CVE-2024-8073: Command Injection in Hillstone Networks Firewalls, 9.8 rating 🔥
The freshest vulnerability in Hillstone WAFs allows an attacker to perform RCE due to incorrect input validation.
Search at Netlas.io:
👉 Link: https://nt.ls/YZWqU
👉 Dork: http.noscript:"Hillstone Networks"
Vendor's advisory: https://www.hillstonenet.com.cn/security-notification/2024/08/21/mlzrld-2/
The freshest vulnerability in Hillstone WAFs allows an attacker to perform RCE due to incorrect input validation.
Search at Netlas.io:
👉 Link: https://nt.ls/YZWqU
👉 Dork: http.noscript:"Hillstone Networks"
Vendor's advisory: https://www.hillstonenet.com.cn/security-notification/2024/08/21/mlzrld-2/
👍2🔥2👾1
CVE-2024-6386: RCE in WPML WordPress Plugin, 9.9 rating 🔥
Due to the lack of input validation, an attacker can execute code on the affected server.
Search at Netlas.io:
👉 Link: https://nt.ls/caxUk
👉 Dork: http.body:"plugins/wpml"
Read more: https://sec.stealthcopter.com/wpml-rce-via-twig-ssti/
Due to the lack of input validation, an attacker can execute code on the affected server.
Search at Netlas.io:
👉 Link: https://nt.ls/caxUk
👉 Dork: http.body:"plugins/wpml"
Read more: https://sec.stealthcopter.com/wpml-rce-via-twig-ssti/
1🔥6👍3👾3
CVE-2024-43425: RCE in Moodle, PoC is available 🔥🔥🔥
Due to incomplete sanitization in the “calculated questions” feature, attackers can transmit and execute arbitrary code, which can be used to disclose students’ confidential information or disrupt the entire learning process.
Search at Netlas.io:
👉 Link: https://nt.ls/6WaFx
👉 Dork: http.headers.set_cookie:"MoodleSession"
Read more: https://blog.redteam-pentesting.de/2024/moodle-rce/
Due to incomplete sanitization in the “calculated questions” feature, attackers can transmit and execute arbitrary code, which can be used to disclose students’ confidential information or disrupt the entire learning process.
Search at Netlas.io:
👉 Link: https://nt.ls/6WaFx
👉 Dork: http.headers.set_cookie:"MoodleSession"
Read more: https://blog.redteam-pentesting.de/2024/moodle-rce/
🔥4👍3👾3🤓1
Automated search for domain names with a specific TLD 🔥
How often have you researched companies that have their own TLDs? Listing all relevant domains would be very valuable...
The author of today's article noted that there is no single tool that lists all the required domain names. In order to automate these searches and simplify the building of an attack surface, he created the first utility to perform this task - tldfinder.
👉 tldfinder's GitHub: https://github.com/projectdiscovery/tldfinder
👉 Read more about tool: https://cloud.google.com/blog/topics/threat-intelligence/enumerating-private-tlds
In addition, we express our gratitude to N7WEra for finding a place for Netlas in his utility!
How often have you researched companies that have their own TLDs? Listing all relevant domains would be very valuable...
The author of today's article noted that there is no single tool that lists all the required domain names. In order to automate these searches and simplify the building of an attack surface, he created the first utility to perform this task - tldfinder.
👉 tldfinder's GitHub: https://github.com/projectdiscovery/tldfinder
👉 Read more about tool: https://cloud.google.com/blog/topics/threat-intelligence/enumerating-private-tlds
In addition, we express our gratitude to N7WEra for finding a place for Netlas in his utility!
GitHub
GitHub - projectdiscovery/tldfinder: A streamlined tool for discovering private TLDs for security research.
A streamlined tool for discovering private TLDs for security research. - projectdiscovery/tldfinder
❤3👍3🐳2
Using DNS History in Cybersecurity 🔍
DNS records are one of the most valuable sources of information for a researcher. Given the opportunity to observe them in retrospect, they become almost a silver bullet.
Our new article outlines potential use cases, as well as several tools that will allow you to take full advantage of DNS History in your work 🔥
👉 Read now: https://netlas.io/blog/dns_history_in_cybersecurity/
Enjoy reading!
