Releases: projectdiscovery/nuclei-templates
v9.6.3
🔥 Highlight of this release:
✅ [CVE-2023-39361] Cacti 1.2.24 - SQL Injection (@ritikchaddha) [critical] 🔥
✅ [CVE-2023-36844] Juniper Devices - Remote Code Execution (@princechaddha,@ritikchaddha) [medium] 🔥
✅ [CVE-2023-34124] SonicWall GMS and Analytics Web Services - Shell Injection (@iamnoooob,@rootxharsh,@pdresearch) [critical] 🔥
✅ [CVE-2023-32563] Ivanti Avalanche - Remote Code Execution (@princechaddha) [critical] 🔥
✅ [CVE-2023-26469] Jorani 1.0.0 - Remote Code Execution (@pussycat0x) [critical] 🔥
✅ [CVE-2023-20073] Cisco VPN Routers - Unauthenticated Arbitrary File Upload (@princechaddha,@ritikchaddha) [critical] 🔥
✅ [CVE-2023-4634] Media Library Assistant < 3.09 - Remote Code Execution/Local File Inclusion (@Pepitoh,@ritikchaddha) [critical] 🔥
What's Changed
New Templates Added: 54
New CVEs Added: 21
First-time contributions: 6
- http/cves/2023/CVE-2023-39600.yaml by Imjust0
- http/cves/2023/CVE-2023-39598.yaml by Imjust0
- http/cves/2023/CVE-2023-39361.yaml by @ritikchaddha 🔥
- http/cves/2023/CVE-2023-38433.yaml by @AdnaneKhan
- http/cves/2023/CVE-2023-36844.yaml by @princechaddha, @ritikchaddha 🔥
- http/cves/2023/CVE-2023-34192.yaml by @ritikchaddha🔥
- http/cves/2023/CVE-2023-34124.yaml by @iamnoooob, @rootxharsh, @pdresearch 🔥
- http/cves/2023/CVE-2023-32563.yaml by @princechaddha 🔥
- http/cves/2023/CVE-2023-30150.yaml by @mastercho
- http/cves/2023/CVE-2023-27034.yaml by @mastercho
- http/cves/2023/CVE-2023-2648.yaml by @ritikchaddha
- http/cves/2023/CVE-2023-26469.yaml by @pussycat0x 🔥
- http/cves/2023/CVE-2023-20073.yaml by @princechaddha, @ritikchaddha 🔥
- http/cves/2023/CVE-2023-4634.yaml by @Pepitoh,@ritikchaddha 🔥
- http/cves/2022/CVE-2022-22897.yaml by @mastercho
- http/cves/2021/CVE-2021-46107.yaml by @ritikchaddha
- http/cves/2020/CVE-2020-11798.yaml by @ritikchaddha
- http/cves/2020/CVE-2020-10220.yaml by @ritikchaddha
- http/cves/2018/CVE-2018-17153.yaml by @dhiyaneshdk
- http/cves/2018/CVE-2018-15917.yaml by @ritikchaddha
- http/cves/2016/CVE-2016-10108.yaml by @dhiyaneshdk
- http/cnvd/2021/CNVD-2021-32799.yaml by @SleepingBag945
- http/vulnerabilities/hikvision/hikvision-fastjson-rce.yaml by @SleepingBag945
- http/vulnerabilities/hikvision/hikvision-ivms-file-upload-bypass.yaml by @SleepingBag945
- http/vulnerabilities/jorani/jorani-benjamin-xss.yaml by @ritikchaddha
- http/vulnerabilities/other/huatian-oa8000-sqli.yaml by @SleepingBag945
- http/vulnerabilities/other/kingdee-erp-rce.yaml by @SleepingBag945
- http/vulnerabilities/other/landray-oa-datajson-rce.yaml by @SleepingBag945
- http/vulnerabilities/prestashop/prestashop-apmarketplace-sqli.yaml by @mastercho
- http/vulnerabilities/weaver/eoffice/weaver-eoffice-file-upload.yaml by @princechaddha
- http/misconfiguration/ecology-info-leak.yaml by @qianbenhyu
- http/misconfiguration/mingyu-xmlrpc-sock-adduser.yaml by @SleepingBag945
- http/misconfiguration/missing-sri.yaml by @Lucky0x0D,@PulseSecurity.co.nz
- http/misconfiguration/nacos/nacos-create-user.yaml by @SleepingBag945
- http/misconfiguration/php-debugbar-exposure.yaml by @ritikchaddha,@pdteam
- http/exposures/apis/seafile-api.yaml by @righettod
- http/exposures/files/bun-lock.yaml by noraj
- http/takeovers/lemlist-takeover.yaml by kresec
- ssl/c2/mythic-c2-ssl.yaml by @johnk3r
- http/exposed-panels/aspcms-backend-panel.yaml by @SleepingBag945
- http/exposed-panels/dxplanning-panel.yaml by @righettod
- http/exposed-panels/greenbone-panel.yaml by @pbuff07
- http/exposed-panels/jorani-panel.yaml by @dhiyaneshdk
- http/exposed-panels/snapcomms-panel.yaml by @righettod
- http/miscellaneous/external-service-interaction.yaml by @andreluna
- http/miscellaneous/rdap-whois.yaml by @ricardomaia
- http/osint/gist.yaml by @philippedelteil
- http/technologies/burp-collaborator-detect.yaml by @lum8rjack
- http/technologies/honeypot-detect.yaml by @j4vaovo
- http/technologies/wordpress/plugins/pinterest-for-woocommerce.yaml by @ricardomaia
- http/technologies/wordpress/plugins/wp-reviews-plugin-for-google.yaml by @ricardomaia
- http/technologies/wordpress/plugins/wp-seopress.yaml by @ricardomaia
- http/token-spray/api-notolytix.yaml by @0xpugazh
- workflows/kev-workflow.yaml by @king-alexander
New Contributors
- @king-alexander made their first contribution in #8063
- @neriberto made their first contribution in #8105
- @andreluna made their first contribution in #8134
- @Laronax made their first contribution in #8156
- @AdnaneKhan made their first contribution in #8170
- @muthumohanprasath made their first contribution in #8180
Full Changelog: v9.6.2...v9.6.3
v9.6.2
🔥 Highlight of this release:
[CVE-2023-38035] Ivanti Sentry - Authentication Bypass (@dhiyaneshdk,@iamnoooob,@rootxharsh) [critical] 🔥
[CVE-2022-47615] LearnPress Plugin < 4.2.0 - Local File Inclusion (@dhiyaneshdk) [critical] 🔥
[CVE-2022-46463] Harbor <=2.5.3 - Unauthorized Access (@arm!tage) [high] 🔥
[CVE-2022-39986] RaspAP 2.8.7 - Unauthenticated Command Injection (@dhiyaneshdk) [critical] 🔥
[CVE-2019-17662] ThinVNC 1.0b1 - Authentication Bypass (@dhiyaneshdk) [critical] 🔥
What's Changed
New Templates Added : 60
New CVEs Added: 15
First-time contributions: 7
- http/cves/2023/CVE-2023-39141.yaml by @dhiyaneshdk
- http/cves/2023/CVE-2023-38035.yaml by @dhiyaneshdk,@iamnoooob,@rootxharsh 🔥
- http/cves/2023/CVE-2023-4173.yaml by @momika233
