TemplateMan Update [Mon Apr 8 11:30:07 UTC 2024] :robot:

cloud/enum/azure-db-enum.yaml

@@ -9,7 +9,7 @@ info:
   metadata:
     verified: true
     max-request: 1
-  tags: cloud,enum,cloud-enum,azure
+  tags: cloud,enum,cloud-enum,azure,dns
 
 self-contained: true
 

cloud/enum/azure-vm-cloud-enum.yaml

@@ -9,7 +9,7 @@ info:
   metadata:
     verified: true
     max-request: 1
-  tags: cloud,cloud-enum,azure,fuzz,enum
+  tags: cloud,cloud-enum,azure,fuzz,enum,dns
 
 self-contained: true
 

code/cves/2019/CVE-2019-14287.yaml

@@ -25,7 +25,7 @@ info:
     max-request: 2
     vendor: sudo_project
     product: sudo
-  tags: packetstorm,cve,cve2019,sudo,code,linux,privesc,local,canonical
+  tags: packetstorm,cve,cve2019,sudo,code,linux,privesc,local,canonical,sudo_project
 
 self-contained: true
 code:

code/cves/2021/CVE-2021-3156.yaml

@@ -24,7 +24,7 @@ info:
     verified: true
     vendor: sudo_project
     product: sudo
-  tags: packetstorm,cve,cve2021,sudo,code,linux,privesc,local,kev
+  tags: packetstorm,cve,cve2021,sudo,code,linux,privesc,local,kev,sudo_project
 
 self-contained: true
 code:

code/cves/2023/CVE-2023-4911.yaml

@@ -24,7 +24,7 @@ info:
     max-request: 1
     vendor: gnu
     product: glibc
-  tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local,kev
+  tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local,kev,gnu
 
 self-contained: true
 code:

code/cves/2023/CVE-2023-6246.yaml

@@ -18,13 +18,13 @@ info:
     cve-id: CVE-2023-6246
     cwe-id: CWE-787,CWE-122
     epss-score: 0.0077
-    epss-percentile: 0.80859
+    epss-percentile: 0.80911
     cpe: cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
     vendor: gnu
     product: glibc
-  tags: cve,cve2023,code,glibc,linux,privesc,local
+  tags: cve,cve2023,code,glibc,linux,privesc,local,gnu
 
 self-contained: true
 code:

code/privilege-escalation/linux/binary/privesc-sqlite3.yaml

@@ -11,7 +11,7 @@ info:
   metadata:
     verified: true
     max-request: 3
-  tags: code,linux,sqlite3,privesc,local
+  tags: code,linux,sqlite3,privesc,local,sqli
 
 self-contained: true
 code:

dast/cves/2018/CVE-2018-19518.yaml

@@ -17,6 +17,7 @@ info:
     cve-id: CVE-2018-19518
     cwe-id: CWE-88
   metadata:
+    max-request: 1
     confidence: tenative
   tags: imap,dast,vulhub,cve,cve2018,rce,oast,php
 

dast/cves/2021/CVE-2021-45046.yaml

@@ -17,6 +17,7 @@ info:
     cve-id: CVE-2021-45046
     cwe-id: CWE-502
   metadata:
+    max-request: 1
     confidence: tenative
   tags: cve,cve2021,rce,oast,log4j,injection,dast
 

dast/cves/2022/CVE-2022-42889.yaml

@@ -6,19 +6,20 @@ info:
   severity: critical
   description: |
     Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
+  remediation: Upgrade to Apache Commons Text component between 1.5.0 to 1.10.0.
   reference:
     - https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
     - http://www.openwall.com/lists/oss-security/2022/10/13/4
     - http://www.openwall.com/lists/oss-security/2022/10/18/1
     - https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text/
     - https://github.com/silentsignal/burp-text4shell
-  remediation: Upgrade to Apache Commons Text component between 1.5.0 to 1.10.0.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2022-42889
     cwe-id: CWE-94
   metadata:
+    max-request: 1
     confidence: tenative
   tags: cve,cve2022,rce,oast,text4shell,dast
 

