CVE-2024-29847 and other: Multiple vulns in Ivanti EPM, 4.3 - 10.0 rating 🔥🔥🔥

Numerous vulnerabilities in Ivanti. Includes, but is not limited to, RCE with the highest severity score!

Search at Netlas.io:
👉 Link: https://nt.ls/pHqay
👉 Dork: http.headers.set_cookie:("JSESSIONID" "Path" "/mifs")

Vendor's advisory: https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US

🚧 Planned Update 🚧
The application will be unavailable for a period of time❗️

The update is scheduled to start on September 16, 2024, at 08:00 UTC ⏰. It is expected to take a couple of hours, and we will do our best to complete it as quickly as possible.

Please remember to save your work before this time.

Reminder: The update begins in one hour. Netlas will be temporarily offline. We apologize for any inconvenience caused.

🔥 Netlas Private Scanner is Here! 🔥

Now you can perform super fast non-intrusive scan of any attack surface or even single IP address, and analyze up-to-date results 🔍

Other improvements:
🤝 Team features (sharing) added to the Discovery and Scanner
🐛 Fixed the Discovery Download bug
🖥 Some minor updates

👉 Read more: https://docs.netlas.io/easm/scanner/

CVE-2024-38816: Path Traversal in Spring Framework, 7.5 rating❗️

An attacker can create a malicious HTTP request and use it to gain access to any file accessible by the Spring application process. However, this is easily blocked using the Spring Firewall, so don't forget to enable it.

Search at Netlas.io:
👉 Link: https://nt.ls/jT0JO
👉 Dork: tag.name:"spring"

Vendor's advisory: https://spring.io/security/cve-2024-38816

CVE-2024-38812, -38813: Two vulnerabilities in VMware vCenter, 7.5 - 9.8 rating 🔥

Heap overflow and privilege escalation vulns on unpatched servers allow attackers to easily perform RCE using a specially crafted network packet.

Search at Netlas.io:
👉 Link: https://nt.ls/44tRg
👉 Dork: http.noscript:"ID_VC_Welcome" OR certificate.issuer.domain_component:"vsphere"

Vendor's advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968

CVE-2024-46982: Cache Poisoning in Next.js, 8.7 rating❗️

A specially crafted HTTP request can cause the server to cache forbidden data, potentially leading to cache poisoning.

Search at Netlas.io:
👉 Link: https://nt.ls/LCCSh
👉 Dork: http.headers.x_powered_by:"Next.js"

Read advisory: https://github.com/advisories/GHSA-gp8f-8m3g-qvj9

CVE-2024-8698: Privelege Escalation in Keycloak, 7.7 rating❗️

Improper SAML signature verification allows an attacker to create a document that is only partially signed. Due to the vulnerability, the entire document will be considered signed, which may lead to privelege escalation.

Search at Netlas.io:
👉 Link: https://nt.ls/LJfRK
👉 Dork: http.favicon.hash_sha256:47dcf1f1a8f1afd68297a294a263849069a7a62b2e86550241416c2cc56c5676

Read more: https://access.redhat.com/security/cve/CVE-2024-8698

CVE-2024-47062: SQL Injection and Auth Bypass in Navidrome Music Server, 9.4 rating 🔥

The latest advisory disclosed several vulnerabilities, which in theory allow an attacker to gain access to sensitive data.

Search at Netlas.io:
👉 Link: https://nt.ls/N9Jj8
👉 Dork: http.denoscription:"Navidrome Music Server"

Vendor's advisory: https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6

CVE-2024-42505, -42506, -42507: Multiple vulnerabilities in Aruba, 9.8 rating 🔥

Due to improper neutralization of special elements in commands, Aruba entities may be vulnerable to RCE, potentially creating a risk for enterprise networks.

Search at Netlas.io:
👉 Link: https://nt.ls/m0jnO
👉 Dork: http.favicon.hash_sha256:dfa04944308ed6c96563ff88cdb767ed5177c76c8a386f7a5803b534e9bff753

Vendor's advisory: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us&docLocale=en_US

CVE-2024-8353: RCE in WordPress GiveWP Plugin, 10.0 rating 🔥🔥🔥

Due to Deserialization of Untrusted Data weakness, an attacker can inject malicious PHP code into the system. If you are using GiveWP, update it to last version as soon as possible.

