Releases · projectdiscovery/nuclei-templates

14 Oct 14:33

princechaddha

v10.0.2

56fb702

v10.0.2 Latest

Latest

What's Changed

🔥 Release Highlights 🔥

[CVE-2024-45409] GitLab - SAML Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-43917] TI WooCommerce Wishlist Plugin <= 2.8.2 - SQLi (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-38816] WebMvc.fn/WebFlux.fn - Path Traversal (@pussycat0x) [high] 🔥
[CVE-2024-9465] Palo Alto Expedition - SQL Injection (@dhiyaneshdk) [high] 🔥
[CVE-2024-9463] PaloAlto Networks Expedition - Remote Code Execution (@princechaddha) [critical] 🔥
[CVE-2024-7354] Ninja Forms 3.8.6-3.8.10 - Cross-Site Scripting (@ritikchaddha) [medium] 🔥
[CVE-2024-5488] SEOPress < 7.9 - Authentication Bypass (@pdresearch, @iamnoooob, @rootxharsh) [critical] 🔥
[CVE-2021-25094] Wordpress Tatsubuilder <= 3.3.11 - RCE (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥

Bug Fixes

Resolved parsing issue in WordPress-WP-Mail-Logging template. (Issue #10908)

False Negatives

Improved detection in WordPress detection. (Issue #10463)
Enhanced detection in Adminer Panel. (Issue #10797)

False Positives

Corrected false positives for CVE-2018-11784. (PR #10916)
Fixed false positives for CVE-2021-29484. (PR #10880)
Addressed false positives for CVE-2024-34982. (PR #10879)
Resolved false positives in Fumengyun-SQLi. (PR #10886)

Enhancements

Improved SQL injection template for error-based scenarios. (PR #10996)
Updated CVE-2024-9465 for better accuracy. (PR #10986)
Enhanced XSS detection in Ninja-Forms. (PR #10974)
Updated Fumengyun-SQLi for better detection. (PR #10960)
Enhanced management of CVE-2024-7354. (PR #10925)
Ensured accurate detection in WordPress update. (PR #10915)
Refactored Strapi template for efficiency. (PR #10887)
Updated CONTRIBUTING.md to enhance contributions. (PR #10890)

Template Updates

New Templates Added: `68` | CVEs Added: `30` | First-time contributions: `5`

[CVE-2024-46627] DATAGERRY - REST API Auth Bypass (@gy741) [critical]
[CVE-2024-45440] Drupal 11.x-dev - Full Path Disclosure (@dhiyaneshdk) [medium]
[CVE-2024-45409] GitLab - SAML Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-43917] TI WooCommerce Wishlist Plugin <= 2.8.2 - SQLi (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-43160] BerqWP <= 1.7.6 - Arbitrary File Uplaod (@s4e-io) [critical]
[CVE-2024-38816] WebMvc.fn/WebFlux.fn - Path Traversal (@pussycat0x) [high] 🔥
[CVE-2024-35627] TileServer API - Cross Site Scripting (@dhiyaneshdk) [medium]
[CVE-2024-32964] Lobe Chat <= v0.150.5 - Server-Side Request Forgery (@s4e-io) [critical]
[CVE-2024-9465] Palo Alto Expedition - SQL Injection (@dhiyaneshdk) [high] 🔥
[CVE-2024-9463] PaloAlto Networks Expedition - Remote Code Execution (@princechaddha) [critical] 🔥
[CVE-2024-8877] Riello Netman 204 - SQL Injection (@s4e-io) [critical]
[CVE-2024-8021] Gradio - Open Redirect (@dhiyaneshdk) [medium]
[CVE-2024-7854] Woo Inquiry <= 0.1 - SQL Injection (@s4e-io) [critical]
[CVE-2024-7714] AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls (@s4e-io) [medium]
[CVE-2024-7354] Ninja Forms 3.8.6-3.8.10 - Cross-Site Scripting (@ritikchaddha) [medium] 🔥
[CVE-2024-6517] Contact Form 7 Math Captcha <= 2.0.1 - Cross-site Scripting (@s4e-io) [medium]
[CVE-2024-5488] SEOPress < 7.9 - Authentication Bypass (@pdresearch, @iamnoooob, @rootxharsh) [critical] 🔥
[CVE-2024-4940] Gradio - Open Redirect (@dhiyaneshdk) [medium]
[CVE-2024-4340] sqlparse - Denial of Service (@KoYejune0302, @cheoljun99, @sim4110, @gy741) [high]
[CVE-2024-3753] Hostel < 1.1.5.3 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2024-3234] Chuanhu Chat - Directory Traversal (@dhiyaneshdk) [critical]
[CVE-2023-47105] Chaosblade < 1.7.4 - Remote Code Execution (@s4e-io) [high]
[CVE-2023-39007] OPNsense - Cross-Site Scripting to RCE (@ritikchaddha) [critical]
[CVE-2023-27641] L-Soft LISTSERV 16.5 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-4151] Store Locator WordPress < 1.4.13 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-0676] phpIPAM 1.5.1 - Cross-site Scripting (@ritikchaddha) [medium]
[CVE-2021-40272] IRTS OP5 Monitor - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2021-25094] Wordpress Tatsubuilder <= 3.3.11 - RCE (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2019-19411] Huawei Firewall - Local File Inclusion (@taielab) [low]
[CVE-2017-5871] Odoo <= 8.0-20160726 & 9.0 - Open Redirect (@1337rokudenashi) [medium]
[datagerry-default-login] Datagerry - Default Login (@gy741) [high]
[netdisco-default-login] Netdisco Admin - Default Login (@ritikchaddha) [critical]
[dockwatch-panel] Dockwatch Panel - Detect (@s4e-io) [info]
[enablix-panel] Enablix Panel - Detect (@dhiyaneshdk) [info]
[gitlab-explore] GitLab Instance Explore - Detect (@sujal Tuladhar) [info]
[gitlab-saml] Gitlab SAML - Detection (@rootxharsh, @iamnoooob, @pdresearch) [info]
[loxone-web-panel] Loxone WebInterface Panel - Detect (@dhiyaneshdk) [info]
[m-bus-panel] M-Bus Converter Web Interface - Detect (@dhiyaneshdk) [info]
[macos-server-panel] macOS Server Panel - Detect (@dhiyaneshdk) [info]
[riello-netman204-panel] Riello UPS NetMan 204 Panel - Detect (@s4e-io) [info]
[rstudio-panel] RStudio Sign In Panel - Detect (@dhiyaneshdk) [info]
[saia-pcd-panel] Saia PCD Web Server Panel - Detect (@dhiyaneshdk) [info]
[workspace-one-uem-ssp] VMware Workspace ONE UEM Airwatch Self-Service Portal - Detect (@KoratSec) [info]
[action-controller-exception] Action Controller Exception - Page (@dhiyaneshdk) [info]
[delphi-mvc-exception] Delphi MVC Exception - Page (@dhiyaneshdk) [info]
[expression-engine-exception] ExpressionEngine Exception - Page (@dhiyaneshdk) [info]
[lua-runtime-error] LUA Runtime Error - Page (@dhiyaneshdk) [info]
[mako-runtime-error] Mako Runtime Error - Page (@dhiyaneshdk) [info]
[microsoft-runtime-error] Microsoft Runtime Error Page (@dhiyaneshdk) [info]
[mongodb-exception-page] MongoDB Exception - Page (@dhiyaneshdk) [info]
[sap-logon-error-message] SAP Logon Error Message (@dhiyaneshdk) [info]
[twig-runtime-error] Twig Runtime Error - Page (@dhiyaneshdk) [info]
[seized-site] Seized Site (@rxerium) [info]
[ariang-debug-console] AriaNg Debug Console - Exposure (@dhiyaneshdk) [medium]
[aspnetcore-dev-env] ASP.NET Core Development Environment - Exposure (@Mys7ic) [info]
[netdisco-unauth] Netdisco - Unauth Access (@ritikchaddha) [critical]
[arcgis-detect] ArcGIS - Detect (@righettod) [info]
[dizquetv-detect] dizqueTV - Detect (@s4e-io) [info]
[ivanti-epm-detect] Ivanti Endpoint Manager (EPM) - Detect (@rxerium) [info]
[default-azure-function-app] Azure Function App - Default Page (@dhiyaneshdk) [info]
[vertigis-detect] VertiGIS - Detect (@righettod) [info]
[wiki-js-detect] Wiki.js - Detect (@righettod) [info]
[windows-communication-foundation-detect] Windows Communication Foundation - Detect (@r3naissance) [info]
[api-delighted] Delighted API Test (@0xPugal) [info]
[api-intigriti-researcher] Intigriti-Researcher API Test (@0xPugal) [info]
[api-telegram] Telegram API Test (@0xPugal) [info]
[retool-svg-xss] Retool < 3.88 - SVG Cross-Site Scripting (@iamnoooob, @iamnoooob, @pdresearch) [high]
[ninja-forms-xss] Ninja Forms < 3.5.5 - Cross-Site Scripting (@ritikchaddha) [medium]

New Contributors

@stvnhrlnd made their first contribution in #10878
@KoratSec made their first contribution in #10937
@ShaneIan made their first contribution in #10518
@evilgensec made their first contribution in #10911
@aviadavi made their first contribution in #10949

Full Changelog: v10.0.1...v10.0.2

Contributors

sujal, righettod, and 23 other contributors

Assets 3

30 Sep 15:25

princechaddha

v10.0.1

29edb66

v10.0.1

What's Changed

🔥 Release Highlights 🔥

[CVE-2024-47176] CUPS - Remote Code Execution (@princechaddha) [high] 🔥
[CVE-2024-47062] Navidrome < 0.53.0 - Authenticated SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-46986] Camaleon CMS < 2.8.1 Arbitrary File Write to RCE (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-45519] Zimbra Collaboration Suite <9.0.0 - RCE (@pdresearch, @iamnoooob, @parthmalhotra, @Ice3man543) [critical] 🔥
[CVE-2024-45507] Apache OFBiz - Remote Code Execution (@CHYbeta, @Iamnooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-44000] LiteSpeed Cache <= 6.4.1 - Sensitive Information Exposure (@s4e-io) [high] 🔥
[CVE-2024-38473] Apache HTTP Server - ACL Bypass (@pdteam) [high] 🔥
[CVE-2024-30188] Apache DolphinScheduler >= 3.1.0, < 3.2.2 File Read/Write (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-28397] pyload-ng js2py - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [medium] 🔥
[CVE-2024-9014] pgAdmin 4 - Authentication Bypass (@s4e-io) [critical] 🔥
[CVE-2024-8522] LearnPress – WordPress LMS - SQL Injection (@pdresearch, @iamnoooob, @rootxharsh) [critical] 🔥
[CVE-2024-8503] VICIdial - SQL Injection (@s4e-io) [critical] 🔥
[CVE-2024-5276] Fortra FileCatalyst Workflow <= v5.1.6 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2023-43654] PyTorch TorchServe SSRF (@dhiyaneshdk) [critical] 🔥
[CVE-2023-27584] Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2019-0232] Apache Tomcat CGIServlet enableCmdLineArguments - Remote Code Execution (@dhiyaneshdk) [high] 🔥

Bug Fixes

Resolved unresolved variables found: FQDN (#10349).

