v10.0.1
What's Changed
🔥 Release Highlights 🔥
- [CVE-2024-47176] CUPS - Remote Code Execution (@princechaddha) [high] 🔥
- [CVE-2024-47062] Navidrome < 0.53.0 - Authenticated SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
- [CVE-2024-46986] Camaleon CMS < 2.8.1 Arbitrary File Write to RCE (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
- [CVE-2024-45519] Zimbra Collaboration Suite <9.0.0 - RCE (@pdresearch, @iamnoooob, @parthmalhotra, @Ice3man543) [critical] 🔥
- [CVE-2024-45507] Apache OFBiz - Remote Code Execution (@CHYbeta, @Iamnooob, @rootxharsh, @pdresearch) [critical] 🔥
- [CVE-2024-44000] LiteSpeed Cache <= 6.4.1 - Sensitive Information Exposure (@s4e-io) [high] 🔥
- [CVE-2024-38473] Apache HTTP Server - ACL Bypass (@pdteam) [high] 🔥
- [CVE-2024-30188] Apache DolphinScheduler >= 3.1.0, < 3.2.2 File Read/Write (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
- [CVE-2024-28397] pyload-ng js2py - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [medium] 🔥
- [CVE-2024-9014] pgAdmin 4 - Authentication Bypass (@s4e-io) [critical] 🔥
- [CVE-2024-8522] LearnPress – WordPress LMS - SQL Injection (@pdresearch, @iamnoooob, @rootxharsh) [critical] 🔥
- [CVE-2024-8503] VICIdial - SQL Injection (@s4e-io) [critical] 🔥
- [CVE-2024-5276] Fortra FileCatalyst Workflow <= v5.1.6 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
- [CVE-2023-43654] PyTorch TorchServe SSRF (@dhiyaneshdk) [critical] 🔥
- [CVE-2023-27584] Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
- [CVE-2019-0232] Apache Tomcat
CGIServlet
enableCmdLineArguments - Remote Code Execution (@dhiyaneshdk) [high] 🔥
Bug Fixes
- Resolved unresolved variables found: FQDN (#10349).
False Negatives
- Improve detection and reduce false negatives for CVE-2024-47176 (Issue #10864).
False Positives
- Fixed false positive for CVE-2021-33044 (#10863).
- Removed CVE-2023-35489 due to false positives (Issue #10800).
- Update to fix false positives in CVE-2024-41667.yaml (#10751).
- Resolved false positive in CVE-2024-41667.yaml (#10749).
Enhancements
- Added regex extractor for user-agent of HTTP request to identify vulnerable devices in CVE-2024-47176.yaml (#10864).
- Updated severity in apple-cups-exposure.yaml (#10857).
- Severity update for jwk-json-leak.yaml (#10840).
- Added nacos configuration leak detection (#10825).
- Refactored the "git-repository-browser" template (#10801).
- Moved http/cves/CVE-2024-45507.yaml to http/cves/2024/CVE-2024-45507.yaml (#10785).
- Refactored the "kubelet-metrics" template (#10765).
- Refactored the "GITEA" template (#10752).
- Optimized templates due to Nuclei changes and added new templates (Issue #10285).
- Deleted http/fuzzing/valid-gmail-check.yaml as the Gmail API is no longer active (#10865).
Template Updates
New Templates Added: 86
| CVEs Added: 41
| First-time contributions: 2
- [CVE-2024-47176] CUPS - Remote Code Execution (@princechaddha) [high] 🔥
- [CVE-2024-47062] Navidrome < 0.53.0 - Authenticated SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
- [CVE-2024-46986] Camaleon CMS < 2.8.1 Arbitrary File Write to RCE (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
- [CVE-2024-45622] ASIS - SQL Injection Authentication Bypass (@s4e-io) [critical]
- [CVE-2024-45519] Zimbra Collaboration Suite <9.0.0 - RCE (@pdresearch, @iamnoooob, @parthmalhotra, @Ice3man543) [critical] 🔥
- [CVE-2024-45507] Apache OFBiz - Remote Code Execution (@CHYbeta, @Iamnooob, @rootxharsh, @pdresearch) [critical] 🔥
- [CVE-2024-44000] LiteSpeed Cache <= 6.4.1 - Sensitive Information Exposure (@s4e-io) [high] 🔥
- [CVE-2024-41810] Twisted - Open Redirect & XSS (@KoYejune0302, @cheoljun99, @sim4110, @gy741) [medium]
- [CVE-2024-38473] Apache HTTP Server - ACL Bypass (@pdteam) [high] 🔥
- [CVE-2024-36683] PrestaShop productsalert - SQL Injection (@mastercho) [critical]
- [CVE-2024-30269] DataEase <= 2.4.1 - Sensitive Information Exposure (@s4e-io) [medium]
- [CVE-2024-30188] Apache DolphinScheduler >= 3.1.0, < 3.2.2 File Read/Write (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
- [CVE-2024-28397] pyload-ng js2py - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [medium] 🔥
- [CVE-2024-22207] Fastify Swagger-UI - Information Disclosure (@dhiyaneshdk, @iamnoooob) [medium]
- [CVE-2024-9014] pgAdmin 4 - Authentication Bypass (@s4e-io) [critical] 🔥
- [CVE-2024-8883] Keycloak - Open Redirect (@iamnoooob, @rootxharsh, @pdresearch) [medium]
- [CVE-2024-8752] WebIQ 2.15.9 - Directory Traversal (@s4e-io) [high]
- [CVE-2024-8522] LearnPress – WordPress LMS - SQL Injection (@pdresearch, @iamnoooob, @rootxharsh) [critical] 🔥
- [CVE-2024-8503] VICIdial - SQL Injection (@s4e-io) [critical] 🔥
- [CVE-2024-8484] REST API TO MiniProgram <= 4.7.1 - SQL Injection (@s4e-io) [high]
- [CVE-2024-6845] SmartSearchWP < 2.4.6 - OpenAI Key Disclosure (@s4e-io) [medium]
- [CVE-2024-5276] Fortra FileCatalyst Workflow <= v5.1.6 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
- [CVE-2024-3673] Web Directory Free < 1.7.3 - Local File Inclusion (@s4e-io) [critical]
- [CVE-2023-47253] Qualitor <= 8.20 - Remote Code Execution (@s4e-io) [critical]
- [CVE-2023-43654] PyTorch TorchServe SSRF (@dhiyaneshdk) [critical] 🔥
- [CVE-2023-39650] PrestaShop Theme Volty CMS Blog - SQL Injection (@mastercho) [critical]
- [CVE-2023-39024] Harman Media Suite <= 4.2.0 - Local File Disclosure (@s4e-io) [high]
- [CVE-2023-38192] SuperWebMailer 9.00.0.01710 - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2023-27847] PrestaShop xipblog - SQL Injection (@mastercho) [critical]
- [CVE-2023-27584] Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
- [CVE-2023-6568] Mlflow - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2023-6275] TOTVS Fluig Platform - Cross-Site Scripting (@s4e-io) [medium]
- [CVE-2023-3578] DedeCMS 5.7.109 - Server-Side Request Forgery (@ritikchaddha) [critical]
- [CVE-2023-3188] Owncast - Server Side Request Forgery (@dhiyaneshdk) [medium]
- [CVE-2022-24637] Open Web Analytics 1.7.3 - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical]
- [CVE-2020-11441] phpMyAdmin 5.0.2 - CRLF Injection (@ritikchaddha) [medium]
- [CVE-2019-6793] GitLab Enterprise Edition - Server-Side Request Forgery (@ritikchaddha) [high]
- [CVE-2019-0232] Apache Tomcat
CGIServlet
enableCmdLineArguments - Remote Code Execution (@dhiyaneshdk) [high] 🔥 - [CVE-2017-3133] Fortinet FortiOS < 5.6.0 - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2017-3132] Fortinet FortiOS < 5.6.0 - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2017-3131] FortiOS 5.4.0 to 5.6.0 - Cross-Site Scripting (@ritikchaddha) [medium]
