e-m-b-a · m-1-k-3 · Feb 16, 2023 · Feb 12, 2023 · Feb 12, 2023 · Feb 12, 2023
diff --git a/check_project.sh b/check_project.sh
@@ -20,6 +20,7 @@ STRICT_MODE=1
 if [[ "$STRICT_MODE" -eq 1 ]]; then
   # shellcheck disable=SC1091
   source ./installer/wickStrictModeFail.sh
+  export DEBUG_SCRIPT=0
   # shellcheck disable=SC1091
   source ./helpers/helpers_emba_load_strict_settings.sh
   load_strict_mode_settings

diff --git a/config/PS_PoC_results.csv b/config/PS_PoC_results.csv
diff --git a/config/Snyk_PoC_results.csv b/config/Snyk_PoC_results.csv
diff --git a/config/bin_version_strings.cfg b/config/bin_version_strings.cfg
@@ -612,10 +612,13 @@ snmpd;;unknown;"^NET-SNMP\ version:\ [0-9](\.[0-9]+)+?$";"sed -r 's/NET-SNMP\ ve
 snmpd;strict;unknown;"^Version:\ \ [0-9]\.[0-9]+\.[0-9]$";"sed -r 's/Version:\ \ ([0-9](\.[0-9]+)+?)$/net-snmp:\1/'";
 snort;strict;gplv2;"^Version\ [0-9](\.[0-9])+?";"sed -r 's/Version:\ ([0-9](\.[0-9]+)+?)/snort:\1/'";
 #sntp;;unknown;"^sntp\ [0-9][\.0-9p]+";"NA";
-socat;;gplv2;"socat\ version\ [0-9](\.[0-9]+)+?(-[a-z][0-9]+)?\ ";"sed -r 's/socat\ version\ ([0-9](\.[0-9]+)+?)((-[a-z][0-9]+)?)\ .*/socat:\1:\2/'";
+socat;;gplv2;"socat\ version\ [0-9](\.[0-9]+)+?-[a-z][0-9]+\ ";"sed -r 's/socat\ version\ ([0-9](\.[0-9]+)+?)((-[a-z][0-9]+)?)\ .*/socat:\1:\2/'";
+socat;;gplv2;"socat\ version\ [0-9](\.[0-9]+)+?\ ";"sed -r 's/socat\ version\ ([0-9](\.[0-9]+)+?)\ .*/socat:\1/'";
 sqlite3;;public-domain;"SQLite\ version\ 3(\.[0-9]+)+?";"sed -r 's/SQLite\ version\ (3(\.[0-9]+)+?).*/sqlite:\1/'";
 sqlite3;strict;public-domain;"^3\.[0-9]+\.[0-9]+\ ";"sed -r 's/(3(\.[0-9]+)+?)\ /sqlite:\1/'";
 sqlite3;strict;public-domain;"^3\.[0-9]+\.[0-9]+$";"sed -r 's/(3(\.[0-9]+)+?)$/sqlite:\1/'";
+sqlite3;strict;public-domain;"^3\.[0-9]+\.[0-9]+\ ";"sed -r 's/(3(\.[0-9]+)+?)\ /sqlite:\1/'";
+sqlite3;;public-domain;"SQLite\ version\ 3(\.[0-9]+)+?";"sed -r 's/SQLite\ version\ (3(\.[0-9]+)+?).*/sqlite:\1/'";
 libsqlite3.so.0;strict;public-domain;"^3\.[0-9]+\.[0-9]+$";"sed -r 's/(3(\.[0-9]+)+?)$/sqlite:\1/'";
 squidclient;strict;unknown;"Version:\ [0-9]\.[0-9]\.[0-9]";"sed -r 's/Version:\ ([0-9](\.[0-9]+)+?)/squidclient:\1/'";
 squidguard;;unknown;"SquidGuard:\ [0-9]\.[0-9]\ Berkeley\ DB\ [0-9]\.[0-9]\.[0-9]+";"sed -r 's/SquidGuard:\ ([0-9](\.[0-9]+)+?)\ .*/squidguard:\1/'";

diff --git a/config/known_exploited_vulnerabilities.csv b/config/known_exploited_vulnerabilities.csv
@@ -872,3 +872,8 @@
 "CVE-2022-44877","CWP","Control Web Panel","CWP Control Web Panel OS Command Injection Vulnerability","2023-01-17","CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter.","Apply updates per vendor instructions.","2023-02-07","https://control-webpanel.com/changelog#1669855527714-450fb335-6194"
 "CVE-2022-47966","Zoho","ManageEngine","Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability","2023-01-23","Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario.","Apply updates per vendor instructions.","2023-02-13","https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html"
 "CVE-2017-11357","Telerik","User Interface (UI) for ASP.NET AJAX","Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability","2023-01-26","Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution.","Apply updates per vendor instructions.","2023-02-16","https://docs.telerik.com/devtools/aspnet-ajax/knowledge-base/asyncupload-insecure-direct-object-reference"