False Negatives

Improve detection and reduce false negatives for CVE-2024-47176 (Issue #10864).

False Positives

Fixed false positive for CVE-2021-33044 (#10863).
Removed CVE-2023-35489 due to false positives (Issue #10800).
Update to fix false positives in CVE-2024-41667.yaml (#10751).
Resolved false positive in CVE-2024-41667.yaml (#10749).

Enhancements

Added regex extractor for user-agent of HTTP request to identify vulnerable devices in CVE-2024-47176.yaml (#10864).
Updated severity in apple-cups-exposure.yaml (#10857).
Severity update for jwk-json-leak.yaml (#10840).
Added nacos configuration leak detection (#10825).
Refactored the "git-repository-browser" template (#10801).
Moved http/cves/CVE-2024-45507.yaml to http/cves/2024/CVE-2024-45507.yaml (#10785).
Refactored the "kubelet-metrics" template (#10765).
Refactored the "GITEA" template (#10752).
Optimized templates due to Nuclei changes and added new templates (Issue #10285).
Deleted http/fuzzing/valid-gmail-check.yaml as the Gmail API is no longer active (#10865).

Template Updates

New Templates Added: `86` | CVEs Added: `41` | First-time contributions: `2`

[CVE-2024-47176] CUPS - Remote Code Execution (@princechaddha) [high] 🔥
[CVE-2024-47062] Navidrome < 0.53.0 - Authenticated SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-46986] Camaleon CMS < 2.8.1 Arbitrary File Write to RCE (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-45622] ASIS - SQL Injection Authentication Bypass (@s4e-io) [critical]
[CVE-2024-45519] Zimbra Collaboration Suite <9.0.0 - RCE (@pdresearch, @iamnoooob, @parthmalhotra, @Ice3man543) [critical] 🔥
[CVE-2024-45507] Apache OFBiz - Remote Code Execution (@CHYbeta, @Iamnooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-44000] LiteSpeed Cache <= 6.4.1 - Sensitive Information Exposure (@s4e-io) [high] 🔥
[CVE-2024-41810] Twisted - Open Redirect & XSS (@KoYejune0302, @cheoljun99, @sim4110, @gy741) [medium]
[CVE-2024-38473] Apache HTTP Server - ACL Bypass (@pdteam) [high] 🔥
[CVE-2024-36683] PrestaShop productsalert - SQL Injection (@mastercho) [critical]
[CVE-2024-30269] DataEase <= 2.4.1 - Sensitive Information Exposure (@s4e-io) [medium]
[CVE-2024-30188] Apache DolphinScheduler >= 3.1.0, < 3.2.2 File Read/Write (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2024-28397] pyload-ng js2py - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [medium] 🔥
[CVE-2024-22207] Fastify Swagger-UI - Information Disclosure (@dhiyaneshdk, @iamnoooob) [medium]
[CVE-2024-9014] pgAdmin 4 - Authentication Bypass (@s4e-io) [critical] 🔥
[CVE-2024-8883] Keycloak - Open Redirect (@iamnoooob, @rootxharsh, @pdresearch) [medium]
[CVE-2024-8752] WebIQ 2.15.9 - Directory Traversal (@s4e-io) [high]
[CVE-2024-8522] LearnPress – WordPress LMS - SQL Injection (@pdresearch, @iamnoooob, @rootxharsh) [critical] 🔥
[CVE-2024-8503] VICIdial - SQL Injection (@s4e-io) [critical] 🔥
[CVE-2024-8484] REST API TO MiniProgram <= 4.7.1 - SQL Injection (@s4e-io) [high]
[CVE-2024-6845] SmartSearchWP < 2.4.6 - OpenAI Key Disclosure (@s4e-io) [medium]
[CVE-2024-5276] Fortra FileCatalyst Workflow <= v5.1.6 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-3673] Web Directory Free < 1.7.3 - Local File Inclusion (@s4e-io) [critical]
[CVE-2023-47253] Qualitor <= 8.20 - Remote Code Execution (@s4e-io) [critical]
[CVE-2023-43654] PyTorch TorchServe SSRF (@dhiyaneshdk) [critical] 🔥
[CVE-2023-39650] PrestaShop Theme Volty CMS Blog - SQL Injection (@mastercho) [critical]
[CVE-2023-39024] Harman Media Suite <= 4.2.0 - Local File Disclosure (@s4e-io) [high]
[CVE-2023-38192] SuperWebMailer 9.00.0.01710 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-27847] PrestaShop xipblog - SQL Injection (@mastercho) [critical]
[CVE-2023-27584] Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2023-6568] Mlflow - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-6275] TOTVS Fluig Platform - Cross-Site Scripting (@s4e-io) [medium]
[CVE-2023-3578] DedeCMS 5.7.109 - Server-Side Request Forgery (@ritikchaddha) [critical]
[CVE-2023-3188] Owncast - Server Side Request Forgery (@dhiyaneshdk) [medium]
[CVE-2022-24637] Open Web Analytics 1.7.3 - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2020-11441] phpMyAdmin 5.0.2 - CRLF Injection (@ritikchaddha) [medium]
[CVE-2019-6793] GitLab Enterprise Edition - Server-Side Request Forgery (@ritikchaddha) [high]
[CVE-2019-0232] Apache Tomcat CGIServlet enableCmdLineArguments - Remote Code Execution (@dhiyaneshdk) [high] 🔥
[CVE-2017-3133] Fortinet FortiOS < 5.6.0 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2017-3132] Fortinet FortiOS < 5.6.0 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2017-3131] FortiOS 5.4.0 to 5.6.0 - Cross-Site Scripting (@ritikchaddha) [medium]
[bonita-default-login] Bonita - Default Login (@dhiyaneshdk) [high]
[camaleon-default-login] Camaleon CMS - Default Login (@dhiyaneshdk) [high]
[canon-c3325-default-login] Canon R-ADV C3325 - Default-Login (@ritikchaddha) [high]
[dragonfly-default-login] Dragonfly - Default Login (@dhiyaneshdk) [high]
[filegator-default-login] Filegator - Default-Login (@ritikchaddha) [high]
[nginx-proxy-manager-default-login] Nginx Proxy Manager - Default Login (@barttran2000) [high]
[pcoweb-default-login] pCOWeb - Default-Login (@ritikchaddha) [high]
[topaccess-default-login] Toshiba TopAccess - Default-Login (@ritikchaddha) [high]
[tplink-r470t-default-login] TP-LINK Router R470T - Default-Login (@ritikchaddha) [high]
[tplink-wR940n-default-login] TP-Link Wireless N Router WR940N - Default-Login (@ritikchaddha) [high]
[bonita-portal-panel] Bonita Portal Login - Detect (@dhiyaneshdk) [info]
[camaleon-panel] Camaleon CMS Login - Panel (@dhiyaneshdk) [info]
[canon-iradv-c3325] Canon iR-ADV C3325 Panel - Detect (@ritikchaddha) [info]
[cgit-panel] CGIT - Detect (@tess, @righettod) [info]
[docuware-panel] DocuWare - Detect (@righettod) [info]
[dragonfly-panel] DragonFly Login - Panel (@dhiyaneshdk) [info]
[filecatalyst-panel] FileCatalyst File Transfer Solution - Detect (@dhiyaneshdk) [info]
[filegator-panel] FileGator Panel - Detect (@ritikchaddha) [info]
[ivanti-csa-panel] Ivanti(R) Cloud Services Appliance - Panel (@rxerium) [info]
[maestro-listserv-panel] Maestro LISTSERV - Detect (@righettod) [info]
[open-web-analytics-panel] Open Web Analytics Login - Detect (@dhiyaneshdk) [info]
[pcoweb-panel] pCOWeb Panel - Detect (@ritikchaddha) [info]
[qualitor-itsm-panel] Qualitor ITSM - Detect (@johnk3r) [info]
[topaccess-panel] Toshiba TopAccess Panel - Detect (@ritikchaddha) [info]
[tplink-r470t-panel] TP-LINK Router R470T - Detect (@ritikchaddha) [info]
[canon-c3325-unauth] Canon R-ADV C3325 - Unauth (@ritikchaddha) [high]
[dragonfly-public-signup] DragonFly Public - Signup Enabled (@dhiyaneshdk) [high]
[navidrome-admin-install] Navidrome Admin User Creation (@dhiyaneshdk) [critical]
[open-web-analytics-installer] Open Web Analytics Installer - Exposure (@dhiyaneshdk) [high]
[pcoweb-unauth] pCOWeb - Unauth (@ritikchaddha) [high]
[cups-detect] CUPS - Detect (@rxerium) [info]
[domibus-detect] Domibus - Detect (@righettod) [info]
[hugegraph-detect] HugeGraph - Detect (@rxerium) [info]
[lobechat-detect] LobeChat - Detect (@s4e-io) [info]
[torchserve-detect] TorchServe API Description - Detect (@dhiyaneshdk) [info]
[wordpress-extendify] Extendify Detection (@ricardomaia) [info]
[wordpress-wp-mail-logging] WP Mail Logging Detection (@ricardomaia) [info]
[fumengyun-sqli] Fumeng - SQL Injection (@ritikchaddha) [critical]
[motic-dsm-arbitrary-file-read] MoticDSM - Arbitrary File Read (@s4e-io) [high]
[nacos-info-leak] Nacos - Information Disclosure (@s4e-io) [high]
[netpower-npfw-lfi] Netpower NPFW - Local File Inclusion (@ritikchaddha) [high]
[newcapec-rce] Newcap...

Contributors

ricardomaia, righettod, and 21 other contributors

Assets 3

12 Sep 06:33

princechaddha

v10.0.0

6a6ee72

Azure Config Review - Nuclei Templates v10.0.0 🎉

🔥 Release Highlights 🔥

We're excited to announce the expansion of the Nuclei Templates with a new suite specifically designed for Azure Cloud Configurations. This update introduces a series of specialized security checks tailored for the comprehensive components of Azure services, including VMs, App Services, SQL Databases, and more. These new templates are crafted to pinpoint common misconfigurations, ensure compliance with regulatory standards, and maintain adherence to industry best practices, leveraging advanced features such as flow and code

The introduction of these Azure-specific templates empowers security teams to conduct thorough security audits of their Azure environments, uncovering crucial misconfigurations and vulnerabilities. Moreover, this release offers customizable checks that can be tailored to meet the unique operational demands of different teams, aiding in the prompt detection and remediation of security issues.

We encourage contributors and reviewers to provide their valuable feedback and suggestions to help enhance and evolve these Azure security templates further. For more details, please visit our latest blog post.

