diff --git a/.index.json b/.index.json index e1a599a5c41..f3999ce3229 100644 --- a/.index.json +++ b/.index.json @@ -76,7 +76,7 @@ }, "crowdsecurity/vpatch-CVE-2017-9841": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2017-9841.yaml", - "version": "0.2", + "version": "0.3", "versions": { "0.1": { "digest": "0737417a66c5327708f6eff4392a4461002592fabcda6cdbdaa4143bce185503", @@ -85,10 +85,14 @@ "0.2": { "digest": "6e5549b580c3a35315a6660a2904eafd3b463141d95f1ad2d5d606d55eb0b046", "deprecated": false + }, + "0.3": { + "digest": "69404f8a96298652c1fcc8ed6e6c979fd83271c2167cc3af50edb9201bafb092", + "deprecated": false } }, - "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTctOTg0MQpkZXNjcmlwdGlvbjogIkRldGVjdCBDVkUtMjAxNy05ODQxIGV4cGxvaXRzICIKcnVsZXM6CiAgLSBhbmQ6CiAgICAtIHpvbmVzOgogICAgICAtIFVSSQogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVuZHNXaXRoCiAgICAgICAgdmFsdWU6IC91dGlsL3BocC9ldmFsLXN0ZGluLnBocApsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJQSFBVbml0IFJDRSAoQ1ZFLTIwMTctOTg0MSkiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDE3LTk4NDEKICAgLSBhdHRhY2suVDE1OTUKICAgLSBhdHRhY2suVDExOTAKICAgLSBjd2UuQ1dFLTk0", - "description": "Detect CVE-2017-9841 exploits ", + "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTctOTg0MQpkZXNjcmlwdGlvbjogIlBIUFVuaXQgUkNFIChDVkUtMjAxNy05ODQxKSIKcnVsZXM6CiAgLSBhbmQ6CiAgICAtIHpvbmVzOgogICAgICAtIFVSSQogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVuZHNXaXRoCiAgICAgICAgdmFsdWU6IC91dGlsL3BocC9ldmFsLXN0ZGluLnBocApsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJQSFBVbml0IFJDRSIKICBjbGFzc2lmaWNhdGlvbjoKICAgLSBjdmUuQ1ZFLTIwMTctOTg0MQogICAtIGF0dGFjay5UMTU5NQogICAtIGF0dGFjay5UMTE5MAogICAtIGN3ZS5DV0UtOTQ=", + "description": "PHPUnit RCE (CVE-2017-9841)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", @@ -99,7 +103,7 @@ "cwe.CWE-94" ], "confidence": 3, - "label": "PHPUnit RCE (CVE-2017-9841)", + "label": "PHPUnit RCE", "service": "http", "spoofable": 0, "type": "exploit" @@ -107,7 +111,7 @@ }, "crowdsecurity/vpatch-CVE-2019-12989": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2019-12989.yaml", - "version": "0.2", + "version": "0.3", "versions": { "0.1": { "digest": "a2f681cb8b762e33a66e63343a9fce32d5416438322ec376946ff78428543714", @@ -116,10 +120,14 @@ "0.2": { "digest": "a8137b302f6fa55456dcf9cb7e9e9ba11dd878f0b91c90b3910fa4af397e0218", "deprecated": false + }, + "0.3": { + "digest": "82b7a57b7fad8c56a0d439ee933debc9272bce8cea2a46ce3177110a57e11bd2", + "deprecated": false } }, - "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTktMTI5ODkKZGVzY3JpcHRpb246ICJEZXRlY3QgQ1ZFLTIwMTktMTI5ODkgZXhwbG9pdHMgIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gTUVUSE9ECiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiBQT1NUCiAgICAtIHpvbmVzOgogICAgICAtIFVSSQogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVuZHNXaXRoCiAgICAgICAgdmFsdWU6IC9zZHdhbi9uaXRyby92MS9jb25maWcvZ2V0X3BhY2thZ2VfZmlsZQogICAgLSB6b25lczoKICAgICAgLSBBUkdTCiAgICAgIHZhcmlhYmxlczoKICAgICAgIC0gYWN0aW9uCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6ICJmaWxlX2Rvd25sb2FkIgogICAgLSB6b25lczoKICAgICAgLSBCT0RZX0FSR1MKICAgICAgdmFyaWFibGVzOgogICAgICAgLSBqc29uLmdldF9wYWNrYWdlX2ZpbGUuc2l0ZV9uYW1lCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGxpYmluamVjdGlvblNRTApsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJjaXRyaXggU1FMaSAoQ1ZFLTIwMTktMTI5ODkpIgogIGNsYXNzaWZpY2F0aW9uOgogICAtIGN2ZS5DVkUtMjAxOS0xMjk4OQogICAtIGF0dGFjay5UMTU5NQogICAtIGF0dGFjay5UMTE5MAogICAtIGN3ZS5DV0UtODk=", - "description": "Detect CVE-2019-12989 exploits ", + "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMTktMTI5ODkKZGVzY3JpcHRpb246ICJDaXRyaXggU1FMaSAoQ1ZFLTIwMTktMTI5ODkpIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gTUVUSE9ECiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiBQT1NUCiAgICAtIHpvbmVzOgogICAgICAtIFVSSQogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVuZHNXaXRoCiAgICAgICAgdmFsdWU6IC9zZHdhbi9uaXRyby92MS9jb25maWcvZ2V0X3BhY2thZ2VfZmlsZQogICAgLSB6b25lczoKICAgICAgLSBBUkdTCiAgICAgIHZhcmlhYmxlczoKICAgICAgIC0gYWN0aW9uCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6ICJmaWxlX2Rvd25sb2FkIgogICAgLSB6b25lczoKICAgICAgLSBCT0RZX0FSR1MKICAgICAgdmFyaWFibGVzOgogICAgICAgLSBqc29uLmdldF9wYWNrYWdlX2ZpbGUuc2l0ZV9uYW1lCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGxpYmluamVjdGlvblNRTApsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJDaXRyaXggU1FMaSIKICBjbGFzc2lmaWNhdGlvbjoKICAgLSBjdmUuQ1ZFLTIwMTktMTI5ODkKICAgLSBhdHRhY2suVDE1OTUKICAgLSBhdHRhY2suVDExOTAKICAgLSBjd2UuQ1dFLTg5", + "description": "Citrix SQLi (CVE-2019-12989)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", @@ -130,7 +138,7 @@ "cwe.CWE-89" ], "confidence": 3, - "label": "citrix SQLi (CVE-2019-12989)", + "label": "Citrix SQLi", "service": "http", "spoofable": 0, "type": "exploit" @@ -138,7 +146,7 @@ }, "crowdsecurity/vpatch-CVE-2020-11738": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2020-11738.yaml", - "version": "0.4", + "version": "0.6", "versions": { "0.1": { "digest": "4760198ce14851e3387470bc0270f662b58aa32b8ef1f4217af6818e4f0cedbe", @@ -155,10 +163,18 @@ "0.4": { "digest": "e73f8dadfeb909e98e3609d0cc098533f2c0351503cabebdf92a43f9d1b3e94c", "deprecated": false + }, + "0.5": { + "digest": "b971347e1c948e6a19be6b8641329806b8cbeeaac2f42c0037521831a4629075", + "deprecated": false + }, + "0.6": { + "digest": "c126f8093c14e959ee0ae591c6e22b912b39fe8ede8004d79aba7dedcc9c970a", + "deprecated": false } }, - "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjAtMTE3MzgKZGVzY3JpcHRpb246ICJEZXRlY3QgQ1ZFLTIwMjAtMTE3MzggZXhwbG9pdHMgIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogL3dwLWFkbWluL2FkbWluLWFqYXgucGhwCiAgICAtIHpvbmVzOgogICAgICAtIEFSR1MKICAgICAgdmFyaWFibGVzOgogICAgICAgIC0gYWN0aW9uCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiBkdXBsaWNhdG9yX2Rvd25sb2FkCiAgICAtIHpvbmVzOgogICAgICAtIEFSR1MKICAgICAgdmFyaWFibGVzOgogICAgICAgIC0gZmlsZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBjb250YWlucwogICAgICAgIHZhbHVlOiAiLi4iCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIldvcmRwcmVzcyBTbmFwIENyZWVrIER1cGxpY2F0b3IgKENWRS0yMDIwLTExNzM4KSIKICBjbGFzc2lmaWNhdGlvbjoKICAgLSBjdmUuQ1ZFLTIwMjAtMTE3MzgKICAgLSBhdHRhY2suVDE1OTUKICAgLSBhdHRhY2suVDExOTAKICAgLSBjd2UuQ1dFLTIy", - "description": "Detect CVE-2020-11738 exploits ", + "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjAtMTE3MzgKZGVzY3JpcHRpb246ICJXb3JkcHJlc3MgU25hcCBDcmVlayBEdXBsaWNhdG9yIC0gUGF0aCBUcmF2ZXJzYWwgKENWRS0yMDIwLTExNzM4KSIKcnVsZXM6CiAgLSBhbmQ6CiAgICAtIHpvbmVzOgogICAgICAtIFVSSQogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVuZHNXaXRoCiAgICAgICAgdmFsdWU6IC93cC1hZG1pbi9hZG1pbi1hamF4LnBocAogICAgLSB6b25lczoKICAgICAgLSBBUkdTCiAgICAgIHZhcmlhYmxlczoKICAgICAgICAtIGFjdGlvbgogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogZHVwbGljYXRvcl9kb3dubG9hZAogICAgLSB6b25lczoKICAgICAgLSBBUkdTCiAgICAgIHZhcmlhYmxlczoKICAgICAgICAtIGZpbGUKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogY29udGFpbnMKICAgICAgICB2YWx1ZTogIi4uIgpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJXb3JkcHJlc3MgU25hcCBDcmVlayBEdXBsaWNhdG9yIgogIGNsYXNzaWZpY2F0aW9uOgogICAtIGN2ZS5DVkUtMjAyMC0xMTczOAogICAtIGF0dGFjay5UMTU5NQogICAtIGF0dGFjay5UMTE5MAogICAtIGN3ZS5DV0UtMjI=", + "description": "Wordpress Snap Creek Duplicator - Path Traversal (CVE-2020-11738)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", @@ -169,7 +185,7 @@ "cwe.CWE-22" ], "confidence": 3, - "label": "Wordpress Snap Creek Duplicator (CVE-2020-11738)", + "label": "Wordpress Snap Creek Duplicator", "service": "http", "spoofable": 0, "type": "exploit" @@ -177,7 +193,7 @@ }, "crowdsecurity/vpatch-CVE-2021-22941": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2021-22941.yaml", - "version": "0.2", + "version": "0.3", "versions": { "0.1": { "digest": "994975ada2914e56168b94db4acb5f28293673fcf824d35619d5e35539cf8052", @@ -186,10 +202,14 @@ "0.2": { "digest": "0057a096e2d27ce5264d9481dd073bf97d7ef9a6b7e3e11785cfd8dde880db56", "deprecated": false + }, + "0.3": { + "digest": "10b432dba048130dbea67c24d1f94f84ff0df489dce552fda2cd6c0e76eb6e16", + "deprecated": false } }, - "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjEtMjI5NDEKZGVzY3JpcHRpb246ICJEZXRlY3QgQ1ZFLTIwMjEtMjI5NDEgZXhwbG9pdHMgIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gTUVUSE9ECiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiBQT1NUCiAgICAtIHpvbmVzOgogICAgICAtIFVSSQogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVuZHNXaXRoCiAgICAgICAgdmFsdWU6IC91cGxvYWQuYXNweAogICAgLSB6b25lczoKICAgICAgLSBBUkdTCiAgICAgIHZhcmlhYmxlczoKICAgICAgIC0gdXBsb2FkaWQKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogY29udGFpbnMKICAgICAgICB2YWx1ZTogIi4uIgpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJDaXRyaXggUkNFIChDVkUtMjAyMS0yMjk0MSkiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIxLTIyOTQxCiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS0yODQ=", - "description": "Detect CVE-2021-22941 exploits ", + "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjEtMjI5NDEKZGVzY3JpcHRpb246ICJDaXRyaXggUkNFIChDVkUtMjAyMS0yMjk0MSkiCnJ1bGVzOgogIC0gYW5kOgogICAgLSB6b25lczoKICAgICAgLSBNRVRIT0QKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6IFBPU1QKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogL3VwbG9hZC5hc3B4CiAgICAtIHpvbmVzOgogICAgICAtIEFSR1MKICAgICAgdmFyaWFibGVzOgogICAgICAgLSB1cGxvYWRpZAogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBjb250YWlucwogICAgICAgIHZhbHVlOiAiLi4iCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIkNpdHJpeCBSQ0UiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIxLTIyOTQxCiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS0yODQ=", + "description": "Citrix RCE (CVE-2021-22941)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", @@ -200,7 +220,7 @@ "cwe.CWE-284" ], "confidence": 3, - "label": "Citrix RCE (CVE-2021-22941)", + "label": "Citrix RCE", "service": "http", "spoofable": 0, "type": "exploit" @@ -208,7 +228,7 @@ }, "crowdsecurity/vpatch-CVE-2021-3129": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2021-3129.yaml", - "version": "0.2", + "version": "0.4", "versions": { "0.1": { "digest": "78803a49055ed71b353ddf43560d700d0b64ebfb172ef6705457f793a9f37b34", @@ -217,10 +237,18 @@ "0.2": { "digest": "b155e9bbe64b4b44f3c98617c4b3bfedaadcce147e0685290e0d7a8dbdf47108", "deprecated": false + }, + "0.3": { + "digest": "60ab3d4c01d7e9cd998134473b7be3899d63af8936227c4d1899cd3008aab53d", + "deprecated": false + }, + "0.4": { + "digest": "bf67806102345ebd40cbc47dc0494d97b0a7be420302386844650ad28284e74c", + "deprecated": false } }, - "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjEtMzEyOQpkZXNjcmlwdGlvbjogIkRldGVjdCBDVkUtMjAyMS0zMTI5IGV4cGxvaXRzICIKcnVsZXM6CiAgLSBhbmQ6CiAgICAtIHpvbmVzOgogICAgICAtIFVSSQogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVuZHNXaXRoCiAgICAgICAgdmFsdWU6IC9faWduaXRpb24vZXhlY3V0ZS1zb2x1dGlvbgogICAgLSB6b25lczoKICAgICAgLSBCT0RZX0FSR1MKICAgICAgdmFyaWFibGVzOgogICAgICAtIGpzb24ucGFyYW1ldGVycy52aWV3RmlsZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiByZWdleAogICAgICAgIHZhbHVlOiAicGhwOi8vZmlsdGVyfHBoYXI6Ly8iCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIkxhcmF2ZWwgd2l0aCBJZ25pdGlvbiA8PSB2OC40LjIgRGVidWcgTW9kZSAtIFJlbW90ZSBDb2RlIEV4ZWN1dGlvbiAoQ1ZFLTIwMjEtMzEyOSkiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIxLTMxMjkKICAgLSBhdHRhY2suVDE1OTUKICAgLSBhdHRhY2suVDExOTAKICAgLSBjd2UuQ1dFLTk4", - "description": "Detect CVE-2021-3129 exploits ", + "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjEtMzEyOQpkZXNjcmlwdGlvbjogIkxhcmF2ZWwgd2l0aCBJZ25pdGlvbiBEZWJ1ZyBNb2RlIFJDRSAoQ1ZFLTIwMjEtMzEyOSkiCnJ1bGVzOgogIC0gYW5kOgogICAgLSB6b25lczoKICAgICAgLSBVUkkKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlbmRzV2l0aAogICAgICAgIHZhbHVlOiAvX2lnbml0aW9uL2V4ZWN1dGUtc29sdXRpb24KICAgIC0gem9uZXM6CiAgICAgIC0gQk9EWV9BUkdTCiAgICAgIHZhcmlhYmxlczoKICAgICAgLSBqc29uLnBhcmFtZXRlcnMudmlld0ZpbGUKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogcmVnZXgKICAgICAgICB2YWx1ZTogInBocDovL2ZpbHRlcnxwaGFyOi8vIgpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJMYXJhdmVsIHdpdGggSWduaXRpb24gRGVidWcgTW9kZSBSQ0UiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIxLTMxMjkKICAgLSBhdHRhY2suVDE1OTUKICAgLSBhdHRhY2suVDExOTAKICAgLSBjd2UuQ1dFLTk4", + "description": "Laravel with Ignition Debug Mode RCE (CVE-2021-3129)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", @@ -231,7 +259,7 @@ "cwe.CWE-98" ], "confidence": 3, - "label": "Laravel with Ignition \u003c= v8.4.2 Debug Mode - Remote Code Execution (CVE-2021-3129)", + "label": "Laravel with Ignition Debug Mode RCE", "service": "http", "spoofable": 0, "type": "exploit" @@ -239,7 +267,7 @@ }, "crowdsecurity/vpatch-CVE-2022-27926": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2022-27926.yaml", - "version": "0.2", + "version": "0.4", "versions": { "0.1": { "digest": "d96237a7ed02eb7aa9df45a684b5cef8f5145e857d10b5260373739668ad63f5", @@ -248,10 +276,18 @@ "0.2": { "digest": "ba56077560152e4dd0e06c1bc1e6522515142b0ea7a27dff2c0ea289ddaee174", "deprecated": false + }, + "0.3": { + "digest": "951e401afc100b54c1151efaea6ae676a95e91eb1ba8503638500695bd607f97", + "deprecated": false + }, + "0.4": { + "digest": "e2c3a9d82d7362168f27227660a2d35249642843672438545ca5a8eb25d7e4e5", + "deprecated": false } }, - "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItMjc5MjYKZGVzY3JpcHRpb246ICJEZXRlY3QgQ1ZFLTIwMjItMjc5MjYgZXhwbG9pdHMgIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogL3B1YmxpYy9lcnJvci5qc3AKICAgIC0gem9uZXM6CiAgICAgIC0gQVJHUwogICAgICB2YXJpYWJsZXM6CiAgICAgIC0gZXJyQ29kZQogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGxpYmluamVjdGlvblhTUwpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJaaW1icmEgQ29sbGFib3JhdGlvbiAoWkNTKSAtIENyb3NzIFNpdGUgU2NyaXB0aW5nIChDVkUtMjAyMi0yNzkyNikiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIyLTI3OTI2CiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS03OQ==", - "description": "Detect CVE-2022-27926 exploits ", + "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItMjc5MjYKZGVzY3JpcHRpb246ICJaaW1icmEgQ29sbGFib3JhdGlvbiBYU1MgKENWRS0yMDIyLTI3OTI2KSIKcnVsZXM6CiAgLSBhbmQ6CiAgICAtIHpvbmVzOgogICAgICAtIFVSSQogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVuZHNXaXRoCiAgICAgICAgdmFsdWU6IC9wdWJsaWMvZXJyb3IuanNwCiAgICAtIHpvbmVzOgogICAgICAtIEFSR1MKICAgICAgdmFyaWFibGVzOgogICAgICAtIGVyckNvZGUKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBsaWJpbmplY3Rpb25YU1MKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiWmltYnJhIENvbGxhYm9yYXRpb24gKFpDUykgLSBYU1MiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIyLTI3OTI2CiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS03OQ==", + "description": "Zimbra Collaboration XSS (CVE-2022-27926)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", @@ -262,7 +298,7 @@ "cwe.CWE-79" ], "confidence": 3, - "label": "Zimbra Collaboration (ZCS) - Cross Site Scripting (CVE-2022-27926)", + "label": "Zimbra Collaboration (ZCS) - XSS", "service": "http", "spoofable": 0, "type": "exploit" @@ -270,7 +306,7 @@ }, "crowdsecurity/vpatch-CVE-2022-35914": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2022-35914.yaml", - "version": "0.3", + "version": "0.5", "versions": { "0.1": { "digest": "6a04ea781b27eb568a1752e3e310ef59532f803fed829010fb5cf76225454bc5", @@ -283,10 +319,18 @@ "0.3": { "digest": "e1213758c850424b37cb6ff6360fc1e1a2f12af9284d77766b06ee8c58679656", "deprecated": false + }, + "0.4": { + "digest": "dca2dbd76392b220f527732266fd7b39b16e23cd7ec72665f022598325fc7988", + "deprecated": false + }, + "0.5": { + "digest": "ec12df461c9066584779c55e88d51a40f9e29b90a5b7f65f074a07af1584bbe5", + "deprecated": false } }, - "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItMzU5MTQKZGVzY3JpcHRpb246ICJEZXRlY3QgQ1ZFLTIwMjItMzU5MTQgZXhwbG9pdHMgIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogL3ZlbmRvci9odG1sYXdlZC9odG1sYXdlZC9odG1sYXdlZHRlc3QucGhwCgpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJHTFBJIDw9MTAuMC4yIC0gUmVtb3RlIENvbW1hbmQgRXhlY3V0aW9uIChDVkUtMjAyMi0zNTkxNCkiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIyLTM1OTE0CiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS03NA==", - "description": "Detect CVE-2022-35914 exploits ", + "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItMzU5MTQKZGVzY3JpcHRpb246ICJHTFBJIFJDRSAoQ1ZFLTIwMjItMzU5MTQpIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogL3ZlbmRvci9odG1sYXdlZC9odG1sYXdlZC9odG1sYXdlZHRlc3QucGhwCgpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJHTFBJIFJDRSIKICBjbGFzc2lmaWNhdGlvbjoKICAgLSBjdmUuQ1ZFLTIwMjItMzU5MTQKICAgLSBhdHRhY2suVDE1OTUKICAgLSBhdHRhY2suVDExOTAKICAgLSBjd2UuQ1dFLTc0", + "description": "GLPI RCE (CVE-2022-35914)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", @@ -297,7 +341,7 @@ "cwe.CWE-74" ], "confidence": 3, - "label": "GLPI \u003c=10.0.2 - Remote Command Execution (CVE-2022-35914)", + "label": "GLPI RCE", "service": "http", "spoofable": 0, "type": "exploit" @@ -305,15 +349,19 @@ }, "crowdsecurity/vpatch-CVE-2022-44877": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2022-44877.yaml", - "version": "0.1", + "version": "0.2", "versions": { "0.1": { "digest": "3c6baf947b513098784bb4cb9d03c2e19483dd48a7660db55ee77872dd903132", "deprecated": false + }, + "0.2": { + "digest": "717fe0d16947d200c0f9142ca667618c3984037f0775fda609326a87f90357d8", + "deprecated": false } }, - "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItNDQ4NzcKZGVzY3JpcHRpb246ICJEZXRlY3QgQ1ZFLTIwMjItNDQ4NzcgZXhwbG9pdHMgIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogL2xvZ2luL2luZGV4LnBocAogICAgLSB6b25lczoKICAgICAgLSBBUkdTCiAgICAgIHZhcmlhYmxlczoKICAgICAgLSBsb2dpbgogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiByZWdleAogICAgICAgIHZhbHVlOiAiW15hLXpBLVowLTlfLi1dKyIKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiQ2VudE9TIFdlYiBQYW5lbCA3IFJDRSAoQ1ZFLTIwMjItNDQ4NzcpIgogIGNsYXNzaWZpY2F0aW9uOgogICAtIGN2ZS5DVkUtMjAyMi00NDg3NwogICAtIGF0dGFjay5UMTU5NQogICAtIGF0dGFjay5UMTE5MAogICAtIGN3ZS5DV0UtNzg=", - "description": "Detect CVE-2022-44877 exploits ", + "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItNDQ4NzcKZGVzY3JpcHRpb246ICJDZW50T1MgV2ViIFBhbmVsIDcgUkNFIChDVkUtMjAyMi00NDg3NykiCnJ1bGVzOgogIC0gYW5kOgogICAgLSB6b25lczoKICAgICAgLSBVUkkKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlbmRzV2l0aAogICAgICAgIHZhbHVlOiAvbG9naW4vaW5kZXgucGhwCiAgICAtIHpvbmVzOgogICAgICAtIEFSR1MKICAgICAgdmFyaWFibGVzOgogICAgICAtIGxvZ2luCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IHJlZ2V4CiAgICAgICAgdmFsdWU6ICJbXmEtekEtWjAtOV8uLV0rIgpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJDZW50T1MgV2ViIFBhbmVsIDcgUkNFIgogIGNsYXNzaWZpY2F0aW9uOgogICAtIGN2ZS5DVkUtMjAyMi00NDg3NwogICAtIGF0dGFjay5UMTU5NQogICAtIGF0dGFjay5UMTE5MAogICAtIGN3ZS5DV0UtNzg=", + "description": "CentOS Web Panel 7 RCE (CVE-2022-44877)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", @@ -324,7 +372,7 @@ "cwe.CWE-78" ], "confidence": 3, - "label": "CentOS Web Panel 7 RCE (CVE-2022-44877)", + "label": "CentOS Web Panel 7 RCE", "service": "http", "spoofable": 0, "type": "exploit" @@ -332,7 +380,7 @@ }, "crowdsecurity/vpatch-CVE-2022-46169": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2022-46169.yaml", - "version": "0.3", + "version": "0.5", "versions": { "0.1": { "digest": "e251805a453d65934e5794cbb96ce34179ce20981a123103d814afdcbb788d00", @@ -345,10 +393,18 @@ "0.3": { "digest": "00ad3b04df93d2ea077b69ecfcc1156ad0262005ab9915b740f6fb0c08fe86a1", "deprecated": false + }, + "0.4": { + "digest": "01f9badf366abe7fc3572b8814139521f114e15d716ee06541076dae4670a0fa", + "deprecated": false + }, + "0.5": { + "digest": "b70ef73cc7e6c472e2a66ed981d434cc8678ab45d9409de1967613140f545140", + "deprecated": false } }, - "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItNDYxNjkKZGVzY3JpcHRpb246ICJEZXRlY3QgQ1ZFLTIwMjItNDYxNjkgZXhwbG9pdHMgIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogL3JlbW90ZV9hZ2VudC5waHAKICAgIC0gem9uZXM6CiAgICAgIC0gQVJHUwogICAgICB2YXJpYWJsZXM6CiAgICAgIC0gcG9sbGVyX2lkCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IHJlZ2V4CiAgICAgICAgdmFsdWU6ICJbXmEtekEtWjAtOV9dIgoKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiQ2FjdGkgPD0xLjIuMjIgLSBSZW1vdGUgQ29tbWFuZCBJbmplY3Rpb24gKENWRS0yMDIyLTQ2MTY5KSIKICBjbGFzc2lmaWNhdGlvbjoKICAgLSBjdmUuQ1ZFLTIwMjItNDYxNjkKICAgLSBhdHRhY2suVDE1OTUKICAgLSBhdHRhY2suVDExOTAKICAgLSBjd2UuQ1dFLTc0CiAgIC0gY3dlLkNXRS03NwogICAtIGN3ZS5DV0UtNzgKICAgLSBjd2UuQ1dFLTg2Mw==", - "description": "Detect CVE-2022-46169 exploits ", + "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjItNDYxNjkKZGVzY3JpcHRpb246ICJDYWN0aSBSQ0UgKENWRS0yMDIyLTQ2MTY5KSIKcnVsZXM6CiAgLSBhbmQ6CiAgICAtIHpvbmVzOgogICAgICAtIFVSSQogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVuZHNXaXRoCiAgICAgICAgdmFsdWU6IC9yZW1vdGVfYWdlbnQucGhwCiAgICAtIHpvbmVzOgogICAgICAtIEFSR1MKICAgICAgdmFyaWFibGVzOgogICAgICAtIHBvbGxlcl9pZAogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiByZWdleAogICAgICAgIHZhbHVlOiAiW15hLXpBLVowLTlfXSIKCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIkNhY3RpIDw9MS4yLjIyIC0gUkNFIgogIGNsYXNzaWZpY2F0aW9uOgogICAtIGN2ZS5DVkUtMjAyMi00NjE2OQogICAtIGF0dGFjay5UMTU5NQogICAtIGF0dGFjay5UMTE5MAogICAtIGN3ZS5DV0UtNzQKICAgLSBjd2UuQ1dFLTc3CiAgIC0gY3dlLkNXRS03OAogICAtIGN3ZS5DV0UtODYz", + "description": "Cacti RCE (CVE-2022-46169)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", @@ -362,7 +418,7 @@ "cwe.CWE-863" ], "confidence": 3, - "label": "Cacti \u003c=1.2.22 - Remote Command Injection (CVE-2022-46169)", + "label": "Cacti \u003c=1.2.22 - RCE", "service": "http", "spoofable": 0, "type": "exploit" @@ -370,7 +426,7 @@ }, "crowdsecurity/vpatch-CVE-2023-20198": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-20198.yaml", - "version": "0.4", + "version": "0.6", "versions": { "0.1": { "digest": "100fe7c75a8b557d6ad35bc8712b996d9366631dda64d8a72e245293773ef2ae", @@ -387,10 +443,18 @@ "0.4": { "digest": "4d5339081ffa687619f13b3480984e056f64cab397154c187470ef1144a5fed3", "deprecated": false + }, + "0.5": { + "digest": "c4356c6967555f649c5ce02078d5f64c5a3905004519072d7c9c36ee638a66ba", + "deprecated": false + }, + "0.6": { + "digest": "a14a7f74314729684f6c0bcaee613779d83b4dd58555f763cfb1c10f37349781", + "deprecated": false } }, - "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjAxOTgKZGVzY3JpcHRpb246ICJEZXRlY3QgQ1ZFLTIwMjMtMjAxOTggZXhwbG9pdHMgIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogLyU3N2VidWlfd3NtYV9odHRwcwogICAgLSB6b25lczoKICAgICAgLSBNRVRIT0QKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6IFBPU1QKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiQ0lTQ08gSU9TIFhFIGFjY291bnQgY3JlYXRpb24gKENWRS0yMDIzLTIwMTk4KSIKICBjbGFzc2lmaWNhdGlvbjoKICAgLSBjdmUuQ1ZFLTIwMjMtMjAxOTgKICAgLSBhdHRhY2suVDE1OTUKICAgLSBhdHRhY2suVDExOTAKICAgLSBjd2UuQ1dFLTI4Nw==", - "description": "Detect CVE-2023-20198 exploits ", + "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjAxOTgKZGVzY3JpcHRpb246ICJDSVNDTyBJT1MgWEUgQWNjb3VudCBDcmVhdGlvbiAoQ1ZFLTIwMjMtMjAxOTgpIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogLyU3N2VidWlfd3NtYV9odHRwcwogICAgLSB6b25lczoKICAgICAgLSBNRVRIT0QKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6IFBPU1QKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiQ0lTQ08gSU9TIFhFIGFjY291bnQgY3JlYXRpb24iCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIzLTIwMTk4CiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS0yODc=", + "description": "CISCO IOS XE Account Creation (CVE-2023-20198)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", @@ -401,7 +465,7 @@ "cwe.CWE-287" ], "confidence": 3, - "label": "CISCO IOS XE account creation (CVE-2023-20198)", + "label": "CISCO IOS XE account creation", "service": "http", "spoofable": 0, "type": "exploit" @@ -409,7 +473,7 @@ }, "crowdsecurity/vpatch-CVE-2023-22515": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-22515.yaml", - "version": "0.3", + "version": "0.4", "versions": { "0.1": { "digest": "dc6fc69ee52353cef3ea5563dbccd5b73dae0924e0bf13e38550768a23eeee8c", @@ -422,10 +486,14 @@ "0.3": { "digest": "16d7f6ff1913304df2a270b3a27ba5d1165be8e3c7978489cfb9338875bb4d42", "deprecated": false + }, + "0.4": { + "digest": "8bf6511a6046718e06db86f0ffbaf0a8e636e62b3bc700fc8869919b70111698", + "deprecated": false } }, - "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjI1MTUKZGVzY3JpcHRpb246ICJEZXRlY3QgQ1ZFLTIwMjMtMjI1MTUgZXhwbG9pdHMgIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogL3NldHVwL3NldHVwYWRtaW5pc3RyYXRvci5hY3Rpb24KICAgIC0gem9uZXM6CiAgICAgIC0gTUVUSE9ECiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiBQT1NUCiAgICAtIHpvbmVzOgogICAgICAtIEhFQURFUlMKICAgICAgdmFyaWFibGVzOgogICAgICAgLSB4LWF0bGFzc2lhbi10b2tlbgogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiAibm8tY2hlY2siCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIkF0bGFzc2lhbiBDb25mbHVlbmNlIFByaXZlc2MgKENWRS0yMDIzLTIyNTE1KSIKICBjbGFzc2lmaWNhdGlvbjoKICAgLSBjdmUuQ1ZFLTIwMjMtMjI1MTUKICAgLSBhdHRhY2suVDE1OTUKICAgLSBhdHRhY2suVDExOTAKICAgLSBjd2UuQ1dFLTI4NA==", - "description": "Detect CVE-2023-22515 exploits ", + "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjI1MTUKZGVzY3JpcHRpb246ICJBdGxhc3NpYW4gQ29uZmx1ZW5jZSBQcml2ZXNjIChDVkUtMjAyMy0yMjUxNSkiCnJ1bGVzOgogIC0gYW5kOgogICAgLSB6b25lczoKICAgICAgLSBVUkkKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlbmRzV2l0aAogICAgICAgIHZhbHVlOiAvc2V0dXAvc2V0dXBhZG1pbmlzdHJhdG9yLmFjdGlvbgogICAgLSB6b25lczoKICAgICAgLSBNRVRIT0QKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6IFBPU1QKICAgIC0gem9uZXM6CiAgICAgIC0gSEVBREVSUwogICAgICB2YXJpYWJsZXM6CiAgICAgICAtIHgtYXRsYXNzaWFuLXRva2VuCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6ICJuby1jaGVjayIKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiQXRsYXNzaWFuIENvbmZsdWVuY2UgUHJpdmVzYyIKICBjbGFzc2lmaWNhdGlvbjoKICAgLSBjdmUuQ1ZFLTIwMjMtMjI1MTUKICAgLSBhdHRhY2suVDE1OTUKICAgLSBhdHRhY2suVDExOTAKICAgLSBjd2UuQ1dFLTI4NA==", + "description": "Atlassian