Skip to content

Releases: projectdiscovery/nuclei-templates

Alibaba Cloud Config Review - Nuclei Templates v10.1.1 🎉

23 Dec 10:40
@princechaddha princechaddha
v10.1.1
0783b20
Compare
Choose a tag to compare
Alibaba Cloud Config Review - Nuclei Templates v10.1.1 🎉 Latest
Latest

🔥 Release Highlights 🔥

We’re excited to announce the expansion of the Nuclei Templates with new templates specifically for Alibaba Cloud Configurations. This release introduces a series of specialized security checks tailored for the comprehensive components of Alibaba Cloud services, including ECS instances, RDS databases, OSS buckets, and more. These new templates are crafted to pinpoint common misconfigurations, ensure compliance with regulatory standards, and maintain adherence to industry best practices, leveraging advanced features such as flow and code analysis.

The introduction of these Alibaba Cloud-specific templates empowers security teams to conduct thorough security audits of their Alibaba Cloud environments, uncovering crucial misconfigurations and vulnerabilities. Moreover, this release offers customizable checks that can be tailored to meet the unique operational demands of different teams, aiding in the prompt detection and remediation of security issues.

We encourage contributors and reviewers to provide their valuable feedback and suggestions to help enhance and evolve these Alibaba Cloud security templates further. For more details, please visit our latest blog post.