Other Highlights

[CVE-2024-45195] Apache OFBiz - Remote Code Execution (@dhiyaneshdk) [high] 🔥
[CVE-2024-38472] Apache HTTPd Windows UNC - Server-Side Request Forgery (@pdteam) [high] 🔥
[CVE-2024-28987] SolarWinds Web Help Desk - Hardcoded Credential (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-22120] Zabbix Server - Time-Based Blind SQL injection (@CodeStuffBreakThings) [critical] 🔥
[CVE-2024-20440] Cisco Smart Licensing - UnAuth Credentials Exposure (@iamnoooob, @parthmalhotra, @pdresearch) [high] 🔥
[CVE-2024-20439] Cisco Smart Licensing Utility - Admin Credentials (@iamnoooob, @parthmalhotra, @pdresearch) [critical] 🔥
[CVE-2024-20419] Cisco SSM On-Prem <= 8-202206 - Account Takeover (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-8517] SPIP BigUp Plugin - Remote Code Execution (@dhiyaneshdk) [critical] 🔥
[CVE-2024-7029] AVTECH IP Camera - Command Injection (@dhiyaneshdk) [high] 🔥
[CVE-2023-34105] SRS - Command Injection (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥

What's Changed

New Templates Added: `253` | CVEs Added: `35` | First-time contributions: `2`

[CVE-2024-45388] Hoverfly < 1.10.3 - Arbitrary File Read (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-45195] Apache OFBiz - Remote Code Execution (@dhiyaneshdk) [high] 🔥
[CVE-2024-44849] Qualitor <= 8.24 - Remote Code Execution (@s4e-io) [critical]
[CVE-2024-41955] Open Redirect in Login Redirect - MobSF (@Farish) [medium]
[CVE-2024-41667] OpenAM<=15.0.3 FreeMarker - Template Injection (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-38472] Apache HTTPd Windows UNC - Server-Side Request Forgery (@pdteam) [high] 🔥
[CVE-2024-29889] GLPI 10.0.10-10.0.14 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-29882] HTTP API DOM - XSS on JSONP callback (@rootxharsh, @iamnoooob, @pdresearch) [high]
[CVE-2024-28987] SolarWinds Web Help Desk - Hardcoded Credential (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-22120] Zabbix Server - Time-Based Blind SQL injection (@CodeStuffBreakThings) [critical] 🔥
[CVE-2024-20440] Cisco Smart Licensing - UnAuth Credentials Exposure (@iamnoooob, @parthmalhotra, @pdresearch) [high] 🔥
[CVE-2024-20439] Cisco Smart Licensing Utility - Admin Credentials (@iamnoooob, @parthmalhotra, @pdresearch) [critical] 🔥
[CVE-2024-20419] Cisco SSM On-Prem <= 8-202206 - Account Takeover (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-8517] SPIP BigUp Plugin - Remote Code Execution (@dhiyaneshdk) [critical] 🔥
[CVE-2024-7786] Sensei LMS < 4.24.2 - Email Template Leak (@s4e-io) [high]
[CVE-2024-7029] AVTECH IP Camera - Command Injection (@dhiyaneshdk) [high] 🔥
[CVE-2024-6928] Opti Marketing <= 2.0.9 - SQL Injection (@s4e-io) [high]
[CVE-2024-6926] Viral Signup <= 2.1 - SQL Injection (@s4e-io) [critical]
[CVE-2024-6924] TrueBooker <= 1.0.2 - SQL Injection (@s4e-io) [high]
[CVE-2024-6846] SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge (@s4e-io) [medium]
[CVE-2024-6586] Lightdash v0.1024.6 - Server-Side Request Forgery (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-6159] Push Notification for Post and BuddyPress <= 1.93 - SQL Injection (@s4e-io) [critical]
[CVE-2023-47684] Essential Grid <= 3.1.0 - Cross-Site Scripting (@0xPugal) [medium]
[CVE-2023-41621] Emlog Pro v2.1.14 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-41597] EyouCms v1.6.2 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-35155] XWiki - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-34105] SRS - Command Injection (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
[CVE-2023-22621] Strapi Versions <=4.5.5 - SSTI to Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2023-6329] Control iD iDSecure - Authentication Bypass (@dhiyaneshdk, @princechaddha) [critical]
[CVE-2014-5187] Tom M8te (tom-m8te) Plugin 1.5.3 - Directory Traversal (@dhiyaneshdk) [medium]
[CVE-2014-5181] Last.fm Rotation 1.0 - Path Traversal (@dhiyaneshdk) [medium]
[CVE-2014-4941] Cross RSS 1.7 - Local File Inclusion (@dhiyaneshdk) [medium]
[CVE-2014-4577] WP AmASIN – The Amazon Affiliate Shop - Local File Inclusion (@dhiyaneshdk) [medium]
[CVE-2007-2449] Apache Tomcat 4.x-7.x - Cross-Site Scripting (@pdteam, @ritikchaddha) [medium]
[CVE-2000-0760] Jakarta Tomcat 3.1 and 3.0 - Exposure (@Thabisocn) [low]
[azure-custom-admin-role-unrestricted] Azure Subscription Administrator Custom Role Unrestricted Access (@princechaddha) [high]
[azure-custom-owner-role-unrestricted] Azure Custom Owner Role Available (@princechaddha) [medium]
[azure-iam-role-resource-lock-unassigned] Azure IAM Role for Resource Locking Not Assigned (@princechaddha) [medium]
[azure-entra-id-guest-users-unmonitored] Azure Entra ID Guest Users Unmonitored (@princechaddha) [medium]
[azure-mfa-not-enabled-privileged-users] Azure MFA Not Enabled for All Privileged Users (@princechaddha) [high]
[azure-db-mysql-delete-unalerted] Azure MySQL Database Delete Alert Not Configured (@princechaddha) [high]
[azure-delete-lb-alert-unconfigured] Azure Delete Load Balancer Alert Not Configured (@princechaddha) [high]
[azure-key-vault-delete-unalerted] Azure Key Vault Delete Alert Not Configured (@princechaddha) [high]
[azure-keyvault-update-unalerted] Azure Key Vault Update Alert Not Configured (@princechaddha) [high]
[azure-lb-create-update-missing] Azure Load Balancer Create or Update Alert Not Configured (@princechaddha) [high]
[azure-mysql-db-update-unalerted] Azure MySQL Database Create/Update Alert Not Configured (@princechaddha) [high]
[azure-nsg-create-update-unalerted] Azure Network Security Group Create/Update Alert Not Configured (@princechaddha) [high]
[azure-nsg-delete-unalerted] Azure Network Security Group Delete Alert Not Configured (@princechaddha) [high]
[azure-nsg-rule-delete-unalerted] Azure NSG Rule Delete Alert Not Configured (@princechaddha) [high]
[azure-nsg-rule-update-unalerted] Azure Network Security Group Rule Create/Update Alert Not Configured (@princechaddha) [high]
[azure-policy-assignment-create-alert-missing] Azure Policy Assignment Create Alert Not Configured (@princechaddha) [high]
[azure-policy-assignment-delete-unalerted] Azure Policy Assignment Delete Alert Not Configured (@princechaddha) [high]
[azure-postgresql-db-delete-unalerted] Azure PostgreSQL Database Delete Alert Not Configured (@princechaddha) [high]
[azure-postgresql-db-update-unalerted] Azure PostgreSQL Database Create/Update Alert Not Configured (@princechaddha) [high]
[azure-public-ip-delete-unalerted] Azure Public IP Delete Alert Not Configured (@princechaddha) [high]
[azure-public-ip-update-unalerted] Azure Public IP Create/Update Alert Not Configured (@princechaddha) [high]
[azure-security-policy-update-unalerted] Azure Update Security Policy Alert Not Configured (@princechaddha) [high]
[azure-security-solution-delete-unalerted] Azure Security Solution Delete Alert Not Configured (@princechaddha) [high]
[azure-security-solutions-update-unalerted] Azure Security Solutions Create/Update Alert Not Configured (@princechaddha) [high]
[azure-sql-database-rename-unalerted] Azure SQL Database Rename Alert Not Configured (@princechaddha) [high]
[azure-sql-db-update-unalerted] Azure SQL Database Create/Update Alert Not Configured (@princechaddha) [high]
[azure-sql-delete-db-unalerted] Azure SQL Delete Database Alert Not Configured (@princechaddha) [high]
[azure-sql-fw-rule-unalerted] Azure SQL Server Firewall Rule Create/Update/Delete Alert Not Configured (@princechaddha) [high]
[azure-storage-account-delete-unalerted] Azure Storage Account Delete Alert Not Configured (@princechaddha) [high]
[azure-storage-account-update-unalerted] Azure Storage Account Create/Update Alert Not Configured (@princechaddha) [high]
[azure-vm-create-update-unalerted] Azure VM Create/Update Alert Not Configured (@princechaddha) [high]
[azure-vm-deallocate-unalerted] Azure Virtual Machine Deallocate Alert Not Configured (@princechaddha) [high]
[azure-vm-delete-unalerted] Azure Virtual Machine Delete Alert Not Configured (@princechaddha) [high]
[azure-vm-poweroff-unalerted] Azure Virtual Machine Power Off Alert Not Configured (@princechaddha) [high]
[azure-openai-cmk-not-enabled] Azure OpenAI Encryption using Customer-Managed Keys Not Enabled (@princechaddha) [high]
[azure-openai-managed-identity-not-used] Azure OpenAI Service Instance Managed Identity Not Used (@princechaddha) [medium]
[azure-openai-private-endpoints-unconfigured] Azure OpenAI Service Instances No...

Contributors

gmeghab, kazet, and 22 other contributors

Assets 3

02 Sep 10:30

princechaddha

v9.9.4

f4251b0

v9.9.4

What's Changed

🔥 Release Highlights 🔥

[CVE-2024-43425] Moodle - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-29868] Apache StreamPipes - Weak PRNG in Recovery Token Generation (@alessandro - DEVisions) [critical] 🔥
[CVE-2024-24809] Traccar - Unrestricted File Upload (@dhiyaneshdk) [high] 🔥
[CVE-2024-7593] Ivanti vTM - Authentication Bypass (@gy741) [critical] 🔥
[CVE-2024-6670] WhatsUp Gold HasErrors SQL Injection - Authentication Bypass (@dhiyaneshdk, @princechaddha) [critical] 🔥
[CVE-2024-5932] GiveWP - PHP Object Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥

Bug Fixes

Fixed typo in 'shodan-query' key in AirOS Panel detection (#10615).

False Positives

Fixed Nacos version detection false positive (#10647).
Fixed false positives for mixed active content (#10571).
Fixed false positives for weak login detection in XUI (#10533).
Fixed false positives in CVE-2023-33584 template (#10459).
Fixed false positives for CVE-2018-11784 detection (#10495).
Updated SQL injection delay time to reduce false positives in wp-statistics (#10377).
Updated SQL injection delay time for CVE-2023-6063 to reduce false positives (#10376).