Confluence Privesc (CVE-2023-22515)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", @@ -436,7 +504,7 @@ "cwe.CWE-284" ], "confidence": 3, - "label": "Atlassian Confluence Privesc (CVE-2023-22515)", + "label": "Atlassian Confluence Privesc", "service": "http", "spoofable": 0, "type": "exploit" @@ -444,15 +512,19 @@ }, "crowdsecurity/vpatch-CVE-2023-24489": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-24489.yaml", - "version": "0.1", + "version": "0.2", "versions": { "0.1": { "digest": "c7ec7c49ee24ba7ba855e3ae256ec2d128b51c7771d676dc150aa3cc060ca785", "deprecated": false + }, + "0.2": { + "digest": "16e398688d669dbf5181718b18338df2baf906212e563749ce5d0041a56543dd", + "deprecated": false } }, - "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjQ0ODkKZGVzY3JpcHRpb246ICJEZXRlY3QgQ1ZFLTIwMjMtMjQ0ODkgZXhwbG9pdHMgIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogL2RvY3VtZW50dW0vdXBsb2FkLmFzcHgKICAgIC0gem9uZXM6CiAgICAgIC0gTUVUSE9ECiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiBQT1NUCiAgICAtIHpvbmVzOgogICAgICAtIEFSR1MKICAgICAgdmFyaWFibGVzOgogICAgICAgLSB1cGxvYWRpZAogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBjb250YWlucwogICAgICAgIHZhbHVlOiAiLi4iCiAgICAtIHpvbmVzOgogICAgICAtIFJBV19CT0RZCiNpdCBzZWVtcyAnUGFnZV9Mb2FkJyBpcyB0aGUgaGFuZGxlciB0aGF0IGNhbiBiZSBhYnVzZWQsIG1heWJlIHNvbWUgb3RoZXJzIGNhbj8KICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogY29udGFpbnMKICAgICAgICB2YWx1ZTogIlBhZ2VfTG9hZCIKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiQ2l0cml4IFNoYXJlRmlsZSBSQ0UgKENWRS0yMDIzLTI0NDg5KSIKICBjbGFzc2lmaWNhdGlvbjoKICAgLSBjdmUuQ1ZFLTIwMjMtMjQ0ODkKICAgLSBhdHRhY2suVDE1OTUKICAgLSBhdHRhY2suVDExOTAKICAgLSBjd2UuQ1dFLTI4NA==", - "description": "Detect CVE-2023-24489 exploits ", + "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMjQ0ODkKZGVzY3JpcHRpb246ICJDaXRyaXggU2hhcmVGaWxlIFJDRSAoQ1ZFLTIwMjMtMjQ0ODkpIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogL2RvY3VtZW50dW0vdXBsb2FkLmFzcHgKICAgIC0gem9uZXM6CiAgICAgIC0gTUVUSE9ECiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiBQT1NUCiAgICAtIHpvbmVzOgogICAgICAtIEFSR1MKICAgICAgdmFyaWFibGVzOgogICAgICAgLSB1cGxvYWRpZAogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBjb250YWlucwogICAgICAgIHZhbHVlOiAiLi4iCiAgICAtIHpvbmVzOgogICAgICAtIFJBV19CT0RZCiNpdCBzZWVtcyAnUGFnZV9Mb2FkJyBpcyB0aGUgaGFuZGxlciB0aGF0IGNhbiBiZSBhYnVzZWQsIG1heWJlIHNvbWUgb3RoZXJzIGNhbj8KICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogY29udGFpbnMKICAgICAgICB2YWx1ZTogIlBhZ2VfTG9hZCIKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiQ2l0cml4IFNoYXJlRmlsZSBSQ0UiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIzLTI0NDg5CiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS0yODQ=", + "description": "Citrix ShareFile RCE (CVE-2023-24489)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", @@ -463,7 +535,7 @@ "cwe.CWE-284" ], "confidence": 3, - "label": "Citrix ShareFile RCE (CVE-2023-24489)", + "label": "Citrix ShareFile RCE", "service": "http", "spoofable": 0, "type": "exploit" @@ -471,7 +543,7 @@ }, "crowdsecurity/vpatch-CVE-2023-33617": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-33617.yaml", - "version": "0.3", + "version": "0.4", "versions": { "0.1": { "digest": "27d605f7f1aa991127741c047ca8c4af1e0113feafb2073fd9aa04793c311d6e", @@ -484,10 +556,14 @@ "0.3": { "digest": "399c24c2222b455a5e9030ad0a31b58261e62724051655f7b98be4cdc8cc96d3", "deprecated": false + }, + "0.4": { + "digest": "2c5a0d6ffd19c4d14b691c51028dab5a3a32280bb6ec6943ef60e0e105ee8647", + "deprecated": false } }, - "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzM2MTcKZGVzY3JpcHRpb246ICJEZXRlY3QgQ1ZFLTIwMjMtMzM2MTcgZXhwbG9pdHMgIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gTUVUSE9ECiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6IHBvc3QKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogL2JvYWZvcm0vYWRtaW4vZm9ybWxvZ2luCiAgICAtIHpvbmVzOgogICAgICAtIEJPRFlfQVJHUwogICAgICB2YXJpYWJsZXM6CiAgICAgICAtIHVzZXJuYW1lCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6ICJhZG1pbiIKICAgIC0gem9uZXM6CiAgICAgIC0gQk9EWV9BUkdTCiAgICAgIHZhcmlhYmxlczoKICAgICAgIC0gcHNkCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6ICJwYXJrcyIKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gTUVUSE9ECiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiBQT1NUCiAgICAtIHpvbmVzOgogICAgICAtIFVSSQogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVuZHNXaXRoCiAgICAgICAgdmFsdWU6IC9ib2Fmb3JtL2FkbWluL2Zvcm1waW5nCiAgICAtIHpvbmVzOgogICAgICAtIEJPRFlfQVJHUwogICAgICB2YXJpYWJsZXM6CiAgICAgIC0gdGFyZ2V0X2FkZHIKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiByZWdleAogICAgICAgIHZhbHVlOiAiW15hLWYwLTk6Ll0rIgpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJBdGxhc3NpYW4gQ29uZmx1ZW5jZSBQcml2ZXNjIChDVkUtMjAyMy0zMzYxNykiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIzLTMzNjE3CiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS03OA==", - "description": "Detect CVE-2023-33617 exploits ", + "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzM2MTcKZGVzY3JpcHRpb246ICJBdGxhc3NpYW4gQ29uZmx1ZW5jZSBQcml2ZXNjIChDVkUtMjAyMy0zMzYxNykiCnJ1bGVzOgogIC0gYW5kOgogICAgLSB6b25lczoKICAgICAgLSBNRVRIT0QKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogcG9zdAogICAgLSB6b25lczoKICAgICAgLSBVUkkKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlbmRzV2l0aAogICAgICAgIHZhbHVlOiAvYm9hZm9ybS9hZG1pbi9mb3JtbG9naW4KICAgIC0gem9uZXM6CiAgICAgIC0gQk9EWV9BUkdTCiAgICAgIHZhcmlhYmxlczoKICAgICAgIC0gdXNlcm5hbWUKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogImFkbWluIgogICAgLSB6b25lczoKICAgICAgLSBCT0RZX0FSR1MKICAgICAgdmFyaWFibGVzOgogICAgICAgLSBwc2QKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogInBhcmtzIgogIC0gYW5kOgogICAgLSB6b25lczoKICAgICAgLSBNRVRIT0QKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6IFBPU1QKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogL2JvYWZvcm0vYWRtaW4vZm9ybXBpbmcKICAgIC0gem9uZXM6CiAgICAgIC0gQk9EWV9BUkdTCiAgICAgIHZhcmlhYmxlczoKICAgICAgLSB0YXJnZXRfYWRkcgogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IHJlZ2V4CiAgICAgICAgdmFsdWU6ICJbXmEtZjAtOTouXSsiCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIkF0bGFzc2lhbiBDb25mbHVlbmNlIFByaXZlc2MiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIzLTMzNjE3CiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS03OA==", + "description": "Atlassian Confluence Privesc (CVE-2023-33617)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", @@ -498,7 +574,7 @@ "cwe.CWE-78" ], "confidence": 3, - "label": "Atlassian Confluence Privesc (CVE-2023-33617)", + "label": "Atlassian Confluence Privesc", "service": "http", "spoofable": 0, "type": "exploit" @@ -506,7 +582,7 @@ }, "crowdsecurity/vpatch-CVE-2023-34362": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-34362.yaml", - "version": "0.4", + "version": "0.6", "versions": { "0.1": { "digest": "b032c0e88f383ffb1228287b53f61443eb9c91db1cd730c4e10dd42bf44d86d9", @@ -523,10 +599,18 @@ "0.4": { "digest": "1af2e304188e802a2aedc45557e41c2e6debac3d8246ec1e44d57f7d664c9677", "deprecated": false + }, + "0.5": { + "digest": "bc1e444bcbe52474d0a3d9dd7293681d0a6ca0a034cded87e095460403985b9d", + "deprecated": false + }, + "0.6": { + "digest": "db7744c5124e1531f5c3e141df01fa6dedd5c88cccefb32e5e38206820807c27", + "deprecated": false } }, - "content": "Cm5hbWU6IGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTM0MzYyCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IENWRS0yMDIzLTM0MzYyIGV4cGxvaXRzICIKcnVsZXM6CiAgLSBhbmQ6CiAgICAtIHpvbmVzOgogICAgICAtIFVSSQogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiAvbW92ZWl0aXNhcGkvbW92ZWl0aXNhcGkuZGxsCiAgICAtIHpvbmVzOgogICAgICAtIEFSR1MKICAgICAgdmFyaWFibGVzOgogICAgICAtIGFjdGlvbgogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogbTIKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGxvd2VyY2FzZQogICAgLSB6b25lczoKICAgICAgLSBNRVRIT0QKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6IFBPU1QKICAgIC0gem9uZXM6CiAgICAgIC0gSEVBREVSU19OQU1FUwogICAgICB0cmFuc2Zvcm06CiAgICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6ICd4LXNpbG9jay10cmFuc2FjdGlvbicKICAgIC0gem9uZXM6CiAgICAgIC0gSEVBREVSU19OQU1FUwogICAgICB0cmFuc2Zvcm06CiAgICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiByZWdleAogICAgICAgIHZhbHVlOiAnLit4LXNpbG9jay10cmFuc2FjdGlvbicKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiTU9WRWl0IFRyYW5zZmVyIC0gUmVtb3RlIENvZGUgRXhlY3V0aW9uIChDVkUtMjAyMy0zNDM2MikiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIzLTM0MzYyCiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS04OQ==", - "description": "Detect