Merge branch 'main' into main

luisfelipesec · Oct 25, 2023 · f998197 · f998197
2 parents bb2b614 + cc57701
commit f998197
Show file tree

Hide file tree

Showing 2,241 changed files with 6,687 additions and 6,299 deletions.
diff --git a/.new-additions b/.new-additions
@@ -1,4 +1,7 @@
+http/exposed-panels/opentouch-multimediaservices-panel.yaml
 http/exposed-panels/rcdevs-webadm-panel.yaml
+http/exposed-panels/solarwinds-arm-panel.yaml
+http/exposed-panels/webtitan-cloud-panel.yaml
 http/misconfiguration/unauth-opache-control-panel.yaml
 http/technologies/atlassian-connect-descriptor.yaml
 http/vulnerabilities/cisco/cisco-broadworks-log4j-rce.yaml
@@ -8,6 +11,7 @@ http/vulnerabilities/other/f-secure-policymanager-log4j-rce.yaml
 http/vulnerabilities/other/flexnet-log4j-rce.yaml
 http/vulnerabilities/other/fortiportal-log4j-rce.yaml
 http/vulnerabilities/other/jitsi-meet-log4j-rce.yaml
+http/vulnerabilities/other/livebos-file-read.yaml
 http/vulnerabilities/other/logstash-log4j-rce.yaml
 http/vulnerabilities/other/manage-engine-dc-log4j-rce.yaml
 http/vulnerabilities/other/okta-log4j-rce.yaml
@@ -19,3 +23,4 @@ http/vulnerabilities/other/splunk-enterprise-log4j-rce.yaml
 http/vulnerabilities/other/symantec-sepm-log4j-rce.yaml
 http/vulnerabilities/wordpress/wp-kadence-blocks-rce.yaml
 javascript/enum/smb-enum.yaml
+javascript/network/detection/oracle-tns-listner.yaml
diff --git a/dns/elasticbeanstalk-takeover.yaml b/dns/elasticbeanstalk-takeover.yaml
@@ -34,7 +34,7 @@ dns:
     matchers:
       - type: regex
         regex:
-          - CNAME\t.*\.(us|af|ap|ca|eu|me|sa|il)\-(north|east|west|south|northeast|southeast|central)\-[1-9]+\.elasticbeanstalk\.com
+          - CNAME\t[a-z0-9_-]*\.(us|af|ap|ca|eu|me|sa|il)\-(north|east|west|south|northeast|southeast|central)\-[1-9]+\.elasticbeanstalk\.com
 
       - type: word
         words:
@@ -45,4 +45,4 @@ dns:
         dsl:
           - cname
 
-# digest: 4a0a00473045022012f08819e11892c111bb05687d15d7778724b0c8a0dc3b273942a808abb8db5d022100975f67abe8561aaf4ce70dae68f9e690a349735e2182fbf3cf0d1576d0e12d87:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100b17bf9a80ae6819d64cc1a58b2cf349b843548dcbfd9d9455230cace98f79b04022100cec30c98b7df5b5d7d359146fb95c16c511856e3d7648b50b0a3e671e4b81b01:922c64590222798bb761d5b6d8e72950
diff --git a/file/url-analyse/url-extension-inspector.yaml b/file/url-analyse/url-extension-inspector.yaml
@@ -22,227 +22,227 @@ file:
       - type: regex
         name: Backup file
         regex:
-          - "(?i)(\\.bak|\\.backup|\\.bkp|\\._bkp|\\.bk|\\.BAK)"
+          - "(?i)(\\.bak|\\.backup|\\.bkp|\\._bkp|\\.bk|\\.BAK)('|\")"
 
       - type: regex
         name: PHP Source
         regex:
-          - "(?i)(\\.php)(\\.~|\\.bk|\\.bak|\\.bkp|\\.BAK|\\.swp|\\.swo|\\.swn|\\.tmp|\\.save|\\.old|\\.new|\\.orig|\\.dist|\\.txt|\\.disabled|\\.original|\\.backup|\\._back|\\._1\\.bak|~|!|\\.0|\\.1|\\.2|\\.3)"
+          - "(?i)(\\.php)(\\.~|\\.bk|\\.bak|\\.bkp|\\.BAK|\\.swp|\\.swo|\\.swn|\\.tmp|\\.save|\\.old|\\.new|\\.orig|\\.dist|\\.txt|\\.disabled|\\.original|\\.backup|\\._back|\\._1\\.bak|~|!|\\.0|\\.1|\\.2|\\.3)('|\")"
 