dast/vulnerabilities/cmdi/blind-oast-polyglots.yaml

@@ -5,11 +5,13 @@ info:
   author: pdteam,geeknik
   severity: high
   description: |
-      Potential blind OS command injection vulnerabilities, where the application constructs OS commands using unsanitized user input.
-      Successful exploitation could lead to arbitrary command execution on the system.
+    Potential blind OS command injection vulnerabilities, where the application constructs OS commands using unsanitized user input.
+    Successful exploitation could lead to arbitrary command execution on the system.
   reference:
     - https://portswigger.net/research/hunting-asynchronous-vulnerabilities
     - https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Command%20Injection/README.md
+  metadata:
+    max-request: 4
   tags: cmdi,oast,dast,blind,polyglot
 
 variables:

dast/vulnerabilities/cmdi/ruby-open-rce.yaml

@@ -5,10 +5,12 @@ info:
   author: pdteam
   severity: high
   description: |
-   Ruby's Kernel#open and URI.open enables not only file access but also process invocation by prefixing a pipe symbol (e.g., open(“| ls”)). So, it may lead to Remote Code Execution by using variable input to the argument of Kernel#open and URI.open.
+    Ruby's Kernel#open and URI.open enables not only file access but also process invocation by prefixing a pipe symbol (e.g., open(“| ls”)). So, it may lead to Remote Code Execution by using variable input to the argument of Kernel#open and URI.open.
   reference:
     - https://bishopfox.com/blog/ruby-vulnerabilities-exploits
     - https://codeql.github.com/codeql-query-help/ruby/rb-kernel-open/
+  metadata:
+    max-request: 1
   tags: cmdi,oast,dast,blind,ruby,rce
 
 variables:

dast/vulnerabilities/crlf/cookie-injection.yaml

@@ -7,6 +7,8 @@ info:
   reference:
     - https://www.invicti.com/blog/web-security/understanding-cookie-poisoning-attacks/
     - https://docs.imperva.com/bundle/on-premises-knowledgebase-reference-guide/page/cookie_injection.htm
+  metadata:
+    max-request: 1
   tags: reflected,dast,cookie,injection
 
 variables:

dast/vulnerabilities/crlf/crlf-injection.yaml

@@ -4,6 +4,8 @@ info:
   name: CRLF Injection
   author: pdteam
   severity: low
+  metadata:
+    max-request: 41
   tags: crlf,dast
 
 http:

dast/vulnerabilities/lfi/lfi-keyed.yaml

@@ -6,6 +6,8 @@ info:
   severity: unknown
   reference:
     - https://owasp.org/www-community/attacks/Unicode_Encoding
+  metadata:
+    max-request: 25
   tags: dast,pathtraversal,lfi
 
 variables:

dast/vulnerabilities/lfi/linux-lfi-fuzz.yaml

@@ -7,6 +7,8 @@ info:
   reference:
     - https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Directory%20Traversal/Intruder/directory_traversal.txt
     - https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion
+  metadata:
+    max-request: 46
   tags: lfi,dast,linux
 
 http:

dast/vulnerabilities/lfi/windows-lfi-fuzz.yaml

@@ -4,6 +4,8 @@ info:
   name: Local File Inclusion - Windows
   author: pussycat0x
   severity: high
+  metadata:
+    max-request: 39
   tags: lfi,windows,dast
 
 http:

dast/vulnerabilities/redirect/open-redirect.yaml

@@ -4,6 +4,8 @@ info:
   name: Open Redirect Detection
   author: princechaddha
   severity: medium
+  metadata:
+    max-request: 1
   tags: redirect,dast
 
 http:

dast/vulnerabilities/rfi/generic-rfi.yaml

@@ -6,6 +6,8 @@ info:
   severity: high
   reference:
     - https://www.invicti.com/learn/remote-file-inclusion-rfi/
+  metadata:
+    max-request: 1
   tags: rfi,dast,oast
 
 http:

dast/vulnerabilities/sqli/sqli-error-based.yaml

@@ -8,6 +8,8 @@ info:
     Direct SQL Command Injection is a technique where an attacker creates or alters existing SQL commands to expose hidden data,
     or to override valuable ones, or even to execute dangerous system level commands on the database host.
     This is accomplished by the application taking user input and combining it with static parameters to build an SQL query .
+  metadata:
+    max-request: 3
   tags: sqli,error,dast
 
