Added Colon after every H2 heading

submissions/description/application_level_denial_of_service_dos/app_crash/malformed_android_intents/template.md

@@ -1,16 +1,16 @@
 # Application-Level Denial of Service Causes Application to Crash via Malformed Android Intents
 
-## Overview of the Vulnerability
+## Overview of the Vulnerability:
 
 Application-level denial of service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame.
 
 There is a local application-level DoS vulnerability within this Android application that causes it to crash. An attacker can use this vulnerability to provide empty, malformed, or irregular data via the Intent binding mechanism, crashing the application and making it unavailable for its designed purpose to legitimate users.
 
-## Business Impact
+## Business Impact:
 
 Application-level DoS can result in indirect financial loss for the business through the attacker’s ability to DoS the application. These malicious actions could also result in reputational damage for the business through the impact to customers’ trust.
 
-## Steps to Reproduce
+## Steps to Reproduce:
 
 1. Navigate to {{url}}
 1. Use the following payload:
@@ -23,7 +23,7 @@ Application-level DoS can result in indirect financial loss for the business thr
 
 1. Observe that the payload causes a denial of service
 
-## Proof of Concept (PoC)
+## Proof of Concept (PoC):
 
 The screenshot below demonstrates the denial of service:
 

submissions/description/application_level_denial_of_service_dos/app_crash/malformed_ios_url_schemes/template.md

@@ -1,16 +1,16 @@
 # Application-Level Denial of Service Causes Application to Crash via Malformed iOS URL Schemes
 
-## Overview of the Vulnerability
+## Overview of the Vulnerability:
 
 Application-level denial of service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame.
 
 There is a local application-level DoS vulnerability within this iOS application that causes it to crash. An attacker can use this vulnerability to provide empty, malformed, or irregular data via a URL scheme, crashing the application and making it unavailable for its designed purpose to legitimate users.
 
-## Business Impact
+## Business Impact:
 
 Application-level DoS can result in indirect financial loss for the business through the attacker’s ability to DoS the application. These malicious actions could also result in reputational damage for the business through the impact to customers’ trust.
 
-## Steps to Reproduce
+## Steps to Reproduce:
 
 1. Navigate to {{url}}
 1. Use the following payload:
@@ -23,7 +23,7 @@ Application-level DoS can result in indirect financial loss for the business thr
 
 1. Observe that the payload causes a denial of service
 
-## Proof of Concept (PoC)
+## Proof of Concept (PoC):
 
 The screenshot below demonstrates the denial of service:
 

submissions/description/application_level_denial_of_service_dos/app_crash/template.md

@@ -1,16 +1,16 @@
 # Application-Level Denial of Service Causes Application to Crash
 
-## Overview of the Vulnerability
+## Overview of the Vulnerability:
 
 Application-level denial of service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame.
 
 There is an application-level DoS vulnerability within this iOS or Android application that causes it to crash. An attacker can use this vulnerability to exhaust resources, making the application unavailable for its designed purpose to legitimate users.
 
-## Business Impact
+## Business Impact:
 
 Application-level DoS can result in indirect financial loss for the business through the attacker’s ability to DoS the application. These malicious actions could also result in reputational damage for the business through the impact to customers’ trust.
 
-## Steps to Reproduce
+## Steps to Reproduce:
 
 1. Navigate to {{url}}
 1. Use the following payload:
@@ -23,7 +23,7 @@ Application-level DoS can result in indirect financial loss for the business thr
 
 1. Observe that the payload causes a denial of service that has high impact or medium difficulty to be performed
 
-## Proof of Concept (PoC)
+## Proof of Concept (PoC):
 
 The screenshot below demonstrates the denial of service:
 

submissions/description/application_level_denial_of_service_dos/critical_impact_and_or_easy_difficulty/template.md

@@ -1,16 +1,16 @@
 # Application-Level Denial of Service: Critical Impact or Easy Difficulty
 
-## Overview of the Vulnerability
+## Overview of the Vulnerability:
 
 Application-level denial of service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame.
 
 There is an application-level DoS vulnerability within this application that has critical impact or is easily performed. An attacker can use this vulnerability to exhaust resources, making the application unavailable for its designed purpose to legitimate users.
 
-## Business Impact
+## Business Impact:
 
 Application-level DoS can result in indirect financial loss for the business through the attacker’s ability to DoS the application. These malicious actions could also result in reputational damage for the business through the impact to customers’ trust.
 