CVE-2023-34362 exploits ", + "content": "Cm5hbWU6IGNyb3dkc2VjdXJpdHkvdnBhdGNoLUNWRS0yMDIzLTM0MzYyCmRlc2NyaXB0aW9uOiAiTU9WRWl0IFRyYW5zZmVyIFJDRSAoQ1ZFLTIwMjMtMzQzNjIpIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6IC9tb3ZlaXRpc2FwaS9tb3ZlaXRpc2FwaS5kbGwKICAgIC0gem9uZXM6CiAgICAgIC0gQVJHUwogICAgICB2YXJpYWJsZXM6CiAgICAgIC0gYWN0aW9uCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiBtMgogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAtIHpvbmVzOgogICAgICAtIE1FVEhPRAogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogUE9TVAogICAgLSB6b25lczoKICAgICAgLSBIRUFERVJTX05BTUVTCiAgICAgIHRyYW5zZm9ybToKICAgICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogJ3gtc2lsb2NrLXRyYW5zYWN0aW9uJwogICAgLSB6b25lczoKICAgICAgLSBIRUFERVJTX05BTUVTCiAgICAgIHRyYW5zZm9ybToKICAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IHJlZ2V4CiAgICAgICAgdmFsdWU6ICcuK3gtc2lsb2NrLXRyYW5zYWN0aW9uJwpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJNT1ZFaXQgVHJhbnNmZXIgUkNFIgogIGNsYXNzaWZpY2F0aW9uOgogICAtIGN2ZS5DVkUtMjAyMy0zNDM2MgogICAtIGF0dGFjay5UMTU5NQogICAtIGF0dGFjay5UMTE5MAogICAtIGN3ZS5DV0UtODk=", + "description": "MOVEit Transfer RCE (CVE-2023-34362)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", @@ -537,7 +621,7 @@ "cwe.CWE-89" ], "confidence": 3, - "label": "MOVEit Transfer - Remote Code Execution (CVE-2023-34362)", + "label": "MOVEit Transfer RCE", "service": "http", "spoofable": 0, "type": "exploit" @@ -545,7 +629,7 @@ }, "crowdsecurity/vpatch-CVE-2023-3519": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-3519.yaml", - "version": "0.2", + "version": "0.3", "versions": { "0.1": { "digest": "459cd434b8da480eaa0bfbbefc9806ca8c445a64757cbd339f1f7b6b32082f6f", @@ -554,10 +638,14 @@ "0.2": { "digest": "57441c54adbcb8cd88ba205b1f1358dfc10c1779662efe7e9854469b986c5f54", "deprecated": false + }, + "0.3": { + "digest": "8cc7bb6fd0d71871b7fb1f891182d3a12273dd507c1d59c7539dc620de6c70c4", + "deprecated": false } }, - "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzUxOQpkZXNjcmlwdGlvbjogIkRldGVjdCBDVkUtMjAyMy0zNTE5IGV4cGxvaXRzICIKcnVsZXM6CiAgLSBhbmQ6CiAgICAtIHpvbmVzOgogICAgICAtIE1FVEhPRAogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogR0VUCiAgICAtIHpvbmVzOgogICAgICAtIFVSSQogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVuZHNXaXRoCiAgICAgICAgdmFsdWU6IC9nd3Rlc3QvZm9ybXNzc28KICAgIC0gem9uZXM6CiAgICAgIC0gQVJHUwogICAgICB2YXJpYWJsZXM6CiAgICAgICAtIHRhcmdldAogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbGVuZ3RoCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGd0ZQogICAgICAgIHZhbHVlOiAxMDAKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiQ2l0cml4IFJDRSAoQ1ZFLTIwMjMtMzUxOSkiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIzLTM1MTkKICAgLSBhdHRhY2suVDE1OTUKICAgLSBhdHRhY2suVDExOTAKICAgLSBjd2UuQ1dFLTk0", - "description": "Detect CVE-2023-3519 exploits ", + "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzUxOQpkZXNjcmlwdGlvbjogIkNpdHJpeCBSQ0UgKENWRS0yMDIzLTM1MTkpIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gTUVUSE9ECiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiBHRVQKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogL2d3dGVzdC9mb3Jtc3NzbwogICAgLSB6b25lczoKICAgICAgLSBBUkdTCiAgICAgIHZhcmlhYmxlczoKICAgICAgIC0gdGFyZ2V0CiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsZW5ndGgKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZ3RlCiAgICAgICAgdmFsdWU6IDEwMApsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJDaXRyaXggUkNFIgogIGNsYXNzaWZpY2F0aW9uOgogICAtIGN2ZS5DVkUtMjAyMy0zNTE5CiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS05NA==", + "description": "Citrix RCE (CVE-2023-3519)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", @@ -568,7 +656,7 @@ "cwe.CWE-94" ], "confidence": 3, - "label": "Citrix RCE (CVE-2023-3519)", + "label": "Citrix RCE", "service": "http", "spoofable": 0, "type": "exploit" @@ -576,15 +664,23 @@ }, "crowdsecurity/vpatch-CVE-2023-38205": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-38205.yaml", - "version": "0.1", + "version": "0.3", "versions": { "0.1": { "digest": "d2c3666c0a337304d92b737ca02ad1aed164e31439eb6596a848688f0c27b178", "deprecated": false + }, + "0.2": { + "digest": "5403b1146ab6a652b31c572f07863ce284d63a6c6a26d254a3c064de0479cb26", + "deprecated": false + }, + "0.3": { + "digest": "43a1a41cff1a160eeeb468b52a5fcc2889ee917a4db0396e42c8d6219fdb60c4", + "deprecated": false } }, - "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzgyMDUKZGVzY3JpcHRpb246ICJEZXRlY3QgQ1ZFLTIwMjMtMzgyMDUgZXhwbG9pdHMgIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogY29udGFpbnMKICAgICAgICB2YWx1ZTogLi5jZmlkZS93aXphcmRzL2NvbW1vbi8KbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiQWRvYmUgQ29sZEZ1c2lvbiBhY2Nlc3MgY29udHJvbCBieXBhc3MgKENWRS0yMDIzLTM4MjA1KSIKICBjbGFzc2lmaWNhdGlvbjoKICAgLSBjdmUuQ1ZFLTIwMjMtMzgyMDUKICAgLSBhdHRhY2suVDE1OTUKICAgLSBhdHRhY2suVDExOTAKICAgLSBjd2UuQ1dFLTI4NA==", - "description": "Detect CVE-2023-38205 exploits ", + "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtMzgyMDUKZGVzY3JpcHRpb246ICJBZG9iZSBDb2xkRnVzaW9uIEFjY2VzcyBDb250cm9sIEJ5cGFzcyAoQ1ZFLTIwMjMtMzgyMDUpIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogY29udGFpbnMKICAgICAgICB2YWx1ZTogLi5jZmlkZS93aXphcmRzL2NvbW1vbi8KbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiQWRvYmUgQ29sZEZ1c2lvbiBBY2Nlc3MgQ29udHJvbCBCeXBhc3MiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIzLTM4MjA1CiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS0yODQ=", + "description": "Adobe ColdFusion Access Control Bypass (CVE-2023-38205)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", @@ -595,7 +691,7 @@ "cwe.CWE-284" ], "confidence": 3, - "label": "Adobe ColdFusion access control bypass (CVE-2023-38205)", + "label": "Adobe ColdFusion Access Control Bypass", "service": "http", "spoofable": 0, "type": "exploit" @@ -603,7 +699,7 @@ }, "crowdsecurity/vpatch-CVE-2023-40044": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-40044.yaml", - "version": "0.2", + "version": "0.3", "versions": { "0.1": { "digest": "2e8db7d8cb223e1cb1a57c4621b1720d88174c3398183948c8901645f78ee338", @@ -612,10 +708,14 @@ "0.2": { "digest": "e49809530908e16a9628fece23d934be09d9756fc64f795d7311e70565a2f32e", "deprecated": false + }, + "0.3": { + "digest": "a32dec2d2ccf399ab0b9bc86dfeb48b7b11037ca617ea8e4ffbce02ed467247b", + "deprecated": false } }, - "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNDAwNDQKZGVzY3JpcHRpb246ICJEZXRlY3QgQ1ZFLTIwMjMtNDAwNDQgZXhwbG9pdHMgIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogL2FodC8KICAgIC0gem9uZXM6CiAgICAgIC0gTUVUSE9ECiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVxdWFscwogICAgICAgIHZhbHVlOiBQT1NUCiAgICAtIHpvbmVzOgogICAgICAtIEJPRFlfQVJHUwogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gYjY0ZGVjb2RlCiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGNvbnRhaW5zCiAgICAgICAgdmFsdWU6ICI8czpzdHJpbmc+Y21kPC9zOnN0cmluZz4iCmxhYmVsczoKICB0eXBlOiBleHBsb2l0CiAgc2VydmljZTogaHR0cAogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIldTX0ZUUCAuTkVUIGRlc2VyaWFsaXplIFJDRSAoQ1ZFLTIwMjMtNDAwNDQpIgogIGNsYXNzaWZpY2F0aW9uOgogICAtIGN2ZS5DVkUtMjAyMy00MDA0NAogICAtIGF0dGFjay5UMTU5NQogICAtIGF0dGFjay5UMTE5MAogICAtIGN3ZS5DV0UtNTAyCgoK", - "description": "Detect CVE-2023-40044 exploits ", + "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNDAwNDQKZGVzY3JpcHRpb246ICJXU19GVFAgLk5FVCBkZXNlcmlhbGl6ZSBSQ0UgKENWRS0yMDIzLTQwMDQ0KSIKcnVsZXM6CiAgLSBhbmQ6CiAgICAtIHpvbmVzOgogICAgICAtIFVSSQogICAgICB0cmFuc2Zvcm06CiAgICAgIC0gbG93ZXJjYXNlCiAgICAgIG1hdGNoOgogICAgICAgIHR5cGU6IGVuZHNXaXRoCiAgICAgICAgdmFsdWU6IC9haHQvCiAgICAtIHpvbmVzOgogICAgICAtIE1FVEhPRAogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBlcXVhbHMKICAgICAgICB2YWx1ZTogUE9TVAogICAgLSB6b25lczoKICAgICAgLSBCT0RZX0FSR1MKICAgICAgdHJhbnNmb3JtOgogICAgICAtIGI2NGRlY29kZQogICAgICAtIGxvd2VyY2FzZQogICAgICBtYXRjaDoKICAgICAgICB0eXBlOiBjb250YWlucwogICAgICAgIHZhbHVlOiAiPHM6c3RyaW5nPmNtZDwvczpzdHJpbmc+IgpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJXU19GVFAgLk5FVCBkZXNlcmlhbGl6ZSBSQ0UiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIzLTQwMDQ0CiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS01MDIKCgo=", + "description": "WS_FTP .NET deserialize RCE (CVE-2023-40044)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", @@ -626,7 +726,7 @@ "cwe.CWE-502" ], "confidence": 3, - "label": "WS_FTP .NET deserialize RCE (CVE-2023-40044)", + "label": "WS_FTP .NET deserialize RCE", "service": "http", "spoofable": 0, "type": "exploit" @@ -634,15 +734,23 @@ }, "crowdsecurity/vpatch-CVE-2023-42793": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-42793.yaml", - "version": "0.1", + "version": "0.3", "versions": { "0.1": { "digest": "86fb6a193e9799612bf00b67894f7aabe4482f024a012f305b2cfa910384aa73", "deprecated": false + }, + "0.2": { + "digest": "7e7078b0858ea9d8d32c2f9fa9f6879b2322c7b4da1558f9a60708b129dfc1ef", + "deprecated": false + }, + "0.3": { + "digest": "c5440ec9305b7dcd1afd0c3d414b5558eb4ab8e64b41acf7ff2427330eabe91a", + "deprecated": false } }, - "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNDI3OTMKZGVzY3JpcHRpb246ICJEZXRlY3QgQ1ZFLTIwMjMtNDI3OTMiCnJ1bGVzOgogIC0gem9uZXM6CiAgICAtIFVSSQogICAgdHJhbnNmb3JtOgogICAgLSBsb3dlcmNhc2UKICAgIG1hdGNoOgogICAgICB0eXBlOiBlbmRzV2l0aAogICAgICB2YWx1ZTogL3JwYzIKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiSmV0QnJhaW5zIFRlYW1jaXR5IGF1dGggYnlwYXNzIChDVkUtMjAyMy00Mjc5MykiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIzLTQyNzkzCiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS0yODgK", - "description": "Detect CVE-2023-42793", + "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNDI3OTMKZGVzY3JpcHRpb246ICJKZXRCcmFpbnMgVGVhbWNpdHkgQXV0aCBCeXBhc3MgKENWRS0yMDIzLTQyNzkzKSIKcnVsZXM6CiAgLSB6b25lczoKICAgIC0gVVJJCiAgICB0cmFuc2Zvcm06CiAgICAtIGxvd2VyY2FzZQogICAgbWF0Y2g6CiAgICAgIHR5cGU6IGVuZHNXaXRoCiAgICAgIHZhbHVlOiAvcnBjMgpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHNlcnZpY2U6IGh0dHAKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJKZXRCcmFpbnMgVGVhbWNpdHkgQXV0aCBCeXBhc3MiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIzLTQyNzkzCiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS0yODgK", + "description": "JetBrains Teamcity Auth Bypass (CVE-2023-42793)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", @@ -653,7 +761,7 @@ "cwe.CWE-288" ], "confidence": 3, - "label": "JetBrains Teamcity auth bypass (CVE-2023-42793)", + "label": "JetBrains Teamcity Auth Bypass", "service": "http", "spoofable": 0, "type": "exploit" @@ -661,7 +769,7 @@ }, "crowdsecurity/vpatch-CVE-2023-50164": { "path": "appsec-rules/crowdsecurity/vpatch-CVE-2023-50164.yaml", - "version": "0.2", + "version": "0.4", "versions": { "0.1": { "digest": "2af3917de29ccf7f71d43b78502602568b2d4582769e62ffb9c195fcfab33e90", @@ -670,10 +778,18 @@ "0.2": { "digest": "05c4eb4526d99bc0c9cbefbcc60e2fde6f93f5b0f41ea500565f791ae57ed67e", "deprecated": false + }, + "0.3": { + "digest": "fb7280f1aa638812e942985a0a061bc94bac1a5381e57eb764f447d72a8f09d0", + "deprecated": false + }, + "0.4": { + "digest": "139eed3def5189d40e3f5e7d613c17ea40141c5707c0094735a41f03d609fc32", + "deprecated": false } }, - "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNTAxNjQKZGVzY3JpcHRpb246ICJEZXRlY3QgQ1ZFLTIwMjMtNTAxNjQgZXhwbG9pdHMgIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogdXBsb2FkLmFjdGlvbgogICAgLSB6b25lczoKICAgICAgLSBNRVRIT0QKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6IFBPU1QKICAgIC0gem9uZXM6CiAgICAgIC0gQk9EWV9BUkdTCiAgICAgIC0gQVJHUwogICAgICB2YXJpYWJsZXM6CiAgICAgIC0gdXBsb2FkRmlsZU5hbWUKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogY29udGFpbnMKICAgICAgICB2YWx1ZTogIi4uLyIKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiQXBhY2hlIFN0cnV0czIgKENWRS0yMDIzLTUwMTY0KSIKICBjbGFzc2lmaWNhdGlvbjoKICAgLSBjdmUuQ1ZFLTIwMjMtNTAxNjQKICAgLSBhdHRhY2suVDE1OTUKICAgLSBhdHRhY2suVDExOTAKICAgLSBjd2UuQ1dFLTU1MgoKCg==", - "description": "Detect CVE-2023-50164 exploits ", + "content": "bmFtZTogY3Jvd2RzZWN1cml0eS92cGF0Y2gtQ1ZFLTIwMjMtNTAxNjQKZGVzY3JpcHRpb246ICJBcGFjaGUgU3RydXRzMiBQYXRoIFRyYXZlcnNhbCAoQ1ZFLTIwMjMtNTAxNjQpIgpydWxlczoKICAtIGFuZDoKICAgIC0gem9uZXM6CiAgICAgIC0gVVJJCiAgICAgIHRyYW5zZm9ybToKICAgICAgLSBsb3dlcmNhc2UKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZW5kc1dpdGgKICAgICAgICB2YWx1ZTogdXBsb2FkLmFjdGlvbgogICAgLSB6b25lczoKICAgICAgLSBNRVRIT0QKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogZXF1YWxzCiAgICAgICAgdmFsdWU6IFBPU1QKICAgIC0gem9uZXM6CiAgICAgIC0gQk9EWV9BUkdTCiAgICAgIC0gQVJHUwogICAgICB2YXJpYWJsZXM6CiAgICAgIC0gdXBsb2FkRmlsZU5hbWUKICAgICAgbWF0Y2g6CiAgICAgICAgdHlwZTogY29udGFpbnMKICAgICAgICB2YWx1ZTogIi4uLyIKbGFiZWxzOgogIHR5cGU6IGV4cGxvaXQKICBzZXJ2aWNlOiBodHRwCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiQXBhY2hlIFN0cnV0czIgUGF0aCBUcmF2ZXJzYWwiCiAgY2xhc3NpZmljYXRpb246CiAgIC0gY3ZlLkNWRS0yMDIzLTUwMTY0CiAgIC0gYXR0YWNrLlQxNTk1CiAgIC0gYXR0YWNrLlQxMTkwCiAgIC0gY3dlLkNXRS01NTIKCgo=", + "description": "Apache Struts2 Path Traversal (CVE-2023-50164)", "author": "crowdsecurity", "labels": { "behavior": "http:exploit", @@ -684,7 +800,7 @@ "cwe.CWE-552" ], "confidence": 3, - "label": "Apache Struts2 (CVE-2023-50164)", + "label": "Apache Struts2 Path Traversal", "service": "http", "spoofable": 0, "type": "exploit" diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2017-9841.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2017-9841.yaml index 68ffa64338f..5cfd4ceb095 100644 --- a/appsec-rules/crowdsecurity/vpatch-CVE-2017-9841.yaml +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2017-9841.yaml @@ -1,5 +1,5 @@ name: crowdsecurity/vpatch-CVE-2017-9841 -description: "Detect CVE-2017-9841 exploits " +description: "PHPUnit RCE (CVE-2017-9841)" rules: - and: - zones: @@ -15,7 +15,7 @@ labels: confidence: 3 spoofable: 0 behavior: "http:exploit" - label: "PHPUnit RCE (CVE-2017-9841)" + label: "PHPUnit RCE" classification: - cve.CVE-2017-9841 - attack.T1595 diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2019-12989.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2019-12989.yaml index 6611e1ed838..23e818c0c67 100644 --- a/appsec-rules/crowdsecurity/vpatch-CVE-2019-12989.yaml +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2019-12989.yaml @@ -1,5 +1,5 @@ name: crowdsecurity/vpatch-CVE-2019-12989 -description: "Detect CVE-2019-12989 exploits " +description: "Citrix SQLi (CVE-2019-12989)" rules: - and: - zones: @@ -35,7 +35,7 @@ labels: confidence: 3 spoofable: 0 behavior: "http:exploit" - label: "citrix SQLi (CVE-2019-12989)" + label: "Citrix SQLi" classification: - cve.CVE-2019-12989 - attack.T1595 diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2020-11738.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2020-11738.yaml index d42fbef1ca2..af81c9aa349 100644 --- a/appsec-rules/crowdsecurity/vpatch-CVE-2020-11738.yaml +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2020-11738.yaml @@ -1,5 +1,5 @@ name: crowdsecurity/vpatch-CVE-2020-11738 -description: "Detect CVE-2020-11738 exploits " +description: "Wordpress Snap Creek Duplicator - Path Traversal (CVE-2020-11738)" rules: - and: - zones: @@ -29,7 +29,7 @@ labels: confidence: 3 spoofable: 0 behavior: "http:exploit" - label: "Wordpress Snap Creek Duplicator (CVE-2020-11738)" + label: "Wordpress Snap Creek Duplicator" classification: - cve.CVE-2020-11738 - attack.T1595 diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2021-22941.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2021-22941.yaml index 54dc411a9e1..778dab87def 100644 --- a/appsec-rules/crowdsecurity/vpatch-CVE-2021-22941.yaml +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2021-22941.yaml @@ -1,5 +1,5 @@ name: crowdsecurity/vpatch-CVE-2021-22941 -description: "Detect CVE-2021-22941 exploits " +description: "Citrix RCE (CVE-2021-22941)" rules: - and: - zones: @@ -27,7 +27,7 @@ labels: confidence: 3 spoofable: 0 behavior: "http:exploit" - label: "Citrix RCE (CVE-2021-22941)" + label: "Citrix RCE" classification: - cve.CVE-2021-22941 - attack.T1595 diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2021-3129.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2021-3129.yaml index ad84d4c6599..311345602da 100644 --- a/appsec-rules/crowdsecurity/vpatch-CVE-2021-3129.yaml +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2021-3129.yaml @@ -1,5 +1,5 @@ name: crowdsecurity/vpatch-CVE-2021-3129 -description: "Detect CVE-2021-3129 exploits " +description: "Laravel with Ignition Debug Mode RCE (CVE-2021-3129)" rules: - and: - zones: @@ -22,7 +22,7 @@ labels: confidence: 3 spoofable: 0 behavior: "http:exploit" - label: "Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution (CVE-2021-3129)" + label: "Laravel with Ignition Debug Mode RCE" classification: - cve.CVE-2021-3129 - attack.T1595 diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2022-27926.