Enhancements

Updated GitHub takeover matchers to match new 404 page (#10553).
Improved CVE-2014-6271 detection (#10621).
Enhanced detection of HashiCorp Vault login panel (#10599).
Added new endpoint detection for phpMyAdmin panel (#10451).

Template Updates

New Templates Added: `59` | CVEs Added: `30` | First-time contributions: `13`

[CVE-2024-45241] CentralSquare CryWolf - Path Traversal (@s4e-io) [high]
[CVE-2024-43425] Moodle - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-32231] Stash < 0.26.0 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2024-29868] Apache StreamPipes <= 0.93.0 - Use of Cryptographically Weak PRNG in Recovery Token Generation (@alessandro Albani - DEVisions) [critical] 🔥
[CVE-2024-29272] VvvebJs < 1.7.5 - Arbitrary File Upload (@s4e-io) [medium]
[CVE-2024-24809] Traccar - Unrestricted File Upload (@dhiyaneshdk) [high] 🔥
[CVE-2024-23163] GestSup - Account Takeover (@eeche, @chae1xx1os, @persona-twotwo, @soonghee2, @gy741) [critical]
[CVE-2024-8181] Flowise <= 1.8.2 Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-7954] SPIP Porte Plume Plugin - Remote Code Execution (@s4e-io) [critical]
[CVE-2024-7928] FastAdmin < V1.3.4.20220530 - Path Traversal (@s4e-io) [medium]
[CVE-2024-7593] Ivanti vTM - Authentication Bypass (@gy741) [critical] 🔥
[CVE-2024-6911] PerkinElmer ProcessPlus <= 1.11.6507.0 - Local File Inclusion (@s4e-io) [high]
[CVE-2024-6893] Journyx - XML External Entities Injection (XXE) (@s4eio) [high]
[CVE-2024-6842] AnythingLLM - Information Disclosure (@ingbunga, @rahaaaiii, @asteria121, @breakpack, @gy741) [high]
[CVE-2024-6670] WhatsUp Gold HasErrors SQL Injection - Authentication Bypass (@dhiyaneshdk, @princechaddha) [critical] 🔥
[CVE-2024-6095] LocalAI - Partial Local File Read (@iamnoooob, @pdresearch, @rootxharsh) [medium]
[CVE-2024-5932] GiveWP - PHP Object Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-5827] Vanna - SQL injection (@olfloralo, @nukunga, @harksu, @nechyo, @gy741) [critical]
[CVE-2024-5765] WpStickyBar <= 2.1.0 - SQL Injection (@theamanrawat) [high]
[CVE-2024-5421] SEH utnserver Pro/ProMAX/INU-100 20.1.22 - File Exposure (@bl4ckp4r4d1s3) [high]
[CVE-2024-5420] SEH utnserver Pro/ProMAX/INU-100 20.1.22 - Cross-Site Scripting (@bl4ckp4r4d1s3) [high]
[CVE-2024-3850] Uniview NVR301-04S2-P4 - Cross-Site Scripting (@bleron Rrustemi, @r3naissance) [medium]
[CVE-2023-46818] ISPConfig - PHP Code Injection (@non-things) [high]
[CVE-2023-40504] LG Simple Editor <= v3.21.0 - Command Injection (@s4e-io) [critical]
[CVE-2023-34754] Bloofox v0.5.2.1 - SQL Injection (@ritikchaddha) [critical]
[CVE-2023-29506] XWiki >= 13.10.8 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-22893] Strapi Versions <=4.5.6 - Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2023-3521] FOSSBilling < 0.5.3 - Cross-Site Scripting (@ctflearner) [medium]
[CVE-2023-2624] KiviCare WordPress Plugin - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2020-28429] geojson2kml - Command Injection (@eeche, @chae1xx1os, @persona-twotwo, @soonghee2) [critical]
[cookie-consent-detection] Cookie Consent Detection (@rxerium) [info]
[couchdb-default-login] CouchDB - Default Login (@thefoggiest) [high]
[fuji-xerox-default-login] Fuji Xerox ApeosPort - Default Login (@morgan Robertson) [high]
[ispconfig-hcp-default-login] ISPConfig Hosting Control Panel - Default Login (@ritikchaddha) [high]
[jellyfin-default-login] Jellyfin Console - Default Login (@thefoggiest) [high]
[rundeck-default-login] Rundeck - Default Login (@karkis3c) [high]
[ivanti-traffic-manager-panel] Ivanti Traffic Manager Panel - Detect (@rxerium) [info]
[kiali-panel] Kiali - Detect (@righettod) [info]
[malwared-byob] Malwared (Build Your Own Botnet) - Detect (@pdteam) [info]
[procore-panel] Procore Login - Panel (@rxerium) [info]
[elgg-installer] Elgg - Installation (@s4e-io) [high]
[jackett-installer] Jackett - Installer (@ritikchaddha) [high]
[jackett-unauth] Jackett UI - Unauthenticated (@ProjectDiscoveryAI) [high]
[lidarr-dashboard-unauth] Lidarr Dashboard - Unauthenticated (@ProjectDiscoveryAI) [medium]
[prowlarr-dashboard-unauth] Prowlarr Dashboard - Unauthenticated (@ProjectDiscoveryAI) [medium]
[radarr-dashboard-unauth] Radarr Dashboard - Unauthenticated (@ProjectDiscoveryAI) [medium]
[readarr-dashboard-unauth] Readarr Dashboard - Unauthenticated (@ProjectDiscoveryAI) [medium]
[sonarr-dashboard-unauth] Sonarr Dashboard - Unauthenticated (@ProjectDiscoveryAI) [medium]
[whisparr-dashboard-unauth] Whisparr Dashboard - Unauthenticated (@ProjectDiscoveryAI) [medium]
[akamai-bot-manager-detect] Akamai Bot Manager Protection - Detect (@Fazle Arefin) [info]
[apache-streampipes-detect] Apache StreamPipes - Detect (@alessandro Albani - DEVisions) [info]
[bigip-apm-detect] BIGIP APM - Detect (@nodauf) [info]
[spip-detect] SPIP - Detect (@s4e-io) [info]
[malwared-byob-rce] Malwared BYOB - Unauthenticated Remote Code Execution (@pdteam) [critical]
[mobsf-apktool-lfi] MobSF - Path Traversal (@will Mccardell) [high]
[elgg-sqli] Elgg 5.1.4 - SQL Injection (@s4e-io) [high]
[prest-sqli-auth-bypass] pREST < 1.5.4 - SQLi Via Authentication Bypass (@mihail8531, @iamnoooob, @rootxharsh, @pdresearch) [critical]
[readymade-unilevel-sqli] Readymade Unilevel Ecommerce MLM - SQL Injection (@s4e-garage) [high]
[readymade-unilevel-xss] Readymade Unilevel Ecommerce MLM - Cross-Site Scripting (@s4e-garage) [high]

New Contributors

@Parshva87 made their first contribution in #10536
@syntacticNaCl made their first contribution in #10553
@fazlearefin made their first contribution in #10596
@flyingllama87 made their first contribution in #10600
@ingbunga made their first contribution in #10427
@thefoggiest made their first contribution in #10435
@oIfloraIo made their first contribution in #10429
@non-things made their first contribution in #10549
@DEVisions made their first contribution in #10131
@nil0x42 made their first contribution in #10615
@willmccardell made their first contribution in #10367
@BrunoTeixeira1996 made their first contribution in #10622
@eeche made their first contribution in #10489

Full Changelog: v9.9.3...v9.9.4

Contributors

will, morgan, and 43 other contributors

Assets 3

16 Aug 22:04

princechaddha

v9.9.3

911a579

v9.9.3

🔥 Release Highlights 🔥

[CVE-2024-41107] Apache CloudStack - SAML Signature Exclusion (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-40422] Devika v1 - Path Traversal (@s4e-garage, @alpernae) [critical] 🔥
[CVE-2024-39907] 1Panel SQL Injection - Authenticated (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-38856] Apache OFBiz - Remote Code Execution (@Co5mos) [critical] 🔥
[CVE-2024-36104] Apache OFBiz - Path Traversal (@Co5mos) [critical] 🔥
[CVE-2024-7339] TVT DVR Sensitive Device - Information Disclosure (@stuxctf) [medium] 🔥
[CVE-2024-6782] Calibre <= 7.14.0 Remote Code Execution (@dhiyaneshdk) [critical] 🔥