       - type: regex
         name: ASP Source
         regex:
-          - "(?i)(\\.asp)(\\.~|\\.bk|\\.bak|\\.bkp|\\.BAK|\\.swp|\\.swo|\\.swn|\\.tmp|\\.save|\\.old|\\.new|\\.orig|\\.dist|\\.txt|\\.disabled|\\.original|\\.backup|\\._back|\\._1\\.bak|~|!|\\.0|\\.1|\\.2|\\.3)"
+          - "(?i)(\\.asp)(\\.~|\\.bk|\\.bak|\\.bkp|\\.BAK|\\.swp|\\.swo|\\.swn|\\.tmp|\\.save|\\.old|\\.new|\\.orig|\\.dist|\\.txt|\\.disabled|\\.original|\\.backup|\\._back|\\._1\\.bak|~|!|\\.0|\\.1|\\.2|\\.3)('|\")"
 
       - type: regex
         name: Database file
         regex:
-          - "(?i)\\.db|\\.sql"
+          - "(?i)\\.db|\\.sql('|\")"
 
       - type: regex
         name: Bash script
         regex:
-          - "(?i)\\.sh|\\.bashrc|\\.zshrc"
+          - "(?i)(\\.sh|\\.bashrc|\\.zshrc)('|\")"
 
       - type: regex
         name: 1Password password manager database file
         regex:
-          - "(?i)\\.agilekeychain"
+          - "(?i)\\.agilekeychain('|\")"
 
       - type: regex
         name: ASP configuration file
         regex:
-          - "(?i)\\.asa"
+          - "(?i)\\.asa('|\")"
 
       - type: regex
         name: Apple Keychain database file
         regex:
-          - "(?i)\\.keychain"
+          - "(?i)\\.keychain('|\")"
 
       - type: regex
         name: Azure service configuration schema file
         regex:
-          - "(?i)\\.cscfg"
+          - "(?i)\\.cscfg('|\")"
 
       - type: regex
         name: Compressed archive file
         regex:
-          - "(?i)(\\.zip|\\.gz|\\.tar|\\.rar|\\.tgz)"
+          - "(?i)(\\.zip|\\.gz|\\.tar|\\.rar|\\.tgz)('|\")"
 
       - type: regex
         name: Configuration file
         regex:
-          - "(?i)(\\.ini|\\.config|\\.conf)"
+          - "(?i)(\\.ini|\\.config|\\.conf)('|\")"
 
       - type: regex
         name: Day One journal file
         regex:
-          - "(?i)\\.dayone"
+          - "(?i)\\.dayone('|\")"
 
       - type: regex
         name: Document file
         regex:
-          - "(?i)(\\.doc|\\.docx|\\.rtf)"
+          - "(?i)(\\.doc|\\.docx|\\.rtf)('|\")"
 
       - type: regex
         name: GnuCash database file
         regex:
-          - "(?i)\\.gnucash"
+          - "(?i)\\.gnucash('|\")"
 
       - type: regex
         name: Include file
         regex:
-          - "(?i)\\.inc"
+          - "(?i)\\.inc('|\")"
 
       - type: regex
         name: XML file
         regex:
-          - "(?i)\\.xml"
+          - "(?i)\\.xml('|\")"
 
       - type: regex
         name: Old file
         regex:
-          - "(?i)\\.old"
+          - "(?i)\\.old('|\")"
 
       - type: regex
         name: Log file
         regex:
-          - "(?i)\\.log"
+          - "(?i)\\.log('|\")"
 
       - type: regex
         name: Java file
         regex:
-          - "(?i)\\.java"
+          - "(?i)\\.java('|\")"
 
