Merge branch 'main' into remediations

.new-additions

@@ -15,11 +15,16 @@ http/cves/2023/CVE-2023-32563.yaml
 http/cves/2023/CVE-2023-34124.yaml
 http/cves/2023/CVE-2023-34192.yaml
 http/cves/2023/CVE-2023-36844.yaml
+http/cves/2023/CVE-2023-38433.yaml
+http/cves/2023/CVE-2023-39361.yaml
+http/cves/2023/CVE-2023-39600.yaml
 http/cves/2023/CVE-2023-4634.yaml
 http/exposed-panels/aspcms-backend-panel.yaml
+http/exposed-panels/dxplanning-panel.yaml
 http/exposed-panels/greenbone-panel.yaml
 http/exposed-panels/jorani-panel.yaml
 http/exposed-panels/snapcomms-panel.yaml
+http/exposures/apis/seafile-api.yaml
 http/miscellaneous/external-service-interaction.yaml
 http/miscellaneous/rdap-whois.yaml
 http/misconfiguration/ecology-info-leak.yaml
@@ -29,6 +34,8 @@ http/misconfiguration/nacos/nacos-create-user.yaml
 http/misconfiguration/php-debugbar-exposure.yaml
 http/osint/gist.yaml
 http/takeovers/lemlist-takeover.yaml
+http/technologies/burp-collaborator-detect.yaml
+http/technologies/honeypot-detect.yaml
 http/technologies/wordpress/plugins/pinterest-for-woocommerce.yaml
 http/technologies/wordpress/plugins/wp-reviews-plugin-for-google.yaml
 http/technologies/wordpress/plugins/wp-seopress.yaml
@@ -37,7 +44,9 @@ http/vulnerabilities/hikvision/hikvision-fastjson-rce.yaml
 http/vulnerabilities/hikvision/hikvision-ivms-file-upload-bypass.yaml
 http/vulnerabilities/jorani/jorani-benjamin-xss.yaml
 http/vulnerabilities/other/huatian-oa8000-sqli.yaml
+http/vulnerabilities/other/kingdee-erp-rce.yaml
 http/vulnerabilities/other/landray-oa-datajson-rce.yaml
 http/vulnerabilities/prestashop/prestashop-apmarketplace-sqli.yaml
 http/vulnerabilities/weaver/eoffice/weaver-eoffice-file-upload.yaml
+ssl/c2/mythic-c2-ssl.yaml
 workflows/kev-workflow.yaml

