Releases: projectdiscovery/nuclei-templates
Releases · projectdiscovery/nuclei-templates
v9.7.2
🔥 Release Highlights 🔥
- javascript/cves/2023/CVE-2023-46604.yaml by @Ice3man,@Mzack9999,@pdresearch 🔥
- code/cves/2023/CVE-2023-49105.yaml by @ChristianPoeschl,@FlorianDewald,@usdAG 🔥
- http/cves/2021/CVE-2021-29200.yaml by @your3cho 🔥
- http/cves/2023/CVE-2023-26035.yaml by @Unblvr1,@whotwagner 🔥
- http/cves/2023/CVE-2023-3368.yaml by @dwisiswant0 🔥
- http/cves/2023/CVE-2023-41265.yaml by @adamcrosser 🔥
- http/cves/2023/CVE-2023-43177.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- http/cves/2023/CVE-2023-49070.yaml by @your3cho 🔥
- http/cves/2023/CVE-2023-6553.yaml by @flx 🔥
What's Changed
New Templates Added: 61 | CVEs Added: 25 | First-time contributions: 8
- javascript/cves/2023/CVE-2023-46604.yaml by @Ice3man,@Mzack9999,@pdresearch 🔥
- code/cves/2023/CVE-2023-49105.yaml by @ChristianPoeschl,@FlorianDewald,@usdAG 🔥
- headless/cves/2018/CVE-2018-25031.yaml by @dhiyaneshdk
- http/cves/2018/CVE-2018-8823.yaml by @mastercho
- http/cves/2021/CVE-2021-29200.yaml by @your3cho 🔥
- http/cves/2021/CVE-2021-44910.yaml by @lbb
- http/cves/2022/CVE-2022-0087.yaml by @ShivanshKhari
- http/cves/2023/CVE-2023-22232.yaml by @1337kro
- http/cves/2023/CVE-2023-26035.yaml by @Unblvr1,@whotwagner 🔥
- http/cves/2023/CVE-2023-30534.yaml by @k0pak4
- http/cves/2023/CVE-2023-3368.yaml by @dwisiswant0 🔥
- http/cves/2023/CVE-2023-36144.yaml by @gy741
- http/cves/2023/CVE-2023-39002.yaml by @herry
- http/cves/2023/CVE-2023-41265.yaml by @adamcrosser 🔥
- http/cves/2023/CVE-2023-41266.yaml by @adamcrosser 🔥
- http/cves/2023/CVE-2023-43177.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- http/cves/2023/CVE-2023-46359.yaml by @mlec
- http/cves/2023/CVE-2023-49070.yaml by @your3cho 🔥
- http/cves/2023/CVE-2023-5556.yaml by @shankaracharya
- http/cves/2023/CVE-2023-6018.yaml by @byt3bl33d3r
- http/cves/2023/CVE-2023-6020.yaml by @byt3bl33d3r
- http/cves/2023/CVE-2023-6021.yaml by @byt3bl33d3r
- http/cves/2023/CVE-2023-6038.yaml by @DanMcInerney,@byt3bl33d3r
- http/cves/2023/CVE-2023-6380.yaml by @miguelsegoviagil
- http/cves/2023/CVE-2023-6553.yaml by @flx 🔥
- http/default-logins/dataease/dataease-default-login.yaml by @dhiyaneshdk
- http/default-logins/splunk/splunk-default-login.yaml by @pussycat0x
- http/exposed-panels/dataease-panel.yaml by @dhiyaneshdk
- http/exposed-panels/reportico-admin-panel.yaml by @geeknik
- http/exposed-panels/tailon-panel.yaml by @ritikchaddha
- http/exposed-panels/vue-pacs-panel.yaml by @righettod
- http/exposed-panels/woodwing-panel.yaml by @pdteam
- http/exposures/configs/dompdf-config.yaml by @kazet
- http/misconfiguration/aws/cdn-cache-poisoning.yaml by @0xcharan
- http/misconfiguration/h2o/h2o-arbitary-file-read.yaml by @DanMcInerney,@byt3bl33d3r
- http/misconfiguration/h2o/h2o-dashboard.yaml by @byt3bl33d3r
- http/misconfiguration/installer/businesso-installer.yaml by @ritikchaddha
- http/misconfiguration/installer/chamilo-installer.yaml by @dhiyaneshdk
- http/misconfiguration/installer/espocrm-installer.yaml by @dhiyaneshdk
- http/misconfiguration/installer/knowledgetree-installer.yaml by @ritikchaddha
- http/misconfiguration/installer/phpgedview-installer.yaml by @ritikchaddha
- http/misconfiguration/installer/wowcms-installer.yaml by @ritikchaddha
- http/misconfiguration/mixed-active-content.yaml by @Liwermor
- http/misconfiguration/mixed-passive-content.yaml by @Liwermor
- http/misconfiguration/secnet-info-leak.yaml by @dhiyaneshdk
- http/misconfiguration/woodwing-git.yaml by @pdteam
- http/misconfiguration/woodwing-phpinfo.yaml by @pdteam
- http/technologies/bamboo-detect.yaml by @bhutch
- http/technologies/element-web-detect.yaml by @davidegirardi
- http/technologies/iparapheur-detect.yaml by @righettod
- http/technologies/matrix-homeserver-detect.yaml by @davidegirardi
- http/vulnerabilities/dahua/dahua-wpms-lfi.yaml by @dhiyaneshdk
- http/vulnerabilities/dahua/dahua-wpms-rce.yaml by @dhiyaneshdk
- http/vulnerabilities/ecstatic/node-ecstatic-internal-path.yaml by @dhiyaneshdk
- http/vulnerabilities/ecstatic/node-ecstatic-listing.yaml by @dhiyaneshdk
- http/vulnerabilities/huawei/huawei-authhttp-lfi.yaml by @dhiyaneshdk
- http/vulnerabilities/jinhe/jinhe-jc6-sqli.yaml by @Ky9oss
- http/vulnerabilities/other/sslvpn-client-rce.yaml by @dhiyaneshdk
- http/vulnerabilities/other/yibao-sqli.yaml by @dhiyaneshdk
- http/vulnerabilities/other/yunanbao-rce.yaml by @dhiyaneshdk
- http/vulnerabilities/vbulletin/vbulletin-ajaxreg-sqli.yaml by @mastercho
New Contributors
- @davidegirardi made their first contribution in #8721
- @jfbes made their first contribution in #8726
- @invisiblethreat made their first contribution in #8719
- @your3ch0 made their first contribution in #8774
- @knavesec made their first contribution in #8784
- @RegularITCat made their first contribution in #8806
- @chrisusdag made their first contribution in #8835
- @Liwermor made their first contribution in #8838
Full Changelog: v9.7.1...v9.7.2
Contributors
herry, flx, and 34 other contributors
Assets 2
v9.7.1
What's Changed
- Removed logging statement from ssh template by @ehsandeep in #8736
- Updated CVE-2023-49103 to include htaccess rule bypass by @ehsandeep in #8737
Full Changelog: v9.7.0...v9.7.1
Contributors
ehsandeep
Assets 2
v9.7.0
🔥 Release Highlights 🔥
- code/cves/2023/CVE-2023-2640.yaml by @princechaddha 🔥
- http/cves/2023/CVE-2023-49103.yaml by @ritikchaddha 🔥
- http/cves/2023/CVE-2023-47246.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- http/cves/2021/CVE-2021-45382.yaml by @king-alexander 🔥
- http/cves/2021/CVE-2021-35395.yaml by @king-alexander 🔥
- http/cves/2021/CVE-2021-33690.yaml by DhiyaneshDK 🔥
- http/cves/2021/CVE-2021-26294.yaml by @johnk3r 🔥
What's Changed
New Templates Added: 51 | CVEs Added: 18 | First-time contributions: 7
- code/cves/2023/CVE-2023-2640.yaml by @princechaddha 🔥
- http/cves/2023/CVE-2023-49103.yaml by @ritikchaddha 🔥
- http/cves/2023/CVE-2023-47246.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- http/cves/2023/CVE-2023-45542.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-43326.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-43325.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-39796.yaml by @youngpope
- http/cves/2023/CVE-2023-30258.yaml by @gy741
- http/cves/2023/CVE-2023-26347.yaml by @Salts
- http/cves/2023/CVE-2023-5375.yaml by @shankaracharya
- http/cves/2022/CVE-2022-1170.yaml by @akincibor,@ritikchaddha
- http/cves/2021/CVE-2021-45382.yaml by @king-alexander 🔥
- http/cves/2021/CVE-2021-35395.yaml by @king-alexander 🔥
- http/cves/2021/CVE-2021-33690.yaml by DhiyaneshDK 🔥
- http/cves/2021/CVE-2021-26294.yaml by @johnk3r 🔥
- http/cves/2021/CVE-2021-26292.yaml by @johnk3r
- http/cves/2017/CVE-2017-7855.yaml by @r3Y3r53
