projectdiscovery/nuclei-templates v9.5.1

on GitHub

🔥 Highlights of this release:

✅ [CVE-2023-32243] WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset (@dhiyaneshdk) [critical]
✅ [CVE-2023-29923] PowerJob <=4.3.2 - Unauthenticated Access (@For3stCo1d) [medium]
✅ [CVE-2023-25717] Ruckus Wireless Admin - Remote Code Execution (@parthmalhotra,@pdresearch) [critical]
✅ [CVE-2023-2825] GitLab 16.0.0 - Path Traversal (@dhiyaneshdk,@rootxharsh,@iamnoooob,@pdresearch) [critical]
✅ [CVE-2023-2732] MStore API <= 3.9.2 - Authentication Bypass (@dhiyaneshdk) [critical]
✅ [CVE-2021-39165] Cachet <=2.3.18 - SQL Injection (@tess) [high]
✅ [CVE-2020-29583] ZyXel USG - Hardcoded Credentials (@canberbamber) [critical]
✅ [CVE-2020-1956] Apache Kylin 3.0.1 - Command Injection Vulnerability (@iamnoooob,@rootxharsh,@pdresearch) [high]
✅ [CVE-2016-3510] Oracle WebLogic Server - Remote Code Execution (@iamnoooob,@rootxharsh,@pdresearch) [critical]

What's Changed

New Templates Added: 56
New CVEs Added: 23

• http/cves/2023/CVE-2023-32243.yaml by @DhiyaneshDK 🔥
• http/cves/2023/CVE-2023-29923.yaml by @For3stCo1d 🔥
• http/cves/2023/CVE-2023-29919.yaml by @For3stCo1d
• http/cves/2023/CVE-2023-29887.yaml by @ctflearner
• http/cves/2023/CVE-2023-27482.yaml by @DhiyaneshDK
• http/cves/2023/CVE-2023-25717.yaml by @parthmalhotra,@pdresearch 🔥
• http/cves/2023/CVE-2023-2825.yaml by @DhiyaneshDk,@rootxharsh,@iamnoooob,@pdresearch 🔥
• http/cves/2023/CVE-2023-2780.yaml by @iamnoooob,@pdresearch
• http/cves/2023/CVE-2023-2732.yaml by @DhiyaneshDK 🔥
• http/cves/2023/CVE-2023-2356.yaml by @Co5mos
• http/cves/2023/CVE-2023-1434.yaml by @DhiyaneshDK
• http/cves/2022/CVE-2022-22733.yaml by @zeyad Azima
• http/cves/2022/CVE-2022-2733.yaml by @ctflearner
• http/cves/2021/CVE-2021-39165.yaml by @tess 🔥
• http/cves/2021/CVE-2021-37305.yaml by @ritikchaddha
• http/cves/2021/CVE-2021-37304.yaml by @ritikchaddha
• http/cves/2021/CVE-2021-24435.yaml by @xcapri,@ritikchaddha
• http/cves/2020/CVE-2020-29583.yaml by @canberbamber 🔥
• http/cves/2020/CVE-2020-1956.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
• http/cves/2016/CVE-2016-4437.yaml by @iamnoooob,@rootxharsh,@pdresearch
• network/cves/2020/CVE-2020-11981.yaml by @pussycat0x
• network/cves/2017/CVE-2017-5645.yaml by @princechaddha
• network/cves/2016/CVE-2016-3510.yaml by @iamnoooob,@rootxharsh,@pdresearch 🔥
• http/cnvd/2023/CNVD-2023-12632.yaml by @daffainfo
• http/vulnerabilities/avtech/avtech-auth-bypass.yaml by @ritikchaddha
• http/vulnerabilities/avtech/avtech-dvr-ssrf.yaml by @ritikchaddha
• http/vulnerabilities/avtech/avtech-unauth-file-download.yaml by @ritikchaddha
• http/vulnerabilities/avtech/avtech-verification-bypass.yaml by @ritikchaddha
• http/vulnerabilities/weaver/ecology/ecology-mysql-config.yaml by @ritikchaddha
• http/vulnerabilities/zyxel/unauth-ztp-ping.yaml by @DMartyn
• http/misconfiguration/aem/aem-secrets.yaml by @boobooHQ,@j3ssie
• http/misconfiguration/ibm-websphere-xml.yaml by @r3nz0
• http/misconfiguration/sitecore-lfi.yaml by @DhiyaneshDK
• http/misconfiguration/teslamate-unauth-access.yaml by @For3stCo1d
• http/exposures/apis/jeecg-boot-swagger.yaml by @ritikchaddha
• http/exposures/configs/blazor-boot.yaml by @freakyclown
• http/exposures/configs/config-properties.yaml by @j4vaovo,@DhiyaneshDK
• http/exposures/tokens/azure/azure-connection.yaml by @DhiyaneshDK
• http/exposures/tokens/digitalocean/digital-ocean-personal-token.yaml by @DhiyaneshDK
• http/exposures/tokens/digitalocean/digitalocean-app-token.yaml by @DhiyaneshDK
• http/exposures/tokens/digitalocean/digitalocean-refresh.yaml by @DhiyaneshDK
• http/exposures/tokens/figma/figma-personal-token.yaml by @DhiyaneshDK
• http/exposed-panels/axway-api-manager-panel.yaml by @johnk3r
• http/exposed-panels/fortinet/fortinet-fortiddos-panel.yaml by @johnk3r
• http/exposed-panels/interactsoftware-interact.yaml by @righettod
• http/exposed-panels/isams-panel.yaml by @righettod
• http/exposed-panels/odoo-panel.yaml by @DhiyaneshDK
• http/exposed-panels/repetier-server-panel.yaml by @ritikchaddha
• http/exposed-panels/sauter-moduwebvision-panel.yaml by @righettod
• http/exposed-panels/shardingsphere-panel.yaml by @DhiyaneshDk
• ssl/insecure-cipher-suite-detect.yaml by @pussycat0x
• file/keys/azure/azure-connection-string.yaml by @DhiyaneshDK
• file/keys/digitalocean/digitalocean-access-token.yaml by @DhiyaneshDK
• file/keys/digitalocean/digitalocean-personal-access.yaml by @DhiyaneshDK
• file/keys/digitalocean/digitalocean-refresh-token.yaml by @DhiyaneshDK
• file/keys/figma-access-token.yaml by @DhiyaneshDK

New Contributors

• @ricardojba made their first contribution in #7221
• @PR05A1C made their first contribution in #7250
• @Zeyad-Azima made their first contribution in #7212
• @MillerMedia made their first contribution in #7264
• @waltersagehorn-praetorian made their first contribution in #7282
• @jub0bs made their first contribution in #7266
• @dm-ct made their first contribution in #7174
• @xcapri made their first contribution in #5615
• @mastercho made their first contribution in #7124
• @ruben-condor made their first contribution in #7304

Full Changelog: v9.5.0...v9.5.1