitbucket-pipelines.yml" - tags: misconfig,bitbucket,atlassian + shodan-query: http.component:"Bitbucket" + tags: misconfig,bitbucket http: - method: GET diff --git a/http/misconfiguration/bootstrap-admin-panel-template.yaml b/http/misconfiguration/bootstrap-admin-panel-template.yaml index b41f28a1593..f0a4e06585e 100644 --- a/http/misconfiguration/bootstrap-admin-panel-template.yaml +++ b/http/misconfiguration/bootstrap-admin-panel-template.yaml @@ -13,12 +13,10 @@ info: metadata: verified: true max-request: 1 - vendor: teamworktec + shodan-query: title:"Dashboard - Bootstrap Admin Template" product: responsive_bootstrap_admin_template - shodan-query: http.title:"dashboard - bootstrap admin template" - fofa-query: title="dashboard - bootstrap admin template" - google-query: intitle:"dashboard - bootstrap admin template" - tags: bootstrap,panel,misconfig,exposure,teamworktec + vendor: teamworktec + tags: bootstrap,panel,misconfig,exposure http: - method: GET diff --git a/http/misconfiguration/browserless-debugger.yaml b/http/misconfiguration/browserless-debugger.yaml index b82240886d6..35362f1b41c 100644 --- a/http/misconfiguration/browserless-debugger.yaml +++ b/http/misconfiguration/browserless-debugger.yaml @@ -14,8 +14,6 @@ info: vendor: browserless product: chrome shodan-query: http.title:"browserless debugger" - fofa-query: title="browserless debugger" - google-query: intitle:"browserless debugger" tags: browserless,unauth,debug,misconfig http: diff --git a/http/misconfiguration/canon-c3325-unauth.yaml b/http/misconfiguration/canon-c3325-unauth.yaml index d173e158435..dcb9190ec11 100644 --- a/http/misconfiguration/canon-c3325-unauth.yaml +++ b/http/misconfiguration/canon-c3325-unauth.yaml @@ -10,7 +10,7 @@ info: verified: true max-request: 1 shodan-query: title:"c3325" - tags: canon,c3325,unauth,exposure,misconfig + tags: canon,c3325,unauth,exposure http: - method: GET diff --git a/http/misconfiguration/casdoor-users-password.yaml b/http/misconfiguration/casdoor-users-password.yaml index 3d421817260..2d7a95c3cad 100644 --- a/http/misconfiguration/casdoor-users-password.yaml +++ b/http/misconfiguration/casdoor-users-password.yaml @@ -15,10 +15,8 @@ info: max-request: 1 vendor: casbin product: casdoor - fofa-query: title="casdoor" - shodan-query: http.title:"casdoor" - google-query: intitle:"casdoor" - tags: casdoor,exposure,misconfig,disclosure,casbin + fofa-query: title="Casdoor" + tags: casdoor,exposure,misconfig,disclosure http: - method: GET diff --git a/http/misconfiguration/changedetection-unauth.yaml b/http/misconfiguration/changedetection-unauth.yaml index e0e2b605c4d..36f68e4f303 100644 --- a/http/misconfiguration/changedetection-unauth.yaml +++ b/http/misconfiguration/changedetection-unauth.yaml @@ -10,7 +10,7 @@ info: verified: true max-request: 1 shodan-query: html:"Change Detection" - tags: changedetection,unauth,exposure,misconfig + tags: changedetection,unauth,exposure http: - method: GET diff --git a/http/misconfiguration/chatgpt-web-unauth.yaml b/http/misconfiguration/chatgpt-web-unauth.yaml index f6268f3c147..16a44e1716b 100644 --- a/http/misconfiguration/chatgpt-web-unauth.yaml +++ b/http/misconfiguration/chatgpt-web-unauth.yaml @@ -12,10 +12,8 @@ info: max-request: 1 vendor: chanzhaoyu product: chatgpt_web - fofa-query: - - app="chatgpt-web" - - title="chatgpt个人专用版" - tags: chatgpt,unauth,misconfig,chanzhaoyu + fofa-query: app="Chatgpt-web" + tags: chatgpt,unauth,misconfig http: - raw: diff --git a/http/misconfiguration/clickhouse-unauth-api.yaml b/http/misconfiguration/clickhouse-unauth-api.yaml index 29839e14790..93b3eac8f38 100644 --- a/http/misconfiguration/clickhouse-unauth-api.yaml +++ b/http/misconfiguration/clickhouse-unauth-api.yaml @@ -15,9 +15,7 @@ info: max-request: 1 vendor: clickhouse product: clickhouse - shodan-query: - - x-clickhouse-summary - - cpe:"cpe:2.3:a:yandex:clickhouse" + shodan-query: "X-ClickHouse-Summary" fofa-query: "X-ClickHouse-Summary" tags: misconfig,clickhouse,unauth,disclosure diff --git a/http/misconfiguration/codeigniter-errorpage.yaml b/http/misconfiguration/codeigniter-errorpage.yaml index bf7f162a676..95411b169d9 100644 --- a/http/misconfiguration/codeigniter-errorpage.yaml +++ b/http/misconfiguration/codeigniter-errorpage.yaml @@ -12,20 +12,8 @@ info: max-request: 1 vendor: codeigniter product: codeigniter - shodan-query: - - http.title:"error" html:"codeigniter" - - cpe:"cpe:2.3:a:codeigniter:codeigniter" - - http.title:"codeigniter application installer" - - http.title:"welcome to codeigniter" - fofa-query: - - title="errorexception" - - title="codeigniter application installer" - - title="error" html:"codeigniter" - - title="welcome to codeigniter" - google-query: - - intitle:"codeigniter application installer" - - intitle:"error" html:"codeigniter" - - intitle:"welcome to codeigniter" + shodan-query: title:"Error" html:"CodeIgniter" + fofa-query: title="ErrorException" tags: codeigniter,misconfig,error http: diff --git a/http/misconfiguration/codemeter-webadmin.yaml b/http/misconfiguration/codemeter-webadmin.yaml index 39e9164760c..ed808fc409e 100644 --- a/http/misconfiguration/codemeter-webadmin.yaml +++ b/http/misconfiguration/codemeter-webadmin.yaml @@ -12,9 +12,8 @@ info: max-request: 1 vendor: wibu product: codemeter - shodan-query: http.html:"codemeter" - fofa-query: body="codemeter" - tags: misconfig,exposure,codemeter,wibu + shodan-query: html:"CodeMeter" + tags: misconfig,exposure,codemeter http: - method: GET diff --git a/http/misconfiguration/confluence/confluence-oauth-admin.yaml b/http/misconfiguration/confluence/confluence-oauth-admin.yaml index 67b6a6adf10..04fed5f1baf 100644 --- a/http/misconfiguration/confluence/confluence-oauth-admin.yaml +++ b/http/misconfiguration/confluence/confluence-oauth-admin.yaml @@ -11,7 +11,7 @@ info: max-request: 2 vendor: atlassian product: confluence_server - shodan-query: http.component:"atlassian confluence" + shodan-query: http.component:"Atlassian Confluence" tags: misconfig,jira,confluence,atlassian http: diff --git a/http/misconfiguration/cookies-without-httponly.yaml b/http/misconfiguration/cookies-without-httponly.yaml index dad7c0d3bbb..8c8ecd791e7 100644 --- a/http/misconfiguration/cookies-without-httponly.yaml +++ b/http/misconfiguration/cookies-without-httponly.yaml @@ -14,10 +14,12 @@ info: - https://owasp.org/www-community/HttpOnly classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 metadata: verified: true - max-request: 2 + max-request: 1 tags: misconfig,http,cookie,generic + flow: | http() javascript() diff --git a/http/misconfiguration/cookies-without-secure.yaml b/http/misconfiguration/cookies-without-secure.yaml index 4142705b096..93ea1a48183 100644 --- a/http/misconfiguration/cookies-without-secure.yaml +++ b/http/misconfiguration/cookies-without-secure.yaml @@ -14,10 +14,12 @@ info: - https://owasp.org/www-community/controls/SecureCookieAttribute classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 metadata: verified: true - max-request: 2 + max-request: 1 tags: misconfig,http,cookie,generic + flow: | http() javascript() diff --git a/http/misconfiguration/corebos-htaccess.yaml b/http/misconfiguration/corebos-htaccess.yaml index 32f1163b5b9..8e13090963d 100644 --- a/http/misconfiguration/corebos-htaccess.yaml +++ b/http/misconfiguration/corebos-htaccess.yaml @@ -11,9 +11,9 @@ info: metadata: verified: true max-request: 1 - vendor: corebos - product: corebos shodan-query: http.html:"corebos" + product: corebos + vendor: corebos fofa-query: body="corebos" tags: exposure,corebos,huntr,misconfig diff --git a/http/misconfiguration/debug/ampache-debug.yaml b/http/misconfiguration/debug/ampache-debug.yaml index b63baade913..a22bd202976 100644 --- a/http/misconfiguration/debug/ampache-debug.yaml +++ b/http/misconfiguration/debug/ampache-debug.yaml @@ -11,20 +11,7 @@ info: max-request: 2 vendor: ampache product: ampache - shodan-query: - - http.title:"ampache -- debug page" - - http.html:"ampache update" - - http.title:"for the love of music - installation" - - http.title:"for the love of music" - fofa-query: - - body="ampache update" - - title="ampache -- debug page" - - title="for the love of music - installation" - - title="for the love of music" - google-query: - - intitle:"ampache -- debug page" - - intitle:"for the love of music - installation" - - intitle:"for the love of music" + shodan-query: http.title:"Ampache -- Debug Page" tags: misconfig,ampache,debug http: diff --git a/http/misconfiguration/debug/bottle-debug.yaml b/http/misconfiguration/debug/bottle-debug.yaml index 5ef4d0b14e5..9ae80408767 100644 --- a/http/misconfiguration/debug/bottle-debug.yaml +++ b/http/misconfiguration/debug/bottle-debug.yaml @@ -13,9 +13,8 @@ info: max-request: 1 vendor: bottlepy product: bottle - shodan-query: http.html:"sorry, the requested url" - fofa-query: body="sorry, the requested url" - tags: bottle,exposure,debug,misconfig,bottlepy + shodan-query: html:"Sorry, the requested URL" + tags: bottle,exposure,debug,misconfig http: - method: GET diff --git a/http/misconfiguration/debug/flask-werkzeug-debug.yaml b/http/misconfiguration/debug/flask-werkzeug-debug.yaml index aca05ad563f..89c8ee1d137 100644 --- a/http/misconfiguration/debug/flask-werkzeug-debug.yaml +++ b/http/misconfiguration/debug/flask-werkzeug-debug.yaml @@ -12,11 +12,8 @@ info: max-request: 1 vendor: palletsprojects product: werkzeug - shodan-query: - - http.html:"werkzeug powered traceback interpreter" - - cpe:"cpe:2.3:a:palletsprojects:werkzeug" - fofa-query: body="werkzeug powered traceback interpreter" - tags: werkzeug,exposure,debug,misconfig,palletsprojects + shodan-query: html:"Werkzeug powered traceback interpreter" + tags: werkzeug,exposure,debug,misconfig http: - method: GET diff --git a/http/misconfiguration/debug/github-debug.yaml b/http/misconfiguration/debug/github-debug.yaml index ab1bf8ba53c..83f2e0c2089 100644 --- a/http/misconfiguration/debug/github-debug.yaml +++ b/http/misconfiguration/debug/github-debug.yaml @@ -11,9 +11,7 @@ info: max-request: 1 vendor: github product: github - shodan-query: http.title:"github debug" - fofa-query: title="github debug" - google-query: intitle:"github debug" + shodan-query: http.title:"GitHub Debug" tags: misconfig,github,debug http: diff --git a/http/misconfiguration/deployment-interface-exposed.yaml b/http/misconfiguration/deployment-interface-exposed.yaml index 9979f2abf74..7deaecd0a72 100644 --- a/http/misconfiguration/deployment-interface-exposed.yaml +++ b/http/misconfiguration/deployment-interface-exposed.yaml @@ -5,7 +5,7 @@ info: author: DhiyaneshDK severity: medium description: | - Deployment Management Interface is exposed. This exposure could potentially allow unauthorized access to the management interface + Deployment Management Interface is exposed. This exposure could potentially allow unauthorized access to the management interface metadata: verified: true max-request: 1 diff --git a/http/misconfiguration/dgraph-dashboard-exposure.yaml b/http/misconfiguration/dgraph-dashboard-exposure.yaml index c70b40ee4b6..30ad7983cd6 100644 --- a/http/misconfiguration/dgraph-dashboard-exposure.yaml +++ b/http/misconfiguration/dgraph-dashboard-exposure.yaml @@ -12,12 +12,10 @@ info: cpe: cpe:2.3:a:dgraph:dgraph:*:*:*:*:go:*:*:* metadata: max-request: 1 - vendor: dgraph + shodan-query: http.title:"Dgraph Ratel Dashboard" product: dgraph - shodan-query: http.title:"dgraph ratel dashboard" - fofa-query: title="dgraph ratel dashboard" - google-query: intitle:"dgraph ratel dashboard" - tags: exposure,unauth,panel,misconfig,dgraph + vendor: dgraph + tags: exposure,unauth,panel,misconfig http: - method: GET diff --git a/http/misconfiguration/directory-listing-no-host-header.yaml b/http/misconfiguration/directory-listing-no-host-header.yaml index 2e23b8c06e9..2b4b6d4034d 100644 --- a/http/misconfiguration/directory-listing-no-host-header.yaml +++ b/http/misconfiguration/directory-listing-no-host-header.yaml @@ -8,7 +8,7 @@ info: The HTTP server is configured to list files in the root directory when no Host header is provided. metadata: verified: true - max-request: 2 + max-request: 1 tags: misconfig,listing flow: http(1) && http(2) diff --git a/http/misconfiguration/dlink-n300-backup.yaml b/http/misconfiguration/dlink-n300-backup.yaml index 514397573cc..f0e28fa6868 100644 --- a/http/misconfiguration/dlink-n300-backup.yaml +++ b/http/misconfiguration/dlink-n300-backup.yaml @@ -12,7 +12,7 @@ info: max-request: 1 shodan-query: 'Server: Virtual Web 0.9' fofa-query: body="DSL-124" - tags: dsl,d-link,disclosure,backup,misconfig + tags: dsl,d-link,disclosure,backup http: - raw: diff --git a/http/misconfiguration/dlink-unauth-cgi-script.yaml b/http/misconfiguration/dlink-unauth-cgi-script.yaml index 10f998185be..505c04ee86d 100644 --- a/http/misconfiguration/dlink-unauth-cgi-script.yaml +++ b/http/misconfiguration/dlink-unauth-cgi-script.yaml @@ -15,7 +15,7 @@ info: max-request: 1 vendor: dlink product: dns-345 - fofa-query: app="d_link-dns" + fofa-query: "app=\"D_Link-DNS\"" tags: unauth,dlink,misconfig http: diff --git a/http/misconfiguration/docmosis-tornado-server.yaml b/http/misconfiguration/docmosis-tornado-server.yaml index 7dc6034d9be..f2a93fe4552 100644 --- a/http/misconfiguration/docmosis-tornado-server.yaml +++ b/http/misconfiguration/docmosis-tornado-server.yaml @@ -12,10 +12,8 @@ info: max-request: 1 vendor: docmosis product: tornado - shodan-query: http.title:"docmosis tornado" - fofa-query: title="docmosis tornado" - google-query: intitle:"docmosis tornado" - tags: misconfig,tornado,exposure,docmosis + shodan-query: title:"Docmosis Tornado" + tags: misconfig,tornado,exposure http: - method: GET diff --git a/http/misconfiguration/drupal/drupal-user-enum-ajax.yaml b/http/misconfiguration/drupal/drupal-user-enum-ajax.yaml index f948595f711..576bb707a4f 100644 --- a/http/misconfiguration/drupal/drupal-user-enum-ajax.yaml +++ b/http/misconfiguration/drupal/drupal-user-enum-ajax.yaml @@ -6,11 +6,11 @@ info: severity: info metadata: max-request: 4 - vendor: drupal - product: drupal shodan-query: - http.component:"drupal" - cpe:"cpe:2.3:a:drupal:drupal" + product: drupal + vendor: drupal tags: drupal,misconfig http: diff --git a/http/misconfiguration/drupal/drupal-user-enum-redirect.yaml b/http/misconfiguration/drupal/drupal-user-enum-redirect.yaml index 4c3ea32a868..ff1bd308d05 100644 --- a/http/misconfiguration/drupal/drupal-user-enum-redirect.yaml +++ b/http/misconfiguration/drupal/drupal-user-enum-redirect.yaml @@ -11,9 +11,7 @@ info: max-request: 4 vendor: drupal product: drupal - shodan-query: - - http.component:"drupal" - - cpe:"cpe:2.3:a:drupal:drupal" + shodan-query: http.component:"Drupal" tags: drupal,misconfig http: diff --git a/http/misconfiguration/elasticsearch.yaml b/http/misconfiguration/elasticsearch.yaml index 4a28849e345..bb626d91c89 100644 --- a/http/misconfiguration/elasticsearch.yaml +++ b/http/misconfiguration/elasticsearch.yaml @@ -13,7 +13,6 @@ info: vendor: elasticsearch product: elasticsearch shodan-query: "ElasticSearch" - fofa-query: index_not_found_exception tags: elastic,unauth,elasticsearch,misconfig http: diff --git a/http/misconfiguration/envoy-admin-exposure.yaml b/http/misconfiguration/envoy-admin-exposure.yaml index 087d3c250f3..460c96fa504 100644 --- a/http/misconfiguration/envoy-admin-exposure.yaml +++ b/http/misconfiguration/envoy-admin-exposure.yaml @@ -14,12 +14,8 @@ info: max-request: 1 vendor: envoyproxy product: envoy - shodan-query: - - http.title:"envoy admin" - - cpe:"cpe:2.3:a:envoyproxy:envoy" - fofa-query: title="envoy admin" - google-query: intitle:"envoy admin" - tags: misconfig,envoy,exposure,envoyproxy + shodan-query: title:"Envoy Admin" + tags: misconfig,envoy,exposure http: - method: GET diff --git a/http/misconfiguration/esphome-dashboard.yaml b/http/misconfiguration/esphome-dashboard.yaml index f0439fa2db8..37605f9a9ac 100644 --- a/http/misconfiguration/esphome-dashboard.yaml +++ b/http/misconfiguration/esphome-dashboard.yaml @@ -13,15 +13,7 @@ info: max-request: 1 vendor: esphome product: esphome - shodan-query: - - http.title:"dashboard - esphome" - - http.title:"login - esphome" - fofa-query: - - title="dashboard - esphome" - - title="login - esphome" - google-query: - - intitle:"dashboard - esphome" - - intitle:"login - esphome" + shodan-query: title:"Dashboard - ESPHome" tags: misconfig,esphome,exposure,iot http: diff --git a/http/misconfiguration/everything-listing.yaml b/http/misconfiguration/everything-listing.yaml index c3e349e9c2d..85f32c2ed93 100644 --- a/http/misconfiguration/everything-listing.yaml +++ b/http/misconfiguration/everything-listing.yaml @@ -15,8 +15,7 @@ info: max-request: 1 vendor: voidtools product: everything - shodan-query: http.favicon.hash:"-977323269" - fofa-query: icon_hash=-977323269 + shodan-query: http.favicon.hash:-977323269 tags: exposure,everything,listing,voidtools,misconfig http: diff --git a/http/misconfiguration/feiyuxing-info-leak.yaml b/http/misconfiguration/feiyuxing-info-leak.yaml index 3ff3c6504fd..ce603b36f13 100644 --- a/http/misconfiguration/feiyuxing-info-leak.yaml +++ b/http/misconfiguration/feiyuxing-info-leak.yaml @@ -18,7 +18,7 @@ info: vendor: feiyuxing product: vec40g_firmware fofa-query: title="飞鱼星企业级智能上网行为管理系统" - tags: misconfig,exposure,iot,wpa,wpa2,feiyuxing + tags: misconfig,exposure,iot,wpa,wpa2 http: - method: GET diff --git a/http/misconfiguration/filebrowser-unauth.yaml b/http/misconfiguration/filebrowser-unauth.yaml index 5a0cd1ee308..ce5b352659a 100644 --- a/http/misconfiguration/filebrowser-unauth.yaml +++ b/http/misconfiguration/filebrowser-unauth.yaml @@ -10,9 +10,9 @@ info: metadata: verified: true max-request: 2 - vendor: filebrowser + shodan-query: http.favicon.hash:1052926265 product: filebrowser - shodan-query: http.favicon.hash:"1052926265" + vendor: filebrowser fofa-query: icon_hash=1052926265 tags: misconfig,filebrowser,unauth diff --git a/http/misconfiguration/freshrss-unauth.yaml b/http/misconfiguration/freshrss-unauth.yaml index d431ba7cd53..c74d9c00ad5 100644 --- a/http/misconfiguration/freshrss-unauth.yaml +++ b/http/misconfiguration/freshrss-unauth.yaml @@ -13,11 +13,7 @@ info: max-request: 1 vendor: freshrss product: freshrss - shodan-query: http.title:"freshrss" - fofa-query: - - title="freshrss" - - title="installation · freshrss" - google-query: intitle:"freshrss" + shodan-query: title:"Freshrss" tags: freshrss,misconfig,unauth,exposed http: diff --git a/http/misconfiguration/fusionauth-admin-setup.yaml b/http/misconfiguration/fusionauth-admin-setup.yaml index 86b80399cb4..7d0002da707 100644 --- a/http/misconfiguration/fusionauth-admin-setup.yaml +++ b/http/misconfiguration/fusionauth-admin-setup.yaml @@ -12,15 +12,8 @@ info: max-request: 1 vendor: fusionauth product: fusionauth - shodan-query: - - http.title:"fusionauth setup wizard" - - http.title:"fusionauth" - fofa-query: - - title="fusionauth setup wizard" - - title="fusionauth" - google-query: - - intitle:"fusionauth setup wizard" - - intitle:"fusionauth" + shodan-query: title:"FusionAuth Setup Wizard" + fofa-query: title="FusionAuth Setup Wizard" tags: misconfig,fusionauth,admin,setup http: diff --git a/http/misconfiguration/ganglia-cluster-dashboard.yaml b/http/misconfiguration/ganglia-cluster-dashboard.yaml index 8ffadd74447..039292ec1f8 100644 --- a/http/misconfiguration/ganglia-cluster-dashboard.yaml +++ b/http/misconfiguration/ganglia-cluster-dashboard.yaml @@ -13,8 +13,7 @@ info: max-request: 2 vendor: ganglia product: ganglia-web - shodan-query: http.html:"ganglia_form.submit()" - fofa-query: body="ganglia_form.submit()" + shodan-query: html:"ganglia_form.submit()" tags: misconfig,ganglia,dashboard http: diff --git a/http/misconfiguration/genieacs-default-jwt.yaml b/http/misconfiguration/genieacs-default-jwt.yaml index ee502b5e891..db8c8976a73 100644 --- a/http/misconfiguration/genieacs-default-jwt.yaml +++ b/http/misconfiguration/genieacs-default-jwt.yaml @@ -18,7 +18,7 @@ info: product: genieacs shodan-query: - http.html:"genieacs" - - http.favicon.hash:"-2098066288" + - http.favicon.hash:-2098066288 fofa-query: - body="genieacs" - icon_hash=-2098066288 diff --git a/http/misconfiguration/git-web-interface.yaml b/http/misconfiguration/git-web-interface.yaml index 4d8a6bf5637..04d22e8a91a 100644 --- a/http/misconfiguration/git-web-interface.yaml +++ b/http/misconfiguration/git-web-interface.yaml @@ -11,10 +11,8 @@ info: max-request: 1 vendor: git-scm product: git - shodan-query: - - http.html:"git web interface version" - - x-jenkins - tags: git,misconfig,git-scm + shodan-query: html:"git web interface version" + tags: git,misconfig http: - method: GET diff --git a/http/misconfiguration/gitea-public-signup.yaml b/http/misconfiguration/gitea-public-signup.yaml index d095d9cc9ea..56863447b61 100644 --- a/http/misconfiguration/gitea-public-signup.yaml +++ b/http/misconfiguration/gitea-public-signup.yaml @@ -16,20 +16,7 @@ info: max-request: 1 vendor: gitea product: gitea - shodan-query: - - http.html:"powered by gitea" - - cpe:"cpe:2.3:a:gitea:gitea" - - http.html:"powered by gitea version" - - http.title:"gitea" - - 'http.title:"installation - gitea: git with a cup of tea"' - fofa-query: - - body="powered by gitea version" - - body="powered by gitea" - - title="gitea" - - 'title="installation - gitea: git with a cup of tea"' - google-query: - - intitle:"gitea" - - 'intitle:"installation - gitea: git with a cup of tea"' + shodan-query: html:"Powered by Gitea" tags: misconfig,gitea http: diff --git a/http/misconfiguration/gitlab/gitlab-public-repos.yaml b/http/misconfiguration/gitlab/gitlab-public-repos.yaml index b8cb6fe8d4d..7eadcef4673 100644 --- a/http/misconfiguration/gitlab/gitlab-public-repos.yaml +++ b/http/misconfiguration/gitlab/gitlab-public-repos.yaml @@ -13,16 +13,7 @@ info: max-request: 1 vendor: gitlab product: gitlab - shodan-query: - - http.title:"gitlab" - - cpe:"cpe:2.3:a:gitlab:gitlab" - - http.html:"gitlab enterprise edition" - - http.html:"gitlab-ci.yml" - fofa-query: - - body="gitlab enterprise edition" - - body="gitlab-ci.yml" - - title="gitlab" - google-query: intitle:"gitlab" + shodan-query: http.title:"GitLab" tags: gitlab,exposure,misconfig http: diff --git a/http/misconfiguration/gitlab/gitlab-public-signup.yaml b/http/misconfiguration/gitlab/gitlab-public-signup.yaml index 2404308cca7..27359e2df16 100644 --- a/http/misconfiguration/gitlab/gitlab-public-signup.yaml +++ b/http/misconfiguration/gitlab/gitlab-public-signup.yaml @@ -10,16 +10,7 @@ info: max-request: 2 vendor: gitlab product: gitlab - shodan-query: - - http.title:"gitlab" - - cpe:"cpe:2.3:a:gitlab:gitlab" - - http.html:"gitlab enterprise edition" - - http.html:"gitlab-ci.yml" - fofa-query: - - body="gitlab enterprise edition" - - body="gitlab-ci.yml" - - title="gitlab" - google-query: intitle:"gitlab" + shodan-query: http.title:"GitLab" tags: gitlab,misconfig http: diff --git a/http/misconfiguration/gitlist-disclosure.yaml b/http/misconfiguration/gitlist-disclosure.yaml index de6a645f81f..0ce1cb46087 100644 --- a/http/misconfiguration/gitlist-disclosure.yaml +++ b/http/misconfiguration/gitlist-disclosure.yaml @@ -11,11 +11,7 @@ info: max-request: 1 vendor: gitlist product: gitlist - shodan-query: - - http.title:"gitlist" - - cpe:"cpe:2.3:a:gitlist:gitlist" - fofa-query: title="gitlist" - google-query: intitle:"gitlist" + shodan-query: title:"GitList" tags: gitlist,misconfig http: diff --git a/http/misconfiguration/global-traffic-statistics.yaml b/http/misconfiguration/global-traffic-statistics.yaml index 77b7cb3d2a5..69bc3146a74 100644 --- a/http/misconfiguration/global-traffic-statistics.yaml +++ b/http/misconfiguration/global-traffic-statistics.yaml @@ -12,10 +12,8 @@ info: max-request: 1 vendor: f5 product: big-ip_global_traffic_manager - shodan-query: http.title:"global traffic statistics" - fofa-query: title="global traffic statistics" - google-query: intitle:"global traffic statistics" - tags: misconfig,global,exposure,f5 + shodan-query: title:"Global Traffic Statistics" + tags: misconfig,global,exposure http: - method: GET diff --git a/http/misconfiguration/gocd/gocd-cruise-configuration.yaml b/http/misconfiguration/gocd/gocd-cruise-configuration.yaml index ebf18e91e7e..02ce62c2c14 100644 --- a/http/misconfiguration/gocd/gocd-cruise-configuration.yaml +++ b/http/misconfiguration/gocd/gocd-cruise-configuration.yaml @@ -15,14 +15,8 @@ info: max-request: 1 vendor: thoughtworks product: gocd - shodan-query: - - http.title:"create a pipeline - go" html:"gocd version" - - http.html:"gocd version" - fofa-query: - - body="gocd version" - - title="create a pipeline - go" html:"gocd version" - google-query: intitle:"create a pipeline - go" html:"gocd version" - tags: go,gocd,config,exposure,misconfig,thoughtworks + shodan-query: http.title:"Create a pipeline - Go" html:"GoCD Version" + tags: go,gocd,config,exposure,misconfig http: - method: GET diff --git a/http/misconfiguration/gocd/gocd-encryption-key.yaml b/http/misconfiguration/gocd/gocd-encryption-key.yaml index 7bd95669db4..52ca964e933 100644 --- a/http/misconfiguration/gocd/gocd-encryption-key.yaml +++ b/http/misconfiguration/gocd/gocd-encryption-key.yaml @@ -15,14 +15,8 @@ info: max-request: 1 vendor: thoughtworks product: gocd - shodan-query: - - http.title:"create a pipeline - go" html:"gocd version" - - http.html:"gocd version" - fofa-query: - - body="gocd version" - - title="create a pipeline - go" html:"gocd version" - google-query: intitle:"create a pipeline - go" html:"gocd version" - tags: go,gocd,exposure,misconfig,thoughtworks + shodan-query: http.title:"Create a pipeline - Go" html:"GoCD Version" + tags: go,gocd,exposure,misconfig http: - method: GET diff --git a/http/misconfiguration/gocd/gocd-unauth-dashboard.yaml b/http/misconfiguration/gocd/gocd-unauth-dashboard.yaml index 536a0ef0993..8449d67aaf3 100644 --- a/http/misconfiguration/gocd/gocd-unauth-dashboard.yaml +++ b/http/misconfiguration/gocd/gocd-unauth-dashboard.yaml @@ -11,14 +11,8 @@ info: max-request: 1 vendor: thoughtworks product: gocd - shodan-query: - - http.title:"create a pipeline - go" html:"gocd version" - - http.html:"gocd version" - fofa-query: - - body="gocd version" - - title="create a pipeline - go" html:"gocd version" - google-query: intitle:"create a pipeline - go" html:"gocd version" - tags: go,gocd,unauth,misconfig,thoughtworks + shodan-query: http.title:"Create a pipeline - Go" html:"GoCD Version" + tags: go,gocd,unauth,misconfig http: - method: GET diff --git a/http/misconfiguration/grafana-public-signup.yaml b/http/misconfiguration/grafana-public-signup.yaml index c80e196fe19..dea4f795391 100644 --- a/http/misconfiguration/grafana-public-signup.yaml +++ b/http/misconfiguration/grafana-public-signup.yaml @@ -11,13 +11,7 @@ info: max-request: 1 vendor: grafana product: grafana - shodan-query: - - http.title:"grafana" - - cpe:"cpe:2.3:a:grafana:grafana" - fofa-query: - - app="grafana" - - title="grafana" - google-query: intitle:"grafana" + shodan-query: title:"Grafana" tags: grafana,intrusive,misconfig http: diff --git a/http/misconfiguration/graphql/graphql-alias-batching.yaml b/http/misconfiguration/graphql/graphql-alias-batching.yaml index f9ea4693654..8192f90e05c 100644 --- a/http/misconfiguration/graphql/graphql-alias-batching.yaml +++ b/http/misconfiguration/graphql/graphql-alias-batching.yaml @@ -18,12 +18,10 @@ info: cpe: cpe:2.3:a:graphql:playground:*:*:*:*:node.js:*:*:* metadata: max-request: 2 - vendor: graphql product: playground - shodan-query: http.title:"graphql playground" - fofa-query: title="graphql playground" - google-query: intitle:"graphql playground" + vendor: graphql tags: graphql,misconfig + variables: str: "{{to_lower(rand_text_alpha(5))}}" diff --git a/http/misconfiguration/graphql/graphql-playground.yaml b/http/misconfiguration/graphql/graphql-playground.yaml index 3359b37600b..ef2576a21c3 100644 --- a/http/misconfiguration/graphql/graphql-playground.yaml +++ b/http/misconfiguration/graphql/graphql-playground.yaml @@ -13,9 +13,7 @@ info: max-request: 1 vendor: graphql product: playground - shodan-query: http.title:"graphql playground" - fofa-query: title="graphql playground" - google-query: intitle:"graphql playground" + shodan-query: title:"GraphQL Playground" tags: misconfig,graphql http: diff --git a/http/misconfiguration/grav-register-admin.yaml b/http/misconfiguration/grav-register-admin.yaml index f0ac7aef1d7..5403e42534f 100644 --- a/http/misconfiguration/grav-register-admin.yaml +++ b/http/misconfiguration/grav-register-admin.yaml @@ -12,10 +12,8 @@ info: max-request: 1 vendor: getgrav product: grav_admin - shodan-query: http.title:"grav register admin user" - fofa-query: title="grav register admin user" - google-query: intitle:"grav register admin user" - tags: grav,register,admin,misconfig,getgrav + shodan-query: title:"Grav Register Admin User" + tags: grav,register,admin,misconfig http: - method: GET diff --git a/http/misconfiguration/h2o/h2o-arbitary-file-read.yaml b/http/misconfiguration/h2o/h2o-arbitary-file-read.yaml index 7fb32867c00..bdc8128b5ad 100644 --- a/http/misconfiguration/h2o/h2o-arbitary-file-read.yaml +++ b/http/misconfiguration/h2o/h2o-arbitary-file-read.yaml @@ -14,11 +14,9 @@ info: metadata: verified: true max-request: 1 - vendor: h2o + shodan-query: title:"H2O Flow" product: h2o - shodan-query: http.title:"h2o flow" - fofa-query: title="h2o flow" - google-query: intitle:"h2o flow" + vendor: h2o tags: h2o-3,h2o,info-leak,lfi,misconfig http: diff --git a/http/misconfiguration/h2o/h2o-dashboard.yaml b/http/misconfiguration/h2o/h2o-dashboard.yaml index bcdd487a8fd..10b811de7bc 100644 --- a/http/misconfiguration/h2o/h2o-dashboard.yaml +++ b/http/misconfiguration/h2o/h2o-dashboard.yaml @@ -13,9 +13,7 @@ info: max-request: 1 vendor: h2o product: h2o - shodan-query: http.title:"h2o flow" - fofa-query: title="h2o flow" - google-query: intitle:"h2o flow" + shodan-query: title:"H2O Flow" tags: misconfig,exposure,h2o,ml,unauth http: diff --git a/http/misconfiguration/haproxy-exporter-metrics.yaml b/http/misconfiguration/haproxy-exporter-metrics.yaml index 8bacfb5a1d6..32975715f38 100644 --- a/http/misconfiguration/haproxy-exporter-metrics.yaml +++ b/http/misconfiguration/haproxy-exporter-metrics.yaml @@ -12,9 +12,7 @@ info: max-request: 1 vendor: haproxy product: haproxy - shodan-query: http.title:"haproxy exporter" - fofa-query: title="haproxy exporter" - google-query: intitle:"haproxy exporter" + shodan-query: title:"haproxy exporter" tags: haproxy,exposure,debug,misconfig http: diff --git a/http/misconfiguration/helm-dashboard-exposure.yaml b/http/misconfiguration/helm-dashboard-exposure.yaml index 00cf9c7b1db..f7a1345b8fe 100644 --- a/http/misconfiguration/helm-dashboard-exposure.yaml +++ b/http/misconfiguration/helm-dashboard-exposure.yaml @@ -11,8 +11,7 @@ info: max-request: 1 vendor: helm product: helm - shodan-query: http.favicon.hash:"-594722214" - fofa-query: icon_hash=-594722214 + shodan-query: http.favicon.hash:-594722214 tags: helm,exposure,dashboard,misconfig http: diff --git a/http/misconfiguration/hfs-exposure.yaml b/http/misconfiguration/hfs-exposure.yaml index 7dbac883036..2478690efb7 100644 --- a/http/misconfiguration/hfs-exposure.yaml +++ b/http/misconfiguration/hfs-exposure.yaml @@ -11,14 +11,8 @@ info: max-request: 1 vendor: rejetto product: http_file_server - shodan-query: - - http.title:"hfs /" - - http.favicon.hash:"2124459909" - fofa-query: - - icon_hash=2124459909 - - title="hfs /" - google-query: intitle:"hfs /" - tags: misconfig,hfs,exposure,rejetto + shodan-query: title:"HFS /" + tags: misconfig,hfs,exposure http: - method: GET diff --git a/http/misconfiguration/hp/unauthorized-printer-hp.yaml b/http/misconfiguration/hp/unauthorized-printer-hp.yaml index 348ca9fa291..4484da7468d 100644 --- a/http/misconfiguration/hp/unauthorized-printer-hp.yaml +++ b/http/misconfiguration/hp/unauthorized-printer-hp.yaml @@ -11,9 +11,7 @@ info: max-request: 2 vendor: hp product: officejet_pro_8730_m9l80a - shodan-query: http.title:"hp officejet pro" - fofa-query: title="hp officejet pro" - google-query: intitle:"hp officejet pro" + shodan-query: http.title:"Hp Officejet pro" tags: hp,iot,unauth,misconfig http: diff --git a/http/misconfiguration/ibm-friendly-path-exposure.yaml b/http/misconfiguration/ibm-friendly-path-exposure.yaml index 133dfb27281..5c04a808108 100644 --- a/http/misconfiguration/ibm-friendly-path-exposure.yaml +++ b/http/misconfiguration/ibm-friendly-path-exposure.yaml @@ -13,10 +13,7 @@ info: max-request: 5 vendor: ibm product: websphere_portal - shodan-query: - - http.html:"ibm websphere portal" - - cpe:"cpe:2.3:a:ibm:websphere_portal" - fofa-query: body="ibm websphere portal" + shodan-query: http.html:"IBM WebSphere Portal" tags: ibm,exposure,websphere,misconfig http: diff --git a/http/misconfiguration/imgproxy-unauth.yaml b/http/misconfiguration/imgproxy-unauth.yaml index 2e488ad25bb..f8157c58905 100644 --- a/http/misconfiguration/imgproxy-unauth.yaml +++ b/http/misconfiguration/imgproxy-unauth.yaml @@ -16,13 +16,10 @@ info: metadata: verified: true max-request: 1 - vendor: evilmartians + shodan-query: html:"imgproxy" product: imgproxy - shodan-query: - - http.html:"imgproxy" - - server:"imgproxy" - fofa-query: body="imgproxy" - tags: imgproxy,unauth,misconfig,evilmartians + vendor: evilmartians + tags: imgproxy,unauth,misconfig variables: img_url: 'https://upload.wikimedia.org/wikipedia/commons/thumb/2/2f/Google_2015_logo.svg/375px-Google_2015_logo.svg.png' diff --git a/http/misconfiguration/ingress-nginx-valid-admission.yaml b/http/misconfiguration/ingress-nginx-valid-admission.yaml index d4bdab616d1..deb3a99be53 100644 --- a/http/misconfiguration/ingress-nginx-valid-admission.yaml +++ b/http/misconfiguration/ingress-nginx-valid-admission.yaml @@ -10,7 +10,7 @@ info: verified: true max-request: 1 shodan-query: ssl:"ingress-nginx" port:8443 - tags: tech,kubernetes,ingress,nginx,k8s,misconfig + tags: tech,kubernetes,ingress,nginx,k8s variables: string: "{{to_lower(rand_base(5))}}" diff --git a/http/misconfiguration/installer/activecollab-installer.yaml b/http/misconfiguration/installer/activecollab-installer.yaml index c1650f5e0d3..4cedee4bf92 100644 --- a/http/misconfiguration/installer/activecollab-installer.yaml +++ b/http/misconfiguration/installer/activecollab-installer.yaml @@ -15,10 +15,7 @@ info: max-request: 1 vendor: activecollab product: activecollab - shodan-query: http.html:"activecollab installer" - fofa-query: - - app="activecollab" - - body="activecollab installer" + shodan-query: html:"ActiveCollab Installer" tags: misconfig,install,exposure,activecollab http: diff --git a/http/misconfiguration/installer/adguard-installer.yaml b/http/misconfiguration/installer/adguard-installer.yaml index 68778370f3c..0772e20efba 100644 --- a/http/misconfiguration/installer/adguard-installer.yaml +++ b/http/misconfiguration/installer/adguard-installer.yaml @@ -13,9 +13,7 @@ info: max-request: 1 vendor: adguard product: adguard - fofa-query: - - title="setup adguard home" - - title="adguard home" + fofa-query: title="Setup AdGuard Home" tags: adguard,misconfig,install http: diff --git a/http/misconfiguration/installer/alma-installer.yaml b/http/misconfiguration/installer/alma-installer.yaml index 9e6101b598a..da96ed0eb07 100644 --- a/http/misconfiguration/installer/alma-installer.yaml +++ b/http/misconfiguration/installer/alma-installer.yaml @@ -12,10 +12,8 @@ info: max-request: 1 vendor: almapay product: alma - shodan-query: http.title:"alma installation" - fofa-query: title="alma installation" - google-query: intitle:"alma installation" - tags: misconfig,alma,install,exposure,almapay + shodan-query: title:"Alma Installation" + tags: misconfig,alma,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/ampache-music-installer.yaml b/http/misconfiguration/installer/ampache-music-installer.yaml index b8e26fa17b9..94e6c2748b7 100644 --- a/http/misconfiguration/installer/ampache-music-installer.yaml +++ b/http/misconfiguration/installer/ampache-music-installer.yaml @@ -12,20 +12,7 @@ info: max-request: 1 vendor: ampache product: ampache - shodan-query: - - http.title:"for the love of music - installation" - - http.html:"ampache update" - - http.title:"ampache -- debug page" - - http.title:"for the love of music" - fofa-query: - - body="ampache update" - - title="ampache -- debug page" - - title="for the love of music - installation" - - title="for the love of music" - google-query: - - intitle:"ampache -- debug page" - - intitle:"for the love of music - installation" - - intitle:"for the love of music" + shodan-query: title:"For the Love of Music - Installation" tags: misconfig,ampache,install,exposure http: diff --git a/http/misconfiguration/installer/atlassian-bamboo-setup-wizard.yaml b/http/misconfiguration/installer/atlassian-bamboo-setup-wizard.yaml index 621ca3b258e..90dbfa3c853 100644 --- a/http/misconfiguration/installer/atlassian-bamboo-setup-wizard.yaml +++ b/http/misconfiguration/installer/atlassian-bamboo-setup-wizard.yaml @@ -12,20 +12,7 @@ info: max-request: 1 vendor: atlassian product: bamboo - shodan-query: - - http.title:"bamboo setup wizard" - - http.favicon.hash:"-1379982221" - - http.title:"bamboo" - - http.title:"build dashboard - atlassian bamboo" - fofa-query: - - icon_hash=-1379982221 - - title="bamboo setup wizard" - - title="bamboo" - - title="build dashboard - atlassian bamboo" - google-query: - - intitle:"bamboo setup wizard" - - intitle:"bamboo" - - intitle:"build dashboard - atlassian bamboo" + shodan-query: title:"Bamboo setup wizard" tags: misconfig,atlassian,bamboo,setup,installer http: diff --git a/http/misconfiguration/installer/avideo-install.yaml b/http/misconfiguration/installer/avideo-install.yaml index b7bdb772171..d2483cc0c28 100644 --- a/http/misconfiguration/installer/avideo-install.yaml +++ b/http/misconfiguration/installer/avideo-install.yaml @@ -13,16 +13,11 @@ info: metadata: verified: true max-request: 1 - vendor: wwbn + shodan-query: http.title:"AVideo" + fofa-query: "AVideo" product: avideo - shodan-query: - - http.title:"avideo" - - http.html:"avideo" - fofa-query: - - avideo - - title="avideo" - google-query: intitle:"avideo" - tags: panel,install,avideo,misconfig,wwbn + vendor: wwbn + tags: panel,install,avideo,misconfig http: - method: GET diff --git a/http/misconfiguration/installer/bagisto-installer.yaml b/http/misconfiguration/installer/bagisto-installer.yaml index 2d7fe6e6ad8..74978ad9d16 100644 --- a/http/misconfiguration/installer/bagisto-installer.yaml +++ b/http/misconfiguration/installer/bagisto-installer.yaml @@ -12,12 +12,8 @@ info: max-request: 1 vendor: webkul product: bagisto - shodan-query: http.title:"bagisto installer" - fofa-query: - - bagisto - - title="bagisto installer" - google-query: intitle:"bagisto installer" - tags: misconfig,bagisto,install,exposure,webkul + shodan-query: http.title:"Bagisto Installer" + tags: misconfig,bagisto,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/basercms-install.yaml b/http/misconfiguration/installer/basercms-install.yaml index 1d1beab0127..fbeee5ab993 100644 --- a/http/misconfiguration/installer/basercms-install.yaml +++ b/http/misconfiguration/installer/basercms-install.yaml @@ -15,8 +15,8 @@ info: cvss-score: 9.4 cwe-id: CWE-284 metadata: - verified: true max-request: 1 + verified: true product: baserCMS shodan-query: http.favicon.hash:-236105569 fofa-query: app="baserCMS" diff --git a/http/misconfiguration/installer/bitrix24-installer.yaml b/http/misconfiguration/installer/bitrix24-installer.yaml index 94b66fed6a3..4d44b9f9662 100644 --- a/http/misconfiguration/installer/bitrix24-installer.yaml +++ b/http/misconfiguration/installer/bitrix24-installer.yaml @@ -12,12 +12,7 @@ info: max-request: 1 vendor: bitrix24 product: bitrix24 - shodan-query: - - http.favicon.hash:"-2115208104" - - http.html:"/bitrix/" - fofa-query: - - body="/bitrix/" - - icon_hash=-2115208104 + shodan-query: http.favicon.hash:-2115208104 tags: misconfig,bitrix24,install,exposure http: diff --git a/http/misconfiguration/installer/call-com-installer.yaml b/http/misconfiguration/installer/call-com-installer.yaml index c990d47ee12..b3f3723e93d 100644 --- a/http/misconfiguration/installer/call-com-installer.yaml +++ b/http/misconfiguration/installer/call-com-installer.yaml @@ -15,8 +15,7 @@ info: max-request: 1 vendor: cal product: cal.com - fofa-query: body="setup | cal.com" - shodan-query: http.html:"setup | cal.com" + fofa-query: body="Setup | Cal.com" tags: misconfig,install,exposure,cal http: diff --git a/http/misconfiguration/installer/chamilo-installer.yaml b/http/misconfiguration/installer/chamilo-installer.yaml index 7e079ce47ec..2befe5db5f8 100644 --- a/http/misconfiguration/installer/chamilo-installer.yaml +++ b/http/misconfiguration/installer/chamilo-installer.yaml @@ -12,12 +12,7 @@ info: max-request: 2 vendor: chamilo product: chamilo - shodan-query: - - http.title:"chamilo has not been installed" - - cpe:"cpe:2.3:a:chamilo:chamilo" - - http.component:"chamilo" - fofa-query: title="chamilo has not been installed" - google-query: intitle:"chamilo has not been installed" + shodan-query: title:"Chamilo has not been installed" tags: misconfig,chamilo,install,exposure http: diff --git a/http/misconfiguration/installer/circarlife-setup.yaml b/http/misconfiguration/installer/circarlife-setup.yaml index f8bfda59c02..22cd33123e7 100644 --- a/http/misconfiguration/installer/circarlife-setup.yaml +++ b/http/misconfiguration/installer/circarlife-setup.yaml @@ -15,11 +15,9 @@ info: metadata: verified: true max-request: 1 - vendor: circontrol + shodan-query: title:"- setup" html:"Modem setup" product: circarlife - shodan-query: http.title:"- setup" html:"modem setup" - fofa-query: title="- setup" html:"modem setup" - google-query: intitle:"- setup" html:"modem setup" + vendor: circontrol tags: scada,circontrol,circarlife,setup,exposure,panel,installer,misconfig http: diff --git a/http/misconfiguration/installer/clipbucket-installer.yaml b/http/misconfiguration/installer/clipbucket-installer.yaml index 52ddbc9537c..5a0998acd6c 100644 --- a/http/misconfiguration/installer/clipbucket-installer.yaml +++ b/http/misconfiguration/installer/clipbucket-installer.yaml @@ -12,9 +12,9 @@ info: max-request: 1 vendor: clip-bucket product: clipbucket - shodan-query: http.favicon.hash:"538583492" + shodan-query: http.favicon.hash:538583492 fofa-query: icon_hash="538583492" - tags: misconfig,clipbucket,install,exposure,clip-bucket + tags: misconfig,clipbucket,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/cloudcenter-installer.yaml b/http/misconfiguration/installer/cloudcenter-installer.yaml index dcca8e145ed..cd8d0004e33 100644 --- a/http/misconfiguration/installer/cloudcenter-installer.yaml +++ b/http/misconfiguration/installer/cloudcenter-installer.yaml @@ -12,9 +12,7 @@ info: max-request: 1 vendor: cisco product: cloudcenter - shodan-query: http.title:"cloudcenter installer" - fofa-query: title="cloudcenter installer" - google-query: intitle:"cloudcenter installer" + shodan-query: title:"CloudCenter Installer" tags: misconfig,cisco,cloudcenter,install,exposure http: diff --git a/http/misconfiguration/installer/codeigniter-installer.yaml b/http/misconfiguration/installer/codeigniter-installer.yaml index 0ea724ea769..86dec1adeec 100644 --- a/http/misconfiguration/installer/codeigniter-installer.yaml +++ b/http/misconfiguration/installer/codeigniter-installer.yaml @@ -12,20 +12,7 @@ info: max-request: 1 vendor: codeigniter product: codeigniter - shodan-query: - - http.title:"codeigniter application installer" - - cpe:"cpe:2.3:a:codeigniter:codeigniter" - - http.title:"error" html:"codeigniter" - - http.title:"welcome to codeigniter" - fofa-query: - - title="codeigniter application installer" - - title="error" html:"codeigniter" - - title="errorexception" - - title="welcome to codeigniter" - google-query: - - intitle:"codeigniter application installer" - - intitle:"error" html:"codeigniter" - - intitle:"welcome to codeigniter" + shodan-query: http.title:"Codeigniter Application Installer" tags: misconfig,codeigniter,install,exposure http: diff --git a/http/misconfiguration/installer/combodo-itop-installer.yaml b/http/misconfiguration/installer/combodo-itop-installer.yaml index 8666f68baf4..77a2d0638c4 100644 --- a/http/misconfiguration/installer/combodo-itop-installer.yaml +++ b/http/misconfiguration/installer/combodo-itop-installer.yaml @@ -14,15 +14,8 @@ info: max-request: 2 vendor: combodo product: itop - shodan-query: - - http.html:"installation" html:"itop" - - http.html:" itop login" - - http.html:"itop login" - fofa-query: - - body=" itop login" - - body="installation" html:"itop" - - body="itop login" - tags: misconfig,itop,install,exposure,combodo + shodan-query: html:"Installation" html:"itop" + tags: misconfig,itop,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/concrete-installer.yaml b/http/misconfiguration/installer/concrete-installer.yaml index 32d340d27a1..db3edebfa70 100644 --- a/http/misconfiguration/installer/concrete-installer.yaml +++ b/http/misconfiguration/installer/concrete-installer.yaml @@ -12,10 +12,8 @@ info: max-request: 1 vendor: concretecms product: concrete_cms - shodan-query: http.title:"install concrete" - fofa-query: title="install concrete" - google-query: intitle:"install concrete" - tags: misconfig,exposure,install,concrete,concretecms + shodan-query: title:"Install concrete" + tags: misconfig,exposure,install,concrete http: - method: GET diff --git a/http/misconfiguration/installer/connectwise-setup.yaml b/http/misconfiguration/installer/connectwise-setup.yaml index 0b464ab9f0e..5bf885eaaf0 100644 --- a/http/misconfiguration/installer/connectwise-setup.yaml +++ b/http/misconfiguration/installer/connectwise-setup.yaml @@ -11,10 +11,7 @@ info: max-request: 1 vendor: connectwise product: control - shodan-query: - - http.html:"contentpanel setupwizard" - - http.title="connectwise control remote support software" - fofa-query: body="contentpanel setupwizard" + shodan-query: html:"ContentPanel SetupWizard" tags: misconfig,exposure,install,connectwise http: diff --git a/http/misconfiguration/installer/custom-xoops-installer.yaml b/http/misconfiguration/installer/custom-xoops-installer.yaml index afc2e5ac5f9..bfb08a7606d 100644 --- a/http/misconfiguration/installer/custom-xoops-installer.yaml +++ b/http/misconfiguration/installer/custom-xoops-installer.yaml @@ -15,7 +15,7 @@ info: max-request: 1 vendor: xoops product: xoops - fofa-query: title="xoops custom installation" + fofa-query: title="XOOPS Custom Installation" tags: misconfig,xoops,installer http: diff --git a/http/misconfiguration/installer/discourse-installer.yaml b/http/misconfiguration/installer/discourse-installer.yaml index 85f8e01aad0..53840c63434 100644 --- a/http/misconfiguration/installer/discourse-installer.yaml +++ b/http/misconfiguration/installer/discourse-installer.yaml @@ -12,9 +12,7 @@ info: max-request: 1 vendor: discourse product: discourse - shodan-query: http.title:"discourse setup" - fofa-query: title="discourse setup" - google-query: intitle:"discourse setup" + shodan-query: title:"Discourse