Merge branch 'main' into add-missing-token

.github/workflows/syntax-checking.yml

@@ -9,6 +9,7 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    if: github.repository == 'projectdiscovery/nuclei-templates'
     steps:
       - uses: actions/checkout@v4
       - name: Yamllint

.github/workflows/template-sign.yml

@@ -11,6 +11,7 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    if: github.repository == 'projectdiscovery/nuclei-templates'
     steps:
       - uses: actions/checkout@v4
         with: 

.github/workflows/template-validate.yml

@@ -9,6 +9,7 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    if: github.repository == 'projectdiscovery/nuclei-templates'
     steps:
       - uses: actions/checkout@v4
         with: 

.github/workflows/templates-stats.yml

@@ -9,6 +9,7 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    if: github.repository == 'projectdiscovery/nuclei-templates'
     steps:
       - uses: actions/checkout@v4
         with: 

.github/workflows/templates-sync.yml

@@ -9,6 +9,7 @@ on:
     - 'http/cves/2023/CVE-2023-42344.yaml'
     - 'http/cves/2023/CVE-2023-45671.yaml'
     - 'http/cves/2023/CVE-2023-48777.yaml'
+    - 'http/cves/2023/CVE-2023-6895.yaml'
     - 'http/cves/2024/CVE-2024-0305.yaml'
     - 'http/cves/2024/CVE-2024-0713.yaml'
     - 'http/cves/2024/CVE-2024-1021.yaml'
@@ -25,7 +26,9 @@ on:
     - 'http/default-logins/ibm/ibm-dcec-default-login.yaml'
     - 'http/default-logins/ibm/ibm-dsc-default-login.yaml'
     - 'http/default-logins/ibm/ibm-hmc-default-login.yaml'
+    - 'http/default-logins/ibm/imm-default-login.yaml'
     - 'http/exposed-panels/c2/meduza-stealer.yaml'
+    - 'http/exposed-panels/cisco-unity-panel.yaml'
     - 'http/exposed-panels/connectwise-panel.yaml'
     - 'http/exposed-panels/fortinet/fortiauthenticator-detect.yaml'
     - 'http/exposed-panels/ibm/ibm-dcec-panel.yaml'
@@ -38,6 +41,7 @@ on:
     - 'http/exposed-panels/opinio-panel.yaml'
     - 'http/exposed-panels/rocketchat-panel.yaml'
     - 'http/exposures/configs/sphinxsearch-config.yaml'
+    - 'http/misconfiguration/cloudflare-rocketloader-htmli.yaml'
     - 'http/misconfiguration/installer/connectwise-setup.yaml'
     - 'http/technologies/ibm/ibm-decision-runner.yaml'
     - 'http/technologies/ibm/ibm-decision-server-runtime.yaml'
@@ -49,6 +53,7 @@ on:
   workflow_dispatch:
 jobs:
   triggerRemoteWorkflow:
+    if: github.repository == 'projectdiscovery/nuclei-templates'
     runs-on: ubuntu-latest
     steps:
     - name: Trigger Remote Workflow with curl

.github/workflows/wordpress-plugins-update.yml

@@ -6,6 +6,7 @@ on:
 jobs:
   Update:
     runs-on: ubuntu-latest
+    if: github.repository == 'projectdiscovery/nuclei-templates'
     steps:
       - name: Check out repository code
         uses: actions/checkout@v4

.new-additions

@@ -4,6 +4,7 @@ http/cves/2023/CVE-2023-38203.yaml
 http/cves/2023/CVE-2023-42344.yaml
 http/cves/2023/CVE-2023-45671.yaml
 http/cves/2023/CVE-2023-48777.yaml
+http/cves/2023/CVE-2023-6895.yaml
 http/cves/2024/CVE-2024-0305.yaml
 http/cves/2024/CVE-2024-0713.yaml
 http/cves/2024/CVE-2024-1021.yaml
@@ -20,7 +21,9 @@ http/default-logins/ibm/ibm-dcbc-default-login.yaml
 http/default-logins/ibm/ibm-dcec-default-login.yaml
 http/default-logins/ibm/ibm-dsc-default-login.yaml
 http/default-logins/ibm/ibm-hmc-default-login.yaml
+http/default-logins/ibm/imm-default-login.yaml
 http/exposed-panels/c2/meduza-stealer.yaml
+http/exposed-panels/cisco-unity-panel.yaml
 http/exposed-panels/connectwise-panel.yaml
 http/exposed-panels/fortinet/fortiauthenticator-detect.yaml
 http/exposed-panels/ibm/ibm-dcec-panel.yaml
@@ -33,6 +36,7 @@ http/exposed-panels/openvas-panel.yaml
 http/exposed-panels/opinio-panel.yaml
 http/exposed-panels/rocketchat-panel.yaml
 http/exposures/configs/sphinxsearch-config.yaml
+http/misconfiguration/cloudflare-rocketloader-htmli.yaml
 http/misconfiguration/installer/connectwise-setup.yaml
 http/technologies/ibm/ibm-decision-runner.yaml
 http/technologies/ibm/ibm-decision-server-runtime.yaml

.nuclei-ignore

@@ -32,3 +32,6 @@ files:
   - http/cves/2020/CVE-2020-28351.yaml
   - http/vulnerabilities/oracle/oracle-ebs-xss.yaml
   - http/cves/2021/CVE-2021-28164.yaml
+  - http/fuzzing/wordpress-themes-detect.yaml
+  - http/fuzzing/mdb-database-file.yaml
+  - http/fuzzing/iis-shortname.yaml

code/cves/2019/CVE-2019-14287.yaml

@@ -9,11 +9,22 @@ info:
   reference:
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287
     - https://www.exploit-db.com/exploits/47502
+    - http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html
+    - http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html
+    - http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.8
+    cve-id: CVE-2019-14287
+    cwe-id: CWE-755
+    epss-score: 0.34299
+    epss-percentile: 0.96958
+    cpe: cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
   metadata:
     verified: true
     max-request: 2
-    vendor: canonical
-    product: ubuntu_linux
+    vendor: sudo_project
+    product: sudo
   tags: cve,cve2019,sudo,code,linux,privesc,local,canonical
 
 self-contained: true
@@ -36,4 +47,4 @@ code:
           - '!contains(code_1_response, "root")'
           - 'contains(code_2_response, "root")'
         condition: and
-# digest: 4b0a00483046022100f4f8e722b5f42a0123c6f1f8f54ac645f9d05fcd3cfef40c38b610291978a5e00221009d44ff15e4eea65e3fcb18aeece52355879b009f9a7246c145abdaf23807e2ea:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402205d953c6f0c1352f39f1035d518dc38cffe2165dfb1f4ddd270434e7dbb790c1102200423935d03c0eafff4702b083c0d5da821affb591901209cd6d087644114abdf:922c64590222798bb761d5b6d8e72950

code/cves/2021/CVE-2021-3156.yaml

@@ -10,8 +10,20 @@ info:
     - https://medium.com/mii-cybersec/privilege-escalation-cve-2021-3156-new-sudo-vulnerability-4f9e84a9f435
     - https://blog.qualys.com/vulnerabilities-threat-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
     - https://infosecwriteups.com/baron-samedit-cve-2021-3156-tryhackme-76d7dedc3cff
+    - http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
+    - http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
+  classification:
+    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 7.8
+    cve-id: CVE-2021-3156
+    cwe-id: CWE-193
+    epss-score: 0.97085
+    epss-percentile: 0.99752
+    cpe: cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
   metadata:
     verified: true
+    vendor: sudo_project
+    product: sudo
   tags: cve,cve2021,sudo,code,linux,privesc,local,kev
 
 self-contained: true
@@ -28,4 +40,4 @@ code:
           - "malloc(): memory corruption"
           - "Aborted (core dumped)"
         condition: and
-# digest: 490a00463044022074b8ca1a10aca438432f3b6e55023b9c80357eb5a6f2ac795774b7d44e85188e02201a3af75f86a975548121afe1ab1faf6ade2d1e89d05200b4e6990e97af56af36:922c64590222798bb761d5b6d8e72950
+# digest: 490a004630440220494a1c88897c9697f8d55a15b5ba0990a64225974efa03ca485ae5ebe4c2bcf0022019eb5fcd9dd61429f3964b64b263aec23e0193b30d695284d275818b9c38812d:922c64590222798bb761d5b6d8e72950

code/cves/2023/CVE-2023-2640.yaml

@@ -21,8 +21,8 @@ info:
     cvss-score: 7.8
     cve-id: CVE-2023-2640
     cwe-id: CWE-863
-    epss-score: 0.00047
-    epss-percentile: 0.14754
+    epss-score: 0.00174
+    epss-percentile: 0.53697
     cpe: cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*
   metadata:
     verified: true
@@ -54,4 +54,4 @@ code:
           - '!contains(code_1_response, "(root)")'
           - 'contains(code_2_response, "(root)")'
         condition: and
-# digest: 4a0a00473045022100a20c4d30517d6bd96f1a97d3fca9e29bd1f686eeb9192a3f503a5bddffeda9fe022020188e4f25e79706197eab61598d64679c02828a0aedf7f496b5fbe14707ec90:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100b7d65ed4d77da164c62392e9367361cd521cd12c1746e27d4865c7913b4250910220243bd991082f86b48587a9ec336c51a545db1464e12ebbbfc0ee5128bc2cb27f:922c64590222798bb761d5b6d8e72950

code/cves/2023/CVE-2023-4911.yaml

@@ -10,16 +10,21 @@ info:
     - https://nvd.nist.gov/vuln/detail/CVE-2023-4911
     - https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
     - https://www.youtube.com/watch?v=1iV-CD9Apn8
+    - http://www.openwall.com/lists/oss-security/2023/10/05/1
+    - http://www.openwall.com/lists/oss-security/2023/10/13/11
   classification:
     cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 7.8
     cve-id: CVE-2023-4911
-    cwe-id: CWE-787
-    cpe: cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*
+    cwe-id: CWE-787,CWE-122
+    epss-score: 0.0171
+    epss-percentile: 0.87439
+    cpe: cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
-    vendor: glibc
-  tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local
+    vendor: gnu
+    product: glibc
+  tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local,kev
 
 self-contained: true
 code:
@@ -34,4 +39,4 @@ code:
       - type: word
         words:
           - "139"     # Segmentation Fault Exit Code
-# digest: 4a0a004730450220420ab1d35c89225b917a344669e743fa83b79698910c4f87a5124f2dfaae54cd022100d122ece9eaba7f9bfc32d229e79d56b127da02ce4e5cf4034ecebfd9da56a9a2:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100f0ab74cd6ae5323c4a571e6c858cbbb8ced3b3b2b8dbb8d8c65b380a03a28f8302203aced1de4878bced98bb7d6bd296b9187a2d4795325e1f62debb338f363295f5:922c64590222798bb761d5b6d8e72950

code/cves/2023/CVE-2023-6246.yaml

@@ -9,15 +9,21 @@ info:
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2023-6246
     - https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt
+    - https://access.redhat.com/security/cve/CVE-2023-6246
+    - https://bugzilla.redhat.com/show_bug.cgi?id=2249053
+    - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/
   classification:
     cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 7.8
     cve-id: CVE-2023-6246
-    cwe-id: CWE-787
+    cwe-id: CWE-787,CWE-122
+    epss-score: 0.00383
+    epss-percentile: 0.72435
     cpe: cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
-    vendor: glibc
+    vendor: gnu
+    product: glibc
   tags: cve,cve2023,code,glibc,linux,privesc,local
 
 self-contained: true
@@ -33,4 +39,4 @@ code:
       - type: word
         words:
           - "127"     # Segmentation Fault Exit Code
-# digest: 4a0a00473045022100fec914f6ee85b53ab611e26476cba7da42e11cdcb33c935a2d003c74c7312b1302207b65c84f8435932f1aa050019f6aaf899442187cf9630df934cf9086bd94a2f6:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100816db78414b7bafd0437ce9725201733ffd4c96f285f1cdbe48e08e348e67372022040042ed5d64ab0b2bc48789dd519af760226f155f1764ee76b460937ee89a839:922c64590222798bb761d5b6d8e72950

code/privilege-escalation/linux/binary/privesc-choom.yaml

@@ -9,8 +9,8 @@ info:
   reference:
     - https://gtfobins.github.io/gtfobins/choom/
   metadata:
-    max-request: 3
     verified: true
+    max-request: 3
   tags: code,linux,choom,privesc,local
 
 self-contained: true
@@ -46,4 +46,4 @@ code:
           - 'contains(code_2_response, "root")'
           - 'contains(code_3_response, "root")'
         condition: or
-# digest: 4a0a0047304502203b1238ca7d9be64f51e9162022deaf76b02898053cbb3511377e76228d3d79ef0221008b6aa349a17b0a16a0d0949f1797c8e111d2498185b88fe99c326c60c59167c9:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a00473045022100cd0a7dc9b51ef8f3f850d3fde75e025e13c61b464ac044825ac70107c66db1de0220290c09bd78a4e25f5cabc659f9441a3c168a1ca2c226f0ddf9316de01eb30461:922c64590222798bb761d5b6d8e72950

code/privilege-escalation/linux/binary/privesc-find.yaml

@@ -9,8 +9,8 @@ info:
   reference:
     - https://gtfobins.github.io/gtfobins/find/
   metadata:
-    max-request: 3
     verified: true
+    max-request: 3
   tags: code,linux,find,privesc,local
 
 self-contained: true
@@ -46,4 +46,4 @@ code:
           - 'contains(code_2_response, "root")'
           - 'contains(code_3_response, "root")'
         condition: or
-# digest: 4b0a0048304602210093227e768a659e1747e4dd5d82e25ade3f152549f159b967327082c90677fc5e022100ba7d7a12344d88ac9ec3c0832b25af9d1ef25fe4470e6963b2f3ae814c844e89:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402207f55b1ac220ad114cf5cd2341a388a3860f134489b662ff708d8553b7156207a02201bddad6e9a46aa5b077f01de8b269b2797007741d8c6f38b9ddc7724462497e5:922c64590222798bb761d5b6d8e72950

code/privilege-escalation/linux/binary/privesc-lua.yaml

@@ -9,8 +9,8 @@ info:
   reference:
     - https://gtfobins.github.io/gtfobins/lua/
   metadata:
-    max-request: 3
     verified: true
+    max-request: 3
   tags: code,linux,lua,privesc,local
 
 self-contained: true
@@ -46,4 +46,4 @@ code:
           - 'contains(code_2_response, "root")'
           - 'contains(code_3_response, "root")'
         condition: or
-# digest: 4a0a00473045022033fd3387c3085b4f8e3a7ced68a4e324ba82f7e683a8c29e5ab32c1975a8fe4b02210097eb732caf95609123a361436265388bba8c2c95fcba6ddaf6504d3a5b19c19f:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502202ed356f302529ce69de66a24987b78693c5d679a4340425ad29a76fa63db81ab022100a1157d5ab30c98ef4366d8cba600703686a43211b15ce7d17e4fc07a79db5a8f:922c64590222798bb761d5b6d8e72950

code/privilege-escalation/linux/binary/privesc-mysql.yaml

@@ -9,8 +9,8 @@ info:
   reference:
     - https://gtfobins.github.io/gtfobins/mysql/
   metadata:
-    max-request: 3
     verified: true
+    max-request: 3
   tags: code,linux,mysql,privesc,local
 
 self-contained: true
@@ -46,4 +46,4 @@ code:
           - 'contains(code_2_response, "root")'
           - 'contains(code_3_response, "root")'
         condition: or
-# digest: 4b0a00483046022100fa6772f8e48a5c9ac87ddba3ecc262a59d16d9cba527623da8f5cdf9509e44880221008cff1c5a77c27a1f59d943884498c8d1499da98e6ecf7e1d63851de4ae9fa76c:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502205cfddd58041ea672c83a850b34e77b9b635e71f934118d2a1ab9ab3ca660e13b022100eec2e1232af1d0b4686fc284278197db41fa3a289488abb2936a1186b85e3e26:922c64590222798bb761d5b6d8e72950

code/privilege-escalation/linux/binary/privesc-node.yaml

@@ -9,8 +9,8 @@ info:
   reference:
     - https://gtfobins.github.io/gtfobins/node/
   metadata:
-    max-request: 4
     verified: true
+    max-request: 4
   tags: code,linux,node,privesc,local
 
 self-contained: true
@@ -53,4 +53,4 @@ code:
           - 'contains(code_3_response, "root")'
           - 'contains(code_4_response, "root")'
         condition: or
-# digest: 4b0a00483046022100e32f25ba4a83d9d265aa187532f0090ba2fdf1beb89235113b4caeed36413ac30221008ecd529618da3ad2ed65e939b4233529614a005b87fd760bbeeb95de2e78746f:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100c2fb7e0f1c8874aa30b7cbf614269bbd607e7679a738d4e4b6e6d5cafdf8faa1022100af88ace2a97d251334aeefafdfbd07471443304b4505d49f1edf432f53b5e43a:922c64590222798bb761d5b6d8e72950

code/privilege-escalation/linux/binary/privesc-rc.yaml

@@ -9,8 +9,8 @@ info:
   reference:
     - https://gtfobins.github.io/gtfobins/rc/
   metadata:
-    max-request: 3
     verified: true
+    max-request: 3
   tags: code,linux,rc,privesc,local
 
 self-contained: true
@@ -46,4 +46,4 @@ code:
           - 'contains(code_2_response, "root")'
           - 'contains(code_3_response, "root")'
         condition: or
-# digest: 4a0a004730450220665e08a8d241b76abc6c9f908b6c953eeebccc153af1c165958c388f1a57c3eb02210091d8e2364f4c48b2fd9d8b64222760ce398677386e5d185fc86425ea5ed10527:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502202a315bdc26f4d35efa4a6f698d5324b05e6f7d849772f27996dd0e04ac0edd5b022100cb3566b03c81b4ced70cb1bf221db42da3f9262c3ce4790664bc215a0b623abf:922c64590222798bb761d5b6d8e72950