-## Steps to Reproduce
+## Steps to Reproduce:
 
 1. Navigate to {{url}}
 1. Use the following payload:
@@ -23,7 +23,7 @@ Application-level DoS can result in indirect financial loss for the business thr
 
 1. Observe that the payload causes a denial of service that has critical impact or is easy to perform
 
-## Proof of Concept (PoC)
+## Proof of Concept (PoC):
 
 The screenshot below demonstrates the denial of service:
 

submissions/description/application_level_denial_of_service_dos/high_impact_and_or_medium_difficulty/template.md

@@ -1,16 +1,16 @@
 # Application-Level Denial of Service: High Impact or Medium Difficulty
 
-## Overview of the Vulnerability
+## Overview of the Vulnerability:
 
 Application-level denial of service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame.
 
 There is an application-level DoS vulnerability within this application that has high impact or medium difficulty to be performed. An attacker can use this vulnerability to exhaust resources, making the application unavailable for its designed purpose to legitimate users, but not take down the application for all users.
 
-## Business Impact
+## Business Impact:
 
 Application-level DoS can result in indirect financial loss for the business through the attacker’s ability to DoS the application. These malicious actions could also result in reputational damage for the business through the impact to customers’ trust.
 
-## Steps to Reproduce
+## Steps to Reproduce:
 
 1. Navigate to {{url}}
 1. Use the following payload:
@@ -23,7 +23,7 @@ Application-level DoS can result in indirect financial loss for the business thr
 
 1. Observe that the payload causes a denial of service that has high impact or medium difficulty to be performed
 
-## Proof of Concept (PoC)
+## Proof of Concept (PoC):
 
 The screenshot below demonstrates the denial of service:
 

submissions/description/application_level_denial_of_service_dos/template.md

@@ -1,16 +1,16 @@
 # Application-Level Denial of Service
 
-## Overview of the Vulnerability
+## Overview of the Vulnerability:
 
 Application-level denial of service (DoS) attacks are designed to deny service to users of an application by flooding it with many HTTP requests. This makes it impossible for the server to respond to legitimate requests in any practical time frame.
 
 There is an application-level DoS vulnerability within this application that an attacker can use to exhaust resources, making the application unavailable for its designed purpose to legitimate users.
 
-## Business Impact
+## Business Impact:
 
 Application-level DoS can result in indirect financial loss for the business through the attacker’s ability to DoS the application. These malicious actions could also result in reputational damage for the business through the impact to customers’ trust.
 
-## Steps to Reproduce
+## Steps to Reproduce:
 
 1. Navigate to {{url}}
 1. Use the following payload:
@@ -23,7 +23,7 @@ Application-level DoS can result in indirect financial loss for the business thr
 
 1. Observe that the payload causes a denial of service
 
-## Proof of Concept (PoC)
+## Proof of Concept (PoC):
 
 The screenshot below demonstrates the denial of service:
 

submissions/description/automotive_security_misconfiguration/GNSS GPS/template.md

@@ -1,14 +1,14 @@
 # GNSS/GPS Spoofing
 
-## Overview of the Vulnerability
+## Overview of the Vulnerability:
 
 Global Navigation Satellite System (GNSS) and Global Positioning System (GPS) spoofing involves the broadcast of fake GNSS/GPS signals to fake the position of a vehicle, or otherwise make the positioning unreliable. An attacker is able to send fake GNSS/GPS signals to the receiver and successfully spoof a vehicle’s position.
 
-## Business Impact
+## Business Impact:
 
 This vulnerability can result in reputational damage and indirect financial loss for the business through the impact to customers’ trust in the security and safety of the automotive vehicle.
 
-## Steps to Reproduce
+## Steps to Reproduce:
 
 1. The GNSS/GPS signal is identified by using {{hardware}} on {{target}}
 1. Connect to {{target}} by using {{application}} with {{hardware}}
@@ -18,7 +18,7 @@ This vulnerability can result in reputational damage and indirect financial loss
 
 1. Observe that the GNSS/GPS signal has been spoofed
 
-## Proof of Concept (PoC)
+## Proof of Concept (PoC):
 
 The image(s) below demonstrates the process by which an attacker identifies where the GNSS/GPS communication occurs. It also shows how an attacker connects to the {{target}}, and is able to inject the payload(s), causing GNSS/GPS spoofing:
 

submissions/description/automotive_security_misconfiguration/can/injection_disallowed_messages/template.md

@@ -1,14 +1,14 @@
 # CAN Injection Disallowed Messages
 
-## Overview of the Vulnerability
+## Overview of the Vulnerability:
 
 The Controller Area Network (CAN) is a network bus designed to aid communication between an automotive vehicle’s electronic devices and control units. CAN misconfigurations can lead to security weaknesses in the data transfer process between components that can result in injection flaws. The {{application}} allows an attacker to connect to the CAN Bus and send messages to the system that are otherwise not allowed. This can cause disruption to the communication between the vehicle’s electronic devices and control units.
 