What's Changed

New Templates Added: `56` | CVEs Added: `33` | First-time contributions: `4`

[CVE-2024-41628] Cluster Control CMON API - Directory Traversal (@s4e-garage) [high]
[CVE-2024-41107] Apache CloudStack - SAML Signature Exclusion (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-40422] Devika v1 - Path Traversal (@s4e-garage, @alpernae) [critical] 🔥
[CVE-2024-39907] 1Panel SQL Injection - Authenticated (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
[CVE-2024-39903] Solara <1.35.1 - Local File Inclusion (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-38856] Apache OFBiz - Remote Code Execution (@Co5mos) [critical] 🔥
[CVE-2024-38514] NextChat - Server-Side Request Forgery (@dhiyaneshdk) [high]
[CVE-2024-38288] TurboMeeting - Post-Authentication Command Injection (@rootxharsh, @iamnoooob, @pdresearch) [high]
[CVE-2024-36104] Apache OFBiz - Path Traversal (@Co5mos) [critical] 🔥
[CVE-2024-34061] Changedetection.io <=v0.45.21 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2024-24763] JumpServer < 3.10.0 - Open Redirect (@ritikchaddha) [medium]
[CVE-2024-7340] W&B Weave Server - Remote Arbitrary File Leak (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2024-7339] TVT DVR Sensitive Device - Information Disclosure (@stuxctf) [medium] 🔥
[CVE-2024-7332] TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability (@s4e-garage) [critical]
[CVE-2024-7188] Bylancer Quicklancer 2.4 G - SQL Injection (@s4e-garage) [high]
[CVE-2024-7120] Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 - Command Injection (@pussycat0x) [medium]
[CVE-2024-7008] Calibre <= 7.15.0 - Reflected Cross-Site Scripting (XSS) (@dhiyaneshdk) [medium]
[CVE-2024-6922] Automation Anywhere Automation 360 - Server-Side Request Forgery (@dhiyaneshdk) [high]
[CVE-2024-6782] Calibre <= 7.14.0 Remote Code Execution (@dhiyaneshdk) [critical] 🔥
[CVE-2024-6781] Calibre <= 7.14.0 Arbitrary File Read (@dhiyaneshdk) [high]
[CVE-2024-6396] Aimhubio Aim Server 3.19.3 - Arbitrary File Overwrite (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2024-6366] User Profile Builder < 3.11.8 - File Upload (@s4e-garage) [high]
[CVE-2024-6205] PayPlus Payment Gateway < 6.6.9 - SQL Injection (@s4e-garage) [critical]
[CVE-2024-5975] CZ Loan Management <= 1.1 - SQL Injection (@s4e-garage) [critical]
[CVE-2024-5936] PrivateGPT < 0.5.0 - Open Redirect (@ctflearner) [medium]
[CVE-2023-44393] Piwigo - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-43323] mooSocial 3.1.8 - External Service Interaction (@ritikchaddha) [medium]
[CVE-2023-6444] Seriously Simple Podcasting < 3.0.0 - Information Disclosure (@s4eio) [medium]
[CVE-2023-5863] phpMyFAQ < 3.2.0 - Cross-site Scripting (@ctflearner) [medium]
[CVE-2023-5222] Viessmann Vitogate 300 - Hardcoded Password (@ritikchaddha) [critical]
[CVE-2022-27043] Yearning - Directory Traversal (@Co5mos) [high]
[CVE-2022-3869] Froxlor < 0.10.38.2. - HTML Injection (@ctflearner) [medium]
[CVE-2004-2687] Distccd v1 - Remote Code Execution (@pussycat0x) [high]
[cloudstack-default-login] Apache CloudStack - Default Login (@dhiyaneshdk) [high]
[airos-panel] AirOS Panel - Detect (@rxerium) [info]
[fossbilling-panel] FOSSBilling Panel - Detect (@ritikchaddha) [info]
[metube-detect] MeTube Instance Detected (@rxerium) [info]
[openedge-panel] OpenEdge Login Panel - Detect (@rxerium) [info]
[photoprism-panel] PhotoPrism Panel - Detect (@rxerium) [info]
[privategpt-detect] PrivateGPT - Detect (@ritikchaddha) [info]
[whatsup-gold-panel] Whatsup Gold Login Panel - Detect (@rxerium) [info]
[gitlab-ci-yml] GitLab CI YAML - Exposure (@dhiyaneshdk) [medium]
[changedetection-unauth] Changedetection.io Dashboard - Exposure (@ritikchaddha) [medium]
[deployment-interface-exposed] Deployment Management Interface - Exposed (@dhiyaneshdk) [medium]
[fossbilling-installer] FOSSBilling - Installation (@ritikchaddha) [high]
[quickcms-installer] QuickCMS Installation Wizard (@dhiyaneshdk) [high]
[manage-cabinet-register] Manage Cabinet Register - Exposed (@noel) [low]
[substack] substack.com User Name Information - Detect (@cheesymoon) [info]
[apache-ofbiz-detect] Apache OFBiz - Detect (@rxerium) [info]
[apache-shenyu-detect] Apache Shenyu Gateway Management System - Detect (@icarot) [info]
[searxng-detect] SearXNG - Detect (@rxerium) [info]
[esafenet-netsecconfigajax-sqli] Esafenet CDG NetSecConfigAjax - Sql Injection (@adeljck) [high]
[esafenet-noticeajax-sqli] Esafenet CDG NoticeAjax - Sql Injection (@adeljck) [high]
[landray-oa-replaceextend-rce] Landray OA replaceExtend Function - Remote Code Execution (@adeljck) [critical]
[x11-unauth-access] x11 - Unauthenticated Access (@pussycat0x) [high]
[db2-discover] Broadcast DB2 Discover (@pussycat0x) [info]

New Contributors

@lanyi1998 made their first contribution in #10402
@eltociear made their first contribution in #10401
@NoelV11 made their first contribution in #10387
@gelim made their first contribution in #10420

Full Changelog: v9.9.2...v9.9.3

Contributors

noel, gelim, and 18 other contributors

Assets 3

26 Jul 07:35

princechaddha

v9.9.2

b225a14

v9.9.2

🔥 Release Highlights 🔥

[CVE-2024-40348] Bazarr < 1.4.3 - Arbitrary File Read (@s4e-garage) [high] 🔥
[CVE-2024-38526] Polyfill Supply Chain Attack Malicious Code Execution (@abut0n) [high] 🔥
[CVE-2024-34351] Next.js - Server Side Request Forgery (SSRF) (@righettod) [high] 🔥
[CVE-2024-5217] ServiceNow - Incomplete Input Validation (@dhiyaneshdk, @ritikchaddha) [critical] 🔥
[CVE-2024-4879] ServiceNow UI Macros - Template Injection (@dhiyaneshdk, @ritikchaddha) [unknown] 🔥
[CVE-2023-43662] ShokoServer System - Local File Inclusion (LFI) (@pussycat0x) [high] 🔥
[CVE-2023-4220] Chamilo LMS <= 1.11.24 - Remote Code Execution (@s4e-garage) [medium] 🔥
[CVE-2022-34267] RWS WorldServer - Auth Bypass (@pdresearch, @iamnoooob, @rootxharsh, @parthmalhotra) [critical] 🔥

What's Changed

Bug Fixes

Corrected issue with mismatched redirects (Issue #10125).
Resolved invalid template error for CVE-2024-36991 (Issue #10352).

False Negatives

Improved detection in the SVN configuration leak template, reducing underreporting (Issue #10344).
Addressed false negatives in the following:
Exposed SVN configuration (PR #10362)
CVE-2019-7139 template (PR #10339)

False Positives

Reduced false positives and improved accuracy in the following templates:
IdeMia biometrics default login (Issues #10126, #10277)
jan-file-upload (PR #10361)
Apache XSS (PR #10342)
Beanstalk service (PR #10334, duplicated issue)
DS-Store file discovery (PR #10278)
GOIP default login (PR #10276)

Enhancements

Enhanced detection capabilities in dom-xss.yaml (PR #10360).
Improved accuracy in generic-xxe.yaml (PR #10359).

New Templates Added: `67` | CVEs Added: `32` | First-time contributions: `7`

[CVE-2024-40348] Bazarr < 1.4.3 - Arbitrary File Read (@s4e-garage) [high] 🔥
[CVE-2024-39914] FOG Project < 1.5.10.34 - Remote Command Execution (@s4e-garage) [critical]
[CVE-2024-39250] EfroTech Timetrax v8.3 - Sql Injection (@s4e-garage, @efran) [high]
[CVE-2024-38526] Polyfill Supply Chain Attack Malicious Code Execution (@abut0n) [high] 🔥
[CVE-2024-38289] TurboMeeting - Boolean-based SQL Injection (@rootxharsh, @iamnoooob, @pdresearch) [critical]
[CVE-2024-37843] Craft CMS <=v3.7.31 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2024-34351] Next.js - Server Side Request Forgery (SSRF) (@righettod) [high] 🔥
[CVE-2024-34257] TOTOLINK EX1800T TOTOLINK EX1800T - Command Injection (@pussycat0x) [high]
[CVE-2024-32238] H3C ER8300G2-X - Password Disclosure (@s4e-garage) [critical]
[CVE-2024-6746] EasySpider 0.6.2 - Arbitrary File Read (@s4e-garage) [medium]
[CVE-2024-6646] Netgear-WN604 downloadFile.php - Information Disclosure (@pussycat0x) [medium]
[CVE-2024-6587] LiteLLM - Server-Side Request Forgery (@pdresearch, @iamnoooob, @rootxharsh, @lambdasawa) [high]
[CVE-2024-6289] WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure (@s4e-garage) [medium]
[CVE-2024-5315] Dolibarr ERP CMS list.php - SQL Injection (@rootxharsh, @iamnoooob, @pdresearch) [critical]
[CVE-2024-5217] ServiceNow - Incomplete Input Validation (@dhiyaneshdk, @ritikchaddha) [critical] 🔥
[CVE-2024-4885] Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal - RCE (@sinsinology,@iamnoooob,@rootxharsh,@pdresearch) [critical] 🔥
[CVE-2024-4879] ServiceNow UI Macros - Template Injection (@dhiyaneshdk, @ritikchaddha) [unknown] 🔥
[CVE-2024-4295] Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via Hash (@iamnoooob, @rootxharsh, @pdresearch) [critical]
[CVE-2024-4257] BlueNet Technology Clinical Browsing System 1.2.1 - Sql Injection (@s4e-garage) [medium]
[CVE-2024-3742] Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure (@Farish) [high]
[CVE-2024-2330] NS-ASG Application Security Gateway 6.3 - Sql Injection (@s4e-garage) [medium]
[CVE-2024-1512] MasterStudy LMS WordPress Plugin <= 3.2.5 - SQL Injection (@s4e-garage) [critical]
[CVE-2023-48728] WWBN AVideo 11.6 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-44012] mojoPortal v.2.7.0.0 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-43662] ShokoServer System - Local File Inclusion (LFI) (@pussycat0x) [high] 🔥
[CVE-2023-29204] XWiki - Open Redirect (@ritikchaddha) [medium]
[CVE-2023-4450] JeecgBoot JimuReport - Template injection (@sumanth Vankineni) [critical]
[CVE-2023-4220] Chamilo LMS <= 1.11.24 - Remote Code Execution (@s4e-garage) [medium] 🔥
[CVE-2023-2309] wpForo Forum <= 2.1.8 - Cross-Site Scripting (@s4e-garage) [medium]
[CVE-2022-45269] Linx Sphere - Directory Traversal (@robotshell) [high]
[CVE-2022-38322] Temenos Transact - Cross-Site Scripting (@Qotoz) [high]
[CVE-2022-34267] RWS WorldServer - Auth Bypass (@pdresearch, @iamnoooob, @rootxharsh, @parthmalhotra) [critical] 🔥
[CNVD-2023-72138] LiveGBS user/save - Logical Flaw (@pussycat0x) [high]
[deluge-default-login] Deluge - Default Login (@ritikchaddha) [high]
[gitblit-default-login] Gitblit - Default Login (@ritikchaddha) [high]
[netflow-default-login] Netflow Analyzer - Default Login (@dhiyaneshdk) [high]
[adguard-panel] AdGuard Panel - Detect (@ritikchaddha) [info]
[falcosidekick-panel] Falcosidekick UI Login Panel - Detect (@righettod) [info]
[freshrss-panel] Freshrss Panel - Detect (@ritikchaddha) [info]
[gradle-develocity-panel] Gradle Develocity Build Cache Node Login Panel - Detect (@righettod) [info]
[hal-management-panel] HAL Management Console Panel (@dhiyaneshdk) [info]
[netflow-analyzer-panel] Netflow Analyzer Login - Panel (@dhiyaneshdk) [info]
[tomcat-exposed] Tomcat Exposed - Detect (@Podalirius, @righettod) [info]
[apache-ozone-conf] Apache Ozone - Exposure (@icarot) [info]
[snoop-servlet] Snoop Servlet - Information Disclosure (@omranisecurity) [low]
[adcs-certificate] Certification Authority Web Enrollment (ADCS) - Detection (@Pastaga, @DefTe) [info]
[freshrss-unauth] Freshrss Admin Dashboard - Exposed (@ritikchaddha) [high]
[adguard-installer] AdGuard - Installation (@ritikchaddha) [high]
[freshrss-installer] FreshRSS - Installation (@ritikchaddha) [high]
[mongod-exposure] MongoD Server - Exposure (@dhiyaneshdk) [low]
[servicenow-title-injection] Service Now - Title Injection (@dhiyaneshdk) [high]
[sftpgo-admin-setup] SFTPGo Admin - Setup (@ritikchaddha) [high]
[ssrpm-arbitrary-password-reset] SSRPM - Arbitary Password Reset on Default Client Interface Installation (@vince-isec) [high]
[apache-gravitino-detect] Apache Gravitino - Detect (@icarot) [info]
[apache-ozone-detect] Apache Ozone - Detect (@icarot) [info]
[wordpress-fluent-smtp] FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider Detection (@ricardomaia) [info]
[wordpress-wp-crontrol] WP Crontrol Detection (@ricardomaia) [info]
[hikvision-isecure-info-leak] HIKVISION iSecure Center - Information Leak (@adeljck) [high]
[nextjs-middleware-cache] Next.js - Cache Poisoning (@dhiyaneshdk) [high]
[nextjs-rsc-cache] Next.js - Cache Poisoning (@dhiyaneshdk) [high]
[jan-file-upload] Jan - Arbitrary File Upload (@pussycat0x) [high]
[lvs-download-lfi] LVS DownLoad.aspx - Local File Inclusion (LFI) (@pussycat0x) [high]
[ncast-lfi] Ncast HD Intelligent Recording - Arbitrary File Reading (@pussycat0x) [high]
[wifisky7-rce] WIFISKY-7 Layer Flow Control Router - Remote Code Execution (@pussycat0x) [high]
[7777botnet-detect] 7777-Botnet - Detect (@johnk3r) [info]
[thinkphp6-arbitrary-write] ThinkPHP 6.0.0~6.0.1 - Arbitrary File Write (@arliya) [critical]
[nacos-workflow] Nacos Security Checks (@Co5mos)

