projectdiscovery/nuclei-templates v9.6.3

on GitHub

🔥 Highlight of this release:

✅ [CVE-2023-39361] Cacti 1.2.24 - SQL Injection (@ritikchaddha) [critical] 🔥
✅ [CVE-2023-36844] Juniper Devices - Remote Code Execution (@princechaddha,@ritikchaddha) [medium] 🔥
✅ [CVE-2023-34124] SonicWall GMS and Analytics Web Services - Shell Injection (@iamnoooob,@rootxharsh,@pdresearch) [critical] 🔥
✅ [CVE-2023-32563] Ivanti Avalanche - Remote Code Execution (@princechaddha) [critical] 🔥
✅ [CVE-2023-26469] Jorani 1.0.0 - Remote Code Execution (@pussycat0x) [critical] 🔥
✅ [CVE-2023-20073] Cisco VPN Routers - Unauthenticated Arbitrary File Upload (@princechaddha,@ritikchaddha) [critical] 🔥
✅ [CVE-2023-4634] Media Library Assistant < 3.09 - Remote Code Execution/Local File Inclusion (@Pepitoh,@ritikchaddha) [critical] 🔥

What's Changed

New Templates Added: 54

New CVEs Added: 21

First-time contributions: 6

• http/cves/2023/CVE-2023-39600.yaml by Imjust0
• http/cves/2023/CVE-2023-39598.yaml by Imjust0
• http/cves/2023/CVE-2023-39361.yaml by @ritikchaddha 🔥
• http/cves/2023/CVE-2023-38433.yaml by @AdnaneKhan
• http/cves/2023/CVE-2023-36844.yaml by @princechaddha, @ritikchaddha 🔥
• http/cves/2023/CVE-2023-34192.yaml by @ritikchaddha🔥
• http/cves/2023/CVE-2023-34124.yaml by @iamnoooob, @rootxharsh, @pdresearch 🔥
• http/cves/2023/CVE-2023-32563.yaml by @princechaddha 🔥
• http/cves/2023/CVE-2023-30150.yaml by @mastercho
• http/cves/2023/CVE-2023-27034.yaml by @mastercho
• http/cves/2023/CVE-2023-2648.yaml by @ritikchaddha
• http/cves/2023/CVE-2023-26469.yaml by @pussycat0x 🔥
• http/cves/2023/CVE-2023-20073.yaml by @princechaddha, @ritikchaddha 🔥
• http/cves/2023/CVE-2023-4634.yaml by @Pepitoh,@ritikchaddha 🔥
• http/cves/2022/CVE-2022-22897.yaml by @mastercho
• http/cves/2021/CVE-2021-46107.yaml by @ritikchaddha
• http/cves/2020/CVE-2020-11798.yaml by @ritikchaddha
• http/cves/2020/CVE-2020-10220.yaml by @ritikchaddha
• http/cves/2018/CVE-2018-17153.yaml by @dhiyaneshdk
• http/cves/2018/CVE-2018-15917.yaml by @ritikchaddha
• http/cves/2016/CVE-2016-10108.yaml by @dhiyaneshdk
• http/cnvd/2021/CNVD-2021-32799.yaml by @SleepingBag945
• http/vulnerabilities/hikvision/hikvision-fastjson-rce.yaml by @SleepingBag945
• http/vulnerabilities/hikvision/hikvision-ivms-file-upload-bypass.yaml by @SleepingBag945
• http/vulnerabilities/jorani/jorani-benjamin-xss.yaml by @ritikchaddha
• http/vulnerabilities/other/huatian-oa8000-sqli.yaml by @SleepingBag945
• http/vulnerabilities/other/kingdee-erp-rce.yaml by @SleepingBag945
• http/vulnerabilities/other/landray-oa-datajson-rce.yaml by @SleepingBag945
• http/vulnerabilities/prestashop/prestashop-apmarketplace-sqli.yaml by @mastercho
• http/vulnerabilities/weaver/eoffice/weaver-eoffice-file-upload.yaml by @princechaddha
• http/misconfiguration/ecology-info-leak.yaml by @qianbenhyu
• http/misconfiguration/mingyu-xmlrpc-sock-adduser.yaml by @SleepingBag945
• http/misconfiguration/missing-sri.yaml by @Lucky0x0D,@PulseSecurity.co.nz
• http/misconfiguration/nacos/nacos-create-user.yaml by @SleepingBag945
• http/misconfiguration/php-debugbar-exposure.yaml by @ritikchaddha,@pdteam
• http/exposures/apis/seafile-api.yaml by @righettod
• http/exposures/files/bun-lock.yaml by noraj
• http/takeovers/lemlist-takeover.yaml by kresec
• ssl/c2/mythic-c2-ssl.yaml by @johnk3r
• http/exposed-panels/aspcms-backend-panel.yaml by @SleepingBag945
• http/exposed-panels/dxplanning-panel.yaml by @righettod
• http/exposed-panels/greenbone-panel.yaml by @pbuff07
• http/exposed-panels/jorani-panel.yaml by @dhiyaneshdk
• http/exposed-panels/snapcomms-panel.yaml by @righettod
• http/miscellaneous/external-service-interaction.yaml by @andreluna
• http/miscellaneous/rdap-whois.yaml by @ricardomaia
• http/osint/gist.yaml by @philippedelteil
• http/technologies/burp-collaborator-detect.yaml by @lum8rjack
• http/technologies/honeypot-detect.yaml by @j4vaovo
• http/technologies/wordpress/plugins/pinterest-for-woocommerce.yaml by @ricardomaia
• http/technologies/wordpress/plugins/wp-reviews-plugin-for-google.yaml by @ricardomaia
• http/technologies/wordpress/plugins/wp-seopress.yaml by @ricardomaia
• http/token-spray/api-notolytix.yaml by @0xPugazh
• workflows/kev-workflow.yaml by @king-alexander

New Contributors

• @king-alexander made their first contribution in #8063
• @neriberto made their first contribution in #8105
• @andreluna made their first contribution in #8134
• @Laronax made their first contribution in #8156
• @AdnaneKhan made their first contribution in #8170
• @muthumohanprasath made their first contribution in #8180

Full Changelog: v9.6.2...v9.6.3