CVE-2024-44000: Unauthenticated Account Takeover in LiteSpeed Cache plugin for WordPress, 9.8 rating ๐ฅ
A vulnerability in the debug log allows attackers to gain access to user sessions, potentially leading to complete control over a website.
Search at Netlas.io:
๐ Link: https://nt.ls/syLAy
๐ Dork: http.body:"plugins/litespeed-cache"
Read more: https://securityonline.info/cve-2024-44000-cvss-9-8-litespeed-cache-flaw-exposes-millions-of-wordpress-sites-to-takeover-attacks/
A vulnerability in the debug log allows attackers to gain access to user sessions, potentially leading to complete control over a website.
Search at Netlas.io:
๐ Link: https://nt.ls/syLAy
๐ Dork: http.body:"plugins/litespeed-cache"
Read more: https://securityonline.info/cve-2024-44000-cvss-9-8-litespeed-cache-flaw-exposes-millions-of-wordpress-sites-to-takeover-attacks/
1๐พ4๐ฅ3๐1
CVE-2024-37288, -37285: RCE in Kibana, 9.9 rating ๐ฅ๐ฅ๐ฅ
By improperly deserializing YAML, attackers can perform RCE. The attack is quite complex, but Elastic still recommends updating.
Search at Netlas.io:
๐ Link: https://nt.ls/cVF9O
๐ Dork: http.favicon.hash_sha256:30db4185530d8617e9f08858787a24b219ac5102321b48515baf5da7ac43b590
Read more: https://securityonline.info/critical-kibana-flaws-cve-2024-37288-cve-2024-37285-expose-systems-to-arbitrary-code-execution/
By improperly deserializing YAML, attackers can perform RCE. The attack is quite complex, but Elastic still recommends updating.
Search at Netlas.io:
๐ Link: https://nt.ls/cVF9O
๐ Dork: http.favicon.hash_sha256:30db4185530d8617e9f08858787a24b219ac5102321b48515baf5da7ac43b590
Read more: https://securityonline.info/critical-kibana-flaws-cve-2024-37288-cve-2024-37285-expose-systems-to-arbitrary-code-execution/
1๐3๐พ3๐ฅ2
CVE-2024-29847 and other: Multiple vulns in Ivanti EPM, 4.3 - 10.0 rating ๐ฅ๐ฅ๐ฅ
Numerous vulnerabilities in Ivanti. Includes, but is not limited to, RCE with the highest severity score!
Search at Netlas.io:
๐ Link: https://nt.ls/pHqay
๐ Dork: http.headers.set_cookie:("JSESSIONID" "Path" "/mifs")
Vendor's advisory: https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
Numerous vulnerabilities in Ivanti. Includes, but is not limited to, RCE with the highest severity score!
Search at Netlas.io:
๐ Link: https://nt.ls/pHqay
๐ Dork: http.headers.set_cookie:("JSESSIONID" "Path" "/mifs")
Vendor's advisory: https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
1๐ฅ3๐พ3
๐ง Planned Update ๐ง
The application will be unavailable for a period of timeโ๏ธ
The update is scheduled to start on September 16, 2024, at 08:00 UTC โฐ. It is expected to take a couple of hours, and we will do our best to complete it as quickly as possible.
Please remember to save your work before this time.
The application will be unavailable for a period of timeโ๏ธ
The update is scheduled to start on September 16, 2024, at 08:00 UTC โฐ. It is expected to take a couple of hours, and we will do our best to complete it as quickly as possible.
Please remember to save your work before this time.
๐พ3๐ญ1๐1๐1
Reminder: The update begins in one hour. Netlas will be temporarily offline. We apologize for any inconvenience caused.
๐พ2
๐ฅ Netlas Private Scanner is Here! ๐ฅ
Now you can perform super fast non-intrusive scan of any attack surface or even single IP address, and analyze up-to-date results ๐
Other improvements:
๐ค Team features (sharing) added to the Discovery and Scanner
๐ Fixed the Discovery Download bug
๐ฅ Some minor updates
๐ Read more: https://docs.netlas.io/easm/scanner/
Now you can perform super fast non-intrusive scan of any attack surface or even single IP address, and analyze up-to-date results ๐
Other improvements:
๐ค Team features (sharing) added to the Discovery and Scanner
๐ Fixed the Discovery Download bug
๐ฅ Some minor updates
๐ Read more: https://docs.netlas.io/easm/scanner/
1๐พ5๐ฅ3โค1
CVE-2024-38816: Path Traversal in Spring Framework, 7.5 ratingโ๏ธ
An attacker can create a malicious HTTP request and use it to gain access to any file accessible by the Spring application process. However, this is easily blocked using the Spring Firewall, so don't forget to enable it.
Search at Netlas.io:
๐ Link: https://nt.ls/jT0JO
๐ Dork: tag.name:"spring"
Vendor's advisory: https://spring.io/security/cve-2024-38816
An attacker can create a malicious HTTP request and use it to gain access to any file accessible by the Spring application process. However, this is easily blocked using the Spring Firewall, so don't forget to enable it.
Search at Netlas.io:
๐ Link: https://nt.ls/jT0JO
๐ Dork: tag.name:"spring"
Vendor's advisory: https://spring.io/security/cve-2024-38816
๐ฅ3๐พ3๐1
Netlas.io pinned ยซ๐ฅ Netlas Private Scanner is Here! ๐ฅ Now you can perform super fast non-intrusive scan of any attack surface or even single IP address, and analyze up-to-date results ๐ Other improvements: ๐ค Team features (sharing) added to the Discovery and Scanner ๐ Fixedโฆยป
CVE-2024-38812, -38813: Two vulnerabilities in VMware vCenter, 7.5 - 9.8 rating ๐ฅ
Heap overflow and privilege escalation vulns on unpatched servers allow attackers to easily perform RCE using a specially crafted network packet.
Search at Netlas.io:
๐ Link: https://nt.ls/44tRg
๐ Dork: http.title:"ID_VC_Welcome" OR certificate.issuer.domain_component:"vsphere"
Vendor's advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
Heap overflow and privilege escalation vulns on unpatched servers allow attackers to easily perform RCE using a specially crafted network packet.
Search at Netlas.io:
๐ Link: https://nt.ls/44tRg
๐ Dork: http.title:"ID_VC_Welcome" OR certificate.issuer.domain_component:"vsphere"
Vendor's advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
๐ฅ4๐พ3
CVE-2024-46982: Cache Poisoning in Next.js, 8.7 ratingโ๏ธ
A specially crafted HTTP request can cause the server to cache forbidden data, potentially leading to cache poisoning.
Search at Netlas.io:
๐ Link: https://nt.ls/LCCSh
๐ Dork: http.headers.x_powered_by:"Next.js"
Read advisory: https://github.com/advisories/GHSA-gp8f-8m3g-qvj9
A specially crafted HTTP request can cause the server to cache forbidden data, potentially leading to cache poisoning.
Search at Netlas.io:
๐ Link: https://nt.ls/LCCSh
๐ Dork: http.headers.x_powered_by:"Next.js"
Read advisory: https://github.com/advisories/GHSA-gp8f-8m3g-qvj9
๐ฅ3๐พ3๐1
CVE-2024-8698: Privelege Escalation in Keycloak, 7.7 ratingโ๏ธ
Improper SAML signature verification allows an attacker to create a document that is only partially signed. Due to the vulnerability, the entire document will be considered signed, which may lead to privelege escalation.
Search at Netlas.io:
๐ Link: https://nt.ls/LJfRK
๐ Dork: http.favicon.hash_sha256:47dcf1f1a8f1afd68297a294a263849069a7a62b2e86550241416c2cc56c5676
Read more: https://access.redhat.com/security/cve/CVE-2024-8698
Improper SAML signature verification allows an attacker to create a document that is only partially signed. Due to the vulnerability, the entire document will be considered signed, which may lead to privelege escalation.
