CVE-2024-43425: RCE in Moodle, PoC is available π₯π₯π₯
Due to incomplete sanitization in the βcalculated questionsβ feature, attackers can transmit and execute arbitrary code, which can be used to disclose studentsβ confidential information or disrupt the entire learning process.
Search at Netlas.io:
π Link: https://nt.ls/6WaFx
π Dork: http.headers.set_cookie:"MoodleSession"
Read more: https://blog.redteam-pentesting.de/2024/moodle-rce/
Due to incomplete sanitization in the βcalculated questionsβ feature, attackers can transmit and execute arbitrary code, which can be used to disclose studentsβ confidential information or disrupt the entire learning process.
Search at Netlas.io:
π Link: https://nt.ls/6WaFx
π Dork: http.headers.set_cookie:"MoodleSession"
Read more: https://blog.redteam-pentesting.de/2024/moodle-rce/
π₯4π3πΎ3π€1
Automated search for domain names with a specific TLD π₯
How often have you researched companies that have their own TLDs? Listing all relevant domains would be very valuable...
The author of today's article noted that there is no single tool that lists all the required domain names. In order to automate these searches and simplify the building of an attack surface, he created the first utility to perform this task - tldfinder.
π tldfinder's GitHub: https://github.com/projectdiscovery/tldfinder
π Read more about tool: https://cloud.google.com/blog/topics/threat-intelligence/enumerating-private-tlds
In addition, we express our gratitude to N7WEra for finding a place for Netlas in his utility!
How often have you researched companies that have their own TLDs? Listing all relevant domains would be very valuable...
The author of today's article noted that there is no single tool that lists all the required domain names. In order to automate these searches and simplify the building of an attack surface, he created the first utility to perform this task - tldfinder.
π tldfinder's GitHub: https://github.com/projectdiscovery/tldfinder
π Read more about tool: https://cloud.google.com/blog/topics/threat-intelligence/enumerating-private-tlds
In addition, we express our gratitude to N7WEra for finding a place for Netlas in his utility!
GitHub
GitHub - projectdiscovery/tldfinder: A streamlined tool for discovering private TLDs for security research.
A streamlined tool for discovering private TLDs for security research. - projectdiscovery/tldfinder
β€3π3π³2
Using DNS History in Cybersecurity π
DNS records are one of the most valuable sources of information for a researcher. Given the opportunity to observe them in retrospect, they become almost a silver bullet.
Our new article outlines potential use cases, as well as several tools that will allow you to take full advantage of DNS History in your work π₯
π Read now: https://netlas.io/blog/dns_history_in_cybersecurity/
Enjoy reading!
DNS records are one of the most valuable sources of information for a researcher. Given the opportunity to observe them in retrospect, they become almost a silver bullet.
Our new article outlines potential use cases, as well as several tools that will allow you to take full advantage of DNS History in your work π₯
π Read now: https://netlas.io/blog/dns_history_in_cybersecurity/
Enjoy reading!
netlas.io
Using DNS History in Cybersecurity - Netlas Blog
A detailed guide on how to use DNS History in cybersecurity. Use cases, best tools, and best practices.
πΎ3π₯2π1π1
CVE-2024-44000: Unauthenticated Account Takeover in LiteSpeed Cache plugin for WordPress, 9.8 rating π₯
A vulnerability in the debug log allows attackers to gain access to user sessions, potentially leading to complete control over a website.
Search at Netlas.io:
π Link: https://nt.ls/syLAy
π Dork: http.body:"plugins/litespeed-cache"
Read more: https://securityonline.info/cve-2024-44000-cvss-9-8-litespeed-cache-flaw-exposes-millions-of-wordpress-sites-to-takeover-attacks/
A vulnerability in the debug log allows attackers to gain access to user sessions, potentially leading to complete control over a website.
Search at Netlas.io:
π Link: https://nt.ls/syLAy
π Dork: http.body:"plugins/litespeed-cache"
Read more: https://securityonline.info/cve-2024-44000-cvss-9-8-litespeed-cache-flaw-exposes-millions-of-wordpress-sites-to-takeover-attacks/
1πΎ4π₯3π1
CVE-2024-37288, -37285: RCE in Kibana, 9.9 rating π₯π₯π₯
By improperly deserializing YAML, attackers can perform RCE. The attack is quite complex, but Elastic still recommends updating.