cves.json

@@ -615,7 +615,7 @@
 {"ID":"CVE-2019-11248","Info":{"Name":"Debug Endpoint pprof - Exposure Detection","Severity":"high","Description":"The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2019/CVE-2019-11248.yaml"}
 {"ID":"CVE-2019-11370","Info":{"Name":"Carel pCOWeb \u003cB1.2.4 - Cross-Site Scripting","Severity":"medium","Description":"Carel pCOWeb prior to B1.2.4 is vulnerable to stored cross-site scripting, as demonstrated by the config/pw_snmp.html \"System contact\" field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2019/CVE-2019-11370.yaml"}
 {"ID":"CVE-2019-11510","Info":{"Name":"Pulse Connect Secure SSL VPN Arbitrary File Read","Severity":"critical","Description":"Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 all contain an arbitrary file reading vulnerability that could allow unauthenticated remote attackers to send a specially crafted URI to gain improper access.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2019/CVE-2019-11510.yaml"}
-{"ID":"CVE-2019-11580","Info":{"Name":"Atlassian Crowd and Crowd Data Center Unauthenticated Remote Code Execution","Severity":"critical","Description":"Atlassian Crowd and Crowd Data Center is susceptible to a remote code execution vulnerability because the pdkinstall development plugin is incorrectly enabled in release builds.    Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x),from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-11580.yaml"}
+{"ID":"CVE-2019-11580","Info":{"Name":"Atlassian Crowd and Crowd Data Center - Unauthenticated Remote Code Execution","Severity":"critical","Description":"Atlassian Crowd and Crowd Data Center is susceptible to a remote code execution vulnerability because the pdkinstall development plugin is incorrectly enabled in release builds.    Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x),from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-11580.yaml"}
 {"ID":"CVE-2019-11581","Info":{"Name":"Atlassian Jira Server-Side Template Injection","Severity":"critical","Description":"Jira Server and Data Center is susceptible to a server-side template injection vulnerability via the ContactAdministrators and SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-11581.yaml"}
 {"ID":"CVE-2019-11869","Info":{"Name":"WordPress Yuzo \u003c5.12.94 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Yuzo Related Posts plugin before 5.12.94 is vulnerable to cross-site scripting\nbecause it mistakenly expects that is_admin() verifies that the\nrequest comes from an admin user (it actually only verifies that the\nrequest is for an admin page). An unauthenticated attacker can consequently inject\na payload into the plugin settings, such as the\nyuzo_related_post_css_and_style setting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-11869.yaml"}
 {"ID":"CVE-2019-12276","Info":{"Name":"GrandNode 4.40 - Local File Inclusion","Severity":"high","Description":"GrandNode 4.40 is susceptible to local file inclusion in Controllers/LetsEncryptController.cs, which allows remote unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-12276.yaml"}
@@ -2004,12 +2004,15 @@
 {"ID":"CVE-2023-38035","Info":{"Name":"Ivanti Sentry - Authentication Bypass","Severity":"critical","Description":"A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38035.yaml"}
 {"ID":"CVE-2023-38205","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrator.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38205.yaml"}
 {"ID":"CVE-2023-3836","Info":{"Name":"Dahua Smart Park Management - Arbitrary File Upload","Severity":"critical","Description":"Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePoint_addImgIco?.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3836.yaml"}
+{"ID":"CVE-2023-38433","Info":{"Name":"Fujitsu IP Series - Hardcoded Credentials","Severity":"high","Description":"Fujitsu Real-time Video Transmission Gear “IP series” use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. The credentials cannot be changed by the end-user and provide administrative access to the devices.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38433.yaml"}
 {"ID":"CVE-2023-38646","Info":{"Name":"Metabase \u003c 0.46.6.1 - Remote Code Execution","Severity":"critical","Description":"Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38646.yaml"}
 {"ID":"CVE-2023-39026","Info":{"Name":"FileMage Gateway - Directory Traversal","Severity":"high","Description":"Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39026.yaml"}
 {"ID":"CVE-2023-39120","Info":{"Name":"Nodogsplash - Directory Traversal","Severity":"high","Description":"Nodogsplash product was affected by a directory traversal vulnerability that also impacted the OpenWrt product. This vulnerability was addressed in Nodogsplash version 5.0.1. Exploiting this vulnerability, remote attackers could read arbitrary files from the target system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39120.yaml"}
 {"ID":"CVE-2023-39141","Info":{"Name":"Aria2 WebUI - Path traversal","Severity":"high","Description":"webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39141.yaml"}
 {"ID":"CVE-2023-39143","Info":{"Name":"PaperCut \u003c 22.1.3 - Path Traversal","Severity":"critical","Description":"PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-39143.yaml"}
 {"ID":"CVE-2023-3936","Info":{"Name":"Blog2Social \u003c 7.2.1 - Cross-Site Scripting","Severity":"medium","Description":"The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3936.yaml"}
+{"ID":"CVE-2023-39361","Info":{"Name":"Cacti 1.2.24 - SQL Injection","Severity":"critical","Description":"Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an enabled state, there could be the potential for significant damage. Attackers may exploit this vulnerability, and there may be possibilities for actions such as the usurpation of administrative privileges or remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-39361.yaml"}
+{"ID":"CVE-2023-39600","Info":{"Name":"IceWarp 11.4.6.0 - Cross-Site Scripting","Severity":"medium","Description":"IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39600.yaml"}
 {"ID":"CVE-2023-4173","Info":{"Name":"mooSocial 3.1.8 - Reflected XSS","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4173.yaml"}
 {"ID":"CVE-2023-4174","Info":{"Name":"mooSocial 3.1.6 - Reflected Cross Site Scripting","Severity":"medium","Description":"A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4174.yaml"}
 {"ID":"CVE-2023-4634","Info":{"Name":"Media Library Assistant \u003c 3.09 - Remote Code Execution/Local File Inclusion","Severity":"critical","Description":"A vulnerability in the Wordpress Media-Library-Assistant plugins in version \u003c 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-4634.yaml"}

cves.json-checksum.txt

@@ -1 +1 @@
-bf4766f6ec2eca9601df9f6f4b11e620
+d3d61b5b23048ba01c949efdf8b4fe02

helpers/wordpress/plugins/advanced-custom-fields.txt

@@ -1 +1 @@
-6.2.0
+6.2.1

helpers/wordpress/plugins/coblocks.txt

@@ -1 +1 @@
-3.1.3
+3.1.4

helpers/wordpress/plugins/essential-addons-for-elementor-lite.txt

@@ -1 +1 @@
-5.8.7
+5.8.8

helpers/wordpress/plugins/ewww-image-optimizer.txt

@@ -1 +1 @@
-7.2.0
+7.2.1

helpers/wordpress/plugins/fluentform.txt

@@ -1 +1 @@
-5.0.8
+5.0.9

helpers/wordpress/plugins/gutenberg.txt

@@ -1 +1 @@
-16.5.1
+16.6.0

helpers/wordpress/plugins/host-webfonts-local.txt

@@ -1 +1 @@
-5.7.1
+5.7.2

helpers/wordpress/plugins/ocean-extra.txt

@@ -1 +1 @@
-2.1.8
+2.2.0

helpers/wordpress/plugins/pixelyoursite.txt

@@ -1 +1 @@
-9.4.4
+9.4.5.1

helpers/wordpress/plugins/seo-by-rank-math.txt

@@ -1 +1 @@
-1.0.122
+1.0.201.1

helpers/wordpress/plugins/webp-converter-for-media.txt

@@ -1 +1 @@
-5.9.6
+N/A

helpers/wordpress/plugins/woocommerce-payments.txt

@@ -1 +1 @@
-6.3.2
+6.4.1

helpers/wordpress/plugins/wp-reviews-plugin-for-google.txt

@@ -1 +1 @@
-10.6
+10.6.1

helpers/wordpress/plugins/wp-user-avatar.txt

@@ -1 +1 @@
-4.13.1
+4.13.2