Search at Netlas.io:
๐ Link: https://nt.ls/LJfRK
๐ Dork: http.favicon.hash_sha256:47dcf1f1a8f1afd68297a294a263849069a7a62b2e86550241416c2cc56c5676
Read more: https://access.redhat.com/security/cve/CVE-2024-8698
๐พ4๐3๐ฅ1
CVE-2024-47062: SQL Injection and Auth Bypass in Navidrome Music Server, 9.4 rating ๐ฅ
The latest advisory disclosed several vulnerabilities, which in theory allow an attacker to gain access to sensitive data.
Search at Netlas.io:
๐ Link: https://nt.ls/N9Jj8
๐ Dork: http.description:"Navidrome Music Server"
Vendor's advisory: https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6
The latest advisory disclosed several vulnerabilities, which in theory allow an attacker to gain access to sensitive data.
Search at Netlas.io:
๐ Link: https://nt.ls/N9Jj8
๐ Dork: http.description:"Navidrome Music Server"
Vendor's advisory: https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6
๐พ5๐ฅ4
CVE-2024-42505, -42506, -42507: Multiple vulnerabilities in Aruba, 9.8 rating ๐ฅ
Due to improper neutralization of special elements in commands, Aruba entities may be vulnerable to RCE, potentially creating a risk for enterprise networks.
Search at Netlas.io:
๐ Link: https://nt.ls/m0jnO
๐ Dork: http.favicon.hash_sha256:dfa04944308ed6c96563ff88cdb767ed5177c76c8a386f7a5803b534e9bff753
Vendor's advisory: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us&docLocale=en_US
Due to improper neutralization of special elements in commands, Aruba entities may be vulnerable to RCE, potentially creating a risk for enterprise networks.
Search at Netlas.io:
๐ Link: https://nt.ls/m0jnO
๐ Dork: http.favicon.hash_sha256:dfa04944308ed6c96563ff88cdb767ed5177c76c8a386f7a5803b534e9bff753
Vendor's advisory: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us&docLocale=en_US
๐ฅ5๐พ2
CVE-2024-8353: RCE in WordPress GiveWP Plugin, 10.0 rating ๐ฅ๐ฅ๐ฅ
Due to Deserialization of Untrusted Data weakness, an attacker can inject malicious PHP code into the system. If you are using GiveWP, update it to last version as soon as possible.
Search at Netlas.io:
๐ Link: https://nt.ls/tpSXM
๐ Dork: http.body:"plugins/give/assets/dist"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/give/givewp-donation-plugin-and-fundraising-platform-3161-unauthenticated-php-object-injection
Due to Deserialization of Untrusted Data weakness, an attacker can inject malicious PHP code into the system. If you are using GiveWP, update it to last version as soon as possible.
Search at Netlas.io:
๐ Link: https://nt.ls/tpSXM
๐ Dork: http.body:"plugins/give/assets/dist"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/give/givewp-donation-plugin-and-fundraising-platform-3161-unauthenticated-php-object-injection
๐ฅ5๐พ5
CVE-2024-45519: RCE in Zimbra, critical rating ๐ฅ
A bug in the postjournal service allows an attacker to remotely execute commands via email. According to Proofpoint, hackers are already trying to exploit the vulnerability.
Search at Netlas.io:
๐ Link: https://nt.ls/fea6Z
๐ Dork: http.favicon.hash_sha256:1afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637
Vendor's advisory: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
A bug in the postjournal service allows an attacker to remotely execute commands via email. According to Proofpoint, hackers are already trying to exploit the vulnerability.
Search at Netlas.io:
๐ Link: https://nt.ls/fea6Z
๐ Dork: http.favicon.hash_sha256:1afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637
Vendor's advisory: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
๐ฅ6๐4๐พ3
FSCT-2024-0006 and other: Multiple vulnerabilities in DrayTek Vigor Routers, 7.5 - 10.0 rating ๐ฅ๐ฅ๐ฅ
Researchers from Vedere Labs discovered problems in 24 router models. RCE, DoS, XSS - vulnerabilities for every taste. We recommend that owners of these devices take action as quickly as possible.
Search at Netlas.io:
๐ Link: https://nt.ls/PyUd8
๐ Dork: certificate.issuer.common_name:"Vigor Router"
Read more: https://www.forescout.com/resources/draybreak-draytek-research/
Researchers from Vedere Labs discovered problems in 24 router models. RCE, DoS, XSS - vulnerabilities for every taste. We recommend that owners of these devices take action as quickly as possible.