Other Highlights

What's Changed

New Templates Added: 154 | CVEs Added: 31 | First-time contributions: 4

  • [CVE-2024-55956] Cleo Harmony < 5.8.0.24 - File Upload Vulnerability (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
  • [CVE-2024-52875] Kerio Control v9.2.5 - CRLF Injection (@ritikchaddha, @iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
  • [CVE-2024-52433] My Geo Posts Free <= 1.2 - PHP Object Injection (@s4e-io) [critical]
  • [CVE-2024-50623] Cleo Harmony < 5.8.0.21 - Arbitary File Read (@dhiyaneshdk) [high] 🔥
  • [CVE-2024-48307] JeecgBoot v3.7.1 - SQL Injection (@lbb, @s4e-io) [critical]
  • [CVE-2024-45309] OneDev.io < 11.0.9 - Arbitrary File Read (@isacaya) [high] 🔥
  • [CVE-2024-45293] TablePress < 2.4.3 - XXE Injection (@iamnoooob, @ritikchaddha) [high]
  • [CVE-2024-41713] Mitel MiCollab - Authentication Bypass (@dhiyaneshdk, @watchtowr) [high] 🔥
  • [CVE-2024-39887] Apache Superset < 4.0.2 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [medium]
  • [CVE-2024-36404] GeoServer and GeoTools - Remote Code Execution (@ritikchaddha) [critical] 🔥
  • [CVE-2024-24116] Ruijie RG-NBS2009G-P - Improper Authentication (@friea) [critical]
  • [CVE-2024-12209] WP Umbrella Update Backup Restore & Monitoring <= 2.17.0 - Local File Inclusion (@s4e-io) [critical] 🔥
  • [CVE-2024-11728] KiviCare Clinic & Patient Management System (EHR) <= 3.6.4 - SQL Injection (@samogod, @s4e-io) [high]
  • [CVE-2024-11305] Altenergy Power Control Software - SQL Injection (@s4e-io) [medium]
  • [CVE-2024-11303] Korenix JetPort 5601v3 - Path Traversal (@geeknik) [high]
  • [CVE-2024-10516] Swift Performance Lite < 2.3.7.2 - Local PHP File Inclusion (@ritikchaddha) [high]
  • [CVE-2024-10400] Tutor LMS <= 2.7.6 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [high]
  • [CVE-2024-8859] Mlflow < 2.17.0 - Local File Inclusion (@gy741) [critical]
  • [CVE-2024-8856] WP Time Capsule Plugin - Remote Code Execution (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
  • [CVE-2023-50094] reNgine 2.2.0 - Command Injection (@Zierax) [high]
  • [CVE-2023-46455] GL.iNet <= 4.3.7 - Arbitrary File Write (@Zierax) [high]
  • [CVE-2023-37599] Issabel PBX 4.0.0-6 - Directory Listing (@ritikchaddha) [high]
  • [CVE-2023-6697] WP Go Maps (formerly WP Google Maps) < 9.0.29 - Cross-Site Scripting (@iamnoooob, @ritikchaddha) [medium]
  • [CVE-2023-3990] Mingsoft MCMS < 5.3.1 - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2023-1119] WP-Optimize WordPress plugin < 3.2.13 - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2022-4375] Mingsoft MCMS - SQL Injection (@ritikchaddha) [critical]
  • [CVE-2022-2552] Duplicator < 1.4.7.1 - Information Disclosure (@iamnoooob, @ritikchaddha) [medium]
  • [CVE-2020-15906] Tiki Wiki CMS GroupWare - Authentication Bypass (@JeonSungHyun[nukunga], @gy741, @oIfloraIo, @nechyo, @harksu) [critical] 🔥
  • [CVE-2020-13935] Apache Tomcat WebSocket Frame Payload Length Validation Denial of Service (@sttlr) [high] 🔥
  • [CVE-2019-9912] WP Google Maps < 7.10.43 - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2017-1000353] Jenkins CLI - Java Deserialization (@hnd3884) [critical] 🔥
  • [ack-cluster-api-public] Public Access to ACK Cluster's API Server - Enabled (@ritikchaddha) [high]
  • [ack-cluster-auditing-disable] Cluster Auditing with Simple Log Service - Disabled (@ritikchaddha) [low]
  • [ack-cluster-cloud-monitor-disable] Cloud Monitor for ACK Clusters - Disable (@ritikchaddha) [medium]
  • [ack-cluster-health-disable] ACK Clusters Check - Disable (@ritikchaddha) [medium]
  • [ack-cluster-network-policies-disable] Enforced Cluster Support for Network Policies - Disabled (@ritikchaddha) [medium]
  • [ack-cluster-network-policies-missing] Cluster Support for Network Policies - Missing (@ritikchaddha) [medium]
  • [kubernetes-dashboard-enabled] Kubernetes Dashboard for ACK Clusters - Enabled (@ritikchaddha) [medium]
  • [multi-region-logging-disabled] Global Service (Multi-Region) Logging - Disabled (@dhiyaneshdk) [high]
  • [public-actiontrail-bucket] ActionTrail Log Buckets - Publicly Exposed (@ritikchaddha) [high]
  • [alibaba-cloud-code-env] Alibaba Cloud Environment Validation (@dhiyaneshdk) [info]
  • [os-patches-outdated] OS Patches - Outdated (@dhiyaneshdk) [medium]
  • [unattached-disk-encryption-disabled] Encryption for Unattached Disks - Disabled (@dhiyaneshdk) [high]
  • [unattached-vminstance-encryption-disabled] Encryption for VM Instance Disks - Disabled (@dhiyaneshdk) [high]
  • [unrestricted-rdp-access] Unrestricted - RDP Access (@dhiyaneshdk) [high]
  • [unrestricted-ssh-access] Unrestricted - SSH Access (@dhiyaneshdk) [high]
  • [access-logoss-disabled] Access Logging for OSS Buckets - Disabled (@dhiyaneshdk) [medium]
  • [improper-bucket-sse] Improper Bucket Server-Side Encryption (@ritikchaddha) [medium]
  • [limit-networkaccess-disabled] Limit Network Access to Selected Networks - Disabled (@dhiyaneshdk) [medium]
  • [oos-bucket-public-access] OSS Bucket Public Accessible (@dhiyaneshdk) [high]
  • [secure-transfeross-disabled] Secure Transfer for OSS Buckets - Disabled (@dhiyaneshdk) [medium]
  • [sse-cmk-disabled] Server-Side Encryption with Customer Managed Key - Disabled (@ritikchaddha) [high]
  • [sse-smk-disabled] Server-Side Encryption with Service Managed Key - Disabled (@ritikchaddha) [high]
  • [custom-ram-policy-admin-priv] Custom RAM Policies With Full Administrative Privileges (@dhiyaneshdk) [high]
  • [max-password-retry-disabled] Maximum Password Retry Constraint Policy - Disabled (@dhiyaneshdk) [medium]
  • [mfa-console-password-disabled] MFA For RAM Users With Console Password - Disabled (@dhiyaneshdk) [medium]
  • [password-policy-expiration-unconfigured] RAM Password Policy Expiration - Unconfigured (@dhiyaneshdk) [medium]
  • [password-policy-length-unconfigured] RAM Password Policy requires Minimum Length 14 or Greater (@dhiyaneshdk) [medium]
  • [password-policy-lowercase-unconfigured] RAM Password Policy requires atleast One Lowercase - Unconfigured (@dhiyaneshdk) [medium]
  • [password-policy-num-unconfigured] RAM Password Policy requires atleast One Number - Unconfigured (@dhiyaneshdk) [medium]
  • [password-policy-reuse-enabled] RAM Password Policy Reuse - Enabled (@dhiyaneshdk) [medium]
  • [password-policy-symbol-unconfigured] RAM Password Policy requires atleast One Symbol - Unconfigured (@dhiyaneshdk) [medium]
  • [password-policy-uppercase-unconfigured] RAM Password Policy requires atleast One Uppercase - Unconfigured (@dhiyaneshdk) [medium]
  • [encryption-intransit-disabled] RDS Encryption in Transit - Disabled (@dhiyaneshdk) [high]
  • [log-connections-disabled] PostgreSQL "log_connections" Parameter - Disabled (@dhiyaneshdk) [medium]
  • [log-disconnections-disabled] PostgreSQL "log_disconnections" Parameter - Disabled (@dhiyaneshdk) [medium]
  • [log-duration-disabled] PostgreSQL "log_duration" Parameter - Disabled (@dhiyaneshdk) [medium]
  • [mssql-audit-disabled] Microsoft SQLServer Database Instances - SQL Auditing Disabled (@dhiyaneshdk) [high]
  • [mysql-audit-disabled] MySQL Database Instances - SQL Auditing Disabled (@dhiyaneshdk) [high]
  • [postgresql-audit-disabled] PostgreSQL Database Instances - SQL Auditing Disabled (@dhiyaneshdk) [high]
  • [rds-audit-disabled] RDS Database Instances - SQL Auditing Disabled (@dhiyaneshdk) [high]
  • [transparent-encryption-disabled] Transparent Data Encryption - Disabled (@dhiyaneshdk) [medium]
  • [scheduled-vulnscan-disabled] Scheduled Vulnerability Scan - Disabled (@dhiyaneshdk) [medium]
  • [security-notificati...
Read more

Contributors

geeknik, stealthcopter, and 29 other contributors
Assets 3
Loading

Windows Security Hardening and Auditing - Nuclei Templates v10.1.0 🎉

04 Dec 15:15
@princechaddha princechaddha
v10.1.0
f2a6d1c
Compare
Choose a tag to compare
Windows Security Hardening and Auditing - Nuclei Templates v10.1.0 🎉

🔥 Release Highlights 🔥

We're excited to announce the latest expansion of the Nuclei Templates with a new set of templates tailored for Windows Security Hardening and Auditing. This update introduces a comprehensive array of security checks specifically designed for Windows environments, covering crucial areas such as password policies, encryption settings, certificate validation, and remote access configurations. These templates are added to detect common misconfigurations, ensure compliance with regulatory standards, and uphold adherence to industry best practices.

The introduction of these Windows-specific templates equips security teams to conduct audits of their Windows configurations, uncovering critical vulnerabilities and misconfigurations that could lead to potential security breaches.

We encourage contributors and reviewers to provide their valuable feedback and suggestions to help further enhance and update these Windows security templates. For more details, please visit our latest blog post.

Other Highlights

What's Changed

New Templates Added: 110 | CVEs Added: 23 | First-time contributions: 5

  • [CVE-2024-51482] ZoneMinder v1.37.* <= 1.37.64 - SQL Injection (@ritikchaddha) [critical] 🔥
  • [CVE-2024-50498] WP Query Console <= 1.0 - Remote Code Execution (@s4e-io) [critical] 🔥
  • [CVE-2024-46938] Sitecore Experience Platform <= 10.4 - Arbitrary File Read (@dhiyaneshdk) [high] 🔥
  • [CVE-2024-43919] YARPP <= 5.30.10 - Missing Authorization (@s4e-io) [critical]
  • [CVE-2024-42640] Angular-Base64-Upload - Remote Code Execution (@s4e-io) [critical] 🔥
  • [CVE-2024-38653] Ivanti Avalanche SmartDeviceServer - XML External Entity (@dhiyaneshdk) [high] 🔥
  • [CVE-2024-10924] Really Simple Security < 9.1.2 - Authentication Bypass (@yaser_s) [critical] 🔥
  • [CVE-2024-9935] PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Arbitrary File Download (@s4e-io) [high]
  • [CVE-2024-9474] PAN-OS Management Web Interface - Command Injection (@watchtowr, @iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
  • [CVE-2024-9186] Automation By Autonami < 3.3.0 - SQL Injection (@s4e-io) [high]
  • [CVE-2024-3848] Mlflow < 2.11.0 - Path Traversal (@gy741) [high]
  • [CVE-2024-1483] Mlflow < 2.9.2 - Path Traversal (@gy741) [high]
  • [CVE-2024-0012] PAN-OS Management Web Interface - Authentication Bypass (@johnk3r, @watchtowr) [critical] 🔥
  • [CVE-2022-48166] Wavlink WL-WN530HG4 M30HG4.V5030.201217 - Information Disclosure (@ritikchaddha) [high]
  • [CVE-2022-48164] Wavlink WL-WN533A8 M33A8.V5030.190716 - Information Disclosure (@ritikchaddha) [high]
  • [CVE-2022-44356] WAVLINK Quantum D4G (WL-WN531G3) - Information Disclosure (@ritikchaddha) [high]
  • [CVE-2022-41800] F5 BIG-IP Appliance Mode - Command Injection (@dwisiswant0) [high] 🔥
  • [CVE-2022-24819] XWiki < 12.10.11, 13.4.4 & 13.9-rc-1 - Information Disclosure (@ritikchaddha) [medium]
  • [CVE-2022-2130] Microweber < 1.2.17 - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2022-0250] Redirection for Contact Form 7 < 2.5.0 - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2021-34630] GTranslate < 2.8.65 - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2020-24881] OsTicket < 1.14.3 - Server Side Request Forgery (@hnd3884) [critical]
  • [CVE-2016-8735] Apache Tomcat - Remote Code Execution via JMX Ports (@hnd3884) [critical] 🔥
  • [k8s-missing-network-policies] Check for Missing Network Policies in Kubernetes (@princechaddha) [medium]
  • [allow-unencrypted-ftp] Allow Unencrypted FTP (@princechaddha) [high]
  • [allow-untrusted-certificates] System Allows Untrusted Certificates (@princechaddha) [medium]
  • [anonymous-sam-enumeration-enabled] Anonymous Enumeration of SAM Accounts Enabled (@princechaddha) [high]
  • [anonymous-sid-enumeration-enabled] Anonymous SID Enumeration Enabled (@princechaddha) [medium]
  • [audit-logging-disabled] Audit Logging Disabled (@princechaddha) [high]
  • [audit-logs-not-archived] Audit Logs Not Archived When Full (@princechaddha) [high]
  • [auto-logon-enabled] AutoLogon Enabled (@princechaddha) [medium]
  • [automatic-windows-updates-disabled] Automatic Windows Updates Disabled (@princechaddha) [medium]
  • [autoplay-removable-media-enabled] AutoPlay Enabled for Removable Media (@princechaddha) [medium]
  • [autorun-scripts-startup-folder] Autorun Scripts in Startup Folder (@princechaddha) [medium]
  • [credential-guard-disabled] Credential Guard Not Enabled (@princechaddha) [high]
  • [device-guard-not-configured] Device Guard Not Configured (@princechaddha) [high]
  • [display-last-username-enabled] Do Not Display Last User Name Disabled (@princechaddha) [medium]
  • [download-unsigned-activex-allowed] Download of Unsigned ActiveX Controls Allowed (@princechaddha) [high]
  • [ftp-service-running] FTP Service Running (@princechaddha) [high]
  • [guest-account-enabled] Guest Account Enabled (@princechaddha) [high]
  • [hyperv-enhanced-session-mode-enabled] Hyper-V Enhanced Session Mode Enabled (@princechaddha) [medium]
  • [insecure-cipher-suites-enabled] Insecure Cipher Suites Enabled (@princechaddha) [high]
  • [llmnr-disabled] LLMNR Disabled (@princechaddha) [medium]
  • [lm-hash-storage-enabled] LM Hash Storage Enabled (@princechaddha) [high]
  • [lm-ntlmv1-authentication-enabled] LM and NTLMv1 Authentication Enabled (@princechaddha) [high]
  • [max-password-age-too-high] Maximum Password Age Set Too High or Unlimited (@princechaddha) [medium]
  • [minimum-password-age-zero] Minimum Password Age Set to Zero (@princechaddha) [medium]
  • [netbios-disabled] NetBIOS Disabled (@princechaddha) [medium]
  • [network-discovery-public-disabled] Network Discovery Disabled on Public Networks (@princechaddha) [medium]
  • [null-session-allowed] Null Session Allowed (@princechaddha) [high]
  • [password-complexity-disabled] Password Complexity Requirements Disabled (@princechaddha) [high]
  • [password-history-size-low] Password History Size Too Low (@princechaddha) [medium]
  • [password-reset-lock-screen-enabled] Password Reset from Lock Screen Enabled (@princechaddha) [medium]
  • [plaintext-passwords-in-memory] Plaintext Passwords Stored in Memory (@princechaddha) [high]
  • [rdp-connections-without-password-allowed] Remote Desktop Connections Allowed Without Password (@princechaddha) [high]
  • [rdp-drive-redirection-allowed] Remote Desktop Users Can Redirect Drives (@princechaddha) [medium]
  • [rdp-nla-disabled] Network Level Authentication for RDP Disabled (@princechaddha) [high]
  • [remote-assistance-enabled] Check Remote Assistance Misconfiguration (@princechaddha) [medium]
  • [remote-desktop-enabled-non-server] Remote Desktop Enabled on Non-Server OS (@princechaddha) [high]
  • [restrict-anonymous-access-disabled] Restrict Anonymous Access Disabled (@princechaddha) [high]
  • [reversible-encryption-passwords-enabled] Store Passwords Using Reversible Encryption Enabled (@princechaddha) [critical]
  • [safe-dll-search-mode-disabled] Safe DLL Search Mode Disabled (@princechaddha) [high]
  • [secure-boot-disabled] Secure Boot Not Enabled (@princechaddha) [high]
  • [shutdown-without-logon-allowed] System Allows Shutdown Without Logging On (@princechaddha) [medium]
  • [smb-allow-unencrypted-passwords] Unencrypted Passwords to SMB Servers Allowed (@princechaddha) [high]
  • [smb-signing-not-required] SMB Signing Not Required (@princechaddha) [high]
  • [smb-v1-enabled] SMB v1 Protocol Enabled (@princechaddha) [critical]
  • [sticky-keys-enabled-login] Sticky Keys Enabled at Login Screen (@princechaddha) [high]
  • [telnet-service-misconfiguration] Check for Misconfigured Telnet Service (@princechaddha) [high]
  • [uac-elevate-without-prompt] UAC Elevate Without Prompting Enabled (@princechaddha) [high]
  • [unencrypted-file-sharing-enabled] Unencrypted File Sharing Enabled (@princechaddha) [medium]
  • [unsigned-kernel-mode-drivers-allowed] Installation of Unsigned Kernel-Mode Drivers Allowed (@princechaddha) [high]
  • [usb-storage-not-restricted] USB Storage Devices Not Restricted (@princechaddha) [medium]
  • [weak-ssl-tls-protocols-enabled] Weak SSL/TLS Protocols Enabled (@princechaddha) [critical]
  • [windows-active-desktop-enabled] Active Desktop Enabled (@princechaddha) [medium]
  • [windows-administrative-shares-enabled] Administrative Shares Enabled (@princechaddha) [high]
  • [windows-administrator-blank-password] Built-in Administrator Account Has Blank Password (@princechaddha) [high]
  • [windows-anonymous-sid-enumeration-allowed] Windows Allows Anonymous SID Enumeration (@princechaddha) [medium]
  • [windows-autorun-enabled] AutoRun Enabled (@princechaddha) [medium]
  • [windows-credential-manager-plaintext-passwords-allowed] Credential Manager Allows Storing of Plain Text Passwords (@princechaddha) [high]
  • [windows-defender-realtime-protection-disabled] Windows Defender Real-Time Protection Disabled (@princechaddha) [high]
  • [windows-dep-disabled] Dat...
Read more

Contributors

ricardomaia, righettod, and 19 other contributors
Assets 3
Loading

v10.0.4

18 Nov 06:26
@princechaddha princechaddha
v10.0.4
e10543a
Compare
Choose a tag to compare
v10.0.4

What's Changed

🔥 Release Highlights 🔥

Bug Fixes

False Negatives

No updates

False Positives

Enhancements

Template Updates

New Templates Added: 74 | CVEs Added: 26 | First-time contributions: 7

  • [CVE-2024-51483] Changedetection.io <= 0.47.4 - Path Traversal (@iamnoooob, @rootxharsh, @pdresearch) [medium]
  • [CVE-2024-50340] Symfony Profiler - Remote Access via Injected Arguments (@dhiyaneshdk) [high] 🔥
  • [CVE-2024-48360] Qualitor <= v8.24 - Server-Side Request Forgery (@s4e-io) [high]
  • [CVE-2024-36117] Reposilite >= 3.3.0, < 3.5.12 - Arbitrary File Read (@iamnoooob, @rootxharsh, @pdresearch) [high]
  • [CVE-2024-35219] OpenAPI Generator <= 7.5.0 - Arbitrary File Read/Delete (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
  • [CVE-2024-10915] D-Link NAS - Command Injection via Group Parameter (@s4e-io) [critical]
  • [CVE-2024-10914] D-Link NAS - Command Injection via Name Parameter (@s4e-io) [critical] 🔥
  • [CVE-2024-10081] CodeChecker <= 6.24.1 - Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical]
  • [CVE-2024-9487] GitHub Enterprise - SAML Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
  • [CVE-2024-8963] Ivanti Cloud Services Appliance - Path Traversal (@johnk3r) [critical] 🔥
  • [CVE-2024-8673] Z-Downloads < 1.11.7 - Cross-Site Scripting (@Splint3r7) [low]
  • [CVE-2024-6420] Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure (@JPG0mez) [high]
  • [CVE-2024-6049] Lawo AG vsm LTC Time Sync (vTimeSync) - Path Traversal (@s4e-io) [high] 🔥
  • [CVE-2024-4841] LoLLMS WebUI - Subfolder Prediction via Path Traversal (@s4e-io) [medium]
  • [CVE-2023-49494] DedeCMS v5.7.111 - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2022-31260] ResourceSpace - Metadata Export (@ritikchaddha) [medium]
  • [CVE-2022-28033] Atom.CMS 2.0 - SQL Injection (@ritikchaddha) [critical]
  • [CVE-2022-0479] Popup Builder Plugin - SQL Injection and Cross-Site Scripting (@ritikchaddha) [critical]
  • [CVE-2021-44260] WAVLINK AC1200 - Information Disclosure (@ritikchaddha) [high]
  • [CVE-2021-24934] Visual CSS Style Editor < 7.5.4 - Cross-Site Scripting (@Splint3r7) [medium]
  • [CVE-2019-1003000] Jenkins Script Security Plugin <=1.49 - Sandbox Bypass (@sttlr) [high]
  • [CVE-2019-0192] Apache Solr - Deserialization of Untrusted Data (@hnd3884) [critical] 🔥
  • [CVE-2018-10383] Lantronix SecureLinx Spider (SLS) 2.2+ - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2017-18590] Timesheet Plugin < 0.1.5 - Cross-Site Scripting (@Spling3r7) [medium]
  • [CVE-2016-10976] Safe Editor Plugin < 1.2 - CSS/JS-injection (@Splint3r7) [medium]
  • [CVE-2014-0160] OpenSSL Heartbleed Vulnerability (@pussycat0x) [high]
  • [stack-notification-disabled] CloudFormation Stack Notification - Disabled (@dhiyaneshdk) [medium]
  • [stack-policy-not-inuse] CloudFormation Stack Policy - Not In Use (@dhiyaneshdk) [medium]
  • [stack-termination-disabled] CloudFormation Termination Protection - Disabled (@dhiyaneshdk) [medium]
  • [cloudfront-compress-object] CloudFront Compress Objects Automatically (@dhiyaneshdk) [low]
  • [cloudfront-custom-certificates] Cloudfront Custom SSL/TLS Certificates - In Use (@dhiyaneshdk) [medium]
  • [cloudfront-geo-restriction] CloudFront Geo Restriction - Not Enabled (@dhiyaneshdk) [info]
  • [cloudfront-insecure-protocol] CloudFront Insecure Origin SSL Protocols (@dhiyaneshdk) [medium]
  • [cloudfront-integrated-waf] CloudFront Integrated With WAF (@dhiyaneshdk) [medium]
  • [cloudfront-logging-disabled] Cloudfront Logging Disabled (@dhiyaneshdk) [medium]
  • [cloudfront-origin-shield] CloudFront Origin Shield - Not Enabled (@dhiyaneshdk) [info]
  • [cloudfront-security-policy] CloudFront Security Policy (@dhiyaneshdk) [medium]
  • [cloudfront-traffic-unencrypted] CloudFront Traffic To Origin Unencrypted (@dhiyaneshdk) [medium]
  • [cloudfront-viewer-policy] CloudFront Viewer Protocol Policy (@dhiyaneshdk) [medium]
  • [secret-manager-not-inuse] Secrets Manager Not In Use (@dhiyaneshdk) [info]
  • [secret-rotation-interval] Secret Rotation Interval (@dhiyaneshdk) [medium]
  • [secrets-rotation-disabled] Secret Rotation Disabled (@dhiyaneshdk) [medium]
  • [aspnet-framework-exceptions] ASP.NET Framework Exceptions (@aayush Dhakal) [info]
  • [nodejs-framework-exceptions] Node.js Framework Exceptions (@aayush Dhakal) [info]
  • [bigant-default-login] BigAnt - Default Password (@ritikchaddha) [critical]
  • [minio-object-default-login] MinIO Console Object Store - Default Login (@johnk3r) [high]
  • [actifio-panel] Actifio Resource Center - Panel (@Splint3r7) [info]
  • [adapt-panel] Adapt Authoring Tool - Panel (@Splint3r7) [info]
  • [aethra-panel] Aethra Telecommunications Login - Panel (@Splint3r7) [info]
  • [akuiteo-panel] Akuiteo Login Panel - Detect (@righettod) [info]
  • [alamos-panel] Alamos GmbH Panel - Detect (@Splint3r7) [info]
  • [alfresco-panel] Alfresco Content App Panel - Detect (@Splint3r7) [info]
  • [alternc-panel] AlternC Desktop Panel - Detect (@Splint3r7) [info]
  • [anmelden-panel] Anmelden | OPNsense Panel - Detect (@Splint3r7) [info]
  • [cyberpanel-panel] Cyberpanel Login Panel - Detect (@mailler) [info]
  • [deepmail-panel] Advanced eMail Solution DEEPMail - Panel (@Splint3r7) [info]
  • [ghe-encrypt-saml] GitHub Enterprise - Encrypted SAML (@rootxharsh, @iamnoooob, @pdresearch) [info]
  • [hyperplanning-panel] HYPERPLANNING Login Panel - Detect (@righettod) [info]
  • [nexpose-panel] Rapid7 Nexpose VM Security Console - Detect (@johnk3r) [info]
  • [panos-management-panel] PAN-OS Management Panel - Detect (@bhutch) [info]
  • [pronote-panel] PRONOTE Login Panel - Detect (@righettod) [info]
  • [quest-panel] Quest Modem Configuration Login - Panel (@Splint3r7) [info]
  • [quivr-panel] Quivr Panel - Detect (@s4e-io) [info]
  • [thruk-panel] Thruk Login Panel - Detect (@ffffffff0x, @righettod) [info]
  • [ip-webcam] IP Webcam Viewer Page - Detect (@gy741) [low]
  • [azure-blob-core-detect] Azure Blob Core Service - Detect (@ProjectDiscoveryAI) [info]
  • [atlantis-dashboard] Atlantis Dashboard - Exposure (@dhiyaneshdk) [medium]
  • [pgwatch2-db-exposure] Pgwatch2 DBs to monitor - Exposure (@dhiyaneshdk) [high]
  • [amazon-ecs-defualt-page] Amazon ECS Sample App Default Page - Detect (@Splint3r7) [info]
  • [hubble-detect] Hubble - Detect (@righettod) [info]
  • [localai-detect] LocalAI - Detect (@s4e-io) [info]
  • [pghero-detect] PgHero - Detect (@righettod) [info]
  • [flexmls-idx-detect] Flexmls IDX - Detect (@rxerium, @sorrowx3) [info]
  • [lottie-backdoor] Lottie Player - Backdoor (@nagli-wiz) [critical]

New Contributors

Full Changelog: v10.0.3...v10.0.4

Contributors

aayush, righettod, and 24 other contributors
Assets 3
Loading

v10.0.3

01 Nov 13:55
@princechaddha princechaddha
v10.0.3
28cf30d
Compare
Choose a tag to compare
v10.0.3

What's Changed

🔥 Release Highlights 🔥

Bug Fixes

  • Resolved issue with time-based SQL injection flow (Issue #11029).
  • Corrected detection for CVE-2016-9299 (Issue #11121).
  • Fixed false positive for appspec-yml-disclosure.yaml template (Issue #11112).
  • Refactored "Django Admin Panel" template (Issue #11044).
  • Improved prototype pollution checks to prevent insecure sanitization bypass (Issue #10589).

False Negatives

False Positives

  • Reduced false positives in weaver-checkserver-sqli template (Issue #11123).

Enhancements

  • Added templates for AWS services: EFS, Inspector2, GuardDuty, Firehose, DMS, EBS, ElastiCache, Route53, and RDS.
  • Introduced time-based tags for improved classification (Issue #11006).

Template Updates

New Templates Added: 116 | CVEs Added: 52 | First-time contributions: 7

Read more

Contributors

gumgum, kim, and 25 other contributors
Assets 3
Loading

v10.0.2

14 Oct 14:33
@princechaddha princechaddha
v10.0.2
56fb702
Compare
Choose a tag to compare
v10.0.2

What's Changed

🔥 Release Highlights 🔥

Bug Fixes

  • Resolved parsing issue in WordPress-WP-Mail-Logging template. (Issue #10908)

False Negatives

  • Improved detection in WordPress detection. (Issue #10463)
  • Enhanced detection in Adminer Panel. (Issue #10797)

False Positives

Enhancements

  • Improved SQL injection template for error-based scenarios. (PR #10996)
  • Updated CVE-2024-9465 for better accuracy. (PR #10986)
  • Enhanced XSS detection in Ninja-Forms. (PR #10974)
  • Updated Fumengyun-SQLi for better detection. (PR #10960)
  • Enhanced management of CVE-2024-7354. (PR #10925)
  • Ensured accurate detection in WordPress update. (PR #10915)
  • Refactored Strapi template for efficiency. (PR #10887)
  • Updated CONTRIBUTING.md to enhance contributions. (PR #10890)

Template Updates

New Templates Added: 68 | CVEs Added: 30 | First-time contributions: 5

New Contributors

Full Changelog: v10.0.1...v10.0.2

Contributors

sujal, righettod, and 23 other contributors
Assets 3
Loading

v10.0.1

30 Sep 15:25
@princechaddha princechaddha
v10.0.1
29edb66
Compare
Choose a tag to compare
v10.0.1

What's Changed

🔥 Release Highlights 🔥

Bug Fixes

  • Resolved unresolved variables found: FQDN (#10349).

False Negatives

  • Improve detection and reduce false negatives for CVE-2024-47176 (Issue #10864).

False Positives

Enhancements

  • Added regex extractor for user-agent of HTTP request to identify vulnerable devices in CVE-2024-47176.yaml (#10864).
  • Updated severity in apple-cups-exposure.yaml (#10857).
  • Severity update for jwk-json-leak.yaml (#10840).
  • Added nacos configuration leak detection (#10825).
  • Refactored the "git-repository-browser" template (#10801).
  • Moved http/cves/CVE-2024-45507.yaml to http/cves/2024/CVE-2024-45507.yaml (#10785).
  • Refactored the "kubelet-metrics" template (#10765).
  • Refactored the "GITEA" template (#10752).
  • Optimized templates due to Nuclei changes and added new templates (Issue #10285).
  • Deleted http/fuzzing/valid-gmail-check.yaml as the Gmail API is no longer active (#10865).

Template Updates

New Templates Added: 86 | CVEs Added: 41 | First-time contributions: 2

Read more

Contributors

ricardomaia, righettod, and 21 other contributors
Assets 3
Loading

Azure Config Review - Nuclei Templates v10.0.0 🎉

12 Sep 06:33
@princechaddha princechaddha
v10.0.0
6a6ee72
Compare
Choose a tag to compare
Azure Config Review - Nuclei Templates v10.0.0 🎉

🔥 Release Highlights 🔥

We're excited to announce the expansion of the Nuclei Templates with a new suite specifically designed for Azure Cloud Configurations. This update introduces a series of specialized security checks tailored for the comprehensive components of Azure services, including VMs, App Services, SQL Databases, and more. These new templates are crafted to pinpoint common misconfigurations, ensure compliance with regulatory standards, and maintain adherence to industry best practices, leveraging advanced features such as flow and code

The introduction of these Azure-specific templates empowers security teams to conduct thorough security audits of their Azure environments, uncovering crucial misconfigurations and vulnerabilities. Moreover, this release offers customizable checks that can be tailored to meet the unique operational demands of different teams, aiding in the prompt detection and remediation of security issues.

We encourage contributors and reviewers to provide their valuable feedback and suggestions to help enhance and evolve these Azure security templates further. For more details, please visit our latest blog post.

Other Highlights

What's Changed

New Templates Added: 253 | CVEs Added: 35 | First-time contributions: 2

Read more

Contributors

gmeghab, kazet, and 22 other contributors
Assets 3
Loading

v9.9.4

02 Sep 10:30
@princechaddha princechaddha
v9.9.4
f4251b0
Compare
Choose a tag to compare
v9.9.4

What's Changed

🔥 Release Highlights 🔥

Bug Fixes

  • Fixed typo in 'shodan-query' key in AirOS Panel detection (#10615).

False Positives

  • Fixed Nacos version detection false positive (#10647).
  • Fixed false positives for mixed active content (#10571).
  • Fixed false positives for weak login detection in XUI (#10533).
  • Fixed false positives in CVE-2023-33584 template (#10459).
  • Fixed false positives for CVE-2018-11784 detection (#10495).
  • Updated SQL injection delay time to reduce false positives in wp-statistics (#10377).
  • Updated SQL injection delay time for CVE-2023-6063 to reduce false positives (#10376).

Enhancements

  • Updated GitHub takeover matchers to match new 404 page (#10553).
  • Improved CVE-2014-6271 detection (#10621).
  • Enhanced detection of HashiCorp Vault login panel (#10599).
  • Added new endpoint detection for phpMyAdmin panel (#10451).

Template Updates

New Templates Added: 59 | CVEs Added: 30 | First-time contributions: 13

New Contributors

Full Changelog: v9.9.3...v9.9.4

Contributors

will, morgan, and 43 other contributors
Assets 3
Loading

v9.9.3

16 Aug 22:04
@princechaddha princechaddha
v9.9.3
911a579
Compare
Choose a tag to compare
v9.9.3

🔥 Release Highlights 🔥

What's Changed

New Templates Added: 56 | CVEs Added: 33 | First-time contributions: 4

New Contributors

Full Changelog: v9.9.2...v9.9.3

Contributors

noel, gelim, and 18 other contributors
Assets 3
Loading

v9.9.2

26 Jul 07:35
@princechaddha princechaddha
v9.9.2
b225a14
Compare
Choose a tag to compare
v9.9.2

🔥 Release Highlights 🔥

What's Changed

Bug Fixes

False Negatives

  • Improved detection in the SVN configuration leak template, reducing underreporting (Issue #10344).
  • Addressed false negatives in the following:
  • Exposed SVN configuration (PR #10362)
  • CVE-2019-7139 template (PR #10339)

False Positives

  • Reduced false positives and improved accuracy in the following templates:
  • IdeMia biometrics default login (Issues #10126, #10277)
  • jan-file-upload (PR #10361)
  • Apache XSS (PR #10342)
  • Beanstalk service (PR #10334, duplicated issue)
  • DS-Store file discovery (PR #10278)
  • GOIP default login (PR #10276)

Enhancements

  • Enhanced detection capabilities in dom-xss.yaml (PR #10360).
  • Improved accuracy in generic-xxe.yaml (PR #10359).

New Templates Added: 67 | CVEs Added: 32 | First-time contributions: 7

New Contributors

Full Changelog: v9.9.1...v9.9.2

Contributors

sumanth, Matsue, and 30 other contributors
Assets 3
Loading