20240909

date.txt

@@ -1 +1 @@
-20240908
+20240909

poc.txt

@@ -53173,6 +53173,7 @@
 ./poc/detect/workspaceone-uem-airwatch-dashboard-detect.yaml
 ./poc/detect/wowza-streaming-detect.yaml
 ./poc/detect/wp-admin-detect.yaml
+./poc/detect/wp-cms-detect.yaml
 ./poc/detect/wp-detect (copy 1).yaml
 ./poc/detect/wp-detect.yaml
 ./poc/detect/wp-mobile-detector-291130449baacf0e6d1046f164f908e9.yaml
@@ -60726,6 +60727,7 @@
 ./poc/microsoft/wp-arforms-listing-11417.yaml
 ./poc/microsoft/wp-arforms-listing-11418.yaml
 ./poc/microsoft/wp-arforms-listing.yaml
+./poc/microsoft/wp-cms-detect.yaml
 ./poc/microsoft/wp-forms-puzzle-captcha-535ddb74e379b6bd8cd96534784a8e18.yaml
 ./poc/microsoft/wp-forms-puzzle-captcha-aff3112ad689326307e33432ad0c6e98.yaml
 ./poc/microsoft/wp-forms-puzzle-captcha-f4892d4cbc102b5b017b90e94acd8329.yaml
@@ -62065,6 +62067,7 @@
 ./poc/other/2021-20837.yaml
 ./poc/other/21buttons.yaml
 ./poc/other/21grid.yaml
+./poc/other/2475241188.yaml
 ./poc/other/247sports.yaml
 ./poc/other/263-enterprise-mailbox.yaml
 ./poc/other/263-hrm.yaml
@@ -114963,6 +114966,7 @@
 ./poc/wordpress/wp-club-manager-1a5216849d3cfc0c8c890ecab4896ea4.yaml
 ./poc/wordpress/wp-club-manager-2274edf5d9f024396104036805c4d80e.yaml
 ./poc/wordpress/wp-club-manager.yaml
+./poc/wordpress/wp-cms-detect.yaml
 ./poc/wordpress/wp-code-highlightjs-21297129236b264aa97d6b510326d25b.yaml
 ./poc/wordpress/wp-code-highlightjs-7fa7ce6a08964b451879262320745f69.yaml
 ./poc/wordpress/wp-code-highlightjs-a10af9198cd72269c89232b8b5ebae29.yaml

poc/auth/huawei-HG532e-default-login.yaml

@@ -1,16 +1,17 @@
 id: huawei-HG532e-default-login
 info:
   name: Huawei HG532e Default Credential
+  description: Huawei HG532e default admin credentials were discovered.
   author: pussycat0x
   severity: high
-  description: Huawei HG532e default admin credentials were discovered.
+  metadata:
+    shodan-query: http.html:"HG532e"
+  tags: default-login,huawei
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
     cvss-score: 8.3
+    cve-id:
     cwe-id: CWE-522
-  metadata:
-    shodan-query: http.html:"HG532e"
-  tags: default-login,huawei
 requests:
   - raw:
       - |

poc/cve/cve-2006-1681.yaml

@@ -2,16 +2,12 @@ id: CVE-2006-1681
 
 info:
   name: Cherokee HTTPD <=0.5 XSS
-  author: geeknik
-  severity: medium
   description: Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
   reference:
     - https://www.securityfocus.com/bid/17408
     - https://nvd.nist.gov/vuln/detail/CVE-2006-1681
-    - http://secunia.com/advisories/19587
-    - http://www.securityfocus.com/bid/17408
-  classification:
-    cve-id: CVE-2006-1681
+  author: geeknik
+  severity: medium
   tags: cherokee,httpd,xss,cve,cve2006
 
 requests:

poc/cve/cve-2013-4625.yaml

@@ -1,18 +1,11 @@
 id: CVE-2013-4625
 
 info:
-  name: WordPress Plugin Duplicator < 0.4.5 - Reflected Cross-Site Scripting
+  name: WordPress Plugin Duplicator < 0.4.5 - Reflected Cross-Site Scripting (XSS)
   author: daffainfo
   severity: medium
-  description: A cross-site scripting  vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter.
-  reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2013-4625
-    - https://packetstormsecurity.com/files/122535/WordPress-Duplicator-0.4.4-Cross-Site-Scripting.html
-    - http://osvdb.org/95627
-    - http://archives.neohapsis.com/archives/bugtraq/2013-07/0161.html
-  remediation: Upgrade to Duplicator 0.4.5 or later.
-  classification:
-    cve-id: CVE-2013-4625
+  description: Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter.
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2013-4625
   tags: cve,cve2013,wordpress,xss,wp-plugin
 
