github projectdiscovery/nuclei-templates v10.1.0
Windows Security Hardening and Auditing - Nuclei Templates v10.1.0 🎉

18 days ago

🔥 Release Highlights 🔥

We're excited to announce the latest expansion of the Nuclei Templates with a new set of templates tailored for Windows Security Hardening and Auditing. This update introduces a comprehensive array of security checks specifically designed for Windows environments, covering crucial areas such as password policies, encryption settings, certificate validation, and remote access configurations. These templates are added to detect common misconfigurations, ensure compliance with regulatory standards, and uphold adherence to industry best practices.

The introduction of these Windows-specific templates equips security teams to conduct audits of their Windows configurations, uncovering critical vulnerabilities and misconfigurations that could lead to potential security breaches.

We encourage contributors and reviewers to provide their valuable feedback and suggestions to help further enhance and update these Windows security templates. For more details, please visit our latest blog post.

Other Highlights

What's Changed

New Templates Added: 110 | CVEs Added: 23 | First-time contributions: 5

  • [CVE-2024-51482] ZoneMinder v1.37.* <= 1.37.64 - SQL Injection (@ritikchaddha) [critical] 🔥
  • [CVE-2024-50498] WP Query Console <= 1.0 - Remote Code Execution (@s4e-io) [critical] 🔥
  • [CVE-2024-46938] Sitecore Experience Platform <= 10.4 - Arbitrary File Read (@dhiyaneshdk) [high] 🔥
  • [CVE-2024-43919] YARPP <= 5.30.10 - Missing Authorization (@s4e-io) [critical]
  • [CVE-2024-42640] Angular-Base64-Upload - Remote Code Execution (@s4e-io) [critical] 🔥
  • [CVE-2024-38653] Ivanti Avalanche SmartDeviceServer - XML External Entity (@dhiyaneshdk) [high] 🔥
  • [CVE-2024-10924] Really Simple Security < 9.1.2 - Authentication Bypass (@yaser_s) [critical] 🔥
  • [CVE-2024-9935] PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Arbitrary File Download (@s4e-io) [high]
  • [CVE-2024-9474] PAN-OS Management Web Interface - Command Injection (@watchtowr, @iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
  • [CVE-2024-9186] Automation By Autonami < 3.3.0 - SQL Injection (@s4e-io) [high]
  • [CVE-2024-3848] Mlflow < 2.11.0 - Path Traversal (@gy741) [high]
  • [CVE-2024-1483] Mlflow < 2.9.2 - Path Traversal (@gy741) [high]
  • [CVE-2024-0012] PAN-OS Management Web Interface - Authentication Bypass (@johnk3r, @watchtowr) [critical] 🔥
  • [CVE-2022-48166] Wavlink WL-WN530HG4 M30HG4.V5030.201217 - Information Disclosure (@ritikchaddha) [high]
  • [CVE-2022-48164] Wavlink WL-WN533A8 M33A8.V5030.190716 - Information Disclosure (@ritikchaddha) [high]
  • [CVE-2022-44356] WAVLINK Quantum D4G (WL-WN531G3) - Information Disclosure (@ritikchaddha) [high]
  • [CVE-2022-41800] F5 BIG-IP Appliance Mode - Command Injection (@dwisiswant0) [high] 🔥
  • [CVE-2022-24819] XWiki < 12.10.11, 13.4.4 & 13.9-rc-1 - Information Disclosure (@ritikchaddha) [medium]
  • [CVE-2022-2130] Microweber < 1.2.17 - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2022-0250] Redirection for Contact Form 7 < 2.5.0 - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2021-34630] GTranslate < 2.8.65 - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2020-24881] OsTicket < 1.14.3 - Server Side Request Forgery (@hnd3884) [critical]
  • [CVE-2016-8735] Apache Tomcat - Remote Code Execution via JMX Ports (@hnd3884) [critical] 🔥
  • [k8s-missing-network-policies] Check for Missing Network Policies in Kubernetes (@princechaddha) [medium]
  • [allow-unencrypted-ftp] Allow Unencrypted FTP (@princechaddha) [high]
  • [allow-untrusted-certificates] System Allows Untrusted Certificates (@princechaddha) [medium]
  • [anonymous-sam-enumeration-enabled] Anonymous Enumeration of SAM Accounts Enabled (@princechaddha) [high]
  • [anonymous-sid-enumeration-enabled] Anonymous SID Enumeration Enabled (@princechaddha) [medium]
