v9.9.2
版本发布时间: 2024-07-26 15:35:19
projectdiscovery/nuclei-templates最新发布版本:v10.1.0(2024-12-04 23:15:11)
🔥 Release Highlights 🔥
- [CVE-2024-40348] Bazarr < 1.4.3 - Arbitrary File Read (@s4e-garage) [high] 🔥
- [CVE-2024-38526] Polyfill Supply Chain Attack Malicious Code Execution (@abut0n) [high] 🔥
- [CVE-2024-34351] Next.js - Server Side Request Forgery (SSRF) (@righettod) [high] 🔥
- [CVE-2024-5217] ServiceNow - Incomplete Input Validation (@DhiyaneshDk, @ritikchaddha) [critical] 🔥
- [CVE-2024-4879] ServiceNow UI Macros - Template Injection (@DhiyaneshDk, @ritikchaddha) [unknown] 🔥
- [CVE-2023-43662] ShokoServer System - Local File Inclusion (LFI) (@pussycat0x) [high] 🔥
- [CVE-2023-4220] Chamilo LMS <= 1.11.24 - Remote Code Execution (@s4e-garage) [medium] 🔥
- [CVE-2022-34267] RWS WorldServer - Auth Bypass (@pdresearch, @iamnoooob, @rootxharsh, @parthmalhotra) [critical] 🔥
What's Changed
Bug Fixes
- Corrected issue with mismatched redirects (Issue #10125).
- Resolved invalid template error for CVE-2024-36991 (Issue #10352).
False Negatives
- Improved detection in the SVN configuration leak template, reducing underreporting (Issue #10344).
- Addressed false negatives in the following:
- Exposed SVN configuration (PR #10362)
- CVE-2019-7139 template (PR #10339)
False Positives
- Reduced false positives and improved accuracy in the following templates:
- IdeMia biometrics default login (Issues #10126, #10277)
- jan-file-upload (PR #10361)
- Apache XSS (PR #10342)
- Beanstalk service (PR #10334, duplicated issue)
- DS-Store file discovery (PR #10278)
- GOIP default login (PR #10276)
Enhancements
- Enhanced detection capabilities in dom-xss.yaml (PR #10360).
- Improved accuracy in generic-xxe.yaml (PR #10359).
New Templates Added: 67
| CVEs Added: 32
| First-time contributions: 7
- [CVE-2024-40348] Bazarr < 1.4.3 - Arbitrary File Read (@s4e-garage) [high] 🔥
- [CVE-2024-39914] FOG Project < 1.5.10.34 - Remote Command Execution (@s4e-garage) [critical]
- [CVE-2024-39250] EfroTech Timetrax v8.3 - Sql Injection (@s4e-garage, @efran) [high]
- [CVE-2024-38526] Polyfill Supply Chain Attack Malicious Code Execution (@abut0n) [high] 🔥
- [CVE-2024-38289] TurboMeeting - Boolean-based SQL Injection (@rootxharsh, @iamnoooob, @pdresearch) [critical]
- [CVE-2024-37843] Craft CMS <=v3.7.31 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical]
- [CVE-2024-34351] Next.js - Server Side Request Forgery (SSRF) (@righettod) [high] 🔥
- [CVE-2024-34257] TOTOLINK EX1800T TOTOLINK EX1800T - Command Injection (@pussycat0x) [high]
- [CVE-2024-32238] H3C ER8300G2-X - Password Disclosure (@s4e-garage) [critical]
- [CVE-2024-6746] EasySpider 0.6.2 - Arbitrary File Read (@s4e-garage) [medium]
- [CVE-2024-6646] Netgear-WN604 downloadFile.php - Information Disclosure (@pussycat0x) [medium]
- [CVE-2024-6587] LiteLLM - Server-Side Request Forgery (@pdresearch, @iamnoooob, @rootxharsh, @lambdasawa) [high]
- [CVE-2024-6289] WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure (@s4e-garage) [medium]
- [CVE-2024-5315] Dolibarr ERP CMS
list.php
- SQL Injection (@rootxharsh, @iamnoooob, @pdresearch) [critical] - [CVE-2024-5217] ServiceNow - Incomplete Input Validation (@DhiyaneshDk, @ritikchaddha) [critical] 🔥
- [CVE-2024-4885] Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal - RCE (@SinSinology,@iamnoooob,@rootxharsh,@pdresearch) [critical] 🔥
- [CVE-2024-4879] ServiceNow UI Macros - Template Injection (@DhiyaneshDk, @ritikchaddha) [unknown] 🔥
- [CVE-2024-4295] Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via Hash (@iamnoooob, @rootxharsh, @pdresearch) [critical]
- [CVE-2024-4257] BlueNet Technology Clinical Browsing System 1.2.1 - Sql Injection (@s4e-garage) [medium]
- [CVE-2024-3742] Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure (@Farish) [high]
- [CVE-2024-2330] NS-ASG Application Security Gateway 6.3 - Sql Injection (@s4e-garage) [medium]
- [CVE-2024-1512] MasterStudy LMS WordPress Plugin <= 3.2.5 - SQL Injection (@s4e-garage) [critical]
