v9.8.8
版本发布时间: 2024-06-07 18:40:09
projectdiscovery/nuclei-templates最新发布版本:v9.9.0(2024-06-25 20:14:46)
🔥 Release Highlights 🔥
- [CVE-2024-27348] Apache HugeGraph-Server - Remote Command Execution (@DhiyaneshDK) [high] 🔥
- [CVE-2024-24919] Check Point Quantum Gateway - Information Disclosure (@johnk3r) [high] 🔥
- [CVE-2024-21683] Atlassian Confluence Data Center and Server - Remote Code Execution (@pdresearch) [high] 🔥
- [CVE-2024-4358] Progress Telerik Report Server - Authentication Bypass (@DhiyaneshDK) [critical] 🔥
- [CVE-2024-3495] Wordpress Country State City Dropdown <=2.7.2 - SQL Injection (@apple) [critical] 🔥
What's Changed
New Templates Added: 77 | CVEs Added: 17 | First-time contributions: 8
- [CVE-2024-34470] HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion (@topscoder) [high]
- [CVE-2024-27348] Apache HugeGraph-Server - Remote Command Execution (@DhiyaneshDK) [high] 🔥
- [CVE-2024-25723] ZenML ZenML Server - Improper Authentication (@David Botelho Mariano) [critical]
- [CVE-2024-24919] Check Point Quantum Gateway - Information Disclosure (@johnk3r) [high] 🔥
- [CVE-2024-21683] Atlassian Confluence Data Center and Server - Remote Code Execution (@pdresearch) [high] 🔥
- [CVE-2024-5230] FleetCart 4.1.1 - Information Disclosure (@securityforeveryone) [medium]
- [CVE-2024-4358] Progress Telerik Report Server - Authentication Bypass (@DhiyaneshDK) [critical] 🔥
- [CVE-2024-3822] Base64 Encoder/Decoder <= 0.9.2 - Cross-Site Scripting (@omranisecurity) [medium]
- [CVE-2024-3495] Wordpress Country State City Dropdown <=2.7.2 - SQL Injection (@apple) [critical] 🔥
- [CVE-2024-1380] Relevanssi (A Better Search) <= 4.22.0 - Query Log Export (@FLX) [medium]
- [CVE-2023-48084] Nagios XI < 5.11.3 - SQL Injection (@ritikchaddha) [critical]
- [CVE-2023-35162] XWiki < 14.10.5 - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2023-3077] MStore API < 3.9.8 - SQL Injection (@DhiyaneshDK) [critical]
- [CVE-2023-2059] DedeCMS 5.7.87 - Directory Traversal (@pussycat0x) [medium]
- [CVE-2022-34534] Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure (@ritikchaddha) [high]
- [CVE-2022-1580] Site Offline WP Plugin < 1.5.3 - Authorization Bypass (@Kazgangap) [medium]
- [CVE-2022-0666] Microweber < 1.2.11 - CRLF Injection (@ritikchaddha) [high]
- [sns-topic-public-accessible] Public Access of SNS Topics via Policy (@Ritesh_Gohil(#L4stPL4Y3R)) [high]
- [webpack-sourcemap] Webpack Sourcemap (@lucky0x0d, @PulseSecurity.co.nz) [low]
- [CNVD-2024-15077] AJ-Report Open Source Data Screen - Remote Code Execution (@pussycat0x) [high]
- [ampjuke-default-login] AmpJuke - Default Login (@ritikchaddha) [high]
- [cambium-networks-default-login] Canopy 5.7GHz Access Point - Default Login (@defektive) [high]
- [digital-watchdog-default-login] Digital Watchdog - Default Login (@omranisecurity) [high]
- [busybox-repository-browser] Busybox Repository Browser - Detect (@ritikchaddha) [info]
- [cisco-firepower-panel] Cisco Firepower Management Center login - Detect (@Charles D) [info]
- [cox-business-panel] Cox Business Dominion Gateway Login Panel - Detect (@DhiyaneshDK) [info]
- [digital-watchdog-panel] Digital Watchdog - Detect (@ritikchaddha) [info]
- [f5-admin-interface] F5 Admin Interface - Detect (@drewvravick) [info]
- [fortisiem-panel] FortiSIEM Login Panel - Detect (@pussycat0x) [info]
- [oracle-access-management] Oracle Access Management Login Panel - Detect (@righettod) [info]
- [oracle-peoplesoft-panel] Oracle PeopleSoft Login Panel - Detect (@idealphase, @righettod) [info]
- [vrealize-hyperic-panel] vRealize Hyperic Login Panel - Detect (@Charles D) [info]
- [wechat-corpsecret-key] Enterprise WeChat Corpsecret Key (@N0el4kls) [info]
- [netgear-boarddataww-rce] Netgear Devices boardDataWW.php - Unauth RCE (@pussycat0x) [critical]
- [directory-listing] Directory Listing Enabled (@theMiddle) [low]
- [dont-panic-traceback] DON'T PANIC Traceback (@ritikchaddha) [low]
- [cowboy-detect] Cowboy - Detect (@sechunt3r) [info]
