What's Changed
🔥 Release Highlights 🔥
- [CVE-2024-48914] Vendure - Arbitrary File Read (@s4e-io) [critical] 🔥
- [CVE-2024-45216] Apache Solr - Authentication Bypass (@gumgum) [critical] 🔥
- [CVE-2024-44349] AnteeoWMS < v4.7.34 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
- [CVE-2024-43360] ZoneMinder - SQL Injection (@s4e-io) [critical] 🔥
- [CVE-2024-40711] Veeam Backup & Replication - Unauth (@rootxharsh, @iamnoooob, @dhiyaneshdk) [critical] 🔥
- [CVE-2024-39713] Rocket.Chat - Server-Side Request Forgery (SSRF) (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
- [CVE-2024-32735] CyberPower - Missing Authentication (@dhiyaneshdk) [critical] 🔥
- [CVE-2024-9593] Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Remote Code Execution (@s4e-io) [high] 🔥
- [CVE-2024-9234] GutenKit <= 2.1.0 - Arbitrary File Upload (@s4e-io) [critical] 🔥
- [CVE-2024-3656] Keycloak < 24.0.5 - Broken Access Control (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
- [CVE-2024-2961] PHP - LFR to RCE (@kim Dongyoung (Kairos-hk), @bolkv, @n0ming, @RoughBoy0723) [high]
- [CVE-2023-43373] Hoteldruid v3.0.5 - SQL Injection (@ritikchaddha) [critical] 🔥
- [CVE-2016-9299] Jenkins CLI - HTTP Java Deserialization (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
- [cyberpanel-rce] CyberPanel v2.3.6 Pre-Auth RCE (@dhiyaneshdk) [critical] 🔥
Bug Fixes
- Resolved issue with time-based SQL injection flow (Issue #11029).
- Corrected detection for CVE-2016-9299 (Issue #11121).
- Fixed false positive for
appspec-yml-disclosure.yamltemplate (Issue #11112). - Refactored "Django Admin Panel" template (Issue #11044).
- Improved prototype pollution checks to prevent insecure sanitization bypass (Issue #10589).
False Negatives
- Corrected false negative in CVE-2024-34982 detection (Issue #11111).
- Fixed false negative in CVE-2023-39650 (Issue #11043).
- Addressed false negative for
iam-user-password-changedetection (Issue #11027).
False Positives
- Reduced false positives in
weaver-checkserver-sqlitemplate (Issue #11123).
Enhancements
- Added templates for AWS services: EFS, Inspector2, GuardDuty, Firehose, DMS, EBS, ElastiCache, Route53, and RDS.
- Introduced time-based tags for improved classification (Issue #11006).
Template Updates
New Templates Added: 116 | CVEs Added: 52 | First-time contributions: 7
- [CVE-2024-49757] Zitadel - User Registration Bypass (@sujal Tuladhar) [high]
- [CVE-2024-48914] Vendure - Arbitrary File Read (@s4e-io) [critical] 🔥
- [CVE-2024-46310] FXServer < v9601 - Information Exposure (@s4e-io) [medium]
- [CVE-2024-45488] SafeGuard for Privileged Passwords < 7.5.2 - Auth Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical]
- [CVE-2024-45216] Apache Solr - Authentication Bypass (@gumgum) [critical] 🔥
- [CVE-2024-44349] AnteeoWMS < v4.7.34 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
- [CVE-2024-43360] ZoneMinder - SQL Injection (@s4e-io) [critical] 🔥
- [CVE-2024-40711] Veeam Backup & Replication - Unauth (@rootxharsh, @iamnoooob, @dhiyaneshdk) [critical] 🔥
- [CVE-2024-39713] Rocket.Chat - Server-Side Request Forgery (SSRF) (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
- [CVE-2024-35584] openSIS < 9.1 - SQL Injection (@s4e-io) [high]
- [CVE-2024-32739] CyberPower < v2.8.3 - SQL Injection (@dhiyaneshdk) [high]
- [CVE-2024-32738] CyberPower - SQL Injection (@dhiyaneshdk) [high]
- [CVE-2024-32737] CyberPower - SQL Injection (@dhiyaneshdk) [high]
- [CVE-2024-32736] CyberPower < v2.8.3 - SQL Injection (@dhiyaneshdk) [high]
- [CVE-2024-32735] CyberPower - Missing Authentication (@dhiyaneshdk) [critical] 🔥
- [CVE-2024-22476] Intel Neural Compressor <2.5.0 - SQL Injection (@ritikchaddha) [critical]
- [CVE-2024-9796] WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection (@s4e-io) [critical]
- [CVE-2024-9617] Danswer - Insecure Direct Object Reference (@s4e-io) [medium]
- [CVE-2024-9593] Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Remote Code Execution (@s4e-io) [high] 🔥
- [CVE-2024-9234] GutenKit <= 2.1.0 - Arbitrary File Upload (@s4e-io) [critical] 🔥
- [CVE-2024-9061] WP Popup Builder Popup Forms <= 1.3.5 - Arbitrary Shortcode Execution (@s4e-io) [high]
- [CVE-2024-8698] Keycloak - SAML Core Package Signature Validation Flaw (@iamnoooob, @rootxharsh, @pdresearch) [high]
- [CVE-2024-5910] Palo Alto Expedition - Admin Account Takeover (@johnk3r) [critical]
- [CVE-2024-4439] WordPress Core <6.5.2 - Cross-Site Scripting (@nqdung2002) [high]
- [CVE-2024-3656] Keycloak < 24.0.5 - Broken Access Control (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
- [CVE-2024-2961] PHP - LFR to RCE (@kim Dongyoung (Kairos-hk), @bolkv, @n0ming, @RoughBoy0723) [high]
- [CVE-2023-43373] Hoteldruid v3.0.5 - SQL Injection (@ritikchaddha) [critical] 🔥
- [CVE-2023-40931] Nagios XI v5.11.0 - SQL Injection (@ritikchaddha) [medium]
- [CVE-2023-40755] PHPJabbers Callback Widget v1.0 - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2023-40753] PHPJabbers Ticket Support Script v3.2 - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2023-40752] PHPJabbers Make an Offer Widget v1.0 - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2023-40751] PHPJabbers Fundraising Script v1.0 - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2023-40750] PHPJabbers Yacht Listing Script v1.0 - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2023-40749] PHPJabbers Food Delivery Script v3.0 - SQL Injection (@ritikchaddha) [critical]
- [CVE-2023-40748] PHPJabbers Food Delivery Script - SQL Injection (@ritikchaddha) [critical]
- [CVE-2023-39560] ECTouch v2 - SQL Injection (@s4e-io) [critical]
- [CVE-2023-38040] Revive Adserver 5.4.1 - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2023-5561] WordPress Core - Post Author Email Disclosure (@nqdung2002) [medium]
- [CVE-2023-5558] LearnPress < 4.2.5.5 - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2023-2745] WordPress Core <=6.2 - Directory Traversal (@nqdung2002) [medium]
- [CVE-2023-1318] osTicket < v1.16.6 - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2023-1317] osTicket < v1.16.6 - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2023-1315] osTicket < v1.16.6 - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2021-45811] osTicket 1.15.x - SQL Injection (@ritikchaddha) [medium]
- [CVE-2021-38156] Nagios XI < 5.8.6 - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2019-8943] WordPress Core 5.0.0 - Crop-image Shell Upload (@sttlr) [medium]
- [CVE-2018-7196] osTicket < 1.10.2 - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2018-7193] osTicket < 1.10.2 - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2018-7192] osTicket < 1.10.2 - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2017-5868] OpenVPN Access Server 2.1.4 - CRLF Injection (@ritikchaddha) [medium]
- [CVE-2016-9299] Jenkins CLI - HTTP Java Deserialization (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
- [CVE-2015-8562] Joomla HTTP Header Unauth - RCE (@kairos-hk, @bolkv, @n0ming, @RoughBoy0723) [high]
- [dms-multi-az] DMS Multi-AZ Not Enabled (@dhiyaneshdk) [medium]
- [dms-public-access] Publicly Accessible DMS Replication Instances (@dhiyaneshdk) [medium]
- [dms-version-upgrade] DMS Auto Minor Version Upgrade (@dhiyaneshdk) [medium]
- [ebs-encryption-disabled] EBS Encryption - Disabled (@dhiyaneshdk) [high]
- [efs-encryption-disabled] EFS Encryption - Disabled (@dhiyaneshdk) [medium]
- [cache-automatic-backups-disabled] ElastiCache Automatic Backups - Disabled (@dhiyaneshdk) [medium]
- [cache-event-notification-disabled] ElastiCache Event Notifications - Disabled (@dhiyaneshdk) [medium]
- [cache-redis-encryption-disabled] ElastiCache Redis In-Transit and At-Rest Encryption - Disabled (@dhiyaneshdk) [high]
- [cache-redis-multiaz-disabled] ElastiCache Redis Multi-AZ - Disabled (@dhiyaneshdk) [medium]
- [firehose-server-destination-encryption] Firehose Delivery Stream Destination Encryption - Disabled (@dhiyaneshdk) [medium]
- [firehose-server-side-encryption] Firehose Delivery Stream Server-Side Encryption - Disabled (@dhiyaneshdk) [high]
- [guardduty-findings] Open GuardDuty Findings (@dhiyaneshdk) [medium]
- [guardduty-not-enabled] GuardDuty Not Enabled (@dhiyaneshdk) [info]
- [malware-protection-disabled] GuardDuty Malware Protection - Disabled (@dhiyaneshdk) [info]
- [s3-protection-disabled] GuardDuty S3 Protection - Disabled (@dhiyaneshdk) [medium]
- [inspector2-disabled] Amazon Inspector 2 - Disabled (@dhiyaneshdk) [info]
- [rds-auto-minor-upgrade-disabled] RDS Auto Minor Version Upgrade - Disabled (@dhiyaneshdk) [medium]
- [rds-automated-backup-disabled] RDS Automated Backups - Disabled (@dhiyaneshdk) [high]
- [rds-backtrack-disabled] AWS RDS Backtrack - Disabled (@dhiyaneshdk) [low]
- [rds-cluster-protection-disabled] RDS Cluster Deletion Protection - Disabled (@dhiyaneshdk) [medium]
- [rds-copy-snap] RDS Copy Tags to Snapshots - Disabled (@dhiyaneshdk) [low]
- [rds-insights-disabled] RDS Performance Insights - Disabled (@dhiyaneshdk) [low]
- [rds-instance-autoscaling-disabled] RDS Instance Storage AutoScaling - Disabled (@dhiyaneshdk) [medium]
- [rds-log-export-disabled] RDS Log Exports - Disabled (@dhiyaneshdk) [low]
- [rds-multi-az] RDS Multi-AZ - Disabled (@dhiyaneshdk) [medium]
- [rds-public-access] RDS Publicly Accessible - Enabled (@dhiyaneshdk) [high]
- [route53-dns-query-disabled] DNS Query Logging for Route 53 Hosted Zones - Disabled (@dhiyaneshdk) [medium]
- [route53-dnssec-signing-disabled] DNSSEC Signing for Route 53 Hosted Zones - Disabled (@dhiyaneshdk) [medium]
- [CNVD-2024-38747] Zhejiang Dahua Smart Cloud Gateway Registration Platform - SQL Injection (@s4e-io) [high]
- [doris-default-login] Apache Doris - Default Login (@icarot) [high]
- [sato-default-login] Sato - Default Login (@y0no) [high]
- [zebra-default-login] Zebra - Default Login (@y0no) [high]
- [1password-scim-panel] 1Password SCIM Bridge - Panel (@Splint3r7) [info]
- [danswer-panel] Danswer Panel - Detect (@s4e-io) [info]
- [freescout-panel] FreeScout Panel - Detect (@s4e-io) [info]
- [nagios-logserver-panel] Nagios Log Server - Detect (@ritikchaddha) [info]
- [olympic-panel] OLYMPIC Banking System Login Panel - Detect (@righettod) [info]
- [onedev-panel] OneDev Panel - Detect (@vultza) [info]
- [paloalto-expedition-panel] Palo Alto Expedition Project Login - Detect (@johnk3r) [info]
- [reolink-panel] Reolink Panel - Detect (@s4e-io) [info]
- [sqlpad-panel] SQLPad Panel - Detect (@s4e-io) [info]
- [traccar-panel] Traccar Panel - Detect (@s4e-io) [info]
- [txadmin-panel] txAdmin Panel - Detect (@s4e-io) [info]
- [usermin-panel] Usermin Panel - Detect (@s4e-io) [info]
- [veritas-netbackup-panel] Veritas NetBackup OpsCenter Analytics Login - Detect (@rxerium) [info]
- [vmware-aria-panel] VMware Aria Operations Login - Detect (@rxerium) [info]
- [nagios-logserver-installer] Nagios Log Server - Install (@ritikchaddha) [high]
- [redpanda-console] Redpanda Console - Exposure (@kh4sh3i) [medium]
- [root-path-disclosure] ROOT - Path Disclosure (@soltanali0, @ArganexEmad) [high]
- [unauth-cyber-power-systems] Cyber Power Systems - Unauthenticated (@dhiyaneshdk) [high]
- [wasabi-bucket-takeover] wasabi Bucket Takeover - Detection (@philippedelteil) [high]
- [accellion-detect] Accellion - Detect (@rxerium) [info]
- [gradio-detect] Gradio - Detect (@s4e-io) [info]
- [lollms-webui-detect] LoLLMS WebUI - Detect (@s4e-io) [info]
- [mirth-connect-detect] Mirth Connect Admin Panel - Detect (@rxerium) [info]
- [oracle-fusion-detect] Oracle Fusion Middleware - Detect (@rxerium) [info]
- [salesforce-b2c-commerce-webdav] Salesforce B2C Commerce WebDAV - Detection (@batutahibnu17) [info]
- [hcm-cloud-lfi] HCM Cloud - Arbitrary File Read (@s4e-io) [high]
- [nagios-xi-xss] Nagios XI 5.7.1 - Cross-Site Scripting (@ritikchaddha) [medium]
- [cyberpanel-rce] CyberPanel v2.3.6 Pre-Auth RCE (@dhiyaneshdk) [critical] 🔥
- [application-pass-xss] WordPress Core 5.6 and 6.3.1 - Cross-Site Scripting (@nqdung2002) [medium]
- [wp-footnote-xss] WordPress 6.3-6.3.1 Footnotes Block - Cross-Site Scripting (@nqdung2002) [medium]
- [yonyou-u8-crm-sqli] UFIDA U8 CRM cfillbacksetting.php - SQL Injection (@s4e-io) [high]
- [yonyou-u8-crm-tb-sqli] UFIDA U8 CRM fillbacksetting.php - SQL Injection (@s4e-io) [high]
New Contributors
- @h41th made their first contribution in #10589
- @soltanali0 made their first contribution in #10675
- @kairos-hk made their first contribution in #10492
- @nqdung2002 made their first contribution in #10506
- @batutahibnu17 made their first contribution in #11041
- @vultza made their first contribution in #11100
- @DuyVuong made their first contribution in #11113
Full Changelog: v10.0.2...v10.0.3