 requests:
@@ -35,5 +28,3 @@ requests:
       - type: status
         status:
           - 200
-
-# Enhanced by mp on 2022/02/24

poc/cve/cve-2014-4544.yaml

@@ -1,25 +1,24 @@
 id: CVE-2014-4544
 
 info:
-  name: Podcast Channels < 0.28 - Unauthenticated Reflected Cross-Site Scripting
+  name: Podcast Channels < 0.28 - Unauthenticated Reflected XSS
   author: daffainfo
   severity: medium
-  description: The Podcast Channels WordPress plugin was affected by an unauthenticated reflected cross-site scripting security vulnerability.
+  description: The Podcast Channels WordPress plugin was affected by an Unauthenticated Reflected XSS security vulnerability.
   reference:
     - https://wpscan.com/vulnerability/72a5a0e1-e720-45a9-b9d4-ee3144939abb
     - https://nvd.nist.gov/vuln/detail/CVE-2014-4544
-    - http://codevigilant.com/disclosure/wp-plugin-podcast-channels-a3-cross-site-scripting-xss
+  tags: cve,cve2014,wordpress,wp-plugin,xss
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 6.1
+    cvss-score: 6.10
     cve-id: CVE-2014-4544
     cwe-id: CWE-79
-  tags: cve,cve2014,wordpress,wp-plugin,xss
 
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php?Filename=Filename%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&"
+      - "{{BaseURL}}/wp-content/plugins/podcast–channels/getid3/demos/demo.write.php?Filename=Filename%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&"
 
     matchers-condition: and
     matchers:
@@ -36,5 +35,3 @@ requests:
       - type: status
         status:
           - 200
-
-# Enhanced by mp on 2022/02/24

poc/cve/cve-2017-5631.yaml

@@ -1,23 +1,35 @@
 id: CVE-2017-5631
 
 info:
-  name: CaseAware - Cross Site Scripting
+  name: KMCIS CaseAware - Cross-Site Scripting
   author: edoardottt
   severity: medium
-  description: An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr") that is transmitted in the login.php query string.
+  description: KMCIS CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
+  remediation: |
+    To remediate this vulnerability, it is recommended to apply the latest patches or updates provided by the vendor.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2017-5631
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5631
     - https://www.openbugbounty.org/incidents/228262/
     - https://www.exploit-db.com/exploits/42042/
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-5631
+    - https://github.com/ARPSyndicate/cvemon
+    - https://github.com/ARPSyndicate/kenzer-templates
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
     cve-id: CVE-2017-5631
     cwe-id: CWE-79
-  tags: cve,cve2017,xss,caseaware
+    epss-score: 0.00286
+    epss-percentile: 0.65504
+    cpe: cpe:2.3:a:kmc_information_systems:caseaware:-:*:*:*:*:*:*:*
+  metadata:
+    max-request: 1
+    vendor: kmc_information_systems
+    product: caseaware
+  tags: cve2017,cve,edb,xss,caseaware,kmc_information_systems
 
-requests:
+http:
   - method: GET
     path:
       - "{{BaseURL}}/login.php?mid=0&usr=admin%27%3e%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
@@ -37,3 +49,4 @@ requests:
       - type: status
         status:
           - 200
+# digest: 490a0046304402207d69e52f52d55a7b3f0d17541fe9f915dd4df8934f92181ed2e92d60ac0c7bde022072d4faaaef53a8a71f6ad67625ef5ce22b85459680a16b880dabe2a2c39f4099:922c64590222798bb761d5b6d8e72950

poc/cve/cve-2019-15501.yaml

@@ -4,17 +4,17 @@ info:
   name: LSoft ListServ - XSS
   author: LogicalHunter
   severity: medium
-  description: Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter.
   reference:
     - https://www.exploit-db.com/exploits/47302
     - http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018a_WhatsNew.pdf
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15501
+  tags: cve,cve2019,xss,listserv
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 6.1
+    cvss-score: 6.10
     cve-id: CVE-2019-15501
     cwe-id: CWE-79
-  tags: cve,cve2019,xss,listserv
+  description: "Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter."
 