- javascript/cves/2016/CVE-2016-8706.yaml by @pussycat0x
- http/vulnerabilities/other/xxljob-executor-unauth.yaml by @k3rwin
- http/default-logins/structurizr/structurizr-default-login.yaml by DhiyaneshDK
- http/exposed-panels/adhoc-transfer-panel.yaml by @johnk3r
- http/exposures/configs/jsconfig-json.yaml by DhiyaneshDk
- http/exposures/configs/phinx-config.yaml by DhiyaneshDk
- http/exposures/configs/vite-config.yaml by DhiyaneshDk
- http/exposures/files/apdisk-disclosure.yaml by DhiyaneshDk
- http/exposures/files/auth-json.yaml by DhiyaneshDk
- http/exposures/files/azuredeploy-json.yaml by DhiyaneshDk
- http/exposures/files/php-cs-cache.yaml by DhiyaneshDk
- http/exposed-panels/afterlogic-webmail-login.yaml by @johnk3r
- http/exposed-panels/structurizr-panel.yaml by DhiyaneshDk
- http/misconfiguration/installer/mosparo-install.yaml by DhiyaneshDK
- http/misconfiguration/ms-exchange-user-enum.yaml by @righettod
- http/misconfiguration/node-express-status.yaml by DhiyaneshDk
- http/misconfiguration/tomcat-stacktraces.yaml by @Lucky0x0D
- http/takeovers/clever-takeover.yaml by @supr4s
- javascript/enumeration/obsolete-ssh-version.yaml by @pussycat0x
- javascript/enumeration/ssh-cbc-mode-ciphers.yaml by @pussycat0x
- javascript/enumeration/ssh-diffie-hellman-logjam.yaml by @pussycat0x
- javascript/enumeration/ssh-sha1-hmac-algo.yaml by @pussycat0x
- javascript/enumeration/ssh-weak-algo-supported.yaml by @pussycat0x
- javascript/enumeration/ssh-weak-mac-algo.yaml by @pussycat0x
- javascript/enumeration/ssh-weak-public-key.yaml by @pussycat0x
- javascript/enumeration/ssh-weakkey-exchange-algo.yaml by @pussycat0x
- network/detection/aws-sftp-detect.yaml by @johnk3r
- network/detection/moveit-sftp-detect.yaml by @johnk3r
- file/keys/kubernetes/kubernetes-dockercfg-secret.yaml by @dwisiswant0
- file/keys/kubernetes/kubernetes-dockerconfigjson-secret.yaml by @dwisiswant0
- http/technologies/4D-detect.yaml by @righettod
- http/technologies/aws/aws-detect.yaml by @6mile
- http/technologies/silverback-detect.yaml by @nodauf
- http/technologies/wordpress/plugins/templately.yaml by @ricardomaia
New Contributors
- @fullstackpotato made their first contribution in #8599
- @wahyuhadi made their first contribution in #8597
- @l0pens made their first contribution in #8618
- @rtvkiz made their first contribution in #8645
- @joelczk made their first contribution in #8644
- @Mr-B0hl00l made their first contribution in #8648
- @Jaclyn6 made their first contribution in #8675
Full Changelog: v9.6.9...v9.7.0
Contributors
ricardomaia, righettod, and 26 other contributors
Assets 2
v9.6.9
🔥 Release Highlights 🔥
- network/cves/2023/CVE-2023-46604.yaml by @Ice3man,@Mzack9999,@pdresearch 🔥
- javascript/cves/2023/CVE-2023-34039.yaml by @tarunKoyalwar 🔥
- code/cves/2023/CVE-2023-4911.yaml by @nybble04 🔥
- http/cves/2023/CVE-2023-43795.yaml by @dhiyaneshdk 🔥
- http/cves/2022/CVE-2022-35653.yaml by @iamnoooob,@pdresearch 🔥
- http/cves/2023/CVE-2023-22518.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- http/cves/2023/CVE-2023-20198.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- http/cves/2020/CVE-2020-24701.yaml by @dhiyaneshdk 🔥
- http/cves/2023/CVE-2023-1719.yaml by @dhiyaneshdk 🔥
What's Changed
New Templates Added: 73 | CVEs Added: 13 | First-time contributions: 7
- network/cves/2023/CVE-2023-46604.yaml by @Ice3man,@Mzack9999,@pdresearch 🔥
- javascript/cves/2023/CVE-2023-34039.yaml by @tarunKoyalwar 🔥
- code/cves/2023/CVE-2023-4911.yaml by @nybble04 🔥
- http/cves/2023/CVE-2023-43795.yaml by @dhiyaneshdk 🔥
- http/cves/2023/CVE-2023-40068.yaml by @E1A
- http/cves/2022/CVE-2022-35653.yaml by @iamnoooob,@pdresearch 🔥
- http/cves/2023/CVE-2023-34020.yaml by @LeDoubleTake
- http/cves/2023/CVE-2023-33629.yaml by @dhiyaneshdk
- http/cves/2023/CVE-2023-22518.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- http/cves/2023/CVE-2023-20198.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- http/cves/2020/CVE-2020-24701.yaml by @dhiyaneshdk 🔥
- http/cves/2023/CVE-2023-1719.yaml by @dhiyaneshdk 🔥
- http/cves/2023/CVE-2023-4169.yaml by @dhiyaneshdk
- http/cves/2023/CVE-2023-4415.yaml by @dhiyaneshdk
- http/default-logins/dell/dell-dpi-default-login.yaml by @MegaManSec
- http/default-logins/goip-default-login.yaml by @drfabiocastro
- http/exposed-panels/appsuite-panel.yaml by @dhiyaneshdk
- http/exposed-panels/cisco/cisco-ios-xe-panel.yaml by @bhutch
- http/exposed-panels/fusionauth-admin-panel.yaml by @ritikchaddha
- http/exposed-panels/homer-panel.yaml by @rxerium
- http/exposed-panels/kiteworks-pcn-panel.yaml by @righettod
- http/exposed-panels/librephotos-panel.yaml by @ritikchaddha
- http/exposed-panels/librespeed-panel.yaml by @ritikchaddha
- http/exposed-panels/office-webapps-panel.yaml by @dhiyaneshdk
- http/exposed-panels/overseerr-panel.yaml by @rxerium
- http/exposed-panels/plausible-panel.yaml by @rxerium
- http/exposed-panels/rdweb-panel.yaml by @rxerium,@sorrowx3
- http/exposed-panels/servicenow-panel.yaml by @righettod
- http/exposed-panels/truenas-scale-panel.yaml by @rxerium
- http/exposed-panels/unauth/tautulli-unauth.yaml by @ritikchaddha
- http/honeypot/citrix-honeypot-detect.yaml by @UnaPibaGeek
- http/honeypot/dionaea-http-honeypot-detect.yaml by @UnaPibaGeek
- http/honeypot/elasticpot-honeypot-detect.yaml by @UnaPibaGeek
- http/honeypot/snare-honeypot-detect.yaml by @UnaPibaGeek
- http/misconfiguration/fusionauth-admin-setup.yaml by @ritikchaddha
- http/misconfiguration/installer/cube-105-install.yaml by @ritikchaddha
- http/misconfiguration/installer/imprivata-installer.yaml by @ritikchaddha
- http/misconfiguration/installer/orangescrum-install.yaml by @ritikchaddha
- http/misconfiguration/installer/ruckus-smartzone-install.yaml by @ritikchaddha
- http/misconfiguration/installer/ruckus-unleashed-install.yaml by @ritikchaddha
- http/misconfiguration/installer/sugarcrm-install.yaml by @ritikchaddha
- http/misconfiguration/installer/tautulli-install.yaml by @ritikchaddha
- http/misconfiguration/installer/webcalendar-install.yaml by @ritikchaddha
- http/misconfiguration/installer/webtrees-install.yaml by @ritikchaddha
- http/misconfiguration/less-history.yaml by @kazet
- http/misconfiguration/mysql-history.yaml by @kazet
- http/misconfiguration/searchreplacedb2-exposure.yaml by @kazet
- http/misconfiguration/untangle-admin-setup.yaml by @ritikchaddha
- http/technologies/dell/dell-dpi-panel.yaml by @MegaManSec
- http/technologies/wordpress/plugins/hostinger.yaml by @ricardomaia
- http/technologies/wordpress/plugins/metform.yaml by @ricardomaia
- http/vulnerabilities/hikvision/hikvision-js-files-upload.yaml by @Xc1Ym
- http/vulnerabilities/microsoft/office-webapps-ssrf.yaml by @dhiyaneshdk
- http/vulnerabilities/other/podcast-generator-ssrf.yaml by @ritikchaddha,@MrHarshvardhan