- [gabia-server-detect] Gabia Server - Detection (@jadu101) [info]
- [gotweb-detect] GotWeb Detect (@lu4nx) [info]
- [sparklighter-detect] Spark Lighter Detection (@icarot) [info]
- [aquatronica-info-leak] Aquatronica Control System 5.1.6 - Information Disclosure (@securityforeveryone) [high]
- [array-vpn-lfi] Array VPN - Arbitrary File Reading Vulnerability (@pussycat0x) [high]
- [cerio-dt-rce] CERIO-DT Interface - Command Execution (@pussycat0x) [critical]
- [easycvr-info-leak] EasyCVR video management - Users Information Exposure (@pussycat0x) [high]
- [proftpd-backdoor] ProFTPd-1.3.3c - Backdoor Command Execution (@pussycat0x) [critical]
- [samba-detect] Samba - Detection (@pussycat0x) [info]
- [rsync-list-modules] Rsync List Modules - Enumeration (@pussycat0x) [low]
- [bitvise-detect] SSH Bitvise Service - Detect (@abdullahisik) [info]
- [activecollab-installer] ActiveCollab Installation Page - Exposure (@DhiyaneshDK) [high]
- [call-com-installer] Call.com Setup Page - Exposure (@DhiyaneshDK) [high]
- [cms-made-simple-installer] CMS Made Simple Installation Page - Exposure (@DhiyaneshDK) [high]
- [confluence-installer] Confluence Installation Page - Exposure (@DhiyaneshDK) [high]
- [cubebackup-setup-installer] CubeBackup Setup Page - Exposure (@DhiyaneshDK) [high]
- [easy-wi-installer] Easy-WI Installation Page - Exposure (@DhiyaneshDK) [high]
- [ejbca-enterprise-installer] EJBCA Enterprise Cloud Configuration Wizard - Exposure (@DhiyaneshDK) [high]
- [flarum-installer] Flarum Installation Page - Exposure (@DhiyaneshDK) [high]
- [fleetcart-installer] FleetCart Installation Page - Exposure (@DhiyaneshDK) [high]
- [glpi-installer] GLPI Installation Page - Exposure (@DhiyaneshDK) [high]
- [invicti-enterprise-installer] Invicti Enterprise Installation Page - Exposure (@DhiyaneshDK) [high]
- [invoice-ninja-installer] Invoice Ninja Setup Page - Exposure (@DhiyaneshDK) [high]
- [jfa-go-installer] jfa-go Setup Page - Exposure (@DhiyaneshDK) [high]
- [justfans-installer] JustFans Installation Page - Exposure (@DhiyaneshDK) [high]
- [librenms-installer] LibreNMS Installation Page - Exposure (@DhiyaneshDK) [high]
- [mura-cms-setup-installer] Mura CMS Setup Page - Exposure (@DhiyaneshDK) [high]
- [onlyoffice-installer] OnlyOffice Wizard Page - Exposure (@DhiyaneshDK) [high]
- [openemr-setup-installer] OpenEMR Setup Installation Page - Exposure (@DhiyaneshDK) [high]
- [orchard-installer] Orchard Setup Wizard - Exposure (@DhiyaneshDK) [high]
- [pandora-fms-installer] Pandora FMS Installation Page - Exposure (@DhiyaneshDK) [high]
- [profittrailer-installer] ProfitTrailer Setup Page - Exposure (@DhiyaneshDK) [high]
- [projectsend-installer] ProjectSend Installation Page - Exposure (@DhiyaneshDK) [high]
- [snipe-it-installer] Snipe-IT Setup Page - Exposure (@DhiyaneshDK) [high]
- [stackposts-installer] StackPosts Installation Page - Exposure (@DhiyaneshDK) [high]
- [tastyigniter-installer] TastyIgniter Setup Page - Exposure (@DhiyaneshDK) [high]
- [ubersmith-installer] Ubersmith Setup Page - Exposure (@DhiyaneshDK) [high]
- [uvdesk-helpdesk-installer] UVDesk Helpdesk Installation Page - Exposure (@DhiyaneshDK) [high]
- [virtual-smartzone-installer] Virtual SmartZone Setup Wizard - Exposure (@DhiyaneshDK) [high]
- [wowonder-installer] WoWonder Installation Page - Exposure (@DhiyaneshDK) [high]
New Contributors
- @defektive made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/9845
- @N0el4kLs made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/9867
- @moyue83 made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/9929
- @isikabdullah44 made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/9850
- @Dev0psSec made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/9967
- @icarot made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/9827
- @pdteamx made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/9978
- @L4stPL4Y3R made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/9988
Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.8.7...v9.8.8