- http/cves/2023/CVE-2023-3936.yaml by @luisfelipe146
- http/cves/2022/CVE-2022-47615.yaml by @dhiyaneshdk 🔥
- http/cves/2022/CVE-2022-46463.yaml by @arm!tage 🔥
- http/cves/2022/CVE-2022-39986.yaml by @dhiyaneshdk 🔥
- http/cves/2022/CVE-2022-1756.yaml by harsh
- http/cves/2021/CVE-2021-41460.yaml by @SleepingBag945
- http/cves/2021/CVE-2021-25065.yaml by harsh
- http/cves/2021/CVE-2021-24956.yaml by @ritikchaddha
- http/cves/2021/CVE-2021-24409.yaml by harsh
- http/cves/2019/CVE-2019-17662.yaml by @dhiyaneshdk 🔥
- http/cves/2019/CVE-2019-1898.yaml by @SleepingBag945
- http/cves/2015/CVE-2015-9323.yaml by Harsh
- http/cnvd/2023/CNVD-2023-08743.yaml by @SleepingBag945
- http/vulnerabilities/74cms/74cms-weixin-sqli.yaml by @SleepingBag945
- http/vulnerabilities/finereport/fine-report-v9-file-upload.yaml by @SleepingBag945
- http/vulnerabilities/jinhe/jinhe-oa-c6-lfi.yaml by @SleepingBag945
- http/vulnerabilities/other/apache-druid-log4j.yaml by @SleepingBag945
- http/vulnerabilities/other/aspcms-commentlist-sqli.yaml by @SleepingBag945
- http/vulnerabilities/other/caimore-gateway-rce.yaml by @momika233
- http/vulnerabilities/other/flir-ax8-rce.yaml by @momika233
- http/vulnerabilities/other/h3c-cvm-arbitrary-file-upload.yaml by @SleepingBag945
- http/vulnerabilities/other/hanta-rce.yaml by @momika233
- http/vulnerabilities/other/hikvision-isecure-center-rce.yaml by @SleepingBag945
- http/vulnerabilities/other/hongfan-ioffice-lfi.yaml by @SleepingBag945
- http/vulnerabilities/other/hongfan-ioffice-rce.yaml by @SleepingBag945
- http/vulnerabilities/other/hongfan-ioffice-sqli.yaml by @SleepingBag945
- http/vulnerabilities/other/landray-oa-erp-data-rce.yaml by @SleepingBag945
- http/vulnerabilities/other/maltrail-rce.yaml by @pussycat0x
- http/vulnerabilities/other/nacos-auth-bypass.yaml by @taielab,@pikpikcu,@SleepingBag945
- http/vulnerabilities/ruijie/ruijie-excu-shell.yaml by @momika233
- http/vulnerabilities/wordpress/wp-real-estate-xss.yaml by harsh
- http/misconfiguration/apache/apache-couchdb-unauth.yaml by @SleepingBag945
- http/misconfiguration/chatgpt-web-unauth.yaml by @SleepingBag945
- http/misconfiguration/feiyuxing-info-leak.yaml by @SleepingBag945
- http/misconfiguration/hikivision-env.yaml by @SleepingBag945
- http/misconfiguration/request-baskets-exposure.yaml by @dhiyaneshdk
- http/misconfiguration/unauth-redis-insight.yaml by @ggranjus
- http/default-logins/apache/kylin-default-login.yaml by @SleepingBag945
- http/default-logins/caimore/caimore-default-login.yaml by @pussycat0x
- http/default-logins/easyreport/easyreport-default-login.yaml by @SleepingBag945
- http/default-logins/feiyuxing/feiyuxing-default-login.yaml by @SleepingBag945
- http/default-logins/nacos/nacos-default-login.yaml by @SleepingBag945
- http/exposures/files/core-dump.yaml by @kazet
- http/exposed-panels/dell-bmc-panel-detect.yaml by @MegaManSec
- http/exposed-panels/ibm-openadmin-panel.yaml by @dhiyaneshdk
- http/exposed-panels/kasm-login-panel.yaml by @lum8rjack
- http/exposed-panels/maltrail-panel.yaml by @ritikchaddha
- http/exposed-panels/metasploit-panel.yaml by @lu4nx
- http/exposed-panels/navicat-server-panel.yaml by @ritikchaddha
- http/miscellaneous/defaced-website-detect.yaml by @ggranjus
- http/technologies/besu-server-detect.yaml by @nullfuzz
- http/technologies/erigon-server-detect.yaml by @nullfuzz
- http/technologies/geth-server-detect.yaml by @nullfuzz
- http/technologies/nethermind-server-detect.yaml by @nullfuzz
- network/jarm/c2/havoc-c2-jarm.yaml by @pussycat0x
- ssl/c2/havoc-c2.yaml by @pussycat0x
- http/osint/vampr.yaml by @MillerMedia
New Contributors
- @Lucky-Pulse made their first contribution in #7935
- @iamxhunt3r made their first contribution in #7943
- @Yoyoda75 made their first contribution in #7950
- @pphuahua made their first contribution in #7941
- @adrlsx made their first contribution in #8009
- @tstromberg made their first contribution in #8058
- @luisfelipe146 made their first contribution in #8064
Full Changelog: v9.6.1...v9.6.2
v9.6.1 [Malware Detection Templates]
What's Changed
This release introduces an extensive set of malware detection templates. These templates have been curated to facilitate the automated identification and categorization of various malware strains using file protocol.
New Templates Added: 198
New CVEs Added: 25
First-time contributions: 6
- http/cves/2023/CVE-2023-39143.yaml by @pdteam 🔥
- http/cves/2023/CVE-2023-39120.yaml by Numan Türle
- http/cves/2023/CVE-2023-37580.yaml by @ritikchaddha
- http/cves/2023/CVE-2023-35082.yaml by @dhiyaneshdk 🔥
- http/cves/2023/CVE-2023-32117.yaml by @dhiyaneshdk 🔥
- http/cves/2023/CVE-2023-26067.yaml by @dhiyaneshdk 🔥
- http/cves/2023/CVE-2023-22480.yaml by @dhiyaneshdk
- http/cves/2023/CVE-2023-22478.yaml by @dhiyaneshdk
- http/cves/2023/CVE-2023-4174.yaml by @momika233
- http/cves/2023/CVE-2023-1698.yaml by xianke
- http/cves/2022/CVE-2022-46443.yaml by Harsh
- http/cves/2022/CVE-2022-40843.yaml by @gy741
- http/cves/2022/CVE-2022-24384.yaml by E1A
- http/cves/2022/CVE-2022-2414.yaml by @dhiyaneshdk 🔥
- http/cves/2022/CVE-2022-0169.yaml by @ritikchaddha,@princechaddha
- http/cves/2021/CVE-2021-22707.yaml by @ritikchaddha,@dorkerdevil
- http/cves/2020/CVE-2020-28185.yaml by @pussycat0x
- http/cves/2019/CVE-2019-7192.yaml by @dhiyaneshdk 🔥
- http/cves/2019/CVE-2019-16057.yaml by @dhiyaneshdk