- javascript/default-logins/mssql-default-logins.yaml by @Ice3man543,@tarunKoyalwar
- javascript/default-logins/postgres-default-logins.yaml by @Ice3man
- javascript/default-logins/redis-default-logins.yaml by @tarunKoyalwar
- javascript/default-logins/ssh-default-logins.yaml by @tarunKoyalwar
- javascript/detection/mssql-detect.yaml by @Ice3man543,@tarunKoyalwar
- javascript/detection/ssh-auth-methods.yaml by @Ice3man543
- javascript/enumeration/ssh-password-auth.yaml by @princechaddha
- javascript/enumeration/ssh-server-enumeration.yaml by @Ice3man543,@tarunKoyalwar
- network/honeypot/adbhoney-honeypot-cnxn-detect.yaml by @UnaPibaGeek
- network/honeypot/adbhoney-honeypot-shell-detect.yaml by @UnaPibaGeek
- network/honeypot/conpot-siemens-honeypot-detect.yaml by @UnaPibaGeek
- network/honeypot/cowrie-ssh-honeypot-detect.yaml by @UnaPibaGeek
- network/honeypot/dionaea-ftp-honeypot-detect.yaml by @UnaPibaGeek
- network/honeypot/dionaea-mqtt-honeypot-detect.yaml by @UnaPibaGeek
- network/honeypot/dionaea-mysql-honeypot-detect.yaml by @UnaPibaGeek
- network/honeypot/dionaea-smb-honeypot-detect.yaml by @UnaPibaGeek
- network/honeypot/gaspot-honeypot-detect.yaml by @UnaPibaGeek
- network/honeypot/mailoney-honeypot-detect.yaml by @UnaPibaGeek
- network/honeypot/redis-honeypot-detect.yaml by @UnaPibaGeek
New Contributors
- @k0z4c made their first contribution in #8468
- @byt3bl33d3r made their first contribution in #8457
- @0xorOne made their first contribution in #8500
- @jzr made their first contribution in #8546
- @Xc1Ym made their first contribution in #8548
- @adilsoybali made their first contribution in #8540
- @rumble773 made their first contribution in #8572
Full Changelog: v9.6.8...v9.6.9
Contributors
kazet, ricardomaia, and 26 other contributors
Assets 2
v9.6.8
🔥 Release Highlights 🔥
- CVE-2023-46747 (F5 BIG-IP - Unauthenticated RCE via AJP Smuggling)
- CVE-2023-37679 (NextGen Mirth Connect - Remote Code Execution)
- CVE-2023-45852 (Viessmann Vitogate 300 - Remote Code Execution)
- CVE-2023-4966 (Citrix Bleed - Leaking Session Tokens)
What's Changed
New Templates Added: 79 (CVE: 33)
- http/cves/2023/CVE-2023-46747.yaml by @iamnoooob,@rootxharsh,@pdresearch
- http/cves/2023/CVE-2023-45852.yaml by @iamnoooob,@rootxharsh,@pdresearch
- http/cves/2023/CVE-2023-37679.yaml by @iamnoooob,@rootxharsh,@pdresearch
- http/cves/2023/CVE-2023-4966.yaml by @dhiyaneshdk
- http/cves/2022/CVE-2022-36553.yaml by @HUTA0
- http/cves/2017/CVE-2017-18566.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18565.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18564.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18562.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18558.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18557.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18556.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18542.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18537.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18532.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18530.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18529.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18528.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18527.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18518.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18517.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18516.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18505.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18502.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18501.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18500.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18496.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18494.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18493.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18492.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18491.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18490.yaml by @luisfelipe146
- http/cves/2017/CVE-2017-18487.yaml by @luisfelipe146
- http/misconfiguration/tiny-file-manager-unauth.yaml by @ritikchaddha,@HUTA0
- http/misconfiguration/unauth-opache-control-panel.yaml by @pussycat0x
- http/vulnerabilities/backdoor/cisco-implant-detect.yaml by @dhiyaneshdk,@rxerium
- http/vulnerabilities/cisco/cisco-broadworks-log4j-rce.yaml by @shaikhyaser
- http/vulnerabilities/cisco/cisco-webex-log4j-rce.yaml by @shaikhyaser
- http/vulnerabilities/other/citrix-xenapp-log4j-rce.yaml by @shaikhyaser
- http/vulnerabilities/other/f-secure-policymanager-log4j-rce.yaml by @shaikhyaser
- http/vulnerabilities/other/flexnet-log4j-rce.yaml by @shaikhyaser
- http/vulnerabilities/other/fortiportal-log4j-rce.yaml by @shaikhyaser
- http/vulnerabilities/other/jitsi-meet-log4j-rce.yaml by @shaikhyaser
- http/vulnerabilities/other/livebos-file-read.yaml by @Yusakie
- http/vulnerabilities/other/logstash-log4j-rce.yaml by @shaikhyaser
- http/vulnerabilities/other/manage-engine-dc-log4j-rce.yaml by @shaikhyaser
- http/vulnerabilities/other/okta-log4j-rce.yaml by @shaikhyaser
- http/vulnerabilities/other/openshift-log4j-rce.yaml by @shaikhyaser
- http/vulnerabilities/other/papercut-log4j-rce.yaml by @shaikhyaser
- http/vulnerabilities/other/pega-log4j-rce.yaml by @shaikhyaser
- http/vulnerabilities/other/sonicwall-nsm-log4j-rce.yaml by @shaikhyaser
- http/vulnerabilities/other/splunk-enterprise-log4j-rce.yaml by @shaikhyaser
- http/vulnerabilities/other/symantec-sepm-log4j-rce.yaml by @shaikhyaser
- http/vulnerabilities/wordpress/blog-designer-pack-rce.yaml by @iamnoooob,@rootxharsh,@pdresearch
- http/vulnerabilities/wordpress/wp-kadence-blocks-rce.yaml by @theamanrawat
- http/exposed-panels/authelia-panel.yaml by @rxerium
- http/exposed-panels/automatisch-panel.yaml by @rxerium
- http/exposed-panels/changedetection-panel.yaml by @rxerium
- http/exposed-panels/chronos-panel.yaml by @righettod
- http/exposed-panels/homebridge-panel.yaml by @rxerium
- http/exposed-panels/immich-panel.yaml by @rxerium
- http/exposed-panels/memos-panel.yaml by @rxerium
- http/exposed-panels/opentouch-multimediaservices-panel.yaml by @righettod
- http/exposed-panels/rcdevs-webadm-panel.yaml by @righettod
- http/exposed-panels/regify-panel.yaml by @righettod
- http/exposed-panels/scribble-diffusion-panel.yaml by @rxerium
- http/exposed-panels/security-onion-panel.yaml by @rxerium
- http/exposed-panels/solarwinds-arm-panel.yaml by @bhutch
- http/exposed-panels/speedtest-panel.yaml by @rxerium
- http/exposed-panels/tautulli-panel.yaml by @rxerium
- http/exposed-panels/vinchin-panel.yaml by @pussycat0x
- http/exposed-panels/webtitan-cloud-panel.yaml by @ritikchaddha
- http/technologies/atlassian-connect-descriptor.yaml by @pussycat0x
- http/technologies/mappproxy-detect.yaml by @philippedelteil
