CVE-2023-29357, -24955: Elevation of Privilege and RCE in Microsoft SharePoint Server, 9.8 rating 🔥

Old CVEs that have become interesting again due to the publication of a PoC from STAR Labs.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/AAVOE
👉🏻 Dork: http.headers.microsoftsharepointteamservices:*

Read about PoC here: https://starlabs.sg/blog/2023/09-sharepoint-pre-auth-rce-chain/

CVE-2023-42115, -42116, -42117: Multiple vuln in Exim, critical rating 🔥

0-day CVEs in Exim, which allow an attacker to execute remote code on the server with the rights of a process accepting a connection on port 25.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/6KhLO
👉🏻 Dork: smtp.banner:"exim" AND port:25

Read more: https://www.zerodayinitiative.com/advisories/ZDI-23-1469/

CVE-2023-22515: Privilege Escalation in Atlassian Confluence Data&Server, 9.0 rating 🔥

0-day vuln, which already exploited in the wild. Successful exploitation could allow for the creation of administrator accounts.

Search at Netlas.io:
👉🏻 Link (tag, more results): https://nt.ls/MwYfk
👉🏻 Link (no tag, less results): https://nt.ls/nysj9

👉🏻 Dork №1: tag.name:"atlassian_confluence"
👉🏻 Dork №2: http.meta:"confluence-base-url"

Vendor's advisory: https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html

CVE-2023-40289 and other: Multiple vuln in Supermicro BMC, high and critical rating 🔥

Seven vulnerabilities with severity from 8.3 to 9.6: one Command Injection and six auxiliary XSS.

Search at Netlas.io:
👉🏻 Link (tag, more results): https://nt.ls/svQi3
👉🏻 Link (no tag, less results): https://nt.ls/JetkR

👉🏻 Dork: certificate.subject.organization:"Super Micro Computer" AND certificate.subject.common_name:IPMI

Read more: https://binarly.io/posts/Binarly_REsearch_Uncovers_Major_Vulnerabilities_in_Supermicro_BMCs/index.html

CVE-2023-36434: Elevation of Privilege in Windows IIS Server, 9.8 rating 🔥

In a network-based attack, an attacker could brute force user account passwords to log in as that user. So, faster get fresh Windows update!

Search at Netlas.io:
👉🏻 Link: https://nt.ls/5rvmi
👉🏻 Dork: http.headers.server:"Microsoft-IIS"

Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36434

Meet Netlas Cookbook!
A thousand and one ways to use Netlas in your code

Today we launch Netlas Cookbook, a guide that will help our users to build automations. No matter how deep your programming skills are or what programming language do you preffer. We'll try our best to give you a clear and simple recipe for the automation you need.

Netlas Cookbook includes:
- Search query syntax and examples
- Search tips and tricks
- Use-cases and usage scenarios
- Code examples
- Tools for working with Netlas API

You will find out how to write automations using Python, Bash, NodeJS, Ruby, Go, AI tools. We will talk about using Netlas for bug bounty jobs, penetration testing, OSINT and other tasks.

⭐️ Give us a star if you want to show your appreciation for our work.
👁️ Subscribe to the repo to get notified on updates.

👉🏼 https://github.com/netlas-io/netlas-cookbook

Do you have any automation related questions? Perhaps you've already developed an awsome noscript and want to share it? Write us in the comments.

Many thanks to Cyber Detective for help: https://news.1rj.ru/str/cybdetective

A small cheat sheet with Netlas queries useful for OSINT investigations.

Try it here: https://nt.ls/shP9f

#cheatsheet #cybersecurity #osint

CVE-2023-20198: Privilege Escalation in Cisco IOS XE Web UI, 10.0 rating 🔥🔥🔥

The vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/7dU0x
👉🏻 Dork: certificate.issuer_dn:"IOS-Self-Signed-Certificate" AND http.body:"webui"

Vendor's advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z

Have you ever gotten confused about the fields from the Netlas API response❓

This won't happen anymore, because the new cheat sheet presents the most popular fields! 🔥

👉 Try Netlas.io: https://nt.ls/shP9f

New article on our Medium! 🔥

This time we will tell you how to activate and use the Netlas.io module integrated into Subfinder by ProjectDiscovery.

