Max-Request Update

http/cves/2014/CVE-2014-4577.yaml

@@ -15,15 +15,15 @@ info:
     cvss-score: 5
     cve-id: CVE-2014-4577
     cwe-id: CWE-22
+    cpe: cpe:2.3:a:websupporter:wp_amasin_-_the_amazon_affiliate_shop:*:*:*:*:*:wordpress:*:*
     epss-score: 0.00847
     epss-percentile: 0.82512
-    cpe: cpe:2.3:a:websupporter:wp_amasin_-_the_amazon_affiliate_shop:*:*:*:*:*:wordpress:*:*
   metadata:
-    max-request: 1
     vendor: websupporter
-    product: wp_amasin_-_the_amazon_affiliate_shop
+    product: "wp_amasin_-_the_amazon_affiliate_shop"
     framework: wordpress
     publicwww-query: "/wp-content/plugins/wp-amasin-the-amazon-affiliate-shop/"
+    max-request: 2
   tags: cve,cve2014,wordpress,wpscan,wp-plugin,lfi,wp,wp-amasin-the-amazon-affiliate-shop
 
 flow: http(1) && http(2)

http/cves/2014/CVE-2014-4941.yaml

@@ -15,15 +15,15 @@ info:
     cvss-score: 5
     cve-id: CVE-2014-4941
     cwe-id: CWE-22
+    cpe: cpe:2.3:a:cross-rss_plugin_project:wp-cross-rss:1.7:*:*:*:*:wordpress:*:*
     epss-score: 0.00845
     epss-percentile: 0.82498
-    cpe: cpe:2.3:a:cross-rss_plugin_project:wp-cross-rss:1.7:*:*:*:*:wordpress:*:*
   metadata:
-    verified: true
-    max-request: 1
-    vendor: cross-rss_plugin_project
-    product: wp-cross-rss
+    max-request: 2
+    vendor: "cross-rss_plugin_project"
+    product: "wp-cross-rss"
     framework: wordpress
+    verified: true
   tags: cve,cve2014,wp-cross-rss,wordpress,wp-plugin,lfi,wp
 
 flow: http(1) && http(2)

http/cves/2014/CVE-2014-5181.yaml

@@ -11,13 +11,14 @@ info:
     cvss-score: 5
     cve-id: CVE-2014-5181
     cwe-id: CWE-22
+    cpe: cpe:2.3:a:last.fm_rotation_plugin_project:lastfm-rotation_plugin:1.0:*:*:*:*:wordpress:*:*
     epss-score: 0.00845
     epss-percentile: 0.82498
-    cpe: cpe:2.3:a:last.fm_rotation_plugin_project:lastfm-rotation_plugin:1.0:*:*:*:*:wordpress:*:*
   metadata:
-    vendor: last.fm_rotation_plugin_project
-    product: lastfm-rotation_plugin
+    vendor: "last.fm_rotation_plugin_project"
+    product: "lastfm-rotation_plugin"
     framework: wordpress
+    max-request: 2
   tags: wpscan,cve,cve2014,wp-cross-rss,wordpress,wp-plugin,lfi,wp,lastfm-rotation
 
 flow: http(1) && http(2)

http/cves/2014/CVE-2014-5187.yaml

@@ -14,16 +14,16 @@ info:
     cvss-score: 5
     cve-id: CVE-2014-5187
     cwe-id: CWE-22
+    cpe: cpe:2.3:a:tom_m8te_plugin_project:tom-m8te_plugin:1.5.3:*:*:*:*:wordpress:*:*
     epss-score: 0.00845
     epss-percentile: 0.82498
-    cpe: cpe:2.3:a:tom_m8te_plugin_project:tom-m8te_plugin:1.5.3:*:*:*:*:wordpress:*:*
   metadata:
-    verified: true
-    max-request: 1
-    vendor: tom_m8te_plugin_project
-    product: tom-m8te_plugin
+    vendor: "tom_m8te_plugin_project"
+    product: "tom-m8te_plugin"
     framework: wordpress
     publicwww-query: "/wp-content/plugins/tom-m8te/"
+    verified: true
+    max-request: 2
   tags: wpscan,cve,cve2014,wp-cross-rss,wordpress,wp-plugin,lfi,wp,tom-m8te
 