Setup" tags: misconfig,discourse,install http: diff --git a/http/misconfiguration/installer/dokuwiki-installer.yaml b/http/misconfiguration/installer/dokuwiki-installer.yaml index b9c67491030..f338b299914 100644 --- a/http/misconfiguration/installer/dokuwiki-installer.yaml +++ b/http/misconfiguration/installer/dokuwiki-installer.yaml @@ -12,14 +12,7 @@ info: max-request: 1 vendor: dokuwiki product: dokuwiki - shodan-query: - - http.title:"dokuwiki" - - cpe:"cpe:2.3:a:dokuwiki:dokuwiki" - - http.html:"/dokuwiki/" - fofa-query: - - body="/dokuwiki/" - - title="dokuwiki" - google-query: intitle:"dokuwiki" + shodan-query: title:"DokuWiki" tags: misconfig,dokuwiki,install,exposure http: diff --git a/http/misconfiguration/installer/dolibarr-installer.yaml b/http/misconfiguration/installer/dolibarr-installer.yaml index 1bf402d3d85..931f7594d5c 100644 --- a/http/misconfiguration/installer/dolibarr-installer.yaml +++ b/http/misconfiguration/installer/dolibarr-installer.yaml @@ -12,16 +12,8 @@ info: max-request: 1 vendor: dolibarr product: dolibarr_erp\\/crm - shodan-query: - - http.title:"dolibarr install or upgrade" - - http.title:"dolibarr" - fofa-query: - - title="dolibarr install or upgrade" - - title="dolibarr" - google-query: - - intitle:"dolibarr install or upgrade" - - intitle:"dolibarr" - tags: misconfig,exposure,install,dolibarr + shodan-query: title:"Dolibarr install or upgrade" + tags: misconfig,exposure,install http: - method: GET diff --git a/http/misconfiguration/installer/dolphin-installer.yaml b/http/misconfiguration/installer/dolphin-installer.yaml index 5dd0c282eca..b4bd08fe242 100644 --- a/http/misconfiguration/installer/dolphin-installer.yaml +++ b/http/misconfiguration/installer/dolphin-installer.yaml @@ -13,8 +13,7 @@ info: vendor: boonex product: dolphin fofa-query: icon_hash="-945121295" - shodan-query: http.favicon.hash:"-945121295" - tags: misconfig,dolphin,install,exposure,boonex + tags: misconfig,dolphin,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/drupal-install.yaml b/http/misconfiguration/installer/drupal-install.yaml index da57725faa0..1222c9a9943 100644 --- a/http/misconfiguration/installer/drupal-install.yaml +++ b/http/misconfiguration/installer/drupal-install.yaml @@ -7,11 +7,11 @@ info: description: Drupal Install panel exposed. metadata: max-request: 2 - vendor: drupal - product: drupal shodan-query: - http.component:"drupal" - cpe:"cpe:2.3:a:drupal:drupal" + product: drupal + vendor: drupal tags: misconfig,drupal,install,exposure http: diff --git a/http/misconfiguration/installer/ejbca-enterprise-installer.yaml b/http/misconfiguration/installer/ejbca-enterprise-installer.yaml index 0d8f274922d..0b8da0b0570 100644 --- a/http/misconfiguration/installer/ejbca-enterprise-installer.yaml +++ b/http/misconfiguration/installer/ejbca-enterprise-installer.yaml @@ -15,9 +15,8 @@ info: max-request: 1 vendor: primekey product: ejbca - shodan-query: http.html:"ejbca enterprise cloud configuration wizard" - fofa-query: body="ejbca enterprise cloud configuration wizard" - tags: misconfig,install,exposure,ejbca,primekey + shodan-query: html:"EJBCA Enterprise Cloud Configuration Wizard" + tags: misconfig,install,exposure,ejbca http: - method: GET diff --git a/http/misconfiguration/installer/elgg-install.yaml b/http/misconfiguration/installer/elgg-install.yaml index 4e97b058112..94fd30a1cc6 100644 --- a/http/misconfiguration/installer/elgg-install.yaml +++ b/http/misconfiguration/installer/elgg-install.yaml @@ -14,10 +14,7 @@ info: max-request: 1 vendor: elgg product: elgg - fofa-query: - - title="welcome to elgg" - - icon_hash="413602919" - shodan-query: http.favicon.hash:"413602919" + fofa-query: title="Welcome to Elgg" tags: install,elgg,exposure,misconfig http: diff --git a/http/misconfiguration/installer/emlog-installer.yaml b/http/misconfiguration/installer/emlog-installer.yaml index b5e4a324647..f8fc0b106e3 100644 --- a/http/misconfiguration/installer/emlog-installer.yaml +++ b/http/misconfiguration/installer/emlog-installer.yaml @@ -7,11 +7,9 @@ info: description: | Emlog Pro Installation page has been exposed. metadata: - verified: true max-request: 1 + verified: true fofa-query: title="emlog" - product: emlog - vendor: emlog tags: emlog,install,misconfig http: diff --git a/http/misconfiguration/installer/eshop-installer.yaml b/http/misconfiguration/installer/eshop-installer.yaml index 2da031d3cbc..fae0711f02d 100644 --- a/http/misconfiguration/installer/eshop-installer.yaml +++ b/http/misconfiguration/installer/eshop-installer.yaml @@ -12,14 +12,8 @@ info: max-request: 1 vendor: oxid-esales product: eshop - shodan-query: - - http.html:"eshop installer" - - http.title:"oxid eshop installation" - fofa-query: - - body="eshop installer" - - title="oxid eshop installation" - google-query: intitle:"oxid eshop installation" - tags: misconfig,eshop,install,exposure,oxid-esales + shodan-query: html:"eShop Installer" + tags: misconfig,eshop,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/espocrm-installer.yaml b/http/misconfiguration/installer/espocrm-installer.yaml index d281b53776d..60a20d5a365 100644 --- a/http/misconfiguration/installer/espocrm-installer.yaml +++ b/http/misconfiguration/installer/espocrm-installer.yaml @@ -12,8 +12,7 @@ info: max-request: 1 vendor: espocrm product: espocrm - shodan-query: http.html:"welcome to espocrm" - fofa-query: body="welcome to espocrm" + shodan-query: html:"Welcome to Espocrm" tags: misconfig,espocrm,install,exposure http: diff --git a/http/misconfiguration/installer/eyoucms-installer.yaml b/http/misconfiguration/installer/eyoucms-installer.yaml index 6ed6cb35b42..d30c11b888a 100644 --- a/http/misconfiguration/installer/eyoucms-installer.yaml +++ b/http/misconfiguration/installer/eyoucms-installer.yaml @@ -8,12 +8,9 @@ info: metadata: verified: true max-request: 1 - vendor: eyoucms + fofa-query: title="eyoucms" product: eyoucms - fofa-query: - - title="eyoucms" - - icon_hash="-614262549" - shodan-query: http.favicon.hash:"-614262549" + vendor: eyoucms tags: misconfig,eyoucms,install http: diff --git a/http/misconfiguration/installer/facturascripts-installer.yaml b/http/misconfiguration/installer/facturascripts-installer.yaml index f9df4f8c91b..49a9d02a0c4 100644 --- a/http/misconfiguration/installer/facturascripts-installer.yaml +++ b/http/misconfiguration/installer/facturascripts-installer.yaml @@ -12,8 +12,7 @@ info: max-request: 1 vendor: facturascripts product: facturascripts - shodan-query: http.html:"facturascripts installer" - fofa-query: body="facturascripts installer" + shodan-query: html:"FacturaScripts installer" tags: misconfig,facturascripts,install,exposure http: diff --git a/http/misconfiguration/installer/flarum-installer.yaml b/http/misconfiguration/installer/flarum-installer.yaml index 8c6563c97d7..5779773e4aa 100644 --- a/http/misconfiguration/installer/flarum-installer.yaml +++ b/http/misconfiguration/installer/flarum-installer.yaml @@ -15,13 +15,7 @@ info: max-request: 1 vendor: flarum product: flarum - shodan-query: - - http.html:"install flarum" - - cpe:"cpe:2.3:a:flarum:flarum" - fofa-query: - - body="install flarum" - - header="flarum_session=" - zoomeye-query: app="flarum" + shodan-query: html:"Install Flarum" tags: misconfig,install,exposure,flarum http: diff --git a/http/misconfiguration/installer/fossbilling-installer.yaml b/http/misconfiguration/installer/fossbilling-installer.yaml index 8ee007f9865..5dd87c1abc0 100644 --- a/http/misconfiguration/installer/fossbilling-installer.yaml +++ b/http/misconfiguration/installer/fossbilling-installer.yaml @@ -13,9 +13,7 @@ info: max-request: 1 vendor: fossbilling product: fossbilling - shodan-query: http.title:"fossbilling" - fofa-query: title="fossbilling" - google-query: intitle:"fossbilling" + shodan-query: title:"FOSSBilling" tags: fossbilling,install,misconfig http: diff --git a/http/misconfiguration/installer/freshrss-installer.yaml b/http/misconfiguration/installer/freshrss-installer.yaml index 01a3b8e004a..30e6a007ba2 100644 --- a/http/misconfiguration/installer/freshrss-installer.yaml +++ b/http/misconfiguration/installer/freshrss-installer.yaml @@ -13,11 +13,7 @@ info: max-request: 1 vendor: freshrss product: freshrss - fofa-query: - - title="installation · freshrss" - - title="freshrss" - shodan-query: http.title:"freshrss" - google-query: intitle:"freshrss" + fofa-query: title="Installation · FreshRSS" tags: freshrss,misconfig,install http: diff --git a/http/misconfiguration/installer/froxlor-installer.yaml b/http/misconfiguration/installer/froxlor-installer.yaml index a07e9cff250..b1e871a1a4e 100644 --- a/http/misconfiguration/installer/froxlor-installer.yaml +++ b/http/misconfiguration/installer/froxlor-installer.yaml @@ -15,11 +15,7 @@ info: max-request: 1 vendor: froxlor product: froxlor - fofa-query: - - title="froxlor server management panel - installation" - - title="froxlor server management panel" - shodan-query: http.title:"froxlor server management panel" - google-query: intitle:"froxlor server management panel" + fofa-query: title="Froxlor Server Management Panel - Installation" tags: misconfig,froxlor,installer http: diff --git a/http/misconfiguration/installer/gibbon-installer.yaml b/http/misconfiguration/installer/gibbon-installer.yaml index 15eac4fd39f..c7e53a2ae26 100644 --- a/http/misconfiguration/installer/gibbon-installer.yaml +++ b/http/misconfiguration/installer/gibbon-installer.yaml @@ -8,11 +8,11 @@ info: metadata: verified: true max-request: 1 - vendor: gibbonedu - product: gibbon - shodan-query: http.favicon.hash:"-165631681" fofa-query: icon_hash="-165631681" - tags: misconfig,gibbon,install,exposure,gibbonedu + product: gibbon + vendor: gibbonedu + shodan-query: http.favicon.hash:"-165631681" + tags: misconfig,gibbon,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/gitea-installer.yaml b/http/misconfiguration/installer/gitea-installer.yaml index f9be73512bf..891f9fbc106 100644 --- a/http/misconfiguration/installer/gitea-installer.yaml +++ b/http/misconfiguration/installer/gitea-installer.yaml @@ -12,20 +12,7 @@ info: max-request: 1 vendor: gitea product: gitea - shodan-query: - - 'http.title:"installation - gitea: git with a cup of tea"' - - cpe:"cpe:2.3:a:gitea:gitea" - - http.html:"powered by gitea version" - - http.html:"powered by gitea" - - http.title:"gitea" - fofa-query: - - body="powered by gitea version" - - body="powered by gitea" - - title="gitea" - - 'title="installation - gitea: git with a cup of tea"' - google-query: - - intitle:"gitea" - - 'intitle:"installation - gitea: git with a cup of tea"' + shodan-query: 'title:"Installation - Gitea: Git with a cup of tea"' tags: misconfig,gitea,install http: diff --git a/http/misconfiguration/installer/glpi-installer.yaml b/http/misconfiguration/installer/glpi-installer.yaml index 8431b5b93a1..931e830ded5 100644 --- a/http/misconfiguration/installer/glpi-installer.yaml +++ b/http/misconfiguration/installer/glpi-installer.yaml @@ -15,16 +15,8 @@ info: max-request: 1 vendor: glpi-project product: glpi - shodan-query: - - http.html:"setup glpi" - - http.favicon.hash:"-1474875778" - - http.title:"glpi" - fofa-query: - - body="setup glpi" - - icon_hash="-1474875778" - - title="glpi" - google-query: intitle:"glpi" - tags: misconfig,install,exposure,glpi,glpi-project + shodan-query: html:"Setup GLPI" + tags: misconfig,install,exposure,glpi http: - method: GET diff --git a/http/misconfiguration/installer/gogs-installer.yaml b/http/misconfiguration/installer/gogs-installer.yaml index ad1ccaaff7b..bbb44f23467 100644 --- a/http/misconfiguration/installer/gogs-installer.yaml +++ b/http/misconfiguration/installer/gogs-installer.yaml @@ -13,18 +13,9 @@ info: metadata: verified: true max-request: 1 - vendor: gogs + shodan-query: http.title:"Installation - Gogs" product: gogs - shodan-query: - - http.title:"installation - gogs" - - cpe:"cpe:2.3:a:gogs:gogs" - - http.title:"sign in - gogs" - google-query: - - intitle:"installation - gogs" - - intitle:"sign in - gogs" - fofa-query: - - title="installation - gogs" - - title="sign in - gogs" + vendor: gogs tags: misconfig,exposure,gogs,install http: diff --git a/http/misconfiguration/installer/growi-installer.yaml b/http/misconfiguration/installer/growi-installer.yaml index 6f62407e44c..f8e5d0f46e5 100644 --- a/http/misconfiguration/installer/growi-installer.yaml +++ b/http/misconfiguration/installer/growi-installer.yaml @@ -13,9 +13,8 @@ info: max-request: 1 vendor: weseek product: growi - shodan-query: http.html:"installer - growi" - fofa-query: body="installer - growi" - tags: install,growi,exposure,misconfig,weseek + shodan-query: html:"Installer - GROWI" + tags: install,growi,exposure,misconfig http: - method: GET diff --git a/http/misconfiguration/installer/impresspages-installer.yaml b/http/misconfiguration/installer/impresspages-installer.yaml index 2c879e10193..89cb40aba3b 100644 --- a/http/misconfiguration/installer/impresspages-installer.yaml +++ b/http/misconfiguration/installer/impresspages-installer.yaml @@ -12,11 +12,7 @@ info: max-request: 1 vendor: impresspages product: impresspages_cms - shodan-query: - - http.title:"impresspages installation wizard" - - cpe:"cpe:2.3:a:impresspages:impresspages_cms" - fofa-query: title="impresspages installation wizard" - google-query: intitle:"impresspages installation wizard" + shodan-query: http.title:"ImpressPages installation wizard" tags: misconfig,exposure,install,impresspages http: diff --git a/http/misconfiguration/installer/jira-setup.yaml b/http/misconfiguration/installer/jira-setup.yaml index b7dc27fc29b..e0167a5458c 100644 --- a/http/misconfiguration/installer/jira-setup.yaml +++ b/http/misconfiguration/installer/jira-setup.yaml @@ -12,13 +12,7 @@ info: max-request: 2 vendor: atlassian product: jira - shodan-query: - - http.title:"jira - jira setup" - - cpe:"cpe:2.3:a:atlassian:jira" - - http.component:"atlassian confluence" - - http.component:"atlassian jira" - fofa-query: title="jira - jira setup" - google-query: intitle:"jira - jira setup" + shodan-query: title:"JIRA - JIRA setup" tags: misconfig,jira,atlassian,installer http: diff --git a/http/misconfiguration/installer/joomla-installer.yaml b/http/misconfiguration/installer/joomla-installer.yaml index 9149674ed66..753419ff53a 100644 --- a/http/misconfiguration/installer/joomla-installer.yaml +++ b/http/misconfiguration/installer/joomla-installer.yaml @@ -12,11 +12,7 @@ info: max-request: 1 vendor: joomla product: joomla\\! - shodan-query: http.title:"joomla web installer" - google-query: - - intitle:"joomla web installer" - - joomla! administration login inurl:"/index.php" || intitle:"joomla web installer" - fofa-query: title="joomla web installer" + shodan-query: title:"Joomla Web Installer" tags: misconfig,joomla,install http: diff --git a/http/misconfiguration/installer/knowledgetree-installer.yaml b/http/misconfiguration/installer/knowledgetree-installer.yaml index 461abc0a5c7..cfc12f304d9 100644 --- a/http/misconfiguration/installer/knowledgetree-installer.yaml +++ b/http/misconfiguration/installer/knowledgetree-installer.yaml @@ -12,9 +12,7 @@ info: max-request: 1 vendor: knowledgetree product: knowledgetree - shodan-query: http.title:"knowledgetree installer" - fofa-query: title="knowledgetree installer" - google-query: intitle:"knowledgetree installer" + shodan-query: title:"KnowledgeTree Installer" tags: misconfig,knowledgetree,install,exposure http: diff --git a/http/misconfiguration/installer/kodbox-installer.yaml b/http/misconfiguration/installer/kodbox-installer.yaml index 4b0c964e71c..abef9b65790 100644 --- a/http/misconfiguration/installer/kodbox-installer.yaml +++ b/http/misconfiguration/installer/kodbox-installer.yaml @@ -14,7 +14,7 @@ info: vendor: kodcloud product: kodbox fofa-query: title="kodbox" && body="install" - tags: misconfig,exposure,install,kodbox,kodcloud + tags: misconfig,exposure,install,kodbox http: - method: GET diff --git a/http/misconfiguration/installer/librenms-installer.yaml b/http/misconfiguration/installer/librenms-installer.yaml index 9323484d8a0..6419bc921a8 100644 --- a/http/misconfiguration/installer/librenms-installer.yaml +++ b/http/misconfiguration/installer/librenms-installer.yaml @@ -15,10 +15,7 @@ info: max-request: 1 vendor: librenms product: librenms - shodan-query: http.html:"librenms install" - fofa-query: - - body="librenms install" - - title="librenms" + shodan-query: html:"LibreNMS Install" tags: misconfig,install,exposure,librenms http: diff --git a/http/misconfiguration/installer/limesurvey-installer.yaml b/http/misconfiguration/installer/limesurvey-installer.yaml index 3d2fa976e0d..1eee9117980 100644 --- a/http/misconfiguration/installer/limesurvey-installer.yaml +++ b/http/misconfiguration/installer/limesurvey-installer.yaml @@ -10,16 +10,10 @@ info: metadata: verified: true max-request: 1 - vendor: limesurvey + shodan-query: html:"Limesurvey Installer" product: limesurvey - shodan-query: - - http.html:"limesurvey installer" - - http.favicon.hash:"1781653957" - fofa-query: - - body="limesurvey installer" - - icon_hash=1781653957 + vendor: limesurvey tags: misconfig,limesurvey,install - http: - method: GET path: diff --git a/http/misconfiguration/installer/lychee-installer.yaml b/http/misconfiguration/installer/lychee-installer.yaml index 04dca4d2b3e..39abc47ea3e 100644 --- a/http/misconfiguration/installer/lychee-installer.yaml +++ b/http/misconfiguration/installer/lychee-installer.yaml @@ -12,9 +12,8 @@ info: max-request: 1 vendor: lycheeorg product: lychee - shodan-query: http.html:"lychee-installer" - fofa-query: body="lychee-installer" - tags: misconfig,lychee,install,exposure,lycheeorg + shodan-query: html:"Lychee-installer" + tags: misconfig,lychee,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/magento-installer.yaml b/http/misconfiguration/installer/magento-installer.yaml index b4bf278bf8e..5fec57c1777 100644 --- a/http/misconfiguration/installer/magento-installer.yaml +++ b/http/misconfiguration/installer/magento-installer.yaml @@ -12,11 +12,7 @@ info: max-request: 1 vendor: magento product: magento - shodan-query: - - http.html:"magento installation" - - cpe:"cpe:2.3:a:magento:magento" - - http.component:"magento" - fofa-query: body="magento installation" + shodan-query: html:"Magento Installation" tags: misconfig,magento,install,exposure http: diff --git a/http/misconfiguration/installer/magnolia-installer.yaml b/http/misconfiguration/installer/magnolia-installer.yaml index a2fe457478d..fdf129f10a6 100644 --- a/http/misconfiguration/installer/magnolia-installer.yaml +++ b/http/misconfiguration/installer/magnolia-installer.yaml @@ -14,14 +14,8 @@ info: max-request: 1 vendor: magnolia-cms product: magnolia_cms - shodan-query: - - http.title:"magnolia installation" - - http.html:"magnolia is a registered trademark" - fofa-query: - - body="magnolia is a registered trademark" - - title="magnolia installation" - google-query: intitle:"magnolia installation" - tags: magnolia,exposure,installer,misconfig,magnolia-cms + shodan-query: title:"Magnolia Installation" + tags: magnolia,exposure,installer,misconfig http: - method: GET diff --git a/http/misconfiguration/installer/mantisbt-installer.yaml b/http/misconfiguration/installer/mantisbt-installer.yaml index 823aa7ab44e..6157841f0f0 100644 --- a/http/misconfiguration/installer/mantisbt-installer.yaml +++ b/http/misconfiguration/installer/mantisbt-installer.yaml @@ -12,16 +12,7 @@ info: max-request: 1 vendor: mantisbt product: mantisbt - shodan-query: - - http.html:"administration - installation - mantisbt" - - cpe:"cpe:2.3:a:mantisbt:mantisbt" - - http.favicon.hash:"662709064" - - http.title:"mantisbt" - fofa-query: - - body="administration - installation - mantisbt" - - icon_hash=662709064 - - title="mantisbt" - google-query: intitle:"mantisbt" + shodan-query: html:"Administration - Installation - MantisBT" tags: misconfig,mantisbt,install,exposure http: diff --git a/http/misconfiguration/installer/matomo-installer.yaml b/http/misconfiguration/installer/matomo-installer.yaml index 76c04e63f0b..a983cb115e9 100644 --- a/http/misconfiguration/installer/matomo-installer.yaml +++ b/http/misconfiguration/installer/matomo-installer.yaml @@ -12,14 +12,7 @@ info: max-request: 1 vendor: matomo product: matomo - shodan-query: - - http.title:"matomo" - - cpe:"cpe:2.3:a:matomo:matomo" - - http.favicon.hash:"-2023266783" - fofa-query: - - icon_hash=-2023266783 - - title="matomo" - google-query: intitle:"matomo" + shodan-query: title:"Matomo" tags: misconfig,matomo,install http: diff --git a/http/misconfiguration/installer/mautic-installer.yaml b/http/misconfiguration/installer/mautic-installer.yaml index 91c22bf9b63..4232ff6ddd7 100644 --- a/http/misconfiguration/installer/mautic-installer.yaml +++ b/http/misconfiguration/installer/mautic-installer.yaml @@ -12,14 +12,8 @@ info: max-request: 1 vendor: acquia product: mautic - shodan-query: - - http.html:"mautic installation" - - http.title:"mautic" - fofa-query: - - body="mautic installation" - - title="mautic" - google-query: intitle:"mautic" - tags: misconfig,mautic,install,acquia + shodan-query: html:"Mautic Installation" + tags: misconfig,mautic,install http: - method: GET diff --git a/http/misconfiguration/installer/monstra-installer.yaml b/http/misconfiguration/installer/monstra-installer.yaml index aa9488d8476..c509e7b3fbe 100644 --- a/http/misconfiguration/installer/monstra-installer.yaml +++ b/http/misconfiguration/installer/monstra-installer.yaml @@ -12,13 +12,7 @@ info: max-request: 1 vendor: monstra product: monstra_cms - shodan-query: - - 'http.title:"monstra :: install"' - - http.favicon.hash:"419828698" - fofa-query: - - icon_hash=419828698 - - 'title="monstra :: install"' - google-query: 'intitle:"monstra :: install"' + shodan-query: 'title:"Monstra :: Install"' tags: misconfig,monstra,install http: diff --git a/http/misconfiguration/installer/moodle-installer.yaml b/http/misconfiguration/installer/moodle-installer.yaml index bc35b7eeaa3..a188e28f097 100644 --- a/http/misconfiguration/installer/moodle-installer.yaml +++ b/http/misconfiguration/installer/moodle-installer.yaml @@ -12,18 +12,7 @@ info: max-request: 1 vendor: moodle product: moodle - shodan-query: - - http.title:"installation moodle" - - cpe:"cpe:2.3:a:moodle:moodle" - - http.html:"moodle" - - http.title:"moodle" - fofa-query: - - body="moodle" - - title="installation moodle" - - title="moodle" - google-query: - - intitle:"installation moodle" - - intitle:"moodle" + shodan-query: title:"Installation Moodle" tags: misconfig,moodle,install,exposure http: diff --git a/http/misconfiguration/installer/moosocial-installer.yaml b/http/misconfiguration/installer/moosocial-installer.yaml index 11297981a64..97adba3125c 100644 --- a/http/misconfiguration/installer/moosocial-installer.yaml +++ b/http/misconfiguration/installer/moosocial-installer.yaml @@ -11,12 +11,7 @@ info: max-request: 1 vendor: moosocial product: moosocial - shodan-query: - - http.html:"moosocial installation" - - http.favicon.hash:"702863115" - fofa-query: - - body="moosocial installation" - - icon_hash="702863115" + shodan-query: html:"mooSocial Installation" tags: exposure,moosocial,misconfig,install http: diff --git a/http/misconfiguration/installer/mosparo-install.yaml b/http/misconfiguration/installer/mosparo-install.yaml index 8856e254ff1..6a8e0760c6d 100644 --- a/http/misconfiguration/installer/mosparo-install.yaml +++ b/http/misconfiguration/installer/mosparo-install.yaml @@ -12,9 +12,7 @@ info: max-request: 1 vendor: mosparo product: mosparo - shodan-query: http.title:"setup - mosparo" - fofa-query: title="setup - mosparo" - google-query: intitle:"setup - mosparo" + shodan-query: title:"Setup - mosparo" tags: misconfig,mosparo,install http: diff --git a/http/misconfiguration/installer/mura-cms-setup-installer.yaml b/http/misconfiguration/installer/mura-cms-setup-installer.yaml index cfcfd3199ce..d09ebe92731 100644 --- a/http/misconfiguration/installer/mura-cms-setup-installer.yaml +++ b/http/misconfiguration/installer/mura-cms-setup-installer.yaml @@ -15,11 +15,8 @@ info: max-request: 1 vendor: murasoftware product: mura_cms - fofa-query: body="mura cms - setup" - shodan-query: - - generator:"mura cms" - - http.html:"mura cms - setup" - tags: misconfig,install,exposure,mura-cms,murasoftware + fofa-query: body="Mura CMS - Setup" + tags: misconfig,install,exposure,mura-cms http: - method: GET diff --git a/http/misconfiguration/installer/nagios-logserver-installer.yaml b/http/misconfiguration/installer/nagios-logserver-installer.yaml index 08ece9e2bc5..38c2c8f2aeb 100644 --- a/http/misconfiguration/installer/nagios-logserver-installer.yaml +++ b/http/misconfiguration/installer/nagios-logserver-installer.yaml @@ -9,8 +9,8 @@ info: metadata: verified: true max-request: 1 - shodan-query: title:"Install · Nagios Log Server" fofa-query: title="Install · Nagios Log Server" + shodan-query: title:"Install · Nagios Log Server" tags: misconfig,install,nagios,nagios-logserver http: diff --git a/http/misconfiguration/installer/nagiosxi-installer.yaml b/http/misconfiguration/installer/nagiosxi-installer.yaml index 43aa0f8a2ae..58dfb310b9f 100644 --- a/http/misconfiguration/installer/nagiosxi-installer.yaml +++ b/http/misconfiguration/installer/nagiosxi-installer.yaml @@ -12,15 +12,8 @@ info: max-request: 1 vendor: nagios product: nagios_xi - shodan-query: - - http.title:"nagios xi" - - http.favicon.hash:"1460499495" - fofa-query: - - app="nagios-xi" - - icon_hash="1460499495" - - title="nagios xi" - google-query: intitle:"nagios xi" - tags: misconfig,exposure,install,nagiosxi,nagios + shodan-query: title:"Nagios XI" + tags: misconfig,exposure,install,nagiosxi http: - method: GET diff --git a/http/misconfiguration/installer/nodebb-installer.yaml b/http/misconfiguration/installer/nodebb-installer.yaml index 1594f00784f..bc1297e5c04 100644 --- a/http/misconfiguration/installer/nodebb-installer.yaml +++ b/http/misconfiguration/installer/nodebb-installer.yaml @@ -12,13 +12,7 @@ info: max-request: 1 vendor: nodebb product: nodebb - shodan-query: - - http.title:"nodebb web installer" - - cpe:"cpe:2.3:a:nodebb:nodebb" - fofa-query: - - title="nodebb web installer" - - title="nodebb" - google-query: intitle:"nodebb web installer" + shodan-query: title:"NodeBB Web Installer" tags: misconfig,nodebb,install,exposure http: diff --git a/http/misconfiguration/installer/nopcommerce-installer.yaml b/http/misconfiguration/installer/nopcommerce-installer.yaml index 47f7624f168..2ae8ea9d83c 100644 --- a/http/misconfiguration/installer/nopcommerce-installer.yaml +++ b/http/misconfiguration/installer/nopcommerce-installer.yaml @@ -15,10 +15,9 @@ info: metadata: verified: true max-request: 1 - vendor: nopcommerce + shodan-query: html:"nopCommerce Installation" product: nopcommerce - shodan-query: http.html:"nopcommerce installation" - fofa-query: body="nopcommerce installation" + vendor: nopcommerce tags: misconfig,nopcommerce,install http: diff --git a/http/misconfiguration/installer/octoprint-installer.yaml b/http/misconfiguration/installer/octoprint-installer.yaml index 93bff7e57e5..144c1455451 100644 --- a/http/misconfiguration/installer/octoprint-installer.yaml +++ b/http/misconfiguration/installer/octoprint-installer.yaml @@ -13,15 +13,7 @@ info: max-request: 1 vendor: octoprint product: octoprint - fofa-query: - - body="thank you for installing octoprint" - - icon_hash=1307375944 - - title="octoprint" - shodan-query: - - http.favicon.hash:"1307375944" - - http.html:"thank you for installing octoprint" - - http.title:"octoprint" - google-query: intitle:"octoprint" + fofa-query: body="Thank you for installing OctoPrint" tags: install,octoprint,misconfig http: diff --git a/http/misconfiguration/installer/ojs-installer.yaml b/http/misconfiguration/installer/ojs-installer.yaml index d0ab29dfffd..7b4042cc096 100644 --- a/http/misconfiguration/installer/ojs-installer.yaml +++ b/http/misconfiguration/installer/ojs-installer.yaml @@ -12,12 +12,8 @@ info: max-request: 2 vendor: openjournalsystems product: open_journal_systems - shodan-query: - - http.favicon.hash:"2099342476" - - cpe:"cpe:2.3:a:public_knowledge_project:open_journal_systems" - - http.html:"pkp-lib" - fofa-query: body="pkp-lib" - tags: misconfig,ojs,install,exposure,openjournalsystems + shodan-query: http.favicon.hash:2099342476 + tags: misconfig,ojs,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/onlyoffice-installer.yaml b/http/misconfiguration/installer/onlyoffice-installer.yaml index b1635fc5bfb..91c44c7b3a5 100644 --- a/http/misconfiguration/installer/onlyoffice-installer.yaml +++ b/http/misconfiguration/installer/onlyoffice-installer.yaml @@ -15,8 +15,7 @@ info: max-request: 1 vendor: onlyoffice product: onlyoffice - shodan-query: http.html:"portal setup" - fofa-query: app="onlyoffice" && (icon_hash="1928933157" || icon_hash="826083956" || icon_hash="-1380930248" || icon_hash="-285544629" || icon_hash="812741391") + shodan-query: html:"Portal Setup" tags: misconfig,install,exposure,onlyoffice http: diff --git a/http/misconfiguration/installer/openemr-setup-installer.yaml b/http/misconfiguration/installer/openemr-setup-installer.yaml index 31468517a2d..40e9b35d6c7 100644 --- a/http/misconfiguration/installer/openemr-setup-installer.yaml +++ b/http/misconfiguration/installer/openemr-setup-installer.yaml @@ -15,21 +15,8 @@ info: max-request: 1 vendor: open-emr product: openemr - shodan-query: - - http.title:"openemr setup tool" - - http.favicon.hash:"1971268439" - - http.html:"openemr" - - http.title:"openemr" - fofa-query: - - app="openemr" - - body="openemr" - - icon_hash=1971268439 - - title="openemr setup tool" - - title="openemr" - google-query: - - intitle:"openemr setup tool" - - intitle:"openemr" - tags: misconfig,install,exposure,openemr,open-emr + shodan-query: title:"OpenEMR Setup Tool" + tags: misconfig,install,exposure,openemr http: - method: GET diff --git a/http/misconfiguration/installer/openfire-setup.yaml b/http/misconfiguration/installer/openfire-setup.yaml index ba7e4f8ca90..3adf7a4be02 100644 --- a/http/misconfiguration/installer/openfire-setup.yaml +++ b/http/misconfiguration/installer/openfire-setup.yaml @@ -13,18 +13,8 @@ info: max-request: 1 vendor: igniterealtime product: openfire - shodan-query: - - http.html:"welcome to openfire setup" - - http.title:"openfire admin console" - - http.title:"openfire" - fofa-query: - - body="welcome to openfire setup" - - title="openfire admin console" - - title="openfire" - google-query: - - intitle:"openfire admin console" - - intitle:"openfire" - tags: install,openfire,exposure,misconfig,igniterealtime + shodan-query: html:"Welcome to Openfire Setup" + tags: install,openfire,exposure,misconfig http: - method: GET diff --git a/http/misconfiguration/installer/openmage-install.yaml b/http/misconfiguration/installer/openmage-install.yaml index d634696af39..0d4ca92855b 100644 --- a/http/misconfiguration/installer/openmage-install.yaml +++ b/http/misconfiguration/installer/openmage-install.yaml @@ -12,9 +12,7 @@ info: max-request: 1 vendor: openmage product: openmage - shodan-query: http.title:"openmage installation wizard" - fofa-query: title="openmage installation wizard" - google-query: intitle:"openmage installation wizard" + shodan-query: title:"OpenMage Installation Wizard" tags: misconfig,openmage,install,exposure http: diff --git a/http/misconfiguration/installer/openshift-installer-panel.yaml b/http/misconfiguration/installer/openshift-installer-panel.yaml index b663ba8ca47..65eb8700e37 100644 --- a/http/misconfiguration/installer/openshift-installer-panel.yaml +++ b/http/misconfiguration/installer/openshift-installer-panel.yaml @@ -13,12 +13,10 @@ info: metadata: verified: true max-request: 1 - vendor: redhat + shodan-query: title:"OpenShift Assisted Installer" product: openshift_assisted_installer - shodan-query: http.title:"openshift assisted installer" - fofa-query: title="openshift assisted installer" - google-query: intitle:"openshift assisted installer" - tags: panel,openshift,cluster,misconfig,redhat + vendor: redhat + tags: panel,openshift,cluster,misconfig http: - method: GET diff --git a/http/misconfiguration/installer/opensis-installer.yaml b/http/misconfiguration/installer/opensis-installer.yaml index 9e2f5d21fbb..3036257c640 100644 --- a/http/misconfiguration/installer/opensis-installer.yaml +++ b/http/misconfiguration/installer/opensis-installer.yaml @@ -12,10 +12,8 @@ info: max-request: 1 vendor: os4ed product: opensis - shodan-query: http.title:"opensis" - fofa-query: title="opensis" - google-query: intitle:"opensis" - tags: misconfig,opensis,install,exposure,os4ed + shodan-query: title:"openSIS" + tags: misconfig,opensis,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/orangehrm-installer.yaml b/http/misconfiguration/installer/orangehrm-installer.yaml index 620d9f515f3..84dedfc7e71 100644 --- a/http/misconfiguration/installer/orangehrm-installer.yaml +++ b/http/misconfiguration/installer/orangehrm-installer.yaml @@ -12,9 +12,7 @@ info: max-request: 1 vendor: orangehrm product: orangehrm - shodan-query: http.title:"orangehrm web installation wizard" - fofa-query: title="orangehrm web installation wizard" - google-query: intitle:"orangehrm web installation wizard" + shodan-query: http.title:"OrangeHRM Web Installation Wizard" tags: misconfig,exposure,install,orangehrm http: diff --git a/http/misconfiguration/installer/orangescrum-install.yaml b/http/misconfiguration/installer/orangescrum-install.yaml index 32da99bbce2..ee46fcc3b3b 100644 --- a/http/misconfiguration/installer/orangescrum-install.yaml +++ b/http/misconfiguration/installer/orangescrum-install.yaml @@ -12,9 +12,7 @@ info: max-request: 1 vendor: orangescrum product: orangescrum - shodan-query: http.title:"orangescrum setup wizard" - fofa-query: title="orangescrum setup wizard" - google-query: intitle:"orangescrum setup wizard" + shodan-query: title:"Orangescrum Setup Wizard" tags: misconfig,orangescrum,install http: diff --git a/http/misconfiguration/installer/orchard-installer.yaml b/http/misconfiguration/installer/orchard-installer.yaml index 4d02a0f1c7a..8cc70cd17dc 100644 --- a/http/misconfiguration/installer/orchard-installer.yaml +++ b/http/misconfiguration/installer/orchard-installer.yaml @@ -13,9 +13,8 @@ info: max-request: 1 vendor: orchardproject product: orchard - shodan-query: http.html:"orchard setup - get started" - fofa-query: body="orchard setup - get started" - tags: misconfig,exposure,install,orchard,orchardproject + shodan-query: html:"Orchard Setup - Get Started" + tags: misconfig,exposure,install,orchard http: - method: GET diff --git a/http/misconfiguration/installer/owncloud-installer-exposure.yaml b/http/misconfiguration/installer/owncloud-installer-exposure.yaml index 71e50c00d61..9f57bb761ca 100644 --- a/http/misconfiguration/installer/owncloud-installer-exposure.yaml +++ b/http/misconfiguration/installer/owncloud-installer-exposure.yaml @@ -12,13 +12,7 @@ info: max-request: 2 vendor: owncloud product: owncloud - shodan-query: - - http.title:"owncloud" - - http.html:"owncloud" - fofa-query: - - body="owncloud" - - title="owncloud" - google-query: intitle:"owncloud" + shodan-query: title:"owncloud" tags: misconfig,owncloud,exposure,install http: diff --git a/http/misconfiguration/installer/oxid-eshop-installer.yaml b/http/misconfiguration/installer/oxid-eshop-installer.yaml index f1509baeaed..f375abd9a9d 100644 --- a/http/misconfiguration/installer/oxid-eshop-installer.yaml +++ b/http/misconfiguration/installer/oxid-eshop-installer.yaml @@ -12,14 +12,8 @@ info: max-request: 1 vendor: oxid-esales product: eshop - shodan-query: - - http.title:"oxid eshop installation" - - http.html:"eshop installer" - fofa-query: - - body="eshop installer" - - title="oxid eshop installation" - google-query: intitle:"oxid eshop installation" - tags: misconfig,oxid,eshop,install,exposure,oxid-esales + shodan-query: title:"OXID eShop installation" + tags: misconfig,oxid,eshop,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/pagekit-installer.yaml b/http/misconfiguration/installer/pagekit-installer.yaml index 650b823346c..94a04c37f3e 100644 --- a/http/misconfiguration/installer/pagekit-installer.yaml +++ b/http/misconfiguration/installer/pagekit-installer.yaml @@ -14,11 +14,7 @@ info: max-request: 1 vendor: pagekit product: pagekit - shodan-query: - - http.title:"pagekit installer" - - cpe:"cpe:2.3:a:pagekit:pagekit" - fofa-query: title="pagekit installer" - google-query: intitle:"pagekit installer" + shodan-query: title:"Pagekit Installer" tags: misconfig,pagekit,install,exposure http: diff --git a/http/misconfiguration/installer/pandora-fms-installer.yaml b/http/misconfiguration/installer/pandora-fms-installer.yaml index 22f6f9c6454..5eb82e03c66 100644 --- a/http/misconfiguration/installer/pandora-fms-installer.yaml +++ b/http/misconfiguration/installer/pandora-fms-installer.yaml @@ -15,14 +15,8 @@ info: max-request: 1 vendor: pandorafms product: pandora_fms - fofa-query: - - body="pandora fms - installation wizard" - - title="pandora fms" - shodan-query: - - http.html:"pandora fms - installation wizard" - - http.title:"pandora fms" - google-query: intitle:"pandora fms" - tags: misconfig,install,exposure,pandora-fms,pandorafms + fofa-query: body="Pandora FMS - Installation Wizard" + tags: misconfig,install,exposure,pandora-fms http: - method: GET diff --git a/http/misconfiguration/installer/permissions-installer.yaml b/http/misconfiguration/installer/permissions-installer.yaml index 3af6658cbd9..3e5479c1d6f 100644 --- a/http/misconfiguration/installer/permissions-installer.yaml +++ b/http/misconfiguration/installer/permissions-installer.yaml @@ -12,10 +12,8 @@ info: max-request: 1 vendor: suse product: permissions - shodan-query: http.title:" permissions | installer" - fofa-query: title=" permissions | installer" - google-query: intitle:" permissions | installer" - tags: misconfig,permissions,install,exposure,suse + shodan-query: title:" Permissions | Installer" + tags: misconfig,permissions,install,exposure http: - method: GET diff --git a/http/misconfiguration/installer/phpbb-installer.yaml b/http/misconfiguration/installer/phpbb-installer.yaml index 82e11460897..7f0f5c75379 100644 --- a/http/misconfiguration/installer/phpbb-installer.yaml +++ b/http/misconfiguration/installer/phpbb-installer.yaml @@ -12,9 +12,7 @@ info: max-request: 1 vendor: phpbb product: phpbb - shodan-query: - - http.html:"installation panel" - - cpe:"cpe:2.3:a:phpbb:phpbb" + shodan-query: html:"Installation Panel" tags: misconfig,phpbb,install,exposure http: diff --git a/http/misconfiguration/installer/phpgedview-installer.yaml b/http/misconfiguration/installer/phpgedview-installer.yaml index fa26ac1820d..eda9fe956c4 100644 --- a/http/misconfiguration/installer/phpgedview-installer.yaml +++ b/http/misconfiguration/installer/phpgedview-installer.yaml @@ -12,8 +12,7 @@ info: max-request: 1 vendor: phpgedview product: phpgedview - shodan-query: http.html:"/phpgedview.db" - fofa-query: body="/phpgedview.db" + shodan-query: html:"/phpgedview.db" tags: misconfig,phpgedview,install,exposure http: diff --git a/http/misconfiguration/installer/phpipam-installer.yaml b/http/misconfiguration/installer/phpipam-installer.yaml index 6ad9d688cbc..0a1180e3291 100644 --- a/http/misconfiguration/installer/phpipam-installer.yaml +++ b/http/misconfiguration/installer/phpipam-installer.yaml @@ -13,12 +13,7 @@ info: max-request: 1 vendor: phpipam product: phpipam - shodan-query: - - http.html:"phpipam installation wizard" - - http.html:"phpipam ip address management" - fofa-query: - - body="phpipam installation wizard" - - body="phpipam ip address management" + shodan-query: html:"phpipam installation wizard" tags: misconfig,exposure,install,phpipam http: diff --git a/http/misconfiguration/installer/phpmyfaq-installer.yaml b/http/misconfiguration/installer/phpmyfaq-installer.yaml index 75ba0fffc84..bbb6d4fef88 100644 --- a/http/misconfiguration/installer/phpmyfaq-installer.yaml +++ b/http/misconfiguration/installer/phpmyfaq-installer.yaml @@ -12,10 +12,7 @@ info: max-request: 1 vendor: phpmyfaq product: phpmyfaq - fofa-query: - - phpmyfaq-setup - - body="phpmyfaq" - shodan-query: http.html:"phpmyfaq" + fofa-query: "phpMyFAQ-setup" tags: misconfig,phpmyfaq,install http: diff --git a/http/misconfiguration/installer/phpwind-installer.yaml b/http/misconfiguration/installer/phpwind-installer.yaml index 59cc0a5ea66..f347fd4e310 100644 --- a/http/misconfiguration/installer/phpwind-installer.yaml +++ b/http/misconfiguration/installer/phpwind-installer.yaml @@ -12,9 +12,7 @@ info: max-request: 1 vendor: phpwind product: phpwind - shodan-query: http.title:"powered by phpwind" - fofa-query: title="powered by phpwind" - google-query: intitle:"powered by phpwind" + shodan-query: title:"Powered by phpwind" tags: misconfig,phpwind,exposure,install http: diff --git a/http/misconfiguration/installer/piwigo-installer.yaml b/http/misconfiguration/installer/piwigo-installer.yaml index 4dfb048c025..e504d275dff 100644 --- a/http/misconfiguration/installer/piwigo-installer.yaml +++ b/http/misconfiguration/installer/piwigo-installer.yaml @@ -13,16 +13,7 @@ info: max-request: 1 vendor: piwigo product: piwigo - shodan-query: - - http.html:"piwigo" html:"- installation" - - http.favicon.hash:"540706145" - - http.html:"- installation" - fofa-query: - - body="- installation" - - body="piwigo" html:"- installation" - - icon_hash=540706145 - - title="piwigo" - google-query: powered by piwigo + shodan-query: html:"Piwigo" html:"- Installation" tags: misconfig,exposure,install,piwigo http: diff --git a/http/misconfiguration/installer/pmm-installer.yaml b/http/misconfiguration/installer/pmm-installer.yaml index 6396168428c..a31520e385f 100644 --- a/http/misconfiguration/installer/pmm-installer.yaml +++ b/http/misconfiguration/installer/pmm-installer.yaml @@ -12,10 +12,8 @@ info: max-request: 1 vendor: percona product: monitoring_and_management - shodan-query: http.title:"pmm installation wizard" - fofa-query: title="pmm installation wizard" - google-query: intitle:"pmm installation wizard" - tags: misconfig,exposure,install,pmm,percona + shodan-query: http.title:"PMM Installation Wizard" + tags: misconfig,exposure,install,pmm http: - method: GET diff --git a/http/misconfiguration/installer/poste-io-installer.yaml b/http/misconfiguration/installer/poste-io-installer.yaml index 6b1c6f43275..0808543c928 100644 --- a/http/misconfiguration/installer/poste-io-installer.yaml +++ b/http/misconfiguration/installer/poste-io-installer.yaml @@ -13,14 +13,8 @@ info: max-request: 1 vendor: analogic product: poste.io - fofa-query: - - body="initial server configuration" - - title="administration login" html:"poste - - x-powered-by:"php" - fofa-query: title="php warning" || "fatal error" - google-query: intitle:"php warning" || "fatal error" + shodan-query: http.title:"PHP warning" || "Fatal error" tags: debug,php,misconfig http: diff --git a/http/misconfiguration/phpcli-stack-trace.yaml b/http/misconfiguration/phpcli-stack-trace.yaml index f6d4e3608b5..15babc72e76 100644 --- a/http/misconfiguration/phpcli-stack-trace.yaml +++ b/http/misconfiguration/phpcli-stack-trace.yaml @@ -11,15 +11,8 @@ info: max-request: 1 vendor: php product: php - shodan-query: - - the requested resource - - cpe:"cpe:2.3:a:php:php" - - http.title:"php warning" || "fatal error" - - php.ini - - x-powered-by:"php" - fofa-query: title="php warning" || "fatal error" - google-query: intitle:"php warning" || "fatal error" - tags: misconfig,phpcli,intrusive,php + shodan-query: The requested resource + tags: misconfig,phpcli,intrusive http: - method: GET diff --git a/http/misconfiguration/phpmyadmin/phpmyadmin-setup.yaml b/http/misconfiguration/phpmyadmin/phpmyadmin-setup.yaml index eddc835e2d5..ace037d1f3f 100644 --- a/http/misconfiguration/phpmyadmin/phpmyadmin-setup.yaml +++ b/http/misconfiguration/phpmyadmin/phpmyadmin-setup.yaml @@ -13,21 +13,9 @@ info: metadata: verified: true max-request: 16 - vendor: phpmyadmin + shodan-query: http.html:"phpMyAdmin" product: phpmyadmin - shodan-query: - - http.html:"phpmyadmin" - - cpe:"cpe:2.3:a:phpmyadmin:phpmyadmin" - - http.component:"phpmyadmin" - - http.html:"server_databases.php" - - http.title:"phpmyadmin" - fofa-query: - - body="phpmyadmin" - - body="pma_servername" && body="4.8.4" - - body="server_databases.php" - - title="phpmyadmin" - google-query: intitle:"phpmyadmin" - hunter-query: app.name="phpmyadmin"&&web.body="pma_servername"&&web.body="4.8.4" + vendor: phpmyadmin tags: phpmyadmin,misconfig http: diff --git a/http/misconfiguration/puppetdb-dashboard.yaml b/http/misconfiguration/puppetdb-dashboard.yaml index cf53641511a..db11d47a4ef 100644 --- a/http/misconfiguration/puppetdb-dashboard.yaml +++ b/http/misconfiguration/puppetdb-dashboard.yaml @@ -13,12 +13,10 @@ info: metadata: verified: true max-request: 1 - vendor: puppet + shodan-query: 'title:"PuppetDB: Dashboard"' product: puppetdb - shodan-query: 'http.title:"puppetdb: dashboard"' - fofa-query: 'title="puppetdb: dashboard"' - google-query: 'intitle:"puppetdb: dashboard"' - tags: misconfig,exposure,puppetdb,puppet + vendor: puppet + tags: misconfig,exposure,puppetdb http: - method: GET diff --git a/http/misconfiguration/python-metrics.yaml b/http/misconfiguration/python-metrics.yaml index 0c860d28822..64dc720acf5 100644 --- a/http/misconfiguration/python-metrics.yaml +++ b/http/misconfiguration/python-metrics.yaml @@ -13,10 +13,7 @@ info: max-request: 1 vendor: python product: python - shodan-query: - - http.html:"python_gc_objects_collected_total" - - cpe:"cpe:2.3:a:python:python" - fofa-query: body="python_gc_objects_collected_total" + shodan-query: html:"python_gc_objects_collected_total" tags: exposure,devops,python,misconfig http: diff --git a/http/misconfiguration/rabbitmq-exporter-metrics.yaml b/http/misconfiguration/rabbitmq-exporter-metrics.yaml index 6fdf4e35a9f..f22f5e0d9af 100644 --- a/http/misconfiguration/rabbitmq-exporter-metrics.yaml +++ b/http/misconfiguration/rabbitmq-exporter-metrics.yaml @@ -12,12 +12,8 @@ info: max-request: 1 vendor: vmware product: rabbitmq - shodan-query: - - http.title:"rabbitmq exporter" - - cpe:"cpe:2.3:a:vmware:rabbitmq" - fofa-query: title="rabbitmq exporter" - google-query: intitle:"rabbitmq exporter" - tags: rabbitmq,exposure,debug,misconfig,vmware + shodan-query: title:"RabbitMQ Exporter" + tags: rabbitmq,exposure,debug,misconfig http: - method: GET diff --git a/http/misconfiguration/ray-dashboard.yaml b/http/misconfiguration/ray-dashboard.yaml index 2a369f99ffd..d7da231ebea 100644 --- a/http/misconfiguration/ray-dashboard.yaml +++ b/http/misconfiguration/ray-dashboard.yaml @@ -12,16 +12,8 @@ info: max-request: 1 vendor: ray_project product: ray - shodan-query: - - http.title:"ray dashboard" - - http.favicon.hash:"463802404" - - http.html:"ray dashboard" - fofa-query: - - body="ray dashboard" - - icon_hash=463802404 - - title="ray dashboard" - google-query: intitle:"ray dashboard" - tags: misconfig,exposure,ray,ray_project + shodan-query: title:"Ray Dashboard" + tags: misconfig,exposure,ray http: - method: GET diff --git a/http/misconfiguration/repetier-unauth.yaml