- http/cves/2019/CVE-2019-15642.yaml by @pussycat0x 🔥
- http/cves/2019/CVE-2019-14750.yaml by TenBird
- http/cves/2018/CVE-2018-7653.yaml by @ritikchaddha
- http/cves/2018/CVE-2018-18809.yaml by @dhiyaneshdk 🔥
- http/cves/2018/CVE-2018-12909.yaml by @dhiyaneshdk
- http/cves/2017/CVE-2017-8229.yaml by @pussycat0x
- http/cnvd/2021/CNVD-2021-43984.yaml by @dhiyaneshdk
- http/cnvd/2021/CNVD-2021-41972.yaml by @dhiyaneshdk
- http/vulnerabilities/bsphp-info.yaml by @ritikchaddha
- http/vulnerabilities/discuz/discuz-api-pathinfo.yaml by @ritikchaddha
- http/vulnerabilities/joomla/joomla-department-sqli.yaml by @ritikchaddha
- http/vulnerabilities/netmizer/netmizer-cmd-rce.yaml by @dhiyaneshdk
- http/vulnerabilities/netmizer/netmizer-data-listing.yaml by @dhiyaneshdk
- http/vulnerabilities/other/acti-video-lfi.yaml by @dhiyaneshdk
- http/vulnerabilities/other/avcon6-execl-lfi.yaml by @dhiyaneshdk
- http/vulnerabilities/other/avcon6-lfi.yaml by @dhiyaneshdk
- http/vulnerabilities/other/clodop-printer-lfi.yaml by @dhiyaneshdk
- http/vulnerabilities/other/crawlab-lfi.yaml by @pussycat0x
- http/vulnerabilities/other/eaa-app-lfi.yaml by @momika233
- http/vulnerabilities/other/easyimage-downphp-lfi.yaml by @dhiyaneshdk
- http/vulnerabilities/other/ecology-oa-file-sqli.yaml by @momika233
- http/vulnerabilities/other/kodak-network-lfi.yaml by @dhiyaneshdk
- http/vulnerabilities/other/lean-value-listing.yaml by @pussycat0x
- http/vulnerabilities/other/panabit-ixcache-rce.yaml by @momika233
- http/vulnerabilities/other/sangfor-cphp-rce.yaml by @dhiyaneshdk
- http/vulnerabilities/other/sangfor-download-lfi.yaml by @dhiyaneshdk
- http/vulnerabilities/other/sangfor-sysuser-conf.yaml by @dhiyaneshdk
- http/vulnerabilities/other/tamronos-user-creation.yaml by @pussycat0x
- http/vulnerabilities/other/wisegiga-nas-lfi.yaml by @pussycat0x
- http/vulnerabilities/wordpress/photo-gallery-xss.yaml by @ritikchaddha
- http/vulnerabilities/zzzcms/zzzcms-info-disclosure.yaml by @ritikchaddha
- http/vulnerabilities/zzzcms/zzzcms-ssrf.yaml by @ritikchaddha
- http/vulnerabilities/zzzcms/zzzcms-xss.yaml by @ritikchaddha
- http/vulnerabilities/apache/apache-solr-rce.yaml by @j4vaovo
- http/default-logins/bloofoxcms-default-login.yaml by @theamanrawat
- http/default-logins/openmediavault/openmediavault-default-login.yaml by @dhiyaneshdk
- http/default-logins/webmin-default-login.yaml by @pussycat0x
- http/exposures/files/socks5-vpn-config.yaml by @dhiyaneshdk
- http/misconfiguration/bitbucket-auth-bypass.yaml by @dhiyaneshdk
- http/misconfiguration/casdoor-users-password.yaml by @dhiyaneshdk
- http/misconfiguration/clickhouse-unauth-api.yaml by @dhiyaneshdk
- http/misconfiguration/installer/combodo-itop-installer.yaml by @dhiyaneshdk
- http/misconfiguration/installer/yzmcms-installer.yaml by @ritikchaddha
- http/misconfiguration/mobsf-framework-exposure.yaml by Shine
- http/misconfiguration/openstack-config.yaml by @MayankPandey01
- http/misconfiguration/oracle-reports-services.yaml by @dogasantos
- http/misconfiguration/sonarqube-projects-disclosure.yaml by @dhiyaneshdk
- http/exposed-panels/acenet-panel.yaml by @dhiyaneshdk
- http/exposed-panels/acti-panel.yaml by @dhiyaneshdk
- http/exposed-panels/bloofoxcms-login-panel.yaml by @theamanrawat
- http/exposed-panels/discuz-panel.yaml by @ritikchaddha
- http/exposed-panels/evlink/evlink-panel.yaml by @ritikchaddha
- http/exposed-panels/evlink/evse-web-panel.yaml by @ritikchaddha
- http/exposed-panels/kodak-network-panel.yaml by @dhiyaneshdk
- http/exposed-panels/mpsec-isg1000-panel.yaml by @dhiyaneshdk
- file/malware/aar-malware.yaml by @daffainfo
- file/malware/adzok-malware.yaml by @daffainfo
- file/malware/alfa-malware.yaml by @daffainfo
- file/malware/alienspy-malware.yaml by @daffainfo
- file/malware/alina-malware.yaml by @daffainfo
- file/malware/alpha-malware.yaml by @daffainfo
- file/malware/andromeda-malware.yaml by @daffainfo
- file/malware/ap0calypse-malware.yaml by @daffainfo
- file/malware/arcom-malware.yaml by @daffainfo
- file/malware/arkei-malware.yaml by @daffainfo
- file/malware/backoff-malware.yaml by @daffainfo
- file/malware/bandook-malware.yaml by @daffainfo
- file/malware/basicrat-malware.yaml by @daffainfo
- file/malware/blacknix-malware.yaml by @daffainfo
- file/malware/blackworm-malware.yaml by @daffainfo
- file/malware/bluebanana-malware.yaml by @daffainfo
- file/malware/bozok-malware.yaml by @daffainfo
- file/malware/bublik-malware.yaml by @daffainfo
- file/malware/cap-hookexkeylogger-malware.yaml by @daffainfo
- file/malware/cerber-malware.yaml by @daffainfo
- file/malware/cerberus-malware.yaml by @daffainfo
- file/malware/clientmesh-malware.yaml by @daffainfo
- file/malware/crimson-malware.yaml by @daffainfo
- file/malware/crunchrat-malware.yaml by @daffainfo
- file/malware/cryptxxx-dropper-malware.yaml by @daffainfo
- file/malware/cryptxxx-malware.yaml by @daffainfo
- file/malware/cxpid-malware.yaml by @daffainfo
- file/malware/cythosia-malware.yaml by @daffainfo
- file/malware/darkrat-malware.yaml by @daffainfo
- file/malware/ddostf-malware.yaml by @daffainfo
- file/malware/derkziel-malware.yaml by @daffainfo
- file/malware/dexter-malware.yaml by @daffainfo
- file/malware/diamondfox-malware.yaml by @daffainfo
- file/malware/dmalocker-malware.yaml by @daffainfo
- file/malware/doublepulsar-malware.yaml by @daffainfo