DNS records are one of the most valuable sources of information for a researcher. Given the opportunity to observe them in retrospect, they become almost a silver bullet.
Our new article outlines potential use cases, as well as several tools that will allow you to take full advantage of DNS History in your work 🔥
👉 Read now: https://netlas.io/blog/dns_history_in_cybersecurity/
Enjoy reading!
netlas.io
Using DNS History in Cybersecurity - Netlas Blog
A detailed guide on how to use DNS History in cybersecurity. Use cases, best tools, and best practices.
👾3🔥2👍1👏1
CVE-2024-44000: Unauthenticated Account Takeover in LiteSpeed Cache plugin for WordPress, 9.8 rating 🔥
A vulnerability in the debug log allows attackers to gain access to user sessions, potentially leading to complete control over a website.
Search at Netlas.io:
👉 Link: https://nt.ls/syLAy
👉 Dork: http.body:"plugins/litespeed-cache"
Read more: https://securityonline.info/cve-2024-44000-cvss-9-8-litespeed-cache-flaw-exposes-millions-of-wordpress-sites-to-takeover-attacks/
A vulnerability in the debug log allows attackers to gain access to user sessions, potentially leading to complete control over a website.
Search at Netlas.io:
👉 Link: https://nt.ls/syLAy
👉 Dork: http.body:"plugins/litespeed-cache"
Read more: https://securityonline.info/cve-2024-44000-cvss-9-8-litespeed-cache-flaw-exposes-millions-of-wordpress-sites-to-takeover-attacks/
1👾4🔥3👍1
CVE-2024-37288, -37285: RCE in Kibana, 9.9 rating 🔥🔥🔥
By improperly deserializing YAML, attackers can perform RCE. The attack is quite complex, but Elastic still recommends updating.
Search at Netlas.io:
👉 Link: https://nt.ls/cVF9O
👉 Dork: http.favicon.hash_sha256:30db4185530d8617e9f08858787a24b219ac5102321b48515baf5da7ac43b590
Read more: https://securityonline.info/critical-kibana-flaws-cve-2024-37288-cve-2024-37285-expose-systems-to-arbitrary-code-execution/
By improperly deserializing YAML, attackers can perform RCE. The attack is quite complex, but Elastic still recommends updating.
Search at Netlas.io:
👉 Link: https://nt.ls/cVF9O
👉 Dork: http.favicon.hash_sha256:30db4185530d8617e9f08858787a24b219ac5102321b48515baf5da7ac43b590
Read more: https://securityonline.info/critical-kibana-flaws-cve-2024-37288-cve-2024-37285-expose-systems-to-arbitrary-code-execution/
1👍3👾3🔥2
CVE-2024-29847 and other: Multiple vulns in Ivanti EPM, 4.3 - 10.0 rating 🔥🔥🔥
Numerous vulnerabilities in Ivanti. Includes, but is not limited to, RCE with the highest severity score!
Search at Netlas.io:
👉 Link: https://nt.ls/pHqay
👉 Dork: http.headers.set_cookie:("JSESSIONID" "Path" "/mifs")
Vendor's advisory: https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
Numerous vulnerabilities in Ivanti. Includes, but is not limited to, RCE with the highest severity score!
Search at Netlas.io:
👉 Link: https://nt.ls/pHqay
👉 Dork: http.headers.set_cookie:("JSESSIONID" "Path" "/mifs")
Vendor's advisory: https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
1🔥3👾3
🚧 Planned Update 🚧
The application will be unavailable for a period of time❗️
The update is scheduled to start on September 16, 2024, at 08:00 UTC ⏰. It is expected to take a couple of hours, and we will do our best to complete it as quickly as possible.
Please remember to save your work before this time.
The application will be unavailable for a period of time❗️
The update is scheduled to start on September 16, 2024, at 08:00 UTC ⏰. It is expected to take a couple of hours, and we will do our best to complete it as quickly as possible.
Please remember to save your work before this time.
👾3😭1🙈1💊1
Reminder: The update begins in one hour. Netlas will be temporarily offline. We apologize for any inconvenience caused.
👾2
🔥 Netlas Private Scanner is Here! 🔥
Now you can perform super fast non-intrusive scan of any attack surface or even single IP address, and analyze up-to-date results 🔍
Other improvements:
🤝 Team features (sharing) added to the Discovery and Scanner
🐛 Fixed the Discovery Download bug
🖥 Some minor updates
👉 Read more: https://docs.netlas.io/easm/scanner/
Now you can perform super fast non-intrusive scan of any attack surface or even single IP address, and analyze up-to-date results 🔍
Other improvements:
🤝 Team features (sharing) added to the Discovery and Scanner
🐛 Fixed the Discovery Download bug
🖥 Some minor updates
👉 Read more: https://docs.netlas.io/easm/scanner/
1👾5🔥3❤1
CVE-2024-38816: Path Traversal in Spring Framework, 7.5 rating❗️
An attacker can create a malicious HTTP request and use it to gain access to any file accessible by the Spring application process. However, this is easily blocked using the Spring Firewall, so don't forget to enable it.
Search at Netlas.io:
👉 Link: https://nt.ls/jT0JO
👉 Dork: tag.name:"spring"
Vendor's advisory: https://spring.io/security/cve-2024-38816
An attacker can create a malicious HTTP request and use it to gain access to any file accessible by the Spring application process. However, this is easily blocked using the Spring Firewall, so don't forget to enable it.
Search at Netlas.io:
👉 Link: https://nt.ls/jT0JO
👉 Dork: tag.name:"spring"
Vendor's advisory: https://spring.io/security/cve-2024-38816
🔥3👾3👍1
CVE-2024-38812, -38813: Two vulnerabilities in VMware vCenter, 7.5 - 9.8 rating 🔥
Heap overflow and privilege escalation vulns on unpatched servers allow attackers to easily perform RCE using a specially crafted network packet.
Search at Netlas.io:
👉 Link: https://nt.ls/44tRg
👉 Dork: http.noscript:"ID_VC_Welcome" OR certificate.issuer.domain_component:"vsphere"
Vendor's advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
Heap overflow and privilege escalation vulns on unpatched servers allow attackers to easily perform RCE using a specially crafted network packet.
Search at Netlas.io:
👉 Link: https://nt.ls/44tRg
👉 Dork: http.noscript:"ID_VC_Welcome" OR certificate.issuer.domain_component:"vsphere"
Vendor's advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
🔥4👾3
CVE-2024-46982: Cache Poisoning in Next.js, 8.7 rating❗️
A specially crafted HTTP request can cause the server to cache forbidden data, potentially leading to cache poisoning.
Search at Netlas.io:
👉 Link: https://nt.ls/LCCSh
👉 Dork: http.headers.x_powered_by:"Next.js"
Read advisory: https://github.com/advisories/GHSA-gp8f-8m3g-qvj9
A specially crafted HTTP request can cause the server to cache forbidden data, potentially leading to cache poisoning.
Search at Netlas.io:
👉 Link: https://nt.ls/LCCSh
👉 Dork: http.headers.x_powered_by:"Next.js"
Read advisory: https://github.com/advisories/GHSA-gp8f-8m3g-qvj9
🔥3👾3👍1
CVE-2024-8698: Privelege Escalation in Keycloak, 7.7 rating❗️
Improper SAML signature verification allows an attacker to create a document that is only partially signed. Due to the vulnerability, the entire document will be considered signed, which may lead to privelege escalation.
Search at Netlas.io:
👉 Link: https://nt.ls/LJfRK
👉 Dork: http.favicon.hash_sha256:47dcf1f1a8f1afd68297a294a263849069a7a62b2e86550241416c2cc56c5676
Read more: https://access.redhat.com/security/cve/CVE-2024-8698
Improper SAML signature verification allows an attacker to create a document that is only partially signed. Due to the vulnerability, the entire document will be considered signed, which may lead to privelege escalation.
Search at Netlas.io:
👉 Link: https://nt.ls/LJfRK
👉 Dork: http.favicon.hash_sha256:47dcf1f1a8f1afd68297a294a263849069a7a62b2e86550241416c2cc56c5676
Read more: https://access.redhat.com/security/cve/CVE-2024-8698
👾4👍3🔥1
CVE-2024-47062: SQL Injection and Auth Bypass in Navidrome Music Server, 9.4 rating 🔥
The latest advisory disclosed several vulnerabilities, which in theory allow an attacker to gain access to sensitive data.