- http/technologies/orbit-telephone-detect.yaml by @HeeresS
- http/token-spray/api-onyphe.yaml by @0xpugazh
- headless/technologies/js-libraries-detect.yaml by @adamparsons,@cbadke,@ChetGan,@ErikOwen,@jacalynli
- javascript/detection/oracle-tns-listner.yaml by @pussycat0x
- javascript/enumeration/smb-enum.yaml by @pussycat0x
New Contributors
- @shaikhyaser made their first contribution in #8419
- @rxerium made their first contribution in #8427
Full Changelog: v9.6.7...v9.6.8
Contributors
cbadke, righettod, and 18 other contributors
Assets 2
v9.6.7
What's Changed
- Added template sign workflow + signed all the templates by @ehsandeep in #8423
- Added CVE-2023-5360.yaml by @theamanrawat in #8409
Full Changelog: v9.6.6...v9.6.7
Contributors
ehsandeep and theamanrawat
Assets 2
v9.6.6
🔥 Highlight of this release:
✅ [servicenow-widget-misconfig] ServiceNow Widget-Simple-List - Misconfiguration (@dhiyaneshdk) 🔥
✅ [CVE-2023-37979] Ninja Forms < 3.6.26 - Cross-Site Scripting (@r3y3r53) [medium] 🔥
✅ [CVE-2021-25016] Chaty < 2.8.2 - Cross-Site Scripting (@luisfelipe146) [medium] 🔥
✅ [CVE-2020-6950] Eclipse Mojarra - Local File Read (@iamnoooob,@pdresearch) [medium] 🔥
✅ [CVE-2023-4451] Cockpit - Cross-Site Scripting (@iamnoooob,@pdresearch) [medium] 🔥
✅ [CVE-2023-3710] Honeywell PM43 Printers - Command Injection (@win3zz) [critical] 🔥
✅ [CVE-2023-3219] EventON Lite < 2.1.2 - Arbitrary File Download (@r3y3r53) [medium] 🔥
What's Changed
New Templates Added : 161
New CVEs Added:99
- http/cves/2022/CVE-2022-47075.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-44957.yaml by @theamanrawat
- http/cves/2022/CVE-2022-45365.yaml by @theamanrawat
- http/cves/2022/CVE-2022-44291.yaml by @theamanrawat
- http/cves/2022/CVE-2022-44290.yaml by @theamanrawat
- http/cves/2023/CVE-2023-41538.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-40779.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-40032.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-40047.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-40208.yaml by @theamanrawat
- http/cves/2023/CVE-2023-39700.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-39110.yaml by @theamanrawat
- http/cves/2023/CVE-2023-39109.yaml by @theamanrawat
- http/cves/2023/CVE-2023-39108.yaml by @theamanrawat
- http/cves/2023/CVE-2023-37979.yaml by @r3Y3r53 🔥
- http/cves/2023/CVE-2023-37728.yaml by @technicaljunkie,@r3Y3r53
- http/cves/2022/CVE-2022-34093.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-34094.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-39048.yaml by @theamanrawat
- http/cves/2023/CVE-2023-36306.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-34756.yaml by @theamanrawat
- http/cves/2023/CVE-2023-34755.yaml by @theamanrawat
- http/cves/2023/CVE-2023-34753.yaml by @theamanrawat
- http/cves/2023/CVE-2023-34752.yaml by @theamanrawat
- http/cves/2023/CVE-2023-34751.yaml by @theamanrawat
- http/cves/2023/CVE-2023-33584.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-29439.yaml by @theamanrawat
- http/cves/2021/CVE-2021-29006.yaml by @r3Y3r53
- http/cves/2021/CVE-2021-25079.yaml by @r3Y3r53
- http/cves/2021/CVE-2021-25016.yaml by @luisfelipe146 🔥
- http/cves/2021/CVE-2021-24979.yaml by @r3Y3r53
- http/cves/2021/CVE-2021-24915.yaml by @r3Y3r53
- http/cves/2021/CVE-2021-24791.yaml by @r3Y3r53
- http/cves/2021/CVE-2021-24627.yaml by @theamanrawat
- http/cves/2021/CVE-2021-24286.yaml by @r3Y3r53
- http/cves/2021/CVE-2021-24215.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-27922.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-25148.yaml by @theamanrawat
- http/cves/2022/CVE-2022-25149.yaml by @theamanrawat
- http/cves/2023/CVE-2023-5244.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-4974.yaml by @theamanrawat
- http/cves/2023/CVE-2023-4547.yaml by @theamanrawat
- http/cves/2023/CVE-2023-4451.yaml by @iamnoooob,@pdresearch 🔥
- http/cves/2023/CVE-2023-4168.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-4148.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-4116.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-4115.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-4114.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-4113.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-4112.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-4111.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-4110.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-3849.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-3848.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-3847.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-3846.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-3845.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-3844.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-3843.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-3710.yaml by @win3zz 🔥
- http/cves/2023/CVE-2023-3219.yaml by @r3Y3r53 🔥
- http/cves/2023/CVE-2023-2779.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-2009.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-1880.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-1780.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-1408.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-1263.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-0947.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-0900.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-0777.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-0602.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-0600.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-0334.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-0228.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-0533.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-0597.yaml by @Farish
- http/cves/2022/CVE-2022-0651.yaml by @theamanrawat
- http/cves/2022/CVE-2022-0658.yaml by @theamanrawat
- http/cves/2022/CVE-2022-0787.yaml by @theamanrawat
- http/cves/2022/CVE-2022-0814.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-0899.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-2174.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-2535.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-3142.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-3242.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-4049.yaml by @theamanrawat
- http/cves/2022/CVE-2022-4059.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-4305.yaml by @r3Y3r53
- http/cves/2021/CVE-2021-35323.yaml by @r3Y3r53
- http/cves/2021/CVE-2021-41749.yaml by @iamnoooob,@ritikchaddha
- http/cves/2020/CVE-2020-12256.yaml by @r3Y3r53
- http/cves/2020/CVE-2020-12259.yaml by @r3Y3r53
- http/cves/2020/CVE-2020-13638.yaml by @theamanrawat
- http/cves/2020/CVE-2020-13851.yaml by @theamanrawat
- http/cves/2020/CVE-2020-6950.yaml by @iamnoooob,@pdresearch 🔥