New Contributors

@kimtruth made their first contribution in #10260
@omranisecurity made their first contribution in #10178
@divatchyano made their first contribution in #10275
@Sumanthsec made their first contribution in #10280
@allendemoura made their first contribution in #10279
@Matsue made their first contribution in #10165
@adeljck made their first contribution in #10370

Full Changelog: v9.9.1...v9.9.2

Contributors

sumanth, Matsue, and 30 other contributors

Assets 3

10 Jul 13:27

princechaddha

v9.9.1

6e1546d

v9.9.1

🔥 Release Highlights 🔥

[CVE-2024-37032] Ollama - Remote Code Execution (@kaks3c) [critical] 🔥
[CVE-2024-36991] Splunk Enterprise - Local File Inclusion (@dhiyaneshdk) [high] 🔥
[CVE-2024-36401] GeoServer RCE in Evaluating Property Name Expressions (@dhiyaneshdk) [critical] 🔥
[CVE-2024-34102] Adobe Commerce & Magento - CosmicSting (@dhiyaneshdk) [critical] 🔥
[CVE-2024-33113] D-LINK DIR-845L bsc_sms_inbox.php file - Information Disclosure (@pussycat0x) [medium] 🔥
[CVE-2024-29972] Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account (@gy741) [critical] 🔥
[CVE-2024-6028] Quiz Maker <= 6.5.8.3 - SQL Injection (@s4e-garage) [critical] 🔥
[CVE-2023-52251] Kafka UI 0.7.1 Command Injection (@yhy0, @iamnoooob) [high] 🔥
[CVE-2020-10189] ManageEngine Desktop Central Java Deserialization (@king-alexander) [critical] 🔥

What's Changed

New Templates Added: `75` | CVEs Added: `29` | First-time contributions: `5`

[CVE-2024-37881] SiteGuard WP Plugin <= 1.7.6 - Login Page Disclosure (@s4e-garage) [medium]
[CVE-2024-37152] Argo CD Unauthenticated Access to sensitive setting (@dhiyaneshdk) [medium]
[CVE-2024-37032] Ollama - Remote Code Execution (@kaks3c) [critical] 🔥
[CVE-2024-36991] Splunk Enterprise - Local File Inclusion (@dhiyaneshdk) [high] 🔥
[CVE-2024-36401] GeoServer RCE in Evaluating Property Name Expressions (@dhiyaneshdk) [critical] 🔥
[CVE-2024-34102] Adobe Commerce & Magento - CosmicSting (@dhiyaneshdk) [critical] 🔥
[CVE-2024-33610] Sharp Multifunction Printers - Cookie Exposure (@gy741) [medium]
[CVE-2024-33605] Sharp Multifunction Printers - Directory Listing (@gy741) [high]
[CVE-2024-33113] D-LINK DIR-845L bsc_sms_inbox.php file - Information Disclosure (@pussycat0x) [medium] 🔥
[CVE-2024-32709] WP-Recall <= 16.26.5 - SQL Injection (@s4e-garage) [critical]
[CVE-2024-29972] Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account (@gy741) [critical] 🔥
[CVE-2024-27292] Docassemble - Local File Inclusion (@johnk3r) [high]
[CVE-2024-25852] Linksys RE7000 - Command Injection (@s4e-garage) [high]
[CVE-2024-6188] TrakSYS 11.x.x - Sensitive Data Exposure (@s4e-garage) [medium]
[CVE-2024-6028] Quiz Maker <= 6.5.8.3 - SQL Injection (@s4e-garage) [critical] 🔥
[CVE-2024-5947] Deep Sea Electronics DSE855 - Authentication Bypass (@s4e-garage) [medium]
[CVE-2024-5522] WordPress HTML5 Video Player < 2.5.27 - SQL Injection (@JohnDoeAnonITA) [critical]
[CVE-2024-5084] Hash Form <= 1.1.0 - Arbitrary File Upload (@s4e-garage) [critical]
[CVE-2024-4836] Edito CMS - Sensitive Data Leak (@s4e-garage) [high]
[CVE-2024-4434] LearnPress WordPress LMS Plugin <= 4.2.6.5 - SQL Injection (@s4e-garage) [critical]
[CVE-2023-52251] Kafka UI 0.7.1 Command Injection (@yhy0, @iamnoooob) [high] 🔥
[CVE-2023-47117] Label Studio - Sensitive Information Exposure (@iamnoooob, @rootxharsh, @pdresearch) [high]
[CVE-2023-41599] JFinalCMS v5.0.0 - Directory Traversal (@pussycat0x) [medium]
[CVE-2023-35161] XWiki >= 6.2-milestone-1 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-35160] XWiki >= 2.5-milestone-2 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-35159] XWiki >= 3.4-milestone-1 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-35156] XWiki >= 6.0-rc-1 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-3380] WAVLINK WN579X3 - Remote Command Execution (@pussycat0x) [critical]
[CVE-2020-10189] ManageEngine Desktop Central Java Deserialization (@king-alexander) [critical] 🔥
[CNVD-2023-03903] EduSoho < v22.4.7 - Local File Inclusion (@s4e-garage) [high]
[CNVD-2021-64035] Leadsec VPN - Arbitrary File Read (@xiaoWangSec) [high]
[spring4shell-CVE-2022-22965] Spring Framework RCE via Data Binding on JDK 9+ (@dhiyaneshdk, @ritikchaddha) [critical] 🔥
[csv-injection] CSV Injection Detection (@dhiyaneshdk, @ritikchaddha) [medium]
[xinclude-injection] XInclude Injection - Detection (@dhiyaneshdk, @ritikchaddha) [high]
[apache-apollo-default-login] Apache Apollo - Default Login (@ritikchaddha) [high]
[caprover-default-login] Caprover - Default Login (@ritikchaddha) [high]
[dialogic-xms-default-login] Dialogic XMS Admin Console - Default Login (@ritikchaddha) [high]
[jeedom-default-login] Jeedom - Default Login (@ritikchaddha) [high]
[ruijie-nbr-default-login] Ruijie NBR Series Routers - Default Login (@pussycat0x) [high]
[apache-apollo-panel] Apache Apollo Panel - Detect (@ritikchaddha) [info]
[dialogic-xms-console] Dialogic XMS Admin Console - Detect (@ritikchaddha) [info]
[endpoint-protector-panel] Endpoint Protector Login Panel - Detect (@pussycat0x) [info]
[label-studio-panel] Label Studio - Login Panel (@dhiyaneshdk) [info]
[sql-server-dump] SQL Server - Dump Files (@userdehghani) [medium]
[apache-pinot-config] Apache Pinot - Exposure (@icarot) [medium]
[filestash-admin-config] Filestash Admin Password Configuration (@dhiyaneshdk) [high]
[neo4j-neodash-config] Neo4j Neodash Config - Exposure (@icarot) [medium]
[jwk-json-leak] JSON Web Key File - Exposure (@mohsen Yaghoubi) [low]
[coolify-register-account] Coolify Register User Account - Enabled (@dhiyaneshdk) [medium]
[forgejo-repo-exposure] Forgejo Repositories - Exposure (@dhiyaneshdk) [medium]
[kodbox-installer] Kodbox Installation Page - Exposure (@dhiyaneshdk) [high]
[piwigo-installer] Piwigo Installation Page - Exposure (@dhiyaneshdk) [high]
[poste-io-installer] Poste.io - Installer (@dhiyaneshdk) [high]
[subrion-installer] Subrion CMS Web Installer - Exposure (@ritikchaddha) [high]
[label-studio-signup] Label Studio - Sign-up Detect (@dhiyaneshdk) [unknown]
[laragon-phpinfo] Laragon - phpinfo Disclosure (@dhiyaneshdk) [low]
[seq-dashboard-unauth] Seq Dashboard - Unauthenticated (@dhiyaneshdk) [high]
[apache-cloudstack-detect] Apache CloudStack - Detect (@pussycat0x) [info]
[apache-pinot-detect] Apache Pinot - Detect (@icarot) [info]
[neo4j-neodash-detect] Neo4j Neodash - Detect (@icarot) [info]
[wordpress-chaty] Floating Chat Widget' Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty Detection (@ricardomaia) [info]
[polyfill-backdoor] Polyfill.io - Detection (@kazet) [low]
[hjsoft-hcm-lfi] Hongjing HCM - Local File Inclusion (@s4e-garage) [high]
[hjsoft-hcm-sqli] Hongjing HCM - Sql Injection (@s4e-garage) [high]
[hjsoft-hcm-tb-sqli] Hongjing HCM - Time-Based Sql Injection (@s4e-garage) [high]
[jinhe-oa-c6-upload-lfi] Jinhe OA_C6_UploadFileDownLoadnew - Arbitrary File Read (@pussycat0x) [high]
[next-js-cache-poisoning] Next.js Cache Poisoning (@Ice3man543) [high]
[azon-dominator-sqli] Azon Dominator - SQL Injection (@s4e-garage) [high]
[bagisto-csti] Bagisto 2.1.2 Client-Side Template Injection (@s4e-garage) [medium]
[crocus-lfi] Crocus system Service.do - Arbitrary File Read (@pussycat0x) [high]
[enjoyrmis-sqli] EnjoyRMIS - SQL Injection (@s4e-garage) [high]
[h3c-cnsss-arbitrary-file-upload] H3C CNSSS - Arbitrary File Upload (@s4e-garage) [critical]
[pingsheng-electronic-sqli] Pingsheng Electronic Reservoir Supervision Platform - Sql Injection (@s4e-garage) [high]
[sharp-printers-lfi] Sharp Multifunction Printers - Local File Inclusion (@gy741) [high]
[ldap-metadata] LDAP Metadata - Enumeration (@pussycat0x) [info]

New Contributors

@yhy0 made their first contribution in #9345
@JohnDoeAnonITA made their first contribution in #10137
@zeroc00I made their first contribution in #10171
@IPv4v6 made their first contribution in #10212
@BitThr3at made their first contribution in #10224

Full Changelog: v9.9.0...v9.9.1

Contributors

mohsen, kazet, and 21 other contributors

Assets 3

25 Jun 12:14

princechaddha

v9.9.0

ad29681

v9.9.0 - Kubernetes Cluster Security 🎉

🔥 Release Highlights 🔥

We are expanding the Nuclei Templates to include a specialized set of security checks dedicated to Kubernetes environments. This initiative will cover various Kubernetes components such as Pods, Deployments, StatefulSets, Services, and Network Policies. The new templates will focus on common misconfigurations, compliance issues, and adherence to industry best practices, utilizing the enhanced capabilities like flow, code & javascript protocol.