- file/malware/eicar-malware.yaml by @daffainfo
- file/malware/erebus-malware.yaml by @daffainfo
- file/malware/ezcob-malware.yaml by @daffainfo
- file/malware/fudcrypt-malware.yaml by @daffainfo
- file/malware/gafgyt-bash-malware.yaml by @daffainfo
- file/malware/gafgyt-generic-malware.yaml by @daffainfo
- file/malware/gafgyt-hihi-malware.yaml by @daffainfo
- file/malware/gafgyt-hoho-malware.yaml by @daffainfo
- file/malware/gafgyt-jackmy-malware.yaml by @daffainfo
- file/malware/gafgyt-oh-malware.yaml by @daffainfo
- file/malware/genome-malware.yaml by @daffainfo
- file/malware/glass-malware.yaml by @daffainfo
- file/malware/glasses-malware.yaml by @daffainfo
- file/malware/gozi-malware.yaml by @daffainfo
- file/malware/gpgqwerty-malware.yaml by @daffainfo
- file/malware/greame-malware.yaml by @daffainfo
- file/malware/grozlex-malware.yaml by @daffainfo
- file/malware/hawkeye-malware.yaml by @daffainfo
- file/malware/hydracrypt-malware.yaml by @daffainfo
- file/malware/imminent-malware.yaml by @daffainfo
- file/malware/infinity-malware.yaml by @daffainfo
- file/malware/insta11-malware.yaml by @daffainfo
- file/malware/intel-virtualization-malware.yaml by @daffainfo
- file/malware/iotreaper-malware.yaml by @daffainfo
- file/malware/linux-aesddos-malware.yaml by @daffainfo
- file/malware/linux-billgates-malware.yaml by @daffainfo
- file/malware/linux-elknot-malware.yaml by @daffainfo
- file/malware/linux-mrblack-malware.yaml by @daffainfo
- file/malware/linux-tsunami-malware.yaml by @daffainfo
- file/malware/locky-malware.yaml by @daffainfo
- file/malware/lostdoor-malware.yaml by @daffainfo
- file/malware/luminositylink-malware.yaml by @daffainfo
- file/malware/luxnet-malware.yaml by @daffainfo
- file/malware/macgyver-installer-malware.yaml by @daffainfo
- file/malware/macgyver-malware.yaml by @daffainfo
- file/malware/macos-bella-malware.yaml by @daffainfo
- file/malware/madness-malware.yaml by @daffainfo
- file/malware/miner--malware.yaml by @daffainfo
- file/malware/miniasp3-malware.yaml by @daffainfo
- file/malware/naikon-malware.yaml by @daffainfo
- file/malware/naspyupdate-malware.yaml by @daffainfo
- file/malware/notepad-malware.yaml by @daffainfo
- file/malware/olyx-malware.yaml by @daffainfo
- file/malware/osx-leverage-malware.yaml by @daffainfo
- file/malware/paradox-malware.yaml by @daffainfo
- file/malware/petya-malware-variant-1.yaml by @daffainfo
- file/malware/petya-malware-variant-3.yaml by @daffainfo
- file/malware/petya-malware-variant-bitcoin.yaml by @daffainfo
- file/malware/plasma-malware.yaml by @daffainfo
- file/malware/poetrat-malware.yaml by @daffainfo
- file/malware/pony-malware.yaml by @daffainfo
- file/malware/pony-stealer-malware.yaml by @daffainfo
- file/malware/powerware-malware.yaml by @daffainfo
- file/malware/pubsab-malware.yaml by @daffainfo
- file/malware/punisher-malware.yaml by @daffainfo
- file/malware/pypi-malware.yaml by @daffainfo
- file/malware/pythorat-malware.yaml by @daffainfo
- file/malware/qrat-malware.yaml by @daffainfo
- file/malware/satana-dropper-malware.yaml by @daffainfo
- file/malware/satana-malware.yaml by @daffainfo
...
v9.6.0
What's Changed
- Added CVE-2023-35078 (Ivanti EPMM - Authentication Bypass) by @parthmalhotra @ehsandeep in #7785
- Added CVE-2023-38646 (Metabase PreAuth RCE) by @iamnoooob @rootxharsh in #7777
- Added CVE-2023-37265, CVE-2023-37266 (CasaOS Authentication Bypass) by @DhiyaneshGeek in #7766
- Added CVE-2023-35885 (Cloudpanel 2 - Remote Code Execution) by @DhiyaneshGeek in #7771
- Added CVE-2023-37462 (XWiki Platform - Remote Code Execution) by @parthmalhotra in #7738
- Added CVE-2023-38205 by @DhiyaneshGeek in #7727
- Added CVE-2023-23161 by @ctflearner in #7742
- Added CVE-2023-3836 by @HuTa0kj in #7768
- Added CVE-2023-3765 by @DhiyaneshGeek in #7732
- Added CVE-2023-2178 by @ritikchaddha in #7760
- Added CVE-2022-23102 by @ctflearner in #7449
- Added CVE-2021-44139 by @DhiyaneshGeek in #7759
- Added CVE-2021-27670 by @ritikchaddha in #7761
- Added CVE-2018-20608 by @ritikchaddha in #7765
- Added CVE-2012-4032 by @ctflearner in #7435
- Added elasticsearch-default-login by @DhiyaneshGeek in #7754
- Added jupyter-notebook-rce by @HuTa0kj in #7716
- Added skype-blind-ssrf by @DhiyaneshGeek in #7726
- Added springboot-detect by @MillerMedia in #7659
- Added tongda-online-user-login by @HuTa0kj in #7715
- Alibaba Anyproxy fetchBody File Path Traversal by @DhiyaneshGeek in #7779
- Added NginxWebUI ≤ 3.5.0 runCmd - Remote Command Execution by @DhiyaneshGeek in #7778
- Added booked-export-csv by @DhiyaneshGeek in #7755
- Added casaos-detect by @ehsandeep in #7747
- Added casaos-panel by @DhiyaneshGeek in #7733
- Added cisco-smart-software-manager-on-prem by @Zinkuth in #7776
- Added MobileIron Sentry Panel detection by @ehsandeep in #7772
New Contributors
- @yaabdala made their first contribution in #7722
- @HuTa0kj made their first contribution in #7715
- @professorabhay made their first contribution in #7697
- @Zinkuth made their first contribution in #7776
Full Changelog: v9.5.8...v9.5.9
v9.5.8 [JARM-based C2 Server Detection Templates]
🔥 Highlight of this release:
This release adds a collection of C2 server detection templates. These templates can be used for automating the identification and classification of various C2 servers based on their JARM fingerprints.
