Skip to content

Releases: projectdiscovery/nuclei-templates

v10.0.4

18 Nov 06:26
@princechaddha princechaddha
v10.0.4
e10543a
Compare
Choose a tag to compare
v10.0.4 Latest
Latest

What's Changed

🔥 Release Highlights 🔥

Bug Fixes

False Negatives

No updates

False Positives

Enhancements

Template Updates

New Templates Added: 74 | CVEs Added: 26 | First-time contributions: 7

  • [CVE-2024-51483] Changedetection.io <= 0.47.4 - Path Traversal (@iamnoooob, @rootxharsh, @pdresearch) [medium]
  • [CVE-2024-50340] Symfony Profiler - Remote Access via Injected Arguments (@dhiyaneshdk) [high] 🔥
  • [CVE-2024-48360] Qualitor <= v8.24 - Server-Side Request Forgery (@s4e-io) [high]
  • [CVE-2024-36117] Reposilite >= 3.3.0, < 3.5.12 - Arbitrary File Read (@iamnoooob, @rootxharsh, @pdresearch) [high]
  • [CVE-2024-35219] OpenAPI Generator <= 7.5.0 - Arbitrary File Read/Delete (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
  • [CVE-2024-10915] D-Link NAS - Command Injection via Group Parameter (@s4e-io) [critical]
  • [CVE-2024-10914] D-Link NAS - Command Injection via Name Parameter (@s4e-io) [critical] 🔥
  • [CVE-2024-10081] CodeChecker <= 6.24.1 - Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical]
  • [CVE-2024-9487] GitHub Enterprise - SAML Authentication Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
  • [CVE-2024-8963] Ivanti Cloud Services Appliance - Path Traversal (@johnk3r) [critical] 🔥
  • [CVE-2024-8673] Z-Downloads < 1.11.7 - Cross-Site Scripting (@Splint3r7) [low]
  • [CVE-2024-6420] Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure (@JPG0mez) [high]
  • [CVE-2024-6049] Lawo AG vsm LTC Time Sync (vTimeSync) - Path Traversal (@s4e-io) [high] 🔥
  • [CVE-2024-4841] LoLLMS WebUI - Subfolder Prediction via Path Traversal (@s4e-io) [medium]
  • [CVE-2023-49494] DedeCMS v5.7.111 - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2022-31260] ResourceSpace - Metadata Export (@ritikchaddha) [medium]
  • [CVE-2022-28033] Atom.CMS 2.0 - SQL Injection (@ritikchaddha) [critical]
  • [CVE-2022-0479] Popup Builder Plugin - SQL Injection and Cross-Site Scripting (@ritikchaddha) [critical]
  • [CVE-2021-44260] WAVLINK AC1200 - Information Disclosure (@ritikchaddha) [high]
  • [CVE-2021-24934] Visual CSS Style Editor < 7.5.4 - Cross-Site Scripting (@Splint3r7) [medium]
  • [CVE-2019-1003000] Jenkins Script Security Plugin <=1.49 - Sandbox Bypass (@sttlr) [high]
  • [CVE-2019-0192] Apache Solr - Deserialization of Untrusted Data (@hnd3884) [critical] 🔥
  • [CVE-2018-10383] Lantronix SecureLinx Spider (SLS) 2.2+ - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2017-18590] Timesheet Plugin < 0.1.5 - Cross-Site Scripting (@Spling3r7) [medium]
  • [CVE-2016-10976] Safe Editor Plugin < 1.2 - CSS/JS-injection (@Splint3r7) [medium]
  • [CVE-2014-0160] OpenSSL Heartbleed Vulnerability (@pussycat0x) [high]
  • [stack-notification-disabled] CloudFormation Stack Notification - Disabled (@dhiyaneshdk) [medium]
  • [stack-policy-not-inuse] CloudFormation Stack Policy - Not In Use (@dhiyaneshdk) [medium]
  • [stack-termination-disabled] CloudFormation Termination Protection - Disabled (@dhiyaneshdk) [medium]
  • [cloudfront-compress-object] CloudFront Compress Objects Automatically (@dhiyaneshdk) [low]
  • [cloudfront-custom-certificates] Cloudfront Custom SSL/TLS Certificates - In Use (@dhiyaneshdk) [medium]
