CVE-2023-39336: SQL injection and RCE in Ivanti EPM, 9.6 rating 🔥
An attacker can use SQL injection without authentication. Additionally, if the core server is configured to use Microsoft SQL Express, this might lead to RCE on the core server.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/fSOY9
👉🏻 Dork: http.headers.set_cookie:("JSESSIONID" "Path" "/mifs")
Vendor's advisory: https://forums.ivanti.com/s/article/SA-2023-12-19-CVE-2023-39336?language=en_US
An attacker can use SQL injection without authentication. Additionally, if the core server is configured to use Microsoft SQL Express, this might lead to RCE on the core server.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/fSOY9
👉🏻 Dork: http.headers.set_cookie:("JSESSIONID" "Path" "/mifs")
Vendor's advisory: https://forums.ivanti.com/s/article/SA-2023-12-19-CVE-2023-39336?language=en_US
🔥6👾4👍2
CVE-2023-7028, -5356, -2030 and other: Multiple vuln in GitLab, 3.5 - 10.0 rating 🔥🔥🔥
Five vulnerabilities whose severity level ranges from Critical to Low. Account takeover, executing commands as another user and more.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/IZZxE
👉🏻 Dork: http.meta:"Gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/
Five vulnerabilities whose severity level ranges from Critical to Low. Account takeover, executing commands as another user and more.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/IZZxE
👉🏻 Dork: http.meta:"Gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/
👾5👍3👀1
CVE-2023-46805, CVE-2024-21887: Auth bypass & command injection in Ivanti Connect Secure, 8.2 & 9.1 rating 🔥
Two 0-days in Ivanti product. Vulns allow to access restricted resources and execute arbitrary commands by sending special requests.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/I0nJC
👉🏻 Dork: http.body:"welcome.cgi?p=logo"
Vendor's advisory: https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
Two 0-days in Ivanti product. Vulns allow to access restricted resources and execute arbitrary commands by sending special requests.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/I0nJC
👉🏻 Dork: http.body:"welcome.cgi?p=logo"
Vendor's advisory: https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
👾5👍3🔥1
Unprotected databases with Netlas.io: Chapter 2 🔥
Since the publication of the previous article, databases have not ceased to be an important target for hackers. This is confirmed by our new publication, during the writing of which already hacked databases were found. Hurry up and check is your data save! 🔍
👉🏻 Read here: https://netlas.medium.com/how-to-find-unprotected-databases-with-netlas-io-chapter-2-ba71b07c9630
Since the publication of the previous article, databases have not ceased to be an important target for hackers. This is confirmed by our new publication, during the writing of which already hacked databases were found. Hurry up and check is your data save! 🔍
👉🏻 Read here: https://netlas.medium.com/how-to-find-unprotected-databases-with-netlas-io-chapter-2-ba71b07c9630
Medium
How to find unprotected databases with Netlas.io: Chapter 2
Continue to study the importance of database security using the examples of Netlas searches. This time you’ll even see hacked databases!
🔥5👾3
CVE-2023-22527: RCE in Atlassian Confluence, 10.0 rating 🔥
A template injection vulnerability allows attackers to perform RCE on vulnerable devices. Thousands of exploitation attempts by hackers have already been recorded❗
Search at Netlas.io:
👉 Link: https://nt.ls/e0S6w
👉 Dork: http.meta:"confluence-base-url"
Vendor's advisory: https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html
A template injection vulnerability allows attackers to perform RCE on vulnerable devices. Thousands of exploitation attempts by hackers have already been recorded❗
Search at Netlas.io:
👉 Link: https://nt.ls/e0S6w
👉 Dork: http.meta:"confluence-base-url"
Vendor's advisory: https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html
🔥4👾4
Our data just got better! 🔥
The Netlas team is pleased to announce that the DNS resolver* have been modified. The error is now less than 0.5% for any DNS record, which gives you much more accurate results.
In addition, improvements made it possible to collect a great number of records - almost 2.5 billion 📈
👉 Check it out in new datasets: https://app.netlas.io/datastore/
*DNS resolver - Netlas module responsible for collecting Domain Name System data.
The Netlas team is pleased to announce that the DNS resolver* have been modified. The error is now less than 0.5% for any DNS record, which gives you much more accurate results.
In addition, improvements made it possible to collect a great number of records - almost 2.5 billion 📈
👉 Check it out in new datasets: https://app.netlas.io/datastore/
*DNS resolver - Netlas module responsible for collecting Domain Name System data.
app.netlas.io
Discover, Research and Monitor any Assets Available Online
Internet intelligence apps that provide accurate technical information on IP addresses, domain names, websites, web applications, IoT devices, and other online assets.
👾4🔥2👍1
CVE-2024-23897: Critical vulnerability in Jenkins 🔥
Jenkins instances versions earlier than 2.441 are susceptible to a vulnerability that allows an attacker to read arbitrary files via the command line.
