CVE-2024-38812, -38813: Two vulnerabilities in VMware vCenter, 7.5 - 9.8 rating 🔥
Heap overflow and privilege escalation vulns on unpatched servers allow attackers to easily perform RCE using a specially crafted network packet.
Search at Netlas.io:
👉 Link: https://nt.ls/44tRg
👉 Dork: http.noscript:"ID_VC_Welcome" OR certificate.issuer.domain_component:"vsphere"
Vendor's advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
Heap overflow and privilege escalation vulns on unpatched servers allow attackers to easily perform RCE using a specially crafted network packet.
Search at Netlas.io:
👉 Link: https://nt.ls/44tRg
👉 Dork: http.noscript:"ID_VC_Welcome" OR certificate.issuer.domain_component:"vsphere"
Vendor's advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
🔥4👾3
CVE-2024-46982: Cache Poisoning in Next.js, 8.7 rating❗️
A specially crafted HTTP request can cause the server to cache forbidden data, potentially leading to cache poisoning.
Search at Netlas.io:
👉 Link: https://nt.ls/LCCSh
👉 Dork: http.headers.x_powered_by:"Next.js"
Read advisory: https://github.com/advisories/GHSA-gp8f-8m3g-qvj9
A specially crafted HTTP request can cause the server to cache forbidden data, potentially leading to cache poisoning.
Search at Netlas.io:
👉 Link: https://nt.ls/LCCSh
👉 Dork: http.headers.x_powered_by:"Next.js"
Read advisory: https://github.com/advisories/GHSA-gp8f-8m3g-qvj9
🔥3👾3👍1
CVE-2024-8698: Privelege Escalation in Keycloak, 7.7 rating❗️
Improper SAML signature verification allows an attacker to create a document that is only partially signed. Due to the vulnerability, the entire document will be considered signed, which may lead to privelege escalation.
Search at Netlas.io:
👉 Link: https://nt.ls/LJfRK
👉 Dork: http.favicon.hash_sha256:47dcf1f1a8f1afd68297a294a263849069a7a62b2e86550241416c2cc56c5676
Read more: https://access.redhat.com/security/cve/CVE-2024-8698
Improper SAML signature verification allows an attacker to create a document that is only partially signed. Due to the vulnerability, the entire document will be considered signed, which may lead to privelege escalation.
Search at Netlas.io:
👉 Link: https://nt.ls/LJfRK
👉 Dork: http.favicon.hash_sha256:47dcf1f1a8f1afd68297a294a263849069a7a62b2e86550241416c2cc56c5676
Read more: https://access.redhat.com/security/cve/CVE-2024-8698
👾4👍3🔥1
CVE-2024-47062: SQL Injection and Auth Bypass in Navidrome Music Server, 9.4 rating 🔥
The latest advisory disclosed several vulnerabilities, which in theory allow an attacker to gain access to sensitive data.
Search at Netlas.io:
👉 Link: https://nt.ls/N9Jj8
👉 Dork: http.denoscription:"Navidrome Music Server"
Vendor's advisory: https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6
The latest advisory disclosed several vulnerabilities, which in theory allow an attacker to gain access to sensitive data.
Search at Netlas.io:
👉 Link: https://nt.ls/N9Jj8
👉 Dork: http.denoscription:"Navidrome Music Server"
Vendor's advisory: https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6
👾5🔥4
CVE-2024-42505, -42506, -42507: Multiple vulnerabilities in Aruba, 9.8 rating 🔥
Due to improper neutralization of special elements in commands, Aruba entities may be vulnerable to RCE, potentially creating a risk for enterprise networks.
Search at Netlas.io:
👉 Link: https://nt.ls/m0jnO
👉 Dork: http.favicon.hash_sha256:dfa04944308ed6c96563ff88cdb767ed5177c76c8a386f7a5803b534e9bff753
Vendor's advisory: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us&docLocale=en_US
Due to improper neutralization of special elements in commands, Aruba entities may be vulnerable to RCE, potentially creating a risk for enterprise networks.
