Merge pull request #466 from m-1-k-3/exploit_updates

exploit databases updated
e-m-b-a · Jan 30, 2023 · d70c95b · d70c95b
2 parents e982d99 + 6955def
commit d70c95b
Show file tree

Hide file tree

Showing 7 changed files with 1,957 additions and 60 deletions.
diff --git a/config/PS_PoC_results.csv b/config/PS_PoC_results.csv
diff --git a/config/Snyk_PoC_results.csv b/config/Snyk_PoC_results.csv
diff --git a/config/emba_updater_data.init b/config/emba_updater_data.init
@@ -6,29 +6,29 @@ BASE_PATH="$(pwd)"
 LOG_DIR="/var/log"
 LOG_FILE="emba_update_data.log"
 
-[ -d EMBA_INSTALL_PATH ] || exit 0
-[ -d EMBA_INSTALL_PATH/helpers/ ] || exit 0
-[ -d "$LOG_DIR" ] || exit 0
+[ -d EMBA_INSTALL_PATH ] || exit 1
+[ -d EMBA_INSTALL_PATH/helpers/ ] || exit 1
+[ -d "$LOG_DIR" ] || exit 1
 
-cd EMBA_INSTALL_PATH || exit
+cd EMBA_INSTALL_PATH || exit 1
 
-echo -e "\n[*] Starttime: $(date)" | tee -a "$LOG_DIR"/"$LOG_FILE"
-echo -e "[*] EMBA data update - Metasploit framework module database" | tee -a "$LOG_DIR"/"$LOG_FILE"
+echo "\n[*] Starttime: $(date)" | tee -a "$LOG_DIR"/"$LOG_FILE"
+echo "[*] EMBA data update - Metasploit framework module database" | tee -a "$LOG_DIR"/"$LOG_FILE"
 ./helpers/metasploit_db_update.sh | tee -a "$LOG_DIR"/"$LOG_FILE"
 
-echo -e "\n[*] EMBA update - Known exploited database" | tee -a "$LOG_DIR"/"$LOG_FILE"
+echo "\n[*] EMBA update - Known exploited database" | tee -a "$LOG_DIR"/"$LOG_FILE"
 ./helpers/known_exploited_vulns_update.sh | tee -a "$LOG_DIR"/"$LOG_FILE"
 
-echo -e "\n[*] EMBA update - trickest database" | tee -a "$LOG_DIR"/"$LOG_FILE"
+echo "\n[*] EMBA update - trickest database" | tee -a "$LOG_DIR"/"$LOG_FILE"
 ./helpers/trickest_db_update.sh | tee -a "$LOG_DIR"/"$LOG_FILE"
 
-echo -e "\n[*] EMBA update - packetstorm database" | tee -a "$LOG_DIR"/"$LOG_FILE"
+echo "\n[*] EMBA update - packetstorm database" | tee -a "$LOG_DIR"/"$LOG_FILE"
 ./helpers/packet_storm_crawler.sh | tee -a "$LOG_DIR"/"$LOG_FILE"
 
-echo -e "\n[*] EMBA update - snyk database" | tee -a "$LOG_DIR"/"$LOG_FILE"
+echo "\n[*] EMBA update - snyk database" | tee -a "$LOG_DIR"/"$LOG_FILE"
 ./helpers/snyk_crawler.sh | tee -a "$LOG_DIR"/"$LOG_FILE"
 