Search at Netlas.io:
👉 Link: https://nt.ls/z5QU0
👉 Dork: http.headers.x_jenkins:[0 TO 2.441]
Vendor's advisory: https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314
Jenkins instances versions earlier than 2.441 are susceptible to a vulnerability that allows an attacker to read arbitrary files via the command line.
Search at Netlas.io:
👉 Link: https://nt.ls/z5QU0
👉 Dork: http.headers.x_jenkins:[0 TO 2.441]
Vendor's advisory: https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314
👾4❤2🔥2👍1🙏1
CVE-2024-21690 and other: Multiple vuln in Junos OS, 8.8 rating❗️
Four vulnerabilities with ratings 5.3-8.8. XSS and missing authentication, which allow an attacker to execute commands with the rights of any user, including an administrator.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/CpoFo
👉🏻 Dork: http.noscript:"Juniper"
Vendor's advisory: https://supportportal.juniper.net/s/article/2024-01-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-have-been-addressed?language=en_US
Four vulnerabilities with ratings 5.3-8.8. XSS and missing authentication, which allow an attacker to execute commands with the rights of any user, including an administrator.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/CpoFo
👉🏻 Dork: http.noscript:"Juniper"
Vendor's advisory: https://supportportal.juniper.net/s/article/2024-01-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-have-been-addressed?language=en_US
👾5❤2👍2🤝1
CVE-2024-20931: Vulnerability in Oracle WebLogic, 7.5 rating❗️
A simple vulnerability allows an unauthenticated attacker to gain access to data on the server or perform RCE. PoC is now available!
Search at Netlas.io:
👉🏻 Link: https://nt.ls/P0M38
👉🏻 Dork: protocol:t3 OR protocol:t3s
Vendor's advisory: https://www.oracle.com/security-alerts/cpujan2024verbose.html
A simple vulnerability allows an unauthenticated attacker to gain access to data on the server or perform RCE. PoC is now available!
Search at Netlas.io:
👉🏻 Link: https://nt.ls/P0M38
👉🏻 Dork: protocol:t3 OR protocol:t3s
Vendor's advisory: https://www.oracle.com/security-alerts/cpujan2024verbose.html
🔥5👾3🤝2
CVE-2024-22024: XXE in Ivanti Connect Secure, 8.8 rating❗️
The vulnerability allows an unauthenticated attacker to gain access to certain internal resources. According to Ivanti, the problem was found during an internal audit and has not yet been exploited.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/0AKq9
👉🏻 Dork: http.body:"welcome.cgi?p=logo"
Vendor's advisory: https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US
The vulnerability allows an unauthenticated attacker to gain access to certain internal resources. According to Ivanti, the problem was found during an internal audit and has not yet been exploited.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/0AKq9
👉🏻 Dork: http.body:"welcome.cgi?p=logo"
Vendor's advisory: https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US
👍4👾3
Indicator Lifecycle completing with Netlas.io 🔥
We present to you an article from Adam Goss, in which the author reviewed a good use case for Netlas. In it you will learn how to use the ASD Tool in Threat Hunting 🔍
👉🏻 Read here: https://adamgoss.medium.com/netlas-io-a-powerful-suite-of-tools-for-threat-hunting-5aae7b6291a8
Enjoy reading!
We present to you an article from Adam Goss, in which the author reviewed a good use case for Netlas. In it you will learn how to use the ASD Tool in Threat Hunting 🔍
👉🏻 Read here: https://adamgoss.medium.com/netlas-io-a-powerful-suite-of-tools-for-threat-hunting-5aae7b6291a8
Enjoy reading!
Medium
Netlas.io: A Powerful Suite of Tools for Threat Hunting
Discover netlas.io, a powerful suite of tools to enrich your threat hunts, add intel to your investigations, and map the attack surfaces
👾5🔥4❤2
CVE-2023-43770: Old XSS in Roundcube, that is being exploited now❗
A patch for this CVE appeared back in September, however, according to CISA, it is now actively used in attacks, allowing hackers to gain access to restricted information.
Search at Netlas.io:
👉 Link: https://nt.ls/LAQwc
👉 Dork: http.favicon.hash_sha256:20c30fd4340308d6a4ab222acae353fc2460793ac76645bb1ef1d9d61f4f0a9e
Read more: https://www.bleepingcomputer.com/news/security/cisa-roundcube-email-server-bug-now-exploited-in-attacks/
A patch for this CVE appeared back in September, however, according to CISA, it is now actively used in attacks, allowing hackers to gain access to restricted information.