Search at Netlas.io:
👉 Link: https://nt.ls/m0jnO
👉 Dork: http.favicon.hash_sha256:dfa04944308ed6c96563ff88cdb767ed5177c76c8a386f7a5803b534e9bff753
Vendor's advisory: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us&docLocale=en_US
🔥5👾2
CVE-2024-8353: RCE in WordPress GiveWP Plugin, 10.0 rating 🔥🔥🔥
Due to Deserialization of Untrusted Data weakness, an attacker can inject malicious PHP code into the system. If you are using GiveWP, update it to last version as soon as possible.
Search at Netlas.io:
👉 Link: https://nt.ls/tpSXM
👉 Dork: http.body:"plugins/give/assets/dist"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/give/givewp-donation-plugin-and-fundraising-platform-3161-unauthenticated-php-object-injection
Due to Deserialization of Untrusted Data weakness, an attacker can inject malicious PHP code into the system. If you are using GiveWP, update it to last version as soon as possible.
Search at Netlas.io:
👉 Link: https://nt.ls/tpSXM
👉 Dork: http.body:"plugins/give/assets/dist"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/give/givewp-donation-plugin-and-fundraising-platform-3161-unauthenticated-php-object-injection
🔥5👾5
CVE-2024-45519: RCE in Zimbra, critical rating 🔥
A bug in the postjournal service allows an attacker to remotely execute commands via email. According to Proofpoint, hackers are already trying to exploit the vulnerability.
Search at Netlas.io:
👉 Link: https://nt.ls/fea6Z
👉 Dork: http.favicon.hash_sha256:1afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637
Vendor's advisory: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
A bug in the postjournal service allows an attacker to remotely execute commands via email. According to Proofpoint, hackers are already trying to exploit the vulnerability.
Search at Netlas.io:
👉 Link: https://nt.ls/fea6Z
👉 Dork: http.favicon.hash_sha256:1afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637
Vendor's advisory: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
🔥6👍4👾3
FSCT-2024-0006 and other: Multiple vulnerabilities in DrayTek Vigor Routers, 7.5 - 10.0 rating 🔥🔥🔥
Researchers from Vedere Labs discovered problems in 24 router models. RCE, DoS, XSS - vulnerabilities for every taste. We recommend that owners of these devices take action as quickly as possible.
Search at Netlas.io:
👉 Link: https://nt.ls/PyUd8
👉 Dork: certificate.issuer.common_name:"Vigor Router"
Read more: https://www.forescout.com/resources/draybreak-draytek-research/
Researchers from Vedere Labs discovered problems in 24 router models. RCE, DoS, XSS - vulnerabilities for every taste. We recommend that owners of these devices take action as quickly as possible.
Search at Netlas.io:
👉 Link: https://nt.ls/PyUd8
👉 Dork: certificate.issuer.common_name:"Vigor Router"
Read more: https://www.forescout.com/resources/draybreak-draytek-research/
🔥6👾2
🔥 Improved Interaction with Private Scanner 🔥
Netlas 0.25.1 Update was published. IP/Domain information is now sourced from private scans if they are more relevant than general results. Check out the example in the picture! 👾
👉 Read about other changes: https://docs.netlas.io/changelog/
Netlas 0.25.1 Update was published. IP/Domain information is now sourced from private scans if they are more relevant than general results. Check out the example in the picture! 👾
👉 Read about other changes: https://docs.netlas.io/changelog/
👍4👾4❤2
CVE-2024-31449 and other: Multiple vulnerabilities in Redis, 4.5 - 8.8 rating❗️
Three fresh vulnerabilities allow an attacker to perform RCE due to errors in the Lua noscripting engine or DoS via malformed Access Control List selectors.
Search at Netlas.io:
👉 Link: https://nt.ls/1G7ul
👉 Dork: protocol:redis
Vendor's advisory: https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5
Three fresh vulnerabilities allow an attacker to perform RCE due to errors in the Lua noscripting engine or DoS via malformed Access Control List selectors.
Search at Netlas.io:
👉 Link: https://nt.ls/1G7ul
👉 Dork: protocol:redis
Vendor's advisory: https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5
🔥4👾2👍1
CVE-2024-43363 and other: Multiple vulnerabilities in Cacti, 5.7 - 7.3 rating❗️
Four vulnerabilities in the open-source network monitoring tool Cacti: RCE and three XSS.
Search at Netlas.io:
👉 Link: https://nt.ls/uaQYU
👉 Dork: http.noscript:"Login to Cacti" OR http.headers.set_cookie:"Cacti"
Vendor's advisory: https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4
Four vulnerabilities in the open-source network monitoring tool Cacti: RCE and three XSS.
Search at Netlas.io:
👉 Link: https://nt.ls/uaQYU
👉 Dork: http.noscript:"Login to Cacti" OR http.headers.set_cookie:"Cacti"
Vendor's advisory: https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4
🔥3👾3👍2
CVE-2024-43582: RCE in RDP Servers, 8.1 rating❗️
A use after free vulnerability in some RDP servers could allow an attacker to carry out remote code execution. The patch is already available.
Search at Netlas.io:
👉 Link: https://nt.ls/Jyn4r
👉 Dork: protocol:rdp
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43582
A use after free vulnerability in some RDP servers could allow an attacker to carry out remote code execution. The patch is already available.
Search at Netlas.io:
👉 Link: https://nt.ls/Jyn4r
👉 Dork: protocol:rdp
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43582
🔥7👾3
CVE-2024-9164 and other: Multiple vulnerabilitites in Gitlab, 3.7 - 9.6 rating 🔥
Many vulnerabilities have been fixed in Gitlab again! The most critical one this time allows an attacker to run pipelines on arbitrary branches, while the others include XSS, SSRF attacks, etc.
Search at Netlas.io:
👉 Link: https://nt.ls/gqVLn
👉 Dork: host:gitlab.* OR http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef
Vendor's advisory: https://about.gitlab.com/releases/2024/10/09/patch-release-gitlab-17-4-2-released/
Many vulnerabilities have been fixed in Gitlab again! The most critical one this time allows an attacker to run pipelines on arbitrary branches, while the others include XSS, SSRF attacks, etc.
Search at Netlas.io:
👉 Link: https://nt.ls/gqVLn
👉 Dork: host:gitlab.* OR http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef
Vendor's advisory: https://about.gitlab.com/releases/2024/10/09/patch-release-gitlab-17-4-2-released/
👾4🔥3👍1
CVE-2024-3656: Exposure of Sensitive Information in Keycloak, 8.1 rating 🔥
A vulnerability in Keycloak's REST API could allow an attacker to execute commands and gain access to sensitive information.
Search at Netlas.io:
👉 Link: https://nt.ls/pcxk7
👉 Dork: http.favicon.hash_sha256:47dcf1f1a8f1afd68297a294a263849069a7a62b2e86550241416c2cc56c5676
Read more: https://access.redhat.com/security/cve/CVE-2024-3656
A vulnerability in Keycloak's REST API could allow an attacker to execute commands and gain access to sensitive information.
Search at Netlas.io:
👉 Link: https://nt.ls/pcxk7
👉 Dork: http.favicon.hash_sha256:47dcf1f1a8f1afd68297a294a263849069a7a62b2e86550241416c2cc56c5676
Read more: https://access.redhat.com/security/cve/CVE-2024-3656
👍2🔥2👾2
Google Dorking in Cybersecurity: Examples and Automation 🔥
Discover the most useful dorks, principles for constructing queries, examples, and even a noscript for automating reconnaissance within a given scope. Mastering Google Dorks has never been easier 🔍
👉 Read now: https://netlas.io/blog/google_dorking_in_cybersecurity
Discover the most useful dorks, principles for constructing queries, examples, and even a noscript for automating reconnaissance within a given scope. Mastering Google Dorks has never been easier 🔍
👉 Read now: https://netlas.io/blog/google_dorking_in_cybersecurity
netlas.io
Google Dorking in Cybersecurity - Netlas Blog
Explore Google dorking techniques to boost your OSINT and penetration testing. Learn automation tricks, best practices, and top analogues.
1🔥3👾3❤1👍1
CVE-2024-49193: Email Spoofing in Zendesk 🔥
Knowing the support email and ticket id, an attacker can view the entire history of the ticket, thus gaining access to sensitive data.