  • [cloudfront-geo-restriction] CloudFront Geo Restriction - Not Enabled (@dhiyaneshdk) [info]
  • [cloudfront-insecure-protocol] CloudFront Insecure Origin SSL Protocols (@dhiyaneshdk) [medium]
  • [cloudfront-integrated-waf] CloudFront Integrated With WAF (@dhiyaneshdk) [medium]
  • [cloudfront-logging-disabled] Cloudfront Logging Disabled (@dhiyaneshdk) [medium]
  • [cloudfront-origin-shield] CloudFront Origin Shield - Not Enabled (@dhiyaneshdk) [info]
  • [cloudfront-security-policy] CloudFront Security Policy (@dhiyaneshdk) [medium]
  • [cloudfront-traffic-unencrypted] CloudFront Traffic To Origin Unencrypted (@dhiyaneshdk) [medium]
  • [cloudfront-viewer-policy] CloudFront Viewer Protocol Policy (@dhiyaneshdk) [medium]
  • [secret-manager-not-inuse] Secrets Manager Not In Use (@dhiyaneshdk) [info]
  • [secret-rotation-interval] Secret Rotation Interval (@dhiyaneshdk) [medium]
  • [secrets-rotation-disabled] Secret Rotation Disabled (@dhiyaneshdk) [medium]
  • [aspnet-framework-exceptions] ASP.NET Framework Exceptions (@aayush Dhakal) [info]
  • [nodejs-framework-exceptions] Node.js Framework Exceptions (@aayush Dhakal) [info]
  • [bigant-default-login] BigAnt - Default Password (@ritikchaddha) [critical]
  • [minio-object-default-login] MinIO Console Object Store - Default Login (@johnk3r) [high]
  • [actifio-panel] Actifio Resource Center - Panel (@Splint3r7) [info]
  • [adapt-panel] Adapt Authoring Tool - Panel (@Splint3r7) [info]
  • [aethra-panel] Aethra Telecommunications Login - Panel (@Splint3r7) [info]
  • [akuiteo-panel] Akuiteo Login Panel - Detect (@righettod) [info]
  • [alamos-panel] Alamos GmbH Panel - Detect (@Splint3r7) [info]
  • [alfresco-panel] Alfresco Content App Panel - Detect (@Splint3r7) [info]
  • [alternc-panel] AlternC Desktop Panel - Detect (@Splint3r7) [info]
  • [anmelden-panel] Anmelden | OPNsense Panel - Detect (@Splint3r7) [info]
  • [cyberpanel-panel] Cyberpanel Login Panel - Detect (@mailler) [info]
  • [deepmail-panel] Advanced eMail Solution DEEPMail - Panel (@Splint3r7) [info]
  • [ghe-encrypt-saml] GitHub Enterprise - Encrypted SAML (@rootxharsh, @iamnoooob, @pdresearch) [info]
  • [hyperplanning-panel] HYPERPLANNING Login Panel - Detect (@righettod) [info]
  • [nexpose-panel] Rapid7 Nexpose VM Security Console - Detect (@johnk3r) [info]
  • [panos-management-panel] PAN-OS Management Panel - Detect (@bhutch) [info]
  • [pronote-panel] PRONOTE Login Panel - Detect (@righettod) [info]
  • [quest-panel] Quest Modem Configuration Login - Panel (@Splint3r7) [info]
  • [quivr-panel] Quivr Panel - Detect (@s4e-io) [info]
  • [thruk-panel] Thruk Login Panel - Detect (@ffffffff0x, @righettod) [info]
  • [ip-webcam] IP Webcam Viewer Page - Detect (@gy741) [low]
  • [azure-blob-core-detect] Azure Blob Core Service - Detect (@ProjectDiscoveryAI) [info]
  • [atlantis-dashboard] Atlantis Dashboard - Exposure (@dhiyaneshdk) [medium]
  • [pgwatch2-db-exposure] Pgwatch2 DBs to monitor - Exposure (@dhiyaneshdk) [high]
  • [amazon-ecs-defualt-page] Amazon ECS Sample App Default Page - Detect (@Splint3r7) [info]
  • [hubble-detect] Hubble - Detect (@righettod) [info]
  • [localai-detect] LocalAI - Detect (@s4e-io) [info]
  • [pghero-detect] PgHero - Detect (@righettod) [info]
  • [flexmls-idx-detect] Flexmls IDX - Detect (@rxerium, @sorrowx3) [info]
  • [lottie-backdoor] Lottie Player - Backdoor (@nagli-wiz) [critical]

New Contributors

Full Changelog: v10.0.3...v10.0.4

Contributors

aayush, righettod, and 24 other contributors
Assets 3
Loading

v10.0.3

01 Nov 13:55
@princechaddha princechaddha
v10.0.3
28cf30d
Compare
Choose a tag to compare
v10.0.3

What's Changed

🔥 Release Highlights 🔥

Bug Fixes

  • Resolved issue with time-based SQL injection flow (Issue #11029).
  • Corrected detection for CVE-2016-9299 (Issue #11121).
  • Fixed false positive for appspec-yml-disclosure.yaml template (Issue #11112).
  • Refactored "Django Admin Panel" template (Issue #11044).
  • Improved prototype pollution checks to prevent insecure sanitization bypass (Issue #10589).

False Negatives

False Positives

  • Reduced false positives in weaver-checkserver-sqli template (Issue #11123).

Enhancements

  • Added templates for AWS services: EFS, Inspector2, GuardDuty, Firehose, DMS, EBS, ElastiCache, Route53, and RDS.
  • Introduced time-based tags for improved classification (Issue #11006).

Template Updates

New Templates Added: 116 | CVEs Added: 52 | First-time contributions: 7

Read more

Contributors

gumgum, kim, and 25 other contributors
Assets 3
Loading

v10.0.2

14 Oct 14:33
@princechaddha princechaddha
v10.0.2
56fb702
Compare
Choose a tag to compare
v10.0.2

What's Changed

🔥 Release Highlights 🔥

Bug Fixes

  • Resolved parsing issue in WordPress-WP-Mail-Logging template. (Issue #10908)

False Negatives

  • Improved detection in WordPress detection. (Issue #10463)
  • Enhanced detection in Adminer Panel. (Issue #10797)

False Positives

Enhancements

  • Improved SQL injection template for error-based scenarios. (PR #10996)
  • Updated CVE-2024-9465 for better accuracy. (PR #10986)
  • Enhanced XSS detection in Ninja-Forms. (PR #10974)
  • Updated Fumengyun-SQLi for better detection. (PR #10960)
  • Enhanced management of CVE-2024-7354. (PR #10925)
  • Ensured accurate detection in WordPress update. (PR #10915)
  • Refactored Strapi template for efficiency. (PR #10887)
  • Updated CONTRIBUTING.md to enhance contributions. (PR #10890)

Template Updates

New Templates Added: 68 | CVEs Added: 30 | First-time contributions: 5

New Contributors

Full Changelog: v10.0.1...v10.0.2

Contributors

sujal, righettod, and 23 other contributors
Assets 3
Loading

v10.0.1

30 Sep 15:25
@princechaddha princechaddha
v10.0.1
29edb66
Compare
Choose a tag to compare
v10.0.1

What's Changed

🔥 Release Highlights 🔥

Bug Fixes

  • Resolved unresolved variables found: FQDN (#10349).

False Negatives

  • Improve detection and reduce false negatives for CVE-2024-47176 (Issue #10864).

False Positives

Enhancements

  • Added regex extractor for user-agent of HTTP request to identify vulnerable devices in CVE-2024-47176.yaml (#10864).
  • Updated severity in apple-cups-exposure.yaml (#10857).
  • Severity update for jwk-json-leak.yaml (#10840).
  • Added nacos configuration leak detection (#10825).
  • Refactored the "git-repository-browser" template (#10801).
  • Moved http/cves/CVE-2024-45507.yaml to http/cves/2024/CVE-2024-45507.yaml (#10785).
  • Refactored the "kubelet-metrics" template (#10765).
  • Refactored the "GITEA" template (#10752).
  • Optimized templates due to Nuclei changes and added new templates (Issue #10285).
  • Deleted http/fuzzing/valid-gmail-check.yaml as the Gmail API is no longer active (#10865).

Template Updates

New Templates Added: 86 | CVEs Added: 41 | First-time contributions: 2

Read more

Contributors

ricardomaia, righettod, and 21 other contributors
Assets 3
Loading

Azure Config Review - Nuclei Templates v10.0.0 🎉

12 Sep 06:33
@princechaddha princechaddha
v10.0.0
6a6ee72
Compare
Choose a tag to compare
Azure Config Review - Nuclei Templates v10.0.0 🎉

🔥 Release Highlights 🔥

We're excited to announce the expansion of the Nuclei Templates with a new suite specifically designed for Azure Cloud Configurations. This update introduces a series of specialized security checks tailored for the comprehensive components of Azure services, including VMs, App Services, SQL Databases, and more. These new templates are crafted to pinpoint common misconfigurations, ensure compliance with regulatory standards, and maintain adherence to industry best practices, leveraging advanced features such as flow and code

The introduction of these Azure-specific templates empowers security teams to conduct thorough security audits of their Azure environments, uncovering crucial misconfigurations and vulnerabilities. Moreover, this release offers customizable checks that can be tailored to meet the unique operational demands of different teams, aiding in the prompt detection and remediation of security issues.

We encourage contributors and reviewers to provide their valuable feedback and suggestions to help enhance and evolve these Azure security templates further. For more details, please visit our latest blog post.

Other Highlights

What's Changed

New Templates Added: 253 | CVEs Added: 35 | First-time contributions: 2

Read more

Contributors

gmeghab, kazet, and 22 other contributors
Assets 3
Loading

v9.9.4

02 Sep 10:30
@princechaddha princechaddha
v9.9.4
f4251b0
Compare
Choose a tag to compare
v9.9.4

What's Changed

🔥 Release Highlights 🔥

Bug Fixes

  • Fixed typo in 'shodan-query' key in AirOS Panel detection (#10615).

False Positives

  • Fixed Nacos version detection false positive (#10647).
  • Fixed false positives for mixed active content (#10571).
  • Fixed false positives for weak login detection in XUI (#10533).
  • Fixed false positives in CVE-2023-33584 template (#10459).
  • Fixed false positives for CVE-2018-11784 detection (#10495).
  • Updated SQL injection delay time to reduce false positives in wp-statistics (#10377).
  • Updated SQL injection delay time for CVE-2023-6063 to reduce false positives (#10376).

Enhancements

  • Updated GitHub takeover matchers to match new 404 page (#10553).
  • Improved CVE-2014-6271 detection (#10621).
  • Enhanced detection of HashiCorp Vault login panel (#10599).
  • Added new endpoint detection for phpMyAdmin panel (#10451).

Template Updates

New Templates Added: 59 | CVEs Added: 30 | First-time contributions: 13

New Contributors

Full Changelog: v9.9.3...v9.9.4

Contributors

will, morgan, and 43 other contributors
Assets 3
Loading

v9.9.3

16 Aug 22:04
@princechaddha princechaddha
v9.9.3
911a579
Compare
Choose a tag to compare
v9.9.3

🔥 Release Highlights 🔥

What's Changed

New Templates Added: 56 | CVEs Added: 33 | First-time contributions: 4

New Contributors

Full Changelog: v9.9.2...v9.9.3

Contributors

noel, gelim, and 18 other contributors
Assets 3
Loading

v9.9.2

26 Jul 07:35
@princechaddha princechaddha
v9.9.2
b225a14
Compare
Choose a tag to compare
v9.9.2

🔥 Release Highlights 🔥

What's Changed

Bug Fixes

False Negatives

  • Improved detection in the SVN configuration leak template, reducing underreporting (Issue #10344).
  • Addressed false negatives in the following:
  • Exposed SVN configuration (PR #10362)
  • CVE-2019-7139 template (PR #10339)

False Positives

  • Reduced false positives and improved accuracy in the following templates:
  • IdeMia biometrics default login (Issues #10126, #10277)
  • jan-file-upload (PR #10361)
  • Apache XSS (PR #10342)
  • Beanstalk service (PR #10334, duplicated issue)
  • DS-Store file discovery (PR #10278)
  • GOIP default login (PR #10276)

Enhancements

  • Enhanced detection capabilities in dom-xss.yaml (PR #10360).
  • Improved accuracy in generic-xxe.yaml (PR #10359).

New Templates Added: 67 | CVEs Added: 32 | First-time contributions: 7

New Contributors

Full Changelog: v9.9.1...v9.9.2

Contributors

sumanth, Matsue, and 30 other contributors
Assets 3
Loading

v9.9.1

10 Jul 13:27
@princechaddha princechaddha
v9.9.1
6e1546d
Compare
Choose a tag to compare
v9.9.1

🔥 Release Highlights 🔥

What's Changed

New Templates Added: 75 | CVEs Added: 29 | First-time contributions: 5

  • [CVE-2024-37881] SiteGuard WP Plugin <= 1.7.6 - Login Page Disclosure (@s4e-garage) [medium]
  • [CVE-2024-37152] Argo CD Unauthenticated Access to sensitive setting (@dhiyaneshdk) [medium]
  • [CVE-2024-37032] Ollama - Remote Code Execution (@kaks3c) [critical] 🔥
  • [CVE-2024-36991] Splunk Enterprise - Local File Inclusion (@dhiyaneshdk) [high] 🔥
  • [CVE-2024-36401] GeoServer RCE in Evaluating Property Name Expressions (@dhiyaneshdk) [critical] 🔥
  • [CVE-2024-34102] Adobe Commerce & Magento - CosmicSting (@dhiyaneshdk) [critical] 🔥
  • [CVE-2024-33610] Sharp Multifunction Printers - Cookie Exposure (@gy741) [medium]
  • [CVE-2024-33605] Sharp Multifunction Printers - Directory Listing (@gy741) [high]
  • [CVE-2024-33113] D-LINK DIR-845L bsc_sms_inbox.php file - Information Disclosure (@pussycat0x) [medium] 🔥
  • [CVE-2024-32709] WP-Recall <= 16.26.5 - SQL Injection (@s4e-garage) [critical]
  • [CVE-2024-29972] Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account (@gy741) [critical] 🔥
  • [CVE-2024-27292] Docassemble - Local File Inclusion (@johnk3r) [high]
  • [CVE-2024-25852] Linksys RE7000 - Command Injection (@s4e-garage) [high]
  • [CVE-2024-6188] TrakSYS 11.x.x - Sensitive Data Exposure (@s4e-garage) [medium]
  • [CVE-2024-6028] Quiz Maker <= 6.5.8.3 - SQL Injection (@s4e-garage) [critical] 🔥
  • [CVE-2024-5947] Deep Sea Electronics DSE855 - Authentication Bypass (@s4e-garage) [medium]
  • [CVE-2024-5522] WordPress HTML5 Video Player < 2.5.27 - SQL Injection (@JohnDoeAnonITA) [critical]
  • [CVE-2024-5084] Hash Form <= 1.1.0 - Arbitrary File Upload (@s4e-garage) [critical]
  • [CVE-2024-4836] Edito CMS - Sensitive Data Leak (@s4e-garage) [high]
  • [CVE-2024-4434] LearnPress WordPress LMS Plugin <= 4.2.6.5 - SQL Injection (@s4e-garage) [critical]
  • [CVE-2023-52251] Kafka UI 0.7.1 Command Injection (@yhy0, @iamnoooob) [high] 🔥
  • [CVE-2023-47117] Label Studio - Sensitive Information Exposure (@iamnoooob, @rootxharsh, @pdresearch) [high]
  • [CVE-2023-41599] JFinalCMS v5.0.0 - Directory Traversal (@pussycat0x) [medium]
  • [CVE-2023-35161] XWiki >= 6.2-milestone-1 - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2023-35160] XWiki >= 2.5-milestone-2 - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2023-35159] XWiki >= 3.4-milestone-1 - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2023-35156] XWiki >= 6.0-rc-1 - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2023-3380] WAVLINK WN579X3 - Remote Command Execution (@pussycat0x) [critical]
  • [CVE-2020-10189] ManageEngine Desktop Central Java Deserialization (@king-alexander) [critical] 🔥
  • [CNVD-2023-03903] EduSoho < v22.4.7 - Local File Inclusion (@s4e-garage) [high]
  • [CNVD-2021-64035] Leadsec VPN - Arbitrary File Read (@xiaoWangSec) [high]
  • [spring4shell-CVE-2022-22965] Spring Framework RCE via Data Binding on JDK 9+ (@dhiyaneshdk, @ritikchaddha) [critical] 🔥
  • [csv-injection] CSV Injection Detection (@dhiyaneshdk, @ritikchaddha) [medium]
  • [xinclude-injection] XInclude Injection - Detection (@dhiyaneshdk, @ritikchaddha) [high]
  • [apache-apollo-default-login] Apache Apollo - Default Login (@ritikchaddha) [high]
  • [caprover-default-login] Caprover - Default Login (@ritikchaddha) [high]
  • [dialogic-xms-default-login] Dialogic XMS Admin Console - Default Login (@ritikchaddha) [high]
  • [jeedom-default-login] Jeedom - Default Login (@ritikchaddha) [high]
  • [ruijie-nbr-default-login] Ruijie NBR Series Routers - Default Login (@pussycat0x) [high]
  • [apache-apollo-panel] Apache Apollo Panel - Detect (@ritikchaddha) [info]
  • [dialogic-xms-console] Dialogic XMS Admin Console - Detect (@ritikchaddha) [info]
  • [endpoint-protector-panel] Endpoint Protector Login Panel - Detect (@pussycat0x) [info]
  • [label-studio-panel] Label Studio - Login Panel (@dhiyaneshdk) [info]
  • [sql-server-dump] SQL Server - Dump Files (@userdehghani) [medium]
  • [apache-pinot-config] Apache Pinot - Exposure (@icarot) [medium]
  • [filestash-admin-config] Filestash Admin Password Configuration (@dhiyaneshdk) [high]
  • [neo4j-neodash-config] Neo4j Neodash Config - Exposure (@icarot) [medium]
  • [jwk-json-leak] JSON Web Key File - Exposure (@mohsen Yaghoubi) [low]
  • [coolify-register-account] Coolify Register User Account - Enabled (@dhiyaneshdk) [medium]
  • [forgejo-repo-exposure] Forgejo Repositories - Exposure (@dhiyaneshdk) [medium]
  • [kodbox-installer] Kodbox Installation Page - Exposure (@dhiyaneshdk) [high]
  • [piwigo-installer] Piwigo Installation Page - Exposure (@dhiyaneshdk) [high]
  • [poste-io-installer] Poste.io - Installer (@dhiyaneshdk) [high]
  • [subrion-installer] Subrion CMS Web Installer - Exposure (@ritikchaddha) [high]
  • [label-studio-signup] Label Studio - Sign-up Detect (@dhiyaneshdk) [unknown]
  • [laragon-phpinfo] Laragon - phpinfo Disclosure (@dhiyaneshdk) [low]
  • [seq-dashboard-unauth] Seq Dashboard - Unauthenticated (@dhiyaneshdk) [high]
  • [apache-cloudstack-detect] Apache CloudStack - Detect (@pussycat0x) [info]
  • [apache-pinot-detect] Apache Pinot - Detect (@icarot) [info]
  • [neo4j-neodash-detect] Neo4j Neodash - Detect (@icarot) [info]
  • [wordpress-chaty] Floating Chat Widget' Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty Detection (@ricardomaia) [info]
  • [polyfill-backdoor] Polyfill.io - Detection (@kazet) [low]
  • [hjsoft-hcm-lfi] Hongjing HCM - Local File Inclusion (@s4e-garage) [high]
  • [hjsoft-hcm-sqli] Hongjing HCM - Sql Injection (@s4e-garage) [high]
  • [hjsoft-hcm-tb-sqli] Hongjing HCM - Time-Based Sql Injection (@s4e-garage) [high]
  • [jinhe-oa-c6-upload-lfi] Jinhe OA_C6_UploadFileDownLoadnew - Arbitrary File Read (@pussycat0x) [high]
  • [next-js-cache-poisoning] Next.js Cache Poisoning (@Ice3man543) [high]
  • [azon-dominator-sqli] Azon Dominator - SQL Injection (@s4e-garage) [high]
  • [bagisto-csti] Bagisto 2.1.2 Client-Side Template Injection (@s4e-garage) [medium]
  • [crocus-lfi] Crocus system Service.do - Arbitrary File Read (@pussycat0x) [high]
  • [enjoyrmis-sqli] EnjoyRMIS - SQL Injection (@s4e-garage) [high]
  • [h3c-cnsss-arbitrary-file-upload] H3C CNSSS - Arbitrary File Upload (@s4e-garage) [critical]
  • [pingsheng-electronic-sqli] Pingsheng Electronic Reservoir Supervision Platform - Sql Injection (@s4e-garage) [high]
  • [sharp-printers-lfi] Sharp Multifunction Printers - Local File Inclusion (@gy741) [high]
  • [ldap-metadata] LDAP Metadata - Enumeration (@pussycat0x) [info]

New Contributors

Full Changelog: v9.9.0...v9.9.1

Contributors

mohsen, kazet, and 21 other contributors
Assets 3
Loading

v9.9.0 - Kubernetes Cluster Security 🎉

25 Jun 12:14
@princechaddha princechaddha
v9.9.0
ad29681
Compare
Choose a tag to compare
v9.9.0 - Kubernetes Cluster Security 🎉

🔥 Release Highlights 🔥

We are expanding the Nuclei Templates to include a specialized set of security checks dedicated to Kubernetes environments. This initiative will cover various Kubernetes components such as Pods, Deployments, StatefulSets, Services, and Network Policies. The new templates will focus on common misconfigurations, compliance issues, and adherence to industry best practices, utilizing the enhanced capabilities like flow, code & javascript protocol.

The addition of these Kubernetes-specific templates will enable security teams to perform in-depth security assessments of Kubernetes clusters, identifying critical misconfigurations and vulnerabilities. Additionally, this update will support customizable checks that align with unique operational needs, helping teams efficiently detect and address security gaps in their Kubernetes setups.

We invite contributors and reviewers to offer their insights and suggestions to refine and advance the development of these Kubernetes security templates. You can read more about it in this blog post.

Other Highlights

What's Changed

New Templates Added: 164 | CVEs Added: 41 | First-time contributions: 4

  • [CVE-2024-37393] SecurEnvoy Two Factor Authentication - LDAP Injection (s4e-garage) [critical]
  • [CVE-2024-36837] CRMEB v.5.2.2 - SQL Injection (@dhiyaneshdk) [high]
  • [CVE-2024-36527] Puppeteer Renderer - Directory Traversal (@Stux) [medium]
  • [CVE-2024-36412] SuiteCRM - SQL Injection (s4e-garage) [critical]
  • [CVE-2024-34982] LyLme-Spage - Arbitary File Upload (@dhiyaneshdk) [high]
  • [CVE-2024-32113] Apache OFBiz Directory Traversal - Remote Code Execution (@dhiyaneshdk) [high] 🔥
  • [CVE-2024-31982] XWiki < 4.10.20 - Remote code execution (@ritikchaddha) [critical] 🔥
  • [CVE-2024-31750] F-logic DataCube3 - SQL Injection (@dhiyaneshdk) [high]
  • [CVE-2024-29973] Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - Command Injection (@ritikchaddha) [critical] 🔥
  • [CVE-2024-29895] Cacti cmd_realtime.php - Command Injection (@pussycat0x) [critical] 🔥
  • [CVE-2024-29824] Ivanti EPM - Remote Code Execution (@dhiyaneshdk) [critical] 🔥
  • [CVE-2024-28995] SolarWinds Serv-U - Directory Traversal (@dhiyaneshdk) [high] 🔥
  • [CVE-2024-27718] Smart s200 Management Platform v.S200 - SQL Injection (@dhiyaneshdk) [high]
  • [CVE-2024-24565] CrateDB Database - Arbitrary File Read (@dhiyaneshdk) [medium]
  • [CVE-2024-24112] Exrick XMall - SQL Injection (@dhiyaneshdk) [critical]
  • [CVE-2024-23692] Rejetto HTTP File Server - Template injection (@johnk3r) [critical] 🔥
  • [CVE-2024-21650] XWiki < 4.10.20 - Remote code execution (@ritikchaddha) [critical]
  • [CVE-2024-4443] Business Directory Plugin <= 6.4.2 - SQL Injection (s4e-garage) [critical]
  • [CVE-2024-3922] Dokan Pro <= 3.10.3 - SQL Injection (s4e-garage) [critical]
  • [CVE-2024-3552] Web Directory Free < 1.7.0 - SQL Injection (s4e-garage) [critical]
  • [CVE-2024-3274] D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure (@dhiyaneshdk) [medium]
  • [CVE-2024-2621] Fujian Kelixin Communication - Command Injection (@dhiyaneshdk) [medium]
  • [CVE-2024-1728] Gradio > 4.19.1 UploadButton - Path Traversal (@isacaya) [high]
  • [CVE-2024-0939] Smart S210 Management Platform - Arbitary File Upload (@dhiyaneshdk) [critical]
  • [CVE-2024-0250] Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect (s4e-garage) [medium]
  • [CVE-2023-51449] Gradio Hugging Face - Local File Inclusion (@nvn1729) [high] 🔥
  • [CVE-2023-50720] XWiki < 4.10.15 - Email Disclosure (@ritikchaddha) [medium]
  • [CVE-2023-50719] XWiki < 4.10.15 - Sensitive Information Disclosure (@ritikchaddha) [high] 🔥
  • [CVE-2023-48241] XWiki < 4.10.15 - Information Disclosure (@ritikchaddha) [high]
  • [CVE-2023-46732] XWiki < 14.10.14 - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2023-45136] XWiki < 14.10.14 - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2023-43472] MLFlow < 2.8.1 - Sensitive Information Disclosure (@ritikchaddha) [high] 🔥
  • [CVE-2023-38194] SuperWebMailer - Cross-Site Scripting (@ritikchaddha) [medium]
  • [CVE-2023-37645] EyouCms v1.6.3 - Information Disclosure (@pussycat0x) [medium]
  • [CVE-2023-32068] XWiki - Open Redirect (@ritikchaddha) [medium]
  • [CVE-2023-6786] Payment Gateway for Telcell < 2.0.4 - Open Redirect (s4e-garage) [medium]
  • [CVE-2023-6505] Prime Mover < 1.9.3 - Sensitive Data Exposure (s4e-garage) [high]
  • [CVE-2021-43831] Gradio < 2.5.0 - Arbitrary File Read (@isacaya) [high]
  • [CVE-2021-38147] Wipro Holmes Orchestrator 20.4.1 - Information Disclosure (s4e-garage) [high]
  • [CVE-2021-38146] Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download (s4e-garage) [high]
  • [CVE-2021-4436] 3DPrint Lite < 1.9.1.5 - Arbitrary File Upload (s4e-garage) [critical]
  • [sns-public-subscribe-access] Public Subscription Access of SNS Topics via Policy (@Ritesh_Gohil(#L4stPL4Y3R)) [high]
  • [k8s-cpu-limits-not-set] CPU limits not set in Deployments (@princechaddha) [medium]
  • [k8s-cpu-requests-not-set] CPU Requests not set in Deployments (@princechaddha) [medium]
  • [k8s-default-namespace-used] Default Namespace Usage in Deployments (@princechaddha) [high]
  • [k8s-host-ports-check] Host ports should not be used (@princechaddha) [medium]
  • [k8s-image-pull-policy-always] Image Pull Policy set to Always (@princechaddha) [low]
  • [k8s-image-tag-not-fixed] Image Tag should be fixed - not latest or blank (@princechaddha) [low]
  • [k8s-liveness-probe-not-configured] Liveness Probe Not Configured in Deployments (@princechaddha) [medium]
  • [k8s-memory-limits-not-set] Memory limits not set in Deployments (@princechaddha) [medium]
  • [k8s-memory-requests-not-set] Memory requests not set in Deployments (@princechaddha) [medium]
  • [minimize-added-capabilities] Minimize container added capabilities (@princechaddha) [high]
  • [k8s-privileged-containers] Privileged Containers Found in Deployments (@princechaddha) [critical]
  • [k8s-readiness-probe-not-set] Readiness Probes not set in Deployments (@princechaddha) [medium]
  • [k8s-root-container-admission] Minimize the admission of root containers (@princechaddha) [critical]
  • [k8s-seccomp-profile-set] Set appropriate seccomp profile (@princechaddha) [medium]
  • [kubernetes-code-env] Kubernetes Cluster Validation (@princechaddha) [info]
  • [k8s-netpol-egress-rules] Network policies define egress rules (@princechaddha) [medium]
  • [k8s-netpol-namespace] Network Policies specify namespace (@princechaddha) [medium]
  • [k8s-network-ingress-rules] Define network ingress rules (@princechaddha) [medium]
  • [k8s-allow-privilege-escalation-set] Containers run with allowPrivilegeEscalation enabled (@princechaddha) [critical]
  • [k8s-containers-share-host-ipc] Containers sharing host IPC namespace (@princechaddha) [critical]
  • [k8s-host-network-namespace-shared] Host Network Namespace Sharing (@princechaddha) [high]
  • [k8s-host-pid-namespace-sharing] Host PID Namespace Sharing (@princechaddha) [critical]
  • [k8s-readonly-fs] Enforce Read-Only Filesystem for Containers (@princechaddha) [critical]
  • [k8s-readonly-rootfs] Pods with read-only root filesystem (@princechaddha) [medium]
  • [k8s-root-user-id] Pods run with root user ID (@princechaddha) [low]
  • [audit-log-path-set] Ensure audit-log-path set (@princechaddha) [medium]
  • [k8s-enc-prov-conf] Ensure that encryption providers are configured (@princechaddha) [medium]
  • [k8s-etcd-cafile-set] Ensure etcd-cafile argument set (@princechaddha) [medium]
  • [k8s-etcd-files-set] Ensure etcd cert and key set (@princechaddha) [medium]
  • [k8s-ns-usage-check] Ensure namespaces are utilized (@princechaddha) [info]
  • [k8s-svc-acct-issuer-set] Checks if service-account-issuer is correctly configured (@princechaddha) [medium]
  • [k8s-svc-acct-key] Ensure service-account-key-file set (@princechaddha) [medium]
  • [k8s-svc-acct-lookup-set] Ensure service-account-lookup set (@princechaddha) [medium]
  • [k8s-tls-config-set] Ensure TLS config appropriately set (@princechaddha) [medium]
  • [time-based-sqli] Time-Based Blind SQL Injection (@0xKayala) [critical]
  • [anthem-deeppanda-malware-hash] Anthem DeepPanda Trojan Kakfum Malware Hash - Detect (@pussycat0x) [info]
  • [applejeus-malware-hash] AppleJeus Malware Hash - Detect (@pussycat0x) [info]
  • [avburner-malware-hash] AVBurner Malware Hash - Detect (@pussycat0x) [info]
  • [backwash-malware-hash] Backwash Malware Hash - Detect (@pussycat0x) [info]
  • [blackenergy-driver-amdide-hash] Blackenergy-Driver Amdide Hash - Detect (@pussycat0x) [info]
  • [blackenergy-driver-malware-hash] BlackEnergy Driver USBMDM Malware Hash - Detect (@pussycat0x) [info]
  • [blackenergy-killdisk-malware-hash] BlackEnergy KillDisk Malware Hash - Detect (@pussycat0x) [info]
  • [blackenergy-ssh-malware-hash] BlackEnergy BackdoorPass DropBear SSH Malware Hash - Detect (@pussycat0x) [info]
  • [blackenergy-vbs-malware-hash] BlackEnergy VBS Agent Malware Hash - Detect (@pussycat0x) [info]
  • [bluelight-malware-hash] bluelight Malware ...
Read more

Contributors

charles, nvn1729, and 21 other contributors
Assets 3
Loading