b/http/misconfiguration/repetier-unauth.yaml index 2b9c113afcc..7aad041ba73 100644 --- a/http/misconfiguration/repetier-unauth.yaml +++ b/http/misconfiguration/repetier-unauth.yaml @@ -13,10 +13,9 @@ info: max-request: 1 vendor: repetier-server product: repetier-server - shodan-query: http.title:"repetier-server" + shodan-query: title:"Repetier-Server" fofa-query: title="repetier-server" - google-query: intitle:"repetier-server" - tags: repetier,dashboard,unauth,misconfig,repetier-server + tags: repetier,dashboard,unauth,misconfig http: - method: GET diff --git a/http/misconfiguration/request-baskets-exposure.yaml b/http/misconfiguration/request-baskets-exposure.yaml index 10a352f200a..1f0a5a328c5 100644 --- a/http/misconfiguration/request-baskets-exposure.yaml +++ b/http/misconfiguration/request-baskets-exposure.yaml @@ -15,9 +15,8 @@ info: max-request: 1 vendor: rbaskets product: request_baskets - shodan-query: http.html:"request-baskets" - fofa-query: body="request-baskets" - tags: misconfig,requests-baskets,exposure,rbaskets + shodan-query: html:"request-baskets" + tags: misconfig,requests-baskets,exposure http: - method: GET diff --git a/http/misconfiguration/salesforce-community-misconfig.yaml b/http/misconfiguration/salesforce-community-misconfig.yaml index a8d8e992efc..20e7fb5e72c 100644 --- a/http/misconfiguration/salesforce-community-misconfig.yaml +++ b/http/misconfiguration/salesforce-community-misconfig.yaml @@ -11,9 +11,9 @@ info: - https://www.enumerated.de/index/salesforce metadata: verified: true - max-request: 2 publicwww-query: sfsites tags: aura,unauth,salesforce,exposure,misconfig + variables: actions: '{"actions":[{"id":"{{randstr}}","descriptor":"serviceComponent://ui.force.components.controllers.lists.selectableListDataProvider.SelectableListDataProviderController/ACTION$getItems","callingDescriptor":"UNKNOWN","params":{"entityNameOrId":"ContentDocument","layoutType":"FULL","pageSize":20,"currentPage":0,"useTimeout":false,"getCount":true,"enableRowActions":false}}]}' diff --git a/http/misconfiguration/sap/sap-netweaver-info-leak.yaml b/http/misconfiguration/sap/sap-netweaver-info-leak.yaml index ebb7f486529..53b451e12d5 100644 --- a/http/misconfiguration/sap/sap-netweaver-info-leak.yaml +++ b/http/misconfiguration/sap/sap-netweaver-info-leak.yaml @@ -10,12 +10,10 @@ info: - https://github.com/Jean-Francois-C/SAP-Security-Audit metadata: max-request: 1 - vendor: sap + shodan-query: http.favicon.hash:-266008933 product: content_server - shodan-query: http.favicon.hash:"-266008933" - fofa-query: - - icon_hash=-266008933 - - "sap-server:" + vendor: sap + fofa-query: icon_hash=-266008933 tags: sap,misconfig http: diff --git a/http/misconfiguration/sentinel-license-monitor.yaml b/http/misconfiguration/sentinel-license-monitor.yaml index 0c36bfe0bbe..54fb57220cb 100644 --- a/http/misconfiguration/sentinel-license-monitor.yaml +++ b/http/misconfiguration/sentinel-license-monitor.yaml @@ -11,12 +11,8 @@ info: max-request: 1 vendor: trioniclabs product: sentinel - shodan-query: - - http.html:"sentinel license monitor" - - http.title:"sentinel dashboard" - fofa-query: title="sentinel dashboard" - google-query: intitle:"sentinel dashboard" - tags: misconfig,sentinel,license,monitor,trioniclabs + shodan-query: html:"Sentinel License Monitor" + tags: misconfig,sentinel,license,monitor http: - method: GET diff --git a/http/misconfiguration/servicenow-title-injection.yaml b/http/misconfiguration/servicenow-title-injection.yaml index 93544123981..d3aaa25401e 100644 --- a/http/misconfiguration/servicenow-title-injection.yaml +++ b/http/misconfiguration/servicenow-title-injection.yaml @@ -14,14 +14,13 @@ info: vendor: servicenow product: servicenow shodan-query: - - http.favicon.hash:"1701804003" + - http.favicon.hash:1701804003 - http.title:"servicenow" fofa-query: - icon_hash=1701804003 - title="servicenow" - - icon_hash="1701804003" google-query: intitle:"servicenow" - tags: cve,cve2024,servicenow,injection,misconfig + tags: cve,cve2024,servicenow,injection http: - method: GET diff --git a/http/misconfiguration/servicenow-widget-misconfig.yaml b/http/misconfiguration/servicenow-widget-misconfig.yaml index 720b86359ae..d5f43622236 100644 --- a/http/misconfiguration/servicenow-widget-misconfig.yaml +++ b/http/misconfiguration/servicenow-widget-misconfig.yaml @@ -15,13 +15,7 @@ info: max-request: 54 vendor: servicenow product: servicenow - shodan-query: - - http.title:"servicenow" - - http.favicon.hash:"1701804003" - fofa-query: - - icon_hash="1701804003" - - title="servicenow" - google-query: intitle:"servicenow" + shodan-query: title:"servicenow" tags: servicenow,widget,misconfig http: diff --git a/http/misconfiguration/sftpgo-admin-setup.yaml b/http/misconfiguration/sftpgo-admin-setup.yaml index aa69277f356..60a401fdceb 100644 --- a/http/misconfiguration/sftpgo-admin-setup.yaml +++ b/http/misconfiguration/sftpgo-admin-setup.yaml @@ -13,8 +13,8 @@ info: max-request: 1 vendor: sftpgo_project product: sftpgo - fofa-query: title="sftpgo - setup" - tags: sftpgo,misconfig,setup,sftpgo_project + fofa-query: title="SFTPGo - Setup" + tags: sftpgo,misconfig,setup http: - method: GET diff --git a/http/misconfiguration/slurm-hpc-dashboard.yaml b/http/misconfiguration/slurm-hpc-dashboard.yaml index 19475a9bb03..7d694ab5aa4 100644 --- a/http/misconfiguration/slurm-hpc-dashboard.yaml +++ b/http/misconfiguration/slurm-hpc-dashboard.yaml @@ -16,12 +16,10 @@ info: metadata: verified: true max-request: 1 - vendor: schedmd + shodan-query: title:"Slurm HPC Dashboard" product: slurm - shodan-query: http.title:"slurm hpc dashboard" - fofa-query: title="slurm hpc dashboard" - google-query: intitle:"slurm hpc dashboard" - tags: misconfig,slurm,dashboard,schedmd + vendor: schedmd + tags: misconfig,slurm,dashboard http: - method: GET diff --git a/http/misconfiguration/smarterstats-setup.yaml b/http/misconfiguration/smarterstats-setup.yaml index b4643826ce4..f4108237f23 100644 --- a/http/misconfiguration/smarterstats-setup.yaml +++ b/http/misconfiguration/smarterstats-setup.yaml @@ -12,10 +12,8 @@ info: max-request: 1 vendor: smartertools product: smarterstats - shodan-query: http.title:"welcome to smarterstats!" - fofa-query: title="welcome to smarterstats!" - google-query: intitle:"welcome to smarterstats!" - tags: misconfig,smarterstats,exposure,smartertools + shodan-query: title:"Welcome to SmarterStats!" + tags: misconfig,smarterstats,exposure http: - method: GET diff --git a/http/misconfiguration/smokeping-grapher.yaml b/http/misconfiguration/smokeping-grapher.yaml index e8b7fdbe0e3..8bd7066f215 100644 --- a/http/misconfiguration/smokeping-grapher.yaml +++ b/http/misconfiguration/smokeping-grapher.yaml @@ -14,9 +14,7 @@ info: max-request: 1 vendor: smokeping product: smokeping - shodan-query: http.title:"smokeping latency page for network latency grapher" - fofa-query: title="smokeping latency page for network latency grapher" - google-query: intitle:"smokeping latency page for network latency grapher" + shodan-query: title:"SmokePing Latency Page for Network Latency Grapher" tags: misconfig,smokeping,latency,grapher http: diff --git a/http/misconfiguration/solr-query-dashboard.yaml b/http/misconfiguration/solr-query-dashboard.yaml index a835efd6830..75e24dbc1a4 100644 --- a/http/misconfiguration/solr-query-dashboard.yaml +++ b/http/misconfiguration/solr-query-dashboard.yaml @@ -13,22 +13,7 @@ info: max-request: 2 vendor: apache product: solr - shodan-query: - - cpe:"cpe:2.3:a:apache:solr" - - http.html:"apache solr" - - http.title:"apache solr" - - http.title:"solr admin" - - http.title:"solr" - fofa-query: - - body="apache solr" - - title="apache solr" - - title="solr admin" - - title="solr" - google-query: - - intitle:"apache solr" - - intitle:"solr admin" - - intitle:"solr" - tags: solr,unauth,edb,misconfig,apache + tags: solr,unauth,edb,misconfig http: - method: GET diff --git a/http/misconfiguration/sonarqube-projects-disclosure.yaml b/http/misconfiguration/sonarqube-projects-disclosure.yaml index a0a0d7e3981..dc34bd455bb 100644 --- a/http/misconfiguration/sonarqube-projects-disclosure.yaml +++ b/http/misconfiguration/sonarqube-projects-disclosure.yaml @@ -16,12 +16,9 @@ info: max-request: 1 vendor: sonarsource product: sonarqube - shodan-query: http.title:"sonarqube" - fofa-query: - - app="sonarqube-代码管理" - - title="sonarqube" - google-query: intitle:"sonarqube" - tags: sonarqube,exposure,misconfig,sonarsource + shodan-query: title:"Sonarqube" + fofa-query: app="sonarQube-代码管理" + tags: sonarqube,exposure,misconfig http: - method: GET diff --git a/http/misconfiguration/springboot/springboot-auditevents.yaml b/http/misconfiguration/springboot/springboot-auditevents.yaml index 9f814709278..c1db3d63619 100644 --- a/http/misconfiguration/springboot/springboot-auditevents.yaml +++ b/http/misconfiguration/springboot/springboot-auditevents.yaml @@ -15,12 +15,10 @@ info: metadata: verified: true max-request: 2 - vendor: vmware + shodan-query: title:"Eureka" product: spring_boot - shodan-query: http.title:"eureka" - fofa-query: title="eureka" - google-query: intitle:"eureka" - tags: misconfig,springboot,exposure,vmware + vendor: vmware + tags: misconfig,springboot,exposure http: - method: GET diff --git a/http/misconfiguration/springboot/springboot-info.yaml b/http/misconfiguration/springboot/springboot-info.yaml index ece5acf739a..285b702d198 100644 --- a/http/misconfiguration/springboot/springboot-info.yaml +++ b/http/misconfiguration/springboot/springboot-info.yaml @@ -7,9 +7,10 @@ info: description: Spring Boot information panel displaying app name, version information, and other values was detected. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 cwe-id: CWE-200 metadata: - max-request: 4 + max-request: 2 tags: springboot,misconfig http: diff --git a/http/misconfiguration/sql-server-report-viewer.yaml b/http/misconfiguration/sql-server-report-viewer.yaml index 88d44d36330..3da7c5fd627 100644 --- a/http/misconfiguration/sql-server-report-viewer.yaml +++ b/http/misconfiguration/sql-server-report-viewer.yaml @@ -14,8 +14,8 @@ info: max-request: 2 vendor: microsoft product: sql_server - google-query: inurl:"/reports/pages/folder.aspx" - tags: misconfig,sql,report,exposure,microsoft + google-query: inurl:"/Reports/Pages/Folder.aspx" + tags: misconfig,sql,report,exposure http: - raw: diff --git a/http/misconfiguration/ssrpm-arbitrary-password-reset.yaml b/http/misconfiguration/ssrpm-arbitrary-password-reset.yaml index e466c8200dc..b34e312c11b 100644 --- a/http/misconfiguration/ssrpm-arbitrary-password-reset.yaml +++ b/http/misconfiguration/ssrpm-arbitrary-password-reset.yaml @@ -10,10 +10,11 @@ info: reference: - https://www.synacktiv.com/advisories/ssrpm-arbitrary-password-reset-on-default-client-web-interface-installation metadata: - verified: true - max-request: 1 shodan-query: http.favicon.hash:-916902413 - tags: ssrpm,intrusive,misconfig + max-request: 1 + verified: true + tags: ssrpm,intrusive + variables: string: "{{to_lower(rand_text_alpha(5))}}" diff --git a/http/misconfiguration/struts-ognl-console.yaml b/http/misconfiguration/struts-ognl-console.yaml index 87ba889acf2..e78c950c15b 100644 --- a/http/misconfiguration/struts-ognl-console.yaml +++ b/http/misconfiguration/struts-ognl-console.yaml @@ -16,15 +16,7 @@ info: max-request: 1 vendor: apache product: struts - shodan-query: - - http.html:"struts problem report" - - http.html:"apache struts" - - http.title:"struts2 showcase" - fofa-query: - - body="apache struts" - - body="struts problem report" - - title="struts2 showcase" - google-query: intitle:"struts2 showcase" + shodan-query: html:"Struts Problem Report" tags: apache,struts,ognl,panel,misconfig http: diff --git a/http/misconfiguration/symfony/symfony-debug.yaml b/http/misconfiguration/symfony/symfony-debug.yaml index 8b5dff67881..5e674e27d36 100644 --- a/http/misconfiguration/symfony/symfony-debug.yaml +++ b/http/misconfiguration/symfony/symfony-debug.yaml @@ -14,22 +14,8 @@ info: max-request: 4 vendor: sensiolabs product: symfony - shodan-query: - - http.html:"symfony profiler" - - cpe:"cpe:2.3:a:sensiolabs:symfony" - - http.title:"index of" "properties.ini" - - http.title:"index of" "security.yml" - - http.title:"welcome to symfony" - google-query: - - intitle:"index of" "properties.ini" - - intitle:"index of" "security.yml" - - intitle:"welcome to symfony" - fofa-query: - - body="symfony profiler" - - title="index of" "properties.ini" - - title="index of" "security.yml" - - title="welcome to symfony" - tags: symfony,debug,misconfig,sensiolabs + shodan-query: http.html:"symfony Profiler" + tags: symfony,debug,misconfig http: - method: GET diff --git a/http/misconfiguration/symfony/symfony-default-key-rce.yaml b/http/misconfiguration/symfony/symfony-default-key-rce.yaml index 511f30658e9..33788d2dedb 100644 --- a/http/misconfiguration/symfony/symfony-default-key-rce.yaml +++ b/http/misconfiguration/symfony/symfony-default-key-rce.yaml @@ -13,10 +13,11 @@ info: https://al1z4deh.medium.com/how-i-hacked-28-sites-at-once-rce-5458211048d5 https://github.com/ambionics/symfony-exploits metadata: - verified: true max-request: 12 shodan-query: http.html:"Symfony Profiler" + verified: true tags: rce,symfony,misconfig + variables: badsecretkey: 'ThisIsAlmostCertainlyNotIt' uri_part: '_fragment?_path=what%3D-1%26_controller%3Dphpinfo' diff --git a/http/misconfiguration/symfony/symfony-fragment.yaml b/http/misconfiguration/symfony/symfony-fragment.yaml index 65f53bf5f22..f1073703aa5 100644 --- a/http/misconfiguration/symfony/symfony-fragment.yaml +++ b/http/misconfiguration/symfony/symfony-fragment.yaml @@ -18,22 +18,8 @@ info: max-request: 1 vendor: sensiolabs product: symfony - shodan-query: - - http.html:"symfony profiler" - - cpe:"cpe:2.3:a:sensiolabs:symfony" - - http.title:"index of" "properties.ini" - - http.title:"index of" "security.yml" - - http.title:"welcome to symfony" - google-query: - - intitle:"index of" "properties.ini" - - intitle:"index of" "security.yml" - - intitle:"welcome to symfony" - fofa-query: - - body="symfony profiler" - - title="index of" "properties.ini" - - title="index of" "security.yml" - - title="welcome to symfony" - tags: config,exposure,symfony,misconfig,sensiolabs + shodan-query: http.html:"symfony Profiler" + tags: config,exposure,symfony,misconfig http: - method: GET diff --git a/http/misconfiguration/syncthing-dashboard.yaml b/http/misconfiguration/syncthing-dashboard.yaml index 762ebaf7c2b..5d427ede372 100644 --- a/http/misconfiguration/syncthing-dashboard.yaml +++ b/http/misconfiguration/syncthing-dashboard.yaml @@ -15,7 +15,6 @@ info: vendor: syncthing product: syncthing shodan-query: http.html:'ng-app="syncthing"' - fofa-query: body='ng-app="syncthing"' tags: misconfig,syncthing,exposure http: diff --git a/http/misconfiguration/tasmota-config-webui.yaml b/http/misconfiguration/tasmota-config-webui.yaml index 0d813734724..08b29b289ec 100644 --- a/http/misconfiguration/tasmota-config-webui.yaml +++ b/http/misconfiguration/tasmota-config-webui.yaml @@ -14,12 +14,8 @@ info: max-request: 1 vendor: tasmota_project product: tasmota - shodan-query: - - http.title:"tasmota" - - cpe:"cpe:2.3:o:tasmota_project:tasmota" - fofa-query: title="tasmota" - google-query: intitle:"tasmota" - tags: misconfig,tasmota,exposure,config,tasmota_project + shodan-query: title:"Tasmota" + tags: misconfig,tasmota,exposure,config http: - method: GET diff --git a/http/misconfiguration/teamcity/teamcity-guest-login-enabled.yaml b/http/misconfiguration/teamcity/teamcity-guest-login-enabled.yaml index 6c6d343d88a..98cb5ec5397 100644 --- a/http/misconfiguration/teamcity/teamcity-guest-login-enabled.yaml +++ b/http/misconfiguration/teamcity/teamcity-guest-login-enabled.yaml @@ -17,13 +17,9 @@ info: metadata: verified: true max-request: 1 - vendor: jetbrains + shodan-query: http.component:"TeamCity" product: teamcity - shodan-query: - - http.component:"teamcity" - - http.title:"teamcity" - fofa-query: title=teamcity - google-query: intitle:teamcity + vendor: jetbrains tags: misconfig,teamcity,jetbrains http: diff --git a/http/misconfiguration/teamcity/teamcity-registration-enabled.yaml b/http/misconfiguration/teamcity/teamcity-registration-enabled.yaml index e49f3dce7e1..109d5ee6d96 100644 --- a/http/misconfiguration/teamcity/teamcity-registration-enabled.yaml +++ b/http/misconfiguration/teamcity/teamcity-registration-enabled.yaml @@ -16,13 +16,9 @@ info: metadata: verified: true max-request: 1 - vendor: jetbrains + shodan-query: http.component:"TeamCity" product: teamcity - shodan-query: - - http.component:"teamcity" - - http.title:"teamcity" - fofa-query: title=teamcity - google-query: intitle:teamcity + vendor: jetbrains tags: misconfig,auth-bypass,teamcity,jetbrains,intrusive http: diff --git a/http/misconfiguration/teslamate-unauth-access.yaml b/http/misconfiguration/teslamate-unauth-access.yaml index eeda78c8a31..6a27981677e 100644 --- a/http/misconfiguration/teslamate-unauth-access.yaml +++ b/http/misconfiguration/teslamate-unauth-access.yaml @@ -13,11 +13,9 @@ info: max-request: 1 vendor: teslamate_project product: teslamate - shodan-query: http.favicon.hash:"-1478287554" - fofa-query: - - title="teslamate" - - icon_hash=-1478287554 - tags: misconfig,teslamate,unauth,teslamate_project + shodan-query: http.favicon.hash:-1478287554 + fofa-query: title="teslamate" + tags: misconfig,teslamate,unauth http: - method: GET diff --git a/http/misconfiguration/thinkphp-errors.yaml b/http/misconfiguration/thinkphp-errors.yaml index fe8972525f6..5564fdaa804 100644 --- a/http/misconfiguration/thinkphp-errors.yaml +++ b/http/misconfiguration/thinkphp-errors.yaml @@ -12,16 +12,7 @@ info: max-request: 1 vendor: thinkphp product: thinkphp - fofa-query: - - app="thinkphp" && title="system error" - - app="thinkphp" - - header="think_lang" - - title="thinkphp" - shodan-query: - - cpe:"cpe:2.3:a:thinkphp:thinkphp" - - http.title:"thinkphp" - google-query: intitle:"thinkphp" - zoomeye-query: app="thinkphp" + fofa-query: app="ThinkPHP" && title="System Error" tags: thinkphp,misconfig,exposure http: diff --git a/http/misconfiguration/tomcat-stacktraces.yaml b/http/misconfiguration/tomcat-stacktraces.yaml index fa89dbf6300..1eab8911ec3 100644 --- a/http/misconfiguration/tomcat-stacktraces.yaml +++ b/http/misconfiguration/tomcat-stacktraces.yaml @@ -13,21 +13,7 @@ info: max-request: 1 vendor: apache product: tomcat - shodan-query: - - http.title:"apache tomcat" - - cpe:"cpe:2.3:a:apache:tomcat" - - http.component:"apache tomcat" - - http.html:"apache tomcat" - - http.html:"jk status manager" - - product:"tomcat" - fofa-query: - - body="apache tomcat" - - body="jk status manager" - - server=="apache tomcat" - - title="apache tomcat" - google-query: - - intitle:"apache tomcat" - - site:*/examples/jsp/snp/snoop.jsp + shodan-query: title:"Apache Tomcat" tags: misconfig,tech,tomcat,apache http: diff --git a/http/misconfiguration/transmission-dashboard.yaml b/http/misconfiguration/transmission-dashboard.yaml index dbf5e77bd07..fb6aa3dcbb3 100644 --- a/http/misconfiguration/transmission-dashboard.yaml +++ b/http/misconfiguration/transmission-dashboard.yaml @@ -15,12 +15,10 @@ info: metadata: verified: true max-request: 1 - vendor: transmissionbt + shodan-query: http.title:"Transmission Web Interface" product: transmission - shodan-query: http.title:"transmission web interface" - fofa-query: title="transmission web interface" - google-query: intitle:"transmission web interface" - tags: misconfig,transmission,exposure,dashboard,transmissionbt + vendor: transmissionbt + tags: misconfig,transmission,exposure,dashboard http: - method: GET diff --git a/http/misconfiguration/typo3-composer.yaml b/http/misconfiguration/typo3-composer.yaml index c2865521c21..6eb00b0ab2d 100644 --- a/http/misconfiguration/typo3-composer.yaml +++ b/http/misconfiguration/typo3-composer.yaml @@ -15,18 +15,7 @@ info: max-request: 1 vendor: typo3 product: typo3 - shodan-query: - - x-typo3-parsetime:"0ms" - - cpe:"cpe:2.3:a:typo3:typo3" - - http.component:"typo3" - - http.title:"installing typo3 cms" - - http.title:"typo3 exception" - fofa-query: - - title="installing typo3 cms" - - title="typo3 exception" - google-query: - - intitle:"installing typo3 cms" - - intitle:"typo3 exception" + shodan-query: "X-TYPO3-Parsetime: 0ms" tags: typo3,cms,exposure,misconfig http: diff --git a/http/misconfiguration/typo3-debug-mode.yaml b/http/misconfiguration/typo3-debug-mode.yaml index 060de4ca1f4..5311877ade4 100644 --- a/http/misconfiguration/typo3-debug-mode.yaml +++ b/http/misconfiguration/typo3-debug-mode.yaml @@ -12,18 +12,7 @@ info: max-request: 1 vendor: typo3 product: typo3 - shodan-query: - - http.title:"typo3 exception" - - cpe:"cpe:2.3:a:typo3:typo3" - - http.component:"typo3" - - http.title:"installing typo3 cms" - - x-typo3-parsetime:"0ms" - fofa-query: - - title="installing typo3 cms" - - title="typo3 exception" - google-query: - - intitle:"installing typo3 cms" - - intitle:"typo3 exception" + shodan-query: http.title:"TYPO3 Exception" tags: typo3,debug,misconfig http: diff --git a/http/misconfiguration/unauth-apache-kafka-ui.yaml b/http/misconfiguration/unauth-apache-kafka-ui.yaml index da80ed45d31..79ff6513083 100644 --- a/http/misconfiguration/unauth-apache-kafka-ui.yaml +++ b/http/misconfiguration/unauth-apache-kafka-ui.yaml @@ -15,18 +15,7 @@ info: max-request: 2 vendor: apache product: kafka - shodan-query: - - http.title:"ui for apache kafka" - - http.title:"kafka center" - - http.title:"kafka consumer offset monitor" - fofa-query: - - title="kafka center" - - title="kafka consumer offset monitor" - - title="ui for apache kafka" - google-query: - - intitle:"kafka center" - - intitle:"kafka consumer offset monitor" - - intitle:"ui for apache kafka" + shodan-query: http.title:"UI for Apache Kafka" tags: misconfig,apache,kafka,unauth,exposure http: diff --git a/http/misconfiguration/unauth-celery-flower.yaml b/http/misconfiguration/unauth-celery-flower.yaml index b94fbed4d72..e68e1cc7e1b 100644 --- a/http/misconfiguration/unauth-celery-flower.yaml +++ b/http/misconfiguration/unauth-celery-flower.yaml @@ -12,9 +12,8 @@ info: max-request: 1 vendor: flower_project product: flower - shodan-query: http.favicon.hash:"-374133142" - fofa-query: icon_hash=-374133142 - tags: celery,flower,unauth,misconfig,flower_project + shodan-query: http.favicon.hash:-374133142 + tags: celery,flower,unauth,misconfig http: - method: GET diff --git a/http/misconfiguration/unauth-etherpad.yaml b/http/misconfiguration/unauth-etherpad.yaml index 9337e5c5f8b..8f9da6a3428 100644 --- a/http/misconfiguration/unauth-etherpad.yaml +++ b/http/misconfiguration/unauth-etherpad.yaml @@ -13,10 +13,7 @@ info: max-request: 1 vendor: etherpad product: etherpad - shodan-query: - - http.html:"index.createopenpad" - - cpe:"cpe:2.3:a:etherpad:etherpad" - fofa-query: body="index.createopenpad" + shodan-query: http.html:"index.createOpenPad" tags: etherpad,misconfig,unauth http: diff --git a/http/misconfiguration/unauth-ldap-account-manager.yaml b/http/misconfiguration/unauth-ldap-account-manager.yaml index 25db55eb897..14c3a06abc7 100644 --- a/http/misconfiguration/unauth-ldap-account-manager.yaml +++ b/http/misconfiguration/unauth-ldap-account-manager.yaml @@ -12,10 +12,8 @@ info: max-request: 1 vendor: ldap-account-manager product: ldap_account_manager - shodan-query: http.title:"ldap account manager" - fofa-query: title="ldap account manager" - google-query: intitle:"ldap account manager" - tags: ldap,misconfig,unauth,ldap-account-manager + shodan-query: http.title:"LDAP Account Manager" + tags: ldap,misconfig,unauth http: - method: GET diff --git a/http/misconfiguration/unauth-mercurial.yaml b/http/misconfiguration/unauth-mercurial.yaml index a4ce6f89439..4a3f192026c 100644 --- a/http/misconfiguration/unauth-mercurial.yaml +++ b/http/misconfiguration/unauth-mercurial.yaml @@ -12,12 +12,7 @@ info: max-request: 1 vendor: mercurial product: mercurial - shodan-query: - - http.html:"mercurial repositories index" - - http.html:"hgignore" - fofa-query: - - body="hgignore" - - body="mercurial repositories index" + shodan-query: html:"Mercurial repositories index" tags: misconfig,unauth,mercurial http: diff --git a/http/misconfiguration/unauth-temporal-web-ui.yaml b/http/misconfiguration/unauth-temporal-web-ui.yaml index acaca2a087f..caef2566d33 100644 --- a/http/misconfiguration/unauth-temporal-web-ui.yaml +++ b/http/misconfiguration/unauth-temporal-web-ui.yaml @@ -15,10 +15,9 @@ info: metadata: verified: "true" max-request: 2 - vendor: temporal + shodan-query: http.favicon.hash:557327884 product: temporal - shodan-query: http.favicon.hash:"557327884" - fofa-query: icon_hash=557327884 + vendor: temporal tags: misconfig,temporal,unauth http: diff --git a/http/misconfiguration/unauthenticated-alert-manager.yaml b/http/misconfiguration/unauthenticated-alert-manager.yaml index 79301583bde..4b68efc0f6a 100644 --- a/http/misconfiguration/unauthenticated-alert-manager.yaml +++ b/http/misconfiguration/unauthenticated-alert-manager.yaml @@ -11,10 +11,8 @@ info: max-request: 1 vendor: prometheus product: alertmanager - shodan-query: http.title:"alertmanager" - fofa-query: title="alertmanager" - google-query: intitle:"alertmanager" - tags: unauth,alertmanager,misconfig,prometheus + shodan-query: http.title:"Alertmanager" + tags: unauth,alertmanager,misconfig http: - method: GET diff --git a/http/misconfiguration/unauthenticated-mongo-express.yaml b/http/misconfiguration/unauthenticated-mongo-express.yaml index 2a0846947b9..ee24119dd5f 100644 --- a/http/misconfiguration/unauthenticated-mongo-express.yaml +++ b/http/misconfiguration/unauthenticated-mongo-express.yaml @@ -14,16 +14,8 @@ info: max-request: 3 vendor: mongo-express_project product: mongo-express - shodan-query: - - http.title:"home - mongo express" - - http.title:"mongo express" - fofa-query: - - title="home - mongo express" - - title="mongo express" - google-query: - - intitle:"home - mongo express" - - intitle:"mongo express" - tags: mongo,unauth,edb,misconfig,mongo-express_project + shodan-query: title:"Home - Mongo Express" + tags: mongo,unauth,edb,misconfig http: - method: GET diff --git a/http/misconfiguration/unauthorized-h3csecparh-login.yaml b/http/misconfiguration/unauthorized-h3csecparh-login.yaml index 08d3255caf4..58d63a39732 100644 --- a/http/misconfiguration/unauthorized-h3csecparh-login.yaml +++ b/http/misconfiguration/unauthorized-h3csecparh-login.yaml @@ -12,10 +12,8 @@ info: max-request: 1 vendor: h3c product: secpath_f5060 - shodan-query: http.html:"h3c-secpath-运维审计系统" - fofa-query: - - app="h3c-secpath-运维审计系统" && body="2018" - - body="h3c-secpath-运维审计系统" + shodan-query: http.html:"H3C-SecPath-运维审计系统" + fofa-query: app="H3C-SecPath-运维审计系统" && body="2018" tags: h3c,default-login,unauth,misconfig http: diff --git a/http/misconfiguration/untangle-admin-setup.yaml b/http/misconfiguration/untangle-admin-setup.yaml index afa74b810ad..e5e25d51dd1 100644 --- a/http/misconfiguration/untangle-admin-setup.yaml +++ b/http/misconfiguration/untangle-admin-setup.yaml @@ -12,16 +12,8 @@ info: max-request: 1 vendor: untangle product: ng_firewall - shodan-query: - - http.title:"setup wizard" html:"untangle" - - http.title:"untangle administrator login" - fofa-query: - - title="setup wizard" && "untangle" - - title="setup wizard" html:"untangle" - - title="untangle administrator login" - google-query: - - intitle:"setup wizard" html:"untangle" - - intitle:"untangle administrator login" + shodan-query: title:"Setup Wizard" html:"untangle" + fofa-query: title="Setup Wizard" && "untangle" tags: misconfig,untangle,admin,setup http: diff --git a/http/misconfiguration/zabbix-error.yaml b/http/misconfiguration/zabbix-error.yaml index 629bd14d383..dad915752e7 100644 --- a/http/misconfiguration/zabbix-error.yaml +++ b/http/misconfiguration/zabbix-error.yaml @@ -12,11 +12,9 @@ info: cpe: cpe:2.3:a:zabbix:zabbix_server:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: zabbix + shodan-query: http.title:"Warning [refreshed every 30 sec.]" product: zabbix_server - shodan-query: http.title:"warning [refreshed every 30 sec.]" - fofa-query: title="warning [refreshed every 30 sec.]" - google-query: intitle:"warning [refreshed every 30 sec.]" + vendor: zabbix tags: zabbix,misconfig http: diff --git a/http/technologies/4D-detect.yaml b/http/technologies/4D-detect.yaml index 30cd4e3c06e..e236bc03321 100644 --- a/http/technologies/4D-detect.yaml +++ b/http/technologies/4D-detect.yaml @@ -16,9 +16,8 @@ info: max-request: 1 vendor: 4d product: 4d - shodan-query: http.html:"4daction/" - fofa-query: body="4daction/" - tags: 4D,detect,tech,4d + shodan-query: http.html:"4DACTION/" + tags: 4D,detect,tech http: - method: GET diff --git a/http/technologies/accellion-detect.yaml b/http/technologies/accellion-detect.yaml index 10eb294ae8d..ca99d0a4acd 100644 --- a/http/technologies/accellion-detect.yaml +++ b/http/technologies/accellion-detect.yaml @@ -1,17 +1,17 @@ id: accellion-detect -info: - name: Accellion - Detect - author: rxerium - severity: info - description: | - Dectection of Accellion File Transfer Appliance. - metadata: - verified: true - max-request: 1 - shodan-query: html:"/cfadmin/img/" - tags: accellion,tech,detect - +info: + name: Accellion - Detect + author: rxerium + severity: info + description: | + Dectection of Accellion File Transfer Appliance. + metadata: + verified: true + max-request: 1 + shodan-query: html:"/cfadmin/img/" + tags: accellion,tech,detect + http: - method: GET path: diff --git a/http/technologies/activecollab-detect.yaml b/http/technologies/activecollab-detect.yaml index ef686e3dda4..50114b3cff3 100644 --- a/http/technologies/activecollab-detect.yaml +++ b/http/technologies/activecollab-detect.yaml @@ -10,10 +10,7 @@ info: max-request: 1 vendor: activecollab product: activecollab - fofa-query: - - app="activecollab" - - body="activecollab installer" - shodan-query: http.html:"activecollab installer" + fofa-query: app="ActiveCollab" tags: acsoft,tech,activecollab http: diff --git a/http/technologies/adobe/adobe-coldfusion-detect.yaml b/http/technologies/adobe/adobe-coldfusion-detect.yaml index aa469e78e50..bf4aa3fb044 100644 --- a/http/technologies/adobe/adobe-coldfusion-detect.yaml +++ b/http/technologies/adobe/adobe-coldfusion-detect.yaml @@ -12,14 +12,7 @@ info: max-request: 6 vendor: adobe product: coldfusion - shodan-query: - - http.component:"adobe coldfusion" - - cpe:"cpe:2.3:a:adobe:coldfusion" - - http.title:"coldfusion administrator login" - fofa-query: - - app="adobe-coldfusion" - - title="coldfusion administrator login" - google-query: intitle:"coldfusion administrator login" + shodan-query: http.component:"Adobe ColdFusion" tags: adobe,coldfusion,tech http: diff --git a/http/technologies/adobe/adobe-coldfusion-error-detect.yaml b/http/technologies/adobe/adobe-coldfusion-error-detect.yaml index ec7bade2a42..6e9e56da9ca 100644 --- a/http/technologies/adobe/adobe-coldfusion-error-detect.yaml +++ b/http/technologies/adobe/adobe-coldfusion-error-detect.yaml @@ -14,14 +14,7 @@ info: max-request: 1 vendor: adobe product: coldfusion - shodan-query: - - http.component:"adobe coldfusion" - - cpe:"cpe:2.3:a:adobe:coldfusion" - - http.title:"coldfusion administrator login" - fofa-query: - - app="adobe-coldfusion" - - title="coldfusion administrator login" - google-query: intitle:"coldfusion administrator login" + shodan-query: http.component:"Adobe ColdFusion" tags: adobe,coldfusion,tech http: diff --git a/http/technologies/aem-detect.yaml b/http/technologies/aem-detect.yaml index 609c1adb9b9..76fa168bda9 100644 --- a/http/technologies/aem-detect.yaml +++ b/http/technologies/aem-detect.yaml @@ -16,12 +16,7 @@ info: max-request: 1 vendor: adobe product: experience_manager - shodan-query: - - http.component:"adobe experience manager" - - cpe:"cpe:2.3:a:adobe:experience_manager" - - http.title:"aem sign in" - fofa-query: title="aem sign in" - google-query: intitle:"aem sign in" + shodan-query: http.component:"Adobe Experience Manager" tags: aem,favicon,tech,adobe http: diff --git a/http/technologies/aerocms-detect.yaml b/http/technologies/aerocms-detect.yaml index 09365e56b41..264b9148cf3 100644 --- a/http/technologies/aerocms-detect.yaml +++ b/http/technologies/aerocms-detect.yaml @@ -11,12 +11,9 @@ info: max-request: 1 vendor: aerocms_project product: aerocms - shodan-query: http.title:"aerocms" - fofa-query: - - aerocms - - title="aerocms" - google-query: intitle:"aerocms" - tags: tech,aerocms,aerocms_project + shodan-query: title:"AeroCMS" + fofa-query: "AeroCMS" + tags: tech,aerocms http: - method: GET diff --git a/http/technologies/angular-detect.yaml b/http/technologies/angular-detect.yaml index 13d9fb59cac..3ff82cfe2fe 100644 --- a/http/technologies/angular-detect.yaml +++ b/http/technologies/angular-detect.yaml @@ -14,14 +14,7 @@ info: max-request: 1 vendor: angular product: angular - shodan-query: - - http.html:"ng-version=" - - cpe:"cpe:2.3:a:angularjs:angular" - - http.html:"angular-cli.json" - - http.html:"angular.json" - fofa-query: - - body="angular-cli.json" - - body="angular.json" + shodan-query: html:"ng-version=" tags: tech,angular http: diff --git a/http/technologies/apache/airflow-detect.yaml b/http/technologies/apache/airflow-detect.yaml index 846472da901..98bb4f8e0d7 100644 --- a/http/technologies/apache/airflow-detect.yaml +++ b/http/technologies/apache/airflow-detect.yaml @@ -11,22 +11,7 @@ info: max-request: 1 vendor: apache product: airflow - shodan-query: - - http.html:"apache airflow" - - http.title:"airflow - dags" - - http.title:"airflow - dags" || http.html:"apache airflow" - - http.title:"sign in - airflow" - - product:"redis" - fofa-query: - - apache airflow - - body="apache airflow" - - title="airflow - dags" - - title="airflow - dags" || http.html:"apache airflow" - - title="sign in - airflow" - google-query: - - intitle:"airflow - dags" - - intitle:"airflow - dags" || http.html:"apache airflow" - - intitle:"sign in - airflow" + shodan-query: http.html:"Apache Airflow" tags: tech,apache,airflow,intrusive http: diff --git a/http/technologies/apache/apache-allura-detect.yaml b/http/technologies/apache/apache-allura-detect.yaml index db0156bf698..152e981e663 100644 --- a/http/technologies/apache/apache-allura-detect.yaml +++ b/http/technologies/apache/apache-allura-detect.yaml @@ -11,12 +11,11 @@ info: classification: cpe: cpe:2.3:a:apache:allura:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 1 vendor: apache product: allura - fofa-query: body="apache allura" - shodan-query: http.html:"apache allura" + verified: true + fofa-query: body="Apache Allura" tags: tech,allura,apache,detect http: diff --git a/http/technologies/apache/apache-answer-detect.yaml b/http/technologies/apache/apache-answer-detect.yaml index ac823bff075..e3eea3b9b4c 100644 --- a/http/technologies/apache/apache-answer-detect.yaml +++ b/http/technologies/apache/apache-answer-detect.yaml @@ -15,7 +15,7 @@ info: max-request: 1 vendor: apache product: answer - shodan-query: http.favicon.hash:"523757057" + shodan-query: http.favicon.hash:523757057 fofa-query: icon_hash="523757057" tags: detect,tech,apache diff --git a/http/technologies/apache/apache-axis-detect.yaml b/http/technologies/apache/apache-axis-detect.yaml index d6029bb864c..e0639de4be7 100644 --- a/http/technologies/apache/apache-axis-detect.yaml +++ b/http/technologies/apache/apache-axis-detect.yaml @@ -12,8 +12,7 @@ info: max-request: 3 vendor: apache product: axis - shodan-query: http.html:"apache axis" - fofa-query: body="apache axis" + shodan-query: http.html:"Apache Axis" tags: tech,axis2,middleware,apache http: diff --git a/http/technologies/apache/apache-cloudstack-detect.yaml b/http/technologies/apache/apache-cloudstack-detect.yaml index 378d96c344c..787f3f47a02 100644 --- a/http/technologies/apache/apache-cloudstack-detect.yaml +++ b/http/technologies/apache/apache-cloudstack-detect.yaml @@ -8,14 +8,9 @@ info: classification: cpe: cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:* metadata: - max-request: 1 vendor: apache product: cloudstack - shodan-query: http.title:"apache cloudstack" - fofa-query: - - app="apache-cloudstack" - - title="apache cloudstack" - google-query: intitle:"apache cloudstack" + shodan-query: http.title:"Apache CloudStack" tags: tech,apache,cloudstack http: diff --git a/http/technologies/apache/apache-cocoon-detect.yaml b/http/technologies/apache/apache-cocoon-detect.yaml index b8917469fa9..1cca0d34882 100644 --- a/http/technologies/apache/apache-cocoon-detect.yaml +++ b/http/technologies/apache/apache-cocoon-detect.yaml @@ -11,10 +11,8 @@ info: max-request: 1 vendor: apache product: cocoon - shodan-query: http.html:"apache cocoon" - fofa-query: - - app="apache-cocoon" - - body="apache cocoon" + shodan-query: http.html:"Apache Cocoon" + fofa-query: app="APACHE-Cocoon" tags: apache,cocoon,tech http: diff --git a/http/technologies/apache/apache-dubbo-detect.yaml b/http/technologies/apache/apache-dubbo-detect.yaml index 15810100a53..fb01da8da77 100644 --- a/http/technologies/apache/apache-dubbo-detect.yaml +++ b/http/technologies/apache/apache-dubbo-detect.yaml @@ -10,7 +10,7 @@ info: max-request: 1 vendor: apache product: dubbo - fofa-query: app="apache-dubbo" + fofa-query: app="APACHE-dubbo" tags: apache,dubbo,tech http: diff --git a/http/technologies/apache/apache-gravitino-detect.yaml b/http/technologies/apache/apache-gravitino-detect.yaml index fd10c7f9eb4..ceff0179725 100644 --- a/http/technologies/apache/apache-gravitino-detect.yaml +++ b/http/technologies/apache/apache-gravitino-detect.yaml @@ -10,9 +10,7 @@ info: max-request: 1 vendor: apache product: gravitino - shodan-query: http.title:"gravitino" - fofa-query: title="gravitino" - google-query: intitle:"gravitino" + shodan-query: title:"Gravitino" tags: tech,gravitino,apache,detect http: diff --git a/http/technologies/apache/apache-hertzbeat-detect.yaml b/http/technologies/apache/apache-hertzbeat-detect.yaml index 61fc7c837d8..6265269d035 100644 --- a/http/technologies/apache/apache-hertzbeat-detect.yaml +++ b/http/technologies/apache/apache-hertzbeat-detect.yaml @@ -12,7 +12,7 @@ info: max-request: 1 vendor: apache product: hertzbeat - shodan-query: http.title:"hertzbeat" + shodan-query: title:"HertzBeat" tags: tech,hertzbeat,apache,detect http: diff --git a/http/technologies/apache/apache-jspwiki-detect.yaml b/http/technologies/apache/apache-jspwiki-detect.yaml index e86b11feedd..ea5b92837b0 100644 --- a/http/technologies/apache/apache-jspwiki-detect.yaml +++ b/http/technologies/apache/apache-jspwiki-detect.yaml @@ -12,11 +12,7 @@ info: max-request: 1 vendor: apache product: jspwiki - shodan-query: - - http.title:"jspwiki" - - cpe:"cpe:2.3:a:apache:jspwiki" - fofa-query: title="jspwiki" - google-query: intitle:"jspwiki" + shodan-query: title:"JSPWiki" tags: tech,jspwiki,apache,detect http: diff --git a/http/technologies/apache/apache-ofbiz-detect.yaml b/http/technologies/apache/apache-ofbiz-detect.yaml index 6120cc7bb52..777e29aa471 100644 --- a/http/technologies/apache/apache-ofbiz-detect.yaml +++ b/http/technologies/apache/apache-ofbiz-detect.yaml @@ -13,13 +13,7 @@ info: max-request: 1 vendor: apache product: ofbiz - fofa-query: - - app="apache_ofbiz" - - body="apache ofbiz" - shodan-query: - - http.html:"apache ofbiz" - - http.html:"ofbiz" - - ofbiz.visitor= + fofa-query: app="Apache_OFBiz" tags: tech,detect,ofbiz,apache http: diff --git a/http/technologies/apache/apache-ozone-detect.yaml b/http/technologies/apache/apache-ozone-detect.yaml index ce560d6caef..06577bf46e7 100644 --- a/http/technologies/apache/apache-ozone-detect.yaml +++ b/http/technologies/apache/apache-ozone-detect.yaml @@ -12,9 +12,7 @@ info: max-request: 1 vendor: apache product: ozone - shodan-query: http.title:"apache ozone" - fofa-query: title="apache ozone" - google-query: intitle:"apache ozone" + shodan-query: title:"Apache Ozone" tags: tech,ozone,apache,detect http: diff --git a/http/technologies/apache/apache-pinot-detect.yaml b/http/technologies/apache/apache-pinot-detect.yaml index 99a6ab52770..4f043475960 100644 --- a/http/technologies/apache/apache-pinot-detect.yaml +++ b/http/technologies/apache/apache-pinot-detect.yaml @@ -9,13 +9,11 @@ info: classification: cpe: cpe:2.3:a:apache:pinot:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 1 + verified: true vendor: apache product: pinot - shodan-query: http.title:"apache pinot" - fofa-query: title="apache pinot" - google-query: intitle:"apache pinot" + shodan-query: title:"Apache Pinot" tags: tech,pinot,apache,detect http: diff --git a/http/technologies/apache/apache-shenyu-detect.yaml b/http/technologies/apache/apache-shenyu-detect.yaml index 5446b0e4ac4..f05e0c47a94 100644 --- a/http/technologies/apache/apache-shenyu-detect.yaml +++ b/http/technologies/apache/apache-shenyu-detect.yaml @@ -10,9 +10,7 @@ info: max-request: 1 vendor: apache product: shenyu - shodan-query: http.title:"shenyu" - fofa-query: title="shenyu" - google-query: intitle:"shenyu" + shodan-query: title:"shenyu" tags: tech,shenyu,apache,detect http: diff --git a/http/technologies/apache/apache-streampipes-detect.yaml b/http/technologies/apache/apache-streampipes-detect.yaml index 7c294ff1c7d..f889caf559b 100644 --- a/http/technologies/apache/apache-streampipes-detect.yaml +++ b/http/technologies/apache/apache-streampipes-detect.yaml @@ -13,9 +13,8 @@ info: max-request: 3 vendor: apache product: streampipes - shodan-query: http.title:"apache streampipes" + shodan-query: title:"apache streampipes" fofa-query: title="apache streampipes" - google-query: intitle:"apache streampipes" tags: tech,apache,streampipes,detect http: diff --git a/http/technologies/apache/apache-tapestry-detect.yaml b/http/technologies/apache/apache-tapestry-detect.yaml index 1cb7097424e..fe71b3a471d 100644 --- a/http/technologies/apache/apache-tapestry-detect.yaml +++ b/http/technologies/apache/apache-tapestry-detect.yaml @@ -10,7 +10,7 @@ info: max-request: 1 vendor: apache product: tapestry - fofa-query: app="apache-tapestry" + fofa-query: app="APACHE-Tapestry" tags: apache,tapestry,tech http: diff --git a/http/technologies/apache/apache-zeppelin-detect.yaml b/http/technologies/apache/apache-zeppelin-detect.yaml index e3fa560d156..2bbef2fe7e1 100644 --- a/http/technologies/apache/apache-zeppelin-detect.yaml +++ b/http/technologies/apache/apache-zeppelin-detect.yaml @@ -10,11 +10,7 @@ info: max-request: 1 vendor: apache product: zeppelin - fofa-query: - - app="apache-zeppelin" - - title="zeppelin" - shodan-query: http.title:"zeppelin" - google-query: intitle:"zeppelin" + fofa-query: app="APACHE-Zeppelin" tags: apache,zeppelin,tech http: diff --git a/http/technologies/apache/default-apache-test-all.yaml b/http/technologies/apache/default-apache-test-all.yaml index 83719dedf72..5d9876bfe2e 100644 --- a/http/technologies/apache/default-apache-test-all.yaml +++ b/http/technologies/apache/default-apache-test-all.yaml @@ -11,23 +11,7 @@ info: max-request: 1 vendor: apache product: http_server - shodan-query: - - http.title:"apache+default","apache+http+server+test","apache2+it+works" - - apache 2.4.49 - - cpe:"cpe:2.3:a:apache:http_server" - - http.title:"apache http server test page powered by centos" - - http.title:"apache2 debian default page:" - - http.title:"test page for the ssl/tls-aware apache installation on web site" - fofa-query: - - title="apache http server test page powered by centos" - - title="apache+default","apache+http+server+test","apache2+it+works" - - title="apache2 debian default page:" - - title="test page for the ssl/tls-aware apache installation on web site" - google-query: - - intitle:"apache http server test page powered by centos" - - intitle:"apache+default","apache+http+server+test","apache2+it+works" - - intitle:"apache2 debian default page:" - - intitle:"test page for the ssl/tls-aware apache installation on web site" + shodan-query: http.title:"Apache+Default","Apache+HTTP+Server+Test","Apache2+It+works" tags: tech,apache http: diff --git a/http/technologies/apache/default-apache-test-page.yaml b/http/technologies/apache/default-apache-test-page.yaml index 64c91b1ac7a..bc7bacee812 100644 --- a/http/technologies/apache/default-apache-test-page.yaml +++ b/http/technologies/apache/default-apache-test-page.yaml @@ -10,23 +10,7 @@ info: max-request: 1 vendor: apache product: http_server - shodan-query: - - http.title:"apache http server test page powered by centos" - - apache 2.4.49 - - cpe:"cpe:2.3:a:apache:http_server" - - http.title:"apache+default","apache+http+server+test","apache2+it+works" - - http.title:"apache2 debian default page:" - - http.title:"test page for the ssl/tls-aware apache installation on web site" - fofa-query: - - title="apache http server test page powered by centos" - - title="apache+default","apache+http+server+test","apache2+it+works" - - title="apache2 debian default page:" - - title="test page for the ssl/tls-aware apache installation on web site" - google-query: - - intitle:"apache http server test page powered by centos" - - intitle:"apache+default","apache+http+server+test","apache2+it+works" - - intitle:"apache2 debian default page:" - - intitle:"test page for the ssl/tls-aware apache installation on web site" + shodan-query: http.title:"Apache HTTP Server Test Page powered by CentOS" tags: tech,apache http: diff --git a/http/technologies/apache/default-apache2-page.yaml b/http/technologies/apache/default-apache2-page.yaml index 8d408218e03..cd58a0b7495 100644 --- a/http/technologies/apache/default-apache2-page.yaml +++ b/http/technologies/apache/default-apache2-page.yaml @@ -10,23 +10,7 @@ info: max-request: 1 vendor: apache product: http_server - shodan-query: - - http.title:"apache2 debian default page:" - - apache 2.4.49 - - cpe:"cpe:2.3:a:apache:http_server" - - http.title:"apache http server test page powered by centos" - - http.title:"apache+default","apache+http+server+test","apache2+it+works" - - http.title:"test page for the ssl/tls-aware apache installation on web site" - fofa-query: - - title="apache http server test page powered by centos" - - title="apache+default","apache+http+server+test","apache2+it+works" - - title="apache2 debian default page:" - - title="test page for the ssl/tls-aware apache installation on web site" - google-query: - - intitle:"apache http server test page powered by centos" - - intitle:"apache+default","apache+http+server+test","apache2+it+works" - - intitle:"apache2 debian default page:" - - intitle:"test page for the ssl/tls-aware apache installation on web site" + shodan-query: http.title:"Apache2 Debian Default Page:" tags: tech,apache http: diff --git a/http/technologies/apache/ranger-detection.yaml b/http/technologies/apache/ranger-detection.yaml index 7966c4f10f1..fa35098c842 100644 --- a/http/technologies/apache/ranger-detection.yaml +++ b/http/technologies/apache/ranger-detection.yaml @@ -11,9 +11,7 @@ info: max-request: 2 vendor: apache product: ranger - shodan-query: http.title:"ranger - sign in" - fofa-query: title="ranger - sign in" - google-query: intitle:"ranger - sign in" + shodan-query: http.title:"Ranger - Sign In" tags: tech,apache,ranger http: diff --git a/http/technologies/apache/tomcat-detect.yaml b/http/technologies/apache/tomcat-detect.yaml index 02a689ba10a..40a538b76a7 100644 --- a/http/technologies/apache/tomcat-detect.yaml +++ b/http/technologies/apache/tomcat-detect.yaml @@ -12,20 +12,14 @@ info: vendor: apache product: tomcat shodan-query: + - title:"Apache Tomcat" - http.title:"apache tomcat" - http.html:"apache tomcat" - cpe:"cpe:2.3:a:apache:tomcat" - - http.component:"apache tomcat" - - http.html:"jk status manager" - - product:"tomcat" fofa-query: - body="apache tomcat" - title="apache tomcat" - - body="jk status manager" - - server=="apache tomcat" - google-query: - - intitle:"apache tomcat" - - site:*/examples/jsp/snp/snoop.jsp + google-query: intitle:"apache tomcat" tags: tech,tomcat,apache,intrusive http: diff --git a/http/technologies/apache/xampp-default-page.yaml b/http/technologies/apache/xampp-default-page.yaml index 49c619b8a99..afafc3d148b 100644 --- a/http/technologies/apache/xampp-default-page.yaml +++ b/http/technologies/apache/xampp-default-page.yaml @@ -10,10 +10,8 @@ info: max-request: 1 vendor: apachefriends product: xampp - shodan-query: http.title:"xampp" - fofa-query: title="xampp" - google-query: intitle:"xampp" - tags: tech,php,xampp,apache,apachefriends + shodan-query: http.title:"XAMPP" + tags: tech,php,xampp,apache http: - method: GET diff --git a/http/technologies/appcms-detect.yaml b/http/technologies/appcms-detect.yaml index 8966e763c80..eaa04df7c8e 100644 --- a/http/technologies/appcms-detect.yaml +++ b/http/technologies/appcms-detect.yaml @@ -10,8 +10,7 @@ info: max-request: 1 vendor: appcms product: appcms - shodan-query: http.html:"powerd by appcms" - fofa-query: body="powerd by appcms" + shodan-query: http.html:"Powerd by AppCMS" tags: tech,appcms http: diff --git a/http/technologies/arcgis-tokens.yaml b/http/technologies/arcgis-tokens.yaml index a4915be0ccd..49f02bdf1dc 100644 --- a/http/technologies/arcgis-tokens.yaml +++ b/http/technologies/arcgis-tokens.yaml @@ -14,7 +14,9 @@ info: max-request: 1 vendor: esri product: arcgis_server - shodan-query: http.title:"arcgis" + shodan-query: + - title:"ArcGIS" + - http.title:"arcgis" fofa-query: title="arcgis" google-query: intitle:"arcgis" tags: tech,arcgis,tokens,detect,esri diff --git a/http/technologies/autobahn-python-detect.yaml b/http/technologies/autobahn-python-detect.yaml index 16ca945c46c..e2c914c4020 100644 --- a/http/technologies/autobahn-python-detect.yaml +++ b/http/technologies/autobahn-python-detect.yaml @@ -10,8 +10,8 @@ info: max-request: 1 vendor: crossbar product: autobahn - shodan-query: autobahnpython - tags: tech,webserver,crossbar + shodan-query: "AutobahnPython" + tags: tech,webserver http: - method: GET diff --git a/http/technologies/avideo-detect.yaml b/http/technologies/avideo-detect.yaml index 138a908fb0a..41f26515809 100644 --- a/http/technologies/avideo-detect.yaml +++ b/http/technologies/avideo-detect.yaml @@ -11,14 +11,9 @@ info: max-request: 1 vendor: wwbn product: avideo - shodan-query: - - http.title:"avideo" - - http.html:"avideo" - fofa-query: - - avideo - - title="avideo" - google-query: intitle:"avideo" - tags: tech,avideo,wwbn + shodan-query: http.title:"AVideo" + fofa-query: "AVideo" + tags: tech,avideo http: - method: GET diff --git a/http/technologies/b2b-builder-detect.yaml b/http/technologies/b2b-builder-detect.yaml index 8c424a65c67..3a3ba25b424 100644 --- a/http/technologies/b2b-builder-detect.yaml +++ b/http/technologies/b2b-builder-detect.yaml @@ -10,8 +10,8 @@ info: max-request: 1 vendor: itechscripts product: b2b_script - fofa-query: app="b2bbuilder" - tags: b2bbuilder,tech,itechscripts + fofa-query: app="B2BBuilder" + tags: b2bbuilder,tech http: - method: GET diff --git a/http/technologies/bamboo-detect.yaml b/http/technologies/bamboo-detect.yaml index 62e1edcb282..3f17620b328 100644 --- a/http/technologies/bamboo-detect.yaml +++ b/http/technologies/bamboo-detect.yaml @@ -13,21 +13,8 @@ info: max-request: 1 vendor: atlassian product: bamboo - shodan-query: - - http.favicon.hash:"-1379982221" - - http.title:"bamboo setup wizard" - - http.title:"bamboo" - - http.title:"build dashboard - atlassian bamboo" + shodan-query: http.favicon.hash:-1379982221 category: devops - fofa-query: - - icon_hash=-1379982221 - - title="bamboo setup wizard" - - title="bamboo" - - title="build dashboard - atlassian bamboo" - google-query: - - intitle:"bamboo setup wizard" - - intitle:"bamboo" - - intitle:"build dashboard - atlassian bamboo" tags: tech,bamboo,atlassian,detect,cicd http: diff --git a/http/technologies/bigbluebutton-detect.yaml b/http/technologies/bigbluebutton-detect.yaml index 0d0089ab9b4..9058c9d764f 100644 --- a/http/technologies/bigbluebutton-detect.yaml +++ b/http/technologies/bigbluebutton-detect.yaml @@ -10,9 +10,7 @@ info: max-request: 1 vendor: bigbluebutton product: bigbluebutton - shodan-query: http.title:"bigbluebutton" - fofa-query: title="bigbluebutton" - google-query: intitle:"bigbluebutton" + shodan-query: http.title:"BigBlueButton" tags: tech,bigbluebutton http: diff --git a/http/technologies/bigip-apm-detect.yaml b/http/technologies/bigip-apm-detect.yaml index b63912e93f6..e814cd28ce4 100644 --- a/http/technologies/bigip-apm-detect.yaml +++ b/http/technologies/bigip-apm-detect.yaml @@ -13,13 +13,7 @@ info: max-request: 2 vendor: f5 product: big-ip_access_policy_manager - shodan-query: - - http.html:"big-ip apm" - - http.title:"big-ip®-+redirect" +"server" - fofa-query: - - body="big-ip apm" - - title="big-ip®-+redirect" +"server" - google-query: intitle:"big-ip®-+redirect" +"server" + shodan-query: html:"BIG-IP APM" tags: bigip,tech,f5,detect http: diff --git a/http/technologies/boa-web-server.yaml b/http/technologies/boa-web-server.yaml index e3937103336..c0a5e6904d4 100644 --- a/http/technologies/boa-web-server.yaml +++ b/http/technologies/boa-web-server.yaml @@ -16,9 +16,9 @@ info: metadata: verified: true max-request: 1 - vendor: boa + shodan-query: "Server: Boa/" product: boa - shodan-query: server:"boa/" + vendor: boa tags: boa,tech http: diff --git a/http/technologies/burp-collaborator-detect.yaml b/http/technologies/burp-collaborator-detect.yaml index a1ba513d910..06114291388 100644 --- a/http/technologies/burp-collaborator-detect.yaml +++ b/http/technologies/burp-collaborator-detect.yaml @@ -16,10 +16,10 @@ info: metadata: verified: true max-request: 1 - vendor: portswigger + shodan-query: "Server: Burp Collaborator" product: burp_suite - shodan-query: server:"burp collaborator" - tags: burp,tech,detect,portswigger + vendor: portswigger + tags: burp,tech,detect http: - method: GET diff --git a/http/technologies/caobox-cms-detect.yaml b/http/technologies/caobox-cms-detect.yaml index 86f2ca4e13c..798a7ceccec 100644 --- a/http/technologies/caobox-cms-detect.yaml +++ b/http/technologies/caobox-cms-detect.yaml @@ -1,17 +1,19 @@ id: caobox-cms-detect -info: - name: Caobox CMS - Detect - author: Chirag Mistry - severity: info - description: | - Detects instances of Caobox CMS based on unique fingerprints and identifiers. - metadata: - verified: true - max-request: 1 - shodan-query: '[http.component:"Caobox" http.component:"caobox" cpe:"cpe:2.3:a:caobox:caobox"]' - tags: detect,caobox,cms,tech - +info: + name: Caobox CMS - Detect + author: Chirag Mistry + severity: info + description: | + Detects instances of Caobox CMS based on unique fingerprints and identifiers. + metadata: + verified: true + shodan-query: + - http.component:"Caobox" + - http.component:"caobox" + - cpe:"cpe:2.3:a:caobox:caobox" + tags: detect,caobox,cms,tech + http: - method: GET path: diff --git a/http/technologies/casaos-detection.yaml b/http/technologies/casaos-detection.yaml index 0d793721447..20a230029cd 100644 --- a/http/technologies/casaos-detection.yaml +++ b/http/technologies/casaos-detection.yaml @@ -12,13 +12,9 @@ info: max-request: 1 vendor: icewhale product: casaos - shodan-query: - - http.html:"/casaos-ui/public/index.html" - - http.html:"casaos" - fofa-query: - - body="/casaos-ui/public/index.html" - - body="casaos" - tags: casaos,tech,oss,icewhale + shodan-query: http.html:"/CasaOS-UI/public/index.html" + fofa-query: body="/CasaOS-UI/public/index.html" + tags: casaos,tech,oss http: - method: GET diff --git a/http/technologies/checkpoint-mobile-detect.yaml b/http/technologies/checkpoint-mobile-detect.yaml index 0d08466f54f..4bf3248b540 100644 --- a/http/technologies/checkpoint-mobile-detect.yaml +++ b/http/technologies/checkpoint-mobile-detect.yaml @@ -15,8 +15,7 @@ info: max-request: 1 vendor: checkpoint product: mobile_access_portal_agent - shodan-query: http.html:"check point mobile" - fofa-query: body="check point mobile" + shodan-query: http.html:"Check Point Mobile" tags: panel,checkpoint,detect http: diff --git a/http/technologies/chevereto-detect.yaml b/http/technologies/chevereto-detect.yaml index 94b07f725b9..8ec058678e8 100644 --- a/http/technologies/chevereto-detect.yaml +++ b/http/technologies/chevereto-detect.yaml @@ -10,9 +10,7 @@ info: max-request: 1 vendor: chevereto product: chevereto - shodan-query: http.title:"centreon" - fofa-query: title="centreon" - google-query: intitle:"centreon" + shodan-query: http.title:"Centreon" tags: tech,chevereto http: diff --git a/http/technologies/citrix-hypervisor-page.yaml b/http/technologies/citrix-hypervisor-page.yaml index 48442b3f3b4..79583524ca0 100644 --- a/http/technologies/citrix-hypervisor-page.yaml +++ b/http/technologies/citrix-hypervisor-page.yaml @@ -11,9 +11,7 @@ info: max-request: 1 vendor: citrix product: hypervisor - shodan-query: http.title:"welcome to citrix hypervisor" - fofa-query: title="welcome to citrix hypervisor" - google-query: intitle:"welcome to citrix hypervisor" + shodan-query: http.title:"Welcome to Citrix Hypervisor" tags: tech,citrix,default-page http: diff --git a/http/technologies/citrix-xenmobile-version.yaml b/http/technologies/citrix-xenmobile-version.yaml index 774b3d876e6..4e97055908e 100644 --- a/http/technologies/citrix-xenmobile-version.yaml +++ b/http/technologies/citrix-xenmobile-version.yaml @@ -13,15 +13,7 @@ info: max-request: 2 vendor: citrix product: xenmobile_server - shodan-query: - - http.title:"xenmobile - console" - - http.title:"xenmobile" - fofa-query: - - title="xenmobile - console" - - title="xenmobile" - google-query: - - intitle:"xenmobile - console" - - intitle:"xenmobile" + shodan-query: "title:\"XenMobile - Console\"" tags: tech,edb,citrix,version,detect flow: http(1) && http(2) diff --git a/http/technologies/cleo-detect.yaml b/http/technologies/cleo-detect.yaml index 7ce1ec352fc..714b15ee280 100644 --- a/http/technologies/cleo-detect.yaml +++ b/http/technologies/cleo-detect.yaml @@ -1,19 +1,19 @@ id: cleo-detect -info: - name: Cleo Technology - Detect - author: rxerium - severity: info - description: | - This template detects Cleo technologies, including VLTrader, Harmony, and LexiCom, by inspecting response headers.It also extracts version information for each identified technology. - reference: - - https://www.cleo.com - metadata: - verified: true - max-request: 1 - shodan-query: 'Server: Cleo' - tags: tech,detect,cleo - +info: + name: Cleo Technology - Detect + author: rxerium + severity: info + description: | + This template detects Cleo technologies, including VLTrader, Harmony, and LexiCom, by inspecting response headers.It also extracts version information for each identified technology. + reference: + - https://www.cleo.com + metadata: + max-request: 1 + verified: true + shodan-query: 'Server: Cleo' + tags: tech,detect,cleo + http: - method: GET path: diff --git a/http/technologies/confluence-detect.yaml b/http/technologies/confluence-detect.yaml index 57021bc5b53..36d65962129 100644 --- a/http/technologies/confluence-detect.yaml +++ b/http/technologies/confluence-detect.yaml @@ -12,7 +12,9 @@ info: max-request: 5 vendor: atlassian product: confluence_server - shodan-query: http.component:"atlassian confluence" + shodan-query: + - http.component:"Atlassian Confluence" + - http.component:"atlassian confluence" category: productivity tags: tech,confluence,atlassian,detect diff --git a/http/technologies/connectwise-control-detect.yaml b/http/technologies/connectwise-control-detect.yaml index c8c98b72be9..dda68092e21 100644 --- a/http/technologies/connectwise-control-detect.yaml +++ b/http/technologies/connectwise-control-detect.yaml @@ -11,10 +11,7 @@ info: max-request: 1 vendor: connectwise product: control - shodan-query: - - http.title="connectwise control remote support software" - - http.html:"contentpanel setupwizard" - fofa-query: body="contentpanel setupwizard" + shodan-query: title="ConnectWise Control Remote Support Software" tags: tech,connectwise http: diff --git a/http/technologies/couchbase-sync-gateway.yaml b/http/technologies/couchbase-sync-gateway.yaml index 7f6b93f9df0..1aedc4f79fc 100644 --- a/http/technologies/couchbase-sync-gateway.yaml +++ b/http/technologies/couchbase-sync-gateway.yaml @@ -10,10 +10,7 @@ info: max-request: 1 vendor: couchbase product: sync_gateway - shodan-query: - - http.html:"couchbase sync gateway" - - cpe:"cpe:2.3:a:couchbase:sync_gateway" - fofa-query: body="couchbase sync gateway" + shodan-query: html:"Couchbase Sync Gateway" tags: tech,couchbase http: diff --git a/http/technologies/craftercms-detect.yaml b/http/technologies/craftercms-detect.yaml index 45c135b1a7c..d1b15c49890 100644 --- a/http/technologies/craftercms-detect.yaml +++ b/http/technologies/craftercms-detect.yaml @@ -16,8 +16,6 @@ info: vendor: craftercms product: crafter_cms shodan-query: http.title:"craftercms" - fofa-query: title="craftercms" - google-query: intitle:"craftercms" tags: tech,craftercms,detect http: diff --git a/http/technologies/cups-detect.yaml b/http/technologies/cups-detect.yaml index a51ac5756db..db2870ea9cc 100644 --- a/http/technologies/cups-detect.yaml +++ b/http/technologies/cups-detect.yaml @@ -1,17 +1,17 @@ id: cups-detect -info: - name: CUPS - Detect - author: rxerium - severity: info - description: | - An instance running CUPS was detected. - metadata: - verified: true - max-request: 1 - shodan-query: product:"CUPS (IPP)" - tags: cups,tech,detect - +info: + name: CUPS - Detect + author: rxerium + severity: info + description: | + An instance running CUPS was detected. + metadata: + verified: true + max-request: 1 + shodan-query: product:"CUPS (IPP)" + tags: cups,tech,detect + http: - method: GET path: diff --git a/http/technologies/cvsweb-detect.yaml b/http/technologies/cvsweb-detect.yaml index 6f581a64675..4e4ac2537e5 100644 --- a/http/technologies/cvsweb-detect.yaml +++ b/http/technologies/cvsweb-detect.yaml @@ -15,13 +15,10 @@ info: max-request: 1 vendor: freebsd product: cvsweb - shodan-query: http.title:"cvsweb" + shodan-query: title:"cvsweb" fofa-query: title="cvsweb" - zoomeye-query: - - title="cvsweb" - - title:cvsweb - google-query: intitle:"cvsweb" - tags: tech,cvsweb,detect,freebsd + zoomeye-query: title="cvsweb" + tags: tech,cvsweb,detect http: - method: GET diff --git a/http/technologies/dash-panel-detect.yaml b/http/technologies/dash-panel-detect.yaml index ebf329d0a19..24ff68f2537 100644 --- a/http/technologies/dash-panel-detect.yaml +++ b/http/technologies/dash-panel-detect.yaml @@ -11,8 +11,7 @@ info: max-request: 1 vendor: dash product: dash_core - shodan-query: http.html:"dashrenderer" - fofa-query: body="dashrenderer" + shodan-query: html:"DashRenderer" tags: tech,dash http: diff --git a/http/technologies/dedecms-detect.yaml b/http/technologies/dedecms-detect.yaml index f11006f4884..ab3762ff8b4 100644 --- a/http/technologies/dedecms-detect.yaml +++ b/http/technologies/dedecms-detect.yaml @@ -11,17 +11,7 @@ info: max-request: 2 vendor: dedecms product: dedecms - shodan-query: - - http.title:"dedecms" || http.html:"power by dedecms" - - cpe:"cpe:2.3:a:dedecms:dedecms" - - http.html:"dedecms" - - http.html:"power by dedecms" || title:"dedecms" - fofa-query: - - app="dedecms" - - body="dedecms" - - body="power by dedecms" || title:"dedecms" - - title="dedecms" || http.html:"power by dedecms" - google-query: intitle:"dedecms" || http.html:"power by dedecms" + shodan-query: title:"dedecms" || http.html:"power by dedecms" tags: dedecms,tech http: diff --git a/http/technologies/default-apache-shiro.yaml b/http/technologies/default-apache-shiro.yaml index d1c0c2727ba..de1bed87570 100644 --- a/http/technologies/default-apache-shiro.yaml +++ b/http/technologies/default-apache-shiro.yaml @@ -11,9 +11,7 @@ info: max-request: 1 vendor: apache product: shiro - shodan-query: http.title:"apache shiro quickstart" - fofa-query: title="apache shiro quickstart" - google-query: intitle:"apache shiro quickstart" + shodan-query: title:"Apache Shiro Quickstart" tags: tech,apache,shiro http: diff --git a/http/technologies/default-cakephp-page.yaml b/http/technologies/default-cakephp-page.yaml index 1a93254894b..63e10126c92 100644 --- a/http/technologies/default-cakephp-page.yaml +++ b/http/technologies/default-cakephp-page.yaml @@ -11,13 +11,7 @@ info: max-request: 1 vendor: cakephp product: cakephp - shodan-query: - - http.html:"welcome to cakephp" - - cpe:"cpe:2.3:a:cakephp:cakephp" - - http.html:"phinx.yml" - fofa-query: - - body="phinx.yml" - - body="welcome to cakephp" + shodan-query: html:"Welcome to CakePHP" tags: tech,cakephp,default-page http: diff --git a/http/technologies/default-codeigniter-page.yaml b/http/technologies/default-codeigniter-page.yaml index f49e6b6d5a2..5981e8d9410 100644 --- a/http/technologies/default-codeigniter-page.yaml +++ b/http/technologies/default-codeigniter-page.yaml @@ -10,20 +10,7 @@ info: max-request: 1 vendor: codeigniter product: codeigniter - shodan-query: - - http.title:"welcome to codeigniter" - - cpe:"cpe:2.3:a:codeigniter:codeigniter" - - http.title:"codeigniter application installer" - - http.title:"error" html:"codeigniter" - fofa-query: - - title="codeigniter application installer" - - title="error" html:"codeigniter" - - title="errorexception" - - title="welcome to codeigniter" - google-query: - - intitle:"codeigniter application installer" - - intitle:"error" html:"codeigniter" - - intitle:"welcome to codeigniter" + shodan-query: http.title:"Welcome to CodeIgniter" tags: tech,codeigniter http: diff --git a/http/technologies/default-django-page.yaml b/http/technologies/default-django-page.yaml index e631a2cdbb2..77e954cf6d3 100644 --- a/http/technologies/default-django-page.yaml +++ b/http/technologies/default-django-page.yaml @@ -10,16 +10,8 @@ info: max-request: 1 vendor: djangoproject product: django - shodan-query: - - http.title:"the install worked successfully! congratulations!" - - cpe:"cpe:2.3:a:djangoproject:django" - - cpe:"cpe:2.3:a:djangoproject:django" || http.title:"django administration" - - http.html:"settings.py" - fofa-query: - - body=settings.py - - title="the install worked successfully! congratulations!" - google-query: intitle:"the install worked successfully! congratulations!" - tags: tech,django,djangoproject + shodan-query: http.title:"The install worked successfully! Congratulations!" + tags: tech,django http: - method: GET diff --git a/http/technologies/default-fastcgi-page.yaml b/http/technologies/default-fastcgi-page.yaml index 077e5b48922..174e2818d02 100644 --- a/http/technologies/default-fastcgi-page.yaml +++ b/http/technologies/default-fastcgi-page.yaml @@ -10,11 +10,7 @@ info: max-request: 1 vendor: fastcgi product: fcgi - shodan-query: http.title:"fastcgi" - google-query: - - intitle:"fastcgi" - - inurl:fcgi-bin/echo - fofa-query: title="fastcgi" + shodan-query: http.title:"FastCGI" tags: tech,fastcgi http: diff --git a/http/technologies/default-fedora-page.yaml b/http/technologies/default-fedora-page.yaml index 4a661b82ecf..2f3f61cb883 100644 --- a/http/technologies/default-fedora-page.yaml +++ b/http/technologies/default-fedora-page.yaml @@ -10,12 +10,8 @@ info: max-request: 1 vendor: fedoraproject product: fedora - shodan-query: - - http.title:"test page for the http server on fedora" - - cpe:"cpe:2.3:o:fedoraproject:fedora" - fofa-query: title="test page for the http server on fedora" - google-query: intitle:"test page for the http server on fedora" - tags: tech,fedora,fedoraproject + shodan-query: http.title:"Test Page for the HTTP Server on Fedora" + tags: tech,fedora http: - method: GET diff --git a/http/technologies/default-glassfish-server-page.yaml b/http/technologies/default-glassfish-server-page.yaml index 0d6d0522c9e..27ac2762c4b 100644 --- a/http/technologies/default-glassfish-server-page.yaml +++ b/http/technologies/default-glassfish-server-page.yaml @@ -10,12 +10,8 @@ info: max-request: 1 vendor: oracle product: glassfish_server - shodan-query: - - http.title:"glassfish server - server running" - - cpe:"cpe:2.3:a:oracle:glassfish_server" - fofa-query: title="glassfish server - server running" - google-query: intitle:"glassfish server - server running" - tags: tech,glassfish,oracle + shodan-query: http.title:"GlassFish Server - Server Running" + tags: tech,glassfish http: - method: GET diff --git a/http/technologies/default-jetty-page.yaml b/http/technologies/default-jetty-page.yaml index 8b519aa07d9..03172a24f9c 100644 --- a/http/technologies/default-jetty-page.yaml +++ b/http/technologies/default-jetty-page.yaml @@ -10,15 +10,8 @@ info: max-request: 1 vendor: eclipse product: jetty - shodan-query: - - http.title:"powered by jetty" - - cpe:"cpe:2.3:a:eclipse:jetty" - - http.html:"contexts known to this" - fofa-query: - - body="contexts known to this" - - title="powered by jetty" - google-query: intitle:"powered by jetty" - tags: tech,jetty,eclipse + shodan-query: http.title:"Powered By Jetty" + tags: tech,jetty http: - method: GET diff --git a/http/technologies/default-lighttpd-page.yaml b/http/technologies/default-lighttpd-page.yaml index 3021226da28..433ad223ca8 100644 --- a/http/technologies/default-lighttpd-page.yaml +++ b/http/technologies/default-lighttpd-page.yaml @@ -10,12 +10,7 @@ info: max-request: 1 vendor: lighttpd product: lighttpd - shodan-query: - - http.title:"powered by lighttpd" - - cpe:"cpe:2.3:a:lighttpd:lighttpd" - - if you find a bug in this lighttpd package, or in lighttpd itself - fofa-query: title="powered by lighttpd" - google-query: intitle:"powered by lighttpd" + shodan-query: http.title:"Powered by lighttpd" tags: tech,lighttpd http: diff --git a/http/technologies/default-lighttpd-placeholder-page.yaml b/http/technologies/default-lighttpd-placeholder-page.yaml index c87ff985579..ee38facd3f2 100644 --- a/http/technologies/default-lighttpd-placeholder-page.yaml +++ b/http/technologies/default-lighttpd-placeholder-page.yaml @@ -10,12 +10,7 @@ info: max-request: 1 vendor: lighttpd product: lighttpd - shodan-query: - - if you find a bug in this lighttpd package, or in lighttpd itself - - cpe:"cpe:2.3:a:lighttpd:lighttpd" - - http.title:"powered by lighttpd" - fofa-query: title="powered by lighttpd" - google-query: intitle:"powered by lighttpd" + shodan-query: "If you find a bug in this Lighttpd package, or in Lighttpd itself" tags: tech,lighttpd http: diff --git a/http/technologies/default-movable-page.yaml b/http/technologies/default-movable-page.yaml index 6dc108be559..e2bb565c32c 100644 --- a/http/technologies/default-movable-page.yaml +++ b/http/technologies/default-movable-page.yaml @@ -8,19 +8,10 @@ info: cpe: cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: sixapart + shodan-query: title:"Welcome to Movable Type" product: movable_type - shodan-query: - - http.title:"welcome to movable type" - - cpe:"cpe:2.3:a:sixapart:movable_type" - - http.title:"サインイン | movable type pro" - fofa-query: - - title="welcome to movable type" - - title="サインイン | movable type pro" - google-query: - - intitle:"welcome to movable type" - - intitle:"サインイン | movable type pro" - tags: tech,movable,sixapart + vendor: sixapart + tags: tech,movable http: - method: GET diff --git a/http/technologies/default-openresty.yaml b/http/technologies/default-openresty.yaml index 95d9a46d76a..d43608cb856 100644 --- a/http/technologies/default-openresty.yaml +++ b/http/technologies/default-openresty.yaml @@ -10,9 +10,7 @@ info: max-request: 1 vendor: openresty product: openresty - shodan-query: http.title:"welcome to openresty!" - fofa-query: title="welcome to openresty!" - google-query: intitle:"welcome to openresty!" + shodan-query: http.title:"Welcome to OpenResty!" tags: tech,openresty http: diff --git a/http/technologies/default-parallels-plesk.yaml b/http/technologies/default-parallels-plesk.yaml index 00333c2ae8c..1655af25016 100644 --- a/http/technologies/default-parallels-plesk.yaml +++ b/http/technologies/default-parallels-plesk.yaml @@ -11,11 +11,7 @@ info: max-request: 1 vendor: parallels product: parallels_plesk_panel - shodan-query: - - http.title:"default parallels plesk panel page" - - cpe:"cpe:2.3:a:parallels:parallels_plesk_panel" - fofa-query: title="default parallels plesk panel page" - google-query: intitle:"default parallels plesk panel page" + shodan-query: title:"Default Parallels Plesk Panel Page" tags: tech,default-page,parallels,plesk http: diff --git a/http/technologies/default-payara-server-page.yaml b/http/technologies/default-payara-server-page.yaml index 21eee25025c..69f6f3bad57 100644 --- a/http/technologies/default-payara-server-page.yaml +++ b/http/technologies/default-payara-server-page.yaml @@ -10,15 +10,7 @@ info: max-request: 1 vendor: payara product: payara - shodan-query: - - http.title:"payara server - server running" - - 'http.title:"payara micro #badassfish - error report"' - fofa-query: - - 'title="payara micro #badassfish - error report"' - - title="payara server - server running" - google-query: - - 'intitle:"payara micro #badassfish - error report"' - - intitle:"payara server - server running" + shodan-query: http.title:"Payara Server - Server Running" tags: tech,payara http: diff --git a/http/technologies/default-plesk-page.yaml b/http/technologies/default-plesk-page.yaml index 86e42ceab1a..d085034f3f4 100644 --- a/http/technologies/default-plesk-page.yaml +++ b/http/technologies/default-plesk-page.yaml @@ -10,9 +10,7 @@ info: max-request: 1 vendor: plesk product: plesk - shodan-query: http.title:"web server's default page" - fofa-query: title="web server's default page" - google-query: intitle:"web server's default page" + shodan-query: http.title:"Web Server's Default Page" tags: tech,plesk http: diff --git a/http/technologies/default-redhat-test-page.yaml b/http/technologies/default-redhat-test-page.yaml index a1d7ed45c83..18d53012716 100644 --- a/http/technologies/default-redhat-test-page.yaml +++ b/http/technologies/default-redhat-test-page.yaml @@ -10,9 +10,7 @@ info: max-request: 1 vendor: redhat product: enterprise_linux_server - shodan-query: http.title:"test page for the apache http server on red hat enterprise linux" - fofa-query: title="test page for the apache http server on red hat enterprise linux" - google-query: intitle:"test page for the apache http server on red hat enterprise linux" + shodan-query: http.title:"Test Page for the Apache HTTP Server on Red Hat Enterprise Linux" tags: tech,redhat http: diff --git a/http/technologies/default-sitecore-page.yaml b/http/technologies/default-sitecore-page.yaml index 8172f241676..f0b1fbd2772 100644 --- a/http/technologies/default-sitecore-page.yaml +++ b/http/technologies/default-sitecore-page.yaml @@ -15,15 +15,7 @@ info: max-request: 1 vendor: sitecore product: experience_platform - shodan-query: - - http.title:"welcome to sitecore" - - http.title:"sitecore" - fofa-query: - - title="sitecore" - - title="welcome to sitecore" - google-query: - - intitle:"sitecore" - - intitle:"welcome to sitecore" + shodan-query: http.title:"Welcome to Sitecore" tags: tech,sitecore,cms http: diff --git a/http/technologies/default-ssltls-test-page.yaml b/http/technologies/default-ssltls-test-page.yaml index 04374c1df63..7631abda486 100644 --- a/http/technologies/default-ssltls-test-page.yaml +++ b/http/technologies/default-ssltls-test-page.yaml @@ -10,24 +10,8 @@ info: max-request: 1 vendor: apache product: http_server - shodan-query: - - http.title:"test page for the ssl/tls-aware apache installation on web site" - - apache 2.4.49 - - cpe:"cpe:2.3:a:apache:http_server" - - http.title:"apache http server test page powered by centos" - - http.title:"apache+default","apache+http+server+test","apache2+it+works" - - http.title:"apache2 debian default page:" - fofa-query: - - title="apache http server test page powered by centos" - - title="apache+default","apache+http+server+test","apache2+it+works" - - title="apache2 debian default page:" - - title="test page for the ssl/tls-aware apache installation on web site" - google-query: - - intitle:"apache http server test page powered by centos" - - intitle:"apache+default","apache+http+server+test","apache2+it+works" - - intitle:"apache2 debian default page:" - - intitle:"test page for the ssl/tls-aware apache installation on web site" - tags: tech,ssltls,apache + shodan-query: http.title:"Test Page for the SSL/TLS-aware Apache Installation on Web Site" + tags: tech,ssltls http: - method: GET diff --git a/http/technologies/default-symfony-page.yaml b/http/technologies/default-symfony-page.yaml index 6b46561541e..47019f0c986 100644 --- a/http/technologies/default-symfony-page.yaml +++ b/http/technologies/default-symfony-page.yaml @@ -11,22 +11,8 @@ info: max-request: 1 vendor: sensiolabs product: symfony - shodan-query: - - http.title:"welcome to symfony" - - cpe:"cpe:2.3:a:sensiolabs:symfony" - - http.html:"symfony profiler" - - http.title:"index of" "properties.ini" - - http.title:"index of" "security.yml" - google-query: - - intitle:"index of" "properties.ini" - - intitle:"index of" "security.yml" - - intitle:"welcome to symfony" - fofa-query: - - body="symfony profiler" - - title="index of" "properties.ini" - - title="index of" "security.yml" - - title="welcome to symfony" - tags: tech,symfony,default-page,sensiolabs + shodan-query: http.title:"Welcome to Symfony" + tags: tech,symfony,default-page http: - method: GET diff --git a/http/technologies/default-tengine-page.yaml b/http/technologies/default-tengine-page.yaml index 7aeab732f01..f4496c02517 100644 --- a/http/technologies/default-tengine-page.yaml +++ b/http/technologies/default-tengine-page.yaml @@ -11,10 +11,8 @@ info: max-request: 1 vendor: alibaba product: tengine - shodan-query: http.title:"welcome to tengine" - fofa-query: title="welcome to tengine" - google-query: intitle:"welcome to tengine" - tags: tech,tengine,default-page,alibaba + shodan-query: http.title:"Welcome to tengine" + tags: tech,tengine,default-page http: - method: GET diff --git a/http/technologies/default-websphere-liberty.yaml b/http/technologies/default-websphere-liberty.yaml index 0311cc16cfc..3ef5af1bc8d 100644 --- a/http/technologies/default-websphere-liberty.yaml +++ b/http/technologies/default-websphere-liberty.yaml @@ -11,10 +11,8 @@ info: max-request: 1 vendor: ibm product: websphere_liberty - shodan-query: http.title:"websphere liberty" - fofa-query: title="websphere liberty" - google-query: intitle:"websphere liberty" - tags: tech,websphere,liberty,ibm + shodan-query: http.title:"WebSphere Liberty" + tags: tech,websphere,liberty http: - method: GET diff --git a/http/technologies/dell/dell-idrac8-detect.yaml b/http/technologies/dell/dell-idrac8-detect.yaml index cc13895b459..5255de20696 100644 --- a/http/technologies/dell/dell-idrac8-detect.yaml +++ b/http/technologies/dell/dell-idrac8-detect.yaml @@ -7,8 +7,8 @@ info: description: | The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers. metadata: + max-request: 1 verified: true - max-request: 2 tags: tech,dell,idrac http: diff --git a/http/technologies/devexpress-detect.yaml b/http/technologies/devexpress-detect.yaml index cba010a2024..2a632969189 100644 --- a/http/technologies/devexpress-detect.yaml +++ b/http/technologies/devexpress-detect.yaml @@ -15,8 +15,7 @@ info: max-request: 1 vendor: devexpress product: devexpress_components - shodan-query: http.html:"dxr.axd" - fofa-query: body="dxr.axd" + shodan-query: html:"DXR.axd" tags: devexpress,iis,microsoft,asp,tech http: diff --git a/http/technologies/directus-detect.yaml b/http/technologies/directus-detect.yaml index 0d256ff3a8f..cf54e8aa5fd 100644 --- a/http/technologies/directus-detect.yaml +++ b/http/technologies/directus-detect.yaml @@ -15,8 +15,8 @@ info: max-request: 1 vendor: monospace product: directus - google-query: "x-powered-by: directus" - tags: tech,directus,detect,monospace + google-query: 'X-Powered-By: Directus' + tags: tech,directus,detect http: - method: GET diff --git a/http/technologies/domibus-detect.yaml b/http/technologies/domibus-detect.yaml index 4d70cfe0618..c3d457e2ffc 100644 --- a/http/technologies/domibus-detect.yaml +++ b/http/technologies/domibus-detect.yaml @@ -1,18 +1,19 @@ id: domibus-detect -info: - name: Domibus - Detect - author: righettod - severity: info - description: | - Domibus was detected. - reference: - - https://ec.europa.eu/digital-building-blocks/sites/display/DIGITAL/Domibus - metadata: - verified: true - max-request: 2 - shodan-query: http.title:"Domibus" - tags: tech,domibus,detect +info: + name: Domibus - Detect + author: righettod + severity: info + description: | + Domibus was detected. + reference: + - https://ec.europa.eu/digital-building-blocks/sites/display/DIGITAL/Domibus + metadata: + verified: true + max-request: 1 + shodan-query: http.title:"Domibus" + tags: tech,domibus,detect + http: - method: GET path: diff --git a/http/technologies/dufs-detect.yaml b/http/technologies/dufs-detect.yaml index 29e09a64b31..c0dc8265ca8 100644 --- a/http/technologies/dufs-detect.yaml +++ b/http/technologies/dufs-detect.yaml @@ -1,19 +1,19 @@ id: dufs-detect -info: - name: DUFS - Detect - author: righettod - severity: info - description: | - DUFS software was detected. - reference: - - https://github.com/sigoden/dufs - metadata: - verified: true - max-request: 1 - shodan-query: http.html:"Dufs" - tags: tech,dufs,detect - +info: + name: DUFS - Detect + author: righettod + severity: info + description: | + DUFS software was detected. + reference: + - https://github.com/sigoden/dufs + metadata: + verified: true + max-request: 1 + shodan-query: http.html:"Dufs" + tags: tech,dufs,detect + http: - method: GET path: diff --git a/http/technologies/elasticsearch-sql-client-detect.yaml b/http/technologies/elasticsearch-sql-client-detect.yaml index d45fbd0b1fa..7422e042693 100644 --- a/http/technologies/elasticsearch-sql-client-detect.yaml +++ b/http/technologies/elasticsearch-sql-client-detect.yaml @@ -12,8 +12,7 @@ info: vendor: elastic product: elasticsearch shodan-query: http.title:"Elasticsearch-sql client" - fofa-query: index_not_found_exception - tags: elasticsearch,tech,sql,elastic + tags: elasticsearch,tech,sql http: - method: GET diff --git a/http/technologies/element-web-detect.yaml b/http/technologies/element-web-detect.yaml index ce783d4795b..2c2f8f4c76a 100644 --- a/http/technologies/element-web-detect.yaml +++ b/http/technologies/element-web-detect.yaml @@ -12,7 +12,7 @@ info: max-request: 2 vendor: matrix product: element - shodan-query: http.html:"manifest.json" + shodan-query: html:"manifest.json" tags: tech,matrix,element,detect http: diff --git a/http/technologies/empirecms-detect.yaml b/http/technologies/empirecms-detect.yaml index 34ee7196833..cd0063c18a7 100644 --- a/http/technologies/empirecms-detect.yaml +++ b/http/technologies/empirecms-detect.yaml @@ -10,9 +10,8 @@ info: max-request: 1 vendor: phome product: empirecms - shodan-query: http.html:"empirecms" - fofa-query: body=empirecms - tags: tech,empirecms,phome + shodan-query: http.html:EmpireCMS + tags: tech,empirecms http: - method: GET diff --git a/http/technologies/erxes-detect.yaml b/http/technologies/erxes-detect.yaml index 979935ade3a..e17b43f5789 100644 --- a/http/technologies/erxes-detect.yaml +++ b/http/technologies/erxes-detect.yaml @@ -6,9 +6,9 @@ info: severity: info metadata: max-request: 1 - vendor: erxes - product: erxes shodan-query: http.title:"erxes" + product: erxes + vendor: erxes fofa-query: title="erxes" google-query: intitle:"erxes" tags: tech,erxes diff --git a/http/technologies/flutter-web-detect.yaml b/http/technologies/flutter-web-detect.yaml index be0b3fe0f20..aea8497d1e7 100644 --- a/http/technologies/flutter-web-detect.yaml +++ b/http/technologies/flutter-web-detect.yaml @@ -7,8 +7,8 @@ info: description: | Detect flutter web apps looking for flutter_bootstrap.js,main.dart.js and flutter_service_worker.js files. metadata: + max-request: 1 verified: true - max-request: 3 shodan-query: http.html:"flutter_bootstrap.js" fofa-query: body="flutter_bootstrap.js" tags: tech,detect,flutter diff --git a/http/technologies/frappe-framework-detect.yaml b/http/technologies/frappe-framework-detect.yaml index ff25afd4f78..fb66e09780e 100644 --- a/http/technologies/frappe-framework-detect.yaml +++ b/http/technologies/frappe-framework-detect.yaml @@ -11,8 +11,8 @@ info: - https://docs.frappe.io/framework/user/en/introduction - https://github.com/frappe/frappe metadata: + max-request: 1 verified: true - max-request: 2 shodan-query: http.html:"window.frappe" tags: panel,frappe,detect diff --git a/http/technologies/gitbook-detect.yaml b/http/technologies/gitbook-detect.yaml index 250c7b483e9..5e5a47d4626 100644 --- a/http/technologies/gitbook-detect.yaml +++ b/http/technologies/gitbook-detect.yaml @@ -14,10 +14,7 @@ info: vendor: gitbook product: gitbook shodan-query: http.title:"gitbook" - fofa-query: - - app="introduction-gitbook" - - title="gitbook" - google-query: intitle:"gitbook" + fofa-query: app="Introduction-GitBook" tags: tech,gitbook http: diff --git a/http/technologies/glpi-status-page.yaml b/http/technologies/glpi-status-page.yaml index 4bd6bd7e4e7..1bbd857c7ca 100644 --- a/http/technologies/glpi-status-page.yaml +++ b/http/technologies/glpi-status-page.yaml @@ -15,17 +15,8 @@ info: max-request: 1 vendor: glpi-project product: glpi - shodan-query: - - http.html:"glpi" - - http.favicon.hash:"-1474875778" - - http.html:"setup glpi" - - http.title:"glpi" - fofa-query: - - body="setup glpi" - - icon_hash="-1474875778" - - title="glpi" - google-query: intitle:"glpi" - tags: tech,status,glpi,glpi-project + shodan-query: http.html:"glpi" + tags: tech,status,glpi http: - method: GET diff --git a/http/technologies/goliath-detect.yaml b/http/technologies/goliath-detect.yaml index 89236a5aa51..a6fab5da262 100644 --- a/http/technologies/goliath-detect.yaml +++ b/http/technologies/goliath-detect.yaml @@ -15,8 +15,8 @@ info: max-request: 1 vendor: goliath_project product: goliath - shodan-query: server:"goliath" - tags: tech,goliath,goliath_project + shodan-query: 'Server: Goliath' + tags: tech,goliath http: - method: GET diff --git a/http/technologies/google/chromecast-detect.yaml b/http/technologies/google/chromecast-detect.yaml index c8721752260..047af91f221 100644 --- a/http/technologies/google/chromecast-detect.yaml +++ b/http/technologies/google/chromecast-detect.yaml @@ -16,7 +16,7 @@ info: max-request: 1 vendor: google product: chromecast - shodan-query: chromecast + shodan-query: Chromecast tags: google,chromecast,detect http: diff --git a/http/technologies/graylog/graylog-api-exposure.yaml b/http/technologies/graylog/graylog-api-exposure.yaml index e09fc592a70..e1bd8939589 100644 --- a/http/technologies/graylog/graylog-api-exposure.yaml +++ b/http/technologies/graylog/graylog-api-exposure.yaml @@ -16,11 +16,7 @@ info: max-request: 50 vendor: graylog product: graylog - shodan-query: - - graylog - - http.title:"graylog web interface" - fofa-query: title="graylog web interface" - google-query: intitle:"graylog web interface" + shodan-query: Graylog tags: tech,graylog,api,swagger,fuzz http: diff --git a/http/technologies/harbor-detect.yaml b/http/technologies/harbor-detect.yaml index 4b112bd0b2b..500ea08db6f 100644 --- a/http/technologies/harbor-detect.yaml +++ b/http/technologies/harbor-detect.yaml @@ -10,11 +10,11 @@ info: metadata: verified: true max-request: 1 - vendor: linuxfoundation + shodan-query: http.favicon.hash:657337228 product: harbor - shodan-query: http.favicon.hash:"657337228" + vendor: linuxfoundation fofa-query: icon_hash=657337228 - tags: tech,harbor,linuxfoundation + tags: tech,harbor http: - method: GET diff --git a/http/technologies/hikvision-detect.yaml b/http/technologies/hikvision-detect.yaml index 97d69bb2e78..9ae0cd036d2 100644 --- a/http/technologies/hikvision-detect.yaml +++ b/http/technologies/hikvision-detect.yaml @@ -7,9 +7,9 @@ info: metadata: verified: true max-request: 2 - vendor: hikvision + shodan-query: http.favicon.hash:999357577 product: ds-2cd2026g2-iu\/sl_firmware - shodan-query: http.favicon.hash:"999357577" + vendor: hikvision fofa-query: icon_hash=999357577 tags: tech,hikvision diff --git a/http/technologies/hubble-detect.yaml b/http/technologies/hubble-detect.yaml index ab7bcbdb3ef..67992551e72 100644 --- a/http/technologies/hubble-detect.yaml +++ b/http/technologies/hubble-detect.yaml @@ -1,20 +1,20 @@ id: hubble-detect -info: - name: Hubble - Detect - author: righettod - severity: info - description: | - Hubble products was detected. - reference: - - https://github.com/cilium/hubble - - https://docs.cilium.io/en/stable/observability/hubble/ - metadata: - verified: true - max-request: 1 - shodan-query: http.title:"Hubble UI" - tags: tech,hubble,detect - +info: + name: Hubble - Detect + author: righettod + severity: info + description: | + Hubble products was detected. + reference: + - https://github.com/cilium/hubble + - https://docs.cilium.io/en/stable/observability/hubble/ + metadata: + verified: true + max-request: 1 + shodan-query: http.title:"Hubble UI" + tags: tech,hubble,detect + http: - method: GET path: diff --git a/http/technologies/hugegraph-detect.yaml b/http/technologies/hugegraph-detect.yaml index c9af8572fcb..38c51685083 100644 --- a/http/technologies/hugegraph-detect.yaml +++ b/http/technologies/hugegraph-detect.yaml @@ -1,19 +1,19 @@ id: hugegraph-detect -info: - name: HugeGraph - Detect - author: rxerium - severity: info - description: | - A huge graph technology was detected. - reference: - - https://hugegraph.apache.org/ - metadata: - verified: true - max-request: 1 - shodan-query: html:"https://hugegraph.github.io" - tags: hugegraph,tech,detect - +info: + name: HugeGraph - Detect + author: rxerium + severity: info + description: | + A huge graph technology was detected. + reference: + - https://hugegraph.apache.org/ + metadata: + max-request: 1 + verified: true + shodan-query: html:"https://hugegraph.github.io" + tags: hugegraph,tech,detect + http: - method: GET path: diff --git a/http/technologies/hugo-detect.yaml b/http/technologies/hugo-detect.yaml index b5ea05700b2..d62a2791938 100644 --- a/http/technologies/hugo-detect.yaml +++ b/http/technologies/hugo-detect.yaml @@ -13,7 +13,7 @@ info: vendor: gohugo product: hugo shodan-query: http.html:'Hugo' - tags: tech,hugo,gohugo + tags: tech,hugo http: - method: GET diff --git a/http/technologies/ibm/ibm-http-server.yaml b/http/technologies/ibm/ibm-http-server.yaml index 59bf2f823a4..32c3ae5ca04 100644 --- a/http/technologies/ibm/ibm-http-server.yaml +++ b/http/technologies/ibm/ibm-http-server.yaml @@ -10,24 +10,7 @@ info: max-request: 1 vendor: ibm product: http_server - shodan-query: - - http.title:"ibm-http-server" - - apache 2.4.49 - - cpe:"cpe:2.3:a:apache:http_server" - - http.title:"apache http server test page powered by centos" - - http.title:"apache+default","apache+http+server+test","apache2+it+works" - - http.title:"apache2 debian default page:" - - http.title:"test page for the ssl/tls-aware apache installation on web site" - fofa-query: - - title="apache http server test page powered by centos" - - title="apache+default","apache+http+server+test","apache2+it+works" - - title="apache2 debian default page:" - - title="test page for the ssl/tls-aware apache installation on web site" - google-query: - - intitle:"apache http server test page powered by centos" - - intitle:"apache+default","apache+http+server+test","apache2+it+works" - - intitle:"apache2 debian default page:" - - intitle:"test page for the ssl/tls-aware apache installation on web site" + shodan-query: http.title:"IBM-HTTP-Server" tags: tech,ibm http: diff --git a/http/technologies/ibm/ibm-odm-detect.yaml b/http/technologies/ibm/ibm-odm-detect.yaml index 1c63c33c959..03cacdbc757 100644 --- a/http/technologies/ibm/ibm-odm-detect.yaml +++ b/http/technologies/ibm/ibm-odm-detect.yaml @@ -15,16 +15,7 @@ info: max-request: 1 vendor: ibm product: operational_decision_manager - fofa-query: - - "icon_hash=\"707491698\"" - - body="ibm odm" - - title="decision center | business console" - - title="ibm odm" - shodan-query: - - http.favicon.hash:"707491698" - - http.html:"ibm odm" - - http.title:"decision center | business console" - google-query: intitle:"decision center | business console" + fofa-query: "icon_hash=\"707491698\"" tags: ibm,decision-center,tech,detect http: diff --git a/http/technologies/ibm/ibm-spectrum-detect.yaml b/http/technologies/ibm/ibm-spectrum-detect.yaml index 663fae98e68..88c21c459d7 100644 --- a/http/technologies/ibm/ibm-spectrum-detect.yaml +++ b/http/technologies/ibm/ibm-spectrum-detect.yaml @@ -1,19 +1,19 @@ id: ibm-spectrum-detect -info: - name: IBM Spectrum - Detect - author: righettod - severity: info - description: | - IBM Spectrum products was detected. - reference: - - https://www.ibm.com/docs/en/products?filter=spectrum - metadata: - verified: true - max-request: 3 - shodan-query: http.title:"IBM Spectrum" - tags: tech,ibm,spectrum - +info: + name: IBM Spectrum - Detect + author: righettod + severity: info + description: | + IBM Spectrum products was detected. + reference: + - https://www.ibm.com/docs/en/products?filter=spectrum + metadata: + max-request: 1 + verified: true + shodan-query: http.title:"IBM Spectrum" + tags: tech,ibm,spectrum + http: - method: GET path: diff --git a/http/technologies/icecast-mediaserver-detect.yaml b/http/technologies/icecast-mediaserver-detect.yaml index ede2ec0bfa0..3f732e21fee 100644 --- a/http/technologies/icecast-mediaserver-detect.yaml +++ b/http/technologies/icecast-mediaserver-detect.yaml @@ -13,12 +13,10 @@ info: metadata: verified: true max-request: 1 - vendor: xiph + shodan-query: title:"Icecast Streaming Media Server" product: icecast - shodan-query: http.title:"icecast streaming media server" - fofa-query: title="icecast streaming media server" - google-query: intitle:"icecast streaming media server" - tags: tech,icecast,media-server,detect,xiph + vendor: xiph + tags: tech,icecast,media-server,detect http: - method: GET diff --git a/http/technologies/icecast-server-detect.yaml b/http/technologies/icecast-server-detect.yaml index d4eab507600..42c4b43cace 100644 --- a/http/technologies/icecast-server-detect.yaml +++ b/http/technologies/icecast-server-detect.yaml @@ -11,10 +11,8 @@ info: max-request: 1 vendor: xiph product: icecast - shodan-query: http.title:"icecast streaming media server" - fofa-query: title="icecast streaming media server" - google-query: intitle:"icecast streaming media server" - tags: tech,icecast,xiph + shodan-query: http.title:"Icecast Streaming Media Server" + tags: tech,icecast http: - method: GET diff --git a/http/technologies/identity-server-v3-detect.yaml b/http/technologies/identity-server-v3-detect.yaml index ddb03534358..882c7e6317e 100644 --- a/http/technologies/identity-server-v3-detect.yaml +++ b/http/technologies/identity-server-v3-detect.yaml @@ -15,10 +15,8 @@ info: max-request: 1 vendor: wso2 product: identity_server - shodan-query: http.title:"identityserver v3" - fofa-query: title="identityserver v3" - google-query: intitle:"identityserver v3" - tags: tech,identityserver,detect,wso2 + shodan-query: http.title:"IdentityServer v3" + tags: tech,identityserver,detect http: - method: GET diff --git a/http/technologies/imgproxy-detect.yaml b/http/technologies/imgproxy-detect.yaml index d075e942f85..a926e863228 100644 --- a/http/technologies/imgproxy-detect.yaml +++ b/http/technologies/imgproxy-detect.yaml @@ -15,11 +15,8 @@ info: max-request: 1 vendor: evilmartians product: imgproxy - shodan-query: - - http.html:"imgproxy" - - server:"imgproxy" - fofa-query: body="imgproxy" - tags: imgproxy,tech,detect,evilmartians + shodan-query: html:"imgproxy" + tags: imgproxy,tech,detect http: - method: GET diff --git a/http/technologies/influxdb-version-detect.yaml b/http/technologies/influxdb-version-detect.yaml index f258c92879d..8e0f9f1e52e 100644 --- a/http/technologies/influxdb-version-detect.yaml +++ b/http/technologies/influxdb-version-detect.yaml @@ -16,15 +16,10 @@ info: metadata: verified: true max-request: 1 - vendor: influxdata + shodan-query: "X-Influxdb-" product: influxdb - shodan-query: - - x-influxdb- - - http.title:"influxdb - admin interface" - - influxdb - fofa-query: title="influxdb - admin interface" - google-query: intitle:"influxdb - admin interface" - tags: tech,influxdb,api,influxdata + vendor: influxdata + tags: tech,influxdb,api http: - method: GET diff --git a/http/technologies/interactsh-server.yaml b/http/technologies/interactsh-server.yaml index 1691435ea9b..29c63a5cee3 100644 --- a/http/technologies/interactsh-server.yaml +++ b/http/technologies/interactsh-server.yaml @@ -11,9 +11,8 @@ info: max-request: 1 vendor: projectdiscovery product: interactsh - shodan-query: http.html:"interactsh server" - fofa-query: body="interactsh server" - tags: tech,interactsh,projectdiscovery + shodan-query: http.html:"Interactsh Server" + tags: tech,interactsh http: - method: GET diff --git a/http/technologies/ispyconnect-detect.yaml b/http/technologies/ispyconnect-detect.yaml index b9cc5264492..db13047f52b 100644 --- a/http/technologies/ispyconnect-detect.yaml +++ b/http/technologies/ispyconnect-detect.yaml @@ -11,11 +11,8 @@ info: max-request: 1 vendor: ispyconnect product: ispy - shodan-query: - - http.html:"ispy" - - http.html:"ispy is running" - fofa-query: body="ispy is running" - tags: tech,ispy,ispyconnect + shodan-query: http.html:"iSpy" + tags: tech,ispy http: - method: GET diff --git a/http/technologies/ivanti-epm-detect.yaml b/http/technologies/ivanti-epm-detect.yaml index 35abe7dee64..4d279d4ccf6 100644 --- a/http/technologies/ivanti-epm-detect.yaml +++ b/http/technologies/ivanti-epm-detect.yaml @@ -1,19 +1,19 @@ id: ivanti-epm-detect -info: - name: Ivanti Endpoint Manager (EPM) - Detect - author: rxerium - severity: info - description: | - An Ivanti Endpoint Manager was detected. - reference: - - https://www.ivanti.com/en-gb/products/endpoint-manager - metadata: - verified: true - max-request: 2 - shodan-query: http.favicon.hash:362091310 - tags: detect,ivanti,emm,tech,mobileiron,epm - +info: + name: Ivanti Endpoint Manager (EPM) - Detect + author: rxerium + severity: info + description: | + An Ivanti Endpoint Manager was detected. + reference: + - https://www.ivanti.com/en-gb/products/endpoint-manager + metadata: + verified: true + max-request: 2 + shodan-query: http.favicon.hash:362091310 + tags: detect,ivanti,emm,tech,mobileiron,epm + http: - method: GET path: diff --git a/http/technologies/ivanti/ivanti-endpoint-manager.yaml b/http/technologies/ivanti/ivanti-endpoint-manager.yaml index 3f80d1abd4b..b94777ff3ec 100644 --- a/http/technologies/ivanti/ivanti-endpoint-manager.yaml +++ b/http/technologies/ivanti/ivanti-endpoint-manager.yaml @@ -8,11 +8,11 @@ info: Detects the presence of Ivanti Endpoint Manager (formerly LANDesk Management Suite) servers. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N - cvss-score: 0 + cvss-score: 0.0 cwe-id: CWE-200 metadata: - verified: true max-request: 4 + verified: true shodan-query: html:"LANDesk" fofa-query: body="LANDesk" tags: tech,ivanti,epm,detect,landdesk diff --git a/http/technologies/jeecg-boot-detect.yaml b/http/technologies/jeecg-boot-detect.yaml index ae6b5a3a3e1..a5f16f7280a 100644 --- a/http/technologies/jeecg-boot-detect.yaml +++ b/http/technologies/jeecg-boot-detect.yaml @@ -12,14 +12,8 @@ info: max-request: 2 vendor: jeecg product: jeecg_boot - fofa-query: - - title="jeecg-boot" - - icon_hash="-250963920" - - icon_hash="1380908726" - shodan-query: - - http.favicon.hash:"-250963920" - - http.favicon.hash:"1380908726" - tags: jeecg-boot,tech,jeecg + fofa-query: title="Jeecg-Boot" + tags: jeecg-boot,tech http: - method: GET diff --git a/http/technologies/jellyfin-detect.yaml b/http/technologies/jellyfin-detect.yaml index bbc39a7c2a0..aec9910163a 100644 --- a/http/technologies/jellyfin-detect.yaml +++ b/http/technologies/jellyfin-detect.yaml @@ -11,14 +11,7 @@ info: max-request: 5 vendor: jellyfin product: jellyfin - shodan-query: - - http.html:"jellyfin" - - http.title:"jellyfin" - fofa-query: - - body="jellyfin" - - title="jellyfin" - - title="jellyfin" || body="http://jellyfin.media" - google-query: intitle:"jellyfin" + shodan-query: http.html:"Jellyfin" tags: tech,jellyfin http: diff --git a/http/technologies/jenkins-detect.yaml b/http/technologies/jenkins-detect.yaml index bb713d63400..fe4f886cff2 100644 --- a/http/technologies/jenkins-detect.yaml +++ b/http/technologies/jenkins-detect.yaml @@ -15,14 +15,11 @@ info: vendor: jenkins product: jenkins shodan-query: - - http.favicon.hash:"81586312" + - http.favicon.hash:81586312 - cpe:"cpe:2.3:a:jenkins:jenkins" - product:"jenkins" - - x-jenkins - fofa-query: - - icon_hash=81586312 - - icon_hash="81586312" category: devops + fofa-query: icon_hash=81586312 tags: tech,jenkins,detect http: diff --git a/http/technologies/jhipster-detect.yaml b/http/technologies/jhipster-detect.yaml index 01c2fb7919f..7fbddeb9c6a 100644 --- a/http/technologies/jhipster-detect.yaml +++ b/http/technologies/jhipster-detect.yaml @@ -11,8 +11,7 @@ info: max-request: 2 vendor: jhipster product: jhipster - shodan-query: http.html:"jhipster" - fofa-query: body="jhipster" + shodan-query: http.html:"JHipster" tags: tech,jhipster http: diff --git a/http/technologies/jira-detect.yaml b/http/technologies/jira-detect.yaml index 0809f743d62..c27dfdd1c12 100644 --- a/http/technologies/jira-detect.yaml +++ b/http/technologies/jira-detect.yaml @@ -14,14 +14,11 @@ info: max-request: 3 vendor: atlassian product: jira + category: productivity shodan-query: - http.component:"atlassian jira" - http.component:"atlassian confluence" - cpe:"cpe:2.3:a:atlassian:jira" - - http.title:"jira - jira setup" - category: productivity - fofa-query: title="jira - jira setup" - google-query: intitle:"jira - jira setup" tags: tech,panel,jira,atlassian http: diff --git a/http/technologies/jitsi-meet-detect.yaml b/http/technologies/jitsi-meet-detect.yaml index f5d979d5066..f4e2f8d3700 100644 --- a/http/technologies/jitsi-meet-detect.yaml +++ b/http/technologies/jitsi-meet-detect.yaml @@ -10,9 +10,7 @@ info: max-request: 1 vendor: jitsi product: meet - shodan-query: http.title:"jitsi meet" - fofa-query: title="jitsi meet" - google-query: intitle:"jitsi meet" + shodan-query: http.title:"Jitsi Meet" tags: tech,jitsi http: diff --git a/http/technologies/jolokia-detect.yaml b/http/technologies/jolokia-detect.yaml index e9d61ba6986..500c41f17fe 100644 --- a/http/technologies/jolokia-detect.yaml +++ b/http/technologies/jolokia-detect.yaml @@ -5,7 +5,7 @@ info: author: mavericknerd,dwisiswant0 severity: info metadata: - max-request: 2 + max-request: 1 tags: tech,jolokia http: diff --git a/http/technologies/joomla-detect.yaml b/http/technologies/joomla-detect.yaml index fc1986665bc..4995d6a5291 100644 --- a/http/technologies/joomla-detect.yaml +++ b/http/technologies/joomla-detect.yaml @@ -18,11 +18,7 @@ info: max-request: 5 vendor: joomla product: joomla\\! - google-query: - - joomla! administration login inurl:"/index.php" || intitle:"joomla web installer" - - intitle:"joomla web installer" - shodan-query: http.title:"joomla web installer" - fofa-query: title="joomla web installer" + google-query: Joomla! Administration Login inurl:"/index.php" || intitle:"Joomla Web Installer" tags: tech,joomla,cms,oss http: diff --git a/http/technologies/jway-products-detect.yaml b/http/technologies/jway-products-detect.yaml index d5039469944..7a743c77849 100644 --- a/http/technologies/jway-products-detect.yaml +++ b/http/technologies/jway-products-detect.yaml @@ -9,8 +9,8 @@ info: reference: - https://www.jway.eu/produits-services metadata: - verified: true max-request: 1 + verified: true tags: panel,jway,detect http: diff --git a/http/technologies/kodexplorer-detect.yaml b/http/technologies/kodexplorer-detect.yaml index 4ace9695582..de2593ba359 100644 --- a/http/technologies/kodexplorer-detect.yaml +++ b/http/technologies/kodexplorer-detect.yaml @@ -10,8 +10,8 @@ info: max-request: 1 vendor: kodcloud product: kodexplorer - fofa-query: app="powered-by-kodexplorer" - tags: kodexplorer,tech,kodcloud + fofa-query: app="Powered-by-KodExplorer" + tags: kodexplorer,tech http: - method: GET diff --git a/http/technologies/kubernetes/kubelet/kubelet-metrics.yaml b/http/technologies/kubernetes/kubelet/kubelet-metrics.yaml index 1805e79f5d8..8408c358915 100644 --- a/http/technologies/kubernetes/kubelet/kubelet-metrics.yaml +++ b/http/technologies/kubernetes/kubelet/kubelet-metrics.yaml @@ -10,7 +10,7 @@ info: - https://github.com/kubernetes-sigs/metrics-server metadata: verified: true - max-request: 2 + max-request: 1 shodan-query: http.title:"Kube Metrics Server" tags: tech,k8s,kubernetes,devops,kubelet diff --git a/http/technologies/landesk/landesk-ma.yaml b/http/technologies/landesk/landesk-ma.yaml index 2f819f8e1b2..eed75266e85 100644 --- a/http/technologies/landesk/landesk-ma.yaml +++ b/http/technologies/landesk/landesk-ma.yaml @@ -11,8 +11,7 @@ info: max-request: 1 vendor: landesk product: landesk_management_suite - shodan-query: http.html:"landesk(r)" - fofa-query: body="landesk(r)" + shodan-query: http.html:"LANDESK(R)" tags: tech,landesk http: diff --git a/http/technologies/limesurvey-detect.yaml b/http/technologies/limesurvey-detect.yaml index 30bdf05392b..71057a712a6 100644 --- a/http/technologies/limesurvey-detect.yaml +++ b/http/technologies/limesurvey-detect.yaml @@ -15,12 +15,7 @@ info: max-request: 1 vendor: limesurvey product: limesurvey - shodan-query: - - http.favicon.hash:"1781653957" - - http.html:"limesurvey installer" - fofa-query: - - body="limesurvey installer" - - icon_hash=1781653957 + shodan-query: http.favicon.hash:1781653957 tags: tech,limesurvey http: diff --git a/http/technologies/livehelperchat-detect.yaml b/http/technologies/livehelperchat-detect.yaml index a3787662ee2..5bfd1ae748b 100644 --- a/http/technologies/livehelperchat-detect.yaml +++ b/http/technologies/livehelperchat-detect.yaml @@ -11,9 +11,7 @@ info: max-request: 3 vendor: livehelperchat product: live_helper_chat - fofa-query: title="live helper chat" - shodan-query: http.title:"live helper chat" - google-query: intitle:"live helper chat" + fofa-query: title="Live Helper Chat" tags: livehelperchat,tech http: diff --git a/http/technologies/lobechat-detect.yaml b/http/technologies/lobechat-detect.yaml index a0b31835247..a1c2e0f9521 100644 --- a/http/technologies/lobechat-detect.yaml +++ b/http/technologies/lobechat-detect.yaml @@ -12,9 +12,6 @@ info: verified: true max-request: 1 fofa-query: icon_hash="1975020705" - product: lobe-chat - vendor: lobehub - shodan-query: http.favicon.hash:"1975020705" tags: lobechat,tech,detect http: diff --git a/http/technologies/localai-detect.yaml b/http/technologies/localai-detect.yaml index ce007298bc1..e9bfcd1705d 100644 --- a/http/technologies/localai-detect.yaml +++ b/http/technologies/localai-detect.yaml @@ -14,11 +14,9 @@ info: max-request: 1 vendor: mudler product: localai - shodan-query: http.favicon.hash:"-976853304" - fofa-query: - - localai api - - icon_hash=-976853304 - tags: localai,tech,detect,mudler + fofa-query: "LocalAI API" + shodan-query: http.favicon.hash:-976853304 + tags: localai,tech,detect http: - method: GET diff --git a/http/technologies/luxtrust-cosi-detect.yaml b/http/technologies/luxtrust-cosi-detect.yaml index a358e3e0682..106f67d36c8 100644 --- a/http/technologies/luxtrust-cosi-detect.yaml +++ b/http/technologies/luxtrust-cosi-detect.yaml @@ -1,18 +1,18 @@ id: luxtrust-cosi-detect -info: - name: LuxTrust COSI - Detect - author: righettod - severity: info - description: | - LuxTrust COSI was detected. - reference: - - https://luxtrust.com/en/professionals/our-digital-solutions/sign-electronically - metadata: - verified: true - max-request: 1 - tags: panel,luxtrust,detect - +info: + name: LuxTrust COSI - Detect + author: righettod + severity: info + description: | + LuxTrust COSI was detected. + reference: + - https://luxtrust.com/en/professionals/our-digital-solutions/sign-electronically + metadata: + max-request: 1 + verified: true + tags: panel,luxtrust,detect + http: - method: GET path: diff --git a/http/technologies/magento-detect.yaml b/http/technologies/magento-detect.yaml index 9d701a5a7e7..a7b8f4ad4fb 100644 --- a/http/technologies/magento-detect.yaml +++ b/http/technologies/magento-detect.yaml @@ -14,11 +14,7 @@ info: max-request: 2 vendor: magento product: magento - shodan-query: - - http.component:"magento" - - cpe:"cpe:2.3:a:magento:magento" - - http.html:"magento installation" - fofa-query: body="magento installation" + shodan-query: http.component:"Magento" tags: magento,tech http: diff --git a/http/technologies/magento-eol.yaml b/http/technologies/magento-eol.yaml index 9da46863551..04d7e3e1c9c 100644 --- a/http/technologies/magento-eol.yaml +++ b/http/technologies/magento-eol.yaml @@ -15,13 +15,9 @@ info: metadata: verified: true max-request: 1 - vendor: magento + shodan-query: http.component:"Magento" product: magento - shodan-query: - - http.component:"magento" - - cpe:"cpe:2.3:a:magento:magento" - - http.html:"magento installation" - fofa-query: body="magento installation" + vendor: magento tags: magento,tech,cms http: diff --git a/http/technologies/magento-version-detect.yaml b/http/technologies/magento-version-detect.yaml index 0627b8f6f10..ab3a77b1406 100644 --- a/http/technologies/magento-version-detect.yaml +++ b/http/technologies/magento-version-detect.yaml @@ -16,13 +16,9 @@ info: metadata: verified: "true" max-request: 2 - vendor: magento + shodan-query: http.component:"Magento" product: magento - shodan-query: - - http.component:"magento" - - cpe:"cpe:2.3:a:magento:magento" - - http.html:"magento installation" - fofa-query: body="magento installation" + vendor: magento tags: tech,magento,cms http: diff --git a/http/technologies/magmi-detect.yaml b/http/technologies/magmi-detect.yaml index 072af539c28..f040cae1baf 100644 --- a/http/technologies/magmi-detect.yaml +++ b/http/technologies/magmi-detect.yaml @@ -11,8 +11,8 @@ info: max-request: 1 vendor: magmi_project product: magmi - shodan-query: http.component:"magento" - tags: magento,magmi,plugin,tech,magmi_project + shodan-query: http.component:"Magento" + tags: magento,magmi,plugin,tech http: - method: GET diff --git a/http/technologies/matrix-homeserver-detect.yaml b/http/technologies/matrix-homeserver-detect.yaml index 1c1e37da04c..e53765a8831 100644 --- a/http/technologies/matrix-homeserver-detect.yaml +++ b/http/technologies/matrix-homeserver-detect.yaml @@ -13,9 +13,7 @@ info: max-request: 1 vendor: matrix product: synapse - shodan-query: http.title:"synapse is running" - fofa-query: title="synapse is running" - google-query: intitle:"synapse is running" + shodan-query: title:"Synapse is running" tags: tech,matrix,synapse http: diff --git a/http/technologies/microsoft-iis-8.yaml b/http/technologies/microsoft-iis-8.yaml index 8a569eb98ea..f533103ca53 100644 --- a/http/technologies/microsoft-iis-8.yaml +++ b/http/technologies/microsoft-iis-8.yaml @@ -10,16 +10,7 @@ info: max-request: 1 vendor: microsoft product: iis - shodan-query: - - http.title:"microsoft internet information services 8" - - cpe:"cpe:2.3:a:microsoft:iis" - - http.title:"iis7" - fofa-query: - - title="iis7" - - title="microsoft internet information services 8" - google-query: - - intitle:"iis7" - - intitle:"microsoft internet information services 8" + shodan-query: http.title:"Microsoft Internet Information Services 8" tags: tech,iis,microsoft http: diff --git a/http/technologies/microsoft/default-azure-function-app.yaml b/http/technologies/microsoft/default-azure-function-app.yaml index c3b4f913260..b7a4a2fbd2b 100644 --- a/http/technologies/microsoft/default-azure-function-app.yaml +++ b/http/technologies/microsoft/default-azure-function-app.yaml @@ -10,13 +10,7 @@ info: max-request: 1 vendor: microsoft product: azure - shodan-query: - - http.html:"your azure function app is up and running" - - http.title:"microsoft azure app service - welcome" - fofa-query: - - body="your azure function app is up and running" - - title="microsoft azure app service - welcome" - google-query: intitle:"microsoft azure app service - welcome" + shodan-query: html:"Your Azure Function App is up and running" tags: tech,azure,microsoft http: diff --git a/http/technologies/microsoft/default-iis7-page.yaml b/http/technologies/microsoft/default-iis7-page.yaml index fd5fc6a4d06..5c3d8dcafae 100644 --- a/http/technologies/microsoft/default-iis7-page.yaml +++ b/http/technologies/microsoft/default-iis7-page.yaml @@ -10,17 +10,8 @@ info: max-request: 1 vendor: microsoft product: iis - shodan-query: - - http.title:"iis7" - - cpe:"cpe:2.3:a:microsoft:iis" - - http.title:"microsoft internet information services 8" - fofa-query: - - title="iis7" - - title="microsoft internet information services 8" - google-query: - - intitle:"iis7" - - intitle:"microsoft internet information services 8" - tags: tech,iis,microsoft + shodan-query: http.title:"IIS7" + tags: tech,iis http: - method: GET diff --git a/http/technologies/microsoft/default-microsoft-azure-page.yaml b/http/technologies/microsoft/default-microsoft-azure-page.yaml index f449b89f844..5c1f9eb70cb 100644 --- a/http/technologies/microsoft/default-microsoft-azure-page.yaml +++ b/http/technologies/microsoft/default-microsoft-azure-page.yaml @@ -10,13 +10,7 @@ info: max-request: 1 vendor: microsoft product: azure - shodan-query: - - http.title:"microsoft azure app service - welcome" - - http.html:"your azure function app is up and running" - fofa-query: - - body="your azure function app is up and running" - - title="microsoft azure app service - welcome" - google-query: intitle:"microsoft azure app service - welcome" + shodan-query: http.title:"Microsoft Azure App Service - Welcome" tags: tech,azure,microsoft http: diff --git a/http/technologies/microsoft/default-windows-server-page.yaml b/http/technologies/microsoft/default-windows-server-page.yaml index c7009d5c0e8..d9f9fd2187b 100644 --- a/http/technologies/microsoft/default-windows-server-page.yaml +++ b/http/technologies/microsoft/default-windows-server-page.yaml @@ -10,12 +10,8 @@ info: max-request: 1 vendor: microsoft product: windows_server_2003 - shodan-query: - - http.title:"iis windows server" - - cpe:"cpe:2.3:o:microsoft:windows_server_2003" - fofa-query: title="iis windows server" - google-query: intitle:"iis windows server" - tags: tech,windows,iis,microsoft + shodan-query: http.title:"IIS Windows Server" + tags: tech,windows,iis http: - method: GET diff --git a/http/technologies/microsoft/powerbi-report-server-detect.yaml b/http/technologies/microsoft/powerbi-report-server-detect.yaml index 726ca7d71c1..995fc965652 100644 --- a/http/technologies/microsoft/powerbi-report-server-detect.yaml +++ b/http/technologies/microsoft/powerbi-report-server-detect.yaml @@ -1,19 +1,19 @@ id: powerbi-report-server-detect -info: - name: PowerBI Report Server - Detect - author: righettod - severity: info - description: | - PowerBI Report Server was detected. - reference: - - https://www.microsoft.com/en-us/power-platform/products/power-bi/report-server - metadata: - verified: true - max-request: 2 - shodan-query: http.html:"report server web portal" - tags: panel,powerbi,detect - +info: + name: PowerBI Report Server - Detect + author: righettod + severity: info + description: | + PowerBI Report Server was detected. + reference: + - https://www.microsoft.com/en-us/power-platform/products/power-bi/report-server + metadata: + max-request: 1 + verified: true + shodan-query: http.html:"report server web portal" + tags: panel,powerbi,detect + http: - method: GET path: diff --git a/http/technologies/microweber-detect.yaml b/http/technologies/microweber-detect.yaml index 9b1fc106c5f..4fdc454e162 100644 --- a/http/technologies/microweber-detect.yaml +++ b/http/technologies/microweber-detect.yaml @@ -8,11 +8,11 @@ info: - https://github.com/microweber/microweber metadata: max-request: 1 - vendor: microweber - product: microweber shodan-query: - - http.favicon.hash:"780351152" + - http.favicon.hash:780351152 - http.html:"microweber" + product: microweber + vendor: microweber fofa-query: - icon_hash=780351152 - body="microweber" diff --git a/http/technologies/mikrotik-httpproxy.yaml b/http/technologies/mikrotik-httpproxy.yaml index 19fe9efc689..fc86cca8566 100644 --- a/http/technologies/mikrotik-httpproxy.yaml +++ b/http/technologies/mikrotik-httpproxy.yaml @@ -11,7 +11,7 @@ info: max-request: 1 vendor: mikrotik product: rb3011uias-rm - shodan-query: server:"mikrotik httpproxy" + shodan-query: 'Server: mikrotik httpproxy' tags: tech,mikrotik http: diff --git a/http/technologies/mirth-connect-detect.yaml b/http/technologies/mirth-connect-detect.yaml index 93f42797ba7..ad256cb1f21 100644 --- a/http/technologies/mirth-connect-detect.yaml +++ b/http/technologies/mirth-connect-detect.yaml @@ -1,20 +1,18 @@ id: mirth-connect-detect -info: - name: Mirth Connect Admin Panel - Detect - author: rxerium - severity: info - description: | - Detects Mirth Connect Administrator panel. - metadata: - verified: true - max-request: 1 - product: mirth_connect - shodan-query: http.title:"mirth connect administrator" - fofa-query: title="mirth connect administrator" - google-query: intitle:"mirth connect administrator" - tags: mirth-connect,tech,detect - +info: + name: Mirth Connect Admin Panel - Detect + author: rxerium + severity: info + description: | + Detects Mirth Connect Administrator panel. + metadata: + verified: true + max-request: 1 + product: mirth_connect + shodan-query: title:"mirth connect administrator" + tags: mirth-connect,tech,detect + http: - method: GET path: diff --git a/http/technologies/mongoose-server.yaml b/http/technologies/mongoose-server.yaml index eb36f825e70..d2f50ed563d 100644 --- a/http/technologies/mongoose-server.yaml +++ b/http/technologies/mongoose-server.yaml @@ -15,8 +15,8 @@ info: max-request: 1 vendor: cesanta product: mongoose - shodan-query: server:"mongoose" - tags: tech,mongoose,cesanta + shodan-query: 'Server: Mongoose' + tags: tech,mongoose http: - method: GET diff --git a/http/technologies/monstracms-detect.yaml b/http/technologies/monstracms-detect.yaml index 041f4ee474c..ab2ac36a15e 100644 --- a/http/technologies/monstracms-detect.yaml +++ b/http/technologies/monstracms-detect.yaml @@ -9,15 +9,10 @@ info: metadata: verified: true max-request: 1 - vendor: monstra + shodan-query: http.favicon.hash:419828698 product: monstra_cms - shodan-query: - - http.favicon.hash:"419828698" - - 'http.title:"monstra :: install"' - fofa-query: - - icon_hash=419828698 - - 'title="monstra :: install"' - google-query: 'intitle:"monstra :: install"' + vendor: monstra + fofa-query: icon_hash=419828698 tags: tech,monstra,monstracms http: diff --git a/http/technologies/moveit-transfer-detect.yaml b/http/technologies/moveit-transfer-detect.yaml index 3f6ef152662..85b9ad001b9 100644 --- a/http/technologies/moveit-transfer-detect.yaml +++ b/http/technologies/moveit-transfer-detect.yaml @@ -11,15 +11,8 @@ info: max-request: 2 vendor: progress product: moveit_transfer - shodan-query: - - http.html:"human.aspx" - - http.favicon.hash:"989289239" - - http.title:"web transfer client" - fofa-query: - - icon_hash=989289239 - - title="web transfer client" - google-query: intitle:"web transfer client" - tags: tech,moveit,progress + shodan-query: html:"human.aspx" + tags: tech,moveit http: - method: GET diff --git a/http/technologies/nacos-version.yaml b/http/technologies/nacos-version.yaml index 7186c647775..f53f7b1edff 100644 --- a/http/technologies/nacos-version.yaml +++ b/http/technologies/nacos-version.yaml @@ -13,15 +13,10 @@ info: metadata: verified: true max-request: 2 - vendor: alibaba + shodan-query: title:"Nacos" product: nacos - shodan-query: http.title:"nacos" - fofa-query: - - app="nacos" - - title="nacos" - - title=="nacos" - google-query: intitle:"nacos" - tags: tech,detect,nacos,alibaba + vendor: alibaba + tags: tech,detect,nacos http: - method: GET diff --git a/http/technologies/neo4j-neodash-detect.yaml b/http/technologies/neo4j-neodash-detect.yaml index 43292c07b8c..6a25d3ae1fc 100644 --- a/http/technologies/neo4j-neodash-detect.yaml +++ b/http/technologies/neo4j-neodash-detect.yaml @@ -9,10 +9,10 @@ info: classification: cpe: cpe:2.3:a:neo4j:*:*:*:*:*:*:*:*:* metadata: - verified: true max-request: 1 + verified: true vendor: neo4j - product: "*" + product: neodash shodan-query: title:"NeoDash" tags: tech,neodash,neo4j,detect diff --git a/http/technologies/nextcloud-detect.yaml b/http/technologies/nextcloud-detect.yaml index 8c641572725..51358cf49e2 100644 --- a/http/technologies/nextcloud-detect.yaml +++ b/http/technologies/nextcloud-detect.yaml @@ -15,9 +15,7 @@ info: max-request: 4 vendor: nextcloud product: nextcloud_server - shodan-query: http.title:"nextcloud" - fofa-query: title="nextcloud" - google-query: intitle:"nextcloud" + shodan-query: http.title:"Nextcloud" tags: tech,nextcloud,storage http: diff --git a/http/technologies/nextcloud-owncloud-detect.yaml b/http/technologies/nextcloud-owncloud-detect.yaml index 8bf4ff5c9b4..c6418044c00 100644 --- a/http/technologies/nextcloud-owncloud-detect.yaml +++ b/http/technologies/nextcloud-owncloud-detect.yaml @@ -11,13 +11,7 @@ info: max-request: 1 vendor: owncloud product: owncloud - shodan-query: - - http.html:"owncloud" - - http.title:"owncloud" - fofa-query: - - body="owncloud" - - title="owncloud" - google-query: intitle:"owncloud" + shodan-query: http.html:"owncloud" tags: tech,owncloud,status http: diff --git a/http/technologies/nexus-detect.yaml b/http/technologies/nexus-detect.yaml index 1d2e677925b..a418f9ab460 100644 --- a/http/technologies/nexus-detect.yaml +++ b/http/technologies/nexus-detect.yaml @@ -13,9 +13,8 @@ info: max-request: 1 vendor: sonatype product: nexus_repository_manager - shodan-query: http.html:"nexus repository manager" - fofa-query: body="nexus repository manager" - tags: tech,nexus,sonatype + shodan-query: http.html:"Nexus Repository Manager" + tags: tech,nexus http: - method: GET diff --git a/http/technologies/notion-detect.yaml b/http/technologies/notion-detect.yaml index 3f9f99eb533..833d8a6fa99 100644 --- a/http/technologies/notion-detect.yaml +++ b/http/technologies/notion-detect.yaml @@ -11,9 +11,7 @@ info: max-request: 1 vendor: notion product: notion - shodan-query: http.title:"notion – one workspace. every team." - fofa-query: title="notion – one workspace. every team." - google-query: intitle:"notion – one workspace. every team." + shodan-query: title:"Notion – One workspace. Every team." tags: notion,tech http: diff --git a/http/technologies/nperf-server-detect.yaml b/http/technologies/nperf-server-detect.yaml index 80d79b26857..3ab05350e3d 100644 --- a/http/technologies/nperf-server-detect.yaml +++ b/http/technologies/nperf-server-detect.yaml @@ -1,19 +1,19 @@ id: nperf-server-detect -info: - name: nPerf Server - Detect - author: rxerium - severity: info - description: | - A nperf panel was detected. - reference: - - https://www.nperf.com - metadata: - verified: true - max-request: 1 - shodan-query: product:"nPerf" - tags: tech,nperf,detect - +info: + name: nPerf Server - Detect + author: rxerium + severity: info + description: | + A nperf panel was detected. + reference: + - https://www.nperf.com + metadata: + verified: true + max-request: 1 + shodan-query: product:"nPerf" + tags: tech,nperf,detect + http: - method: GET path: diff --git a/http/technologies/ntop-detect.yaml b/http/technologies/ntop-detect.yaml index f43d6e46e1e..c0d73466d39 100644 --- a/http/technologies/ntop-detect.yaml +++ b/http/technologies/ntop-detect.yaml @@ -14,20 +14,9 @@ info: metadata: verified: true max-request: 1 - vendor: ntop + shodan-query: http.title:"welcome to ntop" product: ntopng - shodan-query: - - http.title:"welcome to ntop" - - http.title:"configure ntop" - - http.title:"ntopng - traffic dashboard" - fofa-query: - - title="configure ntop" - - title="ntopng - traffic dashboard" - - title="welcome to ntop" - google-query: - - intitle:"configure ntop" - - intitle:"ntopng - traffic dashboard" - - intitle:"welcome to ntop" + vendor: ntop tags: tech,ntop,panel http: diff --git a/http/technologies/open-journal-systems.yaml b/http/technologies/open-journal-systems.yaml index e4a951c69e4..a2fd054999c 100644 --- a/http/technologies/open-journal-systems.yaml +++ b/http/technologies/open-journal-systems.yaml @@ -14,12 +14,8 @@ info: max-request: 1 vendor: openjournalsystems product: open_journal_systems - shodan-query: - - http.html:"open journal systems" - - cpe:"cpe:2.3:a:public_knowledge_project:open_journal_systems" - - http.html:"pkp-lib" - fofa-query: body="pkp-lib" - tags: tech,ojs,openjournalsystems + shodan-query: html:"Open Journal Systems" + tags: tech,ojs http: - method: GET diff --git a/http/technologies/openarchives-detect.yaml b/http/technologies/openarchives-detect.yaml index e37fba63ec8..f945dd0ff6c 100644 --- a/http/technologies/openarchives-detect.yaml +++ b/http/technologies/openarchives-detect.yaml @@ -10,7 +10,6 @@ info: - https://www.openarchives.org/ metadata: verified: true - max-request: 1 shodan-query: http.html:" - fofa-query: title="php warning" || "fatal error" - google-query: intitle:"php warning" || "fatal error" + shodan-query: "X-Powered-By: PHP" tags: tech,php http: diff --git a/http/technologies/php-fusion-detect.yaml b/http/technologies/php-fusion-detect.yaml index 324de39a1c3..21afa4ba316 100644 --- a/http/technologies/php-fusion-detect.yaml +++ b/http/technologies/php-fusion-detect.yaml @@ -10,7 +10,7 @@ info: max-request: 1 vendor: php-fusion product: php-fusion - fofa-query: title="php-fusion" + fofa-query: title="PHP-Fusion" tags: php,tech,php-fusion http: diff --git a/http/technologies/phplist-detect.yaml b/http/technologies/phplist-detect.yaml index 9c27219909c..fdcc4104db0 100644 --- a/http/technologies/phplist-detect.yaml +++ b/http/technologies/phplist-detect.yaml @@ -15,8 +15,7 @@ info: max-request: 1 vendor: phplist product: phplist - shodan-query: http.html:"phplist" - fofa-query: body="phplist" + shodan-query: html:"phplist" tags: tech,phplist,detect http: diff --git a/http/technologies/pi-hole-detect.yaml b/http/technologies/pi-hole-detect.yaml index 3c26624671c..b6c2af5d3fa 100644 --- a/http/technologies/pi-hole-detect.yaml +++ b/http/technologies/pi-hole-detect.yaml @@ -11,10 +11,8 @@ info: max-request: 5 vendor: pi-hole product: pi-hole - shodan-query: http.title:"pi-hole" - fofa-query: title="pi-hole" - google-query: intitle:"pi-hole" - tags: tech,pihole,detect,pi-hole + shodan-query: title:"Pi-hole" + tags: tech,pihole,detect http: - method: GET diff --git a/http/technologies/piwigo-detect.yaml b/http/technologies/piwigo-detect.yaml index a66b15d5b9a..e2123eae75d 100644 --- a/http/technologies/piwigo-detect.yaml +++ b/http/technologies/piwigo-detect.yaml @@ -6,18 +6,13 @@ info: severity: info metadata: max-request: 1 - vendor: piwigo - product: piwigo - shodan-query: - - http.favicon.hash:"540706145" - - http.html:"- installation" - - http.html:"piwigo" html:"- installation" fofa-query: - title="piwigo" - icon_hash=540706145 - - body="- installation" - - body="piwigo" html:"- installation" + product: piwigo + vendor: piwigo google-query: powered by piwigo + shodan-query: http.favicon.hash:540706145 tags: piwigo,tech http: diff --git a/http/technologies/pomerium-detect.yaml b/http/technologies/pomerium-detect.yaml index b4dc987b43f..c072125918b 100644 --- a/http/technologies/pomerium-detect.yaml +++ b/http/technologies/pomerium-detect.yaml @@ -9,8 +9,8 @@ info: reference: - https://www.pomerium.com/ metadata: - verified: true max-request: 1 + verified: true shodan-query: html:"pomerium" tags: pomerium,sso,detect,tech diff --git a/http/technologies/prestashop-detect.yaml b/http/technologies/prestashop-detect.yaml index 172cf96fbda..3efb47e35ee 100644 --- a/http/technologies/prestashop-detect.yaml +++ b/http/technologies/prestashop-detect.yaml @@ -10,12 +10,7 @@ info: max-request: 1 vendor: prestashop product: prestashop - shodan-query: - - http.component:"prestashop" - - cpe:"cpe:2.3:a:prestashop:prestashop" - - http.title:"prestashop installation assistant" - fofa-query: title="prestashop installation assistant" - google-query: intitle:"prestashop installation assistant" + shodan-query: http.component:"PrestaShop" tags: tech,cms,prestashop http: diff --git a/http/technologies/privatebin-detect.yaml b/http/technologies/privatebin-detect.yaml index 8c6e0bf1ce7..5926fc6dd4d 100644 --- a/http/technologies/privatebin-detect.yaml +++ b/http/technologies/privatebin-detect.yaml @@ -15,9 +15,7 @@ info: max-request: 1 vendor: privatebin product: privatebin - shodan-query: http.title:"privatebin" - fofa-query: title="privatebin" - google-query: intitle:"privatebin" + shodan-query: title:"PrivateBin" tags: tech,privatebin,detect http: diff --git a/http/technologies/projectsend-detect.yaml b/http/technologies/projectsend-detect.yaml index 9ad4c64731b..85e62bbca07 100644 --- a/http/technologies/projectsend-detect.yaml +++ b/http/technologies/projectsend-detect.yaml @@ -15,17 +15,9 @@ info: cpe: cpe:2.3:a:projectsend:projectsend:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: projectsend + google-query: intext:Provided by ProjectSend product: projectsend - google-query: intext:provided by projectsend - shodan-query: - - http.html:"projectsend setup" - - http.html:"projectsend" - - http.html:"provided by projectsend" - fofa-query: - - body="projectsend setup" - - body="projectsend" - - body="provided by projectsend" + vendor: projectsend tags: tech,projectsend,edb http: diff --git a/http/technologies/pypiserver-detect.yaml b/http/technologies/pypiserver-detect.yaml index 66ab5debe70..6d80f0232a0 100644 --- a/http/technologies/pypiserver-detect.yaml +++ b/http/technologies/pypiserver-detect.yaml @@ -11,9 +11,8 @@ info: max-request: 1 vendor: python product: pypiserver - shodan-query: http.html:"pypiserver" - fofa-query: body="pypiserver" - tags: tech,pypiserver,python + shodan-query: html:"pypiserver" + tags: tech,pypiserver http: - method: GET diff --git a/http/technologies/roundcube-webmail-portal.yaml b/http/technologies/roundcube-webmail-portal.yaml index 0ed84852090..dfaca937dfd 100644 --- a/http/technologies/roundcube-webmail-portal.yaml +++ b/http/technologies/roundcube-webmail-portal.yaml @@ -10,9 +10,7 @@ info: max-request: 2 vendor: roundcube product: webmail - shodan-query: - - http.component:"roundcube" - - cpe:"cpe:2.3:a:roundcube:webmail" + shodan-query: http.component:"RoundCube" tags: roundcube,portal,tech http: diff --git a/http/technologies/rseenet-detect.yaml b/http/technologies/rseenet-detect.yaml index 6b4b420a8fa..5f8d90b3d58 100644 --- a/http/technologies/rseenet-detect.yaml +++ b/http/technologies/rseenet-detect.yaml @@ -10,16 +10,10 @@ info: cpe: cpe:2.3:a:advantech:r-seenet:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: advantech + shodan-query: http.title:"R-SeeNet" product: r-seenet - shodan-query: - - http.title:"r-seenet" - - http.html:"r-seenet" - fofa-query: - - body="r-seenet" - - title="r-seenet" - google-query: intitle:"r-seenet" - tags: tech,rseenet,advantech + vendor: advantech + tags: tech,rseenet http: - method: GET diff --git a/http/technologies/rsshub-detect.yaml b/http/technologies/rsshub-detect.yaml index cafa0f9ba3d..b60522c552b 100644 --- a/http/technologies/rsshub-detect.yaml +++ b/http/technologies/rsshub-detect.yaml @@ -11,8 +11,7 @@ info: max-request: 1 vendor: rsshub product: rsshub - shodan-query: http.favicon.hash:"-1893514038" - fofa-query: icon_hash=-1893514038 + shodan-query: http.favicon.hash:-1893514038 tags: tech,rsshub http: diff --git a/http/technologies/samsung-smarttv-debug.yaml b/http/technologies/samsung-smarttv-debug.yaml index 545efa5a8f5..7230bf67916 100644 --- a/http/technologies/samsung-smarttv-debug.yaml +++ b/http/technologies/samsung-smarttv-debug.yaml @@ -11,9 +11,7 @@ info: max-request: 1 vendor: samsung product: nt14u_firmware - shodan-query: http.title:"debug config" - fofa-query: title="debug config" - google-query: intitle:"debug config" + shodan-query: title:"Debug Config" tags: samsung,tech,iot http: diff --git a/http/technologies/sap/sap-netweaver-detect.yaml b/http/technologies/sap/sap-netweaver-detect.yaml index 3daf6143342..1ead70035e1 100644 --- a/http/technologies/sap/sap-netweaver-detect.yaml +++ b/http/technologies/sap/sap-netweaver-detect.yaml @@ -9,12 +9,12 @@ info: metadata: verified: true max-request: 1 - vendor: sap - product: content_server - shodan-query: http.favicon.hash:"-266008933" + shodan-query: http.favicon.hash:-266008933 fofa-query: - "sap-server:" - icon_hash=-266008933 + product: content_server + vendor: sap tags: sap,webserver,tech,detect http: diff --git a/http/technologies/sap/sap-web-dispatcher-admin-portal.yaml b/http/technologies/sap/sap-web-dispatcher-admin-portal.yaml index 2664eac42f5..29df76b95cf 100644 --- a/http/technologies/sap/sap-web-dispatcher-admin-portal.yaml +++ b/http/technologies/sap/sap-web-dispatcher-admin-portal.yaml @@ -7,12 +7,10 @@ info: description: Detection of SAP Web Dispatcher Admin Portal metadata: max-request: 1 - vendor: sap + shodan-query: http.favicon.hash:-266008933 product: content_server - shodan-query: http.favicon.hash:"-266008933" - fofa-query: - - icon_hash=-266008933 - - "sap-server:" + vendor: sap + fofa-query: icon_hash=-266008933 tags: sap,webserver,proxy,tech http: diff --git a/http/technologies/searxng-detect.yaml b/http/technologies/searxng-detect.yaml index 13a3073d819..15cb1b16555 100644 --- a/http/technologies/searxng-detect.yaml +++ b/http/technologies/searxng-detect.yaml @@ -1,19 +1,19 @@ id: searxng-detect -info: - name: SearXNG - Detect - author: rxerium - severity: info - description: | - A SearXNG search engine was detected. - reference: - - https://github.com/searxng/searxng - metadata: - verified: true - max-request: 1 - shodan-query: http.title:SearXNG - tags: searxng,search-engine,tech - +info: + name: SearXNG - Detect + author: rxerium + severity: info + description: | + A SearXNG search engine was detected. + reference: + - https://github.com/searxng/searxng + metadata: + max-request: 1 + verified: true + shodan-query: http.title:SearXNG + tags: searxng,search-engine,tech + http: - method: GET path: diff --git a/http/technologies/sekolahku-cms-detect.yaml b/http/technologies/sekolahku-cms-detect.yaml index 39d477a6d99..7b847468be6 100644 --- a/http/technologies/sekolahku-cms-detect.yaml +++ b/http/technologies/sekolahku-cms-detect.yaml @@ -1,18 +1,18 @@ id: sekolahku-cms-detect -info: - name: Sekolahku CMS - Detect - author: nblirwn - severity: info - description: | - Sekolahku CMS is a free, open-source, and easy-to-use content management system (CMS) for schools and educational institutions. It is designed to help schools manage their websites, manage student information, and manage school activities. - reference: - - https://sekolahku.web.id/ - metadata: - max-request: 1 - shodan-query: html:"sekolahku.web" - tags: tech,sekolahku,cms - +info: + name: Sekolahku CMS - Detect + author: nblirwn + severity: info + description: | + Sekolahku CMS is a free, open-source, and easy-to-use content management system (CMS) for schools and educational institutions. It is designed to help schools manage their websites, manage student information, and manage school activities. + reference: + - https://sekolahku.web.id/ + metadata: + max-request: 1 + shodan-query: html:"sekolahku.web" + tags: tech,sekolahku,cms + http: - method: GET path: diff --git a/http/technologies/sharefile-storage-server.yaml b/http/technologies/sharefile-storage-server.yaml index 2f42731e231..34fa4a2805f 100644 --- a/http/technologies/sharefile-storage-server.yaml +++ b/http/technologies/sharefile-storage-server.yaml @@ -11,9 +11,7 @@ info: max-request: 1 vendor: citrix product: sharefile_storage_zones_controller - shodan-query: http.title:"sharefile storage server" - fofa-query: title="sharefile storage server" - google-query: intitle:"sharefile storage server" + shodan-query: title:"ShareFile Storage Server" tags: tech,citrix,sharefile http: diff --git a/http/technologies/shibboleth-detect.yaml b/http/technologies/shibboleth-detect.yaml index 5f308bc313c..6d62a6d2649 100644 --- a/http/technologies/shibboleth-detect.yaml +++ b/http/technologies/shibboleth-detect.yaml @@ -10,7 +10,7 @@ info: - https://www.shibboleth.net/ metadata: verified: true - max-request: 2 + max-request: 1 shodan-query: http.title:"Shibboleth IdP" tags: shibboleth,sso,detect,tech diff --git a/http/technologies/shopware-detect.yaml b/http/technologies/shopware-detect.yaml index ca7217dcab0..cfb87cc14b3 100644 --- a/http/technologies/shopware-detect.yaml +++ b/http/technologies/shopware-detect.yaml @@ -15,13 +15,7 @@ info: max-request: 2 vendor: shopware product: shopware - shodan-query: - - http.title:"shopware ag" - - cpe:"cpe:2.3:a:shopware:shopware" - fofa-query: - - title="installation | shopware 6" - - title="shopware ag" - google-query: intitle:"shopware ag" + shodan-query: title:"shopware AG" tags: tech,shopware,cms http: diff --git a/http/technologies/simplesamlphp-detect.yaml b/http/technologies/simplesamlphp-detect.yaml index 7a64cbf90c0..d5d265dd579 100644 --- a/http/technologies/simplesamlphp-detect.yaml +++ b/http/technologies/simplesamlphp-detect.yaml @@ -15,9 +15,7 @@ info: max-request: 2 vendor: simplesamlphp product: simplesamlphp - shodan-query: http.title:"simplesamlphp installation page" - fofa-query: title="simplesamlphp installation page" - google-query: intitle:"simplesamlphp installation page" + shodan-query: "http.title:\"SimpleSAMLphp installation page\"" tags: tech,simplesamlphp,detect http: diff --git a/http/technologies/sitecore-cms.yaml b/http/technologies/sitecore-cms.yaml index bb31a958d30..fcdb132275c 100644 --- a/http/technologies/sitecore-cms.yaml +++ b/http/technologies/sitecore-cms.yaml @@ -15,11 +15,7 @@ info: max-request: 1 vendor: sitecore product: cms - shodan-query: - - http.title:"sitecore" - - http.title:"ilch" - fofa-query: title="ilch" - google-query: intitle:"ilch" + shodan-query: title:"sitecore" tags: cms,sitecore,tech http: diff --git a/http/technologies/slims-cms-detect.yaml b/http/technologies/slims-cms-detect.yaml index 4acb6ee9a2b..29e6509ecab 100644 --- a/http/technologies/slims-cms-detect.yaml +++ b/http/technologies/slims-cms-detect.yaml @@ -1,18 +1,18 @@ id: slims-cms-detect -info: - name: Slims CMS - Detect - author: nblirwn - severity: info - description: Detects Senayan Library Management System (SLiMS) CMS - reference: - - https://github.com/slims - metadata: - verified: true - max-request: 1 - shodan-query: html:'content="SLiMS' - tags: tech,slims,cms,senayan - +info: + name: Slims CMS - Detect + author: nblirwn + severity: info + description: Detects Senayan Library Management System (SLiMS) CMS + reference: + - https://github.com/slims + metadata: + verified: true + max-request: 1 + shodan-query: html:'content="SLiMS' + tags: tech,slims,cms,senayan + http: - method: GET path: diff --git a/http/technologies/smartstore-detect.yaml b/http/technologies/smartstore-detect.yaml index 656cdae3ec9..b10f99f53c8 100644 --- a/http/technologies/smartstore-detect.yaml +++ b/http/technologies/smartstore-detect.yaml @@ -12,8 +12,7 @@ info: max-request: 1 vendor: smartstore product: smartstore - shodan-query: http.html:'content="smartstore' - fofa-query: body='content="smartstore' + shodan-query: http.html:'content="Smartstore' tags: tech,smartstore,oss http: diff --git a/http/technologies/snipeit-panel.yaml b/http/technologies/snipeit-panel.yaml index a757d4b97a8..583437c8238 100644 --- a/http/technologies/snipeit-panel.yaml +++ b/http/technologies/snipeit-panel.yaml @@ -12,15 +12,10 @@ info: cpe: cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: snipeitapp + shodan-query: http.favicon.hash:431627549 product: snipe-it - shodan-query: - - http.favicon.hash:"431627549" - - http.html:"snipe-it setup" - fofa-query: - - body="snipe-it setup" - - icon_hash=431627549 - tags: panel,snipeit,tech,snipeitapp + vendor: snipeitapp + tags: panel,snipeit,tech http: - method: GET diff --git a/http/technologies/sogo-detect.yaml b/http/technologies/sogo-detect.yaml index 9aeae5681a5..f60e7a5197d 100644 --- a/http/technologies/sogo-detect.yaml +++ b/http/technologies/sogo-detect.yaml @@ -14,10 +14,8 @@ info: max-request: 2 vendor: alinto product: sogo - shodan-query: http.title:"sogo" - fofa-query: title="sogo" - google-query: intitle:"sogo" - tags: sogo,tech,alinto + shodan-query: http.title:"SOGo" + tags: sogo,tech http: - method: GET diff --git a/http/technologies/sparklighter-detect.yaml b/http/technologies/sparklighter-detect.yaml index a7989ddf006..2d01ddcead5 100644 --- a/http/technologies/sparklighter-detect.yaml +++ b/http/technologies/sparklighter-detect.yaml @@ -13,6 +13,7 @@ info: max-request: 1 vendor: apache product: spark + category: productivity shodan-query: - http.html:"/apps/imt/html/" - http.title:"spark master at" @@ -20,7 +21,6 @@ info: - title="spark master at" - body="/apps/imt/html/" google-query: intitle:"spark master at" - category: productivity tags: tech,lighter,spark,detect,apache http: diff --git a/http/technologies/spip-detect.yaml b/http/technologies/spip-detect.yaml index ab11849a9b9..a1c84759f09 100644 --- a/http/technologies/spip-detect.yaml +++ b/http/technologies/spip-detect.yaml @@ -12,12 +12,7 @@ info: max-request: 1 vendor: spip product: spip - fofa-query: - - app="spip" - - body="spip.php?page=backend" - shodan-query: - - cpe:"cpe:2.3:a:spip:spip" - - http.html:"spip.php?page=backend" + fofa-query: app="SPIP" tags: spip,tech,detect http: diff --git a/http/technologies/springboot-actuator.yaml b/http/technologies/springboot-actuator.yaml index bf300b4f07a..2189a51a71c 100644 --- a/http/technologies/springboot-actuator.yaml +++ b/http/technologies/springboot-actuator.yaml @@ -6,16 +6,7 @@ info: severity: info metadata: max-request: 4 - shodan-query: - - http.favicon.hash:"116323821" - - cpe:"cpe:2.3:a:h2database:h2" - - http.title:"h2 console" - product: h2 - vendor: h2database - fofa-query: - - icon_hash=116323821 - - title="h2 console" - google-query: intitle:"h2 console" + shodan-query: http.favicon.hash:116323821 tags: tech,springboot,actuator http: diff --git a/http/technologies/statamic-detect.yaml b/http/technologies/statamic-detect.yaml index ee3936def7c..8afdcc87ef1 100644 --- a/http/technologies/statamic-detect.yaml +++ b/http/technologies/statamic-detect.yaml @@ -15,7 +15,7 @@ info: max-request: 1 vendor: statamic product: statamic - shodan-query: statamic + shodan-query: "Statamic" tags: tech,statamic,detect http: diff --git a/http/technologies/subrion-cms-detect.yaml b/http/technologies/subrion-cms-detect.yaml index 6072b8e0158..d65b62cbee2 100644 --- a/http/technologies/subrion-cms-detect.yaml +++ b/http/technologies/subrion-cms-detect.yaml @@ -10,11 +10,9 @@ info: max-request: 1 vendor: intelliants product: subrion - shodan-query: http.component:"subrion" - fofa-query: - - title="subrion" - - title="subrion cms web installer" - tags: subrion,tech,intelliants + shodan-query: http.component:"Subrion" + fofa-query: title="subrion" + tags: subrion,tech http: - method: GET diff --git a/http/technologies/thinkphp-detect.yaml b/http/technologies/thinkphp-detect.yaml index 63bcd839b37..971d7df352e 100644 --- a/http/technologies/thinkphp-detect.yaml +++ b/http/technologies/thinkphp-detect.yaml @@ -13,18 +13,10 @@ info: metadata: verified: true max-request: 2 - vendor: thinkphp + shodan-query: title:"ThinkPHP" + fofa-query: app="ThinkPHP" product: thinkphp - shodan-query: - - http.title:"thinkphp" - - cpe:"cpe:2.3:a:thinkphp:thinkphp" - fofa-query: - - app="thinkphp" - - app="thinkphp" && title="system error" - - header="think_lang" - - title="thinkphp" - google-query: intitle:"thinkphp" - zoomeye-query: app="thinkphp" + vendor: thinkphp tags: thinkphp,tech,detect,intrusive http: diff --git a/http/technologies/tibco-businessconnect-detect.yaml b/http/technologies/tibco-businessconnect-detect.yaml index 18cfd0ebf47..79b65a617d3 100644 --- a/http/technologies/tibco-businessconnect-detect.yaml +++ b/http/technologies/tibco-businessconnect-detect.yaml @@ -15,8 +15,7 @@ info: max-request: 1 vendor: tibco product: businessconnect - shodan-query: http.html:"tibco businessconnect" - fofa-query: body="tibco businessconnect" + shodan-query: http.html:"TIBCO BusinessConnect" tags: tibco,detect,tech http: diff --git a/http/technologies/tibco-spotfire-services-detect.yaml b/http/technologies/tibco-spotfire-services-detect.yaml index 4e644cf452e..5a6b7165b76 100644 --- a/http/technologies/tibco-spotfire-services-detect.yaml +++ b/http/technologies/tibco-spotfire-services-detect.yaml @@ -15,7 +15,7 @@ info: max-request: 4 vendor: tibco product: spotfire_statistics_services - shodan-query: tibco spotfire server + shodan-query: "TIBCO Spotfire Server" tags: tech,tibco,detect http: diff --git a/http/technologies/tileserver-gl.yaml b/http/technologies/tileserver-gl.yaml index c0b5854cc49..84c76daafb1 100644 --- a/http/technologies/tileserver-gl.yaml +++ b/http/technologies/tileserver-gl.yaml @@ -14,11 +14,10 @@ info: cpe: cpe:2.3:a:tileserver:tileservergl:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: tileserver + shodan-query: http.title:"TileServer GL - Server for vector and raster maps with GL styles" + google-query: intitle:"TileServer GL - Server for vector and raster maps with GL styles" product: tileservergl - shodan-query: http.title:"tileserver gl - server for vector and raster maps with gl styles" - google-query: intitle:"tileserver gl - server for vector and raster maps with gl styles" - fofa-query: title="tileserver gl - server for vector and raster maps with gl styles" + vendor: tileserver tags: tech,tileserver,edb http: diff --git a/http/technologies/tinyproxy-detect.yaml b/http/technologies/tinyproxy-detect.yaml index b1d5aba9819..b9c64afc559 100644 --- a/http/technologies/tinyproxy-detect.yaml +++ b/http/technologies/tinyproxy-detect.yaml @@ -15,8 +15,8 @@ info: max-request: 1 vendor: tinyproxy_project product: tinyproxy - shodan-query: server:"tinyproxy" - tags: tech,proxy,detect,tinyproxy_project + shodan-query: "Server: tinyproxy" + tags: tech,proxy,detect http: - method: GET diff --git a/http/technologies/torchserve-detect.yaml b/http/technologies/torchserve-detect.yaml index ff5907041d2..06cdbd9af99 100644 --- a/http/technologies/torchserve-detect.yaml +++ b/http/technologies/torchserve-detect.yaml @@ -11,8 +11,7 @@ info: max-request: 1 vendor: pytorch product: torchserve - fofa-query: body="requested method is not allowed, please refer to api document" - shodan-query: http.html:"requested method is not allowed, please refer to api document" + fofa-query: body="Requested method is not allowed, please refer to API document" tags: tech,pytorch,api http: diff --git a/http/technologies/twenty-detect.yaml b/http/technologies/twenty-detect.yaml index a15c55d36d2..63304cff333 100644 --- a/http/technologies/twenty-detect.yaml +++ b/http/technologies/twenty-detect.yaml @@ -1,19 +1,19 @@ id: twenty-detect -info: - name: Twenty - Detect - author: righettod - severity: info - description: | - Twenty products was detected. - reference: - - https://github.com/twentyhq/twenty - - https://twenty.com/ - metadata: - max-request: 1 - shodan-query: http.title:"Twenty" - tags: tech,twenty,detect - +info: + name: Twenty - Detect + author: righettod + severity: info + description: | + Twenty products was detected. + reference: + - https://github.com/twentyhq/twenty + - https://twenty.com/ + metadata: + max-request: 1 + shodan-query: http.title:"Twenty" + tags: tech,twenty,detect + http: - method: GET path: diff --git a/http/technologies/typo3-detect.yaml b/http/technologies/typo3-detect.yaml index 8c4fa5f5448..0f9c4ffe961 100644 --- a/http/technologies/typo3-detect.yaml +++ b/http/technologies/typo3-detect.yaml @@ -10,18 +10,7 @@ info: max-request: 1 vendor: typo3 product: typo3 - shodan-query: - - http.component:"typo3" - - cpe:"cpe:2.3:a:typo3:typo3" - - http.title:"installing typo3 cms" - - http.title:"typo3 exception" - - x-typo3-parsetime:"0ms" - fofa-query: - - title="installing typo3 cms" - - title="typo3 exception" - google-query: - - intitle:"installing typo3 cms" - - intitle:"typo3 exception" + shodan-query: http.component:"TYPO3" tags: tech,typo3 http: diff --git a/http/technologies/utility-service-detect.yaml b/http/technologies/utility-service-detect.yaml index d41881ead4d..ea4d1ea87f3 100644 --- a/http/technologies/utility-service-detect.yaml +++ b/http/technologies/utility-service-detect.yaml @@ -11,13 +11,7 @@ info: max-request: 1 vendor: avaya product: aura_utility_services - shodan-query: - - http.title:"utility services administration" - - http.html:"avaya aura" - fofa-query: - - body="avaya aura" - - title="utility services administration" - google-query: intitle:"utility services administration" + shodan-query: title:"Utility Services Administration" tags: tech,avaya,aura http: diff --git a/http/technologies/vbulletin-detect.yaml b/http/technologies/vbulletin-detect.yaml index f5b9abf13ad..7beef8c5c9c 100644 --- a/http/technologies/vbulletin-detect.yaml +++ b/http/technologies/vbulletin-detect.yaml @@ -14,21 +14,8 @@ info: max-request: 1 vendor: vbulletin product: vbulletin - shodan-query: - - http.title:"powered by vbulletin" - - cpe:"cpe:2.3:a:vbulletin:vbulletin" - - http.component:"vbulletin" - - http.html:"powered by vbulletin" - - http.title:"vbulletin" - google-query: - - intext:"powered by vbulletin" - - intitle:"powered by vbulletin" - - intitle:"vbulletin" - fofa-query: - - app="vbulletin" - - body="powered by vbulletin" - - title="powered by vbulletin" - - title="vbulletin" + shodan-query: title:"Powered By vBulletin" + google-query: intext:"Powered By vBulletin" tags: tech,vbulletin http: diff --git a/http/technologies/versa/versa-analytics-server.yaml b/http/technologies/versa/versa-analytics-server.yaml index 1fd84461d3d..c025228deb5 100644 --- a/http/technologies/versa/versa-analytics-server.yaml +++ b/http/technologies/versa/versa-analytics-server.yaml @@ -13,11 +13,8 @@ info: max-request: 1 vendor: versa-networks product: versa_analytics - shodan-query: - - versa-analytics-server - - http.html:"versa networks" - fofa-query: body="versa networks" - tags: tech,versa,analytics,versa-networks + shodan-query: "Versa-Analytics-Server" + tags: tech,versa,analytics http: - method: GET diff --git a/http/technologies/versa/versa-director-api.yaml b/http/technologies/versa/versa-director-api.yaml index 99d16741822..01de39aee62 100644 --- a/http/technologies/versa/versa-director-api.yaml +++ b/http/technologies/versa/versa-director-api.yaml @@ -14,14 +14,8 @@ info: max-request: 1 vendor: versa-networks product: versa_director - shodan-query: - - http.html:"versa networks" - - http.title:"versa director login" - fofa-query: - - body="versa networks" - - title="versa director login" - google-query: intitle:"versa director login" - tags: api,versa,tech,versa-networks + shodan-query: html:"Versa Networks" + tags: api,versa,tech http: - method: GET diff --git a/http/technologies/versa/versa-networks-detect.yaml b/http/technologies/versa/versa-networks-detect.yaml index c78bfbb3dd6..aac42eccf98 100644 --- a/http/technologies/versa/versa-networks-detect.yaml +++ b/http/technologies/versa/versa-networks-detect.yaml @@ -10,14 +10,11 @@ info: cpe: cpe:2.3:a:versa-networks:versa_analytics:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 8 - vendor: "versa-networks" - product: "versa_analytics" - shodan-query: - - http.html:"versa networks" - - versa-analytics-server - fofa-query: body="versa networks" - tags: tech,versa,versa-networks + max-request: 7 + vendor: versa-networks + product: versa_analytics + shodan-query: html:"Versa Networks" + tags: tech,versa http: - method: GET diff --git a/http/technologies/vivotex-web-console-detect.yaml b/http/technologies/vivotex-web-console-detect.yaml index 0450410276c..7933b5edf2d 100644 --- a/http/technologies/vivotex-web-console-detect.yaml +++ b/http/technologies/vivotex-web-console-detect.yaml @@ -10,14 +10,9 @@ info: max-request: 1 vendor: vivotek product: ip7361 - shodan-query: - - http.title:"vivotek web console" - - cpe:"cpe:2.3:h:vivotek:ip7361" - fofa-query: - - app="vivotek-web-console" - - title="vivotek web console" - google-query: intitle:"vivotek web console" - tags: tech,vivotex,console,vivotek + shodan-query: title:"VIVOTEK Web Console" + fofa-query: app="VIVOTEK-Web-Console" + tags: tech,vivotex,console http: - method: GET diff --git a/http/technologies/vmware/vmware-horizon-version.yaml b/http/technologies/vmware/vmware-horizon-version.yaml index 7409d4b5f5e..d347721f78b 100644 --- a/http/technologies/vmware/vmware-horizon-version.yaml +++ b/http/technologies/vmware/vmware-horizon-version.yaml @@ -11,9 +11,7 @@ info: max-request: 1 vendor: vmware product: horizon_view - shodan-query: http.title:"vmware horizon" - fofa-query: title="vmware horizon" - google-query: intitle:"vmware horizon" + shodan-query: title:"Vmware Horizon" tags: vmware,tech http: diff --git a/http/technologies/wing-ftp-service-detect.yaml b/http/technologies/wing-ftp-service-detect.yaml index 0094abf61b9..0aa949c2e34 100644 --- a/http/technologies/wing-ftp-service-detect.yaml +++ b/http/technologies/wing-ftp-service-detect.yaml @@ -13,9 +13,8 @@ info: max-request: 1 vendor: wftpserver product: wing_ftp_server - shodan-query: wing ftp server - google-query: inurl:"/ftpsync.settings" - tags: tech,ftp,wing,detect,wftpserver + shodan-query: "Wing FTP Server" + tags: tech,ftp,wing,detect http: - method: GET diff --git a/http/technologies/winrm-detect.yaml b/http/technologies/winrm-detect.yaml index 2d00f016658..46470c1224f 100644 --- a/http/technologies/winrm-detect.yaml +++ b/http/technologies/winrm-detect.yaml @@ -7,8 +7,8 @@ info: description: | Detects Windows Remote Management (WinRM) by checking HTTP response headers on ports 5985 (HTTP) and 5986 (HTTPS). metadata: - verified: true max-request: 1 + verified: true shodan-query: product:"WinRM" tags: network,winrm,windows diff --git a/http/technologies/wms-server-detect.yaml b/http/technologies/wms-server-detect.yaml index f0e088dec03..b6cd49495e2 100644 --- a/http/technologies/wms-server-detect.yaml +++ b/http/technologies/wms-server-detect.yaml @@ -11,8 +11,8 @@ info: max-request: 1 vendor: wms_project product: wms - fofa-query: app="wmsserver" - tags: tech,wms,httpserver,wms_project + fofa-query: app="WmsServer" + tags: tech,wms,httpserver http: - method: GET diff --git a/http/technologies/wordpress-detect.yaml b/http/technologies/wordpress-detect.yaml index cb3dca0c9ba..3ef3dfee010 100644 --- a/http/technologies/wordpress-detect.yaml +++ b/http/technologies/wordpress-detect.yaml @@ -12,10 +12,10 @@ info: vendor: wordpress product: wordpress shodan-query: + - http.component:"WordPress" - http.component:"wordpress" - cpe:"cpe:2.3:a:wordpress:wordpress" category: cms - fofa-query: body="oembed" && body="wp-" tags: tech,wordpress,cms,wp http: diff --git a/http/technologies/wordpress/plugins/ad-inserter.yaml b/http/technologies/wordpress/plugins/ad-inserter.yaml index c424ced1fee..3fd2256749a 100644 --- a/http/technologies/wordpress/plugins/ad-inserter.yaml +++ b/http/technologies/wordpress/plugins/ad-inserter.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/ad-inserter/ metadata: - max-request: 1 - plugin_namespace: "ad-inserter" - wpscan: "https://wpscan.com/plugin/ad-inserter" + plugin_namespace: ad-inserter + wpscan: https://wpscan.com/plugin/ad-inserter tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/add-to-any.yaml b/http/technologies/wordpress/plugins/add-to-any.yaml index 238cbd40629..6a0d344b632 100644 --- a/http/technologies/wordpress/plugins/add-to-any.yaml +++ b/http/technologies/wordpress/plugins/add-to-any.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/add-to-any/ metadata: - max-request: 1 - plugin_namespace: "add-to-any" - wpscan: "https://wpscan.com/plugin/add-to-any" + plugin_namespace: add-to-any + wpscan: https://wpscan.com/plugin/add-to-any tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/admin-menu-editor.yaml b/http/technologies/wordpress/plugins/admin-menu-editor.yaml index f414010e945..6fb5080bc80 100644 --- a/http/technologies/wordpress/plugins/admin-menu-editor.yaml +++ b/http/technologies/wordpress/plugins/admin-menu-editor.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/admin-menu-editor/ metadata: - max-request: 1 - plugin_namespace: "admin-menu-editor" - wpscan: "https://wpscan.com/plugin/admin-menu-editor" + plugin_namespace: admin-menu-editor + wpscan: https://wpscan.com/plugin/admin-menu-editor tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/advanced-custom-fields.yaml b/http/technologies/wordpress/plugins/advanced-custom-fields.yaml index 5409c2c0be7..2c8d01def37 100644 --- a/http/technologies/wordpress/plugins/advanced-custom-fields.yaml +++ b/http/technologies/wordpress/plugins/advanced-custom-fields.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/advanced-custom-fields/ metadata: - max-request: 1 - plugin_namespace: "advanced-custom-fields" - wpscan: "https://wpscan.com/plugin/advanced-custom-fields" + plugin_namespace: advanced-custom-fields + wpscan: https://wpscan.com/plugin/advanced-custom-fields tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/akismet.yaml b/http/technologies/wordpress/plugins/akismet.yaml index 81a5889538d..6f253f9f556 100644 --- a/http/technologies/wordpress/plugins/akismet.yaml +++ b/http/technologies/wordpress/plugins/akismet.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/akismet/ metadata: - max-request: 1 plugin_namespace: akismet - wpscan: "https://wpscan.com/plugin/akismet" + wpscan: https://wpscan.com/plugin/akismet tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/all-in-one-seo-pack.yaml b/http/technologies/wordpress/plugins/all-in-one-seo-pack.yaml index 44f2a305d64..fe45de4d042 100644 --- a/http/technologies/wordpress/plugins/all-in-one-seo-pack.yaml +++ b/http/technologies/wordpress/plugins/all-in-one-seo-pack.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/all-in-one-seo-pack/ metadata: - max-request: 1 - plugin_namespace: "all-in-one-seo-pack" - wpscan: "https://wpscan.com/plugin/all-in-one-seo-pack" + plugin_namespace: all-in-one-seo-pack + wpscan: https://wpscan.com/plugin/all-in-one-seo-pack tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/all-in-one-wp-migration.yaml b/http/technologies/wordpress/plugins/all-in-one-wp-migration.yaml index 0e71eebbabc..69e425f4469 100644 --- a/http/technologies/wordpress/plugins/all-in-one-wp-migration.yaml +++ b/http/technologies/wordpress/plugins/all-in-one-wp-migration.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/all-in-one-wp-migration/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/all-in-one-wp-migration" - plugin_namespace: "all-in-one-wp-migration" + plugin_namespace: all-in-one-wp-migration + wpscan: https://wpscan.com/plugin/all-in-one-wp-migration tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/all-in-one-wp-security-and-firewall.yaml b/http/technologies/wordpress/plugins/all-in-one-wp-security-and-firewall.yaml index 9c358ec821b..9c07c65e4e6 100644 --- a/http/technologies/wordpress/plugins/all-in-one-wp-security-and-firewall.yaml +++ b/http/technologies/wordpress/plugins/all-in-one-wp-security-and-firewall.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/all-in-one-wp-security-and-firewall" - plugin_namespace: "all-in-one-wp-security-and-firewall" + plugin_namespace: all-in-one-wp-security-and-firewall + wpscan: https://wpscan.com/plugin/all-in-one-wp-security-and-firewall tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/amp.yaml b/http/technologies/wordpress/plugins/amp.yaml index ee999e804d5..92c8f5656e9 100644 --- a/http/technologies/wordpress/plugins/amp.yaml +++ b/http/technologies/wordpress/plugins/amp.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/amp/ metadata: - max-request: 1 plugin_namespace: amp - wpscan: "https://wpscan.com/plugin/amp" + wpscan: https://wpscan.com/plugin/amp tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/antispam-bee.yaml b/http/technologies/wordpress/plugins/antispam-bee.yaml index a5b9d73bcac..70975a19a1f 100644 --- a/http/technologies/wordpress/plugins/antispam-bee.yaml +++ b/http/technologies/wordpress/plugins/antispam-bee.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/antispam-bee/ metadata: - max-request: 1 - plugin_namespace: "antispam-bee" - wpscan: "https://wpscan.com/plugin/antispam-bee" + plugin_namespace: antispam-bee + wpscan: https://wpscan.com/plugin/antispam-bee tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/aryo-activity-log.yaml b/http/technologies/wordpress/plugins/aryo-activity-log.yaml index cd480564c8c..47887cbdf44 100644 --- a/http/technologies/wordpress/plugins/aryo-activity-log.yaml +++ b/http/technologies/wordpress/plugins/aryo-activity-log.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/aryo-activity-log/ metadata: - max-request: 1 - plugin_namespace: "aryo-activity-log" - wpscan: "https://wpscan.com/plugin/aryo-activity-log" + plugin_namespace: aryo-activity-log + wpscan: https://wpscan.com/plugin/aryo-activity-log tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/astra-sites.yaml b/http/technologies/wordpress/plugins/astra-sites.yaml index 00695abf287..560eea23e09 100644 --- a/http/technologies/wordpress/plugins/astra-sites.yaml +++ b/http/technologies/wordpress/plugins/astra-sites.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/astra-sites/ metadata: - max-request: 1 - plugin_namespace: "astra-sites" - wpscan: "https://wpscan.com/plugin/astra-sites" + plugin_namespace: astra-sites + wpscan: https://wpscan.com/plugin/astra-sites tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/autoptimize.yaml b/http/technologies/wordpress/plugins/autoptimize.yaml index 73db07f3ea4..18f2a2ae84c 100644 --- a/http/technologies/wordpress/plugins/autoptimize.yaml +++ b/http/technologies/wordpress/plugins/autoptimize.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/autoptimize/ metadata: - max-request: 1 plugin_namespace: autoptimize - wpscan: "https://wpscan.com/plugin/autoptimize" + wpscan: https://wpscan.com/plugin/autoptimize tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/backuply.yaml b/http/technologies/wordpress/plugins/backuply.yaml index 881a0234fe8..357df49bff3 100644 --- a/http/technologies/wordpress/plugins/backuply.yaml +++ b/http/technologies/wordpress/plugins/backuply.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/backuply/ metadata: - max-request: 1 plugin_namespace: backuply - wpscan: "https://wpscan.com/plugin/backuply" + wpscan: https://wpscan.com/plugin/backuply tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/backwpup.yaml b/http/technologies/wordpress/plugins/backwpup.yaml index c3978cef90f..11cb41fb2ce 100644 --- a/http/technologies/wordpress/plugins/backwpup.yaml +++ b/http/technologies/wordpress/plugins/backwpup.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/backwpup/ metadata: - max-request: 1 plugin_namespace: backwpup - wpscan: "https://wpscan.com/plugin/backwpup" + wpscan: https://wpscan.com/plugin/backwpup tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/better-search-replace.yaml b/http/technologies/wordpress/plugins/better-search-replace.yaml index 490470fa225..df3c5f3a944 100644 --- a/http/technologies/wordpress/plugins/better-search-replace.yaml +++ b/http/technologies/wordpress/plugins/better-search-replace.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/better-search-replace/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/better-search-replace" - plugin_namespace: "better-search-replace" + plugin_namespace: better-search-replace + wpscan: https://wpscan.com/plugin/better-search-replace tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/better-wp-security.yaml b/http/technologies/wordpress/plugins/better-wp-security.yaml index 34b8dfa508c..6a50e049dca 100644 --- a/http/technologies/wordpress/plugins/better-wp-security.yaml +++ b/http/technologies/wordpress/plugins/better-wp-security.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/better-wp-security/ metadata: - max-request: 1 - plugin_namespace: "better-wp-security" - wpscan: "https://wpscan.com/plugin/better-wp-security" + plugin_namespace: better-wp-security + wpscan: https://wpscan.com/plugin/better-wp-security tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/black-studio-tinymce-widget.yaml b/http/technologies/wordpress/plugins/black-studio-tinymce-widget.yaml index 8eaecc56929..bb7f9068752 100644 --- a/http/technologies/wordpress/plugins/black-studio-tinymce-widget.yaml +++ b/http/technologies/wordpress/plugins/black-studio-tinymce-widget.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/black-studio-tinymce-widget/ metadata: - max-request: 1 - plugin_namespace: "black-studio-tinymce-widget" - wpscan: "https://wpscan.com/plugin/black-studio-tinymce-widget" + plugin_namespace: black-studio-tinymce-widget + wpscan: https://wpscan.com/plugin/black-studio-tinymce-widget tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/breadcrumb-navxt.yaml b/http/technologies/wordpress/plugins/breadcrumb-navxt.yaml index c93804f2d94..4c6e616c1d6 100644 --- a/http/technologies/wordpress/plugins/breadcrumb-navxt.yaml +++ b/http/technologies/wordpress/plugins/breadcrumb-navxt.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/breadcrumb-navxt/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/breadcrumb-navxt" - plugin_namespace: "breadcrumb-navxt" + plugin_namespace: breadcrumb-navxt + wpscan: https://wpscan.com/plugin/breadcrumb-navxt tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/breeze.yaml b/http/technologies/wordpress/plugins/breeze.yaml index 559811dd36b..a70a58690c3 100644 --- a/http/technologies/wordpress/plugins/breeze.yaml +++ b/http/technologies/wordpress/plugins/breeze.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/breeze/ metadata: - max-request: 1 plugin_namespace: breeze - wpscan: "https://wpscan.com/plugin/breeze" + wpscan: https://wpscan.com/plugin/breeze tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/broken-link-checker.yaml b/http/technologies/wordpress/plugins/broken-link-checker.yaml index 2aca924fdc0..f8691caf0af 100644 --- a/http/technologies/wordpress/plugins/broken-link-checker.yaml +++ b/http/technologies/wordpress/plugins/broken-link-checker.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/broken-link-checker/ metadata: - max-request: 1 - plugin_namespace: "broken-link-checker" - wpscan: "https://wpscan.com/plugin/broken-link-checker" + plugin_namespace: broken-link-checker + wpscan: https://wpscan.com/plugin/broken-link-checker tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/burst-statistics.yaml b/http/technologies/wordpress/plugins/burst-statistics.yaml index 0706c384fe0..055268ad8fc 100644 --- a/http/technologies/wordpress/plugins/burst-statistics.yaml +++ b/http/technologies/wordpress/plugins/burst-statistics.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/burst-statistics/ metadata: - max-request: 1 - plugin_namespace: "burst-statistics" - wpscan: "https://wpscan.com/plugin/burst-statistics" + plugin_namespace: burst-statistics + wpscan: https://wpscan.com/plugin/burst-statistics tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/chaty.yaml b/http/technologies/wordpress/plugins/chaty.yaml index 8594dfaf7cc..0c728bacfba 100644 --- a/http/technologies/wordpress/plugins/chaty.yaml +++ b/http/technologies/wordpress/plugins/chaty.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/chaty/ metadata: - max-request: 1 plugin_namespace: chaty - wpscan: "https://wpscan.com/plugin/chaty" + wpscan: https://wpscan.com/plugin/chaty tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/child-theme-configurator.yaml b/http/technologies/wordpress/plugins/child-theme-configurator.yaml index 1fde7c0312c..b1d8479d139 100644 --- a/http/technologies/wordpress/plugins/child-theme-configurator.yaml +++ b/http/technologies/wordpress/plugins/child-theme-configurator.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/child-theme-configurator/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/child-theme-configurator" - plugin_namespace: "child-theme-configurator" + plugin_namespace: child-theme-configurator + wpscan: https://wpscan.com/plugin/child-theme-configurator tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/classic-editor.yaml b/http/technologies/wordpress/plugins/classic-editor.yaml index bb42fabf319..04e090313f6 100644 --- a/http/technologies/wordpress/plugins/classic-editor.yaml +++ b/http/technologies/wordpress/plugins/classic-editor.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/classic-editor/ metadata: - max-request: 1 - plugin_namespace: "classic-editor" - wpscan: "https://wpscan.com/plugin/classic-editor" + plugin_namespace: classic-editor + wpscan: https://wpscan.com/plugin/classic-editor tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/classic-widgets.yaml b/http/technologies/wordpress/plugins/classic-widgets.yaml index 844e19146a4..57e618924be 100644 --- a/http/technologies/wordpress/plugins/classic-widgets.yaml +++ b/http/technologies/wordpress/plugins/classic-widgets.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/classic-widgets/ metadata: - max-request: 1 - plugin_namespace: "classic-widgets" - wpscan: "https://wpscan.com/plugin/classic-widgets" + plugin_namespace: classic-widgets + wpscan: https://wpscan.com/plugin/classic-widgets tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/click-to-chat-for-whatsapp.yaml b/http/technologies/wordpress/plugins/click-to-chat-for-whatsapp.yaml index 7e6dc9d9c45..571b3b20a39 100644 --- a/http/technologies/wordpress/plugins/click-to-chat-for-whatsapp.yaml +++ b/http/technologies/wordpress/plugins/click-to-chat-for-whatsapp.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/click-to-chat-for-whatsapp/ metadata: - max-request: 1 - plugin_namespace: "click-to-chat-for-whatsapp" - wpscan: "https://wpscan.com/plugin/click-to-chat-for-whatsapp" + plugin_namespace: click-to-chat-for-whatsapp + wpscan: https://wpscan.com/plugin/click-to-chat-for-whatsapp tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/cmb2.yaml b/http/technologies/wordpress/plugins/cmb2.yaml index a595c648f8c..4d562316b4a 100644 --- a/http/technologies/wordpress/plugins/cmb2.yaml +++ b/http/technologies/wordpress/plugins/cmb2.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/cmb2/ metadata: - max-request: 1 plugin_namespace: cmb2 - wpscan: "https://wpscan.com/plugin/cmb2" + wpscan: https://wpscan.com/plugin/cmb2 tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/coblocks.yaml b/http/technologies/wordpress/plugins/coblocks.yaml index b540287b4d6..dcea952545d 100644 --- a/http/technologies/wordpress/plugins/coblocks.yaml +++ b/http/technologies/wordpress/plugins/coblocks.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/coblocks/ metadata: - max-request: 1 plugin_namespace: coblocks - wpscan: "https://wpscan.com/plugin/coblocks" + wpscan: https://wpscan.com/plugin/coblocks tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/code-snippets.yaml b/http/technologies/wordpress/plugins/code-snippets.yaml index ccb678864c9..0ae2f181225 100644 --- a/http/technologies/wordpress/plugins/code-snippets.yaml +++ b/http/technologies/wordpress/plugins/code-snippets.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/code-snippets/ metadata: - max-request: 1 - plugin_namespace: "code-snippets" - wpscan: "https://wpscan.com/plugin/code-snippets" + plugin_namespace: code-snippets + wpscan: https://wpscan.com/plugin/code-snippets tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/coming-soon.yaml b/http/technologies/wordpress/plugins/coming-soon.yaml index 8f2d5fa6892..12f549d5369 100644 --- a/http/technologies/wordpress/plugins/coming-soon.yaml +++ b/http/technologies/wordpress/plugins/coming-soon.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/coming-soon/ metadata: - max-request: 1 - plugin_namespace: "coming-soon" - wpscan: "https://wpscan.com/plugin/coming-soon" + plugin_namespace: coming-soon + wpscan: https://wpscan.com/plugin/coming-soon tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/complianz-gdpr.yaml b/http/technologies/wordpress/plugins/complianz-gdpr.yaml index 181e94e65a3..d8ea6a72f1d 100644 --- a/http/technologies/wordpress/plugins/complianz-gdpr.yaml +++ b/http/technologies/wordpress/plugins/complianz-gdpr.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/complianz-gdpr/ metadata: - max-request: 1 - plugin_namespace: "complianz-gdpr" - wpscan: "https://wpscan.com/plugin/complianz-gdpr" + plugin_namespace: complianz-gdpr + wpscan: https://wpscan.com/plugin/complianz-gdpr tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/contact-form-7-honeypot.yaml b/http/technologies/wordpress/plugins/contact-form-7-honeypot.yaml index e2c6dc549b9..e13909fff38 100644 --- a/http/technologies/wordpress/plugins/contact-form-7-honeypot.yaml +++ b/http/technologies/wordpress/plugins/contact-form-7-honeypot.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/contact-form-7-honeypot/ metadata: - max-request: 1 - plugin_namespace: "contact-form-7-honeypot" - wpscan: "https://wpscan.com/plugin/contact-form-7-honeypot" + plugin_namespace: contact-form-7-honeypot + wpscan: https://wpscan.com/plugin/contact-form-7-honeypot tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/contact-form-7.yaml b/http/technologies/wordpress/plugins/contact-form-7.yaml index 3feb2f8fb5f..88fea67f934 100644 --- a/http/technologies/wordpress/plugins/contact-form-7.yaml +++ b/http/technologies/wordpress/plugins/contact-form-7.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/contact-form-7/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/contact-form-7" - plugin_namespace: "contact-form-7" + plugin_namespace: contact-form-7 + wpscan: https://wpscan.com/plugin/contact-form-7 tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/contact-form-cfdb7.yaml b/http/technologies/wordpress/plugins/contact-form-cfdb7.yaml index ec944820ec7..d205cdbf361 100644 --- a/http/technologies/wordpress/plugins/contact-form-cfdb7.yaml +++ b/http/technologies/wordpress/plugins/contact-form-cfdb7.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/contact-form-cfdb7/ metadata: - max-request: 1 - plugin_namespace: "contact-form-cfdb7" - wpscan: "https://wpscan.com/plugin/contact-form-cfdb7" + plugin_namespace: contact-form-cfdb7 + wpscan: https://wpscan.com/plugin/contact-form-cfdb7 tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/cookie-law-info.yaml b/http/technologies/wordpress/plugins/cookie-law-info.yaml index cf5dcb0060e..3fa20df7d26 100644 --- a/http/technologies/wordpress/plugins/cookie-law-info.yaml +++ b/http/technologies/wordpress/plugins/cookie-law-info.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/cookie-law-info/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/cookie-law-info" - plugin_namespace: "cookie-law-info" + plugin_namespace: cookie-law-info + wpscan: https://wpscan.com/plugin/cookie-law-info tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/cookie-notice.yaml b/http/technologies/wordpress/plugins/cookie-notice.yaml index b41b7176a20..bcd63ced86e 100644 --- a/http/technologies/wordpress/plugins/cookie-notice.yaml +++ b/http/technologies/wordpress/plugins/cookie-notice.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/cookie-notice/ metadata: - max-request: 1 - plugin_namespace: "cookie-notice" - wpscan: "https://wpscan.com/plugin/cookie-notice" + plugin_namespace: cookie-notice + wpscan: https://wpscan.com/plugin/cookie-notice tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/copy-delete-posts.yaml b/http/technologies/wordpress/plugins/copy-delete-posts.yaml index b0833dc9235..bca0326f2b6 100644 --- a/http/technologies/wordpress/plugins/copy-delete-posts.yaml +++ b/http/technologies/wordpress/plugins/copy-delete-posts.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/copy-delete-posts/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/copy-delete-posts" - plugin_namespace: "copy-delete-posts" + plugin_namespace: copy-delete-posts + wpscan: https://wpscan.com/plugin/copy-delete-posts tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/creame-whatsapp-me.yaml b/http/technologies/wordpress/plugins/creame-whatsapp-me.yaml index cf8902eacec..854328f04b0 100644 --- a/http/technologies/wordpress/plugins/creame-whatsapp-me.yaml +++ b/http/technologies/wordpress/plugins/creame-whatsapp-me.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/creame-whatsapp-me/ metadata: - max-request: 1 - plugin_namespace: "creame-whatsapp-me" - wpscan: "https://wpscan.com/plugin/creame-whatsapp-me" + plugin_namespace: creame-whatsapp-me + wpscan: https://wpscan.com/plugin/creame-whatsapp-me tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/creative-mail-by-constant-contact.yaml b/http/technologies/wordpress/plugins/creative-mail-by-constant-contact.yaml index 31d52a9c6e1..6d3f7f4566f 100644 --- a/http/technologies/wordpress/plugins/creative-mail-by-constant-contact.yaml +++ b/http/technologies/wordpress/plugins/creative-mail-by-constant-contact.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/creative-mail-by-constant-contact/ metadata: - max-request: 1 - plugin_namespace: "creative-mail-by-constant-contact" - wpscan: "https://wpscan.com/plugin/creative-mail-by-constant-contact" + plugin_namespace: creative-mail-by-constant-contact + wpscan: https://wpscan.com/plugin/creative-mail-by-constant-contact tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/custom-css-js.yaml b/http/technologies/wordpress/plugins/custom-css-js.yaml index 62c6001e47e..dafbd25c9e1 100644 --- a/http/technologies/wordpress/plugins/custom-css-js.yaml +++ b/http/technologies/wordpress/plugins/custom-css-js.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/custom-css-js/ metadata: - max-request: 1 - plugin_namespace: "custom-css-js" - wpscan: "https://wpscan.com/plugin/custom-css-js" + plugin_namespace: custom-css-js + wpscan: https://wpscan.com/plugin/custom-css-js tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/custom-fonts.yaml b/http/technologies/wordpress/plugins/custom-fonts.yaml index e06fdc595c7..f10480fc8f2 100644 --- a/http/technologies/wordpress/plugins/custom-fonts.yaml +++ b/http/technologies/wordpress/plugins/custom-fonts.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/custom-fonts/ metadata: - max-request: 1 - plugin_namespace: "custom-fonts" - wpscan: "https://wpscan.com/plugin/custom-fonts" + plugin_namespace: custom-fonts + wpscan: https://wpscan.com/plugin/custom-fonts tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/custom-post-type-ui.yaml b/http/technologies/wordpress/plugins/custom-post-type-ui.yaml index 34fdd8254db..6c920917673 100644 --- a/http/technologies/wordpress/plugins/custom-post-type-ui.yaml +++ b/http/technologies/wordpress/plugins/custom-post-type-ui.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/custom-post-type-ui/ metadata: - max-request: 1 - plugin_namespace: "custom-post-type-ui" - wpscan: "https://wpscan.com/plugin/custom-post-type-ui" + plugin_namespace: custom-post-type-ui + wpscan: https://wpscan.com/plugin/custom-post-type-ui tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/disable-comments.yaml b/http/technologies/wordpress/plugins/disable-comments.yaml index b3ec51d1098..b25c6c9a9ce 100644 --- a/http/technologies/wordpress/plugins/disable-comments.yaml +++ b/http/technologies/wordpress/plugins/disable-comments.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/disable-comments/ metadata: - max-request: 1 - plugin_namespace: "disable-comments" - wpscan: "https://wpscan.com/plugin/disable-comments" + plugin_namespace: disable-comments + wpscan: https://wpscan.com/plugin/disable-comments tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/disable-gutenberg.yaml b/http/technologies/wordpress/plugins/disable-gutenberg.yaml index 20123378131..39abe96dbcb 100644 --- a/http/technologies/wordpress/plugins/disable-gutenberg.yaml +++ b/http/technologies/wordpress/plugins/disable-gutenberg.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/disable-gutenberg/ metadata: - max-request: 1 - plugin_namespace: "disable-gutenberg" - wpscan: "https://wpscan.com/plugin/disable-gutenberg" + plugin_namespace: disable-gutenberg + wpscan: https://wpscan.com/plugin/disable-gutenberg tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/duplicate-page.yaml b/http/technologies/wordpress/plugins/duplicate-page.yaml index 77a91fa81ef..92c8ce34093 100644 --- a/http/technologies/wordpress/plugins/duplicate-page.yaml +++ b/http/technologies/wordpress/plugins/duplicate-page.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/duplicate-page/ metadata: - max-request: 1 - plugin_namespace: "duplicate-page" - wpscan: "https://wpscan.com/plugin/duplicate-page" + plugin_namespace: duplicate-page + wpscan: https://wpscan.com/plugin/duplicate-page tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/duplicate-post.yaml b/http/technologies/wordpress/plugins/duplicate-post.yaml index 6087fee2b48..eea42ed8dad 100644 --- a/http/technologies/wordpress/plugins/duplicate-post.yaml +++ b/http/technologies/wordpress/plugins/duplicate-post.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/duplicate-post/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/duplicate-post" - plugin_namespace: "duplicate-post" + plugin_namespace: duplicate-post + wpscan: https://wpscan.com/plugin/duplicate-post tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/duplicator.yaml b/http/technologies/wordpress/plugins/duplicator.yaml index 28f8b622bae..4bf67dce740 100644 --- a/http/technologies/wordpress/plugins/duplicator.yaml +++ b/http/technologies/wordpress/plugins/duplicator.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/duplicator/ metadata: - max-request: 1 plugin_namespace: duplicator - wpscan: "https://wpscan.com/plugin/duplicator" + wpscan: https://wpscan.com/plugin/duplicator tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/duracelltomi-google-tag-manager.yaml b/http/technologies/wordpress/plugins/duracelltomi-google-tag-manager.yaml index ab9ddcc44a0..45bbbc71df5 100644 --- a/http/technologies/wordpress/plugins/duracelltomi-google-tag-manager.yaml +++ b/http/technologies/wordpress/plugins/duracelltomi-google-tag-manager.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/duracelltomi-google-tag-manager/ metadata: - max-request: 1 - plugin_namespace: "duracelltomi-google-tag-manager" - wpscan: "https://wpscan.com/plugin/duracelltomi-google-tag-manager" + plugin_namespace: duracelltomi-google-tag-manager + wpscan: https://wpscan.com/plugin/duracelltomi-google-tag-manager tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/easy-table-of-contents.yaml b/http/technologies/wordpress/plugins/easy-table-of-contents.yaml index 6c6d8282e49..03befac73ed 100644 --- a/http/technologies/wordpress/plugins/easy-table-of-contents.yaml +++ b/http/technologies/wordpress/plugins/easy-table-of-contents.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/easy-table-of-contents/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/easy-table-of-contents" - plugin_namespace: "easy-table-of-contents" + plugin_namespace: easy-table-of-contents + wpscan: https://wpscan.com/plugin/easy-table-of-contents tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/easy-wp-smtp.yaml b/http/technologies/wordpress/plugins/easy-wp-smtp.yaml index ea7979206a4..fe4c223cbab 100644 --- a/http/technologies/wordpress/plugins/easy-wp-smtp.yaml +++ b/http/technologies/wordpress/plugins/easy-wp-smtp.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/easy-wp-smtp/ metadata: - max-request: 1 - plugin_namespace: "easy-wp-smtp" - wpscan: "https://wpscan.com/plugin/easy-wp-smtp" + plugin_namespace: easy-wp-smtp + wpscan: https://wpscan.com/plugin/easy-wp-smtp tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/elementor.yaml b/http/technologies/wordpress/plugins/elementor.yaml index 04abd93ee55..93016c5c484 100644 --- a/http/technologies/wordpress/plugins/elementor.yaml +++ b/http/technologies/wordpress/plugins/elementor.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/elementor/ metadata: - max-request: 1 plugin_namespace: elementor - wpscan: "https://wpscan.com/plugin/elementor" + wpscan: https://wpscan.com/plugin/elementor tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/elementskit-lite.yaml b/http/technologies/wordpress/plugins/elementskit-lite.yaml index 579f9d72101..67a8ade8800 100644 --- a/http/technologies/wordpress/plugins/elementskit-lite.yaml +++ b/http/technologies/wordpress/plugins/elementskit-lite.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/elementskit-lite/ metadata: - max-request: 1 - plugin_namespace: "elementskit-lite" - wpscan: "https://wpscan.com/plugin/elementskit-lite" + plugin_namespace: elementskit-lite + wpscan: https://wpscan.com/plugin/elementskit-lite tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/enable-media-replace.yaml b/http/technologies/wordpress/plugins/enable-media-replace.yaml index b527edb72fb..540fbaf9ace 100644 --- a/http/technologies/wordpress/plugins/enable-media-replace.yaml +++ b/http/technologies/wordpress/plugins/enable-media-replace.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/enable-media-replace/ metadata: - max-request: 1 - plugin_namespace: "enable-media-replace" - wpscan: "https://wpscan.com/plugin/enable-media-replace" + plugin_namespace: enable-media-replace + wpscan: https://wpscan.com/plugin/enable-media-replace tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/envato-elements.yaml b/http/technologies/wordpress/plugins/envato-elements.yaml index ea018586885..7e71b4736fd 100644 --- a/http/technologies/wordpress/plugins/envato-elements.yaml +++ b/http/technologies/wordpress/plugins/envato-elements.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/envato-elements/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/envato-elements" - plugin_namespace: "envato-elements" + plugin_namespace: envato-elements + wpscan: https://wpscan.com/plugin/envato-elements tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/essential-addons-for-elementor-lite.yaml b/http/technologies/wordpress/plugins/essential-addons-for-elementor-lite.yaml index cbb50351d0b..a05d2ecd675 100644 --- a/http/technologies/wordpress/plugins/essential-addons-for-elementor-lite.yaml +++ b/http/technologies/wordpress/plugins/essential-addons-for-elementor-lite.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/essential-addons-for-elementor-lite/ metadata: - max-request: 1 - plugin_namespace: "essential-addons-for-elementor-lite" - wpscan: "https://wpscan.com/plugin/essential-addons-for-elementor-lite" + plugin_namespace: essential-addons-for-elementor-lite + wpscan: https://wpscan.com/plugin/essential-addons-for-elementor-lite tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/ewww-image-optimizer.yaml b/http/technologies/wordpress/plugins/ewww-image-optimizer.yaml index 427e413b56c..fc498e67e6d 100644 --- a/http/technologies/wordpress/plugins/ewww-image-optimizer.yaml +++ b/http/technologies/wordpress/plugins/ewww-image-optimizer.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/ewww-image-optimizer/ metadata: - max-request: 1 - plugin_namespace: "ewww-image-optimizer" - wpscan: "https://wpscan.com/plugin/ewww-image-optimizer" + plugin_namespace: ewww-image-optimizer + wpscan: https://wpscan.com/plugin/ewww-image-optimizer tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/extendify.yaml b/http/technologies/wordpress/plugins/extendify.yaml index c5705bdb75c..554a7ddc52a 100644 --- a/http/technologies/wordpress/plugins/extendify.yaml +++ b/http/technologies/wordpress/plugins/extendify.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/extendify/ metadata: - max-request: 1 plugin_namespace: extendify - wpscan: "https://wpscan.com/plugin/extendify" + wpscan: https://wpscan.com/plugin/extendify tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/facebook-for-woocommerce.yaml b/http/technologies/wordpress/plugins/facebook-for-woocommerce.yaml index d1491c66c70..465aa93d578 100644 --- a/http/technologies/wordpress/plugins/facebook-for-woocommerce.yaml +++ b/http/technologies/wordpress/plugins/facebook-for-woocommerce.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/facebook-for-woocommerce/ metadata: - max-request: 1 - plugin_namespace: "facebook-for-woocommerce" - wpscan: "https://wpscan.com/plugin/facebook-for-woocommerce" + plugin_namespace: facebook-for-woocommerce + wpscan: https://wpscan.com/plugin/facebook-for-woocommerce tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/fast-indexing-api.yaml b/http/technologies/wordpress/plugins/fast-indexing-api.yaml index 7fd75753fab..2a1b0e57a90 100644 --- a/http/technologies/wordpress/plugins/fast-indexing-api.yaml +++ b/http/technologies/wordpress/plugins/fast-indexing-api.