Search at Netlas.io:
👉 Link: https://nt.ls/dWuES
👉 Dork: http.unknown_headers.key:"x_zendesk_processed_host_header" OR http.unknown_headers.key:"x_zendesk_origin_server"
Read more: https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52
Knowing the support email and ticket id, an attacker can view the entire history of the ticket, thus gaining access to sensitive data.
Search at Netlas.io:
👉 Link: https://nt.ls/dWuES
👉 Dork: http.unknown_headers.key:"x_zendesk_processed_host_header" OR http.unknown_headers.key:"x_zendesk_origin_server"
Read more: https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52
👾3👍2🔥2🤔1
Critical vulnerability in Jetpack WordPress Plugin 🔥
The vulnerability, fixed in the latest update, allowed registered users to read the forms of other site visitors, theoretically allowing access to sensitive information.
Search at Netlas.io:
👉 Link: https://nt.ls/hJKpB
👉 Dork: http.body:"plugins/jetpack"
Security bulletin: https://jetpack.com/blog/jetpack-13-9-1-critical-security-update/
The vulnerability, fixed in the latest update, allowed registered users to read the forms of other site visitors, theoretically allowing access to sensitive information.
Search at Netlas.io:
👉 Link: https://nt.ls/hJKpB
👉 Dork: http.body:"plugins/jetpack"
Security bulletin: https://jetpack.com/blog/jetpack-13-9-1-critical-security-update/
🔥3👾3
CVE-2024-9634: RCE in GiveWP WordPress Plugin, 9.8 rating 🔥
Another one critical vulnerability in GiveWP. This time, attackers can inject PHP code using one parameter.
Search at Netlas.io:
👉 Link: https://nt.ls/9tUYx
👉 Dork: http.body:"plugins/give/assets/dist"
Read more: https://github.com/advisories/GHSA-6fx6-wrpf-cpgv
Another one critical vulnerability in GiveWP. This time, attackers can inject PHP code using one parameter.
Search at Netlas.io:
👉 Link: https://nt.ls/9tUYx
👉 Dork: http.body:"plugins/give/assets/dist"
Read more: https://github.com/advisories/GHSA-6fx6-wrpf-cpgv
🔥4👾3
CVE-2024-45216: Improper Authentication in Apache Solr, 9.8 rating 🔥
Fake ending in Solr API URLs allows attackers to bypass authentication, which can lead to sensitive data leakage.
Search at Netlas.io:
👉 Link: https://nt.ls/x1SZG
👉 Dork: tag.name:"apache_solr"
Vendor's advisory: https://solr.apache.org/security.html#cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending
Fake ending in Solr API URLs allows attackers to bypass authentication, which can lead to sensitive data leakage.
Search at Netlas.io:
👉 Link: https://nt.ls/x1SZG
👉 Dork: tag.name:"apache_solr"
Vendor's advisory: https://solr.apache.org/security.html#cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending
🔥4👾2
CVE-2024-9264: Execute Arbitrary Code in Grafana, 9.9 rating 🔥🔥🔥
Grafana users at Viewer level and above can perform command injection using a vulnerability in SQL Expressions.
More then 104k instances at Netlas.io:
👉 Link: https://nt.ls/oQJHO
👉 Dork: http.favicon.hash_sha256:80a7f87a79169cf0ac1ed3250d7c509368190a97bc7182cd4705deb8f8c70174 AND http.noscript:"Grafana"
Vendor's advisory: https://grafana.com/blog/2024/10/17/grafana-security-release-critical-severity-fix-for-cve-2024-9264/
Grafana users at Viewer level and above can perform command injection using a vulnerability in SQL Expressions.
More then 104k instances at Netlas.io:
👉 Link: https://nt.ls/oQJHO
👉 Dork: http.favicon.hash_sha256:80a7f87a79169cf0ac1ed3250d7c509368190a97bc7182cd4705deb8f8c70174 AND http.noscript:"Grafana"
Vendor's advisory: https://grafana.com/blog/2024/10/17/grafana-security-release-critical-severity-fix-for-cve-2024-9264/
🔥5👾2👍1