Search at Netlas.io:
π Link: https://nt.ls/cVF9O
π Dork: http.favicon.hash_sha256:30db4185530d8617e9f08858787a24b219ac5102321b48515baf5da7ac43b590
Read more: https://securityonline.info/critical-kibana-flaws-cve-2024-37288-cve-2024-37285-expose-systems-to-arbitrary-code-execution/
By improperly deserializing YAML, attackers can perform RCE. The attack is quite complex, but Elastic still recommends updating.
Search at Netlas.io:
π Link: https://nt.ls/cVF9O
π Dork: http.favicon.hash_sha256:30db4185530d8617e9f08858787a24b219ac5102321b48515baf5da7ac43b590
Read more: https://securityonline.info/critical-kibana-flaws-cve-2024-37288-cve-2024-37285-expose-systems-to-arbitrary-code-execution/
1π3πΎ3π₯2
CVE-2024-29847 and other: Multiple vulns in Ivanti EPM, 4.3 - 10.0 rating π₯π₯π₯
Numerous vulnerabilities in Ivanti. Includes, but is not limited to, RCE with the highest severity score!
Search at Netlas.io:
π Link: https://nt.ls/pHqay
π Dork: http.headers.set_cookie:("JSESSIONID" "Path" "/mifs")
Vendor's advisory: https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
Numerous vulnerabilities in Ivanti. Includes, but is not limited to, RCE with the highest severity score!
Search at Netlas.io:
π Link: https://nt.ls/pHqay
π Dork: http.headers.set_cookie:("JSESSIONID" "Path" "/mifs")
Vendor's advisory: https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
1π₯3πΎ3
π§ Planned Update π§
The application will be unavailable for a period of timeβοΈ
The update is scheduled to start on September 16, 2024, at 08:00 UTC β°. It is expected to take a couple of hours, and we will do our best to complete it as quickly as possible.
Please remember to save your work before this time.
The application will be unavailable for a period of timeβοΈ
The update is scheduled to start on September 16, 2024, at 08:00 UTC β°. It is expected to take a couple of hours, and we will do our best to complete it as quickly as possible.
Please remember to save your work before this time.
πΎ3π1π1π1
Reminder: The update begins in one hour. Netlas will be temporarily offline. We apologize for any inconvenience caused.
πΎ2
π₯ Netlas Private Scanner is Here! π₯
Now you can perform super fast non-intrusive scan of any attack surface or even single IP address, and analyze up-to-date results π
Other improvements:
π€ Team features (sharing) added to the Discovery and Scanner
π Fixed the Discovery Download bug
π₯ Some minor updates
π Read more: https://docs.netlas.io/easm/scanner/
Now you can perform super fast non-intrusive scan of any attack surface or even single IP address, and analyze up-to-date results π
Other improvements:
π€ Team features (sharing) added to the Discovery and Scanner
π Fixed the Discovery Download bug
π₯ Some minor updates
π Read more: https://docs.netlas.io/easm/scanner/
1πΎ5π₯3β€1
CVE-2024-38816: Path Traversal in Spring Framework, 7.5 ratingβοΈ
An attacker can create a malicious HTTP request and use it to gain access to any file accessible by the Spring application process. However, this is easily blocked using the Spring Firewall, so don't forget to enable it.
Search at Netlas.io:
π Link: https://nt.ls/jT0JO
π Dork: tag.name:"spring"
Vendor's advisory: https://spring.io/security/cve-2024-38816
An attacker can create a malicious HTTP request and use it to gain access to any file accessible by the Spring application process. However, this is easily blocked using the Spring Firewall, so don't forget to enable it.