- http/cves/2020/CVE-2020-8615.yaml by @r3Y3r53
- http/cves/2019/CVE-2019-15829.yaml by @r3Y3r53
- http/cves/2018/CVE-2018-7282.yaml by @theamanrawat
- http/cves/2015/CVE-2015-20067.yaml by @r3Y3r53
- http/vulnerabilities/joomla/joomla-com-booking-component.yaml by @r3Y3r53
- http/vulnerabilities/joomla/joomla-iproperty-real-estate-xss.yaml by @r3Y3r53
- http/vulnerabilities/joomla/joomla-joombri-careers-xss.yaml by @r3Y3r53
- http/vulnerabilities/joomla/joomla-jvtwitter-xss.yaml by @r3Y3r53
- http/vulnerabilities/joomla/joomla-marvikshop-sqli.yaml by @r3Y3r53
- http/vulnerabilities/joomla/joomla-marvikshop-xss.yaml by @r3Y3r53
- http/vulnerabilities/joomla/joomla-solidres-xss.yaml by @r3Y3r53
- http/vulnerabilities/other/applezeed-sqli.yaml by @r3Y3r53
- http/vulnerabilities/other/beyond-trust-xss.yaml by @r3Y3r53
- http/vulnerabilities/other/csz-cms-sqli.yaml by @r3Y3r53
- http/vulnerabilities/other/doorgets-info-disclosure.yaml by @r3Y3r53
- http/vulnerabilities/other/ep-web-cms-xss.yaml by @r3Y3r53
- http/vulnerabilities/other/erensoft-sqli.yaml by @r3Y3r53
- http/vulnerabilities/other/groomify-sqli.yaml by @theamanrawat
- http/vulnerabilities/other/gz-forum-script-xss.yaml by @r3Y3r53
- http/vulnerabilities/other/indonasia-toko-cms-sql.yaml by @r3Y3r53
- http/vulnerabilities/other/joomla-jlex-review-xss.yaml by @r3Y3r53
- http/vulnerabilities/other/joomla-jmarket-xss.yaml by @r3Y3r53
- http/vulnerabilities/other/khodrochi-cms-xss.yaml by @r3Y3r53
- http/vulnerabilities/other/kingsoft-vgm-lfi.yaml by @abbas.heybati
- http/vulnerabilities/other/lokomedia-cms-lfi.yaml by @r3Y3r53
- http/vulnerabilities/other/news-script-xss.yaml by @r3Y3r53
- http/vulnerabilities/other/office-suite-xss.yaml by @r3Y3r53
- http/vulnerabilities/other/ozeki-10-sms-gateway.yaml by @r3Y3r53
- http/vulnerabilities/other/phuket-cms-sqli.yaml by @r3Y3r53
- http/vulnerabilities/other/phuket-cms-xss.yaml by @r3Y3r53
- http/vulnerabilities/other/pmb-sqli.yaml by @r3Y3r53
- http/vulnerabilities/other/rentequip-xss.yaml by @r3Y3r53
- http/vulnerabilities/other/shoowbiz-xss.yaml by @r3Y3r53
- http/vulnerabilities/other/sound4-impact-auth-bypass.yaml by @r3Y3r53
- http/vulnerabilities/other/sound4-impact-password-auth-bypass.yaml by @r3Y3r53
- http/vulnerabilities/other/stackposts-sqli.yaml by @r3Y3r53
- http/vulnerabilities/other/taiwanese-travel-lfi.yaml by @r3Y3r53
- http/vulnerabilities/other/talroo-jobs-xss.yaml by @r3Y3r53
- http/vulnerabilities/other/webigniter-xss.yaml by @theamanrawat
- http/vulnerabilities/wordpress/knr-widget-xss.yaml by @theamanrawat
- http/vulnerabilities/wordpress/photoblocks-grid-gallery-xss.yaml by @r3Y3r53
- http/vulnerabilities/wordpress/wp-adivaha-sqli.yaml by @theamanrawat
- http/vulnerabilities/wordpress/wp-adivaha-xss.yaml by @r3Y3r53
- http/vulnerabilities/wordpress/wp-ellipsis-xss.yaml by @r3Y3r53
- http/vulnerabilities/wordpress/wp-gallery-file-upload.yaml by @r3Y3r53
- http/vulnerabilities/wordpress/wp-googlemp3-lfi.yaml by @theamanrawat
- http/vulnerabilities/wordpress/wp-mega-theme.yaml by @r3Y3r53
- http/vulnerabilities/wordpress/wp-portrait-archiv-xss.yaml by @r3Y3r53
- http/vulnerabilities/wordpress/wp-qwiz-online-xss.yaml by @r3Y3r53
- http/vulnerabilities/wordpress/wp-reality-estate-theme.yaml by @r3Y3r53
- http/vulnerabilities/wordpress/wp-smart-manager-sqli.yaml by @r3Y3r53
- http/vulnerabilities/wordpress/wp-social-warfare-rce.yaml by @theamanrawat
- http/vulnerabilities/wordpress/wp-statistics-sqli.yaml by @r3Y3r53
- http/vulnerabilities/wordpress/wp-superstorefinder-misconfig.yaml by @r3Y3r53
- http/vulnerabilities/wordpress/wp-upward-theme-redirect.yaml by @r3Y3r53
- http/misconfiguration/servicenow-widget-misconfig.yaml by @dhiyaneshdk
- http/default-logins/batflat/batflat-default-login.yaml by @r3Y3r53
- http/default-logins/eurotel/etl3100-default-login.yaml by @r3Y3r53
- http/default-logins/franklin-fueling-default-login.yaml by @r3Y3r53
- http/default-logins/rconfig-default-login.yaml by @theamanrawat
- http/default-logins/timekeeper/timekeeper-default-login.yaml by @theamanrawat
- http/default-logins/wazuh-default-login.yaml by @theamanrawat
- http/exposures/logs/redv-super-logs.yaml by @r3Y3r53
- http/exposed-panels/sphinxonline-panel.yaml by @righettod
- http/exposed...
Contributors
Fisjkars, righettod, and 8 other contributors
Assets 2
v9.6.5
🔥 Highlight of this release:
✅ [CVE-2023-43261] Milesight Routers - Information Disclosure (@gy741) [high] 🔥
✅ [CVE-2023-42793] JetBrains TeamCity < 2023.05.4 - Remote Code Execution (@iamnoooob,@rootxharsh,@pdresearch) [critical] 🔥
✅ [CVE-2023-42442] JumpServer > 3.6.4 - Information Disclosure (@xianke) [high] 🔥
✅ [CVE-2023-36845] Juniper J-Web - Remote Code Execution (@yaser_s) [medium] 🔥
✅ [CVE-2023-35813] Sitecore - Remote Code Execution (@dhiyaneshdk,@iamnoooob) [critical] 🔥
✅ [CVE-2023-29357] Microsoft SharePoint - Authentication Bypass (@pdteam) [critical] 🔥
✅ [CVE-2023-22515] Atlassian Confluence - Privilege Escalation (@s1r1us,@iamnoooob,@rootxharsh,@pdresearch) [critical] 🔥
✅ [CVE-2023-5074] D-Link D-View 8 v2.0.1.28 - Authentication Bypass (@dhiyaneshdk) [critical] 🔥
What's Changed
New Templates Added : 75
New CVEs Added: 25
First-time contributions: 12
- http/cves/2023/CVE-2023-43261.yaml by @gy741 🔥
- http/cves/2023/CVE-2023-42793.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- http/cves/2023/CVE-2023-42442.yaml by @xianke 🔥
- http/cves/2023/CVE-2023-41642.yaml by @ritikchaddha
- http/cves/2023/CVE-2023-38501.yaml by @ctflearner
- http/cves/2023/CVE-2023-37474.yaml by @shankar acharya,@theamanrawat
- http/cves/2023/CVE-2023-36845.yaml by @yaser_s 🔥
- http/cves/2023/CVE-2023-35813.yaml by @dhiyaneshdk,@iamnoooob 🔥
- http/cves/2023/CVE-2023-34259.yaml by @gy741
- http/cves/2023/CVE-2023-33831.yaml by @gy741
- http/cves/2023/CVE-2023-33405.yaml by @shankar Acharya
- http/cves/2023/CVE-2023-31465.yaml by @ritikchaddha
- http/cves/2023/CVE-2023-30625.yaml by @gy741
- http/cves/2023/CVE-2023-30013.yaml by @gy741
- http/cves/2023/CVE-2023-29357.yaml by @pdteam 🔥
- http/cves/2023/CVE-2023-22515.yaml by @s1r1us,@iamnoooob,@rootxharsh,@pdresearch 🔥
- http/cves/2023/CVE-2023-22432.yaml by @dhiyaneshdk
- http/cves/2023/CVE-2023-5074.yaml by @dhiyaneshdk 🔥
- http/cves/2023/CVE-2023-4568.yaml by @dhiyaneshdk
- http/cves/2023/CVE-2023-2766.yaml by @dhiyaneshdk
- http/cves/2023/CVE-2023-2479.yaml by @zn9988
- http/cves/2023/CVE-2023-2224.yaml by @luisfelipe146
- http/cves/2022/CVE-2022-48197.yaml by @ctflearner
- http/cves/2022/CVE-2022-25568.yaml by @dhiyaneshdk
- http/cves/2014/CVE-2014-9180.yaml by @shankar Acharya
- http/default-logins/xploitspy/xploitspy-default-login.yaml by @andreluna
- http/exposed-panels/audiobookshelf-panel.yaml by @ritikchaddha
- http/exposed-panels/bitwarden-vault-panel.yaml by @ritikchaddha