 flow: http(1) && http(2)

http/cves/2014/CVE-2014-6271.yaml

@@ -5,26 +5,26 @@ info:
   author: pentest_swissky,0xelkomy
   severity: critical
   description: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka ShellShock.
-  impact: |
-    Remote code execution can lead to unauthorized access, data theft, and system compromise.
-  remediation: |
-    Apply the necessary patches and updates provided by the vendor to fix the vulnerability.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2014-6271
     - https://nvd.nist.gov/vuln/detail/CVE-2014-7169
     - http://www.kb.cert.org/vuls/id/252743
     - http://www.us-cert.gov/ncas/alerts/TA14-268A
     - http://advisories.mageia.org/MGASA-2014-0388.html
+  impact: |
+    Remote code execution can lead to unauthorized access, data theft, and system compromise.
+  remediation: |
+    Apply the necessary patches and updates provided by the vendor to fix the vulnerability.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2014-6271
     cwe-id: CWE-78
+    cpe: cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*
     epss-score: 0.97559
     epss-percentile: 0.99998
-    cpe: cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*
   metadata:
-    max-request: 8
+    max-request: 9
     vendor: gnu
     product: bash
   tags: cve2014,cve,rce,shellshock,kev,gnu

http/cves/2017/CVE-2017-3131.yaml

@@ -6,28 +6,26 @@ info:
   severity: medium
   description: |
     A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView.
+  reference:
+    - https://www.exploit-db.com/exploits/42388
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-3131
   impact: |
     Successful exploitation could lead to execution of malicious javascript.
   remediation: |
     Apply the latest security patches or upgrade to new version to mitigate the XSS vulnerability.
-  reference:
-    - https://www.exploit-db.com/exploits/42388
-    - https://nvd.nist.gov/vuln/detail/CVE-2017-3131
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 5.4
     cve-id: CVE-2017-3131
     cwe-id: CWE-79
+    cpe: cpe:2.3:o:fortinet:fortios:5.4.0:*:*:*:*:*:*:*
     epss-score: 0.00046
     epss-percentile: 0.15636
-    cpe: cpe:2.3:o:fortinet:fortios:5.4.0:*:*:*:*:*:*:*
   metadata:
+    max-request: 2
     vendor: fortinet
     product: fortios
-    shodan-query:
-      - http.html:"/remote/login" "xxxxxxxx"
-      - http.favicon.hash:945408572
-      - cpe:"cpe:2.3:o:fortinet:fortios"
+    shodan-query: '[http.html:"/remote/login" "xxxxxxxx" http.favicon.hash:945408572 cpe:"cpe:2.3:o:fortinet:fortios"]'
   tags: cve,cve2017,fortinet,fortios,xss,authenticated
 
 http:

http/cves/2017/CVE-2017-3132.yaml

@@ -6,28 +6,26 @@ info:
   severity: medium
   description: |
     A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.
+  reference:
+    - https://www.exploit-db.com/exploits/42388
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-3132
   impact: |
     Successful exploitation could lead to execution of malicious javascript.
   remediation: |
     Apply the latest security patches or upgrade to new version to mitigate the XSS vulnerability.
-  reference:
-    - https://www.exploit-db.com/exploits/42388
-    - https://nvd.nist.gov/vuln/detail/CVE-2017-3132
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
     cve-id: CVE-2017-3132
     cwe-id: CWE-79
+    cpe: cpe:2.3:o:fortinet:fortios:5.4.0:*:*:*:*:*:*:*
     epss-score: 0.00046
     epss-percentile: 0.15636
-    cpe: cpe:2.3:o:fortinet:fortios:5.4.0:*:*:*:*:*:*:*
   metadata:
     vendor: fortinet
     product: fortios
-    shodan-query:
-      - http.html:"/remote/login" "xxxxxxxx"
-      - http.favicon.hash:945408572
-      - cpe:"cpe:2.3:o:fortinet:fortios"
+    shodan-query: '[http.html:"/remote/login" "xxxxxxxx" http.favicon.hash:945408572 cpe:"cpe:2.3:o:fortinet:fortios"]'
+    max-request: 1
   tags: cve,cve2017,fortinet,fortios,xss
 