 http:

dast/vulnerabilities/ssrf/blind-ssrf.yaml

@@ -4,6 +4,8 @@ info:
   name: Blind SSRF OAST Detection
   author: pdteam
   severity: medium
+  metadata:
+    max-request: 3
   tags: ssrf,dast,oast
 
 http:

dast/vulnerabilities/ssrf/response-ssrf.yaml

@@ -6,6 +6,8 @@ info:
   severity: high
   reference:
     - https://github.com/bugcrowd/HUNT/blob/master/ZAP/scripts/passive/SSRF.py
+  metadata:
+    max-request: 12
   tags: ssrf,dast
 
 http:

dast/vulnerabilities/ssti/reflection-ssti.yaml

@@ -7,6 +7,8 @@ info:
   reference:
     - https://github.com/zaproxy/zap-extensions/blob/2d9898900abe85a47b9fe0ceb85ec39070816b98/addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/SstiScanRule.java
     - https://github.com/DiogoMRSilva/websitesVulnerableToSSTI#list-of-seversneeds-update
+  metadata:
+    max-request: 14
   tags: ssti,dast
 
 variables:

dast/vulnerabilities/xss/reflected-xss.yaml

@@ -4,6 +4,8 @@ info:
   name: Reflected Cross Site Scripting
   author: pdteam
   severity: medium
+  metadata:
+    max-request: 1
   tags: xss,rxss,dast
 
 variables:

dast/vulnerabilities/xxe/generic-xxe.yaml

@@ -6,6 +6,8 @@ info:
   severity: medium
   reference:
     - https://github.com/andresriancho/w3af/blob/master/w3af/plugins/audit/xxe.py
+  metadata:
+    max-request: 2
   tags: dast,xxe
 
 variables:

file/keys/credential-exposure-file.yaml

@@ -5,7 +5,7 @@ info:
   author: Sy3Omda,geeknik,forgedhallpass,ayadi
   severity: unknown
   description: Check for multiple keys/tokens/passwords hidden inside of files.
-  tags: exposure,token,file,disclosure
+  tags: exposure,token,file,disclosure,keys
 # Extract secrets regex like api keys, password, token, etc ... for different services.
 # Always validate the leaked key/tokens/passwords to make sure it's valid, a token/keys without any impact is not an valid issue.
 # Severity is not fixed in this case, it varies from none to critical depending upon impact of disclosed key/tokes.

http/cves/2000/CVE-2000-0114.yaml

@@ -20,7 +20,7 @@ info:
     cve-id: CVE-2000-0114
     cwe-id: NVD-CWE-Other
     epss-score: 0.15958
-    epss-percentile: 0.95829
+    epss-percentile: 0.95841
     cpe: cpe:2.3:a:microsoft:internet_information_server:3.0:*:*:*:*:*:*:*
   metadata:
     max-request: 1

http/cves/2005/CVE-2005-3634.yaml

@@ -23,7 +23,7 @@ info:
     cve-id: CVE-2005-3634
     cwe-id: NVD-CWE-Other
     epss-score: 0.02843
-    epss-percentile: 0.897
+    epss-percentile: 0.90511
     cpe: cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*
   metadata:
     max-request: 1

http/cves/2007/CVE-2007-3010.yaml

@@ -22,7 +22,7 @@ info:
     cve-id: CVE-2007-3010
     cwe-id: CWE-20
     epss-score: 0.97317
-    epss-percentile: 0.99868
+    epss-percentile: 0.99867
     cpe: cpe:2.3:a:alcatel-lucent:omnipcx:7.1:*:enterprise:*:*:*:*:*
   metadata:
     verified: true
@@ -31,7 +31,7 @@ info:
     product: omnipcx
     shodan-query: title:"OmniPCX for Enterprise"
     fofa-query: app="Alcatel_Lucent-OmniPCX-Enterprise"
-  tags: cve,cve2007,kev,rce,alcatel
+  tags: cve,cve2007,kev,rce,alcatel,alcatel-lucent
 
