v9.9.4
What's Changed
🔥 Release Highlights 🔥
- [CVE-2024-43425] Moodle - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
- [CVE-2024-29868] Apache StreamPipes - Weak PRNG in Recovery Token Generation (@alessandro - DEVisions) [critical] 🔥
- [CVE-2024-24809] Traccar - Unrestricted File Upload (@dhiyaneshdk) [high] 🔥
- [CVE-2024-7593] Ivanti vTM - Authentication Bypass (@gy741) [critical] 🔥
- [CVE-2024-6670] WhatsUp Gold HasErrors SQL Injection - Authentication Bypass (@dhiyaneshdk, @princechaddha) [critical] 🔥
- [CVE-2024-5932] GiveWP - PHP Object Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
Bug Fixes
- Fixed typo in 'shodan-query' key in AirOS Panel detection (#10615).
False Positives
- Fixed Nacos version detection false positive (#10647).
- Fixed false positives for mixed active content (#10571).
- Fixed false positives for weak login detection in XUI (#10533).
- Fixed false positives in CVE-2023-33584 template (#10459).
- Fixed false positives for CVE-2018-11784 detection (#10495).
- Updated SQL injection delay time to reduce false positives in wp-statistics (#10377).
- Updated SQL injection delay time for CVE-2023-6063 to reduce false positives (#10376).
Enhancements
- Updated GitHub takeover matchers to match new 404 page (#10553).
- Improved CVE-2014-6271 detection (#10621).
- Enhanced detection of HashiCorp Vault login panel (#10599).
- Added new endpoint detection for phpMyAdmin panel (#10451).
Template Updates
New Templates Added: 59
| CVEs Added: 30
| First-time contributions: 13
- [CVE-2024-45241] CentralSquare CryWolf - Path Traversal (@s4e-io) [high]
- [CVE-2024-43425] Moodle - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
- [CVE-2024-32231] Stash < 0.26.0 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical]
- [CVE-2024-29868] Apache StreamPipes <= 0.93.0 - Use of Cryptographically Weak PRNG in Recovery Token Generation (@alessandro Albani - DEVisions) [critical] 🔥
- [CVE-2024-29272] VvvebJs < 1.7.5 - Arbitrary File Upload (@s4e-io) [medium]
- [CVE-2024-24809] Traccar - Unrestricted File Upload (@dhiyaneshdk) [high] 🔥
- [CVE-2024-23163] GestSup - Account Takeover (@eeche, @chae1xx1os, @persona-twotwo, @soonghee2, @gy741) [critical]
- [CVE-2024-8181] Flowise <= 1.8.2 Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [high]
- [CVE-2024-7954] SPIP Porte Plume Plugin - Remote Code Execution (@s4e-io) [critical]
- [CVE-2024-7928] FastAdmin < V1.3.4.20220530 - Path Traversal (@s4e-io) [medium]
- [CVE-2024-7593] Ivanti vTM - Authentication Bypass (@gy741) [critical] 🔥
- [CVE-2024-6911] PerkinElmer ProcessPlus <= 1.11.6507.0 - Local File Inclusion (@s4e-io) [high]
- [CVE-2024-6893] Journyx - XML External Entities Injection (XXE) (@s4eio) [high]
- [CVE-2024-6842] AnythingLLM - Information Disclosure (@ingbunga, @rahaaaiii, @asteria121, @breakpack, @gy741) [high]
- [CVE-2024-6670] WhatsUp Gold HasErrors SQL Injection - Authentication Bypass (@dhiyaneshdk, @princechaddha) [critical] 🔥
- [CVE-2024-6095] LocalAI - Partial Local File Read (@iamnoooob, @pdresearch, @rootxharsh) [medium]
- [CVE-2024-5932] GiveWP - PHP Object Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
- [CVE-2024-5827] Vanna - SQL injection (@olfloralo, @nukunga, @harksu, @nechyo, @gy741) [critical]
- [CVE-2024-5765] WpStickyBar <= 2.1.0 - SQL Injection (@theamanrawat) [high]
- [CVE-2024-5421] SEH utnserver Pro/ProMAX/INU-100 20.1.22 - File Exposure (@bl4ckp4r4d1s3) [high]
- [CVE-2024-5420] SEH utnserver Pro/ProMAX/INU-100 20.1.22 - Cross-Site Scripting (@bl4ckp4r4d1s3) [high]
- [CVE-2024-3850] Uniview NVR301-04S2-P4 - Cross-Site Scripting (@bleron Rrustemi, @r3naissance) [medium]
- [CVE-2023-46818] ISPConfig - PHP Code Injection (@non-things) [high]
- [CVE-2023-40504] LG Simple Editor <= v3.21.0 - Command Injection (@s4e-io) [critical]
- [CVE-2023-34754] Bloofox v0.5.2.1 - SQL Injection (@ritikchaddha) [critical]
- [CVE-2023-29506] XWiki >= 13.10.8 - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2023-22893] Strapi Versions <=4.5.6 - Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [high]
- [CVE-2023-3521] FOSSBilling < 0.5.3 - Cross-Site Scripting (@ctflearner) [medium]
- [CVE-2023-2624] KiviCare WordPress Plugin - Cross-Site Scripting (@ritikchaddha) [medium]
- [CVE-2020-28429] geojson2kml - Command Injection (@eeche, @chae1xx1os, @persona-twotwo, @soonghee2) [critical]
- [cookie-consent-detection] Cookie Consent Detection (@rxerium) [info]
- [couchdb-default-login] CouchDB - Default Login (@thefoggiest) [high]
- [fuji-xerox-default-login] Fuji Xerox ApeosPort - Default Login (@morgan Robertson) [high]
- [ispconfig-hcp-default-login] ISPConfig Hosting Control Panel - Default Login (@ritikchaddha) [high]
- [jellyfin-default-login] Jellyfin Console - Default Login (@thefoggiest) [high]
- [rundeck-default-login] Rundeck - Default Login (@karkis3c) [high]
- [ivanti-traffic-manager-panel] Ivanti Traffic Manager Panel - Detect (@rxerium) [info]
- [kiali-panel] Kiali - Detect (@righettod) [info]
- [malwared-byob] Malwared (Build Your Own Botnet) - Detect (@pdteam) [info]
- [procore-panel] Procore Login - Panel (@rxerium) [info]
- [elgg-installer] Elgg - Installation (@s4e-io) [high]
- [jackett-installer] Jackett - Installer (@ritikchaddha) [high]
- [jackett-unauth] Jackett UI - Unauthenticated (@ProjectDiscoveryAI) [high]
- [lidarr-dashboard-unauth] Lidarr Dashboard - Unauthenticated (@ProjectDiscoveryAI) [medium]
- [prowlarr-dashboard-unauth] Prowlarr Dashboard - Unauthenticated (@ProjectDiscoveryAI) [medium]
- [radarr-dashboard-unauth] Radarr Dashboard - Unauthenticated (@ProjectDiscoveryAI) [medium]
- [readarr-dashboard-unauth] Readarr Dashboard - Unauthenticated (@ProjectDiscoveryAI) [medium]
- [sonarr-dashboard-unauth] Sonarr Dashboard - Unauthenticated (@ProjectDiscoveryAI) [medium]
- [whisparr-dashboard-unauth] Whisparr Dashboard - Unauthenticated (@ProjectDiscoveryAI) [medium]
- [akamai-bot-manager-detect] Akamai Bot Manager Protection - Detect (@Fazle Arefin) [info]
- [apache-streampipes-detect] Apache StreamPipes - Detect (@alessandro Albani - DEVisions) [info]
- [bigip-apm-detect] BIGIP APM - Detect (@nodauf) [info]
- [spip-detect] SPIP - Detect (@s4e-io) [info]
- [malwared-byob-rce] Malwared BYOB - Unauthenticated Remote Code Execution (@pdteam) [critical]
- [mobsf-apktool-lfi] MobSF - Path Traversal (@will Mccardell) [high]
- [elgg-sqli] Elgg 5.1.4 - SQL Injection (@s4e-io) [high]
- [prest-sqli-auth-bypass] pREST < 1.5.4 - SQLi Via Authentication Bypass (@mihail8531, @iamnoooob, @rootxharsh, @pdresearch) [critical]
- [readymade-unilevel-sqli] Readymade Unilevel Ecommerce MLM - SQL Injection (@s4e-garage) [high]
- [readymade-unilevel-xss] Readymade Unilevel Ecommerce MLM - Cross-Site Scripting (@s4e-garage) [high]
New Contributors
- @Parshva87 made their first contribution in #10536
- @syntacticNaCl made their first contribution in #10553
- @fazlearefin made their first contribution in #10596
- @flyingllama87 made their first contribution in #10600
- @ingbunga made their first contribution in #10427
- @thefoggiest made their first contribution in #10435
- @oIfloraIo made their first contribution in #10429
- @non-things made their first contribution in #10549
- @DEVisions made their first contribution in #10131
- @nil0x42 made their first contribution in #10615
- @willmccardell made their first contribution in #10367
- @BrunoTeixeira1996 made their first contribution in #10622
- @eeche made their first contribution in #10489
Full Changelog: v9.9.3...v9.9.4