 http:

http/cves/2017/CVE-2017-3133.yaml

@@ -6,28 +6,26 @@ info:
   severity: medium
   description: |
     A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.
+  reference:
+    - https://www.exploit-db.com/exploits/42388
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-3133
   impact: |
     Successful exploitation could lead to execution of malicious javascript.
   remediation: |
     Apply the latest security patches or upgrade to new version to mitigate the XSS vulnerability.
-  reference:
-    - https://www.exploit-db.com/exploits/42388
-    - https://nvd.nist.gov/vuln/detail/CVE-2017-3133
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
     cve-id: CVE-2017-3133
     cwe-id: CWE-79
+    cpe: cpe:2.3:o:fortinet:fortios:5.4.0:*:*:*:*:*:*:*
     epss-score: 0.00046
     epss-percentile: 0.15636
-    cpe: cpe:2.3:o:fortinet:fortios:5.4.0:*:*:*:*:*:*:*
   metadata:
     vendor: fortinet
     product: fortios
-    shodan-query:
-      - http.html:"/remote/login" "xxxxxxxx"
-      - http.favicon.hash:945408572
-      - cpe:"cpe:2.3:o:fortinet:fortios"
+    shodan-query: '[http.html:"/remote/login" "xxxxxxxx" http.favicon.hash:945408572 cpe:"cpe:2.3:o:fortinet:fortios"]'
+    max-request: 3
   tags: cve,cve2017,fortinet,fortios,xss,authenticated
 
 http:

http/cves/2017/CVE-2017-5871.yaml

@@ -6,13 +6,13 @@ info:
   severity: medium
   description: |
     An Open Redirect vulnerability in Odoo versions <= 8.0-20160726 and 9.0. This issue allows an attacker to redirect users to untrusted sites via a crafted URL.
+  reference:
+    - https://sysdream.com/cve-2017-5871-odoo-url-redirection-to/
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-5871
   impact: |
     Successful exploitation can redirect users to malicious sites, potentially leading to phishing attacks or information theft.
   remediation: |
     Update Odoo to the latest patched version provided by the vendor.
-  reference:
-    - https://sysdream.com/cve-2017-5871-odoo-url-redirection-to/
-    - https://nvd.nist.gov/vuln/detail/CVE-2017-5871
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
     cvss-score: 5.4
@@ -21,7 +21,7 @@ info:
     cpe: cpe:2.3:a:odoo:odoo:8.0:*:*:*:*:*:*:*
   metadata:
     verified: true
-    max-request: 1
+    max-request: 3
     shodan-query: title:"Odoo"
     product: odoo
     vendor: odoo

http/cves/2019/CVE-2019-0232.yaml

@@ -17,22 +17,16 @@ info:
     cvss-score: 8.1
     cve-id: CVE-2019-0232
     cwe-id: CWE-78
+    cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
     epss-score: 0.97373
     epss-percentile: 0.99927
-    cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
   metadata:
+    fofa-query: '[body="jk status manager" body="apache tomcat" title="apache tomcat"]'
+    google-query: intitle:"apache tomcat"
+    max-request: 1
     vendor: apache
     product: tomcat
-    shodan-query:
-      - http.html:"apache tomcat"
-      - http.title:"apache tomcat"
-      - http.html:"jk status manager"
-      - cpe:"cpe:2.3:a:apache:tomcat"
-    fofa-query:
-      - body="jk status manager"
-      - body="apache tomcat"
-      - title="apache tomcat"
-    google-query: intitle:"apache tomcat"
+    shodan-query: '[http.html:"apache tomcat" http.title:"apache tomcat" http.html:"jk status manager" cpe:"cpe:2.3:a:apache:tomcat"]'
   tags: cve,cve2019,packetstorm,seclists,apache,tomcat
 
 variables:

