v9.5.1
π₯ Highlights of this release:
β
[CVE-2023-32243] WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset (@dhiyaneshdk) [critical]
β
[CVE-2023-29923] PowerJob <=4.3.2 - Unauthenticated Access (@For3stCo1d) [medium]
β
[CVE-2023-25717] Ruckus Wireless Admin - Remote Code Execution (@parthmalhotra,@pdresearch) [critical]
β
[CVE-2023-2825] GitLab 16.0.0 - Path Traversal (@dhiyaneshdk,@rootxharsh,@iamnoooob,@pdresearch) [critical]
β
[CVE-2023-2732] MStore API <= 3.9.2 - Authentication Bypass (@dhiyaneshdk) [critical]
β
[CVE-2021-39165] Cachet <=2.3.18 - SQL Injection (@tess) [high]
β
[CVE-2020-29583] ZyXel USG - Hardcoded Credentials (@canberbamber) [critical]
β
[CVE-2020-1956] Apache Kylin 3.0.1 - Command Injection (@iamnoooob,@rootxharsh,@pdresearch) [high]
β
[CVE-2016-3510] Oracle WebLogic Server - Remote Code Execution (@iamnoooob,@rootxharsh,@pdresearch) [critical]
What's Changed
New Templates Added: 56
New CVEs Added: 23
- http/cves/2023/CVE-2023-32243.yaml by @dhiyaneshdk π₯
- http/cves/2023/CVE-2023-29923.yaml by @For3stCo1d π₯
- http/cves/2023/CVE-2023-29919.yaml by @For3stCo1d
- http/cves/2023/CVE-2023-29887.yaml by @ctflearner
- http/cves/2023/CVE-2023-27482.yaml by @dhiyaneshdk
- http/cves/2023/CVE-2023-25717.yaml by @parthmalhotra,@pdresearch π₯
- http/cves/2023/CVE-2023-2825.yaml by @dhiyaneshdk,@rootxharsh,@iamnoooob,@pdresearch π₯
- http/cves/2023/CVE-2023-2780.yaml by @iamnoooob,@pdresearch
- http/cves/2023/CVE-2023-2732.yaml by @dhiyaneshdk π₯
- http/cves/2023/CVE-2023-2356.yaml by @Co5mos
- http/cves/2023/CVE-2023-1434.yaml by @dhiyaneshdk
- http/cves/2022/CVE-2022-22733.yaml by @zeyad Azima
- http/cves/2022/CVE-2022-2733.yaml by @ctflearner
- http/cves/2021/CVE-2021-39165.yaml by @tess π₯
- http/cves/2021/CVE-2021-37305.yaml by @ritikchaddha
- http/cves/2021/CVE-2021-37304.yaml by @ritikchaddha
- http/cves/2021/CVE-2021-24435.yaml by @xcapri,@ritikchaddha
- http/cves/2020/CVE-2020-29583.yaml by @canberbamber π₯
- http/cves/2020/CVE-2020-1956.yaml by @iamnoooob,@rootxharsh,@pdresearch π₯
- http/cves/2016/CVE-2016-4437.yaml by @iamnoooob,@rootxharsh,@pdresearch
- network/cves/2020/CVE-2020-11981.yaml by @pussycat0x
- network/cves/2017/CVE-2017-5645.yaml by @princechaddha
- network/cves/2016/CVE-2016-3510.yaml by @iamnoooob,@rootxharsh,@pdresearch π₯
- http/cnvd/2023/CNVD-2023-12632.yaml by @daffainfo
- http/vulnerabilities/avtech/avtech-auth-bypass.yaml by @ritikchaddha
- http/vulnerabilities/avtech/avtech-dvr-ssrf.yaml by @ritikchaddha
- http/vulnerabilities/avtech/avtech-unauth-file-download.yaml by @ritikchaddha
- http/vulnerabilities/avtech/avtech-verification-bypass.yaml by @ritikchaddha
- http/vulnerabilities/weaver/ecology/ecology-mysql-config.yaml by @ritikchaddha
- http/vulnerabilities/zyxel/unauth-ztp-ping.yaml by @DMartyn
- http/misconfiguration/aem/aem-secrets.yaml by @boobooHQ,@j3ssie
- http/misconfiguration/ibm-websphere-xml.yaml by @r3nz0
- http/misconfiguration/sitecore-lfi.yaml by @dhiyaneshdk
- http/misconfiguration/teslamate-unauth-access.yaml by @For3stCo1d
- http/exposures/apis/jeecg-boot-swagger.yaml by @ritikchaddha
- http/exposures/configs/blazor-boot.yaml by @freakyclown
- http/exposures/configs/config-properties.yaml by @j4vaovo,@dhiyaneshdk
- http/exposures/tokens/azure/azure-connection.yaml by @dhiyaneshdk
- http/exposures/tokens/digitalocean/digital-ocean-personal-token.yaml by @dhiyaneshdk
- http/exposures/tokens/digitalocean/digitalocean-app-token.yaml by @dhiyaneshdk
- http/exposures/tokens/digitalocean/digitalocean-refresh.yaml by @dhiyaneshdk
- http/exposures/tokens/figma/figma-personal-token.yaml by @dhiyaneshdk
- http/exposed-panels/axway-api-manager-panel.yaml by @johnk3r
- http/exposed-panels/fortinet/fortinet-fortiddos-panel.yaml by @johnk3r
- http/exposed-panels/interactsoftware-interact.yaml by @righettod
- http/exposed-panels/isams-panel.yaml by @righettod
- http/exposed-panels/odoo-panel.yaml by @dhiyaneshdk
- http/exposed-panels/repetier-server-panel.yaml by @ritikchaddha
- http/exposed-panels/sauter-moduwebvision-panel.yaml by @righettod
- http/exposed-panels/shardingsphere-panel.yaml by @dhiyaneshdk
- ssl/insecure-cipher-suite-detect.yaml by @pussycat0x
- file/keys/azure/azure-connection-string.yaml by @dhiyaneshdk
- file/keys/digitalocean/digitalocean-access-token.yaml by @dhiyaneshdk
- file/keys/digitalocean/digitalocean-personal-access.yaml by @dhiyaneshdk
- file/keys/digitalocean/digitalocean-refresh-token.yaml by @dhiyaneshdk
- file/keys/figma-access-token.yaml by @dhiyaneshdk
New Contributors
- @ricardojba made their first contribution in #7221
- @PR05A1C made their first contribution in #7250
- @Zeyad-Azima made their first contribution in #7212
- @MillerMedia made their first contribution in #7264
- @waltersagehorn-praetorian made their first contribution in #7282
- @jub0bs made their first contribution in #7266
- @dm-ct made their first contribution in #7174
- @xcapri made their first contribution in #5615
- @mastercho made their first contribution in #7124
- @ruben-condor made their first contribution in #7304
Full Changelog: v9.5.0...v9.5.1
Contributors
freakyclown, zeyad, and 27 other contributors