V9.7.5 – Local Privilege Escalation : Nuclei Release With CVE Updates And New Templates

In our latest release, we have added a significant number of trending CVEs and are excited to announce the addition of new local privilege escalation templates.

These valuable contributions come from our community, with a notable contribution from @daffainfo, and are available at Local Privilege Escalation Templates.

These templates utilize the newly introduced code protocol, enhancing their capability to detect vulnerabilities more effectively.

It’s important to note that these templates are specifically designed for local execution to identify privilege escalation vulnerabilities.

For security reasons, they are not executed as part of the default Nuclei scan. We ensure the security and authenticity of these templates by signing them officially.

To run these templates, users need to provide the -code flag along with -itags local.

These additions are particularly useful for penetration testing and red-teaming focusing on privilege escalation, and we plan to further expand their coverage in future updates.

Following Are The Other Highlights Of This Release:

javascript/cves/2024/CVE-2024-23897.yaml by @iamnoooob,@rootxharsh,@pdresearch ????
http/cves/2024/CVE-2024-0204.yaml by @dhiyaneshdk ????
http/cves/2023/CVE-2023-47211.yaml by @gy741 ????
http/cves/2023/CVE-2023-22527.yaml by @Iamnooob,@rootxharsh,@pdresearch ????
http/cves/2023/CVE-2023-6875.yaml by @iamnoooob,@rootxharsh,@pdresearch ????
http/cves/2019/CVE-2019-16469.yaml by @DomenicoVeneziano ????

What’s Changed

New Templates Added: `106` | CVEs Added: `14` | First-time contributions: `14`

javascript/cves/2024/CVE-2024-23897.yaml by @iamnoooob,@rootxharsh,@pdresearch ????
http/cves/2024/CVE-2024-0204.yaml by @dhiyaneshdk ????
http/cves/2023/CVE-2023-48023.yaml by @cookiehanhoan,@harryha
http/cves/2023/CVE-2023-47643.yaml by @isacaya
http/cves/2023/CVE-2023-47211.yaml by @gy741 ????
http/cves/2023/CVE-2023-44352.yaml by @pwnwithlove
http/cves/2023/CVE-2023-27640.yaml by @mastercho
http/cves/2023/CVE-2023-27639.yaml by @mastercho
http/cves/2023/CVE-2023-22527.yaml by @Iamnooob,@rootxharsh,@pdresearch ????
http/cves/2023/CVE-2023-6977.yaml by @gy741
http/cves/2023/CVE-2023-6875.yaml by @iamnoooob,@rootxharsh,@pdresearch ????
http/cves/2023/CVE-2023-6023.yaml by @M0ck3d,@cookiehanhoan
http/cves/2019/CVE-2019-16469.yaml by @DomenicoVeneziano ????
http/cves/2018/CVE-2018-10942.yaml by @mastercho
http/vulnerabilities/apache/apache-nifi-rce.yaml by @arliya
http/vulnerabilities/juniper/junos-xss.yaml by @dhiyaneshdk
http/vulnerabilities/prestashop/prestashop-blocktestimonial-file-upload.yaml by @mastercho
http/vulnerabilities/vbulletin/vbulletin-backdoor.yaml by @mastercho
code/privilege-escalation/linux/binary/privesc-aa-exec.yaml by @daffainfo
code/privilege-escalation/linux/binary/privesc-ash.yaml by @daffainfo
code/privilege-escalation/linux/binary/privesc-awk.yaml by @daffainfo
code/privilege-escalation/linux/binary/privesc-bash.yaml by @daffainfo

For more information click here

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.