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2022-27926.yaml index 25974ee90d4..72f765d14d1 100644 --- a/appsec-rules/crowdsecurity/vpatch-CVE-2022-27926.yaml +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2022-27926.yaml @@ -1,5 +1,5 @@ name: crowdsecurity/vpatch-CVE-2022-27926 -description: "Detect CVE-2022-27926 exploits " +description: "Zimbra Collaboration XSS (CVE-2022-27926)" rules: - and: - zones: @@ -23,7 +23,7 @@ labels: confidence: 3 spoofable: 0 behavior: "http:exploit" - label: "Zimbra Collaboration (ZCS) - Cross Site Scripting (CVE-2022-27926)" + label: "Zimbra Collaboration (ZCS) - XSS" classification: - cve.CVE-2022-27926 - attack.T1595 diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2022-35914.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2022-35914.yaml index f5aad071f58..0f4bbc9ae7b 100644 --- a/appsec-rules/crowdsecurity/vpatch-CVE-2022-35914.yaml +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2022-35914.yaml @@ -1,5 +1,5 @@ name: crowdsecurity/vpatch-CVE-2022-35914 -description: "Detect CVE-2022-35914 exploits " +description: "GLPI RCE (CVE-2022-35914)" rules: - and: - zones: @@ -16,7 +16,7 @@ labels: confidence: 3 spoofable: 0 behavior: "http:exploit" - label: "GLPI <=10.0.2 - Remote Command Execution (CVE-2022-35914)" + label: "GLPI RCE" classification: - cve.CVE-2022-35914 - attack.T1595 diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2022-44877.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2022-44877.yaml index 66b6ceeba64..8c9ba045648 100644 --- a/appsec-rules/crowdsecurity/vpatch-CVE-2022-44877.yaml +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2022-44877.yaml @@ -1,5 +1,5 @@ name: crowdsecurity/vpatch-CVE-2022-44877 -description: "Detect CVE-2022-44877 exploits " +description: "CentOS Web Panel 7 RCE (CVE-2022-44877)" rules: - and: - zones: @@ -22,7 +22,7 @@ labels: confidence: 3 spoofable: 0 behavior: "http:exploit" - label: "CentOS Web Panel 7 RCE (CVE-2022-44877)" + label: "CentOS Web Panel 7 RCE" classification: - cve.CVE-2022-44877 - attack.T1595 diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2022-46169.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2022-46169.yaml index c73dd16afde..2920c56a1d6 100644 --- a/appsec-rules/crowdsecurity/vpatch-CVE-2022-46169.yaml +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2022-46169.yaml @@ -1,5 +1,5 @@ name: crowdsecurity/vpatch-CVE-2022-46169 -description: "Detect CVE-2022-46169 exploits " +description: "Cacti RCE (CVE-2022-46169)" rules: - and: - zones: @@ -23,7 +23,7 @@ labels: confidence: 3 spoofable: 0 behavior: "http:exploit" - label: "Cacti <=1.2.22 - Remote Command Injection (CVE-2022-46169)" + label: "Cacti <=1.2.22 - RCE" classification: - cve.CVE-2022-46169 - attack.T1595 diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2023-20198.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2023-20198.yaml index 1c51bb3dc9b..6073b701612 100644 --- a/appsec-rules/crowdsecurity/vpatch-CVE-2023-20198.yaml +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2023-20198.yaml @@ -1,5 +1,5 @@ name: crowdsecurity/vpatch-CVE-2023-20198 -description: "Detect CVE-2023-20198 exploits " +description: "CISCO IOS XE Account Creation (CVE-2023-20198)" rules: - and: - zones: @@ -20,7 +20,7 @@ labels: confidence: 3 spoofable: 0 behavior: "http:exploit" - label: "CISCO IOS XE account creation (CVE-2023-20198)" + label: "CISCO IOS XE account creation" classification: - cve.CVE-2023-20198 - attack.T1595 diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2023-22515.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2023-22515.yaml index 8a54159d587..4796e19a0fa 100644 --- a/appsec-rules/crowdsecurity/vpatch-CVE-2023-22515.yaml +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2023-22515.yaml @@ -1,5 +1,5 @@ name: crowdsecurity/vpatch-CVE-2023-22515 -description: "Detect CVE-2023-22515 exploits " +description: "Atlassian Confluence Privesc (CVE-2023-22515)" rules: - and: - zones: @@ -29,7 +29,7 @@ labels: confidence: 3 spoofable: 0 behavior: "http:exploit" - label: "Atlassian Confluence Privesc (CVE-2023-22515)" + label: "Atlassian Confluence Privesc" classification: - cve.CVE-2023-22515 - attack.T1595 diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2023-24489.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2023-24489.yaml index 5cbdf941526..96568fc7869 100644 --- a/appsec-rules/crowdsecurity/vpatch-CVE-2023-24489.yaml +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2023-24489.yaml @@ -1,5 +1,5 @@ name: crowdsecurity/vpatch-CVE-2023-24489 -description: "Detect CVE-2023-24489 exploits " +description: "Citrix ShareFile RCE (CVE-2023-24489)" rules: - and: - zones: @@ -33,7 +33,7 @@ labels: confidence: 3 spoofable: 0 behavior: "http:exploit" - label: "Citrix ShareFile RCE (CVE-2023-24489)" + label: "Citrix ShareFile RCE" classification: - cve.CVE-2023-24489 - attack.T1595 diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2023-33617.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2023-33617.yaml index 0f35bc2d2e1..223435e0cbf 100644 --- a/appsec-rules/crowdsecurity/vpatch-CVE-2023-33617.yaml +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2023-33617.yaml @@ -1,5 +1,5 @@ name: crowdsecurity/vpatch-CVE-2023-33617 -description: "Detect CVE-2023-33617 exploits " +description: "Atlassian Confluence Privesc (CVE-2023-33617)" rules: - and: - zones: @@ -62,7 +62,7 @@ labels: confidence: 3 spoofable: 0 behavior: "http:exploit" - label: "Atlassian Confluence Privesc (CVE-2023-33617)" + label: "Atlassian Confluence Privesc" classification: - cve.CVE-2023-33617 - attack.T1595 diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2023-34362.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2023-34362.yaml index f1e84739d77..cf2c1187cc6 100644 --- a/appsec-rules/crowdsecurity/vpatch-CVE-2023-34362.yaml +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2023-34362.yaml @@ -1,6 +1,6 @@ name: crowdsecurity/vpatch-CVE-2023-34362 -description: "Detect CVE-2023-34362 exploits " +description: "MOVEit Transfer RCE (CVE-2023-34362)" rules: - and: - zones: @@ -44,7 +44,7 @@ labels: confidence: 3 spoofable: 0 behavior: "http:exploit" - label: "MOVEit Transfer - Remote Code Execution (CVE-2023-34362)" + label: "MOVEit Transfer RCE" classification: - cve.CVE-2023-34362 - attack.T1595 diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2023-3519.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2023-3519.yaml index e03c6c407e0..79b755b80b9 100644 --- a/appsec-rules/crowdsecurity/vpatch-CVE-2023-3519.yaml +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2023-3519.yaml @@ -1,5 +1,5 @@ name: crowdsecurity/vpatch-CVE-2023-3519 -description: "Detect CVE-2023-3519 exploits " +description: "Citrix RCE (CVE-2023-3519)" rules: - and: - zones: @@ -29,7 +29,7 @@ labels: confidence: 3 spoofable: 0 behavior: "http:exploit" - label: "Citrix RCE (CVE-2023-3519)" + label: "Citrix RCE" classification: - cve.CVE-2023-3519 - attack.T1595 diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2023-38205.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2023-38205.yaml index f8f59130322..762a3871f4c 100644 --- a/appsec-rules/crowdsecurity/vpatch-CVE-2023-38205.yaml +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2023-38205.yaml @@ -1,5 +1,5 @@ name: crowdsecurity/vpatch-CVE-2023-38205 -description: "Detect CVE-2023-38205 exploits " +description: "Adobe ColdFusion Access Control Bypass (CVE-2023-38205)" rules: - and: - zones: @@ -15,7 +15,7 @@ labels: confidence: 3 spoofable: 0 behavior: "http:exploit" - label: "Adobe ColdFusion access control bypass (CVE-2023-38205)" + label: "Adobe ColdFusion Access Control Bypass" classification: - cve.CVE-2023-38205 - attack.T1595 diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2023-40044.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2023-40044.yaml index 93aab371a94..7f22a43f808 100644 --- a/appsec-rules/crowdsecurity/vpatch-CVE-2023-40044.yaml +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2023-40044.yaml @@ -1,5 +1,5 @@ name: crowdsecurity/vpatch-CVE-2023-40044 -description: "Detect CVE-2023-40044 exploits " +description: "WS_FTP .NET deserialize RCE (CVE-2023-40044)" rules: - and: - zones: @@ -28,7 +28,7 @@ labels: confidence: 3 spoofable: 0 behavior: "http:exploit" - label: "WS_FTP .NET deserialize RCE (CVE-2023-40044)" + label: "WS_FTP .NET deserialize RCE" classification: - cve.CVE-2023-40044 - attack.T1595 diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2023-42793.