http/cves/2019/CVE-2019-8943.yaml

@@ -17,16 +17,15 @@ info:
     cvss-score: 6.5
     cve-id: CVE-2019-8943
     cwe-id: CWE-22
+    cpe: cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
     epss-score: 0.92778
     epss-percentile: 0.99097
-    cpe: cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
   metadata:
+    max-request: 18
     verified: true
     vendor: wordpress
     product: wordpress
-    shodan-query:
-      - http.component:"wordpress"
-      - cpe:"cpe:2.3:a:wordpress:wordpress"
+    shodan-query: '[http.component:"wordpress" cpe:"cpe:2.3:a:wordpress:wordpress"]'
     fofa-query: body="oembed" && body="wp-"
   tags: cve,cve2019,wordpress,rce,intrusive,authenticated,packetstorm,wp-theme
 

http/cves/2020/CVE-2020-10189.yaml

@@ -6,31 +6,28 @@ info:
   severity: critical
   description: |
     Zoho ManageEngine Desktop Central before 10.0.474 is vulnerable to a deserialization of untrusted data, which permits remote code execution.
-  remediation: |
-    Apply updates per vendor instructions.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2020-10189
     - https://blog.reconinfosec.com/analysis-of-exploitation-cve-2020-10189
     - https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html
     - https://y4er.com/posts/cve-2020-10189-zoho-manageengine-rce/
     - https://cwe.mitre.org/data/definitions/502.html
+  remediation: |
+    Apply updates per vendor instructions.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2020-10189
     cwe-id: CWE-502
+    cpe: cpe:2.3:a:zohocorp:manageengine_desktop_central:*:*:*:*:*:*:*:*
     epss-score: 0.97206
     epss-percentile: 0.99826
-    cpe: cpe:2.3:a:zohocorp:manageengine_desktop_central:*:*:*:*:*:*:*:*
   metadata:
     verified: true
-    max-request: 1
+    max-request: 2
     vendor: zohocorp
-    product: manageengine_desktop_central
-    fofa-query:
-      - body="manageengine desktop central 10"
-      - title="manageengine desktop central 10"
-      - app="zoho-manageengine-desktop"
+    product: "manageengine_desktop_central"
+    fofa-query: '[body="manageengine desktop central 10" title="manageengine desktop central 10" app="zoho-manageengine-desktop"]'
     shodan-query: http.title:"manageengine desktop central 10"
     google-query: intitle:"manageengine desktop central 10"
   tags: cve,cve2020,kev,zoho,manageengine,deserialization,intrusive

http/cves/2020/CVE-2020-28429.yaml

@@ -6,27 +6,27 @@ info:
   severity: critical
   description: |
     Detects command injection vulnerability by checking if `hacked.txt` is created and contains the expected content.
-  impact: |
-    Successful exploitation of this vulnerability could result in unauthorized access, remote code execution, privilege escalation
-  remediation: |
-    Do not use geojson2kml. There is no fixed version for geojson2kml.
   reference:
     - https://snyk.io/vuln/SNYK-JS-GEOJSON2KML-1050412
     - https://github.com/advisories/GHSA-w83x-fp72-p9qc
     - https://nvd.nist.gov/vuln/detail/CVE-2020-28429
+  impact: |
+    Successful exploitation of this vulnerability could result in unauthorized access, remote code execution, privilege escalation
+  remediation: |
+    Do not use geojson2kml. There is no fixed version for geojson2kml.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2020-28429
     cwe-id: CWE-78
+    cpe: cpe:2.3:a:geojson2kml_project:geojson2kml:*:*:*:*:*:node.js:*:*
     epss-score: 0.01897
     epss-percentile: 0.8876
-    cpe: cpe:2.3:a:geojson2kml_project:geojson2kml:*:*:*:*:*:node.js:*:*
   metadata:
-    max-request: 1
-    vendor: geojson2kml_project
     product: geojson2kml
-    framework: node.js
+    framework: "node.js"
+    max-request: 2
+    vendor: "geojson2kml_project"
   tags: cve,cve2020,rce,geojson2kml,file-upload,intrusive
 
 variables: