CVE-2024-6385: Improper Access Control in GitLab, 9.6 rating π₯
The new vulnerability allows an attacker to run pipeline jobs with the rights of any other user.
Search at Netlas.io:
π Link: https://nt.ls/HvsUY
π Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef
Read more: https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-bug-that-lets-attackers-run-pipelines-as-an-arbitrary-user/
The new vulnerability allows an attacker to run pipeline jobs with the rights of any other user.
Search at Netlas.io:
π Link: https://nt.ls/HvsUY
π Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef
Read more: https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-bug-that-lets-attackers-run-pipelines-as-an-arbitrary-user/
π4πΎ4π₯3
Complete Guide on Attack Surface Discovery π
Check out our latest article detailing the steps a cybersecurity researcher can follow to construct an Attack Surface using Netlas.io and other tools. Don't miss it! π₯
ππ» Read now: https://netlas.io/blog/attack_surface_discovery_guide/
Check out our latest article detailing the steps a cybersecurity researcher can follow to construct an Attack Surface using Netlas.io and other tools. Don't miss it! π₯
ππ» Read now: https://netlas.io/blog/attack_surface_discovery_guide/
netlas.io
Complete Guide on Attack Surface Discovery - Netlas Blog
A comprehensive approach to mapping your attack surface, helping you identify vulnerabilities, assess risks, and implement effective security measures.
π₯5πΎ5πΎ1
CVE-2024-34102: XXE in Magento (and Adobe Commerce), 9.8 rating π₯
Adobe eCommerce services are vulnerable to XXE, which allows an attacker to achieve arbitrary code execution. Cases of exploitation in the wild are already knownβ
Search at Netlas.io:
π Link: https://nt.ls/6inQC
π Dork: tag.name:"magento"
Vendor's advisory: https://helpx.adobe.com/security/products/magento/apsb24-40.html
Adobe eCommerce services are vulnerable to XXE, which allows an attacker to achieve arbitrary code execution. Cases of exploitation in the wild are already knownβ
Search at Netlas.io:
π Link: https://nt.ls/6inQC
π Dork: tag.name:"magento"
Vendor's advisory: https://helpx.adobe.com/security/products/magento/apsb24-40.html
π₯5πΎ5π4
Best Attack Surface Visualization Tools πΊ
Visualization of the Attack Surface is the final stage in its discovery. In this article we will talk about tools that can make this process easier π
π Read now: https://netlas.io/blog/best_attack_surface_visualization_tools/
Visualization of the Attack Surface is the final stage in its discovery. In this article we will talk about tools that can make this process easier π
π Read now: https://netlas.io/blog/best_attack_surface_visualization_tools/
netlas.io
Best Attack Surface Visualization Tools - Netlas Blog
Explore top tools that help visualize your attack surface, enabling better threat detection and improved security posture for your organization.
πΎ5π₯3π2β‘1π«‘1
Mastering Online Cameras Searching πΉ
Intrigued by global events? Live cameras offer a solution. Millions of Internet-connected devices worldwide provide real-time views of live events, like public gatherings and conflictsπ₯
IoT search engines, Google dorking, and niche websites: learn how to search online cameras around the world π
π Read now: https://netlas.io/blog/find_online_cameras/
Intrigued by global events? Live cameras offer a solution. Millions of Internet-connected devices worldwide provide real-time views of live events, like public gatherings and conflictsπ₯
IoT search engines, Google dorking, and niche websites: learn how to search online cameras around the world π
π Read now: https://netlas.io/blog/find_online_cameras/
netlas.io
Mastering Online Camera Searches - Netlas Blog
A guide on how to find exposed webcams anywhere in the world. Techniques, tools, and best practices. Examples of searching for the most popular devices.
π7β€1π1πΎ1
π Netlas v.0.24.1 is live!
Our Attack Surface Discovery Tool now supports batch node addition and drag-and-drop for easier grouping. Plus, weβve added a system theme property to control the dark/light mode.
Changelog is here: https://docs.netlas.io/changelog/
Our Attack Surface Discovery Tool now supports batch node addition and drag-and-drop for easier grouping. Plus, weβve added a system theme property to control the dark/light mode.
Changelog is here: https://docs.netlas.io/changelog/
docs.netlas.io
Changelog - Netlas Docs
Explore the latest updates, enhancements, and fixes on the Netlas platform. Stay informed with our Changelog for all product and feature developments.