+"CVE-2022-21587","Oracle","E-Business Suite","Oracle E-Business Suite Unspecified Vulnerability","2023-02-02","Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.","Apply updates per vendor instructions.","2023-02-23","https://www.oracle.com/security-alerts/cpuoct2022.html"
+"CVE-2023-22952","SugarCRM","Multiple Products","Multiple SugarCRM Products Remote Code Execution Vulnerability","2023-02-02","Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates.","Apply updates per vendor instructions.","2023-02-23","https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-001/"
+"CVE-2015-2291","Intel","Ethernet Diagnostics Driver for Windows","Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability","2023-02-10","Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service.","Apply updates per vendor instructions.","2023-03-03","https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00051.html"
+"CVE-2022-24990","TerraMaster","TerraMaster OS","TerraMaster OS Remote Command Execution Vulnerability","2023-02-10","TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint.","Apply updates per vendor instructions.","2023-03-03","https://forum.terra-master.com/en/viewtopic.php?t=3030"
+"CVE-2023-0669","Fortra","GoAnywhere MFT","Fortra GoAnywhere MFT Remote Code Execution Vulnerability","2023-02-10","Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object.","Apply updates per vendor instructions.","2023-03-03","Fortra users must have an account in order to login and access the patch. https://my.goanywhere.com/webclient/DownloadProductFiles.xhtml"
diff --git a/config/msf_cve-db.txt b/config/msf_cve-db.txt
@@ -4,6 +4,7 @@
 /usr/share/metasploit-framework/modules/auxiliary/admin/backupexec/registry.rb:CVE-2005-0771
 /usr/share/metasploit-framework/modules/auxiliary/admin/db2/db2rcmd.rb:CVE-2004-0795
 /usr/share/metasploit-framework/modules/auxiliary/admin/dcerpc/cve_2020_1472_zerologon.rb:CVE-2020-1472
+/usr/share/metasploit-framework/modules/auxiliary/admin/dcerpc/cve_2022_26923_certifried.rb:CVE-2022-26923
 /usr/share/metasploit-framework/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb:CVE-2009-4655
 /usr/share/metasploit-framework/modules/auxiliary/admin/edirectory/edirectory_edirutil.rb:CVE-2008-0926
 /usr/share/metasploit-framework/modules/auxiliary/admin/emc/alphastor_devicemanager_exec.rb:CVE-2008-2157
@@ -648,6 +649,7 @@
 /usr/share/metasploit-framework/modules/exploits/linux/http/belkin_login_bof.rb:CVE-2014-1635
 /usr/share/metasploit-framework/modules/exploits/linux/http/bitbucket_git_cmd_injection.rb:CVE-2022-36804
 /usr/share/metasploit-framework/modules/exploits/linux/http/bludit_upload_images_exec.rb:CVE-2019-16113
+/usr/share/metasploit-framework/modules/exploits/linux/http/cacti_unauthenticated_cmd_injection.rb:CVE-2022-46169
 /usr/share/metasploit-framework/modules/exploits/linux/http/cayin_cms_ntp.rb:CVE-2020-7357
 /usr/share/metasploit-framework/modules/exploits/linux/http/centreon_sqli_exec.rb:CVE-2014-3828
 /usr/share/metasploit-framework/modules/exploits/linux/http/centreon_sqli_exec.rb:CVE-2014-3829