CVE-2023-27997: Pre-authentication RCE on Fortigate VPN, 9.8 rating 🔥

Heap overflow, vulnerability potentially affecting multiple versions.

Search at Netlas.io:
👉🏻 Link with tags (recommended): https://nt.ls/jOlSo
👉🏻 Link without tags (less precision): https://nt.ls/3NrQW

Read detailed analysis by LexfoSecurity: https://blog.lexfo.fr/xortigate-cve-2023-27997.html

CVE-2023-3128: Authentication Bypass in Grafana, 9.4 rating ❗️
CVE vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

During Grafana's Azure AD account validation, an attacker can spoof the profile email field and hijack the account.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/iqMVz
👉🏻 Dork: http.favicon.hash_sha256:80a7f87a79169cf0ac1ed3250d7c509368190a97bc7182cd4705deb8f8c70174 AND http.noscript:"Grafana"

CVE-2023-36630: Privilege Escalation and Authentication Bypass in CloudPanel, critical rating 🔥

Fresh vulnerability based on insecure file uploads.

Search at Netlas.io:
👉🏻 Link: nt.ls/V3hEn
👉🏻 Dork: http.noscript:"cloudpanel" NOT http.body:"2.3.1"

Read vendor's changelog: https://www.cloudpanel.io/docs/v2/changelog/

CVE-2023-3460: Privilege Escalation in UltimateMember WordPress plugin, 9.8 rating! 🔥

A vulnerability has been observed for several versions of the plugin and is actively exploited by hackers.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/S9Skz
👉🏻 Dork: http.body:"wp-content/plugins/ultimate-member"

Vendor's comments: https://wordpress.org/support/topic/cve-2023-3460/

The end of Beta Presale II is very close!

Hurry up to get Netlas.io subnoscription with a 50% discount, after 6 days the discount will be reduced ❗️

👉🏻 Buy a subnoscription: https://app.netlas.io/plans/

In the near future, we'll also publish new features of Netlas.io (like in GIF). Sure you'll like them!

A new tool in Netlas 🔥

The search engine has received a new functionality - the Attack Surface Discovery tool. Check out Netlas.io to build your surfaces with our data!

Links:
👉🏻 Tool: https://app.netlas.io/asd/
👉🏻 Medium article: https://netlas.medium.com/netlas-io-attack-surface-discovery-tool-6fbd6b3e9706
👉🏻 Overview video: https://youtu.be/98s-Iu5MyRw

CVE-2023-34192: Reflected XSS in Zimbra Collaboration Suite, 9.0 rating! 🔥

The vulnerability is actively exploited by hackers.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/ufPn6
👉🏻 Dork: http.favicon.hash_sha256:1afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637

Read more: https://www.bleepingcomputer.com/news/security/zimbra-urges-admins-to-manually-fix-zero-day-exploited-in-attacks/

CVE-2023-3519, -3466, -3467: Multiple vulns in Citrix Gateway/ADC, 9.8 rating 🔥

Reflected XSS, privelege escalation, and unauth RCE which already exploiting!

Search at Netlas.io:
👉🏻 Link: https://nt.ls/HB0b1
👉🏻 Dork: http.noscript:"Citrix ADC" OR http.noscript:"Citrix Gateway"

Vendor's bulletin: https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467

Share an attack surface graph

Did you notice share button appeared in Netlas.io Attack Surface Discovery tool? Here is OKX.com attack surface as they published on Hacker0x01 for example:

https://nt.ls/63dRu
https://hackerone.com/okx

CVE-2023-35078: Ivanti EPMM Remote Unauthenticated API Access Vulnerability

🚨 PoC is already available for Ivanti Endpoint Manager Mobile API vuln CVE-2023-35078 (❗️CVSS 10.0❗️)
A limited number of customers have been impacted already 😖

Search at Netlas.io:
👉🏻 Link: https://nt.ls/QdWH7
👉🏻 Dork: http.headers.set_cookie:("JSESSIONID" "Path" "/mifs")

Vendor’s advisory: https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability

☝🏻 Another one for the same product published today: CVE-2023-35082, CVSS 10.0

A second vulnerability affecting Ivanti EPMM (formerly MobileIron Core) API has been discovered today.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/QdWH7
👉🏻 Dork: http.headers.set_cookie:("JSESSIONID" "Path" "/mifs")

Vendor’s advisory: https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older

There have been many requests to make CVE information available through a Freelancer subnoscription.

It's DONE! We hope this will make Netlas.io more useful to a wider range of users.

Sincerely yours, the Netlas.io Team

CVE-2023-39143: RCE in PaperCut MF/NG, 8.4 rating 🔥

Vuln enables unauthenticated attackers to potentially work with arbitrary files to the PaperCut MF/NG application server (< 21.2.3 version), resulting in RCE in certain configurations.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/ZGjrR
👉🏻 Dork: (http.noscript:"PaperCut Login" AND (http.denoscription:"PaperCut NG" OR http.denoscription:"PaperCut MF")) OR (http.favicon.perceptual_hash:3e7e66667e7c6000)

Vendor's advisory: https://www.papercut.com/kb/Main/securitybulletinjuly2023/

CVE-2023-38035: Auth Bypass in Ivanti (MobileIron) Sentry, 9.8 rating 🔥

The vulnerability allows unauthenticated attackers to access sensitive APIs on port 8443.

Search at Netlas.io:
👉 Link: https://nt.ls/CwTWz
👉 Dork: http.body:"images/sentry-mi-logo" AND port:8443

Vendor's advisory: https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US

CVE-2023-40176, -40177, -40572, -40573: Multiple vuln in XWiki, 9.0-9.9 rating 🔥

Fresh RCE, Privelege Escalation and stored XSS in XWiki Platform.

Search at Netlas.io:
👉 Link: https://nt.ls/SSzCU
👉 Dork: http.noscript:"XWiki" OR http.favicon.hash_sha256:6f0fdef9a229150fbc7183a1bbb136d7b44b6df7c34369c14bebb6adae8aaf20

CVE-2023-4596: RCE in Forminator plugin for WordPress, 9.8 rating 🔥

The Forminator plugin in WP is vulnerable to arbitraty file upload for unauthenticated users, which may make RCE possible. PoC is available❗️

Search at Netlas.io:
👉🏻 Link: https://nt.ls/3Tgzc
👉🏻 Dork: http.body:"/wp-content/plugins/forminator"

PoC is here: https://github.com/E1A/CVE-2023-4596

CVE-2023-39361, -31132, -39359 and other: Multiple vuln (17 CVE's!) in Cacti, from 3.5 to 9.8 rating 🔥

Stored XSS, SQL injection, RCE, Privilege Escalation... Vulnerabilities for every taste!

Search at Netlas.io:
👉🏻 Link: https://nt.ls/tTozX
👉🏻 Dork: http.noscript:"Login to Cacti"

Read more: https://github.com/Cacti/cacti/security

CVE-2023-36764: Elevation of Privilege in Microsoft SharePoint Server, 8.8 rating 🔥

Attacker could gain administrator privileges by creating an ASP.NET page with specially-crafted declarative markup. Only authorization at the Site Member level is required.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/BBPrT
👉🏻 Dork: http.headers.microsoftsharepointteamservices:*

Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36764

After a long break, we are finally posting a new article 🔥

This time we'll not talk about third-party tools, but specifically about Netlas.io. More precisely, about searching for live cameras using our tool 📹

👉 Article: https://netlas.medium.com/how-to-find-online-cameras-with-netlas-io-c68cdf5f327f

Enjoy reading!

CVE-2023-38204: Arbitrary code execution in Adobe ColdFusion, 9.8 rating 🔥

Another vulnerability in ColdFusion. This time the reason was the vulnerability of some versions to Deserialization of Untrusted Data.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/adbcf
👉🏻 Dork: tag.name:"adobe_coldfusion"

Vendor's advisory: https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html

If you use Google Chrome as your main browser, we have great news for you 🔥

Today we officially publish Netlas.io in browser extension format! Now users can explore the site they are on at any time with a couple of clicks. Find out potential vulnerabilities, host data, and much more.

👉🏻 Read more: https://netlas.medium.com/netlas-io-chrome-extension-65a8e3d03bc0?postPublishedType=initial
👉🏻 Extension: https://chrome.google.com/webstore/detail/netlasio/pncoieihjcmpooceknjajojehmhdedii?utm_source=ext_app_menu