 requests:
   - method: GET

poc/cve/cve-2020-1956.yaml

@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized remote code execution and potential compromise of the affected server.
   remediation: |
     Upgrade to a patched version of Apache Kylin or apply the necessary security patches provided by the vendor.
   reference:
@@ -19,8 +21,8 @@ info:
     cvss-score: 8.8
     cve-id: CVE-2020-1956
     cwe-id: CWE-78
-    epss-score: 0.97389
-    epss-percentile: 0.99901
+    epss-score: 0.97374
+    epss-percentile: 0.99898
     cpe: cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*
   metadata:
     verified: true
@@ -44,8 +46,6 @@ http:
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
 
-    cookie-reuse: true
-
     matchers-condition: and
     matchers:
       - type: word
@@ -57,4 +57,4 @@ http:
         part: interactsh_request
         words:
           - "User-Agent: curl"
-# digest: 4a0a00473045022100c8a5a21d2658e180caf791828e7679180f8aaed6160b8c4f61c81270d3164ce102206de562485c4376176afa5a7d5cfdbcb9d8b6f39d7437d8a57b0a7098276c0325:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100c8831b7a79e58b4e7a67c451f73d3cfb37a6ef3e8e5c080eadc921d72b3f7337022100c542e5c9d7531e4b3e781bbd0655fda3a0f3e96ccce83923abd4935aa15564ac:922c64590222798bb761d5b6d8e72950

poc/cve/cve-2020-27467.yaml

@@ -1,23 +1,35 @@
 id: CVE-2020-27467
 
 info:
-  name: Processwire CMS < 2.7.1 - Directory Traversal
+  name: Processwire CMS <2.7.1 - Local File Inclusion
   author: 0x_Akoko
   severity: high
-  description: Local File Inclusion in Processwire CMS < 2.7.1 allows to retrieve arbitrary files via the download parameter to index.php By providing a specially crafted path to the vulnerable parameter, a remote attacker can retrieve the contents of sensitive files on the local system.
+  description: Processwire CMS prior to 2.7.1 is vulnerable to local file inclusion because it allows a remote attacker to retrieve sensitive files via the download parameter to index.php.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files, execute arbitrary code, or gain unauthorized access to the system.
+  remediation: |
+    Upgrade Processwire CMS to version 2.7.1 or later to fix the Local File Inclusion vulnerability.
   reference:
     - https://github.com/Y1LD1R1M-1337/LFI-ProcessWire
     - https://processwire.com/
-    - https://www.cvedetails.com/cve/CVE-2020-27467
     - https://github.com/ceng-yildirim/LFI-processwire
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-27467
+    - https://github.com/ARPSyndicate/cvemon
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
     cve-id: CVE-2020-27467
     cwe-id: CWE-22
+    epss-score: 0.01056
+    epss-percentile: 0.83739
+    cpe: cpe:2.3:a:processwire:processwire:*:*:*:*:*:*:*:*
+  metadata:
+    max-request: 1
+    vendor: processwire
+    product: processwire
   tags: cve,cve2020,processwire,lfi,cms,oss
 
-requests:
+http:
   - method: GET
     path:
       - "{{BaseURL}}/index.php?download=/etc/passwd"
@@ -31,3 +43,4 @@ requests:
       - type: status
         status:
           - 200
+# digest: 490a00463044022005cc8cc6d259f90bddcc4ab74577e25407c52171a5893d763b5d5ab1dd6159c602204a99b859d07b48c2f47cf2a1a8329315e236c3999217ea353e49076587c74df0:922c64590222798bb761d5b6d8e72950

