projectdiscovery/nuclei-templates v9.9.4

on GitHub

What's Changed

🔥 Release Highlights 🔥

• [CVE-2024-43425] Moodle - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2024-29868] Apache StreamPipes - Weak PRNG in Recovery Token Generation (@alessandro - DEVisions) [critical] 🔥
• [CVE-2024-24809] Traccar - Unrestricted File Upload (@dhiyaneshdk) [high] 🔥
• [CVE-2024-7593] Ivanti vTM - Authentication Bypass (@gy741) [critical] 🔥
• [CVE-2024-6670] WhatsUp Gold HasErrors SQL Injection - Authentication Bypass (@dhiyaneshdk, @princechaddha) [critical] 🔥
• [CVE-2024-5932] GiveWP - PHP Object Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥

Bug Fixes

• Fixed typo in 'shodan-query' key in AirOS Panel detection (#10615).

False Positives

• Fixed Nacos version detection false positive (#10647).
• Fixed false positives for mixed active content (#10571).
• Fixed false positives for weak login detection in XUI (#10533).
• Fixed false positives in CVE-2023-33584 template (#10459).
• Fixed false positives for CVE-2018-11784 detection (#10495).
• Updated SQL injection delay time to reduce false positives in wp-statistics (#10377).
• Updated SQL injection delay time for CVE-2023-6063 to reduce false positives (#10376).

Enhancements

• Updated GitHub takeover matchers to match new 404 page (#10553).
• Improved CVE-2014-6271 detection (#10621).
• Enhanced detection of HashiCorp Vault login panel (#10599).
• Added new endpoint detection for phpMyAdmin panel (#10451).