Search at Netlas.io:
👉 Link: https://nt.ls/N9Jj8
👉 Dork: http.denoscription:"Navidrome Music Server"
Vendor's advisory: https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6
The latest advisory disclosed several vulnerabilities, which in theory allow an attacker to gain access to sensitive data.
Search at Netlas.io:
👉 Link: https://nt.ls/N9Jj8
👉 Dork: http.denoscription:"Navidrome Music Server"
Vendor's advisory: https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6
👾5🔥4
CVE-2024-42505, -42506, -42507: Multiple vulnerabilities in Aruba, 9.8 rating 🔥
Due to improper neutralization of special elements in commands, Aruba entities may be vulnerable to RCE, potentially creating a risk for enterprise networks.
Search at Netlas.io:
👉 Link: https://nt.ls/m0jnO
👉 Dork: http.favicon.hash_sha256:dfa04944308ed6c96563ff88cdb767ed5177c76c8a386f7a5803b534e9bff753
Vendor's advisory: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us&docLocale=en_US
Due to improper neutralization of special elements in commands, Aruba entities may be vulnerable to RCE, potentially creating a risk for enterprise networks.
Search at Netlas.io:
👉 Link: https://nt.ls/m0jnO
👉 Dork: http.favicon.hash_sha256:dfa04944308ed6c96563ff88cdb767ed5177c76c8a386f7a5803b534e9bff753
Vendor's advisory: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us&docLocale=en_US
🔥5👾2
CVE-2024-8353: RCE in WordPress GiveWP Plugin, 10.0 rating 🔥🔥🔥
Due to Deserialization of Untrusted Data weakness, an attacker can inject malicious PHP code into the system. If you are using GiveWP, update it to last version as soon as possible.
Search at Netlas.io:
👉 Link: https://nt.ls/tpSXM
👉 Dork: http.body:"plugins/give/assets/dist"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/give/givewp-donation-plugin-and-fundraising-platform-3161-unauthenticated-php-object-injection
Due to Deserialization of Untrusted Data weakness, an attacker can inject malicious PHP code into the system. If you are using GiveWP, update it to last version as soon as possible.
Search at Netlas.io:
👉 Link: https://nt.ls/tpSXM
👉 Dork: http.body:"plugins/give/assets/dist"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/give/givewp-donation-plugin-and-fundraising-platform-3161-unauthenticated-php-object-injection
🔥5👾5
CVE-2024-45519: RCE in Zimbra, critical rating 🔥
A bug in the postjournal service allows an attacker to remotely execute commands via email. According to Proofpoint, hackers are already trying to exploit the vulnerability.
Search at Netlas.io:
👉 Link: https://nt.ls/fea6Z
👉 Dork: http.favicon.hash_sha256:1afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637
Vendor's advisory: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
A bug in the postjournal service allows an attacker to remotely execute commands via email. According to Proofpoint, hackers are already trying to exploit the vulnerability.
Search at Netlas.io:
👉 Link: https://nt.ls/fea6Z
👉 Dork: http.favicon.hash_sha256:1afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637
Vendor's advisory: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
🔥6👍4👾3
FSCT-2024-0006 and other: Multiple vulnerabilities in DrayTek Vigor Routers, 7.5 - 10.0 rating 🔥🔥🔥
Researchers from Vedere Labs discovered problems in 24 router models. RCE, DoS, XSS - vulnerabilities for every taste. We recommend that owners of these devices take action as quickly as possible.
Search at Netlas.io:
👉 Link: https://nt.ls/PyUd8
👉 Dork: certificate.issuer.common_name:"Vigor Router"
Read more: https://www.forescout.com/resources/draybreak-draytek-research/
Researchers from Vedere Labs discovered problems in 24 router models. RCE, DoS, XSS - vulnerabilities for every taste. We recommend that owners of these devices take action as quickly as possible.
Search at Netlas.io:
👉 Link: https://nt.ls/PyUd8
👉 Dork: certificate.issuer.common_name:"Vigor Router"
Read more: https://www.forescout.com/resources/draybreak-draytek-research/
🔥6👾2