CVE-2023-36630: Privilege Escalation and Authentication Bypass in CloudPanel, critical rating 🔥

Fresh vulnerability based on insecure file uploads.

Search at Netlas.io:
👉🏻 Link: nt.ls/V3hEn
👉🏻 Dork: http.noscript:"cloudpanel" NOT http.body:"2.3.1"

Read vendor's changelog: https://www.cloudpanel.io/docs/v2/changelog/

CVE-2023-3460: Privilege Escalation in UltimateMember WordPress plugin, 9.8 rating! 🔥

A vulnerability has been observed for several versions of the plugin and is actively exploited by hackers.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/S9Skz
👉🏻 Dork: http.body:"wp-content/plugins/ultimate-member"

Vendor's comments: https://wordpress.org/support/topic/cve-2023-3460/

The end of Beta Presale II is very close!

Hurry up to get Netlas.io subnoscription with a 50% discount, after 6 days the discount will be reduced ❗️

👉🏻 Buy a subnoscription: https://app.netlas.io/plans/

In the near future, we'll also publish new features of Netlas.io (like in GIF). Sure you'll like them!

A new tool in Netlas 🔥

The search engine has received a new functionality - the Attack Surface Discovery tool. Check out Netlas.io to build your surfaces with our data!

Links:
👉🏻 Tool: https://app.netlas.io/asd/
👉🏻 Medium article: https://netlas.medium.com/netlas-io-attack-surface-discovery-tool-6fbd6b3e9706
👉🏻 Overview video: https://youtu.be/98s-Iu5MyRw

CVE-2023-34192: Reflected XSS in Zimbra Collaboration Suite, 9.0 rating! 🔥

The vulnerability is actively exploited by hackers.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/ufPn6
👉🏻 Dork: http.favicon.hash_sha256:1afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637

Read more: https://www.bleepingcomputer.com/news/security/zimbra-urges-admins-to-manually-fix-zero-day-exploited-in-attacks/

CVE-2023-3519, -3466, -3467: Multiple vulns in Citrix Gateway/ADC, 9.8 rating 🔥

Reflected XSS, privelege escalation, and unauth RCE which already exploiting!

Search at Netlas.io:
👉🏻 Link: https://nt.ls/HB0b1
👉🏻 Dork: http.noscript:"Citrix ADC" OR http.noscript:"Citrix Gateway"

Vendor's bulletin: https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467

Share an attack surface graph

Did you notice share button appeared in Netlas.io Attack Surface Discovery tool? Here is OKX.com attack surface as they published on Hacker0x01 for example:

https://nt.ls/63dRu
https://hackerone.com/okx

CVE-2023-35078: Ivanti EPMM Remote Unauthenticated API Access Vulnerability

🚨 PoC is already available for Ivanti Endpoint Manager Mobile API vuln CVE-2023-35078 (❗️CVSS 10.0❗️)
A limited number of customers have been impacted already 😖

Search at Netlas.io:
👉🏻 Link: https://nt.ls/QdWH7
👉🏻 Dork: http.headers.set_cookie:("JSESSIONID" "Path" "/mifs")

Vendor’s advisory: https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability

☝🏻 Another one for the same product published today: CVE-2023-35082, CVSS 10.0

A second vulnerability affecting Ivanti EPMM (formerly MobileIron Core) API has been discovered today.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/QdWH7
👉🏻 Dork: http.headers.set_cookie:("JSESSIONID" "Path" "/mifs")

Vendor’s advisory: https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older

There have been many requests to make CVE information available through a Freelancer subnoscription.

It's DONE! We hope this will make Netlas.io more useful to a wider range of users.

Sincerely yours, the Netlas.io Team

CVE-2023-39143: RCE in PaperCut MF/NG, 8.4 rating 🔥

Vuln enables unauthenticated attackers to potentially work with arbitrary files to the PaperCut MF/NG application server (< 21.2.3 version), resulting in RCE in certain configurations.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/ZGjrR
👉🏻 Dork: (http.noscript:"PaperCut Login" AND (http.denoscription:"PaperCut NG" OR http.denoscription:"PaperCut MF")) OR (http.favicon.perceptual_hash:3e7e66667e7c6000)

Vendor's advisory: https://www.papercut.com/kb/Main/securitybulletinjuly2023/

CVE-2023-38035: Auth Bypass in Ivanti (MobileIron) Sentry, 9.8 rating 🔥

The vulnerability allows unauthenticated attackers to access sensitive APIs on port 8443.

Search at Netlas.io:
👉 Link: https://nt.ls/CwTWz
👉 Dork: http.body:"images/sentry-mi-logo" AND port:8443

Vendor's advisory: https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US

CVE-2023-40176, -40177, -40572, -40573: Multiple vuln in XWiki, 9.0-9.9 rating 🔥

Fresh RCE, Privelege Escalation and stored XSS in XWiki Platform.

Search at Netlas.io:
👉 Link: https://nt.ls/SSzCU
👉 Dork: http.noscript:"XWiki" OR http.favicon.hash_sha256:6f0fdef9a229150fbc7183a1bbb136d7b44b6df7c34369c14bebb6adae8aaf20

CVE-2023-4596: RCE in Forminator plugin for WordPress, 9.8 rating 🔥

The Forminator plugin in WP is vulnerable to arbitraty file upload for unauthenticated users, which may make RCE possible. PoC is available❗️

Search at Netlas.io:
👉🏻 Link: https://nt.ls/3Tgzc
👉🏻 Dork: http.body:"/wp-content/plugins/forminator"

PoC is here: https://github.com/E1A/CVE-2023-4596

CVE-2023-39361, -31132, -39359 and other: Multiple vuln (17 CVE's!) in Cacti, from 3.5 to 9.8 rating 🔥

Stored XSS, SQL injection, RCE, Privilege Escalation... Vulnerabilities for every taste!

Search at Netlas.io:
👉🏻 Link: https://nt.ls/tTozX
👉🏻 Dork: http.noscript:"Login to Cacti"

Read more: https://github.com/Cacti/cacti/security

CVE-2023-36764: Elevation of Privilege in Microsoft SharePoint Server, 8.8 rating 🔥

Attacker could gain administrator privileges by creating an ASP.NET page with specially-crafted declarative markup. Only authorization at the Site Member level is required.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/BBPrT
👉🏻 Dork: http.headers.microsoftsharepointteamservices:*

Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36764

After a long break, we are finally posting a new article 🔥

This time we'll not talk about third-party tools, but specifically about Netlas.io. More precisely, about searching for live cameras using our tool 📹

👉 Article: https://netlas.medium.com/how-to-find-online-cameras-with-netlas-io-c68cdf5f327f

Enjoy reading!

CVE-2023-38204: Arbitrary code execution in Adobe ColdFusion, 9.8 rating 🔥

Another vulnerability in ColdFusion. This time the reason was the vulnerability of some versions to Deserialization of Untrusted Data.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/adbcf
👉🏻 Dork: tag.name:"adobe_coldfusion"

Vendor's advisory: https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html

If you use Google Chrome as your main browser, we have great news for you 🔥

Today we officially publish Netlas.io in browser extension format! Now users can explore the site they are on at any time with a couple of clicks. Find out potential vulnerabilities, host data, and much more.

👉🏻 Read more: https://netlas.medium.com/netlas-io-chrome-extension-65a8e3d03bc0?postPublishedType=initial
👉🏻 Extension: https://chrome.google.com/webstore/detail/netlasio/pncoieihjcmpooceknjajojehmhdedii?utm_source=ext_app_menu

CVE-2023-29183: XSS in Fortinet/FortiProxy, 8.0 rating 🔥

Some versions of Fortigate Fortinet and FortiProxy is vulnerable to an improper neutralization of input during web page generation, which allows an attacker to trigger malicious JavaScript code.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/he40Q
👉🏻 Dork: http.favicon.hash_sha256:d18b3c9feb76c3c1cfdcc51c732f113327e3c33fb3f63b479951f7da6ed1216f

Vendor's advisory: https://www.fortiguard.com/psirt/FG-IR-23-106

We noticed that you were very interested in the article about live cameras. That's why its sequel is coming out 🔥

Today we will touch on searching for cameras using Google Dorks, and will also talk about several special sites on which anyone can post their broadcast.

👉🏻 Article: https://netlas.medium.com/how-to-find-online-cameras-with-google-29582e8372e0

Enjoy reading!