Template Updates

New Templates Added: 59 | CVEs Added: 30 | First-time contributions: 13

• [CVE-2024-45241] CentralSquare CryWolf - Path Traversal (@s4e-io) [high]
• [CVE-2024-43425] Moodle - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2024-32231] Stash < 0.26.0 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical]
• [CVE-2024-29868] Apache StreamPipes <= 0.93.0 - Use of Cryptographically Weak PRNG in Recovery Token Generation (@alessandro Albani - DEVisions) [critical] 🔥
• [CVE-2024-29272] VvvebJs < 1.7.5 - Arbitrary File Upload (@s4e-io) [medium]
• [CVE-2024-24809] Traccar - Unrestricted File Upload (@dhiyaneshdk) [high] 🔥
• [CVE-2024-23163] GestSup - Account Takeover (@eeche, @chae1xx1os, @persona-twotwo, @soonghee2, @gy741) [critical]
• [CVE-2024-8181] Flowise <= 1.8.2 Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [high]
• [CVE-2024-7954] SPIP Porte Plume Plugin - Remote Code Execution (@s4e-io) [critical]
• [CVE-2024-7928] FastAdmin < V1.3.4.20220530 - Path Traversal (@s4e-io) [medium]
• [CVE-2024-7593] Ivanti vTM - Authentication Bypass (@gy741) [critical] 🔥
• [CVE-2024-6911] PerkinElmer ProcessPlus <= 1.11.6507.0 - Local File Inclusion (@s4e-io) [high]
• [CVE-2024-6893] Journyx - XML External Entities Injection (XXE) (@s4eio) [high]
• [CVE-2024-6842] AnythingLLM - Information Disclosure (@ingbunga, @rahaaaiii, @asteria121, @breakpack, @gy741) [high]
• [CVE-2024-6670] WhatsUp Gold HasErrors SQL Injection - Authentication Bypass (@dhiyaneshdk, @princechaddha) [critical] 🔥
• [CVE-2024-6095] LocalAI - Partial Local File Read (@iamnoooob, @pdresearch, @rootxharsh) [medium]
• [CVE-2024-5932] GiveWP - PHP Object Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2024-5827] Vanna - SQL injection (@olfloralo, @nukunga, @harksu, @nechyo, @gy741) [critical]
• [CVE-2024-5765] WpStickyBar <= 2.1.0 - SQL Injection (@theamanrawat) [high]
• [CVE-2024-5421] SEH utnserver Pro/ProMAX/INU-100 20.1.22 - File Exposure (@bl4ckp4r4d1s3) [high]
• [CVE-2024-5420] SEH utnserver Pro/ProMAX/INU-100 20.1.22 - Cross-Site Scripting (@bl4ckp4r4d1s3) [high]
• [CVE-2024-3850] Uniview NVR301-04S2-P4 - Cross-Site Scripting (@bleron Rrustemi, @r3naissance) [medium]
• [CVE-2023-46818] ISPConfig - PHP Code Injection (@non-things) [high]
• [CVE-2023-40504] LG Simple Editor <= v3.21.0 - Command Injection (@s4e-io) [critical]
• [CVE-2023-34754] Bloofox v0.5.2.1 - SQL Injection (@ritikchaddha) [critical]
• [CVE-2023-29506] XWiki >= 13.10.8 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-22893] Strapi Versions <=4.5.6 - Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [high]
• [CVE-2023-3521] FOSSBilling < 0.5.3 - Cross-Site Scripting (@ctflearner) [medium]
• [CVE-2023-2624] KiviCare WordPress Plugin - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2020-28429] geojson2kml - Command Injection (@eeche, @chae1xx1os, @persona-twotwo, @soonghee2) [critical]
• [cookie-consent-detection] Cookie Consent Detection (@rxerium) [info]
• [couchdb-default-login] CouchDB - Default Login (@thefoggiest) [high]
• [fuji-xerox-default-login] Fuji Xerox ApeosPort - Default Login (@morgan Robertson) [high]
• [ispconfig-hcp-default-login] ISPConfig Hosting Control Panel - Default Login (@ritikchaddha) [high]
• [jellyfin-default-login] Jellyfin Console - Default Login (@thefoggiest) [high]
• [rundeck-default-login] Rundeck - Default Login (@karkis3c) [high]
• [ivanti-traffic-manager-panel] Ivanti Traffic Manager Panel - Detect (@rxerium) [info]
• [kiali-panel] Kiali - Detect (@righettod) [info]
• [malwared-byob] Malwared (Build Your Own Botnet) - Detect (@pdteam) [info]
• [procore-panel] Procore Login - Panel (@rxerium) [info]
• [elgg-installer] Elgg - Installation (@s4e-io) [high]
• [jackett-installer] Jackett - Installer (@ritikchaddha) [high]
• [jackett-unauth] Jackett UI - Unauthenticated (@ProjectDiscoveryAI) [high]
• [lidarr-dashboard-unauth] Lidarr Dashboard - Unauthenticated (@ProjectDiscoveryAI) [medium]
• [prowlarr-dashboard-unauth] Prowlarr Dashboard - Unauthenticated (@ProjectDiscoveryAI) [medium]
• [radarr-dashboard-unauth] Radarr Dashboard - Unauthenticated (@ProjectDiscoveryAI) [medium]
• [readarr-dashboard-unauth] Readarr Dashboard - Unauthenticated (@ProjectDiscoveryAI) [medium]
• [sonarr-dashboard-unauth] Sonarr Dashboard - Unauthenticated (@ProjectDiscoveryAI) [medium]
• [whisparr-dashboard-unauth] Whisparr Dashboard - Unauthenticated (@ProjectDiscoveryAI) [medium]
• [akamai-bot-manager-detect] Akamai Bot Manager Protection - Detect (@Fazle Arefin) [info]
• [apache-streampipes-detect] Apache StreamPipes - Detect (@alessandro Albani - DEVisions) [info]
• [bigip-apm-detect] BIGIP APM - Detect (@nodauf) [info]
• [spip-detect] SPIP - Detect (@s4e-io) [info]
• [malwared-byob-rce] Malwared BYOB - Unauthenticated Remote Code Execution (@pdteam) [critical]
• [mobsf-apktool-lfi] MobSF - Path Traversal (@will Mccardell) [high]
• [elgg-sqli] Elgg 5.1.4 - SQL Injection (@s4e-io) [high]
• [prest-sqli-auth-bypass] pREST < 1.5.4 - SQLi Via Authentication Bypass (@mihail8531, @iamnoooob, @rootxharsh, @pdresearch) [critical]
• [readymade-unilevel-sqli] Readymade Unilevel Ecommerce MLM - SQL Injection (@s4e-garage) [high]
• [readymade-unilevel-xss] Readymade Unilevel Ecommerce MLM - Cross-Site Scripting (@s4e-garage) [high]

New Contributors

• @Parshva87 made their first contribution in #10536
• @syntacticNaCl made their first contribution in #10553
• @fazlearefin made their first contribution in #10596
• @flyingllama87 made their first contribution in #10600
• @ingbunga made their first contribution in #10427
• @thefoggiest made their first contribution in #10435
• @oIfloraIo made their first contribution in #10429
• @non-things made their first contribution in #10549
• @DEVisions made their first contribution in #10131
• @nil0x42 made their first contribution in #10615
• @willmccardell made their first contribution in #10367
• @BrunoTeixeira1996 made their first contribution in #10622
• @eeche made their first contribution in #10489

Full Changelog: v9.9.3...v9.9.4