🔥 Release Highlights 🔥
- [CVE-2024-0200] Github Enterprise - Authenticated RCE (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
- [CVE-2024-4956] Sonatype Nexus Repository Manager 3 - Local File Inclusion (@ritikchaddha) [high] 🔥
- [CVE-2024-0195] SpiderFlow Crawler Platform - Remote Code Execution (@pussycat0x) [critical] 🔥
- [CVE-2023-43374] Hoteldruid v3.0.5 - SQL Injection (@ritikchaddha) [critical] 🔥
What's Changed
New Templates Added: 62
| CVEs Added: 16
| First-time contributions: 3
- [CVE-2024-33288] Prison Management System - SQL Injection Authentication Bypass (@Kazgangap) [high]
- [CVE-2024-4956] Sonatype Nexus Repository Manager 3 - Local File Inclusion (@ritikchaddha) [high] 🔥
- [CVE-2024-3097] NextGEN Gallery <= 3.59 - Missing Authorization to Unauth Information Disclosure (@DhiyanesDK) [medium]
- [CVE-2024-1561] Gradio Applications - Local File Read (@diablo) [high]
- [CVE-2024-0200] Github Enterprise - Authenticated RCE (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
- [CVE-2024-0195] SpiderFlow Crawler Platform - Remote Code Execution (@pussycat0x) [critical] 🔥
- [CVE-2023-45855] qdPM 9.2 - Directory Traversal (@dhiyaneshdk) [high]
- [CVE-2023-44813] mooSocial v.3.1.8 - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2023-43374] Hoteldruid v3.0.5 - SQL Injection (@ritikchaddha) [critical] 🔥
- [CVE-2023-36347] POS Codekop v2.0 - Broken Authentication (@princechaddha) [high]
- [CVE-2023-36284] QloApps 1.6.0 - SQL Injection (@ritikchaddha) [high]
- [CVE-2023-35158] XWiki - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2023-29827] Embedded JavaScript(EJS) 3.1.6 - Template Injection (@ritikchaddha) [critical]
- [CVE-2023-6065] Quttera Web Malware Scanner <= 3.4.1.48 - Sensitive Data Exposure (@Kazgangap) [medium]
- [CVE-2023-5991] Hotel Booking Lite < 4.8.5 - Arbitrary File Download & Deletion (@Kazgangap) [critical]
- [CVE-2023-4542] D-Link DAR-8000-10 - Command Injection (@pussycat0x) [critical]
- [CNVD-2017-06001] Dahua DSS - SQL Injection (@napgh0st, @ritikchaddha) [high]
- [softether-vpn-default-login] SoftEther VPN Admin Console - Default Login (@bhutch) [high]
- [ackee-panel] Ackee Panel - Detect (@userdehghani) [info]
- [craftercms-panel] CrafterCMS Login Panel - Detect (@righettod) [info]
- [easyvista-panel] EasyVista Login Panel - Detect (@righettod) [info]
- [f5-next-central-manager] F5 Next Central Manager Panel - Detect (@EgemenKochisarli) [info]
- [ghost-panel] Ghost Panel - Detect (@userdehghani) [info]
- [matomo-panel] Matomo Panel - Detect (@Arr0way, @userdehghani) [info]
- [microfocus-lifecycle-panel] Micro Focus Application Lifecycle Management - Panel (@righettod) [info]
- [n8n-panel] n8n Panel - Detect (@userdehghani) [info]
- [nocodb-panel] NocoDB Panel - Detect (@userdehghani) [info]
- [oracle-ebusiness-panel] Oracle E-Business Suite Login Panel - Detect (@righettod) [info]
- [pocketbase-panel] PocketBase Panel - Detect (@userdehghani) [info]
- [qlikview-accesspoint-panel] QlikView AccessPoint Login Panel - Detect (@righettod) [info]
- [tiny-rss-panel] Tiny RSS Panel - Detect (@userdehghani) [info]
- [unleash-panel] Unleash Panel - Detect (@userdehghani) [info]
- [tpot-honeypot-detect] T-Pot Honeypot - Detect (@rxerium) [info]
- [imgproxy-unauth] Imgproxy Unauthorized Access (@userdehghani) [low]
- [custom-xoops-installer] XOOPS Custom - Installation (@dhiyaneshdk) [high]
- [easy-viserlabs-installer] Easy Installer by ViserLab - Exposure (@dhiyaneshdk) [high]
- [forgejo-installer] Forgejo Installation Page - Exposure (@dhiyaneshdk) [high]
- [froxlor-installer] Froxlor Server Management - Installer (@dhiyaneshdk) [high]
- [growi-installer] GROWI Installer - Exposure (@dhiyaneshdk) [high]
- [ids-skills-installer] IDP Skills Installer - Exposure (@dhiyaneshdk) [high]
- [moosocial-installer] mooSocial Installation - Exposure (@ritikchaddha) [high]
- [octoprint-installer] OctoPrint Installation Page - Exposure (@dhiyaneshdk) [high]
- [openfire-setup] Openfire Setup - Exposure (@dhiyaneshdk) [high]
- [phpmyfaq-installer] phpMyFAQ Installation - Exposure (@ritikchaddha) [high]
- [qloapps-installer] QloApps - Installation (@ritikchaddha) [high]
- [trilium-notes-installer] Trilium Notes Installer - Exposure (@dhiyaneshdk) [high]
- [wiki-js-installer] Wiki.js Setup - Exposure (@dhiyaneshdk) [high]
- [xbackbone-installer] XBackBone Installer - Exposure (@dhiyaneshdk) [high]
- [unigui-server-monitor-exposure] UniGUI Server Monitor Panel - Exposure (@serrapa) [low]
- [apache-answer-detect] Apache Answer - Detection (@omranisecurity) [info]
- [boa-web-server] Boa Web Server - Detect (@johnk3r) [info]
- [craftercms-detect] CrafterCMS - Detect (@righettod) [info]
- [imgproxy-detect] Imgproxy Detect (@userdehghani) [info]
- [meilisearch-detect] Meilisearch - Detect (@userdehghani) [info]
- [microfocus-iprint-detect] Micro Focus iPrint Appliance - Detect (@righettod) [info]
- [statamic-detect] Statamic - Detect (@geeknik) [info]
- [tinyproxy-detect] Tinyproxy - Detect (@bhutch) [info]
- [uni-gui-framework] UniGUI Framework - Detect (@serrapa) [info]
- [wp-bricks-builder-theme] WordPress Bricks Builder Theme Version (@Anonymous) [info]
- [castel-digital-sqli] Castel Digital - Authentication Bypass (@Kazgangap) [high]
- [tendat-credential] Tendat Router Credential - Exposure (@pussycat0x) [high]
- [checkpoint-firewall-enum] Check Point Firewall - Detect (@pussycat0x) [info]
New Contributors
- @x676f64 made their first contribution in #9690
- @Ahsraeisi made their first contribution in #9793
- @jmac774 made their first contribution in #9844
Full Changelog: v9.8.6...v9.8.7