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/fast-indexing-api/ metadata: - max-request: 1 - plugin_namespace: "fast-indexing-api" - wpscan: "https://wpscan.com/plugin/fast-indexing-api" + plugin_namespace: fast-indexing-api + wpscan: https://wpscan.com/plugin/fast-indexing-api tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/favicon-by-realfavicongenerator.yaml b/http/technologies/wordpress/plugins/favicon-by-realfavicongenerator.yaml index 54ad634e420..f7840fb5a73 100644 --- a/http/technologies/wordpress/plugins/favicon-by-realfavicongenerator.yaml +++ b/http/technologies/wordpress/plugins/favicon-by-realfavicongenerator.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/favicon-by-realfavicongenerator/ metadata: - max-request: 1 - plugin_namespace: "favicon-by-realfavicongenerator" - wpscan: "https://wpscan.com/plugin/favicon-by-realfavicongenerator" + plugin_namespace: favicon-by-realfavicongenerator + wpscan: https://wpscan.com/plugin/favicon-by-realfavicongenerator tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/flamingo.yaml b/http/technologies/wordpress/plugins/flamingo.yaml index 6e1dc3f4fcc..033cc4bc3d2 100644 --- a/http/technologies/wordpress/plugins/flamingo.yaml +++ b/http/technologies/wordpress/plugins/flamingo.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/flamingo/ metadata: - max-request: 1 plugin_namespace: flamingo - wpscan: "https://wpscan.com/plugin/flamingo" + wpscan: https://wpscan.com/plugin/flamingo tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/flexmls-detect.yaml b/http/technologies/wordpress/plugins/flexmls-detect.yaml index ad938ceaddc..e1387be715f 100644 --- a/http/technologies/wordpress/plugins/flexmls-detect.yaml +++ b/http/technologies/wordpress/plugins/flexmls-detect.yaml @@ -1,15 +1,15 @@ id: flexmls-idx-detect -info: - name: Flexmls IDX - Detect - author: rxerium,sorrowx3 - severity: info - metadata: - verified: true - max-request: 1 - shodan-query: html:"/wp-content/plugins/flexmls-idx" - tags: tech,detect,flexmls,idx - +info: + name: Flexmls IDX - Detect + author: rxerium,sorrowx3 + severity: info + metadata: + verified: true + max-request: 1 + shodan-query: html:"/wp-content/plugins/flexmls-idx" + tags: tech,detect,flexmls,idx + http: - method: GET path: diff --git a/http/technologies/wordpress/plugins/fluent-smtp.yaml b/http/technologies/wordpress/plugins/fluent-smtp.yaml index 9a96cb83b39..4a3dcbd2104 100644 --- a/http/technologies/wordpress/plugins/fluent-smtp.yaml +++ b/http/technologies/wordpress/plugins/fluent-smtp.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/fluent-smtp/ metadata: - max-request: 1 - plugin_namespace: "fluent-smtp" - wpscan: "https://wpscan.com/plugin/fluent-smtp" + plugin_namespace: fluent-smtp + wpscan: https://wpscan.com/plugin/fluent-smtp tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/fluentform.yaml b/http/technologies/wordpress/plugins/fluentform.yaml index 0941138b32c..2ec71f159dc 100644 --- a/http/technologies/wordpress/plugins/fluentform.yaml +++ b/http/technologies/wordpress/plugins/fluentform.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/fluentform/ metadata: - max-request: 1 plugin_namespace: fluentform - wpscan: "https://wpscan.com/plugin/fluentform" + wpscan: https://wpscan.com/plugin/fluentform tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/font-awesome.yaml b/http/technologies/wordpress/plugins/font-awesome.yaml index 94a025ae892..2072b51ab9c 100644 --- a/http/technologies/wordpress/plugins/font-awesome.yaml +++ b/http/technologies/wordpress/plugins/font-awesome.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/font-awesome/ metadata: - max-request: 1 - plugin_namespace: "font-awesome" - wpscan: "https://wpscan.com/plugin/font-awesome" + plugin_namespace: font-awesome + wpscan: https://wpscan.com/plugin/font-awesome tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/force-regenerate-thumbnails.yaml b/http/technologies/wordpress/plugins/force-regenerate-thumbnails.yaml index 5a3c2396809..b509d8cc670 100644 --- a/http/technologies/wordpress/plugins/force-regenerate-thumbnails.yaml +++ b/http/technologies/wordpress/plugins/force-regenerate-thumbnails.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/force-regenerate-thumbnails/ metadata: - max-request: 1 - plugin_namespace: "force-regenerate-thumbnails" - wpscan: "https://wpscan.com/plugin/force-regenerate-thumbnails" + plugin_namespace: force-regenerate-thumbnails + wpscan: https://wpscan.com/plugin/force-regenerate-thumbnails tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/formidable.yaml b/http/technologies/wordpress/plugins/formidable.yaml index 9a03fdbb756..c984479bde5 100644 --- a/http/technologies/wordpress/plugins/formidable.yaml +++ b/http/technologies/wordpress/plugins/formidable.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/formidable/ metadata: - max-request: 1 plugin_namespace: formidable - wpscan: "https://wpscan.com/plugin/formidable" + wpscan: https://wpscan.com/plugin/formidable tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/forminator.yaml b/http/technologies/wordpress/plugins/forminator.yaml index 2e5a4cf6d75..ce5dc03713e 100644 --- a/http/technologies/wordpress/plugins/forminator.yaml +++ b/http/technologies/wordpress/plugins/forminator.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/forminator/ metadata: - max-request: 1 plugin_namespace: forminator - wpscan: "https://wpscan.com/plugin/forminator" + wpscan: https://wpscan.com/plugin/forminator tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/ga-google-analytics.yaml b/http/technologies/wordpress/plugins/ga-google-analytics.yaml index 9bafbf6df74..f5f3818ea24 100644 --- a/http/technologies/wordpress/plugins/ga-google-analytics.yaml +++ b/http/technologies/wordpress/plugins/ga-google-analytics.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/ga-google-analytics/ metadata: - max-request: 1 - plugin_namespace: "ga-google-analytics" - wpscan: "https://wpscan.com/plugin/ga-google-analytics" + plugin_namespace: ga-google-analytics + wpscan: https://wpscan.com/plugin/ga-google-analytics tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/gdpr-cookie-compliance.yaml b/http/technologies/wordpress/plugins/gdpr-cookie-compliance.yaml index aa05a8e5379..7e5b54c12c7 100644 --- a/http/technologies/wordpress/plugins/gdpr-cookie-compliance.yaml +++ b/http/technologies/wordpress/plugins/gdpr-cookie-compliance.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/gdpr-cookie-compliance/ metadata: - max-request: 1 - plugin_namespace: "gdpr-cookie-compliance" - wpscan: "https://wpscan.com/plugin/gdpr-cookie-compliance" + plugin_namespace: gdpr-cookie-compliance + wpscan: https://wpscan.com/plugin/gdpr-cookie-compliance tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/give.yaml b/http/technologies/wordpress/plugins/give.yaml index e421ec5cf1a..49f8e474361 100644 --- a/http/technologies/wordpress/plugins/give.yaml +++ b/http/technologies/wordpress/plugins/give.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/give/ metadata: - max-request: 1 plugin_namespace: give - wpscan: "https://wpscan.com/plugin/give" + wpscan: https://wpscan.com/plugin/give tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/google-analytics-dashboard-for-wp.yaml b/http/technologies/wordpress/plugins/google-analytics-dashboard-for-wp.yaml index c57bb29ef0f..59effd09f64 100644 --- a/http/technologies/wordpress/plugins/google-analytics-dashboard-for-wp.yaml +++ b/http/technologies/wordpress/plugins/google-analytics-dashboard-for-wp.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/google-analytics-dashboard-for-wp/ metadata: - max-request: 1 - plugin_namespace: "google-analytics-dashboard-for-wp" - wpscan: "https://wpscan.com/plugin/google-analytics-dashboard-for-wp" + plugin_namespace: google-analytics-dashboard-for-wp + wpscan: https://wpscan.com/plugin/google-analytics-dashboard-for-wp tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/google-analytics-for-wordpress.yaml b/http/technologies/wordpress/plugins/google-analytics-for-wordpress.yaml index cb407d684c5..833207dcff4 100644 --- a/http/technologies/wordpress/plugins/google-analytics-for-wordpress.yaml +++ b/http/technologies/wordpress/plugins/google-analytics-for-wordpress.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/google-analytics-for-wordpress/ metadata: - max-request: 1 - plugin_namespace: "google-analytics-for-wordpress" - wpscan: "https://wpscan.com/plugin/google-analytics-for-wordpress" + plugin_namespace: google-analytics-for-wordpress + wpscan: https://wpscan.com/plugin/google-analytics-for-wordpress tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/google-listings-and-ads.yaml b/http/technologies/wordpress/plugins/google-listings-and-ads.yaml index 3c023c0a078..45260ccfba1 100644 --- a/http/technologies/wordpress/plugins/google-listings-and-ads.yaml +++ b/http/technologies/wordpress/plugins/google-listings-and-ads.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/google-listings-and-ads/ metadata: - max-request: 1 - plugin_namespace: "google-listings-and-ads" - wpscan: "https://wpscan.com/plugin/google-listings-and-ads" + plugin_namespace: google-listings-and-ads + wpscan: https://wpscan.com/plugin/google-listings-and-ads tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/google-site-kit.yaml b/http/technologies/wordpress/plugins/google-site-kit.yaml index 7f377af1db3..2131dbe751b 100644 --- a/http/technologies/wordpress/plugins/google-site-kit.yaml +++ b/http/technologies/wordpress/plugins/google-site-kit.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/google-site-kit/ metadata: - max-request: 1 - plugin_namespace: "google-site-kit" - wpscan: "https://wpscan.com/plugin/google-site-kit" + plugin_namespace: google-site-kit + wpscan: https://wpscan.com/plugin/google-site-kit tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/google-sitemap-generator.yaml b/http/technologies/wordpress/plugins/google-sitemap-generator.yaml index d7882fda854..73d644c5e47 100644 --- a/http/technologies/wordpress/plugins/google-sitemap-generator.yaml +++ b/http/technologies/wordpress/plugins/google-sitemap-generator.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/google-sitemap-generator/ metadata: - max-request: 1 - plugin_namespace: "google-sitemap-generator" - wpscan: "https://wpscan.com/plugin/google-sitemap-generator" + plugin_namespace: google-sitemap-generator + wpscan: https://wpscan.com/plugin/google-sitemap-generator tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/gtranslate.yaml b/http/technologies/wordpress/plugins/gtranslate.yaml index 40c8c7848ea..64cfced6cf9 100644 --- a/http/technologies/wordpress/plugins/gtranslate.yaml +++ b/http/technologies/wordpress/plugins/gtranslate.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/gtranslate/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/gtranslate" plugin_namespace: gtranslate + wpscan: https://wpscan.com/plugin/gtranslate tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/gutenberg.yaml b/http/technologies/wordpress/plugins/gutenberg.yaml index a901dbcc10d..6f65d087e49 100644 --- a/http/technologies/wordpress/plugins/gutenberg.yaml +++ b/http/technologies/wordpress/plugins/gutenberg.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/gutenberg/ metadata: - max-request: 1 plugin_namespace: gutenberg - wpscan: "https://wpscan.com/plugin/gutenberg" + wpscan: https://wpscan.com/plugin/gutenberg tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/happy-elementor-addons.yaml b/http/technologies/wordpress/plugins/happy-elementor-addons.yaml index f4b53b43108..783cdd283de 100644 --- a/http/technologies/wordpress/plugins/happy-elementor-addons.yaml +++ b/http/technologies/wordpress/plugins/happy-elementor-addons.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/happy-elementor-addons/ metadata: - max-request: 1 - plugin_namespace: "happy-elementor-addons" - wpscan: "https://wpscan.com/plugin/happy-elementor-addons" + plugin_namespace: happy-elementor-addons + wpscan: https://wpscan.com/plugin/happy-elementor-addons tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/header-footer-code-manager.yaml b/http/technologies/wordpress/plugins/header-footer-code-manager.yaml index 5c7ecbeafd2..05121854b3e 100644 --- a/http/technologies/wordpress/plugins/header-footer-code-manager.yaml +++ b/http/technologies/wordpress/plugins/header-footer-code-manager.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/header-footer-code-manager/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/header-footer-code-manager" - plugin_namespace: "header-footer-code-manager" + plugin_namespace: header-footer-code-manager + wpscan: https://wpscan.com/plugin/header-footer-code-manager tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/header-footer-elementor.yaml b/http/technologies/wordpress/plugins/header-footer-elementor.yaml index ae0890455ce..81d33b51393 100644 --- a/http/technologies/wordpress/plugins/header-footer-elementor.yaml +++ b/http/technologies/wordpress/plugins/header-footer-elementor.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/header-footer-elementor/ metadata: - max-request: 1 - plugin_namespace: "header-footer-elementor" - wpscan: "https://wpscan.com/plugin/header-footer-elementor" + plugin_namespace: header-footer-elementor + wpscan: https://wpscan.com/plugin/header-footer-elementor tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/header-footer.yaml b/http/technologies/wordpress/plugins/header-footer.yaml index 0e58ba2fe8e..4cf45ebd74c 100644 --- a/http/technologies/wordpress/plugins/header-footer.yaml +++ b/http/technologies/wordpress/plugins/header-footer.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/header-footer/ metadata: - max-request: 1 - plugin_namespace: "header-footer" - wpscan: "https://wpscan.com/plugin/header-footer" + plugin_namespace: header-footer + wpscan: https://wpscan.com/plugin/header-footer tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/health-check.yaml b/http/technologies/wordpress/plugins/health-check.yaml index 7ffc6b6ff8a..3d6863e074c 100644 --- a/http/technologies/wordpress/plugins/health-check.yaml +++ b/http/technologies/wordpress/plugins/health-check.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/health-check/ metadata: - max-request: 1 - plugin_namespace: "health-check" - wpscan: "https://wpscan.com/plugin/health-check" + plugin_namespace: health-check + wpscan: https://wpscan.com/plugin/health-check tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/hello-dolly.yaml b/http/technologies/wordpress/plugins/hello-dolly.yaml index cc4430f0a46..79e2813c5eb 100644 --- a/http/technologies/wordpress/plugins/hello-dolly.yaml +++ b/http/technologies/wordpress/plugins/hello-dolly.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/hello-dolly/ metadata: - max-request: 1 - plugin_namespace: "hello-dolly" - wpscan: "https://wpscan.com/plugin/hello-dolly" + plugin_namespace: hello-dolly + wpscan: https://wpscan.com/plugin/hello-dolly tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/host-webfonts-local.yaml b/http/technologies/wordpress/plugins/host-webfonts-local.yaml index 9332a51867c..ab9a0f1ae30 100644 --- a/http/technologies/wordpress/plugins/host-webfonts-local.yaml +++ b/http/technologies/wordpress/plugins/host-webfonts-local.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/host-webfonts-local/ metadata: - max-request: 1 - plugin_namespace: "host-webfonts-local" - wpscan: "https://wpscan.com/plugin/host-webfonts-local" + plugin_namespace: host-webfonts-local + wpscan: https://wpscan.com/plugin/host-webfonts-local tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/hostinger.yaml b/http/technologies/wordpress/plugins/hostinger.yaml index 7ee4c2220d4..5d3adf7c27a 100644 --- a/http/technologies/wordpress/plugins/hostinger.yaml +++ b/http/technologies/wordpress/plugins/hostinger.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/hostinger/ metadata: - max-request: 1 plugin_namespace: hostinger - wpscan: "https://wpscan.com/plugin/hostinger" + wpscan: https://wpscan.com/plugin/hostinger tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/image-optimization.yaml b/http/technologies/wordpress/plugins/image-optimization.yaml index 9562787298b..4a68323ae15 100644 --- a/http/technologies/wordpress/plugins/image-optimization.yaml +++ b/http/technologies/wordpress/plugins/image-optimization.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/image-optimization/ metadata: - max-request: 1 - plugin_namespace: "image-optimization" - wpscan: "https://wpscan.com/plugin/image-optimization" + plugin_namespace: image-optimization + wpscan: https://wpscan.com/plugin/image-optimization tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/imagify.yaml b/http/technologies/wordpress/plugins/imagify.yaml index 7639ac6f3d8..294c8f6b761 100644 --- a/http/technologies/wordpress/plugins/imagify.yaml +++ b/http/technologies/wordpress/plugins/imagify.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/imagify/ metadata: - max-request: 1 plugin_namespace: imagify - wpscan: "https://wpscan.com/plugin/imagify" + wpscan: https://wpscan.com/plugin/imagify tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/imsanity.yaml b/http/technologies/wordpress/plugins/imsanity.yaml index e3f89bddf3d..14803090f98 100644 --- a/http/technologies/wordpress/plugins/imsanity.yaml +++ b/http/technologies/wordpress/plugins/imsanity.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/imsanity/ metadata: - max-request: 1 plugin_namespace: imsanity - wpscan: "https://wpscan.com/plugin/imsanity" + wpscan: https://wpscan.com/plugin/imsanity tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/inpost-for-woocommerce.yaml b/http/technologies/wordpress/plugins/inpost-for-woocommerce.yaml index 30c0f651b72..49188a76e9c 100644 --- a/http/technologies/wordpress/plugins/inpost-for-woocommerce.yaml +++ b/http/technologies/wordpress/plugins/inpost-for-woocommerce.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/inpost-for-woocommerce/ metadata: - max-request: 1 - plugin_namespace: "inpost-for-woocommerce" - wpscan: "https://wpscan.com/plugin/inpost-for-woocommerce/" + plugin_namespace: inpost-for-woocommerce + wpscan: https://wpscan.com/plugin/inpost-for-woocommerce/ tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/insert-headers-and-footers.yaml b/http/technologies/wordpress/plugins/insert-headers-and-footers.yaml index f4bcd6ebef4..2ccd4dbce85 100644 --- a/http/technologies/wordpress/plugins/insert-headers-and-footers.yaml +++ b/http/technologies/wordpress/plugins/insert-headers-and-footers.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/insert-headers-and-footers/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/insert-headers-and-footers" - plugin_namespace: "insert-headers-and-footers" + plugin_namespace: insert-headers-and-footers + wpscan: https://wpscan.com/plugin/insert-headers-and-footers tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/instagram-feed.yaml b/http/technologies/wordpress/plugins/instagram-feed.yaml index ca4101f4029..02ceb224d1c 100644 --- a/http/technologies/wordpress/plugins/instagram-feed.yaml +++ b/http/technologies/wordpress/plugins/instagram-feed.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/instagram-feed/ metadata: - max-request: 1 - plugin_namespace: "instagram-feed" - wpscan: "https://wpscan.com/plugin/instagram-feed" + plugin_namespace: instagram-feed + wpscan: https://wpscan.com/plugin/instagram-feed tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/intuitive-custom-post-order.yaml b/http/technologies/wordpress/plugins/intuitive-custom-post-order.yaml index 6af56bcbc15..367d587ce2b 100644 --- a/http/technologies/wordpress/plugins/intuitive-custom-post-order.yaml +++ b/http/technologies/wordpress/plugins/intuitive-custom-post-order.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/intuitive-custom-post-order/ metadata: - max-request: 1 - plugin_namespace: "intuitive-custom-post-order" - wpscan: "https://wpscan.com/plugin/intuitive-custom-post-order" + plugin_namespace: intuitive-custom-post-order + wpscan: https://wpscan.com/plugin/intuitive-custom-post-order tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/iwp-client.yaml b/http/technologies/wordpress/plugins/iwp-client.yaml index 89dfb8016c6..e01d0a2ff3c 100644 --- a/http/technologies/wordpress/plugins/iwp-client.yaml +++ b/http/technologies/wordpress/plugins/iwp-client.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/iwp-client/ metadata: - max-request: 1 - plugin_namespace: "iwp-client" - wpscan: "https://wpscan.com/plugin/iwp-client" + plugin_namespace: iwp-client + wpscan: https://wpscan.com/plugin/iwp-client tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/jeg-elementor-kit.yaml b/http/technologies/wordpress/plugins/jeg-elementor-kit.yaml index 2455af3f027..f2fda0bc995 100644 --- a/http/technologies/wordpress/plugins/jeg-elementor-kit.yaml +++ b/http/technologies/wordpress/plugins/jeg-elementor-kit.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/jeg-elementor-kit/ metadata: - max-request: 1 - plugin_namespace: "jeg-elementor-kit" - wpscan: "https://wpscan.com/plugin/jeg-elementor-kit" + plugin_namespace: jeg-elementor-kit + wpscan: https://wpscan.com/plugin/jeg-elementor-kit tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/jetpack-boost.yaml b/http/technologies/wordpress/plugins/jetpack-boost.yaml index c31d2e10fd5..b352c2c09cb 100644 --- a/http/technologies/wordpress/plugins/jetpack-boost.yaml +++ b/http/technologies/wordpress/plugins/jetpack-boost.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/jetpack-boost/ metadata: - max-request: 1 - plugin_namespace: "jetpack-boost" - wpscan: "https://wpscan.com/plugin/jetpack-boost" + plugin_namespace: jetpack-boost + wpscan: https://wpscan.com/plugin/jetpack-boost tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/jetpack.yaml b/http/technologies/wordpress/plugins/jetpack.yaml index 1b181351faf..9b2841e7ca7 100644 --- a/http/technologies/wordpress/plugins/jetpack.yaml +++ b/http/technologies/wordpress/plugins/jetpack.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/jetpack/ metadata: - max-request: 1 plugin_namespace: jetpack - wpscan: "https://wpscan.com/plugin/jetpack" + wpscan: https://wpscan.com/plugin/jetpack tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/kadence-blocks.yaml b/http/technologies/wordpress/plugins/kadence-blocks.yaml index 813975ae62c..42be14c5dfe 100644 --- a/http/technologies/wordpress/plugins/kadence-blocks.yaml +++ b/http/technologies/wordpress/plugins/kadence-blocks.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/kadence-blocks/ metadata: - max-request: 1 - plugin_namespace: "kadence-blocks" - wpscan: "https://wpscan.com/plugin/kadence-blocks" + plugin_namespace: kadence-blocks + wpscan: https://wpscan.com/plugin/kadence-blocks tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/kirki.yaml b/http/technologies/wordpress/plugins/kirki.yaml index eb26e350b41..4e0cd86c3f7 100644 --- a/http/technologies/wordpress/plugins/kirki.yaml +++ b/http/technologies/wordpress/plugins/kirki.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/kirki/ metadata: - max-request: 1 plugin_namespace: kirki - wpscan: "https://wpscan.com/plugin/kirki" + wpscan: https://wpscan.com/plugin/kirki tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/leadin.yaml b/http/technologies/wordpress/plugins/leadin.yaml index 1bab3c9e0ed..59eadc5e6e7 100644 --- a/http/technologies/wordpress/plugins/leadin.yaml +++ b/http/technologies/wordpress/plugins/leadin.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/leadin/ metadata: - max-request: 1 plugin_namespace: leadin - wpscan: "https://wpscan.com/plugin/leadin" + wpscan: https://wpscan.com/plugin/leadin tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/limit-login-attempts-reloaded.yaml b/http/technologies/wordpress/plugins/limit-login-attempts-reloaded.yaml index 0b6a9a163e3..45e3289eb6e 100644 --- a/http/technologies/wordpress/plugins/limit-login-attempts-reloaded.yaml +++ b/http/technologies/wordpress/plugins/limit-login-attempts-reloaded.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/limit-login-attempts-reloaded/ metadata: - max-request: 1 - plugin_namespace: "limit-login-attempts-reloaded" - wpscan: "https://wpscan.com/plugin/limit-login-attempts-reloaded" + plugin_namespace: limit-login-attempts-reloaded + wpscan: https://wpscan.com/plugin/limit-login-attempts-reloaded tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/limit-login-attempts.yaml b/http/technologies/wordpress/plugins/limit-login-attempts.yaml index 1bed732e6f2..7e35a3fb4fa 100644 --- a/http/technologies/wordpress/plugins/limit-login-attempts.yaml +++ b/http/technologies/wordpress/plugins/limit-login-attempts.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/limit-login-attempts/ metadata: - max-request: 1 - plugin_namespace: "limit-login-attempts" - wpscan: "https://wpscan.com/plugin/limit-login-attempts" + plugin_namespace: limit-login-attempts + wpscan: https://wpscan.com/plugin/limit-login-attempts tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/litespeed-cache.yaml b/http/technologies/wordpress/plugins/litespeed-cache.yaml index 8769c04e025..18c2a7586e9 100644 --- a/http/technologies/wordpress/plugins/litespeed-cache.yaml +++ b/http/technologies/wordpress/plugins/litespeed-cache.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/litespeed-cache/ metadata: - max-request: 1 - plugin_namespace: "litespeed-cache" - wpscan: "https://wpscan.com/plugin/litespeed-cache" + plugin_namespace: litespeed-cache + wpscan: https://wpscan.com/plugin/litespeed-cache tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/loco-translate.yaml b/http/technologies/wordpress/plugins/loco-translate.yaml index cbcc7348d9a..6bc2aa78f96 100644 --- a/http/technologies/wordpress/plugins/loco-translate.yaml +++ b/http/technologies/wordpress/plugins/loco-translate.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/loco-translate/ metadata: - max-request: 1 - plugin_namespace: "loco-translate" - wpscan: "https://wpscan.com/plugin/loco-translate" + plugin_namespace: loco-translate + wpscan: https://wpscan.com/plugin/loco-translate tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/loginizer.yaml b/http/technologies/wordpress/plugins/loginizer.yaml index 5b258db2a5f..a43d3352a27 100644 --- a/http/technologies/wordpress/plugins/loginizer.yaml +++ b/http/technologies/wordpress/plugins/loginizer.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/loginizer/ metadata: - max-request: 1 plugin_namespace: loginizer - wpscan: "https://wpscan.com/plugin/loginizer" + wpscan: https://wpscan.com/plugin/loginizer tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/mailchimp-for-woocommerce.yaml b/http/technologies/wordpress/plugins/mailchimp-for-woocommerce.yaml index 0d0872c70c9..e7db9944e45 100644 --- a/http/technologies/wordpress/plugins/mailchimp-for-woocommerce.yaml +++ b/http/technologies/wordpress/plugins/mailchimp-for-woocommerce.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/mailchimp-for-woocommerce/ metadata: - max-request: 1 - plugin_namespace: "mailchimp-for-woocommerce" - wpscan: "https://wpscan.com/plugin/mailchimp-for-woocommerce" + plugin_namespace: mailchimp-for-woocommerce + wpscan: https://wpscan.com/plugin/mailchimp-for-woocommerce tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/mailchimp-for-wp.yaml b/http/technologies/wordpress/plugins/mailchimp-for-wp.yaml index b5bc09272b5..268bd7b9dfa 100644 --- a/http/technologies/wordpress/plugins/mailchimp-for-wp.yaml +++ b/http/technologies/wordpress/plugins/mailchimp-for-wp.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/mailchimp-for-wp/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/mailchimp-for-wp" - plugin_namespace: "mailchimp-for-wp" + plugin_namespace: mailchimp-for-wp + wpscan: https://wpscan.com/plugin/mailchimp-for-wp tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/mailpoet.yaml b/http/technologies/wordpress/plugins/mailpoet.yaml index 2e613d10074..ed3161d27c3 100644 --- a/http/technologies/wordpress/plugins/mailpoet.yaml +++ b/http/technologies/wordpress/plugins/mailpoet.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/mailpoet/ metadata: - max-request: 1 plugin_namespace: mailpoet - wpscan: "https://wpscan.com/plugin/mailpoet" + wpscan: https://wpscan.com/plugin/mailpoet tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/maintenance.yaml b/http/technologies/wordpress/plugins/maintenance.yaml index 90bc05e9c32..a1641d46328 100644 --- a/http/technologies/wordpress/plugins/maintenance.yaml +++ b/http/technologies/wordpress/plugins/maintenance.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/maintenance/ metadata: - max-request: 1 plugin_namespace: maintenance - wpscan: "https://wpscan.com/plugin/maintenance" + wpscan: https://wpscan.com/plugin/maintenance tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/mainwp-child.yaml b/http/technologies/wordpress/plugins/mainwp-child.yaml index ffba0a8de8c..3b6542683c7 100644 --- a/http/technologies/wordpress/plugins/mainwp-child.yaml +++ b/http/technologies/wordpress/plugins/mainwp-child.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/mainwp-child/ metadata: - max-request: 1 - plugin_namespace: "mainwp-child" - wpscan: "https://wpscan.com/plugin/mainwp-child" + plugin_namespace: mainwp-child + wpscan: https://wpscan.com/plugin/mainwp-child tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/malcare-security.yaml b/http/technologies/wordpress/plugins/malcare-security.yaml index ba1e40f4ff8..7c7e9395912 100644 --- a/http/technologies/wordpress/plugins/malcare-security.yaml +++ b/http/technologies/wordpress/plugins/malcare-security.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/malcare-security/ metadata: - max-request: 1 - plugin_namespace: "malcare-security" - wpscan: "https://wpscan.com/plugin/malcare-security" + plugin_namespace: malcare-security + wpscan: https://wpscan.com/plugin/malcare-security tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/megamenu.yaml b/http/technologies/wordpress/plugins/megamenu.yaml index 267991c1c1b..1c97c422e41 100644 --- a/http/technologies/wordpress/plugins/megamenu.yaml +++ b/http/technologies/wordpress/plugins/megamenu.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/megamenu/ metadata: - max-request: 1 plugin_namespace: megamenu - wpscan: "https://wpscan.com/plugin/megamenu" + wpscan: https://wpscan.com/plugin/megamenu tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/members.yaml b/http/technologies/wordpress/plugins/members.yaml index 266c10e3496..7d861cf06a1 100644 --- a/http/technologies/wordpress/plugins/members.yaml +++ b/http/technologies/wordpress/plugins/members.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/members/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/members" plugin_namespace: members + wpscan: https://wpscan.com/plugin/members tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/meta-box.yaml b/http/technologies/wordpress/plugins/meta-box.yaml index e808f958ebb..d846715b2e5 100644 --- a/http/technologies/wordpress/plugins/meta-box.yaml +++ b/http/technologies/wordpress/plugins/meta-box.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/meta-box/ metadata: - max-request: 1 - plugin_namespace: "meta-box" - wpscan: "https://wpscan.com/plugin/meta-box" + plugin_namespace: meta-box + wpscan: https://wpscan.com/plugin/meta-box tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/metform.yaml b/http/technologies/wordpress/plugins/metform.yaml index 0a23c77b290..f089ee37d31 100644 --- a/http/technologies/wordpress/plugins/metform.yaml +++ b/http/technologies/wordpress/plugins/metform.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/metform/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/metform" plugin_namespace: metform + wpscan: https://wpscan.com/plugin/metform tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/ml-slider.yaml b/http/technologies/wordpress/plugins/ml-slider.yaml index f9ff3dd41f5..add219d1c03 100644 --- a/http/technologies/wordpress/plugins/ml-slider.yaml +++ b/http/technologies/wordpress/plugins/ml-slider.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/ml-slider/ metadata: - max-request: 1 - plugin_namespace: "ml-slider" - wpscan: "https://wpscan.com/plugin/ml-slider" + plugin_namespace: ml-slider + wpscan: https://wpscan.com/plugin/ml-slider tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/newsletter.yaml b/http/technologies/wordpress/plugins/newsletter.yaml index 4fbc16886b7..f8903fa3dbb 100644 --- a/http/technologies/wordpress/plugins/newsletter.yaml +++ b/http/technologies/wordpress/plugins/newsletter.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/newsletter/ metadata: - max-request: 1 plugin_namespace: newsletter - wpscan: "https://wpscan.com/plugin/newsletter" + wpscan: https://wpscan.com/plugin/newsletter tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/nextend-facebook-connect.yaml b/http/technologies/wordpress/plugins/nextend-facebook-connect.yaml index d8f89614916..e2f020a0101 100644 --- a/http/technologies/wordpress/plugins/nextend-facebook-connect.yaml +++ b/http/technologies/wordpress/plugins/nextend-facebook-connect.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/nextend-facebook-connect/ metadata: - max-request: 1 - plugin_namespace: "nextend-facebook-connect" - wpscan: "https://wpscan.com/plugin/nextend-facebook-connect" + plugin_namespace: nextend-facebook-connect + wpscan: https://wpscan.com/plugin/nextend-facebook-connect tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/nextgen-gallery.yaml b/http/technologies/wordpress/plugins/nextgen-gallery.yaml index 4899e4f5856..dcc61d1255b 100644 --- a/http/technologies/wordpress/plugins/nextgen-gallery.yaml +++ b/http/technologies/wordpress/plugins/nextgen-gallery.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/nextgen-gallery/ metadata: - max-request: 1 - plugin_namespace: "nextgen-gallery" - wpscan: "https://wpscan.com/plugin/nextgen-gallery" + plugin_namespace: nextgen-gallery + wpscan: https://wpscan.com/plugin/nextgen-gallery tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/ninja-forms.yaml b/http/technologies/wordpress/plugins/ninja-forms.yaml index 26bc1e3bdc6..d1d2c1c1d00 100644 --- a/http/technologies/wordpress/plugins/ninja-forms.yaml +++ b/http/technologies/wordpress/plugins/ninja-forms.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/ninja-forms/ metadata: - max-request: 1 - plugin_namespace: "ninja-forms" - wpscan: "https://wpscan.com/plugin/ninja-forms" + plugin_namespace: ninja-forms + wpscan: https://wpscan.com/plugin/ninja-forms tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/ocean-extra.yaml b/http/technologies/wordpress/plugins/ocean-extra.yaml index 1395e7112e7..59a655c4240 100644 --- a/http/technologies/wordpress/plugins/ocean-extra.yaml +++ b/http/technologies/wordpress/plugins/ocean-extra.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/ocean-extra/ metadata: - max-request: 1 - plugin_namespace: "ocean-extra" - wpscan: "https://wpscan.com/plugin/ocean-extra" + plugin_namespace: ocean-extra + wpscan: https://wpscan.com/plugin/ocean-extra tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/official-facebook-pixel.yaml b/http/technologies/wordpress/plugins/official-facebook-pixel.yaml index 05925093bc2..d15634bb2b1 100644 --- a/http/technologies/wordpress/plugins/official-facebook-pixel.yaml +++ b/http/technologies/wordpress/plugins/official-facebook-pixel.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/official-facebook-pixel/ metadata: - max-request: 1 - plugin_namespace: "official-facebook-pixel" - wpscan: "https://wpscan.com/plugin/official-facebook-pixel" + plugin_namespace: official-facebook-pixel + wpscan: https://wpscan.com/plugin/official-facebook-pixel tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/one-click-demo-import.yaml b/http/technologies/wordpress/plugins/one-click-demo-import.yaml index d63ba50268f..7da04be5d3e 100644 --- a/http/technologies/wordpress/plugins/one-click-demo-import.yaml +++ b/http/technologies/wordpress/plugins/one-click-demo-import.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/one-click-demo-import/ metadata: - max-request: 1 - plugin_namespace: "one-click-demo-import" - wpscan: "https://wpscan.com/plugin/one-click-demo-import" + plugin_namespace: one-click-demo-import + wpscan: https://wpscan.com/plugin/one-click-demo-import tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/optinmonster.yaml b/http/technologies/wordpress/plugins/optinmonster.yaml index bbd566d8a99..8b7b6944547 100644 --- a/http/technologies/wordpress/plugins/optinmonster.yaml +++ b/http/technologies/wordpress/plugins/optinmonster.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/optinmonster/ metadata: - max-request: 1 plugin_namespace: optinmonster - wpscan: "https://wpscan.com/plugin/optinmonster" + wpscan: https://wpscan.com/plugin/optinmonster tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/otter-blocks.yaml b/http/technologies/wordpress/plugins/otter-blocks.yaml index 6519b84b42d..77fc04a2203 100644 --- a/http/technologies/wordpress/plugins/otter-blocks.yaml +++ b/http/technologies/wordpress/plugins/otter-blocks.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/otter-blocks/ metadata: - max-request: 1 - plugin_namespace: "otter-blocks" - wpscan: "https://wpscan.com/plugin/otter-blocks" + plugin_namespace: otter-blocks + wpscan: https://wpscan.com/plugin/otter-blocks tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/password-protected.yaml b/http/technologies/wordpress/plugins/password-protected.yaml index d58494d0be1..9f69402906a 100644 --- a/http/technologies/wordpress/plugins/password-protected.yaml +++ b/http/technologies/wordpress/plugins/password-protected.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/password-protected/ metadata: - max-request: 1 - plugin_namespace: "password-protected" - wpscan: "https://wpscan.com/plugin/password-protected" + plugin_namespace: password-protected + wpscan: https://wpscan.com/plugin/password-protected tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/pdf-embedder.yaml b/http/technologies/wordpress/plugins/pdf-embedder.yaml index 19e44c6d08f..0af08f0ac08 100644 --- a/http/technologies/wordpress/plugins/pdf-embedder.yaml +++ b/http/technologies/wordpress/plugins/pdf-embedder.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/pdf-embedder/ metadata: - max-request: 1 - plugin_namespace: "pdf-embedder" - wpscan: "https://wpscan.com/plugin/pdf-embedder" + plugin_namespace: pdf-embedder + wpscan: https://wpscan.com/plugin/pdf-embedder tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/pinterest-for-woocommerce.yaml b/http/technologies/wordpress/plugins/pinterest-for-woocommerce.yaml index 188969c86a1..1e4c77fbca9 100644 --- a/http/technologies/wordpress/plugins/pinterest-for-woocommerce.yaml +++ b/http/technologies/wordpress/plugins/pinterest-for-woocommerce.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/pinterest-for-woocommerce/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/pinterest-for-woocommerce" - plugin_namespace: "pinterest-for-woocommerce" + plugin_namespace: pinterest-for-woocommerce + wpscan: https://wpscan.com/plugin/pinterest-for-woocommerce tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/pixelyoursite.yaml b/http/technologies/wordpress/plugins/pixelyoursite.yaml index e1363520320..295e3fe82db 100644 --- a/http/technologies/wordpress/plugins/pixelyoursite.yaml +++ b/http/technologies/wordpress/plugins/pixelyoursite.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/pixelyoursite/ metadata: - max-request: 1 plugin_namespace: pixelyoursite - wpscan: "https://wpscan.com/plugin/pixelyoursite" + wpscan: https://wpscan.com/plugin/pixelyoursite tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/polylang.yaml b/http/technologies/wordpress/plugins/polylang.yaml index 0707b170f5f..862f73201fc 100644 --- a/http/technologies/wordpress/plugins/polylang.yaml +++ b/http/technologies/wordpress/plugins/polylang.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/polylang/ metadata: - max-request: 1 plugin_namespace: polylang - wpscan: "https://wpscan.com/plugin/polylang" + wpscan: https://wpscan.com/plugin/polylang tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/popup-maker.yaml b/http/technologies/wordpress/plugins/popup-maker.yaml index 2b033eafb4a..711b64f9d07 100644 --- a/http/technologies/wordpress/plugins/popup-maker.yaml +++ b/http/technologies/wordpress/plugins/popup-maker.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/popup-maker/ metadata: - max-request: 1 - plugin_namespace: "popup-maker" - wpscan: "https://wpscan.com/plugin/popup-maker" + plugin_namespace: popup-maker + wpscan: https://wpscan.com/plugin/popup-maker tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/post-smtp.yaml b/http/technologies/wordpress/plugins/post-smtp.yaml index 7cbd3ba2ca1..fff958bf5be 100644 --- a/http/technologies/wordpress/plugins/post-smtp.yaml +++ b/http/technologies/wordpress/plugins/post-smtp.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/post-smtp/ metadata: - max-request: 1 - plugin_namespace: "post-smtp" - wpscan: "https://wpscan.com/plugin/post-smtp" + plugin_namespace: post-smtp + wpscan: https://wpscan.com/plugin/post-smtp tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/post-types-order.yaml b/http/technologies/wordpress/plugins/post-types-order.yaml index 00713095f3a..305d74e8eaf 100644 --- a/http/technologies/wordpress/plugins/post-types-order.yaml +++ b/http/technologies/wordpress/plugins/post-types-order.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/post-types-order/ metadata: - max-request: 1 - plugin_namespace: "post-types-order" - wpscan: "https://wpscan.com/plugin/post-types-order" + plugin_namespace: post-types-order + wpscan: https://wpscan.com/plugin/post-types-order tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/premium-addons-for-elementor.yaml b/http/technologies/wordpress/plugins/premium-addons-for-elementor.yaml index 3307c955655..668162fc4e1 100644 --- a/http/technologies/wordpress/plugins/premium-addons-for-elementor.yaml +++ b/http/technologies/wordpress/plugins/premium-addons-for-elementor.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/premium-addons-for-elementor/ metadata: - max-request: 1 - plugin_namespace: "premium-addons-for-elementor" - wpscan: "https://wpscan.com/plugin/premium-addons-for-elementor" + plugin_namespace: premium-addons-for-elementor + wpscan: https://wpscan.com/plugin/premium-addons-for-elementor tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/pretty-link.yaml b/http/technologies/wordpress/plugins/pretty-link.yaml index 88163892ed1..f108da27f7d 100644 --- a/http/technologies/wordpress/plugins/pretty-link.yaml +++ b/http/technologies/wordpress/plugins/pretty-link.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/pretty-link/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/pretty-link" - plugin_namespace: "pretty-link" + plugin_namespace: pretty-link + wpscan: https://wpscan.com/plugin/pretty-link tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/really-simple-captcha.yaml b/http/technologies/wordpress/plugins/really-simple-captcha.yaml index 73876a53cbd..a0d2554492c 100644 --- a/http/technologies/wordpress/plugins/really-simple-captcha.yaml +++ b/http/technologies/wordpress/plugins/really-simple-captcha.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/really-simple-captcha/ metadata: - max-request: 1 - plugin_namespace: "really-simple-captcha" - wpscan: "https://wpscan.com/plugin/really-simple-captcha" + plugin_namespace: really-simple-captcha + wpscan: https://wpscan.com/plugin/really-simple-captcha tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/really-simple-ssl.yaml b/http/technologies/wordpress/plugins/really-simple-ssl.yaml index 658f7d22066..97b7306b751 100644 --- a/http/technologies/wordpress/plugins/really-simple-ssl.yaml +++ b/http/technologies/wordpress/plugins/really-simple-ssl.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/really-simple-ssl/ metadata: - max-request: 1 - plugin_namespace: "really-simple-ssl" - wpscan: "https://wpscan.com/plugin/really-simple-ssl" + plugin_namespace: really-simple-ssl + wpscan: https://wpscan.com/plugin/really-simple-ssl tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/redirection.yaml b/http/technologies/wordpress/plugins/redirection.yaml index c45f0eb093f..f44cee79807 100644 --- a/http/technologies/wordpress/plugins/redirection.yaml +++ b/http/technologies/wordpress/plugins/redirection.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/redirection/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/redirection" plugin_namespace: redirection + wpscan: https://wpscan.com/plugin/redirection tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/redux-framework.yaml b/http/technologies/wordpress/plugins/redux-framework.yaml index 1dc6b0b9db7..39130db767b 100644 --- a/http/technologies/wordpress/plugins/redux-framework.yaml +++ b/http/technologies/wordpress/plugins/redux-framework.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/redux-framework/ metadata: - max-request: 1 - plugin_namespace: "redux-framework" - wpscan: "https://wpscan.com/plugin/redux-framework" + plugin_namespace: redux-framework + wpscan: https://wpscan.com/plugin/redux-framework tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/regenerate-thumbnails.yaml b/http/technologies/wordpress/plugins/regenerate-thumbnails.yaml index 50e62f289d7..39c497073ca 100644 --- a/http/technologies/wordpress/plugins/regenerate-thumbnails.yaml +++ b/http/technologies/wordpress/plugins/regenerate-thumbnails.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/regenerate-thumbnails/ metadata: - max-request: 1 - plugin_namespace: "regenerate-thumbnails" - wpscan: "https://wpscan.com/plugin/regenerate-thumbnails" + plugin_namespace: regenerate-thumbnails + wpscan: https://wpscan.com/plugin/regenerate-thumbnails tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/royal-elementor-addons.yaml b/http/technologies/wordpress/plugins/royal-elementor-addons.yaml index 9e2cce5a0cf..b848288b55f 100644 --- a/http/technologies/wordpress/plugins/royal-elementor-addons.yaml +++ b/http/technologies/wordpress/plugins/royal-elementor-addons.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/royal-elementor-addons/ metadata: - max-request: 1 - plugin_namespace: "royal-elementor-addons" - wpscan: "https://wpscan.com/plugin/royal-elementor-addons" + plugin_namespace: royal-elementor-addons + wpscan: https://wpscan.com/plugin/royal-elementor-addons tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/safe-svg.yaml b/http/technologies/wordpress/plugins/safe-svg.yaml index 68b27729060..4d10178692e 100644 --- a/http/technologies/wordpress/plugins/safe-svg.yaml +++ b/http/technologies/wordpress/plugins/safe-svg.