- http/exposed-panels/dashy-panel.yaml by @ritikchaddha
- http/exposed-panels/filebrowser-login-panel.yaml by @ritikchaddha
- http/exposed-panels/jellyseerr-login-panel.yaml by @ritikchaddha
- http/exposed-panels/klr300n-panel.yaml by @andreluna
- http/exposed-panels/portainer-panel.yaml by @ritikchaddha
- http/exposed-panels/qBittorrent-panel.yaml by @ritikchaddha
- http/exposed-panels/ws_ftp-server-web-transfer.yaml by @johnk3r
- http/exposures/configs/mercurial-hgignore.yaml by @dhiyaneshdk
- http/exposures/configs/phpcs-config.yaml by @dhiyaneshdk
- http/exposures/configs/phpsys-info.yaml by @fpatrik
- http/exposures/configs/protractor-config.yaml by @dhiyaneshdk
- http/exposures/configs/psalm-config.yaml by @dhiyaneshdk
- http/exposures/configs/rakefile-disclosure.yaml by @dhiyaneshdk
- http/exposures/files/viminfo-disclosure.yaml by @dhiyaneshdk
- http/exposures/logs/milesight-system-log.yaml by @ritikchaddha
- http/exposures/tokens/jotform/jotform-api-key.yaml by @shankar Acharya
- http/iot/kyocera-printer-panel.yaml by @gy741
- http/misconfiguration/filebrowser-unauth.yaml by @ritikchaddha
- http/misconfiguration/installer/akeeba-installer.yaml by @dhiyaneshdk
- http/misconfiguration/installer/alma-installer.yaml by @dhiyaneshdk
- http/misconfiguration/installer/bitrix24-installer.yaml by @dhiyaneshdk
- http/misconfiguration/installer/clipbucket-installer.yaml by @dhiyaneshdk
- http/misconfiguration/installer/dolphin-installer.yaml by @dhiyaneshdk
- http/misconfiguration/installer/gibbon-installer.yaml by @dhiyaneshdk
- http/misconfiguration/installer/klr300n-installer.yaml by @andreluna
- http/misconfiguration/installer/mantisbt-installer.yaml by @dhiyaneshdk
- http/misconfiguration/installer/ojs-installer.yaml by @dhiyaneshdk
- http/misconfiguration/installer/shopware-installer.yaml by @dhiyaneshdk
- http/misconfiguration/installer/spa-cart-installer.yaml by @pussycat0x
- http/misconfiguration/installer/vironeer-installer.yaml by @dhiyaneshdk
- http/misconfiguration/installer/zabbix-installer.yaml by @dhiyaneshdk
- http/misconfiguration/installer/zencart-installer.yaml by @dhiyaneshdk
- http/misconfiguration/unauth-celery-flower.yaml by @dhiyaneshdk
- http/misconfiguration/vercel-source-exposure.yaml by @Hlop
- http/technologies/blazor-webassembly-detect.yaml by @righettod
- http/technologies/default-amazon-cognito.yaml by @pussycat0x
- http/technologies/devexpress-detect.yaml by @CravateRouge
- http/vulnerabilities/apache/shiro/shiro-deserialization-detection.yaml by @hotpot,@j4vaovo
- http/vulnerabilities/copyparty-xss.yaml by @theamanrawat
- http/vulnerabilities/sangfor/sangfor-ngaf-lfi.yaml by @dhiyaneshdk
- http/vulnerabilities/wordpress/wp-yoast-user-enumeration.yaml by @flx
- http/vulnerabilities/yonyou/yonyou-u8-sqli.yaml by @xianke
- network/detection/bgp-detect.yaml by @danfaizer
- network/detection/exim-detect.yaml by @ricardomaia
- network/detection/ws_ftp-ssh-detect.yaml by @johnk3r
- ssl/wildcard-tls.yaml by @Lucky0x0D
- file/android/google-storage-bucket.yaml by @Thabisocn
New Contributors
- @5hank4r made their first contribution in #8086
- @fmunozs made their first contribution in #8240
- @fapami made their first contribution in #8246
- @zn9988 made their first contribution in #8216
- @joaonevess made their first contribution in #8274
- @danfaizer made their first contribution in #8287
- @sttlr made their first contribution in #8227
- @Thabisocn made their first contribution in #8289
- @jainiresh made their first contribution in #8286
- @CravateRouge made their first contribution in #8217
- @Osb0rn3 made their first contribution in #8322
- @thehlopster made their first contribution in #8252
Full Changelog: v9.6.4...v9.6.5
Contributors
flx, hotpot, and 33 other contributors
Assets 2
v9.6.4
🔥 Highlight of this release:
✅ [CVE-2023-41892] CraftCMS < 4.4.15 - Unauth Remote Code Execution (@iamnoooob,@rootxharsh,@pdresearch) [critical] 🔥
✅ [CVE-2023-30943] Moodle - Cross-Site Scripting/Remote Code Execution (@ritikchaddha) [medium] 🔥
✅ [CVE-2023-25573] Metersphere - Arbitrary File Read (@dhiyaneshdk) [high] 🔥
✅ [CVE-2023-2813] Wordpress Multiple Themes - Reflected Cross-Site Scripting (@dhiyaneshdk) [medium] 🔥
✅ [CVE-2022-0342] Zyxel - Authentication Bypass (@SleepingBag945,@powerexploit) [critical] 🔥
What's Changed
New Templates Added: 121
New CVEs Added: 10
First-time contributions: 3
- http/cves/2023/CVE-2023-41892.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- http/cves/2023/CVE-2023-39677.yaml by @meme-lord
- http/cves/2023/CVE-2023-39676.yaml by @meme-lord
- http/cves/2023/CVE-2023-37629.yaml by @harsh
- http/cves/2023/CVE-2023-30943.yaml by @ritikchaddha 🔥
- http/cves/2023/CVE-2023-4714.yaml by @Farish
- http/cves/2023/CVE-2023-2813.yaml by @dhiyaneshdk
- http/cves/2023/CVE-2023-25573.yaml by @dhiyaneshdk
- http/cves/2023/CVE-2023-22463.yaml by @dhiyaneshdk
- http/cves/2022/CVE-2022-0342.yaml by @SleepingBag945,@powerexploit 🔥
- http/cnvd/2023/CNVD-C-2023-76801.yaml by @SleepingBag945
- http/cnvd/2022/CNVD-2022-43245.yaml by @SleepingBag945
- http/cnvd/2021/CNVD-2021-33202.yaml by @SleepingBag945
- http/vulnerabilities/chanjet-tplus-rce.yaml by @SleepingBag945
- http/vulnerabilities/dbgate-unauth-rce.yaml by @H0j3n
- http/vulnerabilities/landray/landray-oa-sysSearchMain-editParam-rce.yaml by @SleepingBag945
- http/vulnerabilities/landray/landray-oa-treexml-rce.yaml by @tangxiaofeng7,@SleepingBag945
- http/vulnerabilities/other/aic-intelligent-password-exposure.yaml by @SleepingBag945
- http/vulnerabilities/other/cloud-oa-system-sqli.yaml by @SleepingBag945
- http/vulnerabilities/other/cmseasy-crossall-act-sqli.yaml by @SleepingBag945
- http/vulnerabilities/other/comai-ras-cookie-bypass.yaml by @SleepingBag945
- http/vulnerabilities/other/huiwen-bibliographic-info-leak.yaml by @SleepingBag945
- http/vulnerabilities/other/phpldapadmin-xss.yaml by @GodfatherOrwa,@herry
- http/vulnerabilities/other/sanhui-smg-file-read.yaml by @SleepingBag945
- http/vulnerabilities/other/seeyon-oa-log4j.yaml by @SleepingBag945
- http/vulnerabilities/other/zhixiang-oa-msglog-sqli.yaml by @SleepingBag945
- http/vulnerabilities/qax/secsslvpn-auth-bypass.yaml by @SleepingBag945
- http/vulnerabilities/realor/realor-gwt-system-sqli.yaml by @SleepingBag945
- http/vulnerabilities/ruijie/ruijie-nbr-fileupload.yaml by @SleepingBag945
- http/vulnerabilities/sangfor/sangfor-login-rce.yaml by @SleepingBag945
- http/vulnerabilities/secworld/secgate-3600-file-upload.yaml by @SleepingBag945
- http/vulnerabilities/seeyon/seeyon-config-exposure.yaml by @SleepingBag945
- http/vulnerabilities/seeyon/seeyon-createmysql-exposure.yaml by @SleepingBag945
- http/vulnerabilities/seeyon/seeyon-initdata-exposure.yaml by @SleepingBag945
- http/vulnerabilities/seeyon/seeyon-oa-fastjson-rce.yaml by @SleepingBag945