Search at Netlas.io:
π Link: https://nt.ls/jT0JO
π Dork: tag.name:"spring"
Vendor's advisory: https://spring.io/security/cve-2024-38816
π₯3πΎ3π1
Netlas.io pinned Β«π₯ Netlas Private Scanner is Here! π₯ Now you can perform super fast non-intrusive scan of any attack surface or even single IP address, and analyze up-to-date results π Other improvements: π€ Team features (sharing) added to the Discovery and Scanner π Fixedβ¦Β»
CVE-2024-38812, -38813: Two vulnerabilities in VMware vCenter, 7.5 - 9.8 rating π₯
Heap overflow and privilege escalation vulns on unpatched servers allow attackers to easily perform RCE using a specially crafted network packet.
Search at Netlas.io:
π Link: https://nt.ls/44tRg
π Dork: http.title:"ID_VC_Welcome" OR certificate.issuer.domain_component:"vsphere"
Vendor's advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
Heap overflow and privilege escalation vulns on unpatched servers allow attackers to easily perform RCE using a specially crafted network packet.
Search at Netlas.io:
π Link: https://nt.ls/44tRg
π Dork: http.title:"ID_VC_Welcome" OR certificate.issuer.domain_component:"vsphere"
Vendor's advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
π₯4πΎ3
CVE-2024-46982: Cache Poisoning in Next.js, 8.7 ratingβοΈ
A specially crafted HTTP request can cause the server to cache forbidden data, potentially leading to cache poisoning.
Search at Netlas.io:
π Link: https://nt.ls/LCCSh
π Dork: http.headers.x_powered_by:"Next.js"
Read advisory: https://github.com/advisories/GHSA-gp8f-8m3g-qvj9
A specially crafted HTTP request can cause the server to cache forbidden data, potentially leading to cache poisoning.
Search at Netlas.io:
π Link: https://nt.ls/LCCSh
π Dork: http.headers.x_powered_by:"Next.js"
Read advisory: https://github.com/advisories/GHSA-gp8f-8m3g-qvj9
π₯3πΎ3π1
CVE-2024-8698: Privelege Escalation in Keycloak, 7.7 ratingβοΈ
Improper SAML signature verification allows an attacker to create a document that is only partially signed. Due to the vulnerability, the entire document will be considered signed, which may lead to privelege escalation.
Search at Netlas.io:
π Link: https://nt.ls/LJfRK
π Dork: http.favicon.hash_sha256:47dcf1f1a8f1afd68297a294a263849069a7a62b2e86550241416c2cc56c5676
Read more: https://access.redhat.com/security/cve/CVE-2024-8698
Improper SAML signature verification allows an attacker to create a document that is only partially signed. Due to the vulnerability, the entire document will be considered signed, which may lead to privelege escalation.
Search at Netlas.io:
π Link: https://nt.ls/LJfRK
π Dork: http.favicon.hash_sha256:47dcf1f1a8f1afd68297a294a263849069a7a62b2e86550241416c2cc56c5676
Read more: https://access.redhat.com/security/cve/CVE-2024-8698
πΎ4π3π₯1
CVE-2024-47062: SQL Injection and Auth Bypass in Navidrome Music Server, 9.4 rating π₯
The latest advisory disclosed several vulnerabilities, which in theory allow an attacker to gain access to sensitive data.
Search at Netlas.io:
π Link: https://nt.ls/N9Jj8
π Dork: http.description:"Navidrome Music Server"
Vendor's advisory: https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6
The latest advisory disclosed several vulnerabilities, which in theory allow an attacker to gain access to sensitive data.
Search at Netlas.io:
π Link: https://nt.ls/N9Jj8
π Dork: http.description:"Navidrome Music Server"
Vendor's advisory: https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6
πΎ5π₯4
CVE-2024-42505, -42506, -42507: Multiple vulnerabilities in Aruba, 9.8 rating π₯
Due to improper neutralization of special elements in commands, Aruba entities may be vulnerable to RCE, potentially creating a risk for enterprise networks.
Search at Netlas.io:
π Link: https://nt.ls/m0jnO
π Dork: http.favicon.hash_sha256:dfa04944308ed6c96563ff88cdb767ed5177c76c8a386f7a5803b534e9bff753
Vendor's advisory: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us&docLocale=en_US
Due to improper neutralization of special elements in commands, Aruba entities may be vulnerable to RCE, potentially creating a risk for enterprise networks.