👉 Link: https://netlas.medium.com/using-subfinder-with-netlas-io-module-9e7fa4e630dd

New cheat sheet 👍

Which of these packages do you mostly use?

New article on our blog! 🔥

Today you will learn how to recognize phishing sites and explore Shadow IT using Netlas.

👉🏻 Link: https://netlas.medium.com/how-to-detect-scam-and-shadow-it-domains-with-netlas-io-f72085e6f18b
👉🏻 Also read about phishing in our CookBook: https://nt.ls/cook

Good reading!

We continue to publish small cheat sheets for using Netlas 📄

Have you ever tried to use our search engine for entertainment? 🙃

👉🏻 Try now with example: https://nt.ls/RCpox

CVE-2023-4967: Sensitive information disclosure in Citrix NetScaler ADC/Gateway, 9.4 rating❗️

The vulnerability emerges from the return value of the snprintf function, which can lead to a buffer over-read if exploited. By this, the session token can be intercepted. Also, PoC is available now.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/5g7Md
👉🏻 Dork: http.noscript:"Netscaler Gateway" OR http.headers.x_powered_by:"Citrix ADC (formerly NetScaler)"

Read about PoC: https://www.bleepingcomputer.com/news/security/citrix-bleed-exploit-lets-hackers-hijack-netscaler-accounts/
Vendor's advisory: https://support.citrix.com/article/CTX579459

CVE-2023-46747: Auth Bypass in F5 BIG-IP, 9.8 rating 🔥

An attacker using undisclosed requests can bypass authentication and gain access to execute arbitrary commands on the victim system.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/OcYHT
👉🏻 Dork: http.headers.server:"BigIP"
You can also use the "f5_bigip" tag to get more results.

Vendor's advisory: https://my.f5.com/manage/s/article/K000137353

New cheatsheet 📄

Today we have prepared for you useful search filters that will greatly facilitate the creation of queries for Netlas.io 🔍

Do you remember that Netlas can be used as an extension for Google Chrome?

Well, from today our plugin is also available for the Mozilla Firefox browser! 🦊

Now it's users can explore the site they are on at any time with a couple of clicks. Find out potential vulnerabilities, host data, and much more.

👉🏻 Read more (updated): https://netlas.medium.com/netlas-io-chrome-extension-65a8e3d03bc0
👉🏻 Add-on: https://addons.mozilla.org/en-GB/firefox/addon/netlas-io/

CVE-2023-22518: Improper Authorization in Atlassian Confluence Data&Server, 9.1 rating 🔥

Not a very fresh vulnerability, but the recently released PoC makes it worthy of attention.

Search at Netlas.io:
👉🏻 Link (tag, more results): https://nt.ls/MwYfk
👉🏻 Link (no tag, less results): https://nt.ls/nysj9

👉🏻 Dork №1: tag.name:"atlassian_confluence"
👉🏻 Dork №2: http.meta:"confluence-base-url"

Vendor's advisory: https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.html
More about PoC: https://github.com/sanjai-AK47/CVE-2023-22518

ZDI-23-1578, 1579, 1580, 1581: 0-day vulnerabilities in Microsoft Exchange, 7.1-7.5 rating ❗️

These vulns require authorization to operate, which greatly reduces their threat, but ZDI researchers still recommend limiting access to Exchange servers.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/t8cJK
👉🏻 Dork: tag.name:"microsoft_exchange"

Read more: https://www.zerodayinitiative.com/advisories/ZDI-23-1578/

CVE-2023-46849, -46850: DoS and use-after-free in OpenVPN Access Server ❗️

If the --fragment parameter is present in the target device's configuration, an attacker can crash the software by dividing by zero and also gain access to sensitive information.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/GpBD3
👉🏻 Dork: http.headers.server:"OpenVPN-AS"

Vendor's advisory: https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/