- http/vulnerabilities/seeyon/seeyon-oa-setextno-sqli.yaml by @SleepingBag945
- http/vulnerabilities/seeyon/seeyon-oa-sp2-file-upload.yaml by @SleepingBag945
- http/vulnerabilities/shiziyu-cms/shiziyu-cms-apicontroller-sqli.yaml by @SleepingBag945
- http/vulnerabilities/smartbi/smartbi-deserialization.yaml by @SleepingBag945
- http/vulnerabilities/spring/jolokia-logback-jndi-rce.yaml by @SleepingBag945
- http/vulnerabilities/tongda/tongda-action-uploadfile.yaml by @SleepingBag945
- http/vulnerabilities/tongda/tongda-api-file-upload.yaml by @SleepingBag945
- http/vulnerabilities/tongda/tongda-arbitrary-login.yaml by @SleepingBag945
- http/vulnerabilities/tongda/tongda-contact-list-exposure.yaml by @SleepingBag945
- http/vulnerabilities/tongda/tongda-getdata-rce.yaml by @SleepingBag945
- http/vulnerabilities/tongda/tongda-getway-rfi.yaml by @SleepingBag945,@pussycat0x
- http/vulnerabilities/tongda/tongda-insert-sqli.yaml by @SleepingBag945
- http/vulnerabilities/tongda/tongda-login-code-authbypass.yaml by @SleepingBag945
- http/vulnerabilities/tongda/tongda-meeting-unauth.yaml by @SleepingBag945
- http/vulnerabilities/tongda/tongda-oa-swfupload-sqli.yaml by @SleepingBag945
- http/vulnerabilities/tongda/tongda-report-func-sqli.yaml by @SleepingBag945
- http/vulnerabilities/tongda/tongda-video-file-read.yaml by @SleepingBag945
- http/vulnerabilities/topsec/topsec-topacm-rce.yaml by @SleepingBag945
- http/vulnerabilities/topsec/topsec-topapplb-auth-bypass.yaml by @SleepingBag945
- http/vulnerabilities/wanhu/wanhu-documentedit-sqli.yaml by @SleepingBag945
- http/vulnerabilities/wanhu/wanhu-download-ftp-file-read.yaml by @SleepingBag945
- http/vulnerabilities/wanhu/wanhu-download-old-file-read.yaml by @SleepingBag945
- http/vulnerabilities/wanhu/wanhu-oa-fileupload-controller-arbitrary-file-upload.yaml by @SleepingBag945
- http/vulnerabilities/wanhu/wanhu-teleconferenceservice-xxe.yaml by @SleepingBag945
- http/vulnerabilities/wanhu/wanhuoa-officeserverservlet-file-upload.yaml by @SleepingBag945
- http/vulnerabilities/wanhu/wanhuoa-smartupload-file-upload.yaml by @SleepingBag945
- http/vulnerabilities/weaver/ecology-jqueryfiletree-traversal.yaml by @SleepingBag945
- http/vulnerabilities/weaver/ecology-verifyquicklogin-auth-bypass.yaml by @SleepingBag945
- http/vulnerabilities/weaver/ecology/ecology-oa-byxml-xxe.yaml by @SleepingBag945
- http/vulnerabilities/weaver/weaver-checkserver-sqli.yaml by @SleepingBag945
- http/vulnerabilities/weaver/weaver-e-cology-validate-sqli.yaml by @SleepingBag945
- http/vulnerabilities/weaver/weaver-e-mobile-rce.yaml by @SleepingBag945
- http/vulnerabilities/weaver/weaver-ebridge-lfi.yaml by @SleepingBag945
- http/vulnerabilities/weaver/weaver-ecology-bshservlet-rce.yaml by @SleepingBag945
- http/vulnerabilities/weaver/weaver-ecology-getsqldata-sqli.yaml by @SleepingBag945
- http/vulnerabilities/weaver/weaver-ecology-hrmcareer-sqli.yaml by @SleepingBag945
- http/vulnerabilities/weaver/weaver-group-xml-sqli.yaml by @SleepingBag945
- http/vulnerabilities/weaver/weaver-jquery-file-upload.yaml by @SleepingBag945
- http/vulnerabilities/weaver/weaver-ktreeuploadaction-file-upload.yaml by @SleepingBag945
- http/vulnerabilities/weaver/weaver-lazyuploadify-file-upload.yaml by @SleepingBag945
- http/vulnerabilities/weaver/weaver-login-sessionkey.yaml by @SleepingBag945
- http/vulnerabilities/weaver/weaver-mysql-config-info-leak.yaml by @SleepingBag945
- http/vulnerabilities/weaver/weaver-office-server-file-upload.yaml by @SleepingBag945
- http/vulnerabilities/weaver/weaver-officeserver-lfi.yaml by @SleepingBag945
- http/vulnerabilities/weaver/weaver-signaturedownload-lfi.yaml by @SleepingBag945
- http/vulnerabilities/weaver/weaver-sptmforportalthumbnail-lfi.yaml by @SleepingBag945
- http/vulnerabilities/weaver/weaver-uploadify-file-upload.yaml by @SleepingBag945
- http/vulnerabilities/weaver/weaver-uploadoperation-file-upload.yaml by @SleepingBag945
- http/vulnerabilities/weaver/weaver-userselect-unauth.yaml by @SleepingBag945
- http/vulnerabilities/wechat/wechat-info-leak.yaml by @SleepingBag945
- http/vulnerabilities/yonyou/chanjet-gnremote-sqli.yaml by @SleepingBag945
- http/vulnerabilities/yonyou/chanjet-tplus-checkmutex-sqli.yaml by @unknown
- http/vulnerabilities/yonyou/chanjet-tplus-file-read.yaml by @SleepingBag945
- http/vulnerabilities/yonyou/chanjet-tplus-fileupload.yaml by @SleepingBag945
- http/vulnerabilities/yonyou/chanjet-tplus-ufida-sqli.yaml by @SleepingBag945
- http/vulnerabilities/yonyou/grp-u8-uploadfiledata-fileupload.yaml by @SleepingBag945
- http/vulnerabilities/yonyou/yonyou-fe-directory-traversal.yaml by @SleepingBag945
- http/vulnerabilities/yonyou/yonyou-filereceiveservlet-fileupload.yaml by @bjxsec
- http/vulnerabilities/yonyou/yonyou-grp-u8-xxe.yaml by @SleepingBag945
- http/vulnerabilities/yonyou/yonyou-nc-accept-fileupload.yaml by @SleepingBag945
- http/vulnerabilities/yonyou/yonyou-nc-baseapp-deserialization.yaml by @SleepingBag945
- http/vulnerabilities/yonyou/yonyou-nc-dispatcher-fileupload.yaml by @SleepingBag945
- http/vulnerabilities/yonyou/yonyou-nc-grouptemplet-fileupload.yaml by @SleepingBag945
- http/vulnerabilities/yonyou/yonyou-nc-info-leak.yaml by @SleepingBag945
- http/vulnerabilities/yonyou/yonyou-nc-ncmessageservlet-rce.yaml by @SleepingBag945
- http/vulnerabilities/yonyou/yonyou-u8-crm-fileupload.yaml by @SleepingBag945,@pussycat0x
- http/vulnerabilities/yonyou/yonyou-u8-crm-lfi.yaml by @SleepingBag945
- http/default-logins/d-link/dlink-centralized-default-login.yaml by @SleepingBag945
- http/default-logins/o2oa/o2oa-default-login.yaml by @SleepingBag945
- http/default-logins/others/aruba-instant-default-login.yaml by @SleepingBag945
- http/default-logins/others/ciphertrust-default-login.yaml by @SleepingBag945
- http/default-logins/others/cnzxsoft-default-login.yaml by @SleepingBag945
- http/default-logins/others/supershell-default-login.yaml by @SleepingBag945
- http/default-logins/seeyon/seeyon-a8-default-login.yaml by @SleepingBag945
- http/default-logins/seeyon/seeyon-monitor-default-login.yaml by @SleepingBag945
- http/default-logins/smartbi/smartbi-default-login.yaml by @SleepingBag945
- http/default-logins/wayos/ac-weak-login.yaml by @SleepingBag945
- http/misconfiguration/gitlab/gitlab-public-registration.yaml by @axrk
- http/exposed-panels/dbgate-panel.yaml by @H0j3n
- http/exposed-panels/phpldapadmin-panel.yaml by @ritikchaddha,@dhiyaneshdk
- http/exposed-panels/quilium-panel.yaml by @righettod
- http/exposed-panels/satis-repository.yaml by @FlorianMaak
- http/exposed-panels/symantec/symantec-phishing-panel.yaml by @andreluna
- http/osint/hackenproof.yaml by @philippedelteil
- http/osint/intigriti.yaml by @philippedelteil
- http/osint/yeswehack.yaml by @philippedelteil
New Contribut...
