20241022

date.txt

@@ -1 +1 @@
-20241021
+20241022

poc.txt

@@ -3469,6 +3469,7 @@
 ./poc/auth/idemia-biometrics-default-login-8140.yaml
 ./poc/auth/idemia-biometrics-default-login-8141.yaml
 ./poc/auth/idemia-biometrics-default-login.yaml
+./poc/auth/identification-auth-failures.yaml
 ./poc/auth/ikuai-login-panel.yaml
 ./poc/auth/imgproxy-unauth.yaml
 ./poc/auth/imm-default-login.yaml
@@ -7857,6 +7858,7 @@
 ./poc/config/samba-config.yaml
 ./poc/config/sangfor-sysuser-conf.yaml
 ./poc/config/scrutinizer-config.yaml
+./poc/config/security-misconfiguration.yaml
 ./poc/config/seeyon-a6-config-disclosure.yaml
 ./poc/config/server-config-exposure.yaml
 ./poc/config/servicenow-widget-misconfig.yaml
@@ -33534,6 +33536,8 @@
 ./poc/cve/CVE-2024-0984-71d91175d296ca328f8e62ec29060567.yaml
 ./poc/cve/CVE-2024-0984.yaml
 ./poc/cve/CVE-2024-0986.yaml
+./poc/cve/CVE-2024-10002-71345796cb4129b3fb6d852524945f8d.yaml
+./poc/cve/CVE-2024-10003-80927643a11133e8ee1977195d97aaa0.yaml
 ./poc/cve/CVE-2024-10014-287fb7ccc9db018318f62de1bc8e246a.yaml
 ./poc/cve/CVE-2024-10014.yaml
 ./poc/cve/CVE-2024-10040-ee8183e3617c63ac904e5e710044f265.yaml
@@ -33550,6 +33554,7 @@
 ./poc/cve/CVE-2024-10079.yaml
 ./poc/cve/CVE-2024-10080-e752dddf0fc4544c6494ed49850e78fe.yaml
 ./poc/cve/CVE-2024-10080.yaml
+./poc/cve/CVE-2024-10189-c70ac469531f5752b3a747a22314dda8.yaml
 ./poc/cve/CVE-2024-1021.yaml
 ./poc/cve/CVE-2024-1037-b7f7f3d961a0c33ea429c4b0e05a6902.yaml
 ./poc/cve/CVE-2024-1037.yaml
@@ -42134,6 +42139,7 @@
 ./poc/cve/CVE-2024-49232.yaml
 ./poc/cve/CVE-2024-49233-261ba1e19db5d8ea0ca73754d2643b65.yaml
 ./poc/cve/CVE-2024-49233.yaml
+./poc/cve/CVE-2024-49234-287d2d4dd3874686e9c59c7e063b8dd3.yaml
 ./poc/cve/CVE-2024-49234-2a3ec3b8e61e55817a7572435c2420a7.yaml
 ./poc/cve/CVE-2024-49234.yaml
 ./poc/cve/CVE-2024-49235-398d09065c9d52a66ebe7e2938bdcb0f.yaml
@@ -42192,9 +42198,11 @@
 ./poc/cve/CVE-2024-49261.yaml
 ./poc/cve/CVE-2024-49262-58c69b03aeac6a6c2f651a6fea576e10.yaml
 ./poc/cve/CVE-2024-49262.yaml
+./poc/cve/CVE-2024-49263-7552f0828dc77994e8b6111bcc07c62e.yaml
 ./poc/cve/CVE-2024-49263-8116ee4a4f994fa893383c133a8a6d59.yaml
 ./poc/cve/CVE-2024-49263.yaml
 ./poc/cve/CVE-2024-49264-6976ce8ecee9f1b1023d1b5f178241f2.yaml
+./poc/cve/CVE-2024-49264-bce9a4493c3e0acb08816861aa7e69a0.yaml
 ./poc/cve/CVE-2024-49264.yaml
 ./poc/cve/CVE-2024-49265-876650119d03582057b884e74652dcf7.yaml
 ./poc/cve/CVE-2024-49265.yaml
@@ -42270,6 +42278,7 @@
 ./poc/cve/CVE-2024-49304.yaml
 ./poc/cve/CVE-2024-49305-ec750a30a095a0ecaf36eb7e4f2b32f3.yaml
 ./poc/cve/CVE-2024-49305.yaml
+./poc/cve/CVE-2024-49306-0bb0318ccc4bea732c4bdca26fccb3c9.yaml
 ./poc/cve/CVE-2024-49306-1cdf03661e0a2c823137f9050fb9576e.yaml
 ./poc/cve/CVE-2024-49306.yaml
 ./poc/cve/CVE-2024-49307-da66eb5866b3f5651906f6c0badd8c14.yaml
@@ -42279,6 +42288,7 @@
 ./poc/cve/CVE-2024-49309-2743490b9daf5d0d5caf695b0ef2e8a9.yaml
 ./poc/cve/CVE-2024-49309.yaml
 ./poc/cve/CVE-2024-49310-399f2ba734a2c77b22872cdde47bca7e.yaml
+./poc/cve/CVE-2024-49310-c0e73cd772d251a739b2435edee2bd31.yaml
 ./poc/cve/CVE-2024-49310.yaml
 ./poc/cve/CVE-2024-49311-38f42991b2728e11dfb591840cf7f7b8.yaml
 ./poc/cve/CVE-2024-49311.yaml
@@ -44192,8 +44202,10 @@
 ./poc/cve/CVE-2024-8513.yaml
 ./poc/cve/CVE-2024-8514-d1287e8f3b1069f2713d7c995f6bc945.yaml
 ./poc/cve/CVE-2024-8514.yaml
+./poc/cve/CVE-2024-8515-4fab457421fd53fdaacbeb1402844959.yaml
 ./poc/cve/CVE-2024-8515-c4009c842ec692ba826e1dd27a89a08d.yaml
 ./poc/cve/CVE-2024-8515.yaml
+./poc/cve/CVE-2024-8516-8fbfc934c79036dfbd5a416f6fefcf7e.yaml
 ./poc/cve/CVE-2024-8516-b0ae53f5d8bc37643f2a8b5730bca703.yaml
 ./poc/cve/CVE-2024-8516.yaml
 ./poc/cve/CVE-2024-8519-c09aac3ec9eb3ec8e899518d68fbb383.yaml
@@ -44379,6 +44391,7 @@
 ./poc/cve/CVE-2024-8850-0902b81489aa227f3c7bf015ba1bc328.yaml
 ./poc/cve/CVE-2024-8850-c5767b8067af0d0ab764024c9d8b2952.yaml
 ./poc/cve/CVE-2024-8850.yaml
+./poc/cve/CVE-2024-8852-5434e9f4c6616aa0da6a6e79ca2414d1.yaml
 ./poc/cve/CVE-2024-8853-4af00fcf0e5fb8017cf4fcd8671e540c.yaml
 ./poc/cve/CVE-2024-8853.yaml
 ./poc/cve/CVE-2024-8858-85931089ed9ebbb07f095bbb884fe4d0.yaml
@@ -44568,6 +44581,7 @@
 ./poc/cve/CVE-2024-9228-5d6c269fdf1aad171438d76ce7eba27a.yaml
 ./poc/cve/CVE-2024-9228-b8423e6fcac2024db44fa444099a9f5b.yaml
 ./poc/cve/CVE-2024-9228.yaml
+./poc/cve/CVE-2024-9231-db808094493fa9c79c27a8695747553b.yaml
 ./poc/cve/CVE-2024-9232-ae04b408f1f5990a6794318169fc173c.yaml
 ./poc/cve/CVE-2024-9232.yaml
 ./poc/cve/CVE-2024-9234-a70b6d1b82b579fc4a6ae49321787247.yaml
@@ -44699,6 +44713,7 @@
 ./poc/cve/CVE-2024-9538.yaml
 ./poc/cve/CVE-2024-9540-16b50ef118163619f4eb48f582dee59f.yaml
 ./poc/cve/CVE-2024-9540.yaml
+./poc/cve/CVE-2024-9541-720c3bbef5faf4e37833433865e32bd5.yaml
 ./poc/cve/CVE-2024-9543-2a84b7caa56d7b7baa1f298aba568720.yaml
 ./poc/cve/CVE-2024-9543.yaml
 ./poc/cve/CVE-2024-9546-393c04a252e7afb4c4921ddce751cf73.yaml
@@ -44717,6 +44732,10 @@
 ./poc/cve/CVE-2024-9587-9addb86845d8c338383a9caf97ac21e2.yaml
 ./poc/cve/CVE-2024-9587-cd342c17bf770ce7412f8a55478ea774.yaml
 ./poc/cve/CVE-2024-9587.yaml
+./poc/cve/CVE-2024-9588-85ec1c6254ec8125746585f3ac5317bc.yaml
+./poc/cve/CVE-2024-9589-f895fb648dc6ecd1d8cb0e28c34a5040.yaml
+./poc/cve/CVE-2024-9590-d335833612c12a3934657fc9b0690fce.yaml