- network/jarm/c2/cobalt-strike-c2-jarm.yaml by @pussycat0x
- network/jarm/c2/covenant-c2-jarm.yaml by @pussycat0x
- network/jarm/c2/deimos-c2-jarm.yaml by @pussycat0x
- network/jarm/c2/evilginx2-jarm.yaml by @pussycat0x
- network/jarm/c2/grat2-c2-jarm.yaml by @pussycat0x
- network/jarm/c2/mac-c2-jarm.yaml by @pussycat0x
- network/jarm/c2/macshell-c2-jarm.yaml by @pussycat0x
- network/jarm/c2/merlin-c2-jarm.yaml by @pussycat0x
- network/jarm/c2/metasploit-c2-jarm.yaml by @pussycat0x
- network/jarm/c2/mythic-c2-jarm.yaml by @pussycat0x
- network/jarm/c2/posh-c2-jarm.yaml by @pussycat0x
- network/jarm/c2/shad0w-c2-jarm.yaml by @pussycat0x
- network/jarm/c2/silenttrinity-c2-jarm.yaml by @pussycat0x
- network/jarm/c2/sliver-c2-jarm.yaml by @pussycat0x
What's Changed
New Templates Added : 113
New CVEs Added: 9
- http/cves/2023/CVE-2023-37270.yaml by @ritikchaddha
- http/cves/2023/CVE-2023-28665.yaml by Aaban SOlutions,@harsh
- http/cves/2023/CVE-2023-23491.yaml by @ritikchaddha
- http/cves/2023/CVE-2023-3460.yaml by @dhiyaneshdk 🔥
- http/cves/2023/CVE-2023-3345.yaml by @dhiyaneshdk
- http/cves/2023/CVE-2023-1546.yaml by Harsh
- http/cves/2023/CVE-2023-0448.yaml by @ritikchaddha
- http/cves/2020/CVE-2020-17463.yaml by @Thirukrishnan
- http/cves/2017/CVE-2017-7925.yaml by @E1A,none
- http/default-logins/yealink/yealink-default-login.yaml by parzival
- http/exposed-panels/anaqua-login-panel.yaml by @Ep1cSage
- http/exposures/tokens/beamer/beamer-token.yaml by @dhiyaneshdk
- http/exposures/tokens/bitbucket/bitbucket-clientid.yaml by @dhiyaneshdk
- http/exposures/tokens/bitbucket/bitbucket-clientsecret.yaml by @dhiyaneshdk
- http/exposures/tokens/bittrex/bittrex-accesskey.yaml by @dhiyaneshdk
- http/exposures/tokens/bittrex/bittrex-secretkey.yaml by @dhiyaneshdk
- http/exposures/tokens/clojars/clojars-token.yaml by @dhiyaneshdk
- http/exposures/tokens/codecov/codecov-accesstoken.yaml by @dhiyaneshdk
- http/exposures/tokens/coinbase/coinbase-accesstoken.yaml by @dhiyaneshdk
- http/exposures/tokens/confluent/confluent-accesstoken.yaml by @dhiyaneshdk
- http/exposures/tokens/confluent/confluent-secretkey.yaml by @dhiyaneshdk
- http/exposures/tokens/contentful/contentful-token.yaml by @dhiyaneshdk
- http/exposures/tokens/databricks/databricks-token.yaml by @dhiyaneshdk
- http/exposures/tokens/datadog/datadog-accesstoken.yaml by @dhiyaneshdk
- http/exposures/tokens/discord/discord-clientid.yaml by @dhiyaneshdk
- http/exposures/tokens/discord/discord-clientsecret.yaml by @dhiyaneshdk
- http/exposures/tokens/discord/discord-token.yaml by @dhiyaneshdk
- http/exposures/tokens/doppler/doppler-token.yaml by @dhiyaneshdk
- http/exposures/tokens/droneci/droneci-accesstoken.yaml by @dhiyaneshdk
- http/exposures/tokens/dropbox/dropbox-long-token.yaml by @dhiyaneshdk
- http/exposures/tokens/dropbox/dropbox-short-token.yaml by @dhiyaneshdk
- http/exposures/tokens/dropbox/dropbox-token.yaml by @dhiyaneshdk
- http/exposures/tokens/duffel/duffel-token.yaml by @dhiyaneshdk
- http/exposures/tokens/easypost/easypost-testtoken.yaml by @dhiyaneshdk
- http/exposures/tokens/easypost/easypost-token.yaml by @dhiyaneshdk
- http/exposures/tokens/etsy/etsy-accesstoken.yaml by @dhiyaneshdk
- http/exposures/tokens/facebook/facebook-token.yaml by @dhiyaneshdk
- http/exposures/tokens/fastly/fastly-token.yaml by @dhiyaneshdk
- http/exposures/tokens/finicity/finicity-clientsecret.yaml by @dhiyaneshdk
- http/exposures/tokens/finicity/finicity-token.yaml by @dhiyaneshdk
- http/exposures/tokens/finnhub/finnhub-accesstoken.yaml by @dhiyaneshdk
- http/exposures/tokens/flickr/flickr-accesstoken.yaml by @dhiyaneshdk
- http/exposures/tokens/flutter/flutterwave-encryptionkey.yaml by @dhiyaneshdk
- http/exposures/tokens/flutter/flutterwave-publickey.yaml by @dhiyaneshdk
- http/exposures/tokens/flutter/flutterwave-secretkey.yaml by @dhiyaneshdk
- http/exposures/tokens/frameio/frameio-token.yaml by @dhiyaneshdk
- http/exposures/tokens/freshbooks/freshbooks-accesstoken.yaml by @dhiyaneshdk
- http/exposures/tokens/gitter/gitter-token.yaml by @dhiyaneshdk
- http/exposures/tokens/gocardless/gocardless-token.yaml by @dhiyaneshdk
- http/exposures/tokens/grafana/grafana-cloud-token.yaml by @dhiyaneshdk
- http/exposures/tokens/grafana/grafana-key.yaml by @dhiyaneshdk
- http/exposures/tokens/grafana/grafana-serviceaccount-token.yaml by @dhiyaneshdk
- http/exposures/tokens/hashicorp/hashicorp-token.yaml by @dhiyaneshdk
- http/exposures/tokens/zendesk/zendesk-key.yaml by @dhiyaneshdk
- network/jarm/c2/cobalt-strike-c2-jarm.yaml by @pussycat0x
- network/jarm/c2/covenant-c2-jarm.yaml by @pussycat0x
- network/jarm/c2/deimos-c2-jarm.yaml by @pussycat0x
- network/jarm/c2/evilginx2-jarm.yaml by @pussycat0x
- network/jarm/c2/grat2-c2-jarm.yaml by @pussycat0x
- network/jarm/c2/mac-c2-jarm.yaml by @pussycat0x
- network/jarm/c2/macshell-c2-jarm.yaml by @pussycat0x
- network/jarm/c2/merlin-c2-jarm.yaml by @pussycat0x
- network/jarm/c2/metasploit-c2-jarm.yaml by @pussycat0x
- network/jarm/c2/mythic-c2-jarm.yaml by @pussycat0x
- network/jarm/c2/posh-c2-jarm.yaml by @pussycat0x
- network/jarm/c2/shad0w-c2-jarm.yaml by @pussycat0x
- network/jarm/c2/silenttrinity-c2-jarm.yaml by @pussycat0x
- network/jarm/c2/sliver-c2-jarm.yaml by @pussycat0x
- http/miscellaneous/spnego-detect.yaml by @lady_bug,ruppde
- http/technologies/graylog/graylog-api-exposure.yaml by Arqsz
- file/keys/beamer-api-token.yaml by @dhiyaneshdk
- file/keys/bitbucket/bitbucket-client-id.yaml by @dhiyaneshdk
- file/keys/bitbucket/bitbucket-client-secret.yaml by @dhiyaneshdk
- file/keys/bittrex/bittrex-access-key.yaml by @dhiyaneshdk
- file/keys/bittrex/bittrex-secret-key.yaml by @dhiyaneshdk
- file/keys/clojars-api-token.yaml by @dhiyaneshdk
- file/keys/codecov-access-token.yaml by @dhiyaneshdk
- file/keys/coinbase-access-token.yaml by @dhiyaneshdk
- file/keys/confluent/confluent-access-token.yaml by @dhiyaneshdk
- file/keys/confluent/confluent-secret-token.yaml by @dhiyaneshdk
- file/keys/contentful-api-token.yaml by @dhiyaneshdk
- file/keys/databricks-api-token.yaml by @dhiyaneshdk
- file/keys/datadog-access-token.yaml by @dhiyaneshdk