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2023-42793.yaml index f7832be9a63..aa6d10962ac 100644 --- a/appsec-rules/crowdsecurity/vpatch-CVE-2023-42793.yaml +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2023-42793.yaml @@ -1,5 +1,5 @@ name: crowdsecurity/vpatch-CVE-2023-42793 -description: "Detect CVE-2023-42793" +description: "JetBrains Teamcity Auth Bypass (CVE-2023-42793)" rules: - zones: - URI @@ -14,7 +14,7 @@ labels: confidence: 3 spoofable: 0 behavior: "http:exploit" - label: "JetBrains Teamcity auth bypass (CVE-2023-42793)" + label: "JetBrains Teamcity Auth Bypass" classification: - cve.CVE-2023-42793 - attack.T1595 diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2023-50164.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2023-50164.yaml index a6dd6738869..263b99ea1bd 100644 --- a/appsec-rules/crowdsecurity/vpatch-CVE-2023-50164.yaml +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2023-50164.yaml @@ -1,5 +1,5 @@ name: crowdsecurity/vpatch-CVE-2023-50164 -description: "Detect CVE-2023-50164 exploits " +description: "Apache Struts2 Path Traversal (CVE-2023-50164)" rules: - and: - zones: @@ -28,7 +28,7 @@ labels: confidence: 3 spoofable: 0 behavior: "http:exploit" - label: "Apache Struts2 (CVE-2023-50164)" + label: "Apache Struts2 Path Traversal" classification: - cve.CVE-2023-50164 - attack.T1595 diff --git a/taxonomy/scenarios.json b/taxonomy/scenarios.json index c7a52a70399..2b45a0e13f9 100644 --- a/taxonomy/scenarios.json +++ b/taxonomy/scenarios.json @@ -1,8 +1,8 @@ { "crowdsecurity/vpatch-CVE-2017-9841": { "name": "crowdsecurity/vpatch-CVE-2017-9841", - "description": "Detect CVE-2017-9841 exploits ", - "label": "PHPUnit RCE (CVE-2017-9841)", + "description": "PHPUnit RCE (CVE-2017-9841)", + "label": "PHPUnit RCE", "behaviors": [ "http:exploit" ], @@ -23,8 +23,8 @@ }, "crowdsecurity/vpatch-CVE-2019-12989": { "name": "crowdsecurity/vpatch-CVE-2019-12989", - "description": "Detect CVE-2019-12989 exploits ", - "label": "citrix SQLi (CVE-2019-12989)", + "description": "Citrix SQLi (CVE-2019-12989)", + "label": "Citrix SQLi", "behaviors": [ "http:exploit" ], @@ -45,8 +45,8 @@ }, "crowdsecurity/vpatch-CVE-2020-11738": { "name": "crowdsecurity/vpatch-CVE-2020-11738", - "description": "Detect CVE-2020-11738 exploits ", - "label": "Wordpress Snap Creek Duplicator (CVE-2020-11738)", + "description": "Wordpress Snap Creek Duplicator - Path Traversal (CVE-2020-11738)", + "label": "Wordpress Snap Creek Duplicator", "behaviors": [ "http:exploit" ], @@ -67,8 +67,8 @@ }, "crowdsecurity/vpatch-CVE-2021-22941": { "name": "crowdsecurity/vpatch-CVE-2021-22941", - "description": "Detect CVE-2021-22941 exploits ", - "label": "Citrix RCE (CVE-2021-22941)", + "description": "Citrix RCE (CVE-2021-22941)", + "label": "Citrix RCE", "behaviors": [ "http:exploit" ], @@ -89,8 +89,8 @@ }, "crowdsecurity/vpatch-CVE-2021-3129": { "name": "crowdsecurity/vpatch-CVE-2021-3129", - "description": "Detect CVE-2021-3129 exploits ", - "label": "Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution (CVE-2021-3129)", + "description": "Laravel with Ignition Debug Mode RCE (CVE-2021-3129)", + "label": "Laravel with Ignition Debug Mode RCE", "behaviors": [ "http:exploit" ], @@ -111,8 +111,8 @@ }, "crowdsecurity/vpatch-CVE-2022-27926": { "name": "crowdsecurity/vpatch-CVE-2022-27926", - "description": "Detect CVE-2022-27926 exploits ", - "label": "Zimbra Collaboration (ZCS) - Cross Site Scripting (CVE-2022-27926)", + "description": "Zimbra Collaboration XSS (CVE-2022-27926)", + "label": "Zimbra Collaboration (ZCS) - XSS", "behaviors": [ "http:exploit" ], @@ -133,8 +133,8 @@ }, "crowdsecurity/vpatch-CVE-2022-35914": { "name": "crowdsecurity/vpatch-CVE-2022-35914", - "description": "Detect CVE-2022-35914 exploits ", - "label": "GLPI <=10.0.2 - Remote Command Execution (CVE-2022-35914)", + "description": "GLPI RCE (CVE-2022-35914)", + "label": "GLPI RCE", "behaviors": [ "http:exploit" ], @@ -155,8 +155,8 @@ }, "crowdsecurity/vpatch-CVE-2022-44877": { "name": "crowdsecurity/vpatch-CVE-2022-44877", - "description": "Detect CVE-2022-44877 exploits ", - "label": "CentOS Web Panel 7 RCE (CVE-2022-44877)", + "description": "CentOS Web Panel 7 RCE (CVE-2022-44877)", + "label": "CentOS Web Panel 7 RCE", "behaviors": [ "http:exploit" ], @@ -177,8 +177,8 @@ }, "crowdsecurity/vpatch-CVE-2022-46169": { "name": "crowdsecurity/vpatch-CVE-2022-46169", - "description": "Detect CVE-2022-46169 exploits ", - "label": "Cacti <=1.2.22 - Remote Command Injection (CVE-2022-46169)", + "description": "Cacti RCE (CVE-2022-46169)", + "label": "Cacti <=1.2.22 - RCE", "behaviors": [ "http:exploit" ], @@ -202,8 +202,8 @@ }, "crowdsecurity/vpatch-CVE-2023-20198": { "name": "crowdsecurity/vpatch-CVE-2023-20198", - "description": "Detect CVE-2023-20198 exploits ", - "label": "CISCO IOS XE account creation (CVE-2023-20198)", + "description": "CISCO IOS XE Account Creation (CVE-2023-20198)", + "label": "CISCO IOS XE account creation", "behaviors": [ "http:exploit" ], @@ -224,8 +224,8 @@ }, "crowdsecurity/vpatch-CVE-2023-22515": { "name": "crowdsecurity/vpatch-CVE-2023-22515", - "description": "Detect CVE-2023-22515 exploits ", - "label": "Atlassian Confluence Privesc (CVE-2023-22515)", + "description": "Atlassian Confluence Privesc (CVE-2023-22515)", + "label": "Atlassian Confluence Privesc", "behaviors": [ "http:exploit" ], @@ -246,8 +246,8 @@ }, "crowdsecurity/vpatch-CVE-2023-24489": { "name": "crowdsecurity/vpatch-CVE-2023-24489", - "description": "Detect CVE-2023-24489 exploits ", - "label": "Citrix ShareFile RCE (CVE-2023-24489)", + "description": "Citrix ShareFile RCE (CVE-2023-24489)", + "label": "Citrix ShareFile RCE", "behaviors": [ "http:exploit" ], @@ -268,8 +268,8 @@ }, "crowdsecurity/vpatch-CVE-2023-33617": { "name": "crowdsecurity/vpatch-CVE-2023-33617", - "description": "Detect CVE-2023-33617 exploits ", - "label": "Atlassian Confluence Privesc (CVE-2023-33617)", + "description": "Atlassian Confluence Privesc (CVE-2023-33617)", + "label": "Atlassian Confluence Privesc", "behaviors": [ "http:exploit" ], @@ -290,8 +290,8 @@ }, "crowdsecurity/vpatch-CVE-2023-34362": { "name": "crowdsecurity/vpatch-CVE-2023-34362", - "description": "Detect CVE-2023-34362 exploits ", - "label": "MOVEit Transfer - Remote Code Execution (CVE-2023-34362)", + "description": "MOVEit Transfer RCE (CVE-2023-34362)", + "label": "MOVEit Transfer RCE", "behaviors": [ "http:exploit" ], @@ -312,8 +312,8 @@ }, "crowdsecurity/vpatch-CVE-2023-3519": { "name": "crowdsecurity/vpatch-CVE-2023-3519", - "description": "Detect CVE-2023-3519 exploits ", - "label": "Citrix RCE (CVE-2023-3519)", + "description": "Citrix RCE (CVE-2023-3519)", + "label": "Citrix RCE", "behaviors": [ "http:exploit" ], @@ -334,8 +334,8 @@ }, "crowdsecurity/vpatch-CVE-2023-38205": { "name": "crowdsecurity/vpatch-CVE-2023-38205", - "description": "Detect CVE-2023-38205 exploits ", - "label": "Adobe ColdFusion access control bypass (CVE-2023-38205)", + "description": "Adobe ColdFusion Access Control Bypass (CVE-2023-38205)", + "label": "Adobe ColdFusion Access Control Bypass", "behaviors": [ "http:exploit" ], @@ -356,8 +356,8 @@ }, "crowdsecurity/vpatch-CVE-2023-40044": { "name": "crowdsecurity/vpatch-CVE-2023-40044", - "description": "Detect CVE-2023-40044 exploits ", - "label": "WS_FTP .NET deserialize RCE (CVE-2023-40044)", + "description": "WS_FTP .NET deserialize RCE (CVE-2023-40044)", + "label": "WS_FTP .NET deserialize RCE", "behaviors": [ "http:exploit" ], @@ -378,8 +378,8 @@ }, "crowdsecurity/vpatch-CVE-2023-42793": { "name": "crowdsecurity/vpatch-CVE-2023-42793", - "description": "Detect CVE-2023-42793", - "label": "JetBrains Teamcity auth bypass (CVE-2023-42793)", + "description": "JetBrains Teamcity Auth Bypass (CVE-2023-42793)", + "label": "JetBrains Teamcity Auth Bypass", "behaviors": [ "http:exploit" ], @@ -400,8 +400,8 @@ }, "crowdsecurity/vpatch-CVE-2023-50164": { "name": "crowdsecurity/vpatch-CVE-2023-50164", - "description": "Detect CVE-2023-50164 exploits ", - "label": "Apache Struts2 (CVE-2023-50164)", + "description": "Apache Struts2 Path Traversal (CVE-2023-50164)", + "label": "Apache Struts2 Path Traversal", "behaviors": [ "http:exploit" ],