CVE-2023-36764: Elevation of Privilege in Microsoft SharePoint Server, 8.8 rating 🔥
Attacker could gain administrator privileges by creating an ASP.NET page with specially-crafted declarative markup. Only authorization at the Site Member level is required.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/BBPrT
👉🏻 Dork: http.headers.microsoftsharepointteamservices:*
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36764
Attacker could gain administrator privileges by creating an ASP.NET page with specially-crafted declarative markup. Only authorization at the Site Member level is required.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/BBPrT
👉🏻 Dork: http.headers.microsoftsharepointteamservices:*
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36764
🔥2👾2👍1
After a long break, we are finally posting a new article 🔥
This time we'll not talk about third-party tools, but specifically about Netlas.io. More precisely, about searching for live cameras using our tool 📹
👉 Article: https://netlas.medium.com/how-to-find-online-cameras-with-netlas-io-c68cdf5f327f
Enjoy reading!
This time we'll not talk about third-party tools, but specifically about Netlas.io. More precisely, about searching for live cameras using our tool 📹
👉 Article: https://netlas.medium.com/how-to-find-online-cameras-with-netlas-io-c68cdf5f327f
Enjoy reading!
Medium
How to find online cameras with Netlas.io?
There are millions of live cameras in the world. How to find them with Netlas.io?
👾9👍2❤1🔥1
CVE-2023-38204: Arbitrary code execution in Adobe ColdFusion, 9.8 rating 🔥
Another vulnerability in ColdFusion. This time the reason was the vulnerability of some versions to Deserialization of Untrusted Data.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/adbcf
👉🏻 Dork: tag.name:"adobe_coldfusion"
Vendor's advisory: https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html
Another vulnerability in ColdFusion. This time the reason was the vulnerability of some versions to Deserialization of Untrusted Data.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/adbcf
👉🏻 Dork: tag.name:"adobe_coldfusion"
Vendor's advisory: https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html
👾7👍1
If you use Google Chrome as your main browser, we have great news for you 🔥
Today we officially publish Netlas.io in browser extension format! Now users can explore the site they are on at any time with a couple of clicks. Find out potential vulnerabilities, host data, and much more.
👉🏻 Read more: https://netlas.medium.com/netlas-io-chrome-extension-65a8e3d03bc0?postPublishedType=initial
👉🏻 Extension: https://chrome.google.com/webstore/detail/netlasio/pncoieihjcmpooceknjajojehmhdedii?utm_source=ext_app_menu
Today we officially publish Netlas.io in browser extension format! Now users can explore the site they are on at any time with a couple of clicks. Find out potential vulnerabilities, host data, and much more.
👉🏻 Read more: https://netlas.medium.com/netlas-io-chrome-extension-65a8e3d03bc0?postPublishedType=initial
👉🏻 Extension: https://chrome.google.com/webstore/detail/netlasio/pncoieihjcmpooceknjajojehmhdedii?utm_source=ext_app_menu
Medium
Netlas.io Chrome extension
Extensions for Google Chrome are a very popular way to extend the functionality of the browser. Now Netlas has it too!
👾6❤2
CVE-2023-29183: XSS in Fortinet/FortiProxy, 8.0 rating 🔥
Some versions of Fortigate Fortinet and FortiProxy is vulnerable to an improper neutralization of input during web page generation, which allows an attacker to trigger malicious JavaScript code.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/he40Q
👉🏻 Dork: http.favicon.hash_sha256:d18b3c9feb76c3c1cfdcc51c732f113327e3c33fb3f63b479951f7da6ed1216f
Vendor's advisory: https://www.fortiguard.com/psirt/FG-IR-23-106
Some versions of Fortigate Fortinet and FortiProxy is vulnerable to an improper neutralization of input during web page generation, which allows an attacker to trigger malicious JavaScript code.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/he40Q
👉🏻 Dork: http.favicon.hash_sha256:d18b3c9feb76c3c1cfdcc51c732f113327e3c33fb3f63b479951f7da6ed1216f
Vendor's advisory: https://www.fortiguard.com/psirt/FG-IR-23-106
👾4👍1
We noticed that you were very interested in the article about live cameras. That's why its sequel is coming out 🔥
Today we will touch on searching for cameras using Google Dorks, and will also talk about several special sites on which anyone can post their broadcast.
👉🏻 Article: https://netlas.medium.com/how-to-find-online-cameras-with-google-29582e8372e0
Enjoy reading!
Today we will touch on searching for cameras using Google Dorks, and will also talk about several special sites on which anyone can post their broadcast.
👉🏻 Article: https://netlas.medium.com/how-to-find-online-cameras-with-google-29582e8372e0
Enjoy reading!
Medium
How to find online cameras with Google?
There are millions of live cameras in the world. How to find them with Google?