- file/keys/discord/discord-api-token.yaml by @dhiyaneshdk
- file/keys/discord/discord-cilent-secret.yaml by @dhiyaneshdk
- file/keys/discord/discord-client-id.yaml by @dhiyaneshdk
- file/keys/doppler-api-token.yaml by @dhiyaneshdk
- file/keys/droneci-access-token.yaml by @dhiyaneshdk
- file/keys/dropbox/dropbox-api-token.yaml by @dhiyaneshdk
- file/keys/dropbox/dropbox-longlived-token.yaml by @dhiyaneshdk
- file/keys/dropbox/dropbox-shortlived-token.yaml by @dhiyaneshdk
- file/keys/duffel-api-token.yaml by @dhiyaneshdk
- file/keys/easypost/easypost-api-token.yaml by @dhiyaneshdk
- file/keys/easypost/easypost-test-token.yaml by @dhiyaneshdk
- file/keys/etsy-access-token.yaml by @dhiyaneshdk
- file/keys/facebook/facebook-api-token.yaml by @dhiyaneshdk
- file/keys/fastly-api-token.yaml by @dhiyaneshdk
- file/keys/finicity/finicity-api-token.yaml by @dhiyaneshdk
- file/keys/finicity/finicity-client-secret.yaml by @dhiyaneshdk
- file/keys/finnhub-access-token.yaml by @dhiyaneshdk
- file/keys/flickr-access-token.yaml by @dhiyaneshdk
- file/keys/flutter/flutterwave-encryption-key.yaml by @dhiyaneshdk
- file/keys/flutter/flutterwave-public-key.yaml by @dhiyaneshdk
- file/keys/flutter/flutterwave-secret-key.yaml by @dhiyaneshdk
- file/keys/frameio-api-token.yaml by @dhiyaneshdk
- file/keys/freshbooks-access-token.yaml by @dhiyaneshdk
- file/keys/gitter-access-token.yaml by @dhiyaneshdk
- file/keys/gocardless-api-token.yaml by @dhiyaneshdk
- file/keys/grafana/grafana-api-key.yaml by @dhiyaneshdk
- file/keys/grafana/grafana-cloud-api-token.yaml by @dhiyaneshdk
- file/keys/grafana/grafana-service-account-token.yaml by @dhiyaneshdk
- file/keys/hashicorp-api-token.yaml by @dhiyaneshdk
- file/keys/zendesk-secret-key.yaml by @dhiyaneshdk
New Contributors
- @MalavikaSK made their first contribution in #6514
- @FreeZeroDays made their first contribution in #7691
- @bob-the-builder-v made their first contribution in #7602
- @Thirukrishnan made their first contribution in #7705
- @TheArqsz made their first contribution in #6963
Full Changelog: v9.5.7...v9.5.8
v9.5.7
What's Changed
- Added CVE-2023-29300 by @iamnoooob @rootxharsh in #7682
- Added CVE-2023-29298 by @iamnoooob @rootxharsh in #7677
- Added CVE-2023-2796 by @DhiyaneshGeek in #7665
- Added CVE-2023-2982 by @ritikchaddha in #7576
- Added CVE-2023-3479 by @edoardottt in #7649
- Added CVE-2023-24489 by @DhiyaneshGeek in #7664
- Added CVE-2023-33338 by @harsh2403 in #7570
- Added CVE-2023-33440 by @harsh2403 in #7539
- Added CVE-2022-4057 by @DhiyaneshGeek in #7678
- Added CVE-2022-40127 by @DhiyaneshGeek in #6135
- Added CVE-2022-45354 by @DhiyaneshGeek in #7671
- Added CVE-2022-46071 by @harsh2403 in #7579
- Added CVE-2016-10973 by @harsh2403 in #7537
- Added CVE-2019-17574 by @DhiyaneshGeek in #7679
- Added d-link-auth-bypass.yaml by @gy741 in #7645
- Added sonarqube-default-credentials by @dcruzec in #7672
- Added sharefile-storage-server.yaml by @DhiyaneshGeek in #7661
- Added sharefile-panel.yaml by @DhiyaneshGeek in #7668
- Added prometheus-promtail.yaml by @DhiyaneshGeek in #7666
- Added vercel-takeover.yaml by @brianlam38 in #7674
- Added rhadamanthys-stealer-panel.yaml by @ritikchaddha in #7647
New Contributors
- @brianlam38 made their first contribution in #7674
- @E1A made their first contribution in #7654
- @dcruzec made their first contribution in #7672
- @dongpohezui made their first contribution in #7657
- @aringo-bf made their first contribution in #7656
Full Changelog: v9.5.6...v9.5.7
v9.5.6
What's Changed
- Added CVE-2023-36934 (MOVEit Transfer - SQL Injection) by @iamnoooob @rootxharsh in #7650
- Added CVE-2022-46073 (Helmet Store Showroom - XSS) by @harsh2403 in #7580
- Added Sunbird DCIM Detection by @bhutch in #7643
Full Changelog: v9.5.5...v9.5.6
v9.5.5
What's Changed
🔥 Highlights of this release:
[CVE-2023-30777] Advanced Custom Fields < 6.1.6 - Cross-Site Scripting (@r3y3r53) [medium] 🔥
[CVE-2023-28121] WooCommerce Payments - Unauthorized Admin Access (@dhiyaneshdk) [critical] 🔥
[CVE-2023-2822] Ellucian Ethos Identity CAS - Cross-Site Scripting (@guax1) [medium] 🔥
[CVE-2023-0297] PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE) (@MrHarshvardhan,@dhiyaneshdk) [critical] 🔥
[CVE-2022-4295] Show all comments < 7.0.1 - Cross-Site Scripting (@r3y3r53) [medium] 🔥
New Templates Added: 90
New CVEs Added: 41
- http/cves/2023/CVE-2023-36346.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-36289.yaml by @theamanrawat
- http/cves/2023/CVE-2023-36287.yaml by @theamanrawat
- http/cves/2023/CVE-2023-33439.yaml by @harsh
- http/cves/2023/CVE-2023-30777.yaml by @r3Y3r53 🔥
- http/cves/2023/CVE-2023-30256.yaml by @theamanrawat
- http/cves/2023/CVE-2023-2822.yaml by @Guax1 🔥
- http/cves/2023/CVE-2023-28121.yaml by @dhiyaneshdk 🔥
- http/cves/2023/CVE-2023-2272.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-2252.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-2023.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-1890.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-1835.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-1730.yaml by @theamanrawat
- http/cves/2023/CVE-2023-0514.yaml by @r3Y3r53
- http/cves/2023/CVE-2023-0297.yaml by @MrHarshvardhan, @dhiyaneshdk 🔥
- http/cves/2022/CVE-2022-44952.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-44951.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-44950.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-44949.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-44948.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-44947.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-44946.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-44944.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-43185.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-43170.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-43169.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-43167.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-43166.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-43165.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-43164.yaml by @r3Y3r53