  • [audit-logging-disabled] Audit Logging Disabled (@princechaddha) [high]
  • [audit-logs-not-archived] Audit Logs Not Archived When Full (@princechaddha) [high]
  • [auto-logon-enabled] AutoLogon Enabled (@princechaddha) [medium]
  • [automatic-windows-updates-disabled] Automatic Windows Updates Disabled (@princechaddha) [medium]
  • [autoplay-removable-media-enabled] AutoPlay Enabled for Removable Media (@princechaddha) [medium]
  • [autorun-scripts-startup-folder] Autorun Scripts in Startup Folder (@princechaddha) [medium]
  • [credential-guard-disabled] Credential Guard Not Enabled (@princechaddha) [high]
  • [device-guard-not-configured] Device Guard Not Configured (@princechaddha) [high]
  • [display-last-username-enabled] Do Not Display Last User Name Disabled (@princechaddha) [medium]
  • [download-unsigned-activex-allowed] Download of Unsigned ActiveX Controls Allowed (@princechaddha) [high]
  • [ftp-service-running] FTP Service Running (@princechaddha) [high]
  • [guest-account-enabled] Guest Account Enabled (@princechaddha) [high]
  • [hyperv-enhanced-session-mode-enabled] Hyper-V Enhanced Session Mode Enabled (@princechaddha) [medium]
  • [insecure-cipher-suites-enabled] Insecure Cipher Suites Enabled (@princechaddha) [high]
  • [llmnr-disabled] LLMNR Disabled (@princechaddha) [medium]
  • [lm-hash-storage-enabled] LM Hash Storage Enabled (@princechaddha) [high]
  • [lm-ntlmv1-authentication-enabled] LM and NTLMv1 Authentication Enabled (@princechaddha) [high]
  • [max-password-age-too-high] Maximum Password Age Set Too High or Unlimited (@princechaddha) [medium]
  • [minimum-password-age-zero] Minimum Password Age Set to Zero (@princechaddha) [medium]
  • [netbios-disabled] NetBIOS Disabled (@princechaddha) [medium]
  • [network-discovery-public-disabled] Network Discovery Disabled on Public Networks (@princechaddha) [medium]
  • [null-session-allowed] Null Session Allowed (@princechaddha) [high]
  • [password-complexity-disabled] Password Complexity Requirements Disabled (@princechaddha) [high]
  • [password-history-size-low] Password History Size Too Low (@princechaddha) [medium]
  • [password-reset-lock-screen-enabled] Password Reset from Lock Screen Enabled (@princechaddha) [medium]
  • [plaintext-passwords-in-memory] Plaintext Passwords Stored in Memory (@princechaddha) [high]
  • [rdp-connections-without-password-allowed] Remote Desktop Connections Allowed Without Password (@princechaddha) [high]
  • [rdp-drive-redirection-allowed] Remote Desktop Users Can Redirect Drives (@princechaddha) [medium]
  • [rdp-nla-disabled] Network Level Authentication for RDP Disabled (@princechaddha) [high]
  • [remote-assistance-enabled] Check Remote Assistance Misconfiguration (@princechaddha) [medium]
  • [remote-desktop-enabled-non-server] Remote Desktop Enabled on Non-Server OS (@princechaddha) [high]
  • [restrict-anonymous-access-disabled] Restrict Anonymous Access Disabled (@princechaddha) [high]
  • [reversible-encryption-passwords-enabled] Store Passwords Using Reversible Encryption Enabled (@princechaddha) [critical]
  • [safe-dll-search-mode-disabled] Safe DLL Search Mode Disabled (@princechaddha) [high]
  • [secure-boot-disabled] Secure Boot Not Enabled (@princechaddha) [high]
  • [shutdown-without-logon-allowed] System Allows Shutdown Without Logging On (@princechaddha) [medium]
  • [smb-allow-unencrypted-passwords] Unencrypted Passwords to SMB Servers Allowed (@princechaddha) [high]
  • [smb-signing-not-required] SMB Signing Not Required (@princechaddha) [high]
  • [smb-v1-enabled] SMB v1 Protocol Enabled (@princechaddha) [critical]
  • [sticky-keys-enabled-login] Sticky Keys Enabled at Login Screen (@princechaddha) [high]
  • [telnet-service-misconfiguration] Check for Misconfigured Telnet Service (@princechaddha) [high]
  • [uac-elevate-without-prompt] UAC Elevate Without Prompting Enabled (@princechaddha) [high]
  • [unencrypted-file-sharing-enabled] Unencrypted File Sharing Enabled (@princechaddha) [medium]
  • [unsigned-kernel-mode-drivers-allowed] Installation of Unsigned Kernel-Mode Drivers Allowed (@princechaddha) [high]
  • [usb-storage-not-restricted] USB Storage Devices Not Restricted (@princechaddha) [medium]
  • [weak-ssl-tls-protocols-enabled] Weak SSL/TLS Protocols Enabled (@princechaddha) [critical]
  • [windows-active-desktop-enabled] Active Desktop Enabled (@princechaddha) [medium]
  • [windows-administrative-shares-enabled] Administrative Shares Enabled (@princechaddha) [high]
  • [windows-administrator-blank-password] Built-in Administrator Account Has Blank Password (@princechaddha) [high]
  • [windows-anonymous-sid-enumeration-allowed] Windows Allows Anonymous SID Enumeration (@princechaddha) [medium]
  • [windows-autorun-enabled] AutoRun Enabled (@princechaddha) [medium]
  • [windows-credential-manager-plaintext-passwords-allowed] Credential Manager Allows Storing of Plain Text Passwords (@princechaddha) [high]
  • [windows-defender-realtime-protection-disabled] Windows Defender Real-Time Protection Disabled (@princechaddha) [high]
  • [windows-dep-disabled] Data Execution Prevention (DEP) Not Enabled (@princechaddha) [high]
  • [windows-firewall-disabled] Windows Firewall Disabled (@princechaddha) [high]
  • [windows-installer-elevated-privileges] Windows Installer Elevated Privileges Enabled (@princechaddha) [medium]
  • [windows-lsa-protection-not-enabled] LSA Protection Not Enabled or Not Configured (@princechaddha) [high]
  • [windows-min-password-length-short] Minimum Password Length Too Short (@princechaddha) [high]
  • [windows-script-host-enabled] Windows Script Host Enabled (@princechaddha) [medium]
  • [windows-stored-network-credentials-allowed] Credentials storage for Network Authentication allowed (@princechaddha) [medium]
  • [windows-system-restore-not-configured] System Restore Not Configured (@princechaddha) [medium]
  • [windows-uac-disabled] User Account Control Disabled (@princechaddha) [high]
  • [windows-unsigned-drivers-allowed] Installation of Unsigned Drivers Allowed (@princechaddha) [high]
  • [windows-update-service-disabled] Windows Update Service Disabled (@princechaddha) [high]
  • [winrm-allows-unencrypted-traffic] WinRM Allows Unencrypted Traffic (@princechaddha) [high]
  • [winrm-basic-auth-enabled] WinRM Basic Authentication Enabled (@princechaddha) [high]
  • [winrm-enabled] Windows Remote Management (WinRM) Enabled (@princechaddha) [medium]
  • [winrm-remote-shell-access-allowed] Remote Shell Access Allowed (@princechaddha) [high]
  • [blue-yonder-panel] Blue Yonder Panel - Detect (@sorrowx3) [info]
  • [infoblox-nios-panel] Infoblox NIOS Login Panel - Detect (@EgemenKochisarli) [info]
  • [tactical-rmm-panel] Tactical RMM Login Panel - Detect (@johnk3r) [info]
  • [trendmicro-apexone-panel] Trend Micro Apex One Login Panel - Detect (@johnk3r) [info]
  • [vince-panel] Vince Login Panel - Detect (@righettod) [info]
  • [dufs-detect] DUFS - Detect (@righettod) [info]
  • [twenty-detect] Twenty - Detect (@righettod) [info]
  • [wordpress-backuply] Backuply – Backup, Restore, Migrate and Clone Detection (@ricardomaia) [info]
  • [wordpress-burst-statistics] Burst Statistics – Privacy-Friendly Analytics for WordPress Detection (@ricardomaia) [info]
  • [fronsetiav-xss] Fronsetiav1.1 - Cross-Site Scripting (@s4e-io) [high]
  • [geovision-geowebserver-lfi-xss] GeoVision Geowebserver <= 5.3.3 - Local File Inclusion / Cross-Site Scripting (@shamo0) [high]
  • [pkp-lib-open-redirect] Open Journal Systems pkp-lib - Open Redirect (@ritikchaddha) [medium]
  • [yonyou-yonbip-lfi] YonBIP - Arbitrary File Read (@l1b3r) [high]
  • [fortinet-fgfm-detect] Fortinet FGFM protocol - Detect (@johnk3r) [info]

New Contributors

Full Changelog: v10.0.4...v10.1.0

Don't miss a new nuclei-templates release

NewReleases is sending notifications on new releases.