-## Business Impact
+## Business Impact:
 
 This CAN misconfiguration can result in reputational damage and indirect financial loss for the business through the impact to customers’ trust in the security and safety of the automotive vehicle.
 
-## Steps to Reproduce
+## Steps to Reproduce:
 
 1. The CAN input is identified by using {{hardware}} on {{target}}
 1. Connect to {{target}} by using {{application}} with {{hardware}}
@@ -18,7 +18,7 @@ This CAN misconfiguration can result in reputational damage and indirect financi
 
 1. Observe that {{action}} occurs as a result on {{target}}
 
-## Proof of Concept (PoC)
+## Proof of Concept (PoC):
 
 The image(s) below demonstrates the process by which an attacker identifies where the CAN communication occurs. It also shows how an attacker connects to the {{target}}, and is able to inject the payload(s):
 

submissions/description/automotive_security_misconfiguration/can/injection_dos/template.md

@@ -1,14 +1,14 @@
 # CAN Injection Denial of Service
 
-## Overview of the Vulnerability
+## Overview of the Vulnerability:
 
 The Controller Area Network (CAN) is a network bus designed to aid communication between an automotive vehicle’s electronic devices and control units. CAN misconfigurations can lead to security weaknesses in the data transfer process between components that can result in injection flaws. The {{application}} allows an attacker to connect to the CAN Bus and send multiple messages to the system at a rate which can cause a Denial of Service (DOS) condition. This can cause disruption to the communication between the vehicle’s electronic devices and control units.
 
-## Business Impact
+## Business Impact:
 
 This CAN misconfiguration can result in reputational damage and indirect financial loss for the business through the impact to customers’ trust in the security and safety of the automotive vehicle.
 
-## Steps to Reproduce
+## Steps to Reproduce:
 
 1. The CAN input is identified by using {{hardware}} on {{target}}
 1. Connect to {{target}} by using {{application}} with {{hardware}}
@@ -18,7 +18,7 @@ This CAN misconfiguration can result in reputational damage and indirect financi
 
 1. Observe that a DoS condition has been created
 
-## Proof of Concept (PoC)
+## Proof of Concept (PoC):
 
 The image(s) below demonstrates the process by which an attacker identifies where the CAN communication occurs. It also shows how an attacker connects to the {{target}}, and is able to inject the payload(s) recursively causing a DoS condition:
 

submissions/description/automotive_security_misconfiguration/can/template.md

@@ -1,14 +1,14 @@
 # CAN Misconfiguration
 
-## Overview of the Vulnerability
+## Overview of the Vulnerability:
 
 The Controller Area Network (CAN) is a network bus designed to aid communication between an automotive vehicle’s electronic devices and control units. CAN misconfigurations can lead to security weaknesses in the data transfer process between components that can result in injection flaws. An attacker can take advantage of the CAN misconfiguration and inject a payload into the CAN system, causing the system to not behave as intended.
 
-## Business Impact
+## Business Impact:
 
 This CAN misconfiguration can result in reputational damage and indirect financial loss for the business through the impact to customers’ trust in the security and safety of the automotive vehicle.
 
-## Steps to Reproduce
+## Steps to Reproduce:
 
 1. The CAN input is identified by using {{hardware}} on {{target}}
 1. Connect to {{target}} by using {{application}} with {{hardware}}
@@ -18,7 +18,7 @@ This CAN misconfiguration can result in reputational damage and indirect financi
 
 1. Observe that {{action}} occurs as a result
 
-## Proof of Concept (PoC)
+## Proof of Concept (PoC):
 
 The image(s) below demonstrates the process by which an attacker identifies where the CAN communication occurs. It also shows how an attacker connects to the {{target}}, and is able to inject the payload(s):
 

submissions/description/automotive_security_misconfiguration/infotainment_radio_head_unit/code_execution_can_bus_pivot/template.md

@@ -1,14 +1,14 @@
 # Infotainment Code Execution CAN Bus Pivot
 
-## Overview of the Vulnerability
+## Overview of the Vulnerability:
 
 The In-Vehicle Infotainment (IVI) system, is a central unit in an automotive vehicle's dashboard that centralizes information and entertainment systems and their controls. Misconfigurations in the IVI system can lead to security weaknesses. An attacker can pivot into the CAN bus system and execute code by taking advantage of an IVI misconfiguration, causing the system to not behave as intended.
 
-## Business Impact
+## Business Impact:
 
 This IVI system misconfiguration can result in reputational damage and indirect financial loss for the business through the impact to customers’ trust in the security and safety of the automotive vehicle.
 