+./poc/cve/CVE-2024-9591-26f35871fb392b482473e0ce75b175fb.yaml
 ./poc/cve/CVE-2024-9592-fff4a8a541e39d94b5f0980d29acdfe3.yaml
 ./poc/cve/CVE-2024-9592.yaml
 ./poc/cve/CVE-2024-9593-4b4e0d7ea60712fca2be81e1fce11f9a.yaml
@@ -44730,6 +44749,7 @@
 ./poc/cve/CVE-2024-9611.yaml
 ./poc/cve/CVE-2024-9616-74cbb74314a998222d17f0108bdd1b47.yaml
 ./poc/cve/CVE-2024-9616.yaml
+./poc/cve/CVE-2024-9627-609d2082cbf88b0e9c345dfb753e9c47.yaml
 ./poc/cve/CVE-2024-9634-d865b6fc0ac9d8d7dca8d3f6df89b5a1.yaml
 ./poc/cve/CVE-2024-9634.yaml
 ./poc/cve/CVE-2024-9647-7e123a97b0971ee91cbec517bbcda15d.yaml
@@ -59235,6 +59255,7 @@
 ./poc/injection/injection-guard-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml
 ./poc/injection/injection-guard-plugin.yaml
 ./poc/injection/injection-guard.yaml
+./poc/injection/injection.yaml
 ./poc/injection/jinhe-oa-cj6-getattout-sql-injection.yaml
 ./poc/injection/joomla-host-injection.yaml
 ./poc/injection/leaguemanager-sql-injection.yaml
@@ -76495,6 +76516,7 @@
 ./poc/other/Securestack-check.yaml
 ./poc/other/SecurestackWorkflow.yaml
 ./poc/other/Seeyou-ReportServer.yaml
+./poc/other/Server-Side-Request-Forgery.yaml
 ./poc/other/SharpTV.yaml
 ./poc/other/SiteCore.yaml
 ./poc/other/Socks4.yaml
@@ -76592,6 +76614,7 @@
 ./poc/other/TVE-2024-105272055.yaml
 ./poc/other/TVE-2024-105272125.yaml
 ./poc/other/TVE-2024-105272130.yaml
+./poc/other/TVE-2024-105272140.yaml
 ./poc/other/TVE-2024-105281100.yaml
 ./poc/other/TVE-2024-105291413.yaml
 ./poc/other/TVE-2024-105291421.yaml
@@ -76653,6 +76676,7 @@
 ./poc/other/X-Remote-IP.yaml
 ./poc/other/X-Rewrite-URL.yaml
 ./poc/other/X11Probe.yaml
+./poc/other/XVE-2024-2116.yaml
 ./poc/other/Yes-059f1c0288ee3dfe1136ff4836457838.yaml
 ./poc/other/Yes-06932c1cf219422c203a87afb2aadded.yaml
 ./poc/other/Yes-164a8e3ab16c6e174a4b2681f22484c6.yaml
@@ -78407,6 +78431,7 @@
 ./poc/other/anand.yaml
 ./poc/other/anbo-fileRead.yaml
 ./poc/other/anchiva-下一代防火墙.yaml
+./poc/other/anchor-episodes-index-58af0f18a5fcf1eb346c47b2a07233bf.yaml
 ./poc/other/anchor-episodes-index-80033c17bf2f62f1615040da4cb0855c.yaml
 ./poc/other/anchor-episodes-index-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml
 ./poc/other/anchor-episodes-index-plugin.yaml
@@ -80797,6 +80822,7 @@
 ./poc/other/broadscope-theme.yaml
 ./poc/other/broadscope.yaml
 ./poc/other/brocade-network-advisor.yaml
+./poc/other/broken-access-control.yaml
 ./poc/other/broken-cryptography.yaml
 ./poc/other/broken-link-checker-15c779eefd59e483a066caaa11cc6e81.yaml
 ./poc/other/broken-link-checker-270ab183c749d4d134ad66952b1d5225.yaml
@@ -83974,6 +84000,7 @@