       - type: regex
         name: SQL dump file
         regex:
-          - "(?i)\\.sql"
+          - "(?i)\\.sql('|\")"
 
       - type: regex
         name: Excel file
         regex:
-          - "(?i)(\\.xls|\\.xlsx|\\.csv)"
+          - "(?i)(\\.xls|\\.xlsx|\\.csv)('|\")"
 
       - type: regex
         name: Certificate file
         regex:
-          - "(?i)(\\.cer|\\.crt|\\.p7b)"
+          - "(?i)(\\.cer|\\.crt|\\.p7b)('|\")"
 
       - type: regex
         name: Java key storte
         regex:
-          - "(?i)\\.jks"
+          - "(?i)\\.jks('|\")"
 
       - type: regex
         name: KDE Wallet Manager database file
         regex:
-          - "(?i)\\.kwallet"
+          - "(?i)\\.kwallet('|\")"
 
       - type: regex
         name: Little Snitch firewall configuration file
         regex:
-          - "(?i)\\.xpl"
+          - "(?i)\\.xpl('|\")"
 
       - type: regex
         name: Microsoft BitLocker Trusted Platform Module password file
         regex:
-          - "(?i)\\.tpm"
+          - "(?i)\\.tpm('|\")"
 
       - type: regex
         name: Microsoft BitLocker recovery key file
         regex:
-          - "(?i)\\.bek"
+          - "(?i)\\.bek('|\")"
 
       - type: regex
         name: Microsoft SQL database file
         regex:
-          - "(?i)\\.mdf"
+          - "(?i)\\.mdf('|\")"
 
       - type: regex
         name: Microsoft SQL server compact database file
         regex:
-          - "(?i)\\.sdf"
+          - "(?i)\\.sdf('|\")"
 
       - type: regex
         name: Network traffic capture file
         regex:
-          - "(?i)\\.pcap"
+          - "(?i)\\.pcap('|\")"
 
       - type: regex
         name: OpenVPN client configuration file
         regex:
-          - "(?i)\\.ovpn"
+          - "(?i)\\.ovpn('|\")"
 
       - type: regex
         name: PDF file
         regex:
-          - "(?i)\\.pdf"
+          - "(?i)\\.pdf('|\")"
 
       - type: regex
         name: PHP file
         regex:
-          - "(?i)\\.pcap"
+          - "(?i)\\.pcap('|\")"
 
       - type: regex
         name: Password Safe database file
         regex:
-          - "(?i)\\.psafe3"
+          - "(?i)\\.psafe3('|\")"
 
       - type: regex
         name: Potential configuration file
         regex:
-          - "(?i)\\.yml"
+          - "(?i)\\.yml('|\")"
 
       - type: regex
         name: Potential cryptographic key bundle
         regex:
-          - "(?i)(\\.pkcs12|\\.p12|\\.pfx|\\.asc|\\.pem)"
+          - "(?i)(\\.pkcs12|\\.p12|\\.pfx|\\.asc|\\.pem)('|\")"
 
       - type: regex
         name: Potential private key
         regex:
-          - "(?i)otr.private_key"
+          - "(?i)otr.private_key('|\")"
 
       - type: regex
         name: Presentation file
         regex:
-          - "(?i)(\\.ppt|\\.pptx)"
+          - "(?i)(\\.ppt|\\.pptx)('|\")"
 
       - type: regex
         name: Python file
         regex:
-          - "(?i)\\.py"
+          - "(?i)\\.py('|\")"
 
       - type: regex
         name: Remote Desktop connection file
         regex:
-          - "(?i)\\.rdp"
+          - "(?i)\\.rdp('|\")"
 
       - type: regex
         name: Ruby On Rails file
         regex:
-          - "(?i)\\.rb"
+          - "(?i)\\.rb('|\")"
 
       - type: regex
         name: SQLite database file
         regex:
-          - "(?i)\\.sqlite|\\.sqlitedb"
+          - "(?i)\\.sqlite|\\.sqlitedb('|\")"
 
       - type: regex
         name: SQLite3 database file
         regex:
-          - "(?i)\\.sqlite3"
+          - "(?i)\\.sqlite3('|\")"
 