Search at Netlas.io:
👉 Link: https://nt.ls/tpSXM
👉 Dork: http.body:"plugins/give/assets/dist"

Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/give/givewp-donation-plugin-and-fundraising-platform-3161-unauthenticated-php-object-injection

CVE-2024-45519: RCE in Zimbra, critical rating 🔥

A bug in the postjournal service allows an attacker to remotely execute commands via email. According to Proofpoint, hackers are already trying to exploit the vulnerability.

Search at Netlas.io:
👉 Link: https://nt.ls/fea6Z
👉 Dork: http.favicon.hash_sha256:1afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637

Vendor's advisory: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

FSCT-2024-0006 and other: Multiple vulnerabilities in DrayTek Vigor Routers, 7.5 - 10.0 rating 🔥🔥🔥

Researchers from Vedere Labs discovered problems in 24 router models. RCE, DoS, XSS - vulnerabilities for every taste. We recommend that owners of these devices take action as quickly as possible.

Search at Netlas.io:
👉 Link: https://nt.ls/PyUd8
👉 Dork: certificate.issuer.common_name:"Vigor Router"

Read more: https://www.forescout.com/resources/draybreak-draytek-research/

🔥 Improved Interaction with Private Scanner 🔥

Netlas 0.25.1 Update was published. IP/Domain information is now sourced from private scans if they are more relevant than general results. Check out the example in the picture! 👾

👉 Read about other changes: https://docs.netlas.io/changelog/

CVE-2024-31449 and other: Multiple vulnerabilities in Redis, 4.5 - 8.8 rating❗️

Three fresh vulnerabilities allow an attacker to perform RCE due to errors in the Lua noscripting engine or DoS via malformed Access Control List selectors.

Search at Netlas.io:
👉 Link: https://nt.ls/1G7ul
👉 Dork: protocol:redis

Vendor's advisory: https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5

CVE-2024-43363 and other: Multiple vulnerabilities in Cacti, 5.7 - 7.3 rating❗️

Four vulnerabilities in the open-source network monitoring tool Cacti: RCE and three XSS.

Search at Netlas.io:
👉 Link: https://nt.ls/uaQYU
👉 Dork: http.noscript:"Login to Cacti" OR http.headers.set_cookie:"Cacti"

Vendor's advisory: https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4

CVE-2024-43582: RCE in RDP Servers, 8.1 rating❗️

A use after free vulnerability in some RDP servers could allow an attacker to carry out remote code execution. The patch is already available.

Search at Netlas.io:
👉 Link: https://nt.ls/Jyn4r
👉 Dork: protocol:rdp

Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43582

CVE-2024-9164 and other: Multiple vulnerabilitites in Gitlab, 3.7 - 9.6 rating 🔥

Many vulnerabilities have been fixed in Gitlab again! The most critical one this time allows an attacker to run pipelines on arbitrary branches, while the others include XSS, SSRF attacks, etc.

Search at Netlas.io:
👉 Link: https://nt.ls/gqVLn
👉 Dork: host:gitlab.* OR http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef

Vendor's advisory: https://about.gitlab.com/releases/2024/10/09/patch-release-gitlab-17-4-2-released/

CVE-2024-3656: Exposure of Sensitive Information in Keycloak, 8.1 rating 🔥

A vulnerability in Keycloak's REST API could allow an attacker to execute commands and gain access to sensitive information.

Search at Netlas.io:
👉 Link: https://nt.ls/pcxk7
👉 Dork: http.favicon.hash_sha256:47dcf1f1a8f1afd68297a294a263849069a7a62b2e86550241416c2cc56c5676

Read more: https://access.redhat.com/security/cve/CVE-2024-3656

Google Dorking in Cybersecurity: Examples and Automation 🔥

Discover the most useful dorks, principles for constructing queries, examples, and even a noscript for automating reconnaissance within a given scope. Mastering Google Dorks has never been easier 🔍

👉 Read now: https://netlas.io/blog/google_dorking_in_cybersecurity