π₯3π2πΎ2β€1
CVE-2024-37287: RCE in Kibana, 9.9 rating π₯
Recent vulnerability affecting multiple versions of Kibana allows an attacker to execute arbitrary code via prototype pollution.
Search at Netlas.io:
π Link: https://nt.ls/EQIov
π Dork: http.favicon.hash_sha256:30db4185530d8617e9f08858787a24b219ac5102321b48515baf5da7ac43b590
Read more: https://discuss.elastic.co/t/kibana-8-14-2-7-17-23-security-update-esa-2024-22/364424
Recent vulnerability affecting multiple versions of Kibana allows an attacker to execute arbitrary code via prototype pollution.
Search at Netlas.io:
π Link: https://nt.ls/EQIov
π Dork: http.favicon.hash_sha256:30db4185530d8617e9f08858787a24b219ac5102321b48515baf5da7ac43b590
Read more: https://discuss.elastic.co/t/kibana-8-14-2-7-17-23-security-update-esa-2024-22/364424
π₯5πΎ2
CVE-2024-43044, -43045: Arbitrary file read in Jenkins, critical rating π₯
The vulnerabilities allow an attacker to perform RCE or gain access to sensitive information.
Search at Netlas.io:
π Link: https://nt.ls/BEFsW
π Dork: http.favicon.hash_sha256:4fec1ee82f0dc4a8e4e9bb26954cf54cf9bf1e6a009516cb6c49ff16924e8caa
Vendor's advisory: https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430
The vulnerabilities allow an attacker to perform RCE or gain access to sensitive information.
Search at Netlas.io:
π Link: https://nt.ls/BEFsW
π Dork: http.favicon.hash_sha256:4fec1ee82f0dc4a8e4e9bb26954cf54cf9bf1e6a009516cb6c49ff16924e8caa
Vendor's advisory: https://www.jenkins.io/security/advisory/2024-08-07/#SECURITY-3430
πΎ4π₯3π2
CVE-2024-22116: RCE in Zabbix, 9.9 rating π₯
Lack of escaping for script parameters allows an attacker to execute arbitrary code.
Search at Netlas.io:
π Link: https://nt.ls/KoYW4
π Dork: http.favicon.hash_sha256:22b06a141c425c92951056805f46691c4cd8e7547ed90b8836a282950d4b4be2
Vendor's advisory: https://support.zabbix.com/browse/ZBX-25016
Lack of escaping for script parameters allows an attacker to execute arbitrary code.
Search at Netlas.io:
π Link: https://nt.ls/KoYW4
π Dork: http.favicon.hash_sha256:22b06a141c425c92951056805f46691c4cd8e7547ed90b8836a282950d4b4be2
Vendor's advisory: https://support.zabbix.com/browse/ZBX-25016
π₯4πΎ3π1
WordPress Automatic Exploit by Chirag Artaniπ₯
Our good friendβs channel posted a useful video about using Netlas to find real vulnerabilities π€
We also recommend checking out his website and Twitter for more tips:
π Site: 3rag.com
π Twitter: x.com/Chirag99Artani
Our good friendβs channel posted a useful video about using Netlas to find real vulnerabilities π€
We also recommend checking out his website and Twitter for more tips:
π Site: 3rag.com
π Twitter: x.com/Chirag99Artani
YouTube
WordPress Automatic Exploit | SSRF & Unauthenticated Arbitrary File Download | Live Recon 2024
WordPress Automatic plugin 3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files,β¦
π₯5π2
CVE-2024-39397: Arbitrary Code Execution in Magento (and Adobe Commerce), 9.0 rating π₯
The latest vulnerability, affecting only Apache servers, allows an attacker to upload files with dangerous types and achieve code execution.
Search at Netlas.io:
π Link: https://nt.ls/dw1Nl
π Dork: tag.name:"magento" AND http.headers.server:"Apache"
Vendor's advisory: https://helpx.adobe.com/security/products/magento/apsb24-61.html
The latest vulnerability, affecting only Apache servers, allows an attacker to upload files with dangerous types and achieve code execution.
Search at Netlas.io:
π Link: https://nt.ls/dw1Nl
π Dork: tag.name:"magento" AND http.headers.server:"Apache"
Vendor's advisory: https://helpx.adobe.com/security/products/magento/apsb24-61.html
π₯4πΎ2π1
CVE-2024-33533, -33535, -33536: Multiple vulns in Zimbra, 5.4 - 7.5 ratingβοΈ
The vulnerabilities could allow an attacker to perform path traversal or create XSS injection, which could compromise sensitive data.
Search at Netlas.io:
π Link: https://nt.ls/0aGwL
π Dork: http.favicon.hash_sha256:1afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637 OR \*.banner:"Zimbra"
Vendor's advisory: https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.8#Security_Fixes
The vulnerabilities could allow an attacker to perform path traversal or create XSS injection, which could compromise sensitive data.
Search at Netlas.io:
π Link: https://nt.ls/0aGwL
π Dork: http.favicon.hash_sha256:1afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637 OR \*.banner:"Zimbra"
Vendor's advisory: https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.8#Security_Fixes
πΎ5π₯4
CVE-2024-5932: Deserialization of Untrusted Data in GiveWP plugin, 10.0 rating π₯π₯π₯
Vulnerability discovered in the popular donation plugin leaves thousands of WordPress sites vulnerable to RCE and arbitrary file deletion.
Search at Netlas.io:
π Link: https://nt.ls/xS1vx
π Dork: http.body:"plugins/give/assets/dist"
Vulnerability discovered in the popular donation plugin leaves thousands of WordPress sites vulnerable to RCE and arbitrary file deletion.
Search at Netlas.io:
π Link: https://nt.ls/xS1vx
π Dork: http.body:"plugins/give/assets/dist"
π₯4πΎ4π1
CVE-2024-40766: Improper Access Control in SonicWall SonicOS, 8.6 ratingβοΈ
An improper access control vulnerability in the SonicOS admin interface could allow an attacker to access sensitive information and even execute arbitrary code on an affected device.
Search at Netlas.io:
π Link: https://nt.ls/WTQRf
π Dork: http.headers.server:"sonicwall"
Vendor's advisory: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
An improper access control vulnerability in the SonicOS admin interface could allow an attacker to access sensitive information and even execute arbitrary code on an affected device.
Search at Netlas.io:
π Link: https://nt.ls/WTQRf
π Dork: http.headers.server:"sonicwall"
Vendor's advisory: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
1β€2π₯2πΎ2π1
CVE-2024-8073: Command Injection in Hillstone Networks Firewalls, 9.8 rating π₯
The freshest vulnerability in Hillstone WAFs allows an attacker to perform RCE due to incorrect input validation.
Search at Netlas.io:
π Link: https://nt.ls/YZWqU
π Dork: http.title:"Hillstone Networks"
Vendor's advisory: https://www.hillstonenet.com.cn/security-notification/2024/08/21/mlzrld-2/
The freshest vulnerability in Hillstone WAFs allows an attacker to perform RCE due to incorrect input validation.
Search at Netlas.io:
π Link: https://nt.ls/YZWqU
π Dork: http.title:"Hillstone Networks"
Vendor's advisory: https://www.hillstonenet.com.cn/security-notification/2024/08/21/mlzrld-2/
π2π₯2πΎ1
CVE-2024-6386: RCE in WPML WordPress Plugin, 9.9 rating π₯
Due to the lack of input validation, an attacker can execute code on the affected server.
Search at Netlas.io:
π Link: https://nt.ls/caxUk
π Dork: http.body:"plugins/wpml"
Read more: https://sec.stealthcopter.com/wpml-rce-via-twig-ssti/
Due to the lack of input validation, an attacker can execute code on the affected server.
Search at Netlas.io:
π Link: https://nt.ls/caxUk
π Dork: http.body:"plugins/wpml"
Read more: https://sec.stealthcopter.com/wpml-rce-via-twig-ssti/
1π₯6π3πΎ3
CVE-2024-43425: RCE in Moodle, PoC is available π₯π₯π₯
Due to incomplete sanitization in the βcalculated questionsβ feature, attackers can transmit and execute arbitrary code, which can be used to disclose studentsβ confidential information or disrupt the entire learning process.
Search at Netlas.io:
π Link: https://nt.ls/6WaFx
π Dork: http.headers.set_cookie:"MoodleSession"
Read more: https://blog.redteam-pentesting.de/2024/moodle-rce/
Due to incomplete sanitization in the βcalculated questionsβ feature, attackers can transmit and execute arbitrary code, which can be used to disclose studentsβ confidential information or disrupt the entire learning process.