 http:
   - method: GET

http/cves/2008/CVE-2008-1059.yaml

@@ -22,7 +22,7 @@ info:
     cve-id: CVE-2008-1059
     cwe-id: CWE-94
     epss-score: 0.01493
-    epss-percentile: 0.86573
+    epss-percentile: 0.86593
     cpe: cpe:2.3:a:wordpress:sniplets_plugin:1.1.2:*:*:*:*:*:*:*
   metadata:
     max-request: 1

http/cves/2008/CVE-2008-1061.yaml

@@ -25,11 +25,10 @@ info:
     epss-percentile: 0.77516
     cpe: cpe:2.3:a:wordpress:sniplets_plugin:1.1.2:*:*:*:*:*:*:*
   metadata:
-    max-request: 1
+    max-request: 2
     vendor: wordpress
-    product: sniplets_plugin
+    product: "sniplets_plugin"
   tags: cve2008,cve,xss,wp-plugin,wp,edb,wpscan,wordpress,sniplets
-
 flow: http(1) && http(2)
 
 http:

http/cves/2008/CVE-2008-1547.yaml

@@ -22,7 +22,7 @@ info:
     cve-id: CVE-2008-1547
     cwe-id: CWE-601
     epss-score: 0.03875
-    epss-percentile: 0.9108
+    epss-percentile: 0.91757
     cpe: cpe:2.3:a:microsoft:exchange_server:2003:sp2:*:*:*:*:*:*
   metadata:
     max-request: 2

http/cves/2008/CVE-2008-2650.yaml

@@ -22,7 +22,7 @@ info:
     cve-id: CVE-2008-2650
     cwe-id: CWE-22
     epss-score: 0.06344
-    epss-percentile: 0.93486
+    epss-percentile: 0.93508
     cpe: cpe:2.3:a:cmsimple:cmsimple:3.1:*:*:*:*:*:*:*
   metadata:
     max-request: 1

http/cves/2008/CVE-2008-5587.yaml

@@ -21,7 +21,7 @@ info:
     cve-id: CVE-2008-5587
     cwe-id: CWE-22
     epss-score: 0.02331
-    epss-percentile: 0.88625
+    epss-percentile: 0.89531
     cpe: cpe:2.3:a:phppgadmin:phppgadmin:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1

http/cves/2008/CVE-2008-6080.yaml

@@ -20,7 +20,7 @@ info:
     cve-id: CVE-2008-6080
     cwe-id: CWE-22
     epss-score: 0.03314
-    epss-percentile: 0.90395
+    epss-percentile: 0.91148
     cpe: cpe:2.3:a:codecall:com_ionfiles:4.4.2:*:*:*:*:*:*:*
   metadata:
     max-request: 1

http/cves/2008/CVE-2008-6222.yaml

@@ -13,13 +13,14 @@ info:
     - https://www.exploit-db.com/exploits/6980
     - https://nvd.nist.gov/vuln/detail/CVE-2008-6222
     - https://exchange.xforce.ibmcloud.com/vulnerabilities/46356
+    - https://github.com/ARPSyndicate/kenzer-templates
   classification:
     cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
     cvss-score: 5
     cve-id: CVE-2008-6222
     cwe-id: CWE-22
-    epss-score: 0.01029
-    epss-percentile: 0.82175
+    epss-score: 0.01302
+    epss-percentile: 0.85607
     cpe: cpe:2.3:a:joomlashowroom:pro_desk_support_center:1.0:*:*:*:*:*:*:*
   metadata:
     max-request: 1

http/cves/2008/CVE-2008-6982.yaml

@@ -15,13 +15,14 @@ info:
     - http://sourceforge.net/projects/devalcms/files/devalcms/devalcms-1.4b/devalcms-1.4b.zip/download
     - https://nvd.nist.gov/vuln/detail/CVE-2008-6982
     - https://exchange.xforce.ibmcloud.com/vulnerabilities/44940
+    - https://github.com/ARPSyndicate/kenzer-templates
   classification:
     cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
     cvss-score: 4.3
     cve-id: CVE-2008-6982
     cwe-id: CWE-79
     epss-score: 0.0038
-    epss-percentile: 0.70097
+    epss-percentile: 0.72554
     cpe: cpe:2.3:a:devalcms:devalcms:1.4a:*:*:*:*:*:*:*
   metadata:
     verified: true