v1.3
同步nuclei引擎至v3.0.2,方便支持nuclei官方最新模板。
同步nuclei poc v9.6.4
其中以*打头的为从用户自定义模板更换工作流至nuclei官方的模板。
CVE-2023-41892 (CraftCMS < 4.4.15 - Unauthenticated Remote Code Execution)
CVE-2023-39677 (PrestaShop MyPrestaModules - PhpInfo Disclosure)
CVE-2023-39676 (PrestaShop fieldpopupnewsletter Module - Cross Site Scripting)
CVE-2023-30943 (Moodle - Cross-Site Scripting/Remote Code Execution)
CVE-2023-25573 (Metersphere - Arbitrary File Read)
CVE-2023-22463 (KubePi JwtSigKey 登陆绕过漏洞)
CVE-2022-0342 (Zyxel - Authentication Bypass)
phpldapadmin-xss
*CNVD-C-2023-76801 (UFIDA NC uapjs - RCE vulnerability)
*CNVD-2022-43245 (Weaver OA XmlRpcServlet - Arbitary File Read)
*CNVD-2021-33202 (Weaver OA E-Cology LoginSSO.jsp - SQL Injection)
*chanjet-tplus-rce (Chanjet TPlus GetStoreWarehouseByStore - Remote Command Execution)
*landray-oa-sysSearchMain-editParam-rce
*landray-oa-treexml-rce
*aic-intelligent-password-exposure
*cloud-oa-system-sqli
*cmseasy-crossall-sqli
*comai-ras-cookie-bypass
*huiwen-bibliographic-info-leak
*sanhui-smg-file-read
*seeyon-oa-log4j
*zhixiang-oa-msglog-sqli
*secsslvpn-auth-bypass(奇xx VPN认证绕过)
*realor-gwt-system-sqli
*ruijie-nbr-fileupload.yaml
*sangfor-login-rce (应用交付)
*secgate-3600-file-upload
*seeyon-config-exposure
*seeyon-createmysql-exposure
*seeyon-initdata-exposure
*seeyon-oa-fastjson-rce
*seeyon-oa-setextno-sqli
*shiziyu-cms-apicontroller-sqli
*seeyon-oa-sp2-file-upload
*smartbi-deserialization
*jolokia-logback-jndi-rce
*tongda-action-uploadfile
*tongda-api-file-upload
*tongda-arbitrary-login
*tongda-contact-list-exposure
*tongda-getdata-rce
*tongda-getway-rfi
*tongda-insert-sqli
*tongda-login-code-authbypass
*tongda-meeting-unauth
*tongda-oa-swfupload-sqli
*tongda-report-func-sqli
*tongda-video-file-read
*topsec-topacm-rce
*topsec-topapplb-auth-bypass
*wanhu-documentedit-sqli
*wanhu-download-ftp-file-read
*wanhu-download-old-file-read
*wanhu-oa-fileupload-controller-arbitrary-file-upload
*wanhu-teleconferenceservice-xxe
*wanhuoa-officeserverservlet-file-upload
*wanhuoa-smartupload-file-upload
*ecology-jqueryfiletree-traversal
*ecology-verifyquicklogin-auth-bypass
*ecology-oa-byxml-xxe
*weaver-checkserver-sqli
*weaver-e-cology-validate-sqli
*weaver-e-mobile-rce
*weaver-ebridge-lfi
*weaver-ecology-bshservlet-rce
*weaver-ecology-getsqldata-sqli
*weaver-ecology-hrmcareer-sqli
*weaver-group-xml-sqli
*weaver-jquery-file-upload
*weaver-ktreeuploadaction-file-upload
*weaver-lazyuploadify-file-upload
*weaver-login-sessionkey
*weaver-mysql-config-info-leak
*weaver-office-server-file-upload
*weaver-officeserver-lfi
*weaver-signaturedownload-lfi
*weaver-sptmforportalthumbnail-lfi
*weaver-uploadify-file-upload
*weaver-uploadoperation-file-upload
*weaver-userselect-unauth
*wechat-info-leak
*chanjet-gnremote-sqli
*chanjet-tplus-checkmutex-sqli
*chanjet-tplus-file-read (Downloadproxy)
*chanjet-tplus-fileupload
*chanjet-tplus-ufida-sqli
*grp-u8-uploadfiledata-fileupload
*yonyou-fe-directory-traversal
*yonyou-filereceiveservlet-fileupload
*yonyou-grp-u8-xxe
*yonyou-nc-accept-fileupload
*yonyou-nc-baseapp-deserialization
*yonyou-nc-dispatcher-fileupload
*yonyou-nc-grouptemplet-fileupload
*yonyou-nc-info-leak
*yonyou-nc-ncmessageservlet-rce
*yonyou-u8-crm-fileupload
*yonyou-u8-crm-lfi
*dlink-centralized-default-login
*o2oa-default-login
*aruba-instant-default-login
*ciphertrust-default-login
*cnzxsoft-default-login
*supershell-default-login
*seeyon-a8-default-login
*seeyon-monitor-default-login
*smartbi-default-login
