Please open Telegram to view this post
VIEW IN TELEGRAM
Telegram
Discussion
Community Discussion
❤2👍2
⚡ FFUF Web Parser is a web-based tool built using React and Node.js that allows users to upload FFUF JSON files, apply a variety of filters, and export the filtered results to an Excel file. The tool supports filtering based on status codes, response data, lines, length, and URLs (including regex filtering). It also provides the ability to view, manipulate, and extract valuable information from FFUF fuzzing results.
🔗https://github.com/VikzSharma/ffufwebparser
🔗https://github.com/VikzSharma/ffufwebparser
👍6❤2
CVE-2024-37288, -37285: RCE in Kibana, 9.9 rating 🔥🔥🔥
By improperly deserializing YAML, attackers can perform RCE. The attack is quite complex, but Elastic still recommends updating.
Search at Netlas.io:
👉 Link: https://nt.ls/cVF9O
👉 Dork: http.favicon.hash_sha256:30db4185530d8617e9f08858787a24b219ac5102321b48515baf5da7ac43b590
Read more: https://securityonline.info/critical-kibana-flaws-cve-2024-37288-cve-2024-37285-expose-systems-to-arbitrary-code-execution/
By improperly deserializing YAML, attackers can perform RCE. The attack is quite complex, but Elastic still recommends updating.
Search at Netlas.io:
👉 Link: https://nt.ls/cVF9O
👉 Dork: http.favicon.hash_sha256:30db4185530d8617e9f08858787a24b219ac5102321b48515baf5da7ac43b590
Read more: https://securityonline.info/critical-kibana-flaws-cve-2024-37288-cve-2024-37285-expose-systems-to-arbitrary-code-execution/
👍3❤1
CVE-2024-29847 and other: Multiple vulns in Ivanti EPM, 4.3 - 10.0 rating 🔥🔥🔥
Numerous vulnerabilities in Ivanti. Includes, but is not limited to, RCE with the highest severity score!
Search at Netlas.io:
👉 Link: https://nt.ls/pHqay
👉 Dork: http.headers.set_cookie:("JSESSIONID" "Path" "/mifs")
Vendor's advisory: https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
Numerous vulnerabilities in Ivanti. Includes, but is not limited to, RCE with the highest severity score!
Search at Netlas.io:
👉 Link: https://nt.ls/pHqay
👉 Dork: http.headers.set_cookie:("JSESSIONID" "Path" "/mifs")
Vendor's advisory: https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
👍2❤1
Add to your wordlist:
auth/jwt/register
auth-demo/register/classic
auth-demo/register/modern
auth/jwt/register
auth-demo/register/classic
auth-demo/register/modern
🔥3❤1
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥10👍1
Forwarded from Netlas.io
Reminder: The update begins in one hour. Netlas will be temporarily offline. We apologize for any inconvenience caused.
Forwarded from Netlas.io
🔥 Netlas Private Scanner is Here! 🔥
Now you can perform super fast non-intrusive scan of any attack surface or even single IP address, and analyze up-to-date results 🔍
Other improvements:
🤝 Team features (sharing) added to the Discovery and Scanner
🐛 Fixed the Discovery Download bug
🖥 Some minor updates
👉 Read more: https://docs.netlas.io/easm/scanner/
Now you can perform super fast non-intrusive scan of any attack surface or even single IP address, and analyze up-to-date results 🔍
Other improvements:
🤝 Team features (sharing) added to the Discovery and Scanner
🐛 Fixed the Discovery Download bug
🖥 Some minor updates
👉 Read more: https://docs.netlas.io/easm/scanner/
🔥1
CVE-2024-38816: Path Traversal in Spring Framework, 7.5 rating❗️
An attacker can create a malicious HTTP request and use it to gain access to any file accessible by the Spring application process. However, this is easily blocked using the Spring Firewall, so don't forget to enable it.
Search at Netlas.io:
👉 Link: https://nt.ls/jT0JO
👉 Dork: tag.name:"spring"
Vendor's advisory: https://spring.io/security/cve-2024-38816
An attacker can create a malicious HTTP request and use it to gain access to any file accessible by the Spring application process. However, this is easily blocked using the Spring Firewall, so don't forget to enable it.
Search at Netlas.io:
👉 Link: https://nt.ls/jT0JO
👉 Dork: tag.name:"spring"
Vendor's advisory: https://spring.io/security/cve-2024-38816
❤1👍1
🆕CVE-2024-23692:Unauthenticated RCE Flaw in Rejetto HTTP File Server
🔥New PoC:https://github.com/verylazytech/CVE-2024-23692
👇Dork:
HUNTER: web.body="HttpFileServer"&&header.server=="HFS 2.3m"
🔥New PoC:https://github.com/verylazytech/CVE-2024-23692
👇Dork:
HUNTER: web.body="HttpFileServer"&&header.server=="HFS 2.3m"
❤4👍3
CVE-2024-38812, -38813: Two vulnerabilities in VMware vCenter, 7.5 - 9.8 rating 🔥
Heap overflow and privilege escalation vulns on unpatched servers allow attackers to easily perform RCE using a specially crafted network packet.
Search at Netlas.io:
👉 Link: https://nt.ls/44tRg
👉 Dork: http.noscript:"ID_VC_Welcome" OR certificate.issuer.domain_component:"vsphere"
Vendor's advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
Heap overflow and privilege escalation vulns on unpatched servers allow attackers to easily perform RCE using a specially crafted network packet.
Search at Netlas.io:
👉 Link: https://nt.ls/44tRg
👉 Dork: http.noscript:"ID_VC_Welcome" OR certificate.issuer.domain_component:"vsphere"
Vendor's advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
👍2
Looking for Active Discord Moderators. Do DM Me With Your Past Experiences. 👀
Please open Telegram to view this post
VIEW IN TELEGRAM