Search at Netlas.io:
๐ Link: https://nt.ls/PyUd8
๐ Dork: certificate.issuer.common_name:"Vigor Router"
Read more: https://www.forescout.com/resources/draybreak-draytek-research/
๐ฅ6๐พ2
๐ฅ Improved Interaction with Private Scanner ๐ฅ
Netlas 0.25.1 Update was published. IP/Domain information is now sourced from private scans if they are more relevant than general results. Check out the example in the picture! ๐พ
๐ Read about other changes: https://docs.netlas.io/changelog/
Netlas 0.25.1 Update was published. IP/Domain information is now sourced from private scans if they are more relevant than general results. Check out the example in the picture! ๐พ
๐ Read about other changes: https://docs.netlas.io/changelog/
๐4๐พ4โค2
CVE-2024-31449 and other: Multiple vulnerabilities in Redis, 4.5 - 8.8 ratingโ๏ธ
Three fresh vulnerabilities allow an attacker to perform RCE due to errors in the Lua scripting engine or DoS via malformed Access Control List selectors.
Search at Netlas.io:
๐ Link: https://nt.ls/1G7ul
๐ Dork: protocol:redis
Vendor's advisory: https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5
Three fresh vulnerabilities allow an attacker to perform RCE due to errors in the Lua scripting engine or DoS via malformed Access Control List selectors.
Search at Netlas.io:
๐ Link: https://nt.ls/1G7ul
๐ Dork: protocol:redis
Vendor's advisory: https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5
๐ฅ4๐พ2๐1
CVE-2024-43363 and other: Multiple vulnerabilities in Cacti, 5.7 - 7.3 ratingโ๏ธ
Four vulnerabilities in the open-source network monitoring tool Cacti: RCE and three XSS.
Search at Netlas.io:
๐ Link: https://nt.ls/uaQYU
๐ Dork: http.title:"Login to Cacti" OR http.headers.set_cookie:"Cacti"
Vendor's advisory: https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4
Four vulnerabilities in the open-source network monitoring tool Cacti: RCE and three XSS.
Search at Netlas.io:
๐ Link: https://nt.ls/uaQYU
๐ Dork: http.title:"Login to Cacti" OR http.headers.set_cookie:"Cacti"
Vendor's advisory: https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4
๐ฅ3๐พ3๐2
CVE-2024-43582: RCE in RDP Servers, 8.1 ratingโ๏ธ
A use after free vulnerability in some RDP servers could allow an attacker to carry out remote code execution. The patch is already available.
Search at Netlas.io:
๐ Link: https://nt.ls/Jyn4r
๐ Dork: protocol:rdp
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43582
A use after free vulnerability in some RDP servers could allow an attacker to carry out remote code execution. The patch is already available.
Search at Netlas.io:
๐ Link: https://nt.ls/Jyn4r
๐ Dork: protocol:rdp
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43582
๐ฅ7๐พ3
CVE-2024-9164 and other: Multiple vulnerabilitites in Gitlab, 3.7 - 9.6 rating ๐ฅ
Many vulnerabilities have been fixed in Gitlab again! The most critical one this time allows an attacker to run pipelines on arbitrary branches, while the others include XSS, SSRF attacks, etc.
Search at Netlas.io:
๐ Link: https://nt.ls/gqVLn
๐ Dork: host:gitlab.* OR http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef
Vendor's advisory: https://about.gitlab.com/releases/2024/10/09/patch-release-gitlab-17-4-2-released/
Many vulnerabilities have been fixed in Gitlab again! The most critical one this time allows an attacker to run pipelines on arbitrary branches, while the others include XSS, SSRF attacks, etc.
Search at Netlas.io:
๐ Link: https://nt.ls/gqVLn
๐ Dork: host:gitlab.* OR http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef
Vendor's advisory: https://about.gitlab.com/releases/2024/10/09/patch-release-gitlab-17-4-2-released/
๐พ4๐ฅ3๐1