👾4👍2🙏2
CVE-2023-42793: auth bypass RCE in JetBrains TeamCity, 9.8 rating 🔥
An authentication bypass vulnerability has been detected in TeamCity versions < 2023.05.04, which can lead to remote code execution.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/UM6CB
👉🏻 Dork: http.headers.set_cookie:TCSESSIONID NOT http.body:"2023.05.4"
Vendor's advisory: https://www.jetbrains.com/privacy-security/issues-fixed/
An authentication bypass vulnerability has been detected in TeamCity versions < 2023.05.04, which can lead to remote code execution.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/UM6CB
👉🏻 Dork: http.headers.set_cookie:TCSESSIONID NOT http.body:"2023.05.4"
Vendor's advisory: https://www.jetbrains.com/privacy-security/issues-fixed/
👾3👍1
CVE-2023-29357, -24955: Elevation of Privilege and RCE in Microsoft SharePoint Server, 9.8 rating 🔥
Old CVEs that have become interesting again due to the publication of a PoC from STAR Labs.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/AAVOE
👉🏻 Dork: http.headers.microsoftsharepointteamservices:*
Read about PoC here: https://starlabs.sg/blog/2023/09-sharepoint-pre-auth-rce-chain/
Old CVEs that have become interesting again due to the publication of a PoC from STAR Labs.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/AAVOE
👉🏻 Dork: http.headers.microsoftsharepointteamservices:*
Read about PoC here: https://starlabs.sg/blog/2023/09-sharepoint-pre-auth-rce-chain/
👾5
CVE-2023-42115, -42116, -42117: Multiple vuln in Exim, critical rating 🔥
0-day CVEs in Exim, which allow an attacker to execute remote code on the server with the rights of a process accepting a connection on port 25.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/6KhLO
👉🏻 Dork: smtp.banner:"exim" AND port:25
Read more: https://www.zerodayinitiative.com/advisories/ZDI-23-1469/
0-day CVEs in Exim, which allow an attacker to execute remote code on the server with the rights of a process accepting a connection on port 25.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/6KhLO
👉🏻 Dork: smtp.banner:"exim" AND port:25
Read more: https://www.zerodayinitiative.com/advisories/ZDI-23-1469/
👾4👍2
CVE-2023-22515: Privilege Escalation in Atlassian Confluence Data&Server, 9.0 rating 🔥
0-day vuln, which already exploited in the wild. Successful exploitation could allow for the creation of administrator accounts.
Search at Netlas.io:
👉🏻 Link (tag, more results): https://nt.ls/MwYfk
👉🏻 Link (no tag, less results): https://nt.ls/nysj9
👉🏻 Dork №1: tag.name:"atlassian_confluence"
👉🏻 Dork №2: http.meta:"confluence-base-url"
Vendor's advisory: https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html
0-day vuln, which already exploited in the wild. Successful exploitation could allow for the creation of administrator accounts.
Search at Netlas.io:
👉🏻 Link (tag, more results): https://nt.ls/MwYfk
👉🏻 Link (no tag, less results): https://nt.ls/nysj9
👉🏻 Dork №1: tag.name:"atlassian_confluence"
👉🏻 Dork №2: http.meta:"confluence-base-url"
Vendor's advisory: https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html
👾4👍1👌1
CVE-2023-40289 and other: Multiple vuln in Supermicro BMC, high and critical rating 🔥
Seven vulnerabilities with severity from 8.3 to 9.6: one Command Injection and six auxiliary XSS.
Search at Netlas.io:
👉🏻 Link (tag, more results): https://nt.ls/svQi3
👉🏻 Link (no tag, less results): https://nt.ls/JetkR
👉🏻 Dork: certificate.subject.organization:"Super Micro Computer" AND certificate.subject.common_name:IPMI
Read more: https://binarly.io/posts/Binarly_REsearch_Uncovers_Major_Vulnerabilities_in_Supermicro_BMCs/index.html
Seven vulnerabilities with severity from 8.3 to 9.6: one Command Injection and six auxiliary XSS.
Search at Netlas.io:
👉🏻 Link (tag, more results): https://nt.ls/svQi3
👉🏻 Link (no tag, less results): https://nt.ls/JetkR
👉🏻 Dork: certificate.subject.organization:"Super Micro Computer" AND certificate.subject.common_name:IPMI
Read more: https://binarly.io/posts/Binarly_REsearch_Uncovers_Major_Vulnerabilities_in_Supermicro_BMCs/index.html
👾3🔥2👏1
CVE-2023-36434: Elevation of Privilege in Windows IIS Server, 9.8 rating 🔥
In a network-based attack, an attacker could brute force user account passwords to log in as that user. So, faster get fresh Windows update!
Search at Netlas.io:
👉🏻 Link: https://nt.ls/5rvmi
👉🏻 Dork: http.headers.server:"Microsoft-IIS"
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36434
In a network-based attack, an attacker could brute force user account passwords to log in as that user. So, faster get fresh Windows update!
Search at Netlas.io:
👉🏻 Link: https://nt.ls/5rvmi
👉🏻 Dork: http.headers.server:"Microsoft-IIS"
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36434
👾3🔥2
Meet Netlas Cookbook!
A thousand and one ways to use Netlas in your code
Today we launch Netlas Cookbook, a guide that will help our users to build automations. No matter how deep your programming skills are or what programming language do you preffer. We'll try our best to give you a clear and simple recipe for the automation you need.
Netlas Cookbook includes:
- Search query syntax and examples
- Search tips and tricks
- Use-cases and usage scenarios
- Code examples
- Tools for working with Netlas API
You will find out how to write automations using Python, Bash, NodeJS, Ruby, Go, AI tools. We will talk about using Netlas for bug bounty jobs, penetration testing, OSINT and other tasks.
⭐️ Give us a star if you want to show your appreciation for our work.
👁️ Subscribe to the repo to get notified on updates.
👉🏼 https://github.com/netlas-io/netlas-cookbook
Do you have any automation related questions? Perhaps you've already developed an awsome noscript and want to share it? Write us in the comments.
Many thanks to Cyber Detective for help: https://news.1rj.ru/str/cybdetective
A thousand and one ways to use Netlas in your code
Today we launch Netlas Cookbook, a guide that will help our users to build automations. No matter how deep your programming skills are or what programming language do you preffer. We'll try our best to give you a clear and simple recipe for the automation you need.
Netlas Cookbook includes:
- Search query syntax and examples
- Search tips and tricks
- Use-cases and usage scenarios
- Code examples
- Tools for working with Netlas API
You will find out how to write automations using Python, Bash, NodeJS, Ruby, Go, AI tools. We will talk about using Netlas for bug bounty jobs, penetration testing, OSINT and other tasks.
⭐️ Give us a star if you want to show your appreciation for our work.
👁️ Subscribe to the repo to get notified on updates.
👉🏼 https://github.com/netlas-io/netlas-cookbook
Do you have any automation related questions? Perhaps you've already developed an awsome noscript and want to share it? Write us in the comments.
Many thanks to Cyber Detective for help: https://news.1rj.ru/str/cybdetective
👾7❤3👍3👏1
A small cheat sheet with Netlas queries useful for OSINT investigations.
Try it here: https://nt.ls/shP9f
#cheatsheet #cybersecurity #osint
Try it here: https://nt.ls/shP9f
#cheatsheet #cybersecurity #osint
👍5👾5⚡1👏1🙏1
CVE-2023-20198: Privilege Escalation in Cisco IOS XE Web UI, 10.0 rating 🔥🔥🔥
The vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/7dU0x
👉🏻 Dork: certificate.issuer_dn:"IOS-Self-Signed-Certificate" AND http.body:"webui"
Vendor's advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
The vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/7dU0x
👉🏻 Dork: certificate.issuer_dn:"IOS-Self-Signed-Certificate" AND http.body:"webui"
Vendor's advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
🔥5👾3
Have you ever gotten confused about the fields from the Netlas API response❓
This won't happen anymore, because the new cheat sheet presents the most popular fields! 🔥
👉 Try Netlas.io: https://nt.ls/shP9f
This won't happen anymore, because the new cheat sheet presents the most popular fields! 🔥
👉 Try Netlas.io: https://nt.ls/shP9f
👾5👏2
New article on our Medium! 🔥
This time we will tell you how to activate and use the Netlas.io module integrated into Subfinder by ProjectDiscovery.
👉 Link: https://netlas.medium.com/using-subfinder-with-netlas-io-module-9e7fa4e630dd
This time we will tell you how to activate and use the Netlas.io module integrated into Subfinder by ProjectDiscovery.
👉 Link: https://netlas.medium.com/using-subfinder-with-netlas-io-module-9e7fa4e630dd
Medium
Using Subfinder with Netlas.io module
Instructions for using the Netlas module integrated into Subfinder from ProjectDiscovery
👾5👍4❤1
New article on our blog! 🔥
Today you will learn how to recognize phishing sites and explore Shadow IT using Netlas.
👉🏻 Link: https://netlas.medium.com/how-to-detect-scam-and-shadow-it-domains-with-netlas-io-f72085e6f18b
👉🏻 Also read about phishing in our CookBook: https://nt.ls/cook
Good reading!
Today you will learn how to recognize phishing sites and explore Shadow IT using Netlas.
👉🏻 Link: https://netlas.medium.com/how-to-detect-scam-and-shadow-it-domains-with-netlas-io-f72085e6f18b
👉🏻 Also read about phishing in our CookBook: https://nt.ls/cook
Good reading!
Medium
How to detect scam and shadow IT domains with Netlas.io?
Phishing sites are a serious threat on the Internet. In this article I will tell you how to avoid them using Netlas.
👾4👍1🔥1
We continue to publish small cheat sheets for using Netlas 📄
Have you ever tried to use our search engine for entertainment? 🙃
👉🏻 Try now with example: https://nt.ls/RCpox
Have you ever tried to use our search engine for entertainment? 🙃
👉🏻 Try now with example: https://nt.ls/RCpox
👾6👏2