 ./poc/other/cryptocurrency-widgets-pack-df87c30565c27eb58e0271f0dfd6d08b.yaml
 ./poc/other/cryptocurrency-widgets-pack.yaml
 ./poc/other/cryptocurrency.yaml
+./poc/other/cryptographic-failures.yaml
 ./poc/other/cryptxxx-dropper-malware.yaml
 ./poc/other/cryptxxx-malware.yaml
 ./poc/other/crywolf.yaml
@@ -91530,6 +91557,7 @@
 ./poc/other/insecure-content-warning-6c90b20a33edd819f7562bd7a9738958.yaml
 ./poc/other/insecure-content-warning.yaml
 ./poc/other/insecure-data-storage.yaml
+./poc/other/insecure-design.yaml
 ./poc/other/insecure-intent.yaml
 ./poc/other/insecure-pendingintent.yaml
 ./poc/other/insecure-provider-path.yaml
@@ -93603,6 +93631,7 @@
 ./poc/other/loggedin-5904437c0e4687f5fad38a49657b6f13.yaml
 ./poc/other/loggedin.yaml
 ./poc/other/logging-enable.yaml
+./poc/other/logging-monitoring-failures.yaml
 ./poc/other/logj4.yaml
 ./poc/other/logo-carousel-free-6a5c9b8f0001f00851bed5722f30e79a.yaml
 ./poc/other/logo-carousel-free-a965a63b9efc23785a762c4b8acba9c0.yaml
@@ -96079,6 +96108,7 @@
 ./poc/other/news-element.yaml
 ./poc/other/news-flash-d3c78ded753c2d5697cb56f6684f68ca.yaml
 ./poc/other/news-flash.yaml
+./poc/other/news-kit-elementor-addons-ba632fe2b740c260e31470629e4bce9b.yaml
 ./poc/other/news-wall.yaml
 ./poc/other/news.yaml
 ./poc/other/newsletter-076137f3175de41fb442730014b1bb5f.yaml
@@ -100906,6 +100936,8 @@
 ./poc/other/rough-chart.yaml
 ./poc/other/route-bypass.yaml
 ./poc/other/routes-ini.yaml
+./poc/other/rover-idx-1f34dcc286ffc93fb3e1b0d211037251.yaml
+./poc/other/rover-idx-62be7d19aacd1dc53511b643f4c494f8.yaml
 ./poc/other/row-seats-705b40740e42fe5417821b3880e5fc2b.yaml
 ./poc/other/row-seats-a95b8b6b9561d81849e245e8d18ae448.yaml
 ./poc/other/row-seats-d41d8cd98f00b204e9800998ecf8427e.yaml
@@ -103261,6 +103293,7 @@
 ./poc/other/softether-vpn.yaml
 ./poc/other/softnext-spam-sqr反垃圾邮件系统.yaml
 ./poc/other/softnext-spam.yaml
+./poc/other/software-integrity-failures.yaml
 ./poc/other/software-license-manager-02438a90e5cab2e347474ab67e16a2e0.yaml
 ./poc/other/software-license-manager-08f24ceaa9760ed4a8e1dcab46bbae35.yaml
 ./poc/other/software-license-manager-307b2ee4cef742e8f25d8c099f335e8b.yaml
@@ -118589,6 +118622,7 @@
 ./poc/sql/CVE-2024-9222-6d3211dbe3c26f975c3e1ae606af3b47.yaml
 ./poc/sql/CVE-2024-9225-8aa496476e08c8c664db47cbf34e8cf4.yaml
 ./poc/sql/CVE-2024-9228-b8423e6fcac2024db44fa444099a9f5b.yaml
+./poc/sql/CVE-2024-9231-db808094493fa9c79c27a8695747553b.yaml
 ./poc/sql/CVE-2024-9382-4e97289b6d15924ff13ebdb1ff9d487d.yaml
 ./poc/sql/CVE-2024-9521-4587dbff6356b28863ebeee1f7d9133f.yaml
 ./poc/sql/CVE-2024-9529-db7341b5bf720c2f45daca0a630903ae.yaml
@@ -120674,6 +120708,7 @@
 ./poc/sql/gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce-02c9318c107dbdb36f47600a527c3e5c.yaml
 ./poc/sql/gravitate-qa-tracker-215d8b5197b6f7aeb2d3dbfbc8015b87.yaml
 ./poc/sql/gravityforms-1a904b571e110f0e4b9a34c3db5f68eb.yaml
+./poc/sql/green-wp-telegram-bot-by-teplitsa-f4d91a36f69a0a6db9e8b66dd5fbf50c.yaml
 ./poc/sql/greenshift-animation-and-page-builder-blocks-6477bf18cad6c823db485408d49b337b.yaml
 ./poc/sql/greenshift-animation-and-page-builder-blocks-e423087db1912dc71ed9a7fb3c664f80.yaml
 ./poc/sql/greenshift-animation-and-page-builder-blocks-f1f4db80fbee368982a32426ca676172.yaml
@@ -123293,6 +123328,7 @@
 ./poc/sql/wp-csv-to-database.yaml
 ./poc/sql/wp-custom-admin-interface-e7f4cac9b7138ea771801902dbf93547.yaml
 ./poc/sql/wp-custom-pages-4ecb0c3a43b68922bceefe42edb28dab.yaml
+./poc/sql/wp-custom-taxonomy-meta-03d615dbe0d467782bc97145da21db4c.yaml
 ./poc/sql/wp-custom-widget-area-1ea5db37756be1000588b9e7abbeedc9.yaml
 ./poc/sql/wp-dashboard-notes-2b4a88dbb7351e7d5e5abf5d4411034a.yaml
 ./poc/sql/wp-data-access-6477bf18cad6c823db485408d49b337b.yaml
@@ -127841,6 +127877,7 @@
 ./poc/wordpress/all-in-one-wp-migration-box-extension-1bca30bfa530491005d273161772bbf9.yaml
 ./poc/wordpress/all-in-one-wp-migration-box-extension.yaml
 ./poc/wordpress/all-in-one-wp-migration-c457cee6c5aa713c1063985f51820d05.yaml
+./poc/wordpress/all-in-one-wp-migration-d0602d88b7a2ebc8e02fc980ec9ff551.yaml
 ./poc/wordpress/all-in-one-wp-migration-d117a201289397334dc6793f85e0dcec.yaml
 ./poc/wordpress/all-in-one-wp-migration-d41d8cd98f00b204e9800998ecf8427e.yaml
 ./poc/wordpress/all-in-one-wp-migration-dbb57e02ddae00246143735ae023fd47.yaml
@@ -128469,6 +128506,7 @@
 ./poc/wordpress/gotowp.yaml
 ./poc/wordpress/graphql-apiforwp-detect.yaml
 ./poc/wordpress/graphql-wpgraphql-detect.yaml
+./poc/wordpress/green-wp-telegram-bot-by-teplitsa-f4d91a36f69a0a6db9e8b66dd5fbf50c.yaml
 ./poc/wordpress/gsheetconnector-wpforms-d2948c1dd9d5eb0f8df60f0e61ec629c.yaml
 ./poc/wordpress/gsheetconnector-wpforms-pro-d2948c1dd9d5eb0f8df60f0e61ec629c.yaml
 ./poc/wordpress/gsheetconnector-wpforms-pro.yaml
@@ -131140,6 +131178,10 @@
 ./poc/wordpress/wp-custom-tables-xss-11434.yaml
 ./poc/wordpress/wp-custom-tables-xss-11435.yaml
 ./poc/wordpress/wp-custom-tables-xss.yaml
+./poc/wordpress/wp-custom-taxonomy-image-ff69d9fcb5013b24ed5e9f0e28f264ca.yaml
+./poc/wordpress/wp-custom-taxonomy-meta-03d615dbe0d467782bc97145da21db4c.yaml
+./poc/wordpress/wp-custom-taxonomy-meta-1a57f82f58a521a35beef6631da85769.yaml
+./poc/wordpress/wp-custom-taxonomy-meta-71b559f4718ead12ce8f1c918463d75d.yaml
 ./poc/wordpress/wp-custom-widget-area-1ea5db37756be1000588b9e7abbeedc9.yaml
 ./poc/wordpress/wp-custom-widget-area.yaml
 ./poc/wordpress/wp-customer-reviews-352d038c1686829388214d7302c76842.yaml
@@ -131847,6 +131889,7 @@
 ./poc/wordpress/wp-food-manager.yaml
 ./poc/wordpress/wp-football-ab1c9b8c8ad02edb393b9c947c7bcf69.yaml
 ./poc/wordpress/wp-football.yaml
+./poc/wordpress/wp-footnote-xss.yaml
 ./poc/wordpress/wp-footnotes-b40c4ab6051d7b912eccdd919bfd8f70.yaml
 ./poc/wordpress/wp-footnotes.yaml
 ./poc/wordpress/wp-force-ssl-535af98dd21b180aed9353b26ab61bf4.yaml
@@ -132694,6 +132737,7 @@
 ./poc/wordpress/wp-members-88e4e1b584b84b271d582900c5f4302a.yaml
 ./poc/wordpress/wp-members-8db9f530e08181a4bd6b357664b8db50.yaml
 ./poc/wordpress/wp-members-d41d8cd98f00b204e9800998ecf8427e.yaml
+./poc/wordpress/wp-members-d9bd5a558214a2feec4d73014329df0f.yaml
 ./poc/wordpress/wp-members-e432ea791c693777e599927023287a95.yaml
 ./poc/wordpress/wp-members-e93bf812b439d7519b22bf169d48b8da.yaml
 ./poc/wordpress/wp-members-plugin-d41d8cd98f00b204e9800998ecf8427e.yaml
@@ -135779,6 +135823,7 @@
 ./poc/xss/akamai-arl-xss-249.yaml
 ./poc/xss/akamai-arl-xss.yaml
 ./poc/xss/analytify-plugin-xss.yaml
+./poc/xss/application-pass-xss.yaml
 ./poc/xss/avada-xss.yaml
 ./poc/xss/avaya-aura-xss.yaml
 ./poc/xss/avchat-video-chat-xss.yaml
@@ -136184,6 +136229,7 @@
 ./poc/xss/wp-flagem-xss-11453.yaml
 ./poc/xss/wp-flagem-xss-11454.yaml
 ./poc/xss/wp-flagem-xss.yaml
+./poc/xss/wp-footnote-xss.yaml
 ./poc/xss/wp-gutenberg-xss.yaml
 ./poc/xss/wp-insert-php-xss.yaml
 ./poc/xss/wp-knews-xss-11483.yaml

poc/auth/identification-auth-failures.yaml

@@ -0,0 +1,20 @@
+id: identification-auth-failures
+info:
+  name: Identification and Authentication Failures
+  author: Ali Baykara
+  severity: critical
+  description: |
+    Checks for vulnerabilities in login mechanisms and potential authentication bypasses.
+  tags: owasp, auth-failure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/login"
+    matchers:
+      - type: word
+        words:
+          - "admin"
+      - type: status
+        status:
+          - 200

poc/config/security-misconfiguration.yaml

@@ -0,0 +1,17 @@
+id: security-misconfiguration
+info:
+  name: Security Misconfiguration
+  author: Ali Baykara
+  severity: high
+  description: |
+    Detects common security misconfigurations such as exposed .env files that contain sensitive information.
+  tags: owasp, misconfiguration
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/.env"
+    matchers:
+      - type: word
+        words:
+          - "DB_PASSWORD"