The addition of these Kubernetes-specific templates will enable security teams to perform in-depth security assessments of Kubernetes clusters, identifying critical misconfigurations and vulnerabilities. Additionally, this update will support customizable checks that align with unique operational needs, helping teams efficiently detect and address security gaps in their Kubernetes setups.

We invite contributors and reviewers to offer their insights and suggestions to refine and advance the development of these Kubernetes security templates. You can read more about it in this blog post.

Other Highlights

[CVE-2024-32113] Apache OFBiz Directory Traversal - Remote Code Execution (@dhiyaneshdk) [high] 🔥
[CVE-2024-31982] XWiki < 4.10.20 - Remote code execution (@ritikchaddha) [critical] 🔥
[CVE-2024-29973] Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - Command Injection (@ritikchaddha) [critical] 🔥
[CVE-2024-29895] Cacti cmd_realtime.php - Command Injection (@pussycat0x) [critical] 🔥
[CVE-2024-29824] Ivanti EPM - Remote Code Execution (@dhiyaneshdk) [critical] 🔥
[CVE-2024-28995] SolarWinds Serv-U - Directory Traversal (@dhiyaneshdk) [high] 🔥
[CVE-2024-23692] Rejetto HTTP File Server - Template injection (@johnk3r) [critical] 🔥
[CVE-2023-51449] Gradio Hugging Face - Local File Inclusion (@nvn1729) [high] 🔥
[CVE-2023-50719] XWiki < 4.10.15 - Sensitive Information Disclosure (@ritikchaddha) [high] 🔥
[CVE-2023-43472] MLFlow < 2.8.1 - Sensitive Information Disclosure (@ritikchaddha) [high] 🔥

What's Changed

New Templates Added: `164` | CVEs Added: `41` | First-time contributions: `4`

[CVE-2024-37393] SecurEnvoy Two Factor Authentication - LDAP Injection (s4e-garage) [critical]
[CVE-2024-36837] CRMEB v.5.2.2 - SQL Injection (@dhiyaneshdk) [high]
[CVE-2024-36527] Puppeteer Renderer - Directory Traversal (@Stux) [medium]
[CVE-2024-36412] SuiteCRM - SQL Injection (s4e-garage) [critical]
[CVE-2024-34982] LyLme-Spage - Arbitary File Upload (@dhiyaneshdk) [high]
[CVE-2024-32113] Apache OFBiz Directory Traversal - Remote Code Execution (@dhiyaneshdk) [high] 🔥
[CVE-2024-31982] XWiki < 4.10.20 - Remote code execution (@ritikchaddha) [critical] 🔥
[CVE-2024-31750] F-logic DataCube3 - SQL Injection (@dhiyaneshdk) [high]
[CVE-2024-29973] Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - Command Injection (@ritikchaddha) [critical] 🔥
[CVE-2024-29895] Cacti cmd_realtime.php - Command Injection (@pussycat0x) [critical] 🔥
[CVE-2024-29824] Ivanti EPM - Remote Code Execution (@dhiyaneshdk) [critical] 🔥
[CVE-2024-28995] SolarWinds Serv-U - Directory Traversal (@dhiyaneshdk) [high] 🔥
[CVE-2024-27718] Smart s200 Management Platform v.S200 - SQL Injection (@dhiyaneshdk) [high]
[CVE-2024-24565] CrateDB Database - Arbitrary File Read (@dhiyaneshdk) [medium]
[CVE-2024-24112] Exrick XMall - SQL Injection (@dhiyaneshdk) [critical]
[CVE-2024-23692] Rejetto HTTP File Server - Template injection (@johnk3r) [critical] 🔥
[CVE-2024-21650] XWiki < 4.10.20 - Remote code execution (@ritikchaddha) [critical]
[CVE-2024-4443] Business Directory Plugin <= 6.4.2 - SQL Injection (s4e-garage) [critical]
[CVE-2024-3922] Dokan Pro <= 3.10.3 - SQL Injection (s4e-garage) [critical]
[CVE-2024-3552] Web Directory Free < 1.7.0 - SQL Injection (s4e-garage) [critical]
[CVE-2024-3274] D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure (@dhiyaneshdk) [medium]
[CVE-2024-2621] Fujian Kelixin Communication - Command Injection (@dhiyaneshdk) [medium]
[CVE-2024-1728] Gradio > 4.19.1 UploadButton - Path Traversal (@isacaya) [high]
[CVE-2024-0939] Smart S210 Management Platform - Arbitary File Upload (@dhiyaneshdk) [critical]
[CVE-2024-0250] Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect (s4e-garage) [medium]
[CVE-2023-51449] Gradio Hugging Face - Local File Inclusion (@nvn1729) [high] 🔥
[CVE-2023-50720] XWiki < 4.10.15 - Email Disclosure (@ritikchaddha) [medium]
[CVE-2023-50719] XWiki < 4.10.15 - Sensitive Information Disclosure (@ritikchaddha) [high] 🔥
[CVE-2023-48241] XWiki < 4.10.15 - Information Disclosure (@ritikchaddha) [high]
[CVE-2023-46732] XWiki < 14.10.14 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-45136] XWiki < 14.10.14 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-43472] MLFlow < 2.8.1 - Sensitive Information Disclosure (@ritikchaddha) [high] 🔥
[CVE-2023-38194] SuperWebMailer - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-37645] EyouCms v1.6.3 - Information Disclosure (@pussycat0x) [medium]
[CVE-2023-32068] XWiki - Open Redirect (@ritikchaddha) [medium]
[CVE-2023-6786] Payment Gateway for Telcell < 2.0.4 - Open Redirect (s4e-garage) [medium]
[CVE-2023-6505] Prime Mover < 1.9.3 - Sensitive Data Exposure (s4e-garage) [high]
[CVE-2021-43831] Gradio < 2.5.0 - Arbitrary File Read (@isacaya) [high]
[CVE-2021-38147] Wipro Holmes Orchestrator 20.4.1 - Information Disclosure (s4e-garage) [high]
[CVE-2021-38146] Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download (s4e-garage) [high]
[CVE-2021-4436] 3DPrint Lite < 1.9.1.5 - Arbitrary File Upload (s4e-garage) [critical]
[sns-public-subscribe-access] Public Subscription Access of SNS Topics via Policy (@Ritesh_Gohil(#L4stPL4Y3R)) [high]
[k8s-cpu-limits-not-set] CPU limits not set in Deployments (@princechaddha) [medium]
[k8s-cpu-requests-not-set] CPU Requests not set in Deployments (@princechaddha) [medium]
[k8s-default-namespace-used] Default Namespace Usage in Deployments (@princechaddha) [high]
[k8s-host-ports-check] Host ports should not be used (@princechaddha) [medium]
[k8s-image-pull-policy-always] Image Pull Policy set to Always (@princechaddha) [low]
[k8s-image-tag-not-fixed] Image Tag should be fixed - not latest or blank (@princechaddha) [low]
[k8s-liveness-probe-not-configured] Liveness Probe Not Configured in Deployments (@princechaddha) [medium]
[k8s-memory-limits-not-set] Memory limits not set in Deployments (@princechaddha) [medium]
[k8s-memory-requests-not-set] Memory requests not set in Deployments (@princechaddha) [medium]
[minimize-added-capabilities] Minimize container added capabilities (@princechaddha) [high]
[k8s-privileged-containers] Privileged Containers Found in Deployments (@princechaddha) [critical]
[k8s-readiness-probe-not-set] Readiness Probes not set in Deployments (@princechaddha) [medium]
[k8s-root-container-admission] Minimize the admission of root containers (@princechaddha) [critical]
[k8s-seccomp-profile-set] Set appropriate seccomp profile (@princechaddha) [medium]
[kubernetes-code-env] Kubernetes Cluster Validation (@princechaddha) [info]
[k8s-netpol-egress-rules] Network policies define egress rules (@princechaddha) [medium]
[k8s-netpol-namespace] Network Policies specify namespace (@princechaddha) [medium]
[k8s-network-ingress-rules] Define network ingress rules (@princechaddha) [medium]
[k8s-allow-privilege-escalation-set] Containers run with allowPrivilegeEscalation enabled (@princechaddha) [critical]
[k8s-containers-share-host-ipc] Containers sharing host IPC namespace (@princechaddha) [critical]
[k8s-host-network-namespace-shared] Host Network Namespace Sharing (@princechaddha) [high]
[k8s-host-pid-namespace-sharing] Host PID Namespace Sharing (@princechaddha) [critical]
[k8s-readonly-fs] Enforce Read-Only Filesystem for Containers (@princechaddha) [critical]
[k8s-readonly-rootfs] Pods with read-only root filesystem (@princechaddha) [medium]
[k8s-root-user-id] Pods run with root user ID (@princechaddha) [low]
[audit-log-path-set] Ensure audit-log-path set (@princechaddha) [medium]
[k8s-enc-prov-conf] Ensure that encryption providers are configured (@princechaddha) [medium]
[k8s-etcd-cafile-set] Ensure etcd-cafile argument set (@princechaddha) [medium]
[k8s-etcd-files-set] Ensure etcd cert and key set (@princechaddha) [medium]
[k8s-ns-usage-check] Ensure namespaces are utilized (@princechaddha) [info]
[k8s-svc-acct-issuer-set] Checks if service-account-issuer is correctly configured (@princechaddha) [medium]
[k8s-svc-acct-key] Ensure service-account-key-file set (@princechaddha) [medium]
[k8s-svc-acct-lookup-set] Ensure service-account-lookup set (@princechaddha) [medium]
[k8s-tls-config-set] Ensure TLS config appropriately set (@princechaddha) [medium]
[time-based-sqli] Time-Based Blind SQL Injection (@0xKayala) [critical]
[anthem-deeppanda-malware-hash] Anthem DeepPanda Trojan Kakfum Malware Hash - Detect (@pussycat0x) [info]
[applejeus-malware-hash] AppleJeus Malware Hash - Detect (@pussycat0x) [info]
[avburner-malware-hash] AVBurner Malware Hash - Detect (@pussycat0x) [info]
[backwash-malware-hash] Backwash Malware Hash - Detect (@pussycat0x) [info]
[blackenergy-driver-amdide-hash] Blackenergy-Driver Amdide Hash - Detect (@pussycat0x) [info]
[blackenergy-driver-malware-hash] BlackEnergy Driver USBMDM Malware Hash - Detect (@pussycat0x) [info]
[blackenergy-killdisk-malware-hash] BlackEnergy KillDisk Malware Hash - Detect (@pussycat0x) [info]
[blackenergy-ssh-malware-hash] BlackEnergy BackdoorPass DropBear SSH Malware Hash - Detect (@pussycat0x) [info]
[blackenergy-vbs-malware-hash] BlackEnergy VBS Agent Malware Hash - Detect (@pussycat0x) [info]
[bluelight-malware-hash] bluelight Malware ...