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/safe-svg/ metadata: - max-request: 1 - plugin_namespace: "safe-svg" - wpscan: "https://wpscan.com/plugin/safe-svg" + plugin_namespace: safe-svg + wpscan: https://wpscan.com/plugin/safe-svg tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/seo-by-rank-math.yaml b/http/technologies/wordpress/plugins/seo-by-rank-math.yaml index aee82688f24..7aac0a153f3 100644 --- a/http/technologies/wordpress/plugins/seo-by-rank-math.yaml +++ b/http/technologies/wordpress/plugins/seo-by-rank-math.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/seo-by-rank-math/ metadata: - max-request: 1 - plugin_namespace: "seo-by-rank-math" - wpscan: "https://wpscan.com/plugin/seo-by-rank-math" + plugin_namespace: seo-by-rank-math + wpscan: https://wpscan.com/plugin/seo-by-rank-math tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/sg-cachepress.yaml b/http/technologies/wordpress/plugins/sg-cachepress.yaml index 559b82e0457..d0cebd5316c 100644 --- a/http/technologies/wordpress/plugins/sg-cachepress.yaml +++ b/http/technologies/wordpress/plugins/sg-cachepress.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/sg-cachepress/ metadata: - max-request: 1 - plugin_namespace: "sg-cachepress" - wpscan: "https://wpscan.com/plugin/sg-cachepress" + plugin_namespace: sg-cachepress + wpscan: https://wpscan.com/plugin/sg-cachepress tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/sg-security.yaml b/http/technologies/wordpress/plugins/sg-security.yaml index 9fbe6f85ba0..ff207791572 100644 --- a/http/technologies/wordpress/plugins/sg-security.yaml +++ b/http/technologies/wordpress/plugins/sg-security.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/sg-security/ metadata: - max-request: 1 - plugin_namespace: "sg-security" - wpscan: "https://wpscan.com/plugin/sg-security" + plugin_namespace: sg-security + wpscan: https://wpscan.com/plugin/sg-security tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/shortcodes-ultimate.yaml b/http/technologies/wordpress/plugins/shortcodes-ultimate.yaml index 23d2bac00fa..fffdc7d017a 100644 --- a/http/technologies/wordpress/plugins/shortcodes-ultimate.yaml +++ b/http/technologies/wordpress/plugins/shortcodes-ultimate.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/shortcodes-ultimate/ metadata: - max-request: 1 - plugin_namespace: "shortcodes-ultimate" - wpscan: "https://wpscan.com/plugin/shortcodes-ultimate" + plugin_namespace: shortcodes-ultimate + wpscan: https://wpscan.com/plugin/shortcodes-ultimate tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/shortpixel-image-optimiser.yaml b/http/technologies/wordpress/plugins/shortpixel-image-optimiser.yaml index 07b0b88aeeb..c8072a035b1 100644 --- a/http/technologies/wordpress/plugins/shortpixel-image-optimiser.yaml +++ b/http/technologies/wordpress/plugins/shortpixel-image-optimiser.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/shortpixel-image-optimiser/ metadata: - max-request: 1 - plugin_namespace: "shortpixel-image-optimiser" - wpscan: "https://wpscan.com/plugin/shortpixel-image-optimiser" + plugin_namespace: shortpixel-image-optimiser + wpscan: https://wpscan.com/plugin/shortpixel-image-optimiser tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/simple-custom-post-order.yaml b/http/technologies/wordpress/plugins/simple-custom-post-order.yaml index 86f0892d6e1..3fe86debf56 100644 --- a/http/technologies/wordpress/plugins/simple-custom-post-order.yaml +++ b/http/technologies/wordpress/plugins/simple-custom-post-order.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/simple-custom-post-order/ metadata: - max-request: 1 - plugin_namespace: "simple-custom-post-order" - wpscan: "https://wpscan.com/plugin/simple-custom-post-order" + plugin_namespace: simple-custom-post-order + wpscan: https://wpscan.com/plugin/simple-custom-post-order tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/simple-history.yaml b/http/technologies/wordpress/plugins/simple-history.yaml index 04f7c8e6c87..05c99298b4f 100644 --- a/http/technologies/wordpress/plugins/simple-history.yaml +++ b/http/technologies/wordpress/plugins/simple-history.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/simple-history/ metadata: - max-request: 1 - plugin_namespace: "simple-history" - wpscan: "https://wpscan.com/plugin/simple-history" + plugin_namespace: simple-history + wpscan: https://wpscan.com/plugin/simple-history tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/siteguard.yaml b/http/technologies/wordpress/plugins/siteguard.yaml index e7c085cefd6..3deac58709d 100644 --- a/http/technologies/wordpress/plugins/siteguard.yaml +++ b/http/technologies/wordpress/plugins/siteguard.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/siteguard/ metadata: - max-request: 1 plugin_namespace: siteguard - wpscan: "https://wpscan.com/plugin/siteguard" + wpscan: https://wpscan.com/plugin/siteguard tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/siteorigin-panels.yaml b/http/technologies/wordpress/plugins/siteorigin-panels.yaml index 2fb593c5b2f..b6f392efba2 100644 --- a/http/technologies/wordpress/plugins/siteorigin-panels.yaml +++ b/http/technologies/wordpress/plugins/siteorigin-panels.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/siteorigin-panels/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/siteorigin-panels" - plugin_namespace: "siteorigin-panels" + plugin_namespace: siteorigin-panels + wpscan: https://wpscan.com/plugin/siteorigin-panels tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/smart-slider-3.yaml b/http/technologies/wordpress/plugins/smart-slider-3.yaml index f8832e7b520..ad4ebefa4b1 100644 --- a/http/technologies/wordpress/plugins/smart-slider-3.yaml +++ b/http/technologies/wordpress/plugins/smart-slider-3.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/smart-slider-3/ metadata: - max-request: 1 - plugin_namespace: "smart-slider-3" - wpscan: "https://wpscan.com/plugin/smart-slider-3" + plugin_namespace: smart-slider-3 + wpscan: https://wpscan.com/plugin/smart-slider-3 tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/so-widgets-bundle.yaml b/http/technologies/wordpress/plugins/so-widgets-bundle.yaml index e05da0a9461..8e88c81c0a9 100644 --- a/http/technologies/wordpress/plugins/so-widgets-bundle.yaml +++ b/http/technologies/wordpress/plugins/so-widgets-bundle.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/so-widgets-bundle/ metadata: - max-request: 1 - plugin_namespace: "so-widgets-bundle" - wpscan: "https://wpscan.com/plugin/so-widgets-bundle" + plugin_namespace: so-widgets-bundle + wpscan: https://wpscan.com/plugin/so-widgets-bundle tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/speedycache.yaml b/http/technologies/wordpress/plugins/speedycache.yaml index 51f9225cbba..532f42afafe 100644 --- a/http/technologies/wordpress/plugins/speedycache.yaml +++ b/http/technologies/wordpress/plugins/speedycache.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/speedycache/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/speedycache" plugin_namespace: speedycache + wpscan: https://wpscan.com/plugin/speedycache tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/sticky-header-effects-for-elementor.yaml b/http/technologies/wordpress/plugins/sticky-header-effects-for-elementor.yaml index 3acf47fa842..39d269fb856 100644 --- a/http/technologies/wordpress/plugins/sticky-header-effects-for-elementor.yaml +++ b/http/technologies/wordpress/plugins/sticky-header-effects-for-elementor.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/sticky-header-effects-for-elementor/ metadata: - max-request: 1 - plugin_namespace: "sticky-header-effects-for-elementor" - wpscan: "https://wpscan.com/plugin/sticky-header-effects-for-elementor" + plugin_namespace: sticky-header-effects-for-elementor + wpscan: https://wpscan.com/plugin/sticky-header-effects-for-elementor tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/stops-core-theme-and-plugin-updates.yaml b/http/technologies/wordpress/plugins/stops-core-theme-and-plugin-updates.yaml index e006bd84165..fc126d83c63 100644 --- a/http/technologies/wordpress/plugins/stops-core-theme-and-plugin-updates.yaml +++ b/http/technologies/wordpress/plugins/stops-core-theme-and-plugin-updates.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/stops-core-theme-and-plugin-updates/ metadata: - max-request: 1 - plugin_namespace: "stops-core-theme-and-plugin-updates" - wpscan: "https://wpscan.com/plugin/stops-core-theme-and-plugin-updates" + plugin_namespace: stops-core-theme-and-plugin-updates + wpscan: https://wpscan.com/plugin/stops-core-theme-and-plugin-updates tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/sucuri-scanner.yaml b/http/technologies/wordpress/plugins/sucuri-scanner.yaml index bd60ba9246d..8c49a342590 100644 --- a/http/technologies/wordpress/plugins/sucuri-scanner.yaml +++ b/http/technologies/wordpress/plugins/sucuri-scanner.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/sucuri-scanner/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/sucuri-scanner" - plugin_namespace: "sucuri-scanner" + plugin_namespace: sucuri-scanner + wpscan: https://wpscan.com/plugin/sucuri-scanner tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/svg-support.yaml b/http/technologies/wordpress/plugins/svg-support.yaml index 56e2d5d99b8..c20ed6552a4 100644 --- a/http/technologies/wordpress/plugins/svg-support.yaml +++ b/http/technologies/wordpress/plugins/svg-support.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/svg-support/ metadata: - max-request: 1 - plugin_namespace: "svg-support" - wpscan: "https://wpscan.com/plugin/svg-support" + plugin_namespace: svg-support + wpscan: https://wpscan.com/plugin/svg-support tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/table-of-contents-plus.yaml b/http/technologies/wordpress/plugins/table-of-contents-plus.yaml index 1ead12df337..abaf179dbc3 100644 --- a/http/technologies/wordpress/plugins/table-of-contents-plus.yaml +++ b/http/technologies/wordpress/plugins/table-of-contents-plus.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/table-of-contents-plus/ metadata: - max-request: 1 - plugin_namespace: "table-of-contents-plus" - wpscan: "https://wpscan.com/plugin/table-of-contents-plus" + plugin_namespace: table-of-contents-plus + wpscan: https://wpscan.com/plugin/table-of-contents-plus tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/tablepress.yaml b/http/technologies/wordpress/plugins/tablepress.yaml index 9b0be0d260d..71c71b5ed14 100644 --- a/http/technologies/wordpress/plugins/tablepress.yaml +++ b/http/technologies/wordpress/plugins/tablepress.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/tablepress/ metadata: - max-request: 1 plugin_namespace: tablepress - wpscan: "https://wpscan.com/plugin/tablepress" + wpscan: https://wpscan.com/plugin/tablepress tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/taxonomy-terms-order.yaml b/http/technologies/wordpress/plugins/taxonomy-terms-order.yaml index 6fc7a030365..7b47adc274b 100644 --- a/http/technologies/wordpress/plugins/taxonomy-terms-order.yaml +++ b/http/technologies/wordpress/plugins/taxonomy-terms-order.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/taxonomy-terms-order/ metadata: - max-request: 1 - plugin_namespace: "taxonomy-terms-order" - wpscan: "https://wpscan.com/plugin/taxonomy-terms-order" + plugin_namespace: taxonomy-terms-order + wpscan: https://wpscan.com/plugin/taxonomy-terms-order tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/templately.yaml b/http/technologies/wordpress/plugins/templately.yaml index 6988e1dc483..06418e5c4e9 100644 --- a/http/technologies/wordpress/plugins/templately.yaml +++ b/http/technologies/wordpress/plugins/templately.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/templately/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/templately" plugin_namespace: templately + wpscan: https://wpscan.com/plugin/templately tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/the-events-calendar.yaml b/http/technologies/wordpress/plugins/the-events-calendar.yaml index 43fdf0aeb4b..c4928059f6c 100644 --- a/http/technologies/wordpress/plugins/the-events-calendar.yaml +++ b/http/technologies/wordpress/plugins/the-events-calendar.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/the-events-calendar/ metadata: - max-request: 1 - plugin_namespace: "the-events-calendar" - wpscan: "https://wpscan.com/plugin/the-events-calendar" + plugin_namespace: the-events-calendar + wpscan: https://wpscan.com/plugin/the-events-calendar tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/tinymce-advanced.yaml b/http/technologies/wordpress/plugins/tinymce-advanced.yaml index 00c76d6724f..f6a7836f35a 100644 --- a/http/technologies/wordpress/plugins/tinymce-advanced.yaml +++ b/http/technologies/wordpress/plugins/tinymce-advanced.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/tinymce-advanced/ metadata: - max-request: 1 - plugin_namespace: "tinymce-advanced" - wpscan: "https://wpscan.com/plugin/tinymce-advanced" + plugin_namespace: tinymce-advanced + wpscan: https://wpscan.com/plugin/tinymce-advanced tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/translatepress-multilingual.yaml b/http/technologies/wordpress/plugins/translatepress-multilingual.yaml index a4b711796d2..b7af708c4fa 100644 --- a/http/technologies/wordpress/plugins/translatepress-multilingual.yaml +++ b/http/technologies/wordpress/plugins/translatepress-multilingual.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/translatepress-multilingual/ metadata: - max-request: 1 - plugin_namespace: "translatepress-multilingual" - wpscan: "https://wpscan.com/plugin/translatepress-multilingual" + plugin_namespace: translatepress-multilingual + wpscan: https://wpscan.com/plugin/translatepress-multilingual tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/ultimate-addons-for-gutenberg.yaml b/http/technologies/wordpress/plugins/ultimate-addons-for-gutenberg.yaml index 73d02d30fcb..44bbe7b1a9a 100644 --- a/http/technologies/wordpress/plugins/ultimate-addons-for-gutenberg.yaml +++ b/http/technologies/wordpress/plugins/ultimate-addons-for-gutenberg.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/ultimate-addons-for-gutenberg/ metadata: - max-request: 1 - plugin_namespace: "ultimate-addons-for-gutenberg" - wpscan: "https://wpscan.com/plugin/ultimate-addons-for-gutenberg" + plugin_namespace: ultimate-addons-for-gutenberg + wpscan: https://wpscan.com/plugin/ultimate-addons-for-gutenberg tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/under-construction-page.yaml b/http/technologies/wordpress/plugins/under-construction-page.yaml index 1ecdff03ce9..0da88d5d3f7 100644 --- a/http/technologies/wordpress/plugins/under-construction-page.yaml +++ b/http/technologies/wordpress/plugins/under-construction-page.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/under-construction-page/ metadata: - max-request: 1 - plugin_namespace: "under-construction-page" - wpscan: "https://wpscan.com/plugin/under-construction-page" + plugin_namespace: under-construction-page + wpscan: https://wpscan.com/plugin/under-construction-page tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/updraftplus.yaml b/http/technologies/wordpress/plugins/updraftplus.yaml index 24b1ceb8ef1..2b29428cf10 100644 --- a/http/technologies/wordpress/plugins/updraftplus.yaml +++ b/http/technologies/wordpress/plugins/updraftplus.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/updraftplus/ metadata: - max-request: 1 plugin_namespace: updraftplus - wpscan: "https://wpscan.com/plugin/updraftplus" + wpscan: https://wpscan.com/plugin/updraftplus tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/user-role-editor.yaml b/http/technologies/wordpress/plugins/user-role-editor.yaml index edc34f39e80..181e619a7cf 100644 --- a/http/technologies/wordpress/plugins/user-role-editor.yaml +++ b/http/technologies/wordpress/plugins/user-role-editor.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/user-role-editor/ metadata: - max-request: 1 - plugin_namespace: "user-role-editor" - wpscan: "https://wpscan.com/plugin/user-role-editor" + plugin_namespace: user-role-editor + wpscan: https://wpscan.com/plugin/user-role-editor tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/userfeedback-lite.yaml b/http/technologies/wordpress/plugins/userfeedback-lite.yaml index cc1ed94c719..1d4ad2b94a4 100644 --- a/http/technologies/wordpress/plugins/userfeedback-lite.yaml +++ b/http/technologies/wordpress/plugins/userfeedback-lite.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/userfeedback-lite/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/userfeedback-lite" - plugin_namespace: "userfeedback-lite" + plugin_namespace: userfeedback-lite + wpscan: https://wpscan.com/plugin/userfeedback-lite tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/w3-total-cache.yaml b/http/technologies/wordpress/plugins/w3-total-cache.yaml index 63432ca4857..8164eb44838 100644 --- a/http/technologies/wordpress/plugins/w3-total-cache.yaml +++ b/http/technologies/wordpress/plugins/w3-total-cache.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/w3-total-cache/ metadata: - max-request: 1 - plugin_namespace: "w3-total-cache" - wpscan: "https://wpscan.com/plugin/w3-total-cache" + plugin_namespace: w3-total-cache + wpscan: https://wpscan.com/plugin/w3-total-cache tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/webp-converter-for-media.yaml b/http/technologies/wordpress/plugins/webp-converter-for-media.yaml index 4d90c4f3fdc..59554defdfc 100644 --- a/http/technologies/wordpress/plugins/webp-converter-for-media.yaml +++ b/http/technologies/wordpress/plugins/webp-converter-for-media.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/webp-converter-for-media/ metadata: - max-request: 1 - plugin_namespace: "webp-converter-for-media" - wpscan: "https://wpscan.com/plugin/webp-converter-for-media" + plugin_namespace: webp-converter-for-media + wpscan: https://wpscan.com/plugin/webp-converter-for-media tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/webp-express.yaml b/http/technologies/wordpress/plugins/webp-express.yaml index 4b805fc73d6..350fd9436b4 100644 --- a/http/technologies/wordpress/plugins/webp-express.yaml +++ b/http/technologies/wordpress/plugins/webp-express.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/webp-express/ metadata: - max-request: 1 - plugin_namespace: "webp-express" - wpscan: "https://wpscan.com/plugin/webp-express" + plugin_namespace: webp-express + wpscan: https://wpscan.com/plugin/webp-express tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/widget-importer-exporter.yaml b/http/technologies/wordpress/plugins/widget-importer-exporter.yaml index 191fc031efb..ab9b2b875f3 100644 --- a/http/technologies/wordpress/plugins/widget-importer-exporter.yaml +++ b/http/technologies/wordpress/plugins/widget-importer-exporter.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/widget-importer-exporter/ metadata: - max-request: 1 - plugin_namespace: "widget-importer-exporter" - wpscan: "https://wpscan.com/plugin/widget-importer-exporter" + plugin_namespace: widget-importer-exporter + wpscan: https://wpscan.com/plugin/widget-importer-exporter tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/woo-cart-abandonment-recovery.yaml b/http/technologies/wordpress/plugins/woo-cart-abandonment-recovery.yaml index 184a28a5a74..d0dc8d92bb9 100644 --- a/http/technologies/wordpress/plugins/woo-cart-abandonment-recovery.yaml +++ b/http/technologies/wordpress/plugins/woo-cart-abandonment-recovery.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/woo-cart-abandonment-recovery/ metadata: - max-request: 1 - plugin_namespace: "woo-cart-abandonment-recovery" - wpscan: "https://wpscan.com/plugin/woo-cart-abandonment-recovery" + plugin_namespace: woo-cart-abandonment-recovery + wpscan: https://wpscan.com/plugin/woo-cart-abandonment-recovery tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/woo-checkout-field-editor-pro.yaml b/http/technologies/wordpress/plugins/woo-checkout-field-editor-pro.yaml index 4ab8de6b0c7..c49bbc2b6d1 100644 --- a/http/technologies/wordpress/plugins/woo-checkout-field-editor-pro.yaml +++ b/http/technologies/wordpress/plugins/woo-checkout-field-editor-pro.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/woo-checkout-field-editor-pro/ metadata: - max-request: 1 - plugin_namespace: "woo-checkout-field-editor-pro" - wpscan: "https://wpscan.com/plugin/woo-checkout-field-editor-pro" + plugin_namespace: woo-checkout-field-editor-pro + wpscan: https://wpscan.com/plugin/woo-checkout-field-editor-pro tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/woo-inpost.yaml b/http/technologies/wordpress/plugins/woo-inpost.yaml index 68d5585d844..6da99a6e6a2 100644 --- a/http/technologies/wordpress/plugins/woo-inpost.yaml +++ b/http/technologies/wordpress/plugins/woo-inpost.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/woo-inpost/ metadata: - max-request: 1 - plugin_namespace: "woo-inpost" - wpscan: "https://wpscan.com/plugin/woo-inpost" + plugin_namespace: woo-inpost + wpscan: https://wpscan.com/plugin/woo-inpost tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/woo-variation-swatches.yaml b/http/technologies/wordpress/plugins/woo-variation-swatches.yaml index 494dd6c57ce..27586cbd9d1 100644 --- a/http/technologies/wordpress/plugins/woo-variation-swatches.yaml +++ b/http/technologies/wordpress/plugins/woo-variation-swatches.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/woo-variation-swatches/ metadata: - max-request: 1 - plugin_namespace: "woo-variation-swatches" - wpscan: "https://wpscan.com/plugin/woo-variation-swatches" + plugin_namespace: woo-variation-swatches + wpscan: https://wpscan.com/plugin/woo-variation-swatches tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/woocommerce-gateway-stripe.yaml b/http/technologies/wordpress/plugins/woocommerce-gateway-stripe.yaml index 1ce519aa7b7..946272f0a90 100644 --- a/http/technologies/wordpress/plugins/woocommerce-gateway-stripe.yaml +++ b/http/technologies/wordpress/plugins/woocommerce-gateway-stripe.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/woocommerce-gateway-stripe/ metadata: - max-request: 1 - plugin_namespace: "woocommerce-gateway-stripe" - wpscan: "https://wpscan.com/plugin/woocommerce-gateway-stripe" + plugin_namespace: woocommerce-gateway-stripe + wpscan: https://wpscan.com/plugin/woocommerce-gateway-stripe tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/woocommerce-legacy-rest-api.yaml b/http/technologies/wordpress/plugins/woocommerce-legacy-rest-api.yaml index 9e952e8637e..aa297068720 100644 --- a/http/technologies/wordpress/plugins/woocommerce-legacy-rest-api.yaml +++ b/http/technologies/wordpress/plugins/woocommerce-legacy-rest-api.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/woocommerce-legacy-rest-api/ metadata: - max-request: 1 - plugin_namespace: "woocommerce-legacy-rest-api" - wpscan: "https://wpscan.com/plugin/woocommerce-legacy-rest-api" + plugin_namespace: woocommerce-legacy-rest-api + wpscan: https://wpscan.com/plugin/woocommerce-legacy-rest-api tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/woocommerce-payments.yaml b/http/technologies/wordpress/plugins/woocommerce-payments.yaml index bb5b52ee3bf..290d53ab7ed 100644 --- a/http/technologies/wordpress/plugins/woocommerce-payments.yaml +++ b/http/technologies/wordpress/plugins/woocommerce-payments.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/woocommerce-payments/ metadata: - max-request: 1 - plugin_namespace: "woocommerce-payments" - wpscan: "https://wpscan.com/plugin/woocommerce-payments" + plugin_namespace: woocommerce-payments + wpscan: https://wpscan.com/plugin/woocommerce-payments tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/woocommerce-paypal-payments.yaml b/http/technologies/wordpress/plugins/woocommerce-paypal-payments.yaml index b5c0040863d..f7c9ef9b1f8 100644 --- a/http/technologies/wordpress/plugins/woocommerce-paypal-payments.yaml +++ b/http/technologies/wordpress/plugins/woocommerce-paypal-payments.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/woocommerce-paypal-payments/ metadata: - max-request: 1 - plugin_namespace: "woocommerce-paypal-payments" - wpscan: "https://wpscan.com/plugin/woocommerce-paypal-payments" + plugin_namespace: woocommerce-paypal-payments + wpscan: https://wpscan.com/plugin/woocommerce-paypal-payments tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/woocommerce-pdf-invoices-packing-slips.yaml b/http/technologies/wordpress/plugins/woocommerce-pdf-invoices-packing-slips.yaml index 6b15cd3e6ea..f1c16275a2a 100644 --- a/http/technologies/wordpress/plugins/woocommerce-pdf-invoices-packing-slips.yaml +++ b/http/technologies/wordpress/plugins/woocommerce-pdf-invoices-packing-slips.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/woocommerce-pdf-invoices-packing-slips/ metadata: - max-request: 1 - plugin_namespace: "woocommerce-pdf-invoices-packing-slips" - wpscan: "https://wpscan.com/plugin/woocommerce-pdf-invoices-packing-slips" + plugin_namespace: woocommerce-pdf-invoices-packing-slips + wpscan: https://wpscan.com/plugin/woocommerce-pdf-invoices-packing-slips tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/woocommerce-services.yaml b/http/technologies/wordpress/plugins/woocommerce-services.yaml index cbe1c8d995f..fc072e19d8a 100644 --- a/http/technologies/wordpress/plugins/woocommerce-services.yaml +++ b/http/technologies/wordpress/plugins/woocommerce-services.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/woocommerce-services/ metadata: - max-request: 1 - plugin_namespace: "woocommerce-services" - wpscan: "https://wpscan.com/plugin/woocommerce-services" + plugin_namespace: woocommerce-services + wpscan: https://wpscan.com/plugin/woocommerce-services tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/woocommerce.yaml b/http/technologies/wordpress/plugins/woocommerce.yaml index 84ee21c66be..da9df0e8a5c 100644 --- a/http/technologies/wordpress/plugins/woocommerce.yaml +++ b/http/technologies/wordpress/plugins/woocommerce.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/woocommerce/ metadata: - max-request: 1 plugin_namespace: woocommerce - wpscan: "https://wpscan.com/plugin/woocommerce" + wpscan: https://wpscan.com/plugin/woocommerce tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/wordfence.yaml b/http/technologies/wordpress/plugins/wordfence.yaml index ff3cf2aaaf2..f8113d97506 100644 --- a/http/technologies/wordpress/plugins/wordfence.yaml +++ b/http/technologies/wordpress/plugins/wordfence.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wordfence/ metadata: - max-request: 1 plugin_namespace: wordfence - wpscan: "https://wpscan.com/plugin/wordfence" + wpscan: https://wpscan.com/plugin/wordfence tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/wordpress-importer.yaml b/http/technologies/wordpress/plugins/wordpress-importer.yaml index 5dc31846b31..5f80282ab22 100644 --- a/http/technologies/wordpress/plugins/wordpress-importer.yaml +++ b/http/technologies/wordpress/plugins/wordpress-importer.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wordpress-importer/ metadata: - max-request: 1 - plugin_namespace: "wordpress-importer" - wpscan: "https://wpscan.com/plugin/wordpress-importer" + plugin_namespace: wordpress-importer + wpscan: https://wpscan.com/plugin/wordpress-importer tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/wordpress-seo.yaml b/http/technologies/wordpress/plugins/wordpress-seo.yaml index 71a1090025b..5725d5bb3f8 100644 --- a/http/technologies/wordpress/plugins/wordpress-seo.yaml +++ b/http/technologies/wordpress/plugins/wordpress-seo.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wordpress-seo/ metadata: - max-request: 1 - plugin_namespace: "wordpress-seo" - wpscan: "https://wpscan.com/plugin/wordpress-seo" + plugin_namespace: wordpress-seo + wpscan: https://wpscan.com/plugin/wordpress-seo tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/worker.yaml b/http/technologies/wordpress/plugins/worker.yaml index c609bf6623f..f67a8bc18a8 100644 --- a/http/technologies/wordpress/plugins/worker.yaml +++ b/http/technologies/wordpress/plugins/worker.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/worker/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/worker" plugin_namespace: worker + wpscan: https://wpscan.com/plugin/worker tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/wp-crontrol.yaml b/http/technologies/wordpress/plugins/wp-crontrol.yaml index c01e3b191d4..a773829b7d8 100644 --- a/http/technologies/wordpress/plugins/wp-crontrol.yaml +++ b/http/technologies/wordpress/plugins/wp-crontrol.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wp-crontrol/ metadata: - max-request: 1 - plugin_namespace: "wp-crontrol" - wpscan: "https://wpscan.com/plugin/wp-crontrol" + plugin_namespace: wp-crontrol + wpscan: https://wpscan.com/plugin/wp-crontrol tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/wp-fastest-cache.yaml b/http/technologies/wordpress/plugins/wp-fastest-cache.yaml index 08452dbfd32..b9bd4be0a8b 100644 --- a/http/technologies/wordpress/plugins/wp-fastest-cache.yaml +++ b/http/technologies/wordpress/plugins/wp-fastest-cache.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wp-fastest-cache/ metadata: - max-request: 1 - plugin_namespace: "wp-fastest-cache" - wpscan: "https://wpscan.com/plugin/wp-fastest-cache" + plugin_namespace: wp-fastest-cache + wpscan: https://wpscan.com/plugin/wp-fastest-cache tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/wp-file-manager.yaml b/http/technologies/wordpress/plugins/wp-file-manager.yaml index 0e3e40e77cb..bece4ce486a 100644 --- a/http/technologies/wordpress/plugins/wp-file-manager.yaml +++ b/http/technologies/wordpress/plugins/wp-file-manager.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wp-file-manager/ metadata: - max-request: 1 - plugin_namespace: "wp-file-manager" - wpscan: "https://wpscan.com/plugin/wp-file-manager" + plugin_namespace: wp-file-manager + wpscan: https://wpscan.com/plugin/wp-file-manager tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/wp-google-maps.yaml b/http/technologies/wordpress/plugins/wp-google-maps.yaml index e872bc58ee4..138b0aa9a69 100644 --- a/http/technologies/wordpress/plugins/wp-google-maps.yaml +++ b/http/technologies/wordpress/plugins/wp-google-maps.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wp-google-maps/ metadata: - max-request: 1 - plugin_namespace: "wp-google-maps" - wpscan: "https://wpscan.com/plugin/wp-google-maps" + plugin_namespace: wp-google-maps + wpscan: https://wpscan.com/plugin/wp-google-maps tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/wp-mail-logging.yaml b/http/technologies/wordpress/plugins/wp-mail-logging.yaml index 5863b20cfb0..01a3669132d 100644 --- a/http/technologies/wordpress/plugins/wp-mail-logging.yaml +++ b/http/technologies/wordpress/plugins/wp-mail-logging.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wp-mail-logging/ metadata: - max-request: 1 - plugin_namespace: "wp-mail-logging" - wpscan: "https://wpscan.com/plugin/wp-mail-logging" + plugin_namespace: wp-mail-logging + wpscan: https://wpscan.com/plugin/wp-mail-logging tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/wp-mail-smtp.yaml b/http/technologies/wordpress/plugins/wp-mail-smtp.yaml index 7a055917df1..68bf71bc839 100644 --- a/http/technologies/wordpress/plugins/wp-mail-smtp.yaml +++ b/http/technologies/wordpress/plugins/wp-mail-smtp.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wp-mail-smtp/ metadata: - max-request: 1 - plugin_namespace: "wp-mail-smtp" - wpscan: "https://wpscan.com/plugin/wp-mail-smtp" + plugin_namespace: wp-mail-smtp + wpscan: https://wpscan.com/plugin/wp-mail-smtp tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/wp-maintenance-mode.yaml b/http/technologies/wordpress/plugins/wp-maintenance-mode.yaml index 5e28dad5efe..dc18db23b10 100644 --- a/http/technologies/wordpress/plugins/wp-maintenance-mode.yaml +++ b/http/technologies/wordpress/plugins/wp-maintenance-mode.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wp-maintenance-mode/ metadata: - max-request: 1 - plugin_namespace: "wp-maintenance-mode" - wpscan: "https://wpscan.com/plugin/wp-maintenance-mode" + plugin_namespace: wp-maintenance-mode + wpscan: https://wpscan.com/plugin/wp-maintenance-mode tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/wp-migrate-db.yaml b/http/technologies/wordpress/plugins/wp-migrate-db.yaml index 66d775280c1..6141a18c7a0 100644 --- a/http/technologies/wordpress/plugins/wp-migrate-db.yaml +++ b/http/technologies/wordpress/plugins/wp-migrate-db.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wp-migrate-db/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/wp-migrate-db" - plugin_namespace: "wp-migrate-db" + plugin_namespace: wp-migrate-db + wpscan: https://wpscan.com/plugin/wp-migrate-db tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/wp-multibyte-patch.yaml b/http/technologies/wordpress/plugins/wp-multibyte-patch.yaml index bca1b57c0e7..c3d10f01359 100644 --- a/http/technologies/wordpress/plugins/wp-multibyte-patch.yaml +++ b/http/technologies/wordpress/plugins/wp-multibyte-patch.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wp-multibyte-patch/ metadata: - max-request: 1 - plugin_namespace: "wp-multibyte-patch" - wpscan: "https://wpscan.com/plugin/wp-multibyte-patch" + plugin_namespace: wp-multibyte-patch + wpscan: https://wpscan.com/plugin/wp-multibyte-patch tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/wp-optimize.yaml b/http/technologies/wordpress/plugins/wp-optimize.yaml index fb03b5d54a1..4a8bc6b75c7 100644 --- a/http/technologies/wordpress/plugins/wp-optimize.yaml +++ b/http/technologies/wordpress/plugins/wp-optimize.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wp-optimize/ metadata: - max-request: 1 - plugin_namespace: "wp-optimize" - wpscan: "https://wpscan.com/plugin/wp-optimize" + plugin_namespace: wp-optimize + wpscan: https://wpscan.com/plugin/wp-optimize tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/wp-pagenavi.yaml b/http/technologies/wordpress/plugins/wp-pagenavi.yaml index 8bf8939c98a..d2c74355bd7 100644 --- a/http/technologies/wordpress/plugins/wp-pagenavi.yaml +++ b/http/technologies/wordpress/plugins/wp-pagenavi.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wp-pagenavi/ metadata: - max-request: 1 - plugin_namespace: "wp-pagenavi" - wpscan: "https://wpscan.com/plugin/wp-pagenavi" + plugin_namespace: wp-pagenavi + wpscan: https://wpscan.com/plugin/wp-pagenavi tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/wp-reset.yaml b/http/technologies/wordpress/plugins/wp-reset.yaml index 418d74bbf5d..94b8494b08d 100644 --- a/http/technologies/wordpress/plugins/wp-reset.yaml +++ b/http/technologies/wordpress/plugins/wp-reset.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wp-reset/ metadata: - max-request: 1 - wpscan: "https://wpscan.com/plugin/wp-reset" - plugin_namespace: "wp-reset" + plugin_namespace: wp-reset + wpscan: https://wpscan.com/plugin/wp-reset tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/wp-reviews-plugin-for-google.yaml b/http/technologies/wordpress/plugins/wp-reviews-plugin-for-google.yaml index 4756973e8f3..8cf27bba6b8 100644 --- a/http/technologies/wordpress/plugins/wp-reviews-plugin-for-google.yaml +++ b/http/technologies/wordpress/plugins/wp-reviews-plugin-for-google.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wp-reviews-plugin-for-google/ metadata: - max-request: 1 - plugin_namespace: "wp-reviews-plugin-for-google" - wpscan: "https://wpscan.com/plugin/wp-reviews-plugin-for-google" + plugin_namespace: wp-reviews-plugin-for-google + wpscan: https://wpscan.com/plugin/wp-reviews-plugin-for-google tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/wp-rollback.yaml b/http/technologies/wordpress/plugins/wp-rollback.yaml index db67508a07e..f6f6bf55667 100644 --- a/http/technologies/wordpress/plugins/wp-rollback.yaml +++ b/http/technologies/wordpress/plugins/wp-rollback.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wp-rollback/ metadata: - max-request: 1 - plugin_namespace: "wp-rollback" - wpscan: "https://wpscan.com/plugin/wp-rollback" + plugin_namespace: wp-rollback + wpscan: https://wpscan.com/plugin/wp-rollback tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/wp-seopress.yaml b/http/technologies/wordpress/plugins/wp-seopress.yaml index 74dbc54806d..483cb7cac74 100644 --- a/http/technologies/wordpress/plugins/wp-seopress.yaml +++ b/http/technologies/wordpress/plugins/wp-seopress.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wp-seopress/ metadata: - max-request: 1 - plugin_namespace: "wp-seopress" - wpscan: "https://wpscan.com/plugin/wp-seopress" + plugin_namespace: wp-seopress + wpscan: https://wpscan.com/plugin/wp-seopress tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/wp-sitemap-page.yaml b/http/technologies/wordpress/plugins/wp-sitemap-page.yaml index 996f962c251..a72742c1abd 100644 --- a/http/technologies/wordpress/plugins/wp-sitemap-page.yaml +++ b/http/technologies/wordpress/plugins/wp-sitemap-page.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wp-sitemap-page/ metadata: - max-request: 1 - plugin_namespace: "wp-sitemap-page" - wpscan: "https://wpscan.com/plugin/wp-sitemap-page" + plugin_namespace: wp-sitemap-page + wpscan: https://wpscan.com/plugin/wp-sitemap-page tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/wp-smushit.yaml b/http/technologies/wordpress/plugins/wp-smushit.yaml index 7f3a596a89f..2a3a8d915a3 100644 --- a/http/technologies/wordpress/plugins/wp-smushit.yaml +++ b/http/technologies/wordpress/plugins/wp-smushit.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wp-smushit/ metadata: - max-request: 1 - plugin_namespace: "wp-smushit" - wpscan: "https://wpscan.com/plugin/wp-smushit" + plugin_namespace: wp-smushit + wpscan: https://wpscan.com/plugin/wp-smushit tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/wp-statistics.yaml b/http/technologies/wordpress/plugins/wp-statistics.yaml index a277e0d7d34..5b690d96c0d 100644 --- a/http/technologies/wordpress/plugins/wp-statistics.yaml +++ b/http/technologies/wordpress/plugins/wp-statistics.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wp-statistics/ metadata: - max-request: 1 - plugin_namespace: "wp-statistics" - wpscan: "https://wpscan.com/plugin/wp-statistics" + plugin_namespace: wp-statistics + wpscan: https://wpscan.com/plugin/wp-statistics tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/wp-super-cache.yaml b/http/technologies/wordpress/plugins/wp-super-cache.yaml index f794b949bcb..16c7d6cff55 100644 --- a/http/technologies/wordpress/plugins/wp-super-cache.yaml +++ b/http/technologies/wordpress/plugins/wp-super-cache.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wp-super-cache/ metadata: - max-request: 1 - plugin_namespace: "wp-super-cache" - wpscan: "https://wpscan.com/plugin/wp-super-cache" + plugin_namespace: wp-super-cache + wpscan: https://wpscan.com/plugin/wp-super-cache tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/wpcf7-recaptcha.yaml b/http/technologies/wordpress/plugins/wpcf7-recaptcha.yaml index 156dfe2594c..1f0eda470d2 100644 --- a/http/technologies/wordpress/plugins/wpcf7-recaptcha.yaml +++ b/http/technologies/wordpress/plugins/wpcf7-recaptcha.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wpcf7-recaptcha/ metadata: - max-request: 1 - plugin_namespace: "wpcf7-recaptcha" - wpscan: "https://wpscan.com/plugin/wpcf7-recaptcha" + plugin_namespace: wpcf7-recaptcha + wpscan: https://wpscan.com/plugin/wpcf7-recaptcha tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/wpcf7-redirect.yaml b/http/technologies/wordpress/plugins/wpcf7-redirect.yaml index b9bd1541ccd..ecaa97d1af2 100644 --- a/http/technologies/wordpress/plugins/wpcf7-redirect.yaml +++ b/http/technologies/wordpress/plugins/wpcf7-redirect.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wpcf7-redirect/ metadata: - max-request: 1 - plugin_namespace: "wpcf7-redirect" - wpscan: "https://wpscan.com/plugin/wpcf7-redirect" + plugin_namespace: wpcf7-redirect + wpscan: https://wpscan.com/plugin/wpcf7-redirect tags: tech,wordpress,wp-plugin,top-200 http: diff --git a/http/technologies/wordpress/plugins/wpforms-lite.yaml b/http/technologies/wordpress/plugins/wpforms-lite.yaml index 39a54b6ef28..aaaf0f9a172 100644 --- a/http/technologies/wordpress/plugins/wpforms-lite.yaml +++ b/http/technologies/wordpress/plugins/wpforms-lite.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wpforms-lite/ metadata: - max-request: 1 - plugin_namespace: "wpforms-lite" - wpscan: "https://wpscan.com/plugin/wpforms-lite" + plugin_namespace: wpforms-lite + wpscan: https://wpscan.com/plugin/wpforms-lite tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/wps-hide-login.yaml b/http/technologies/wordpress/plugins/wps-hide-login.yaml index 20ab9a3b169..f943c7afebd 100644 --- a/http/technologies/wordpress/plugins/wps-hide-login.yaml +++ b/http/technologies/wordpress/plugins/wps-hide-login.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wps-hide-login/ metadata: - max-request: 1 - plugin_namespace: "wps-hide-login" - wpscan: "https://wpscan.com/plugin/wps-hide-login" + plugin_namespace: wps-hide-login + wpscan: https://wpscan.com/plugin/wps-hide-login tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/wpvivid-backuprestore.yaml b/http/technologies/wordpress/plugins/wpvivid-backuprestore.yaml index aee4b29aeec..7c11f5e7b6a 100644 --- a/http/technologies/wordpress/plugins/wpvivid-backuprestore.yaml +++ b/http/technologies/wordpress/plugins/wpvivid-backuprestore.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/wpvivid-backuprestore/ metadata: - max-request: 1 - plugin_namespace: "wpvivid-backuprestore" - wpscan: "https://wpscan.com/plugin/wpvivid-backuprestore" + plugin_namespace: wpvivid-backuprestore + wpscan: https://wpscan.com/plugin/wpvivid-backuprestore tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/plugins/yith-woocommerce-wishlist.yaml b/http/technologies/wordpress/plugins/yith-woocommerce-wishlist.yaml index 3212c21b3f5..6dcfdda1174 100644 --- a/http/technologies/wordpress/plugins/yith-woocommerce-wishlist.yaml +++ b/http/technologies/wordpress/plugins/yith-woocommerce-wishlist.yaml @@ -7,9 +7,8 @@ info: reference: - https://wordpress.org/plugins/yith-woocommerce-wishlist/ metadata: - max-request: 1 - plugin_namespace: "yith-woocommerce-wishlist" - wpscan: "https://wpscan.com/plugin/yith-woocommerce-wishlist" + plugin_namespace: yith-woocommerce-wishlist + wpscan: https://wpscan.com/plugin/yith-woocommerce-wishlist tags: tech,wordpress,wp-plugin,top-100,top-200 http: diff --git a/http/technologies/wordpress/themes/wp-bricks-builder-theme.yaml b/http/technologies/wordpress/themes/wp-bricks-builder-theme.yaml index a0f353009b9..9f40b226bbb 100644 --- a/http/technologies/wordpress/themes/wp-bricks-builder-theme.yaml +++ b/http/technologies/wordpress/themes/wp-bricks-builder-theme.yaml @@ -16,9 +16,7 @@ info: vendor: bricksbuilder product: bricks publicwww-query: "/wp-content/themes/bricks/" - shodan-query: http.html:"/wp-content/themes/bricks/" - fofa-query: body=/wp-content/themes/bricks/ - tags: wordpress,theme,wp-theme,wp,bricks,bricksbuilder + tags: wordpress,theme,wp-theme,wp,bricks http: - method: GET diff --git a/http/technologies/writebook-detect.yaml b/http/technologies/writebook-detect.yaml index 093edce0672..09790ca0d26 100644 --- a/http/technologies/writebook-detect.yaml +++ b/http/technologies/writebook-detect.yaml @@ -8,8 +8,8 @@ info: - https://once.com/writebook - https://books.37signals.com/2/the-writebook-manual metadata: + max-request: 1 verified: true - max-request: 2 shodan-query: html:"Writebook" tags: writebook,tech diff --git a/http/technologies/xenforo-detect.yaml b/http/technologies/xenforo-detect.yaml index 473fe37d024..7052daea710 100644 --- a/http/technologies/xenforo-detect.yaml +++ b/http/technologies/xenforo-detect.yaml @@ -10,9 +10,7 @@ info: max-request: 1 vendor: xenforo product: xenforo - shodan-query: http.title:"xenforo" - fofa-query: title="xenforo" - google-query: intitle:"xenforo" + shodan-query: http.title:"XenForo" tags: tech,xenforo http: diff --git a/http/technologies/xerox-workcentre-detect.yaml b/http/technologies/xerox-workcentre-detect.yaml index 6a9d6eaa9f3..2130a909650 100644 --- a/http/technologies/xerox-workcentre-detect.yaml +++ b/http/technologies/xerox-workcentre-detect.yaml @@ -11,9 +11,7 @@ info: max-request: 1 vendor: xerox product: workcentre_7970i - shodan-query: http.title:"xerox workcentre" - fofa-query: title="xerox workcentre" - google-query: intitle:"xerox workcentre" + shodan-query: title:"XEROX WORKCENTRE" tags: tech,xerox,workcentre http: diff --git a/http/technologies/yapi-detect.yaml b/http/technologies/yapi-detect.yaml index e2cb80f6784..9f482c329fc 100644 --- a/http/technologies/yapi-detect.yaml +++ b/http/technologies/yapi-detect.yaml @@ -10,10 +10,8 @@ info: max-request: 1 vendor: ymfe product: yapi - shodan-query: http.title:"yapi" - fofa-query: title="yapi" - google-query: intitle:"yapi" - tags: tech,yapi,ymfe + shodan-query: http.title:"YApi" + tags: tech,yapi http: - method: GET diff --git a/http/technologies/yeswiki-detect.yaml b/http/technologies/yeswiki-detect.yaml index 7eea6f30e59..6d99bbb2df7 100644 --- a/http/technologies/yeswiki-detect.yaml +++ b/http/technologies/yeswiki-detect.yaml @@ -13,10 +13,9 @@ info: metadata: verified: true max-request: 1 - vendor: yeswiki - product: yeswiki shodan-query: http.html:"yeswiki" - fofa-query: body="yeswiki" + product: yeswiki + vendor: yeswiki tags: yeswiki,panel,tech http: diff --git a/http/technologies/yourls-detect.yaml b/http/technologies/yourls-detect.yaml index 419f0b1d614..4284db58bb8 100644 --- a/http/technologies/yourls-detect.yaml +++ b/http/technologies/yourls-detect.yaml @@ -15,9 +15,8 @@ info: max-request: 1 vendor: yourls product: yourls - shodan-query: http.title:"your own url shortener" - fofa-query: title="your own url shortener" - google-query: intitle:"your own url shortener" + shodan-query: title:"Your Own URL Shortener" + fofa-query: title="Your Own URL Shortener" tags: tech,yourls http: diff --git a/http/technologies/zend-server-test-page.yaml b/http/technologies/zend-server-test-page.yaml index e866480abf1..03a52179a04 100644 --- a/http/technologies/zend-server-test-page.yaml +++ b/http/technologies/zend-server-test-page.yaml @@ -11,11 +11,7 @@ info: max-request: 1 vendor: zend product: zend_server - shodan-query: - - http.title:"zend server test page" - - cpe:"cpe:2.3:a:zend:zend_server" - fofa-query: title="zend server test page" - google-query: intitle:"zend server test page" + shodan-query: title:"Zend Server Test Page" tags: tech,zend http: diff --git a/http/technologies/zk-framework-detect.yaml b/http/technologies/zk-framework-detect.yaml index 9f037ffeb1c..cf1fe9403c3 100644 --- a/http/technologies/zk-framework-detect.yaml +++ b/http/technologies/zk-framework-detect.yaml @@ -12,17 +12,10 @@ info: cpe: cpe:2.3:a:zkoss:zk_framework:*:*:*:*:*:*:*:* metadata: verified: true - max-request: 1 vendor: zkoss - product: "zk_framework" - shodan-query: - - http.html:"zk.wpd" or http.html:"