- [bonita-default-login] Bonita - Default Login (@dhiyaneshdk) [high]
- [camaleon-default-login] Camaleon CMS - Default Login (@dhiyaneshdk) [high]
- [canon-c3325-default-login] Canon R-ADV C3325 - Default-Login (@ritikchaddha) [high]
- [dragonfly-default-login] Dragonfly - Default Login (@dhiyaneshdk) [high]
- [filegator-default-login] Filegator - Default-Login (@ritikchaddha) [high]
- [nginx-proxy-manager-default-login] Nginx Proxy Manager - Default Login (@barttran2000) [high]
- [pcoweb-default-login] pCOWeb - Default-Login (@ritikchaddha) [high]
- [topaccess-default-login] Toshiba TopAccess - Default-Login (@ritikchaddha) [high]
- [tplink-r470t-default-login] TP-LINK Router R470T - Default-Login (@ritikchaddha) [high]
- [tplink-wR940n-default-login] TP-Link Wireless N Router WR940N - Default-Login (@ritikchaddha) [high]
- [bonita-portal-panel] Bonita Portal Login - Detect (@dhiyaneshdk) [info]
- [camaleon-panel] Camaleon CMS Login - Panel (@dhiyaneshdk) [info]
- [canon-iradv-c3325] Canon iR-ADV C3325 Panel - Detect (@ritikchaddha) [info]
- [cgit-panel] CGIT - Detect (@tess, @righettod) [info]
- [docuware-panel] DocuWare - Detect (@righettod) [info]
- [dragonfly-panel] DragonFly Login - Panel (@dhiyaneshdk) [info]
- [filecatalyst-panel] FileCatalyst File Transfer Solution - Detect (@dhiyaneshdk) [info]
- [filegator-panel] FileGator Panel - Detect (@ritikchaddha) [info]
- [ivanti-csa-panel] Ivanti(R) Cloud Services Appliance - Panel (@rxerium) [info]
- [maestro-listserv-panel] Maestro LISTSERV - Detect (@righettod) [info]
- [open-web-analytics-panel] Open Web Analytics Login - Detect (@dhiyaneshdk) [info]
- [pcoweb-panel] pCOWeb Panel - Detect (@ritikchaddha) [info]
- [qualitor-itsm-panel] Qualitor ITSM - Detect (@johnk3r) [info]
- [topaccess-panel] Toshiba TopAccess Panel - Detect (@ritikchaddha) [info]
- [tplink-r470t-panel] TP-LINK Router R470T - Detect (@ritikchaddha) [info]
- [canon-c3325-unauth] Canon R-ADV C3325 - Unauth (@ritikchaddha) [high]
- [dragonfly-public-signup] DragonFly Public - Signup Enabled (@dhiyaneshdk) [high]
- [navidrome-admin-install] Navidrome Admin User Creation (@dhiyaneshdk) [critical]
- [open-web-analytics-installer] Open Web Analytics Installer - Exposure (@dhiyaneshdk) [high]
- [pcoweb-unauth] pCOWeb - Unauth (@ritikchaddha) [high]
- [cups-detect] CUPS - Detect (@rxerium) [info]
- [domibus-detect] Domibus - Detect (@righettod) [info]
- [hugegraph-detect] HugeGraph - Detect (@rxerium) [info]
- [lobechat-detect] LobeChat - Detect (@s4e-io) [info]
- [torchserve-detect] TorchServe API Description - Detect (@dhiyaneshdk) [info]
- [wordpress-extendify] Extendify Detection (@ricardomaia) [info]
- [wordpress-wp-mail-logging] WP Mail Logging Detection (@ricardomaia) [info]
- [fumengyun-sqli] Fumeng - SQL Injection (@ritikchaddha) [critical]
- [motic-dsm-arbitrary-file-read] MoticDSM - Arbitrary File Read (@s4e-io) [high]
- [nacos-info-leak] Nacos - Information Disclosure (@s4e-io) [high]
- [netpower-npfw-lfi] Netpower NPFW - Local File Inclusion (@ritikchaddha) [high]
- [newcapec-rce] Newcapec - Remote Code Execution (@ritikchaddha) [critical]
- [nginx-webui-rce] nginxWebUI ≤ 3.5.0 - Remote Command Execution (@ritikchaddha) [critical]
- [panmicro-arbitrary-file-read] Panmicro E-Mobile System - Arbitrary File Read (@s4e-io) [high]
- [onimai-rat-c2] Onimai RAT C2 SSL Certificate - Detect (@worldwidefuckfest) [info]
New Contributors
- @worldwidefuckfest made their first contribution in #10818
- @KoYejune0302 made their first contribution in #10428
Full Changelog: v10.0.0...v10.0.1