poc/cve/cve-2020-5410.yaml

@@ -4,16 +4,14 @@ info:
   name: Directory Traversal in Spring Cloud Config Server
   author: mavericknerd
   severity: high
-  description: Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server
-    module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.
-  reference:
-    - https://tanzu.vmware.com/security/cve-2020-5410
+  description: Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.
+  reference: https://tanzu.vmware.com/security/cve-2020-5410
+  tags: cve,cve2020,lfi,springcloud,config,traversal
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-    cvss-score: 7.5
+    cvss-score: 7.50
     cve-id: CVE-2020-5410
     cwe-id: CWE-22
-  tags: cve,cve2020,lfi,springcloud,config,traversal
 
 requests:
   - method: GET

poc/cve/cve-2020-6207.yaml

@@ -1,24 +1,24 @@
 id: CVE-2020-6207
 
 info:
-  name: SAP Solution Manager 7.2 - Remote Command Execution
+  name: SAP Solution Manager remote unauthorized OS commands execution
   author: _generic_human_
   severity: critical
-  description: SAP Solution Manager (SolMan) running version 7.2 has a remote command execution vulnerability within the SAP EEM servlet (tc~smd~agent~application~eem). The vulnerability occurs due to missing authentication checks when submitting SOAP requests to the /EemAdminService/EemAdmin page to get information about connected SMDAgents, send HTTP request (SSRF), and execute OS commands on connected SMDAgent.
+  tags: cve,cve2020,sap,solman,rce
+  description: |
+    SAP Solution Manager (SolMan) running version 7.2 has CVE-2020-6207 vulnerability within the SAP EEM servlet (tc~smd~agent~application~eem). The vulnerability occurs due to missing authentication checks when submitting SOAP requests to the /EemAdminService/EemAdmin page to get information about connected SMDAgents, send HTTP request (SSRF), and execute OS commands on connected SMDAgent.
   reference:
     - https://launchpad.support.sap.com/#/notes/2890213
     - https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305
     - https://i.blackhat.com/USA-20/Wednesday/us-20-Artuso-An-Unauthenticated-Journey-To-Root-Pwning-Your-Companys-Enterprise-Software-Servers-wp.pdf
     - https://github.com/chipik/SAP_EEM_CVE-2020-6207
     - https://www.rapid7.com/db/modules/auxiliary/admin/sap/cve_2020_6207_solman_rce/
     - https://www.rapid7.com/db/modules/exploit/multi/sap/cve_2020_6207_solman_rs/
-    - https://nvd.nist.gov/vuln/detail/CVE-2020-6207
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-    cvss-score: 9.8
+    cvss-score: 9.80
     cve-id: CVE-2020-6207
     cwe-id: CWE-306
-  tags: cve,cve2020,sap,solman,rce
 
 requests:
   - raw:
@@ -51,5 +51,3 @@ requests:
           - "SAP NetWeaver Application Server"
         part: header
         condition: and
-
-# Enhanced by mp on 2022/04/29

poc/cve/cve-2021-24278.yaml

@@ -9,11 +9,11 @@ info:
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24278
     - https://wpscan.com/vulnerability/99f30604-d62b-4e30-afcd-b482f8d66413
     - https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/
+  tags: cve,cve2021,wordpress,wp-plugin
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
     cve-id: CVE-2021-24278
-  tags: cve,cve2021,wordpress,wp-plugin
 
 requests:
   - method: POST

poc/cve/cve-2021-24316.yaml

@@ -1,20 +1,19 @@
 id: CVE-2021-24316
 
 info:
-  name: An Unauthenticated Reflected XSS & XFS Mediumish theme through 1.0.47 for WordPress
   author: 0x_Akoko
-  severity: medium
   description: Mediumish WordPress Theme <= 1.0.47 - Unauthenticated Reflected XSS & XFS.
+  name: An Unauthenticated Reflected XSS & XFS Mediumish theme through 1.0.47 for WordPress
+  severity: medium
+  tags: cve,cve2021,mediumish,xss,wordpress
   reference:
     - https://wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e
     - https://m0ze.ru/vulnerability/%5B2021-03-14%5D-%5BWordPress%5D-%5BCWE-79%5D-Mediumish-WordPress-Theme-v1.0.47.txt
-    - https://www.wowthemes.net/themes/mediumish-wordpress/
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 6.1
+    cvss-score: 6.10
     cve-id: CVE-2021-24316
     cwe-id: CWE-79
-  tags: cve,cve2021,mediumish,xss,wordpress
 
 requests:
   - method: GET