*ac-weak-login (wayos)
同步nuclei poc v9.6.5
CVE-2023-43261 (Milesight Routers - Information Disclosure)
CVE-2023-42793 (JetBrains TeamCity < 2023.05.4 - Remote Code Execution)
CVE-2023-42442 (JumpServer > 3.6.4 - Information Disclosure)
CVE-2023-37474 (Copyparty <= 1.8.2 - Directory Traversal)
CVE-2023-36845 (Juniper J-Web - Remote Code Execution)
CVE-2023-35813 (Sitecore - Remote Code Execution)
CVE-2023-34259 (Kyocera TASKalfa printer - Path Traversal)
CVE-2023-33831 (FUXA - Unauthenticated Remote Code Execution)
CVE-2023-31465 (TimeKeeper by FSMLabs - Remote Code Execution)
CVE-2023-30013 (TOTOLink - Unauthenticated Command Injection)
CVE-2023-29357 (Microsoft SharePoint - Authentication Bypass)
CVE-2023-22515 (Atlassian Confluence - Privilege Escalation)
CVE-2023-5074 (D-Link D-View 8 v2.0.1.28 - Authentication Bypass)
CVE-2023-4568 (PaperCut NG Unauthenticated XMLRPC Functionality)
CVE-2023-2766 (Weaver OA 9.5 - Information Disclosure)
xploitspy-default-login
mercurial-hgignore
sangfor-nextgen-lfi
yonyou-u8-sqli (Yonyou U8 bx_historyDataCheck - SQL Injection)
*CVE-2022-25568 (MotionEye Config Info Disclosure)
同步nuclei poc v9.6.6
CVE-2022-47075 (Smart Office Web 20.28 - Information Disclosure)
CVE-2023-40779 (IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect)
CVE-2023-39110 (rConfig 3.9.4 - Server-Side Request Forgery)
CVE-2023-39109 (rConfig 3.9.4 - Server-Side Request Forgery)
CVE-2023-39108 (rConfig 3.9.4 - Server-Side Request Forgery)
CVE-2023-34756 (Bloofox v0.5.2.1 - SQL Injection)
CVE-2023-34755 (bloofoxCMS v0.5.2.1 - SQL Injection)
CVE-2023-34753 (bloofoxCMS v0.5.2.1 - SQL Injection)
CVE-2023-34752 (bloofoxCMS v0.5.2.1 - SQL Injection)
CVE-2023-34751 (bloofoxCMS v0.5.2.1 - SQL Injection)
CVE-2021-29006 (rConfig 3.9.6 - Local File Inclusion)
CVE-2023-4974 (Academy LMS 6.2 - SQL Injection)
CVE-2023-3710 (Honeywell PM43 Printers - Command Injection)
CVE-2023-0947 (Flatpress < 1.3 - Path Traversal)
CVE-2023-0777 (modoboa 2.0.4 - Admin TakeOver)
CVE-2021-41749 (CraftCMS SEOmatic - Server-Side Template Injection)
CVE-2020-13638 (rConfig 3.9 - Authentication Bypass(Admin Login))
CVE-2020-13851 (Artica Pandora FMS 7.44 - Remote Code Execution)
CVE-2020-6950 (Eclipse Mojarra - Local File Read)
CVE-2018-7282 (TITool PrintMonitor - Blind SQL Injection)
joomla-com-booking-component
joomla-iproperty-real-estate-xss
joomla-joombri-careers-xss
joomla-jvtwitter-xss
joomla-marvikshop-sqli
joomla-marvikshop-xss
joomla-solidres-xss
doorgets-info-disclosure
kingsoft-vgm-lfi
sound4-impact-auth-bypass
sound4-impact-password-auth-bypass
stackposts-sqli
servicenow-widget-misconfig
batflat-default-login
etl3100-default-login
rconfig-default-login
timekeeper-default-login
wazuh-default-login
nuclei poc v9.6.7 无可同步poc
同步nuclei poc v9.6.8
CVE-2023-46747 (F5 BIG-IP - Unauthenticated RCE via AJP Smuggling)
CVE-2023-45852 (Viessmann Vitogate 300 - Remote Code Execution)
CVE-2023-37679 (NextGen Mirth Connect - Remote Code Execution)
CVE-2023-4966 (Citrix Bleed - Leaking Session Tokens)
CVE-2022-36553 (Hytec Inter HWL-2511-SS - Remote Command Execution)
tiny-file-manager-unauth
opache-control-panel (Opache control Panel - Unauthenticated Access)
cisco-broadworks-log4j-rce
citrix-xenapp-log4j-rce
f-secure-policymanager-log4j-rce
flexnet-log4j-rce
fortiportal-log4j-rce
livebos-file-read
logstash-log4j-rce
okta-log4j-rce
papercut-log4j-rce
openshift-log4j-rce
pega-log4j-rce
splunk-enterprise-log4j-rce
symantec-sepm-log4j-rce
嘎了nuclei ignore找不到的报错