✅ Private Scanner Restored
We’re happy to share that the Private Scanner feature is now fully restored and operational.
Thank you for your patience and understanding. All systems are working fine—happy scanning!
We’re happy to share that the Private Scanner feature is now fully restored and operational.
Thank you for your patience and understanding. All systems are working fine—happy scanning!
🔥3👍2
CVE-2024-11205: Missing Authorization in WPForms WordPress Plugin, 8.5 rating❗️
A vulnerability affecting several functions allows attackers to return payments made through the Stripe system.
Search at Netlas.io:
👉 Link: https://nt.ls/tFWxo
👉 Dork: http.body:"plugins/wpforms-lite"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpforms-lite/wpforms-184-1921-missing-authorization-to-authenticated-subscriber-payment-refund-and-subnoscription-cancellation
A vulnerability affecting several functions allows attackers to return payments made through the Stripe system.
Search at Netlas.io:
👉 Link: https://nt.ls/tFWxo
👉 Dork: http.body:"plugins/wpforms-lite"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpforms-lite/wpforms-184-1921-missing-authorization-to-authenticated-subscriber-payment-refund-and-subnoscription-cancellation
👍3👾3🔥2
CVE-2024-49106 and other: Multiple vulnerabilities in Microsoft RDP Services, 8.1 rating❗️
In the latest advisories, Microsoft notifies about nine vulnerabilities in RDP protocol services. These include many RCEs as well as DoS.
Search at Netlas.io:
👉 Link: https://nt.ls/cfRLq
👉 Dork: rdp:*
Vendor's advisory: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-49106
In the latest advisories, Microsoft notifies about nine vulnerabilities in RDP protocol services. These include many RCEs as well as DoS.
Search at Netlas.io:
👉 Link: https://nt.ls/cfRLq
👉 Dork: rdp:*
Vendor's advisory: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-49106
🔥3👾3👍1
CVE-2024-11274, -8233, other: Multiple vulnerabilities in GitLab, 7.5 - 8.7 rating❗
In a new release, GitLab talked about two important vulnerabilities. One of them allows attacker to carry out DoS, the second allows to steal session data and potentially gain unauthorized access to accounts. Several smaller vulnerabilities are also mentioned.
Search at Netlas.io:
👉 Link: https://nt.ls/xM1vs
👉 Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2024/12/11/patch-release-gitlab-17-6-2-released/
In a new release, GitLab talked about two important vulnerabilities. One of them allows attacker to carry out DoS, the second allows to steal session data and potentially gain unauthorized access to accounts. Several smaller vulnerabilities are also mentioned.
Search at Netlas.io:
👉 Link: https://nt.ls/xM1vs
👉 Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2024/12/11/patch-release-gitlab-17-6-2-released/
👍3🔥3👾3
CVE-2024-38819: Path Traversal in Spring Framework, 7.5 rating❗️
Another Path Traversal vulnerability in the Spring framework. This time there is even a PoC!
Search at Netlas.io:
👉 Link: https://nt.ls/AzCtg
👉 Dork: tag.name:"spring"
Vendor's advisory: https://spring.io/security/cve-2024-38819
Another Path Traversal vulnerability in the Spring framework. This time there is even a PoC!
Search at Netlas.io:
👉 Link: https://nt.ls/AzCtg
👉 Dork: tag.name:"spring"
Vendor's advisory: https://spring.io/security/cve-2024-38819
👍4🔥2👾1
Private Scanner API Documentation 📑
We’ve updated the Netlas documentation with a significant addition: a detailed guide on using the Private Scanner API.
👉 Read the docs: https://docs.netlas.io/automation/scanner_api/
We’ve updated the Netlas documentation with a significant addition: a detailed guide on using the Private Scanner API.
👉 Read the docs: https://docs.netlas.io/automation/scanner_api/
👍4👾3
CVE-2024-50379, -54677: RCE and DoS in Apache Tomcat, 5.3 - 9.8 rating 🔥
New vulnerabilities allow attackers to upload and execute malicious files disguised as legitimate ones, as well as cause OutOfMemoryError to shut down the server.
Search at Netlas.io:
👉 Link: https://nt.ls/WHRGO
👉 Dork: http.favicon.hash_sha256:64a3170a912786e9eece7e347b58f36471cb9d0bc790697b216c61050e6b1f08 OR http.headers.server:"Apache-Coyote"
Read more: https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r
New vulnerabilities allow attackers to upload and execute malicious files disguised as legitimate ones, as well as cause OutOfMemoryError to shut down the server.
Search at Netlas.io:
👉 Link: https://nt.ls/WHRGO
👉 Dork: http.favicon.hash_sha256:64a3170a912786e9eece7e347b58f36471cb9d0bc790697b216c61050e6b1f08 OR http.headers.server:"Apache-Coyote"
Read more: https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r
🔥5👾3
🚧 Cryptopayments Temporarily Unavailable
Due to a system failure, we’re resynchronizing our nodes. Bitcoin payments are expected to restore in 12 hours, while Litecoin payments may take up to 48 hours.
Sorry for any inconvenience.