Search at Netlas.io:
π Link: https://nt.ls/m0jnO
π Dork: http.favicon.hash_sha256:dfa04944308ed6c96563ff88cdb767ed5177c76c8a386f7a5803b534e9bff753
Vendor's advisory: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us&docLocale=en_US
π₯5πΎ2
CVE-2024-8353: RCE in WordPress GiveWP Plugin, 10.0 rating π₯π₯π₯
Due to Deserialization of Untrusted Data weakness, an attacker can inject malicious PHP code into the system. If you are using GiveWP, update it to last version as soon as possible.
Search at Netlas.io:
π Link: https://nt.ls/tpSXM
π Dork: http.body:"plugins/give/assets/dist"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/give/givewp-donation-plugin-and-fundraising-platform-3161-unauthenticated-php-object-injection
Due to Deserialization of Untrusted Data weakness, an attacker can inject malicious PHP code into the system. If you are using GiveWP, update it to last version as soon as possible.
Search at Netlas.io:
π Link: https://nt.ls/tpSXM
π Dork: http.body:"plugins/give/assets/dist"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/give/givewp-donation-plugin-and-fundraising-platform-3161-unauthenticated-php-object-injection
π₯5πΎ5
CVE-2024-45519: RCE in Zimbra, critical rating π₯
A bug in the postjournal service allows an attacker to remotely execute commands via email. According to Proofpoint, hackers are already trying to exploit the vulnerability.
Search at Netlas.io:
π Link: https://nt.ls/fea6Z
π Dork: http.favicon.hash_sha256:1afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637
Vendor's advisory: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
A bug in the postjournal service allows an attacker to remotely execute commands via email. According to Proofpoint, hackers are already trying to exploit the vulnerability.
Search at Netlas.io:
π Link: https://nt.ls/fea6Z
π Dork: http.favicon.hash_sha256:1afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637
Vendor's advisory: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
π₯6π4πΎ3
FSCT-2024-0006 and other: Multiple vulnerabilities in DrayTek Vigor Routers, 7.5 - 10.0 rating π₯π₯π₯
Researchers from Vedere Labs discovered problems in 24 router models. RCE, DoS, XSS - vulnerabilities for every taste. We recommend that owners of these devices take action as quickly as possible.
Search at Netlas.io:
π Link: https://nt.ls/PyUd8
π Dork: certificate.issuer.common_name:"Vigor Router"
Read more: https://www.forescout.com/resources/draybreak-draytek-research/
Researchers from Vedere Labs discovered problems in 24 router models. RCE, DoS, XSS - vulnerabilities for every taste. We recommend that owners of these devices take action as quickly as possible.
Search at Netlas.io:
π Link: https://nt.ls/PyUd8
π Dork: certificate.issuer.common_name:"Vigor Router"
Read more: https://www.forescout.com/resources/draybreak-draytek-research/
π₯6πΎ2
π₯ Improved Interaction with Private Scanner π₯
Netlas 0.25.1 Update was published. IP/Domain information is now sourced from private scans if they are more relevant than general results. Check out the example in the picture! πΎ
π Read about other changes: https://docs.netlas.io/changelog/
Netlas 0.25.1 Update was published. IP/Domain information is now sourced from private scans if they are more relevant than general results. Check out the example in the picture! πΎ
π Read about other changes: https://docs.netlas.io/changelog/
π4πΎ4β€2
CVE-2024-31449 and other: Multiple vulnerabilities in Redis, 4.5 - 8.8 ratingβοΈ
Three fresh vulnerabilities allow an attacker to perform RCE due to errors in the Lua scripting engine or DoS via malformed Access Control List selectors.
Search at Netlas.io:
π Link: https://nt.ls/1G7ul
π Dork: protocol:redis
Vendor's advisory: https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5
Three fresh vulnerabilities allow an attacker to perform RCE due to errors in the Lua scripting engine or DoS via malformed Access Control List selectors.
Search at Netlas.io:
π Link: https://nt.ls/1G7ul
π Dork: protocol:redis
Vendor's advisory: https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5
π₯4πΎ2π1