Contributors

charles, nvn1729, and 21 other contributors

Assets 3

09 Jun 19:53

princechaddha

v9.8.9

e616276

Added CVE-2024-4577 + Bug fixes

🔥 Release Highlights 🔥

[CVE-2024-4577] PHP CGI - Argument Injection (@hüseyin TINTAŞ, @sw0rk17, @s4e-garage, @pdresearch) [critical]

What's Changed

Lorex Favicon Hash by @rxerium in #10001
add cve-2024-4577 by @Kazgangap in #9997

Full Changelog: v9.8.8...v9.8.9

Contributors

h, rxerium, and 4 other contributors

Assets 3

07 Jun 10:40

princechaddha

v9.8.8

f559aea

v9.8.8

🔥 Release Highlights 🔥

[CVE-2024-27348] Apache HugeGraph-Server - Remote Command Execution (@dhiyaneshdk) [high] 🔥
[CVE-2024-24919] Check Point Quantum Gateway - Information Disclosure (@johnk3r) [high] 🔥
[CVE-2024-21683] Atlassian Confluence Data Center and Server - Remote Code Execution (@pdresearch) [high] 🔥
[CVE-2024-4358] Progress Telerik Report Server - Authentication Bypass (@dhiyaneshdk) [critical] 🔥
[CVE-2024-3495] Wordpress Country State City Dropdown <=2.7.2 - SQL Injection (@apple) [critical] 🔥

What's Changed

New Templates Added: `77` | CVEs Added: `17` | First-time contributions: `8`

[CVE-2024-34470] HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion (@topscoder) [high]
[CVE-2024-27348] Apache HugeGraph-Server - Remote Command Execution (@dhiyaneshdk) [high] 🔥
[CVE-2024-25723] ZenML ZenML Server - Improper Authentication (@david Botelho Mariano) [critical]
[CVE-2024-24919] Check Point Quantum Gateway - Information Disclosure (@johnk3r) [high] 🔥
[CVE-2024-21683] Atlassian Confluence Data Center and Server - Remote Code Execution (@pdresearch) [high] 🔥
[CVE-2024-5230] FleetCart 4.1.1 - Information Disclosure (@SecurityForEveryone) [medium]
[CVE-2024-4358] Progress Telerik Report Server - Authentication Bypass (@dhiyaneshdk) [critical] 🔥
[CVE-2024-3822] Base64 Encoder/Decoder <= 0.9.2 - Cross-Site Scripting (@omranisecurity) [medium]
[CVE-2024-3495] Wordpress Country State City Dropdown <=2.7.2 - SQL Injection (@apple) [critical] 🔥
[CVE-2024-1380] Relevanssi (A Better Search) <= 4.22.0 - Query Log Export (@flx) [medium]
[CVE-2023-48084] Nagios XI < 5.11.3 - SQL Injection (@ritikchaddha) [critical]
[CVE-2023-35162] XWiki < 14.10.5 - Cross-Site Scripting (@ritikchaddha) [medium]
[CVE-2023-3077] MStore API < 3.9.8 - SQL Injection (@dhiyaneshdk) [critical]
[CVE-2023-2059] DedeCMS 5.7.87 - Directory Traversal (@pussycat0x) [medium]
[CVE-2022-34534] Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure (@ritikchaddha) [high]
[CVE-2022-1580] Site Offline WP Plugin < 1.5.3 - Authorization Bypass (@Kazgangap) [medium]
[CVE-2022-0666] Microweber < 1.2.11 - CRLF Injection (@ritikchaddha) [high]
[sns-topic-public-accessible] Public Access of SNS Topics via Policy (@Ritesh_Gohil(#L4stPL4Y3R)) [high]
[webpack-sourcemap] Webpack Sourcemap (@Lucky0x0D, @PulseSecurity.co.nz) [low]
[CNVD-2024-15077] AJ-Report Open Source Data Screen - Remote Code Execution (@pussycat0x) [high]
[ampjuke-default-login] AmpJuke - Default Login (@ritikchaddha) [high]
[cambium-networks-default-login] Canopy 5.7GHz Access Point - Default Login (@defektive) [high]
[digital-watchdog-default-login] Digital Watchdog - Default Login (@omranisecurity) [high]
[busybox-repository-browser] Busybox Repository Browser - Detect (@ritikchaddha) [info]
[cisco-firepower-panel] Cisco Firepower Management Center login - Detect (@charles D) [info]
[cox-business-panel] Cox Business Dominion Gateway Login Panel - Detect (@dhiyaneshdk) [info]
[digital-watchdog-panel] Digital Watchdog - Detect (@ritikchaddha) [info]
[f5-admin-interface] F5 Admin Interface - Detect (@drewvravick) [info]
[fortisiem-panel] FortiSIEM Login Panel - Detect (@pussycat0x) [info]
[oracle-access-management] Oracle Access Management Login Panel - Detect (@righettod) [info]
[oracle-peoplesoft-panel] Oracle PeopleSoft Login Panel - Detect (@idealphase, @righettod) [info]
[vrealize-hyperic-panel] vRealize Hyperic Login Panel - Detect (@charles D) [info]
[wechat-corpsecret-key] Enterprise WeChat Corpsecret Key (@N0el4kLs) [info]
[netgear-boarddataww-rce] Netgear Devices boardDataWW.php - Unauth RCE (@pussycat0x) [critical]
[directory-listing] Directory Listing Enabled (@themiddle) [low]
[dont-panic-traceback] DON'T PANIC Traceback (@ritikchaddha) [low]
[cowboy-detect] Cowboy - Detect (@Sechunt3r) [info]
[gabia-server-detect] Gabia Server - Detection (@jadu101) [info]
[gotweb-detect] GotWeb Detect (@lu4nx) [info]
[sparklighter-detect] Spark Lighter Detection (@icarot) [info]
[aquatronica-info-leak] Aquatronica Control System 5.1.6 - Information Disclosure (@SecurityForEveryone) [high]
[array-vpn-lfi] Array VPN - Arbitrary File Reading Vulnerability (@pussycat0x) [high]
[cerio-dt-rce] CERIO-DT Interface - Command Execution (@pussycat0x) [critical]
[easycvr-info-leak] EasyCVR video management - Users Information Exposure (@pussycat0x) [high]
[proftpd-backdoor] ProFTPd-1.3.3c - Backdoor Command Execution (@pussycat0x) [critical]
[samba-detect] Samba - Detection (@pussycat0x) [info]
[rsync-list-modules] Rsync List Modules - Enumeration (@pussycat0x) [low]
[bitvise-detect] SSH Bitvise Service - Detect (@abdullahisik) [info]
[activecollab-installer] ActiveCollab Installation Page - Exposure (@dhiyaneshdk) [high]
[call-com-installer] Call.com Setup Page - Exposure (@dhiyaneshdk) [high]
[cms-made-simple-installer] CMS Made Simple Installation Page - Exposure (@dhiyaneshdk) [high]
[confluence-installer] Confluence Installation Page - Exposure (@dhiyaneshdk) [high]
[cubebackup-setup-installer] CubeBackup Setup Page - Exposure (@dhiyaneshdk) [high]
[easy-wi-installer] Easy-WI Installation Page - Exposure (@dhiyaneshdk) [high]
[ejbca-enterprise-installer] EJBCA Enterprise Cloud Configuration Wizard - Exposure (@dhiyaneshdk) [high]
[flarum-installer] Flarum Installation Page - Exposure (@dhiyaneshdk) [high]
[fleetcart-installer] FleetCart Installation Page - Exposure (@dhiyaneshdk) [high]
[glpi-installer] GLPI Installation Page - Exposure (@dhiyaneshdk) [high]
[invicti-enterprise-installer] Invicti Enterprise Installation Page - Exposure (@dhiyaneshdk) [high]
[invoice-ninja-installer] Invoice Ninja Setup Page - Exposure (@dhiyaneshdk) [high]
[jfa-go-installer] jfa-go Setup Page - Exposure (@dhiyaneshdk) [high]
[justfans-installer] JustFans Installation Page - Exposure (@dhiyaneshdk) [high]
[librenms-installer] LibreNMS Installation Page - Exposure (@dhiyaneshdk) [high]
[mura-cms-setup-installer] Mura CMS Setup Page - Exposure (@dhiyaneshdk) [high]
[onlyoffice-installer] OnlyOffice Wizard Page - Exposure (@dhiyaneshdk) [high]
[openemr-setup-installer] OpenEMR Setup Installation Page - Exposure (@dhiyaneshdk) [high]
[orchard-installer] Orchard Setup Wizard - Exposure (@dhiyaneshdk) [high]
[pandora-fms-installer] Pandora FMS Installation Page - Exposure (@dhiyaneshdk) [high]
[profittrailer-installer] ProfitTrailer Setup Page - Exposure (@dhiyaneshdk) [high]
[projectsend-installer] ProjectSend Installation Page - Exposure (@dhiyaneshdk) [high]
[snipe-it-installer] Snipe-IT Setup Page - Exposure (@dhiyaneshdk) [high]
[stackposts-installer] StackPosts Installation Page - Exposure (@dhiyaneshdk) [high]
[tastyigniter-installer] TastyIgniter Setup Page - Exposure (@dhiyaneshdk) [high]
[ubersmith-installer] Ubersmith Setup Page - Exposure (@dhiyaneshdk) [high]
[uvdesk-helpdesk-installer] UVDesk Helpdesk Installation Page - Exposure (@dhiyaneshdk) [high]
[virtual-smartzone-installer] Virtual SmartZone Setup Wizard - Exposure (@dhiyaneshdk) [high]
[wowonder-installer] WoWonder Installation Page - Exposure (@dhiyaneshdk) [high]