Due to a system failure, we’re resynchronizing our nodes. Bitcoin payments are expected to restore in 12 hours, while Litecoin payments may take up to 48 hours.
Sorry for any inconvenience.
💊5
CVE-2024-51479: Improper Authorization in Next.js, 7.5 rating❗️
The vulnerability allows attackers to access files in the root directory of the application when Next.js is authorized in the middleware.
Search at Netlas.io:
👉 Link: https://nt.ls/1jTTw
👉 Dork: http.headers.x_powered_by:"Next.js"
Vendor's advisory: https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f
The vulnerability allows attackers to access files in the root directory of the application when Next.js is authorized in the middleware.
Search at Netlas.io:
👉 Link: https://nt.ls/1jTTw
👉 Dork: http.headers.x_powered_by:"Next.js"
Vendor's advisory: https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f
👾4🔥3👍1
CVE-2024-12727, -28, -29: Multiple vulnerabilties in Sophos Firewall, 8.8 - 9.8 rating 🔥
The disclosed vulnerabilities in Sophos Firewall include two SQL injections, as well as a weak SSH passphrase, which was not chosen at random.
Search at Netlas.io:
👉 Link: https://nt.ls/yyWUE
👉 Dork: http.favicon.hash_sha256:f1b3895ca4ba5ef27244a9a7cd45fad7d05afb261f08f375ee4d0bd7008f87d5
Vendor's advisory: https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce
The disclosed vulnerabilities in Sophos Firewall include two SQL injections, as well as a weak SSH passphrase, which was not chosen at random.
Search at Netlas.io:
👉 Link: https://nt.ls/yyWUE
👉 Dork: http.favicon.hash_sha256:f1b3895ca4ba5ef27244a9a7cd45fad7d05afb261f08f375ee4d0bd7008f87d5
Vendor's advisory: https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce
🔥5👾4
Netlas Datastore from Command Line 🔍
Netlas SDK and Netlas CLI have been updated today. Now users can download datasets directly from their noscripts.
👉 Read more: https://docs.netlas.io/changelog/
Netlas SDK and Netlas CLI have been updated today. Now users can download datasets directly from their noscripts.
👉 Read more: https://docs.netlas.io/changelog/
docs.netlas.io
Changelog - Netlas Docs
Explore the latest updates, enhancements, and fixes on the Netlas platform. Stay informed with our Changelog for all product and feature developments.
👍3🔥3
Netlas vs Fofa: A Comprehensive Analysis 🧮
We’re continuing our series of articles comparing Netlas with its largest competitors.
This time, we’ve taken a deep dive into Fofa – a formidable rival often seen as an equal to Shodan. Using 10+ key indicators, we’ve thoroughly analyzed both platforms to help you understand pros and cons of the two solutions.
👉 Read now: https://netlas.io/blog/netlas_vs_fofa/
We’re continuing our series of articles comparing Netlas with its largest competitors.
This time, we’ve taken a deep dive into Fofa – a formidable rival often seen as an equal to Shodan. Using 10+ key indicators, we’ve thoroughly analyzed both platforms to help you understand pros and cons of the two solutions.
👉 Read now: https://netlas.io/blog/netlas_vs_fofa/
netlas.io
Netlas vs Fofa: Platforms Comparison - Netlas Blog
Compare IoT search engines Netlas and Fofa, highlighting their features, strengths, and ideal use cases for security research.
👾6🔥3
CVE-2024-56145: Code Injection in Craft CMS, 9.3 rating 🔥
The vulnerability we almost missed allows an attacker to pass code in place of CLI arguments and gain RCE.
Search at Netlas.io:
👉 Link: https://nt.ls/HFQTJ
👉 Dork: http.headers.x_powered_by:"Craft CMS"
Vendor's advisory: https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9
The vulnerability we almost missed allows an attacker to pass code in place of CLI arguments and gain RCE.
Search at Netlas.io:
👉 Link: https://nt.ls/HFQTJ
👉 Dork: http.headers.x_powered_by:"Craft CMS"
Vendor's advisory: https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9
🔥4👾2
Using TLDFinder with the Netlas Module 🔍
Check out our latest article, where we walk you through setting up ProjectDiscovery TLDFinder and using it alongside Netlas data for top-level domains and subdomains searching.
👉 Read now: https://netlas.io/blog/tldfinder_and_netlas/
Check out our latest article, where we walk you through setting up ProjectDiscovery TLDFinder and using it alongside Netlas data for top-level domains and subdomains searching.
👉 Read now: https://netlas.io/blog/tldfinder_and_netlas/
netlas.io
Using TLDFinder with Netlas - Netlas Blog
This article will look at using the TLDFinder tool to find top level domains and subdomains using the Netlas integration.
👍2👾2
CVE-2024-53961: Path Traversal in Adobe ColdFusion, 7.4 rating❗️
A fresh vulnerability allows attackers to traverse the path and read arbitrary files on the server, including confidential information.
Search at Netlas.io:
👉 Link: https://nt.ls/nV0Cl
👉 Dork: tag.name:"adobe_coldfusion"
Vendor's advisory: https://helpx.adobe.com/security/products/coldfusion/apsb24-107.html
A fresh vulnerability allows attackers to traverse the path and read arbitrary files on the server, including confidential information.
Search at Netlas.io:
👉 Link: https://nt.ls/nV0Cl
👉 Dork: tag.name:"adobe_coldfusion"
Vendor's advisory: https://helpx.adobe.com/security/products/coldfusion/apsb24-107.html
👍3👾3🔥2
CVE-2024-54148, -39930, -39932 and other: Multiple vulnerabilities in Gogs, 7.7 - 10.0 rating 🔥🔥🔥
In the recent release, Gogs fixed many vulnerabilities, both old and new. These include Path Traversal, Argument Injection, Code Injection and others.
Search at Netlas.io:
👉 Link: https://nt.ls/Vd4fF
👉 Dork: http.meta:"content=\"Gogs"
Vendor's advisories: https://github.com/gogs/gogs/releases/tag/v0.13.2
In the recent release, Gogs fixed many vulnerabilities, both old and new. These include Path Traversal, Argument Injection, Code Injection and others.
Search at Netlas.io:
👉 Link: https://nt.ls/Vd4fF
👉 Dork: http.meta:"content=\"Gogs"
Vendor's advisories: https://github.com/gogs/gogs/releases/tag/v0.13.2
🔥5👾4
Craft CMS RCE PoC by Chirag Artani 🔥
Our friend’s channel posted new video about one of the latest vulnerabilities. As usual he demonstrated Proof of Concept using Netlas 🔍
We also recommend checking out his website and Twitter for more tips:
👉 Site: 3rag.com
👉 Twitter: x.com/Chirag99Artani
Our friend’s channel posted new video about one of the latest vulnerabilities. As usual he demonstrated Proof of Concept using Netlas 🔍
We also recommend checking out his website and Twitter for more tips:
👉 Site: 3rag.com
👉 Twitter: x.com/Chirag99Artani
YouTube
Craft CMS RCE - 0day - Live POC | CVE-2024-56145 | Remote Code Execution Using Netlas & Nuclei
Here are tools :
working poc - https://github.com/Sachinart/CVE-2024-56145-craftcms-rce (main)
1. https://github.com/Chocapikk/CVE-2024-56145/ (exploit)
2. Analysis & blog - https://www.assetnote.io/resources/research/how-an-obscure-php-footgun-led-to…
working poc - https://github.com/Sachinart/CVE-2024-56145-craftcms-rce (main)
1. https://github.com/Chocapikk/CVE-2024-56145/ (exploit)
2. Analysis & blog - https://www.assetnote.io/resources/research/how-an-obscure-php-footgun-led-to…
1👾7🔥3👍1
🎄 Merry Christmas from the Netlas Team!
Wishing you and your loved ones a joyful holiday season filled with warmth, happiness, and success. Thank you for being a part of our journey this year—we're deeply grateful for your support and trust.
This year, we launched exciting features like the Netlas Private Scanner, Team Access, and celebrated the v.1.0 release! 🎉
Here’s to a secure and innovative new year together! 🌟
Wishing you and your loved ones a joyful holiday season filled with warmth, happiness, and success. Thank you for being a part of our journey this year—we're deeply grateful for your support and trust.
This year, we launched exciting features like the Netlas Private Scanner, Team Access, and celebrated the v.1.0 release! 🎉
Here’s to a secure and innovative new year together! 🌟
2🎄8👍5🙏2
🚨 Major API Outage Caused by PostgreSQL Cluster Synchronization Issues
Yesterday at 19:40 UTC, a significant outage affected the availability of our API, causing service disruptions for a majority of our users. Despite extensive efforts over the past night, the issue remains unresolved. The root cause has been identified as an unstable connection between our backend and database, which is continuing to impact overall application performance.
While the API is currently accessible, the application remains unstable. Our team is actively investigating and working diligently toward a resolution. Further updates will be shared as progress is made.
Yesterday at 19:40 UTC, a significant outage affected the availability of our API, causing service disruptions for a majority of our users. Despite extensive efforts over the past night, the issue remains unresolved. The root cause has been identified as an unstable connection between our backend and database, which is continuing to impact overall application performance.
While the API is currently accessible, the application remains unstable. Our team is actively investigating and working diligently toward a resolution. Further updates will be shared as progress is made.
💊8
✅ Major API Outage Resolved
Our team has successfully restored full functionality, and both the API and application are now operational. We have definitively identified the causes of the issue and will work on improving synchronization configurations in the near future to prevent similar incidents.
We sincerely apologize for the inconvenience caused and thank you for your patience and understanding during this time. If you experience any further issues, please contact our support team.
For real-time updates on Netlas Services' health status, please refer to https://status.netlas.io.
Our team has successfully restored full functionality, and both the API and application are now operational. We have definitively identified the causes of the issue and will work on improving synchronization configurations in the near future to prevent similar incidents.
We sincerely apologize for the inconvenience caused and thank you for your patience and understanding during this time. If you experience any further issues, please contact our support team.
For real-time updates on Netlas Services' health status, please refer to https://status.netlas.io.
❤5