- [CVE-2023-48728] WWBN AVideo 11.6 - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2023-44012] mojoPortal v.2.7.0.0 - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2023-43662] ShokoServer System - Local File Inclusion (LFI) (@pussycat0x) [high] 🔥
- [CVE-2023-29204] XWiki - Open Redirect (@ritikchaddha) [medium]
- [CVE-2023-4450] JeecgBoot JimuReport - Template injection (@Sumanth Vankineni) [critical]
- [CVE-2023-4220] Chamilo LMS <= 1.11.24 - Remote Code Execution (@s4e-garage) [medium] 🔥
- [CVE-2023-2309] wpForo Forum <= 2.1.8 - Cross-Site Scripting (@s4e-garage) [medium]
- [CVE-2022-45269] Linx Sphere - Directory Traversal (@robotshell) [high]
- [CVE-2022-38322] Temenos Transact - Cross-Site Scripting (@qotoz) [high]
- [CVE-2022-34267] RWS WorldServer - Auth Bypass (@pdresearch, @iamnoooob, @rootxharsh, @parthmalhotra) [critical] 🔥
- [CNVD-2023-72138] LiveGBS user/save - Logical Flaw (@pussycat0x) [high]
- [deluge-default-login] Deluge - Default Login (@ritikchaddha) [high]
- [gitblit-default-login] Gitblit - Default Login (@ritikchaddha) [high]
- [netflow-default-login] Netflow Analyzer - Default Login (@DhiyaneshDK) [high]
- [adguard-panel] AdGuard Panel - Detect (@ritikchaddha) [info]
- [falcosidekick-panel] Falcosidekick UI Login Panel - Detect (@righettod) [info]
- [freshrss-panel] Freshrss Panel - Detect (@ritikchaddha) [info]
- [gradle-develocity-panel] Gradle Develocity Build Cache Node Login Panel - Detect (@righettod) [info]
- [hal-management-panel] HAL Management Console Panel (@DhiyaneshDK) [info]
- [netflow-analyzer-panel] Netflow Analyzer Login - Panel (@DhiyaneshDk) [info]
- [tomcat-exposed] Tomcat Exposed - Detect (@Podalirius, @righettod) [info]
- [apache-ozone-conf] Apache Ozone - Exposure (@icarot) [info]
- [snoop-servlet] Snoop Servlet - Information Disclosure (@omranisecurity) [low]
- [adcs-certificate] Certification Authority Web Enrollment (ADCS) - Detection (@pastaga, @defte) [info]
- [freshrss-unauth] Freshrss Admin Dashboard - Exposed (@ritikchaddha) [high]
- [adguard-installer] AdGuard - Installation (@ritikchaddha) [high]
- [freshrss-installer] FreshRSS - Installation (@ritikchaddha) [high]
- [mongod-exposure] MongoD Server - Exposure (@DhiyaneshDk) [low]
- [servicenow-title-injection] Service Now - Title Injection (@DhiyaneshDk) [high]
- [sftpgo-admin-setup] SFTPGo Admin - Setup (@ritikchaddha) [high]
- [ssrpm-arbitrary-password-reset] SSRPM - Arbitary Password Reset on Default Client Interface Installation (@vince-isec) [high]
- [apache-gravitino-detect] Apache Gravitino - Detect (@icarot) [info]
- [apache-ozone-detect] Apache Ozone - Detect (@icarot) [info]
- [wordpress-fluent-smtp] FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider Detection (@ricardomaia) [info]
- [wordpress-wp-crontrol] WP Crontrol Detection (@ricardomaia) [info]
- [hikvision-isecure-info-leak] HIKVISION iSecure Center - Information Leak (@adeljck) [high]
- [nextjs-middleware-cache] Next.js - Cache Poisoning (@DhiyaneshDk) [high]
- [nextjs-rsc-cache] Next.js - Cache Poisoning (@DhiyaneshDk) [high]
- [jan-file-upload] Jan - Arbitrary File Upload (@pussycat0x) [high]
- [lvs-download-lfi] LVS DownLoad.aspx - Local File Inclusion (LFI) (@pussycat0x) [high]
- [ncast-lfi] Ncast HD Intelligent Recording - Arbitrary File Reading (@pussycat0x) [high]
- [wifisky7-rce] WIFISKY-7 Layer Flow Control Router - Remote Code Execution (@pussycat0x) [high]
- [7777botnet-detect] 7777-Botnet - Detect (@johnk3r) [info]
- [thinkphp6-arbitrary-write] ThinkPHP 6.0.0~6.0.1 - Arbitrary File Write (@arliya) [critical]
- [nacos-workflow] Nacos Security Checks (@Co5mos)
New Contributors
- @kimtruth made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/10260
- @omranisecurity made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/10178
- @divatchyano made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/10275
- @Sumanthsec made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/10280
- @allendemoura made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/10279
- @Matsue made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/10165
- @adeljck made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/10370
Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v9.9.1...v9.9.2