-## Steps to Reproduce
+## Steps to Reproduce:
 
 1. The IVI system {{application}} uses this feature to {{action}}, exploited by {{action}}
 1. Pivot into the CAN bus using this vulnerability by {{action}}
@@ -18,7 +18,7 @@ This IVI system misconfiguration can result in reputational damage and indirect
 
 1. Observe that {{action}} occurs as a result
 
-## Proof of Concept (PoC)
+## Proof of Concept (PoC):
 
 The image(s) below demonstrates the process by which an attacker identifies where the IVI system communication occurs. It also shows how an attacker connects to the CAN bus, and is able to inject the payload(s):
 

submissions/description/automotive_security_misconfiguration/infotainment_radio_head_unit/code_execution_no_can_bus_pivot/template.md

@@ -1,14 +1,14 @@
 # Infotainment Code Execution No CAN Bus Pivot
 
-## Overview of the Vulnerability
+## Overview of the Vulnerability:
 
 The In-Vehicle Infotainment (IVI) system, is a central unit in an automotive vehicle's dashboard that centralizes information and entertainment systems and their controls. Misconfigurations in the IVI system can lead to security weaknesses. An attacker can execute code on the IVI unit by taking advantage of a misconfiguration in the system, causing the system to not behave as intended.
 
-## Business Impact
+## Business Impact:
 
 This IVI system misconfiguration can result in reputational damage and indirect financial loss for the business through the impact to customers’ trust in the security and safety of the automotive vehicle.
 
-## Steps to Reproduce
+## Steps to Reproduce:
 
 1. Perform reconnaissance on the application by {{action}}, using {{software}} on the system
 1. The IVI system {{application}} exposes {{target}} on the system
@@ -18,7 +18,7 @@ This IVI system misconfiguration can result in reputational damage and indirect
 
 1. Observe that {{action}} occurs as a result
 
-## Proof of Concept (PoC)
+## Proof of Concept (PoC):
 
 The image(s) below demonstrates the process by which an attacker identifies where the IVI system communication occurs. It also shows how an attacker is able to inject the payload(s):
 

submissions/description/automotive_security_misconfiguration/infotainment_radio_head_unit/default_credentials/template.md

@@ -1,21 +1,21 @@
 # Infotainment Default Credentials
 
-## Overview of the Vulnerability
+## Overview of the Vulnerability:
 
 The In-Vehicle Infotainment (IVI) system, is a central unit in an automotive vehicle's dashboard that centralizes information and entertainment systems and their controls. Misconfigurations in the IVI system can lead to security weaknesses. Default credentials in the IVI unit can be leveraged by an attacker to gain developer access to the system. From here, the attacker can cause the system to behave not as intended.
 
-## Business Impact
+## Business Impact:
 
 Default credentials in the IVI system can result in reputational damage and indirect financial loss for the business through the impact to customers’ trust in the security and safety of the automotive vehicle.
 
-## Steps to Reproduce
+## Steps to Reproduce:
 
 1. Port scan the IVI unit by leveraging {{application}} and {{hardware}}
 1. Bruteforce default credentials on exposed service(s)
 1. Login to service(s) and run {{action}}
 1. Observe that {{action}} occurs as a result
 
-## Proof of Concept (PoC)
+## Proof of Concept (PoC):
 
 The image(s) below demonstrates the default password successfully authenticating an attacker into the infotainment system:
 

submissions/description/automotive_security_misconfiguration/infotainment_radio_head_unit/dos_brick/template.md

@@ -1,14 +1,14 @@
 # Infotainment Denial of Service
 
-## Overview of the Vulnerability
+## Overview of the Vulnerability:
 
 The In-Vehicle Infotainment (IVI) system is a central unit in an automotive vehicle's dashboard that centralizes information and entertainment systems and their controls. Misconfigurations in the IVI system can lead to security weaknesses. An attacker can take advantage of an IVI misconfiguration and inject format strings into the IVI system, causing a Denial of Service (DoS) condition to the system.
 
-## Business Impact
+## Business Impact:
 
 DoS in the IVI system can result in reputational damage and indirect financial loss for the business through the impact to customers’ trust in the security and safety of the automotive vehicle.
 
-## Steps to Reproduce
+## Steps to Reproduce:
 
 1. Perform reconnaissance on the application by {{action}}, using {{software}} on the system
 1. The IVI system {{application}} exposes {{target}} on the system
@@ -18,7 +18,7 @@ DoS in the IVI system can result in reputational damage and indirect financial l
 
 1. Observe the inserted payload from infotainment system
 
-## Proof of Concept (PoC)
+## Proof of Concept (PoC):
 
 The image(s) below demonstrates theDoS from injected format strings on the target infotainment system: