Merge branch 'main' into princechaddha-patch-1

projectdiscovery · Mar 1, 2024 · f80719e · f80719e
2 parents 4223da0 + 1be4e2f
commit f80719e
Show file tree

Hide file tree

Showing 605 changed files with 11,891 additions and 6,827 deletions.
diff --git a/.github/workflows/templates-sync.yml b/.github/workflows/templates-sync.yml
@@ -3,53 +3,51 @@ on:
   push:
     paths:
     - '.new-additions'
-    - 'code/cves/2023/CVE-2023-6246.yaml'
-    - 'http/cves/2007/CVE-2007-3010.yaml'
-    - 'http/cves/2011/CVE-2011-4640.yaml'
-    - 'http/cves/2021/CVE-2021-24442.yaml'
-    - 'http/cves/2021/CVE-2021-24849.yaml'
-    - 'http/cves/2021/CVE-2021-24943.yaml'
-    - 'http/cves/2021/CVE-2021-40651.yaml'
-    - 'http/cves/2022/CVE-2022-38131.yaml'
-    - 'http/cves/2023/CVE-2023-28662.yaml'
-    - 'http/cves/2023/CVE-2023-40355.yaml'
-    - 'http/cves/2023/CVE-2023-47115.yaml'
-    - 'http/cves/2023/CVE-2023-52085.yaml'
-    - 'http/cves/2023/CVE-2023-6360.yaml'
-    - 'http/cves/2023/CVE-2023-6831.yaml'
-    - 'http/cves/2023/CVE-2023-6909.yaml'
-    - 'http/cves/2024/CVE-2024-1061.yaml'
-    - 'http/cves/2024/CVE-2024-21644.yaml'
-    - 'http/cves/2024/CVE-2024-21645.yaml'
-    - 'http/cves/2024/CVE-2024-21893.yaml'
-    - 'http/cves/2024/CVE-2024-22024.yaml'
-    - 'http/cves/2024/CVE-2024-25669.yaml'
-    - 'http/cves/2024/CVE-2024-25735.yaml'
-    - 'http/default-logins/webmethod/webmethod-integration-server-default-login.yaml'
-    - 'http/exposed-panels/apigee-panel.yaml'
-    - 'http/exposed-panels/dockge-panel.yaml'
-    - 'http/exposed-panels/dokuwiki-panel.yaml'
-    - 'http/exposed-panels/easyjob-panel.yaml'
-    - 'http/exposed-panels/friendica-panel.yaml'
-    - 'http/exposed-panels/gotify-panel.yaml'
-    - 'http/exposed-panels/haivision-gateway-panel.yaml'
-    - 'http/exposed-panels/haivision-media-platform-panel.yaml'
-    - 'http/exposed-panels/ivanti-connect-secure-panel.yaml'
-    - 'http/exposed-panels/juniper-panel.yaml'
-    - 'http/exposed-panels/ms-exchange-web-service.yaml'
-    - 'http/exposed-panels/pairdrop-panel.yaml'
-    - 'http/exposed-panels/passbolt-panel.yaml'
-    - 'http/exposed-panels/proofpoint-protection-server-panel.yaml'
-    - 'http/exposed-panels/sentry-panel.yaml'
-    - 'http/exposed-panels/vistaweb-panel.yaml'
-    - 'http/exposures/logs/teampass-ldap.yaml'
-    - 'http/miscellaneous/balada-injector-malware.yaml'
-    - 'http/misconfiguration/node-express-dev-env.yaml'
-    - 'http/misconfiguration/sap/sap-public-admin.yaml'
-    - 'http/technologies/google/chromecast-detect.yaml'
-    - 'http/technologies/identity-server-v3-detect.yaml'
-    - 'http/vulnerabilities/lucee-rce.yaml'
-    - 'http/vulnerabilities/wordpress/wp-user-enum.yaml'
+    - 'http/cnvd/2023/CNVD-2023-96945.yaml'
+    - 'http/cves/2015/CVE-2015-1635.yaml'
+    - 'http/cves/2023/CVE-2023-38203.yaml'
+    - 'http/cves/2023/CVE-2023-42344.yaml'
+    - 'http/cves/2023/CVE-2023-45671.yaml'
+    - 'http/cves/2023/CVE-2023-48777.yaml'
+    - 'http/cves/2023/CVE-2023-6895.yaml'
+    - 'http/cves/2024/CVE-2024-0305.yaml'
+    - 'http/cves/2024/CVE-2024-0713.yaml'
+    - 'http/cves/2024/CVE-2024-1021.yaml'
+    - 'http/cves/2024/CVE-2024-1071.yaml'
+    - 'http/cves/2024/CVE-2024-1208.yaml'
+    - 'http/cves/2024/CVE-2024-1209.yaml'
+    - 'http/cves/2024/CVE-2024-1210.yaml'
+    - 'http/cves/2024/CVE-2024-1709.yaml'
+    - 'http/cves/2024/CVE-2024-22319.yaml'
+    - 'http/cves/2024/CVE-2024-22320.yaml'
+    - 'http/cves/2024/CVE-2024-23334.yaml'
+    - 'http/cves/2024/CVE-2024-25600.yaml'
+    - 'http/default-logins/ibm/ibm-dcbc-default-login.yaml'
+    - 'http/default-logins/ibm/ibm-dcec-default-login.yaml'
+    - 'http/default-logins/ibm/ibm-dsc-default-login.yaml'
+    - 'http/default-logins/ibm/ibm-hmc-default-login.yaml'
+    - 'http/exposed-panels/c2/meduza-stealer.yaml'
+    - 'http/exposed-panels/cisco-unity-panel.yaml'
+    - 'http/exposed-panels/connectwise-panel.yaml'
+    - 'http/exposed-panels/fortinet/fortiauthenticator-detect.yaml'
+    - 'http/exposed-panels/ibm/ibm-dcec-panel.yaml'
+    - 'http/exposed-panels/ibm/ibm-decision-server-console.yaml'
+    - 'http/exposed-panels/ibm/ibm-odm-panel.yaml'
+    - 'http/exposed-panels/koel-panel.yaml'
+    - 'http/exposed-panels/kopano-webapp-panel.yaml'
+    - 'http/exposed-panels/linshare-panel.yaml'
+    - 'http/exposed-panels/openvas-panel.yaml'
+    - 'http/exposed-panels/opinio-panel.yaml'
+    - 'http/exposed-panels/rocketchat-panel.yaml'
+    - 'http/exposures/configs/sphinxsearch-config.yaml'
+    - 'http/misconfiguration/installer/connectwise-setup.yaml'
+    - 'http/technologies/ibm/ibm-decision-runner.yaml'
+    - 'http/technologies/ibm/ibm-decision-server-runtime.yaml'
+    - 'http/technologies/ibm/ibm-odm-detect.yaml'
+    - 'http/technologies/pexip-detect.yaml'
+    - 'http/vulnerabilities/dahua/dahua-bitmap-fileupload.yaml'
+    - 'http/vulnerabilities/joomla/joomla-easyshop-lfi.yaml'
+    - 'http/vulnerabilities/yonyou/yonyou-ufida-nc-lfi.yaml'
   workflow_dispatch:
 jobs:
   triggerRemoteWorkflow:

diff --git a/.new-additions b/.new-additions
@@ -1,47 +1,45 @@
-code/cves/2023/CVE-2023-6246.yaml
-http/cves/2007/CVE-2007-3010.yaml
-http/cves/2011/CVE-2011-4640.yaml
-http/cves/2021/CVE-2021-24442.yaml
-http/cves/2021/CVE-2021-24849.yaml
-http/cves/2021/CVE-2021-24943.yaml
-http/cves/2021/CVE-2021-40651.yaml
-http/cves/2022/CVE-2022-38131.yaml
-http/cves/2023/CVE-2023-28662.yaml
-http/cves/2023/CVE-2023-40355.yaml
-http/cves/2023/CVE-2023-47115.yaml
-http/cves/2023/CVE-2023-52085.yaml
-http/cves/2023/CVE-2023-6360.yaml
-http/cves/2023/CVE-2023-6831.yaml
-http/cves/2023/CVE-2023-6909.yaml
-http/cves/2024/CVE-2024-1061.yaml
-http/cves/2024/CVE-2024-21644.yaml
-http/cves/2024/CVE-2024-21645.yaml
-http/cves/2024/CVE-2024-21893.yaml
-http/cves/2024/CVE-2024-22024.yaml
-http/cves/2024/CVE-2024-25669.yaml
-http/cves/2024/CVE-2024-25735.yaml
-http/default-logins/webmethod/webmethod-integration-server-default-login.yaml
-http/exposed-panels/apigee-panel.yaml
-http/exposed-panels/dockge-panel.yaml
-http/exposed-panels/dokuwiki-panel.yaml
-http/exposed-panels/easyjob-panel.yaml
-http/exposed-panels/friendica-panel.yaml
-http/exposed-panels/gotify-panel.yaml
-http/exposed-panels/haivision-gateway-panel.yaml
-http/exposed-panels/haivision-media-platform-panel.yaml
-http/exposed-panels/ivanti-connect-secure-panel.yaml
-http/exposed-panels/juniper-panel.yaml
-http/exposed-panels/ms-exchange-web-service.yaml
-http/exposed-panels/pairdrop-panel.yaml
-http/exposed-panels/passbolt-panel.yaml
-http/exposed-panels/proofpoint-protection-server-panel.yaml
-http/exposed-panels/sentry-panel.yaml
-http/exposed-panels/vistaweb-panel.yaml
-http/exposures/logs/teampass-ldap.yaml
-http/miscellaneous/balada-injector-malware.yaml
-http/misconfiguration/node-express-dev-env.yaml
-http/misconfiguration/sap/sap-public-admin.yaml
-http/technologies/google/chromecast-detect.yaml
-http/technologies/identity-server-v3-detect.yaml
-http/vulnerabilities/lucee-rce.yaml
-http/vulnerabilities/wordpress/wp-user-enum.yaml
+http/cnvd/2023/CNVD-2023-96945.yaml
+http/cves/2015/CVE-2015-1635.yaml
+http/cves/2023/CVE-2023-38203.yaml
+http/cves/2023/CVE-2023-42344.yaml
+http/cves/2023/CVE-2023-45671.yaml
+http/cves/2023/CVE-2023-48777.yaml
+http/cves/2023/CVE-2023-6895.yaml
+http/cves/2024/CVE-2024-0305.yaml
+http/cves/2024/CVE-2024-0713.yaml
+http/cves/2024/CVE-2024-1021.yaml
+http/cves/2024/CVE-2024-1071.yaml
+http/cves/2024/CVE-2024-1208.yaml
+http/cves/2024/CVE-2024-1209.yaml
+http/cves/2024/CVE-2024-1210.yaml
+http/cves/2024/CVE-2024-1709.yaml
+http/cves/2024/CVE-2024-22319.yaml
+http/cves/2024/CVE-2024-22320.yaml
+http/cves/2024/CVE-2024-23334.yaml
+http/cves/2024/CVE-2024-25600.yaml
+http/default-logins/ibm/ibm-dcbc-default-login.yaml
+http/default-logins/ibm/ibm-dcec-default-login.yaml
+http/default-logins/ibm/ibm-dsc-default-login.yaml
+http/default-logins/ibm/ibm-hmc-default-login.yaml
+http/exposed-panels/c2/meduza-stealer.yaml
+http/exposed-panels/cisco-unity-panel.yaml
+http/exposed-panels/connectwise-panel.yaml
+http/exposed-panels/fortinet/fortiauthenticator-detect.yaml
+http/exposed-panels/ibm/ibm-dcec-panel.yaml
+http/exposed-panels/ibm/ibm-decision-server-console.yaml
+http/exposed-panels/ibm/ibm-odm-panel.yaml
+http/exposed-panels/koel-panel.yaml
+http/exposed-panels/kopano-webapp-panel.yaml
+http/exposed-panels/linshare-panel.yaml
+http/exposed-panels/openvas-panel.yaml
+http/exposed-panels/opinio-panel.yaml
+http/exposed-panels/rocketchat-panel.yaml
+http/exposures/configs/sphinxsearch-config.yaml
+http/misconfiguration/installer/connectwise-setup.yaml
+http/technologies/ibm/ibm-decision-runner.yaml
+http/technologies/ibm/ibm-decision-server-runtime.yaml
+http/technologies/ibm/ibm-odm-detect.yaml
+http/technologies/pexip-detect.yaml
+http/vulnerabilities/dahua/dahua-bitmap-fileupload.yaml
+http/vulnerabilities/joomla/joomla-easyshop-lfi.yaml
+http/vulnerabilities/yonyou/yonyou-ufida-nc-lfi.yaml
diff --git a/.nuclei-ignore b/.nuclei-ignore
@@ -16,7 +16,8 @@ tags:
   - "fuzz"
   - "dos"
   - "local"
-  - "privesc"
+  - "brute-force"
+  - "bruteforce"
 
 # The following templates have been excluded because they have weak matchers and may generate FP results.
 # Please feel free to create PR if you can update the templates with strict matchers.

diff --git a/README.md b/README.md
@@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
 
 |    TAG    | COUNT |    AUTHOR    | COUNT | DIRECTORY  | COUNT | SEVERITY | COUNT | TYPE | COUNT |
 |-----------|-------|--------------|-------|------------|-------|----------|-------|------|-------|
-| cve       |  2343 | dhiyaneshdk  |  1137 | http       |  6975 | info     |  3357 | file |   312 |
-| panel     |  1054 | daffainfo    |   863 | file       |   312 | high     |  1550 | dns  |    21 |
-| wordpress |   941 | dwisiswant0  |   801 | workflows  |   191 | medium   |  1450 |      |       |
-| xss       |   887 | pikpikcu     |   353 | network    |   132 | critical |   943 |      |       |
-| exposure  |   860 | pussycat0x   |   313 | code       |    79 | low      |   255 |      |       |
-| wp-plugin |   816 | ritikchaddha |   300 | ssl        |    27 | unknown  |    34 |      |       |
+| cve       |  2365 | dhiyaneshdk  |  1140 | http       |  7022 | info     |  3375 | file |   312 |
+| panel     |  1070 | daffainfo    |   864 | file       |   312 | high     |  1562 | dns  |    21 |
+| wordpress |   947 | dwisiswant0  |   801 | workflows  |   191 | medium   |  1458 |      |       |
+| xss       |   891 | pikpikcu     |   353 | network    |   132 | critical |   950 |      |       |
+| exposure  |   861 | pussycat0x   |   313 | code       |    80 | low      |   257 |      |       |
+| wp-plugin |   822 | ritikchaddha |   303 | ssl        |    27 | unknown  |    35 |      |       |
 | osint     |   678 | pdteam       |   285 | javascript |    26 |          |       |      |       |
-| tech      |   653 | ricardomaia  |   231 | dns        |    18 |          |       |      |       |
-| lfi       |   628 | geeknik      |   225 | headless   |    11 |          |       |      |       |
+| tech      |   655 | ricardomaia  |   231 | dns        |    18 |          |       |      |       |
+| lfi       |   632 | geeknik      |   227 | headless   |    11 |          |       |      |       |
 | edb       |   598 | theamanrawat |   221 | cloud      |     9 |          |       |      |       |
 
-**552 directories, 8061 files**.
+**555 directories, 8111 files**.
 
 </td>
 </tr>

diff --git a/TEMPLATES-STATS.json b/TEMPLATES-STATS.json