Search at Netlas.io:
👉 Link: https://nt.ls/LAQwc
👉 Dork: http.favicon.hash_sha256:20c30fd4340308d6a4ab222acae353fc2460793ac76645bb1ef1d9d61f4f0a9e
Read more: https://www.bleepingcomputer.com/news/security/cisa-roundcube-email-server-bug-now-exploited-in-attacks/
👾5👍3🔥2❤1
CVE-2024-21410: 0day in MS Exchange, 9.8 rating 🔥
The vulnerability allows unauthenticated attackers to perform privilege escalation in NTLM relay attacks.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/pR4S2
👉🏻 Dork: tag.name:"microsoft_exchange"
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410
The vulnerability allows unauthenticated attackers to perform privilege escalation in NTLM relay attacks.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/pR4S2
👉🏻 Dork: tag.name:"microsoft_exchange"
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410
👾4❤2🔥2👍1
How to find out what hardware is used in a certain plant❓ How to assess the level of security of a certain area's critical infrastructure❓
About this in our new article dedicated to industrial software and devices 🔥
👉🏻 Read here: https://netlas.medium.com/searching-industrial-infrastructure-with-netlas-io-49c08ca519a2
Enjoy reading!
About this in our new article dedicated to industrial software and devices 🔥
👉🏻 Read here: https://netlas.medium.com/searching-industrial-infrastructure-with-netlas-io-49c08ca519a2
Enjoy reading!
Medium
Searching industrial infrastructure with Netlas.io
In this article you will learn how to find industrial devices and software with Netlas’ help.
👾5🔥3❤1👍1
CVE-2024-1708, -1709: Auth Bypass in ConnectWise ScreenConnect, 10.0 rating 🔥🔥🔥
The vulnerability allows an attacker to perform RCE or edit sensitive data. PoC is now available!
Search at Netlas.io:
👉🏻 Link: https://nt.ls/Vbu6L
👉🏻 Dork: http.headers.server:"ScreenConnect"
Vendor's advisory: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
The vulnerability allows an attacker to perform RCE or edit sensitive data. PoC is now available!
Search at Netlas.io:
👉🏻 Link: https://nt.ls/Vbu6L
👉🏻 Dork: http.headers.server:"ScreenConnect"
Vendor's advisory: https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
👾5🔥3❤2🤯1
CVE-2024-21722, 723, 724, 25, 26: Multiple vulns in Joomla❗️
Five vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/dNRpZ
👉🏻 Dork: tag.name:"joomla"
Read more: https://www.bleepingcomputer.com/news/security/joomla-fixes-xss-flaws-that-could-expose-sites-to-rce-attacks/
Five vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites.
Search at Netlas.io:
👉🏻 Link: https://nt.ls/dNRpZ
👉🏻 Dork: tag.name:"joomla"
Read more: https://www.bleepingcomputer.com/news/security/joomla-fixes-xss-flaws-that-could-expose-sites-to-rce-attacks/
🔥6👾4❤2🦄1
Netlas.io
CVE-2024-1708, -1709: Auth Bypass in ConnectWise ScreenConnect, 10.0 rating 🔥🔥🔥 The vulnerability allows an attacker to perform RCE or edit sensitive data. PoC is now available! Search at Netlas.io: 👉🏻 Link: https://nt.ls/Vbu6L 👉🏻 Dork: http.headers.ser…
Data of more than 85 million United Healthcare customers leaked by hackers 🚨
Many pharmaceutical companies in the United States were attacked using the recent vulnerability (CVE-2024-1709) in ScreenConnect, and United Healthcare itself is still restoring its infrastructure 💊
Some servers are still vulnerable: https://nt.ls/Vbu6L
Many pharmaceutical companies in the United States were attacked using the recent vulnerability (CVE-2024-1709) in ScreenConnect, and United Healthcare itself is still restoring its infrastructure 💊
Some servers are still vulnerable: https://nt.ls/Vbu6L
app.netlas.io
Discover, Research and Monitor any Assets Available Online
Internet intelligence apps that provide accurate technical information on IP addresses, domain names, websites, web applications, IoT devices, and other online assets.
👾3❤2🔥2🍌2👍1😢1
We regret to inform you that due to unforeseen network issues, Netlas.io is currently unavailable. Our team is actively working to resolve the issue and restore service as soon as possible. We apologize for any inconvenience caused and appreciate your patience and understanding. Stay tuned for updates. Thank you. 🙏
🙏4🕊3😢2❤1
🚀 We're back online! Everything's running smoothly. Our team's investigating to prevent future incidents like this. Thanks for your patience! 🙌
🔥6👍2👾1
Interface update 💻
To separate the site menu and the application menu, a small visual update was released. In case you lost the ASD Tool after this, we inform you that it is now located on the top panel of the interface. You can see how to find it in the picture.
Good luck with your projects and thank you for using Netlas!
To separate the site menu and the application menu, a small visual update was released. In case you lost the ASD Tool after this, we inform you that it is now located on the top panel of the interface. You can see how to find it in the picture.
Good luck with your projects and thank you for using Netlas!
👾5❤2👍1