 cd "$BASE_PATH" || exit
 
-echo -e "\n[*] Endtime: $(date)" | tee -a "$LOG_DIR"/"$LOG_FILE"
-echo -e "[*] EMBA data update - finished" | tee -a "$LOG_DIR"/"$LOG_FILE"
+echo "\n[*] Endtime: $(date)" | tee -a "$LOG_DIR"/"$LOG_FILE"
+echo "[*] EMBA data update - finished" | tee -a "$LOG_DIR"/"$LOG_FILE"
diff --git a/config/known_exploited_vulnerabilities.csv b/config/known_exploited_vulnerabilities.csv
@@ -870,3 +870,5 @@
 "CVE-2022-41080","Microsoft","Exchange Server","Microsoft Exchange Server Privilege Escalation Vulnerability","2023-01-10","Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution.","Apply updates per vendor instructions.","2023-01-31","https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41080"
 "CVE-2023-21674","Microsoft","Windows","Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability","2023-01-10","Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation.","Apply updates per vendor instructions.","2023-01-31","https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21674"
 "CVE-2022-44877","CWP","Control Web Panel","CWP Control Web Panel OS Command Injection Vulnerability","2023-01-17","CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter.","Apply updates per vendor instructions.","2023-02-07","https://control-webpanel.com/changelog#1669855527714-450fb335-6194"
+"CVE-2022-47966","Zoho","ManageEngine","Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability","2023-01-23","Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario.","Apply updates per vendor instructions.","2023-02-13","https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html"
+"CVE-2017-11357","Telerik","User Interface (UI) for ASP.NET AJAX","Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability","2023-01-26","Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution.","Apply updates per vendor instructions.","2023-02-16","https://docs.telerik.com/devtools/aspnet-ajax/knowledge-base/asyncupload-insecure-direct-object-reference"
diff --git a/config/msf_cve-db.txt b/config/msf_cve-db.txt
@@ -156,6 +156,7 @@
 /usr/share/metasploit-framework/modules/auxiliary/dos/http/wordpress_long_password_dos.rb:CVE-2014-9016
 /usr/share/metasploit-framework/modules/auxiliary/dos/http/wordpress_xmlrpc_dos.rb:CVE-2014-5266
 /usr/share/metasploit-framework/modules/auxiliary/dos/mdns/avahi_portzero.rb:CVE-2008-5081
+/usr/share/metasploit-framework/modules/auxiliary/dos/mirageos/qubes_mirage_firewall_dos.rb:CVE-2022-46770
 /usr/share/metasploit-framework/modules/auxiliary/dos/misc/dopewars.rb:CVE-2009-3591
 /usr/share/metasploit-framework/modules/auxiliary/dos/misc/ibm_sametime_webplayer_dos.rb:CVE-2013-3986
 /usr/share/metasploit-framework/modules/auxiliary/dos/misc/memcached.rb:CVE-2011-4971
@@ -442,6 +443,7 @@
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/wp_learnpress_sqli.rb:CVE-2020-6010
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/wp_loginizer_log_sqli.rb:CVE-2020-27615
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/wp_modern_events_calendar_sqli.rb:CVE-2021-24946
+/usr/share/metasploit-framework/modules/auxiliary/scanner/http/wp_paid_membership_pro_code_sqli.rb:CVE-2023-23488
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/wp_registrationmagic_sqli.rb:CVE-2021-24862
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/wp_secure_copy_content_protection_sqli.rb:CVE-2021-24931
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/wp_wps_hide_login_revealer.rb:CVE-2021-24917
@@ -721,11 +723,13 @@
 /usr/share/metasploit-framework/modules/exploits/linux/http/ipfire_bashbug_exec.rb:CVE-2014-6271
 /usr/share/metasploit-framework/modules/exploits/linux/http/ipfire_oinkcode_exec.rb:CVE-2017-9757
 /usr/share/metasploit-framework/modules/exploits/linux/http/ipfire_pakfire_exec.rb:CVE-2021-33393
+/usr/share/metasploit-framework/modules/exploits/linux/http/ivanti_csa_unauth_rce_cve_2021_44529.rb:CVE-2021-44529
 /usr/share/metasploit-framework/modules/exploits/linux/http/jenkins_cli_deserialization.rb:CVE-2017-1000353
 /usr/share/metasploit-framework/modules/exploits/linux/http/kaltura_unserialize_cookie_rce.rb:CVE-2017-14143
 /usr/share/metasploit-framework/modules/exploits/linux/http/klog_server_authenticate_user_unauth_command_injection.rb:CVE-2020-35729
 /usr/share/metasploit-framework/modules/exploits/linux/http/librenms_addhost_cmd_inject.rb:CVE-2018-20434
 /usr/share/metasploit-framework/modules/exploits/linux/http/librenms_collectd_cmd_inject.rb:CVE-2019-10669
+/usr/share/metasploit-framework/modules/exploits/linux/http/linear_emerge_unauth_rce_cve_2019_7256.rb:CVE-2019-7256
 /usr/share/metasploit-framework/modules/exploits/linux/http/linksys_apply_cgi.rb:CVE-2005-2799
 /usr/share/metasploit-framework/modules/exploits/linux/http/linksys_wrt110_cmd_exec.rb:CVE-2013-3568
 /usr/share/metasploit-framework/modules/exploits/linux/http/linksys_wrt54gl_apply_exec.rb:CVE-2005-2799