- http/cves/2022/CVE-2022-4295.yaml by @r3Y3r53 🔥
- http/cves/2020/CVE-2020-35987.yaml by @r3Y3r53
- http/cves/2020/CVE-2020-35986.yaml by @r3Y3r53
- http/cves/2020/CVE-2020-35985.yaml by @r3Y3r53
- http/cves/2020/CVE-2020-35984.yaml by @r3Y3r53
- http/cves/2020/CVE-2020-19515.yaml by @theamanrawat
- http/cves/2019/CVE-2019-8390.yaml by @theamanrawat
- http/cves/2019/CVE-2019-14789.yaml by @r3Y3r53
- http/cves/2018/CVE-2018-6530.yaml by @gy741
- http/cves/2012/CVE-2012-5321.yaml by @ctflearner
- http/cnvd/2022/CNVD-2022-86535.yaml by @arliya,@ritikchaddha
- http/vulnerabilities/other/sitemap-sql-injection.yaml by @aravind
- http/vulnerabilities/wordpress/contus-video-gallery-sqli.yaml by @theamanrawat
- http/vulnerabilities/wordpress/leaguemanager-sql-injection.yaml by @theamanrawat
- http/vulnerabilities/wordpress/notificationx-sqli.yaml by @theamanrawat
- http/vulnerabilities/wordpress/zero-spam-sql-injection.yaml by @theamanrawat
- http/default-logins/esafenet-cdg-default-login.yaml by @chesterblue
- http/default-logins/leostream/leostream-default-login.yaml by @bhutch
- http/default-logins/pyload/pyload-default-login.yaml by @dhiyaneshdk
- http/misconfiguration/proxy/open-proxy-external.yaml by @gtrrnr
- http/misconfiguration/unauth-temporal-web-ui.yaml by @ggranjus
- network/misconfig/apache-dubbo-unauth.yaml by @j4vaovo
- network/misconfig/apache-rocketmq-broker-unauth.yaml by @j4vaovo
- http/exposures/configs/collibra-properties.yaml by @0xpugazh
- http/exposures/files/pnpm-lock.yaml by @noraj
- http/exposures/tokens/adafruit/adafruit-api-key.yaml by @dhiyaneshdk
- http/exposures/tokens/adobe/adobe-client-id.yaml by @dhiyaneshdk
- http/exposures/tokens/airtable/airtable-api-key.yaml by @dhiyaneshdk
- http/exposures/tokens/algolia/algolia-api-key.yaml by @dhiyaneshdk
- http/exposures/tokens/alibaba/alibaba-accesskey-id.yaml by @dhiyaneshdk
- http/exposures/tokens/alibaba/alibaba-secretkey-id.yaml by @dhiyaneshdk
- http/exposures/tokens/asana/asana-client-id.yaml by @dhiyaneshdk
- http/exposures/tokens/asana/asana-client-secret.yaml by @dhiyaneshdk
- http/exposures/tokens/atlassian-token.yaml by @dhiyaneshdk
- http/exposed-panels/arangodb-web-Interface.yaml by @pussycat0x
- http/exposed-panels/arcserve-panel.yaml by @dhiyaneshdk
- http/exposed-panels/c2/hookbot-rat.yaml by @pussycat0x
- http/exposed-panels/c2/mystic-stealer.yaml by @pussycat0x
- http/exposed-panels/cloudpanel-login.yaml by @dhiyaneshdk
- http/exposed-panels/dell-idrac.yaml by @kazet
- http/exposed-panels/efak-login-panel.yaml by @irshad ahamed
- http/exposed-panels/pritunl-panel.yaml by @irshad ahamed
- http/exposed-panels/pyload-panel.yaml by @dhiyaneshdk
- http/exposed-panels/qdpm-login-panel.yaml by @theamanrawat
- http/exposed-panels/shell-box.yaml by @irshad ahamed
- http/exposed-panels/untangle-admin-login.yaml by @irshad ahamed
- http/exposed-panels/uptime-kuma-panel.yaml by @irshad ahamed
- file/keys/adafruit-key.yaml by @dhiyaneshdk
- file/keys/adobe/adobe-client.yaml by @dhiyaneshdk
- file/keys/airtable-key.yaml by @dhiyaneshdk
- file/keys/algolia-key.yaml by @dhiyaneshdk
- file/keys/alibaba/alibaba-key-id.yaml by @dhiyaneshdk
- file/keys/alibaba/alibaba-secret-id.yaml by @dhiyaneshdk
- file/keys/asana/asana-clientid.yaml by @dhiyaneshdk
- file/keys/asana/asana-clientsecret.yaml by @dhiyaneshdk
- file/keys/atlassian/atlassian-api-token.yaml by @dhiyaneshdk
- file/webshell/asp-webshell.yaml by @lu4nx
- file/webshell/jsp-webshell.yaml by @lu4nx
- file/webshell/php-webshell.yaml by @lu4nx
New Contributors
- @ghoeffner made their first contribution in #7603
- @mosesrenegade made their first contribution in #7604
- @ErikOwen made their first contribution in #7344
- @Marcuccio made their first contribution in #7614
- @Armandhe-China made their first contribution in #6405
- @aravindb26 made their first contribution in #7372
Full Changelog: v9.5.4...v9.5.5
v9.5.4
What's Changed
New Templates Added : 51
New CVEs Added: 26
- http/cves/2023/CVE-2023-35844.yaml by @dwisiswant0 🔥
- http/cves/2023/CVE-2023-35843.yaml by @dwisiswant0
- http/cves/2023/CVE-2023-34843.yaml by @dhiyaneshdk
- http/cves/2023/CVE-2023-34659.yaml by @ritikchaddha
- http/cves/2023/CVE-2023-34599.yaml by @ritikchaddha
- http/cves/2023/CVE-2023-34598.yaml by @dhiyaneshdk
- http/cves/2023/CVE-2023-34537.yaml by @harsh
- http/cves/2023/CVE-2023-33510.yaml by @dhiyaneshdk
- http/cves/2023/CVE-2023-31548.yaml by @harsh
- http/cves/2023/CVE-2023-30019.yaml by @dhiyaneshdk
- http/cves/2023/CVE-2023-27372.yaml by @dhiyaneshdk,@nuts7 🔥
- http/cves/2023/CVE-2023-26843.yaml by @harsh
- http/cves/2023/CVE-2023-26842.yaml by @harsh
- http/cves/2023/CVE-2023-25346.yaml by @harsh
- http/cves/2023/CVE-2023-24488.yaml by @johnk3r 🔥
- http/cves/2023/CVE-2023-20889.yaml by @iamnoooob,@rootxharsh,@pdresearch
- http/cves/2023/CVE-2023-20888.yaml by @iamnoooob,@rootxharsh,@pdresearch
- http/cves/2023/CVE-2023-1496.yaml by @pdteam
- http/cves/2023/CVE-2023-1454.yaml by @dhiyaneshdk 🔥
- http/cves/2023/CVE-2023-0563.yaml by @harsh
- http/cves/2023/CVE-2023-0562.yaml by @harsh
- http/cves/2023/CVE-2023-0527.yaml by @harsh
- http/cves/2023/CVE-2023-0126.yaml by @tess
- http/cves/2022/CVE-2022-40022.yaml by @dhiyaneshdk
- http/cves/2021/CVE-2021-46704.yaml by @dhiyaneshdk
- http/cves/2012/CVE-2012-6499.yaml by @ctflearner
- http/cnvd/2020/CNVD-2020-63964.yaml by @brucelsone
- http/vulnerabilities/hikvision-ivms-file-upload-rce.yaml by @brucelsone
- http/vulnerabilities/kkfileview-ssrf.yaml by @arm!tage
- http/vulnerabilities/vbulletin/arcade-php-sqli.yaml by @mastercho
- http/misconfiguration/codeigniter-errorpage.yaml by @j4vaovo
- http/misconfiguration/genieacs-default-jwt.yaml by @dhiyaneshdk,@pussycat0x
- http/misconfiguration/grav-register-admin.yaml by @dhiyaneshdk
- http/misconfiguration/installer/spip-install.yaml by @dhiyaneshdk
- http/misconfiguration/odoo-unprotected-database.yaml by @pdteam
- network/enumeration/psql-user-enum.yaml by @pussycat0x
- network/misconfig/unauth-psql.yaml by @pussycat0x
- http/exposed-panels/axxon-client-panel.yaml by @irshadahamed