Search at Netlas.io:
π Link: https://nt.ls/6WaFx
π Dork: http.headers.set_cookie:"MoodleSession"
Read more: https://blog.redteam-pentesting.de/2024/moodle-rce/
π₯4π3πΎ3π€1
Automated search for domain names with a specific TLD π₯
How often have you researched companies that have their own TLDs? Listing all relevant domains would be very valuable...
The author of today's article noted that there is no single tool that lists all the required domain names. In order to automate these searches and simplify the building of an attack surface, he created the first utility to perform this task - tldfinder.
π tldfinder's GitHub: https://github.com/projectdiscovery/tldfinder
π Read more about tool: https://cloud.google.com/blog/topics/threat-intelligence/enumerating-private-tlds
In addition, we express our gratitude to N7WEra for finding a place for Netlas in his utility!
How often have you researched companies that have their own TLDs? Listing all relevant domains would be very valuable...
The author of today's article noted that there is no single tool that lists all the required domain names. In order to automate these searches and simplify the building of an attack surface, he created the first utility to perform this task - tldfinder.
π tldfinder's GitHub: https://github.com/projectdiscovery/tldfinder
π Read more about tool: https://cloud.google.com/blog/topics/threat-intelligence/enumerating-private-tlds
In addition, we express our gratitude to N7WEra for finding a place for Netlas in his utility!
GitHub
GitHub - projectdiscovery/tldfinder: A streamlined tool for discovering private TLDs for security research.
A streamlined tool for discovering private TLDs for security research. - projectdiscovery/tldfinder
β€3π3π³2
Using DNS History in Cybersecurity π
DNS records are one of the most valuable sources of information for a researcher. Given the opportunity to observe them in retrospect, they become almost a silver bullet.
Our new article outlines potential use cases, as well as several tools that will allow you to take full advantage of DNS History in your work π₯
π Read now: https://netlas.io/blog/dns_history_in_cybersecurity/
Enjoy reading!
DNS records are one of the most valuable sources of information for a researcher. Given the opportunity to observe them in retrospect, they become almost a silver bullet.
Our new article outlines potential use cases, as well as several tools that will allow you to take full advantage of DNS History in your work π₯
π Read now: https://netlas.io/blog/dns_history_in_cybersecurity/
Enjoy reading!
netlas.io
Using DNS History in Cybersecurity - Netlas Blog
A detailed guide on how to use DNS History in cybersecurity. Use cases, best tools, and best practices.
πΎ3π₯2π1π1
CVE-2024-44000: Unauthenticated Account Takeover in LiteSpeed Cache plugin for WordPress, 9.8 rating π₯
A vulnerability in the debug log allows attackers to gain access to user sessions, potentially leading to complete control over a website.
Search at Netlas.io:
π Link: https://nt.ls/syLAy
π Dork: http.body:"plugins/litespeed-cache"
Read more: https://securityonline.info/cve-2024-44000-cvss-9-8-litespeed-cache-flaw-exposes-millions-of-wordpress-sites-to-takeover-attacks/
A vulnerability in the debug log allows attackers to gain access to user sessions, potentially leading to complete control over a website.
Search at Netlas.io:
π Link: https://nt.ls/syLAy
π Dork: http.body:"plugins/litespeed-cache"
Read more: https://securityonline.info/cve-2024-44000-cvss-9-8-litespeed-cache-flaw-exposes-millions-of-wordpress-sites-to-takeover-attacks/
1πΎ4π₯3π1
CVE-2024-37288, -37285: RCE in Kibana, 9.9 rating π₯π₯π₯
By improperly deserializing YAML, attackers can perform RCE. The attack is quite complex, but Elastic still recommends updating.
Search at Netlas.io:
π Link: https://nt.ls/cVF9O
π Dork: http.favicon.hash_sha256:30db4185530d8617e9f08858787a24b219ac5102321b48515baf5da7ac43b590
Read more: https://securityonline.info/critical-kibana-flaws-cve-2024-37288-cve-2024-37285-expose-systems-to-arbitrary-code-execution/
By improperly deserializing YAML, attackers can perform RCE. The attack is quite complex, but Elastic still recommends updating.
Search at Netlas.io:
π Link: https://nt.ls/cVF9O
π Dork: http.favicon.hash_sha256:30db4185530d8617e9f08858787a24b219ac5102321b48515baf5da7ac43b590
Read more: https://securityonline.info/critical-kibana-flaws-cve-2024-37288-cve-2024-37285-expose-systems-to-arbitrary-code-execution/
1π3πΎ3π₯2