       - type: regex
         name: Sequel Pro MySQL database manager bookmark file
         regex:
-          - "(?i)\\.plist"
+          - "(?i)\\.plist('|\")"
 
       - type: regex
         name: Shell configuration file
         regex:
-          - "(?i)(\\.exports|\\.functions|\\.extra)"
+          - "(?i)(\\.exports|\\.functions|\\.extra)('|\")"
 
       - type: regex
         name: Temporary file
@@ -252,21 +252,21 @@ file:
       - type: regex
         name: Terraform variable config file
         regex:
-          - "(?i)\\.tfvars"
+          - "(?i)\\.tfvars('|\")"
 
       - type: regex
         name: Text file
         regex:
-          - "(?i)\\.txt"
+          - "(?i)\\.txt('|\")"
 
       - type: regex
         name: Tunnelblick VPN configuration file
         regex:
-          - "(?i)\\.tblk"
+          - "(?i)\\.tblk('|\")"
 
       - type: regex
         name: Windows BitLocker full volume encrypted data file
         regex:
-          - "(?i)\\.fve"
+          - "(?i)\\.fve('|\")"
 
 # digest: 490a0046304402203342df27b75080be4762275375e19b63832c89211544474786cce395d13a433302205bfa8b32a8b5f202b6562cc5ac1e8ea50086bca8c54ce36eec20e82d30449b22:922c64590222798bb761d5b6d8e72950
diff --git a/helpers/wordpress/plugins/breeze.txt b/helpers/wordpress/plugins/breeze.txt
@@ -1 +1 @@
-2.0.30
+2.0.31
diff --git a/helpers/wordpress/plugins/insert-headers-and-footers.txt b/helpers/wordpress/plugins/insert-headers-and-footers.txt
@@ -1,5 +1 @@
-<<<<<<< HEAD
-2.1.4.1
-=======
-2.1.3.1
->>>>>>> parent of 668b37f13f (Auto WordPress Plugins Update [Tue Oct 24 04:12:08 UTC 2023] :robot:)
+2.1.4.1
diff --git a/helpers/wordpress/plugins/jetpack.txt b/helpers/wordpress/plugins/jetpack.txt
@@ -1 +1 @@
-12.7
+12.7.1
diff --git a/helpers/wordpress/plugins/newsletter.txt b/helpers/wordpress/plugins/newsletter.txt
@@ -1 +1 @@
-8.0.0
+8.0.1
diff --git a/helpers/wordpress/plugins/safe-svg.txt b/helpers/wordpress/plugins/safe-svg.txt
@@ -1 +1 @@
-2.2.0
+2.2.1
diff --git a/helpers/wordpress/plugins/woocommerce-services.txt b/helpers/wordpress/plugins/woocommerce-services.txt
@@ -1 +1 @@
-2.3.6
+2.3.7
diff --git a/helpers/wordpress/plugins/wordfence.txt b/helpers/wordpress/plugins/wordfence.txt
@@ -1 +1 @@
-7.10.4
+7.10.5
diff --git a/http/cves/2000/CVE-2000-0114.yaml b/http/cves/2000/CVE-2000-0114.yaml
@@ -16,7 +16,7 @@ info:
     cve-id: CVE-2000-0114
     cwe-id: NVD-CWE-Other
     epss-score: 0.09258
-    epss-percentile: 0.93985
+    epss-percentile: 0.9399
     cpe: cpe:2.3:a:microsoft:internet_information_server:3.0:*:*:*:*:*:*:*
   metadata:
     max-request: 1
@@ -40,4 +40,4 @@ http:
         status:
           - 200
 
-# digest: 490a004630440220594d6a119bc8822cc12ed51258331574b808b7067fa020195bea46ffecd75f130220164dcf7671458ddd47f0d40ba026333ad9b8f119df5d40b4d7d930da0a8fa1d9:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100979a15726953b32b1ed7447a7549e4a290fda526da4f5bfc06321eda21d01454022079ae1ec19cf8e121523ce85500f2a0df18e13a7d38658256430f72e47f430a78:922c64590222798bb761d5b6d8e72950