- http/exposed-panels/jsherp-boot-panel.yaml by @dhiyaneshdk
- http/exposed-panels/openbullet2-panel.yaml by @mastercho
- http/exposed-panels/syncserver-panel.yaml by @dhiyaneshdk
- http/exposed-panels/wd-mycloud-panel.yaml by @dhiyaneshdk
- http/exposures/configs/aws-config.yaml by @m4lwhere
- http/exposures/configs/aws-credentials.yaml by @m4lwhere
- http/technologies/wordpress/plugins/wp-rollback.yaml by @ricardomaia
- file/nodejs/admzip-path-overwrite.yaml by @me_dheeraj (https://twitter.com/Dheerajmadhukar)
- file/nodejs/express-lfr.yaml by @me_dheeraj (https://twitter.com/Dheerajmadhukar)
- file/nodejs/generic-path-traversal.yaml by @me_dheeraj (https://twitter.com/Dheerajmadhukar)
- file/nodejs/tar-path-overwrite.yaml by @me_dheeraj (https://twitter.com/Dheerajmadhukar)
- file/nodejs/xss-serialize-javascript.yaml by @me_dheeraj (https://twitter.com/Dheerajmadhukar)
- file/nodejs/zip-path-overwrite.yaml by @me_dheeraj (https://twitter.com/Dheerajmadhukar)
New Contributors
- @m4lwhere made their first contribution in #7272
- @harsh2403 made their first contribution in #7530
- @vershinind made their first contribution in #7232
Full Changelog: v9.5.3...v9.5.4
v9.5.3
🔥 Highlights of this release:
✅ [CVE-2023-34362] MOVEit Transfer - Remote Code Execution (@princechaddha,@rootxharsh,@ritikchaddha,@pdresearch) [critical]
✅ [CVE-2023-34960] Chamilo Command Injection (@dhiyaneshdk) [high]
✅ [CVE-2023-33246] RocketMQ <= 5.1.0 - Remote Code Execution (@iamnoooob,@rootxharsh,@pdresearch) [critical]
✅ [CVE-2023-25157] GeoServer OGC Filter - SQL Injection (@ritikchaddha,@dhiyaneshdk,@iamnoooob,@rootxharsh) [critical]
✅ [CVE-2023-23333] SolarView Compact 6.00 - OS Command Injection (@Mr-xn) [critical]
✅ [CVE-2023-20887] VMware VRealize Network Insight - Remote Code Execution (@sinsinology) [critical]
✅ [CVE-2022-23544] MeterSphere < 2.5.0 SSRF (@j4vaovo) [medium]
✅ [CVE-2022-24706] CouchDB Erlang Distribution - Remote Command Execution (@Mzack9999,@pussycat0x) [critical]
✅ [CVE-2017-12617] Apache Tomcat - Remote Code Execution (@pussycat0x) [high]
✅ [CVE-2016-6195] vBulletin <= 4.2.3 - SQL Injection (@mastercho) [high]
What's Changed
New Templates Added: 62
New CVEs Added: 28
- http/cves/2023/CVE-2023-34960.yaml by @dhiyaneshdk 🔥
- http/cves/2023/CVE-2023-34362.yaml by @princechaddha,@rootxharsh,@ritikchaddha,@pdresearch 🔥
- http/cves/2023/CVE-2023-33568.yaml by @dhiyaneshdk
- http/cves/2023/CVE-2023-25157.yaml by @ritikchaddha,@dhiyaneshdk,@iamnoooob,@rootxharsh 🔥
- http/cves/2023/CVE-2023-24243.yaml by @ritikchaddha
- http/cves/2023/CVE-2023-23333.yaml by @Mr-xn 🔥
- http/cves/2023/CVE-2023-20887.yaml by @sinsinology 🔥
- http/cves/2023/CVE-2023-0630.yaml by @dhiyaneshdk
- http/cves/2022/CVE-2022-23544.yaml by @j4vaovo 🔥
- http/cves/2022/CVE-2022-0869.yaml by @ctflearner
- http/cves/2021/CVE-2021-44138.yaml by carrot2
- http/cves/2021/CVE-2021-24647.yaml by @dhiyaneshdk
- http/cves/2019/CVE-2019-1943.yaml by @bhutch
- http/cves/2019/CVE-2019-10098.yaml by @ctflearner
- http/cves/2017/CVE-2017-12617.yaml by @pussycat0x 🔥
- http/cves/2016/CVE-2016-6195.yaml by @mastercho 🔥
- http/cves/2013/CVE-2013-2621.yaml by @ctflearner
- http/cves/2012/CVE-2012-4982.yaml by @ctflearner
- http/cves/2011/CVE-2011-5252.yaml by @ctflearner
- http/cves/2010/CVE-2010-1586.yaml by @ctflearner
- http/cves/2009/CVE-2009-0347.yaml by @ctflearner
- http/cves/2008/CVE-2008-7269.yaml by @ctflearner
- http/cves/2008/CVE-2008-1547.yaml by @ctflearner
- http/cves/2005/CVE-2005-3634.yaml by @ctflearner
- http/cves/2004/CVE-2004-1965.yaml by @ctflearner
- http/cves/2001/CVE-2001-0537.yaml by @dhiyaneshdk
- network/cves/2022/CVE-2022-24706.yaml by @Mzack9999,@pussycat0x 🔥
- network/cves/2023/CVE-2023-33246.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
- http/vulnerabilities/nuxt/nuxt-js-lfi.yaml by @dhiyaneshdk
- http/vulnerabilities/nuxt/nuxt-js-semi-lfi.yaml by @dhiyaneshdk
- http/vulnerabilities/nuxt/nuxt-js-xss.yaml by @dhiyaneshdk
- http/vulnerabilities/other/epp-server-lfi.yaml by @dhiyaneshdk
- http/misconfiguration/bravia-signage.yaml by @dhiyaneshdk
- http/misconfiguration/symfony-fragment.yaml by Palanichamy_perumal,TechbrunchFR
- http/default-logins/riello/netman-default-login.yaml by @mabdullah22
- http/exposed-panels/c2/brute-ratel-c4.yaml by @pussycat0x
- http/exposed-panels/c2/empire-c2.yaml by @pussycat0x
- http/exposed-panels/c2/evilginx.yaml by @pussycat0x
- http/exposed-panels/c2/nh-c2.yaml by @pussycat0
- http/exposed-panels/c2/viper-c2.yaml by @pussycat0x
- http/exposed-panels/cryptobox-panel.yaml by @righettod
- http/exposed-panels/iclock-admin-panel.yaml by @deFr0ggy
- http/exposed-panels/rancher-dashboard.yaml by @ritikchaddha
- http/miscellaneous/crypto-mining-malware.yaml by @geeknik
- ssl/c2/asyncrat-c2.yaml by @johnk3r
- ssl/c2/bitrat-c2.yaml by @pussycat0x
- ssl/c2/covenant-c2-ssl.yaml by @pussycat0x
- ssl/c2/dcrat-server-c2.yaml by @pussycat0x
- ssl/c2/gozi-malware.yaml by @pussycat0x
- ssl/c2/icedid.yaml by @pussycat0x
- ssl/c2/orcus-rat-c2.yaml by @pussycat0x
- ssl/c2/posh-c2.yaml by @pussycat0x
- ssl/c2/quasar-rat-c2.yaml by @johnk3r,@pussycat0x
- ssl/c2/shadowpad-c2.yaml by @pussycat0x
- http/technologies/magento-eol.yaml by @dogancanbakir
- http/technologies/magento-version-detect.yaml by @sullo,@dogancanbakir
- http/technologies/openproject-detect.yaml by @ricardomaia
- http/technologies/phplist-detect.yaml by @ricardomaia
- http/technologies/wordpress/plugins/breeze.yaml by @ricardomaia
- http/technologies/wordpress/plugins/fast-indexing-api.yaml by @ricardomaia
- http/osint/facebook-page.yaml by @gpiechnik2
- http/osint/stackoverflow.yaml by @lu4nx
New Contributors
- @6mile made their first contribution in #7367
- @impalanichamy made their first contribution in #7121
- @ctflearner made their first contribution in #7381
- @carr0t2 made their first contribution in #7369
- @sinsinology made their first contribution in #7405
- @gpiechnik2 made their first contribution in #7396
- @mabdullah22 made their first contribution in #7390
- @AgnellusX1 made their first contribution in #7416
Full Changelog: v9.5.2...v9.5.3