Contributors
herry, righettod, and 18 other contributors
Assets 2
v9.6.3
🔥 Highlight of this release:
✅ [CVE-2023-39361] Cacti 1.2.24 - SQL Injection (@ritikchaddha) [critical] 🔥
✅ [CVE-2023-36844] Juniper Devices - Remote Code Execution (@princechaddha,@ritikchaddha) [medium] 🔥
✅ [CVE-2023-34124] SonicWall GMS and Analytics Web Services - Shell Injection (@iamnoooob,@rootxharsh,@pdresearch) [critical] 🔥
✅ [CVE-2023-32563] Ivanti Avalanche - Remote Code Execution (@princechaddha) [critical] 🔥
✅ [CVE-2023-26469] Jorani 1.0.0 - Remote Code Execution (@pussycat0x) [critical] 🔥
✅ [CVE-2023-20073] Cisco VPN Routers - Unauthenticated Arbitrary File Upload (@princechaddha,@ritikchaddha) [critical] 🔥
✅ [CVE-2023-4634] Media Library Assistant < 3.09 - Remote Code Execution/Local File Inclusion (@Pepitoh,@ritikchaddha) [critical] 🔥
What's Changed
New Templates Added: 54
New CVEs Added: 21
First-time contributions: 6
- http/cves/2023/CVE-2023-39600.yaml by Imjust0
- http/cves/2023/CVE-2023-39598.yaml by Imjust0
- http/cves/2023/CVE-2023-39361.yaml by @ritikchaddha 🔥
- http/cves/2023/CVE-2023-38433.yaml by @AdnaneKhan
- http/cves/2023/CVE-2023-36844.yaml by @princechaddha, @ritikchaddha 🔥
- http/cves/2023/CVE-2023-34192.yaml by @ritikchaddha🔥
- http/cves/2023/CVE-2023-34124.yaml by @iamnoooob, @rootxharsh, @pdresearch 🔥
- http/cves/2023/CVE-2023-32563.yaml by @princechaddha 🔥
- http/cves/2023/CVE-2023-30150.yaml by @mastercho
- http/cves/2023/CVE-2023-27034.yaml by @mastercho
- http/cves/2023/CVE-2023-2648.yaml by @ritikchaddha
- http/cves/2023/CVE-2023-26469.yaml by @pussycat0x 🔥
- http/cves/2023/CVE-2023-20073.yaml by @princechaddha, @ritikchaddha 🔥
- http/cves/2023/CVE-2023-4634.yaml by @Pepitoh,@ritikchaddha 🔥
- http/cves/2022/CVE-2022-22897.yaml by @mastercho
- http/cves/2021/CVE-2021-46107.yaml by @ritikchaddha
- http/cves/2020/CVE-2020-11798.yaml by @ritikchaddha
- http/cves/2020/CVE-2020-10220.yaml by @ritikchaddha
- http/cves/2018/CVE-2018-17153.yaml by @dhiyaneshdk
- http/cves/2018/CVE-2018-15917.yaml by @ritikchaddha
- http/cves/2016/CVE-2016-10108.yaml by @dhiyaneshdk
- http/cnvd/2021/CNVD-2021-32799.yaml by @SleepingBag945
- http/vulnerabilities/hikvision/hikvision-fastjson-rce.yaml by @SleepingBag945
- http/vulnerabilities/hikvision/hikvision-ivms-file-upload-bypass.yaml by @SleepingBag945
- http/vulnerabilities/jorani/jorani-benjamin-xss.yaml by @ritikchaddha
- http/vulnerabilities/other/huatian-oa8000-sqli.yaml by @SleepingBag945
- http/vulnerabilities/other/kingdee-erp-rce.yaml by @SleepingBag945
- http/vulnerabilities/other/landray-oa-datajson-rce.yaml by @SleepingBag945
- http/vulnerabilities/prestashop/prestashop-apmarketplace-sqli.yaml by @mastercho
- http/vulnerabilities/weaver/eoffice/weaver-eoffice-file-upload.yaml by @princechaddha
- http/misconfiguration/ecology-info-leak.yaml by @qianbenhyu
- http/misconfiguration/mingyu-xmlrpc-sock-adduser.yaml by @SleepingBag945
- http/misconfiguration/missing-sri.yaml by @Lucky0x0D,@PulseSecurity.co.nz
- http/misconfiguration/nacos/nacos-create-user.yaml by @SleepingBag945
- http/misconfiguration/php-debugbar-exposure.yaml by @ritikchaddha,@pdteam
- http/exposures/apis/seafile-api.yaml by @righettod
- http/exposures/files/bun-lock.yaml by noraj
- http/takeovers/lemlist-takeover.yaml by kresec
- ssl/c2/mythic-c2-ssl.yaml by @johnk3r
- http/exposed-panels/aspcms-backend-panel.yaml by @SleepingBag945
- http/exposed-panels/dxplanning-panel.yaml by @righettod
- http/exposed-panels/greenbone-panel.yaml by @pbuff07
- http/exposed-panels/jorani-panel.yaml by @dhiyaneshdk
- http/exposed-panels/snapcomms-panel.yaml by @righettod
- http/miscellaneous/external-service-interaction.yaml by @andreluna
- http/miscellaneous/rdap-whois.yaml by @ricardomaia
- http/osint/gist.yaml by @philippedelteil
- http/technologies/burp-collaborator-detect.yaml by @lum8rjack
- http/technologies/honeypot-detect.yaml by @j4vaovo
- http/technologies/wordpress/plugins/pinterest-for-woocommerce.yaml by @ricardomaia
- http/technologies/wordpress/plugins/wp-reviews-plugin-for-google.yaml by @ricardomaia
- http/technologies/wordpress/plugins/wp-seopress.yaml by @ricardomaia
- http/token-spray/api-notolytix.yaml by @0xpugazh
- workflows/kev-workflow.yaml by @king-alexander
New Contributors
- @king-alexander made their first contribution in #8063
- @neriberto made their first contribution in #8105
- @andreluna made their first contribution in #8134
- @Laronax made their first contribution in #8156
- @AdnaneKhan made their first contribution in #8170
- @muthumohanprasath made their first contribution in #8180
Full Changelog: v9.6.2...v9.6.3
Contributors
neriberto, ricardomaia, and 23 other contributors