CVE-2024-38816: Path Traversal in Spring Framework, 7.5 ratingโ๏ธ
An attacker can create a malicious HTTP request and use it to gain access to any file accessible by the Spring application process. However, this is easily blocked using the Spring Firewall, so don't forget to enable it.
Search at Netlas.io:
๐ Link: https://nt.ls/jT0JO
๐ Dork: tag.name:"spring"
Vendor's advisory: https://spring.io/security/cve-2024-38816
An attacker can create a malicious HTTP request and use it to gain access to any file accessible by the Spring application process. However, this is easily blocked using the Spring Firewall, so don't forget to enable it.
Search at Netlas.io:
๐ Link: https://nt.ls/jT0JO
๐ Dork: tag.name:"spring"
Vendor's advisory: https://spring.io/security/cve-2024-38816
๐ฅ3๐พ3๐1
Netlas.io pinned ยซ๐ฅ Netlas Private Scanner is Here! ๐ฅ Now you can perform super fast non-intrusive scan of any attack surface or even single IP address, and analyze up-to-date results ๐ Other improvements: ๐ค Team features (sharing) added to the Discovery and Scanner ๐ Fixedโฆยป
CVE-2024-38812, -38813: Two vulnerabilities in VMware vCenter, 7.5 - 9.8 rating ๐ฅ
Heap overflow and privilege escalation vulns on unpatched servers allow attackers to easily perform RCE using a specially crafted network packet.
Search at Netlas.io:
๐ Link: https://nt.ls/44tRg
๐ Dork: http.title:"ID_VC_Welcome" OR certificate.issuer.domain_component:"vsphere"
Vendor's advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
Heap overflow and privilege escalation vulns on unpatched servers allow attackers to easily perform RCE using a specially crafted network packet.
Search at Netlas.io:
๐ Link: https://nt.ls/44tRg
๐ Dork: http.title:"ID_VC_Welcome" OR certificate.issuer.domain_component:"vsphere"
Vendor's advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
๐ฅ4๐พ3
CVE-2024-46982: Cache Poisoning in Next.js, 8.7 ratingโ๏ธ
A specially crafted HTTP request can cause the server to cache forbidden data, potentially leading to cache poisoning.
Search at Netlas.io:
๐ Link: https://nt.ls/LCCSh
๐ Dork: http.headers.x_powered_by:"Next.js"
Read advisory: https://github.com/advisories/GHSA-gp8f-8m3g-qvj9
A specially crafted HTTP request can cause the server to cache forbidden data, potentially leading to cache poisoning.
Search at Netlas.io:
๐ Link: https://nt.ls/LCCSh
๐ Dork: http.headers.x_powered_by:"Next.js"
Read advisory: https://github.com/advisories/GHSA-gp8f-8m3g-qvj9
๐ฅ3๐พ3๐1
CVE-2024-8698: Privelege Escalation in Keycloak, 7.7 ratingโ๏ธ
Improper SAML signature verification allows an attacker to create a document that is only partially signed. Due to the vulnerability, the entire document will be considered signed, which may lead to privelege escalation.
Search at Netlas.io:
๐ Link: https://nt.ls/LJfRK
๐ Dork: http.favicon.hash_sha256:47dcf1f1a8f1afd68297a294a263849069a7a62b2e86550241416c2cc56c5676
Read more: https://access.redhat.com/security/cve/CVE-2024-8698
Improper SAML signature verification allows an attacker to create a document that is only partially signed. Due to the vulnerability, the entire document will be considered signed, which may lead to privelege escalation.
Search at Netlas.io:
๐ Link: https://nt.ls/LJfRK
๐ Dork: http.favicon.hash_sha256:47dcf1f1a8f1afd68297a294a263849069a7a62b2e86550241416c2cc56c5676
Read more: https://access.redhat.com/security/cve/CVE-2024-8698
๐พ4๐3๐ฅ1
CVE-2024-47062: SQL Injection and Auth Bypass in Navidrome Music Server, 9.4 rating ๐ฅ
The latest advisory disclosed several vulnerabilities, which in theory allow an attacker to gain access to sensitive data.
Search at Netlas.io:
๐ Link: https://nt.ls/N9Jj8
๐ Dork: http.description:"Navidrome Music Server"
Vendor's advisory: https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6
The latest advisory disclosed several vulnerabilities, which in theory allow an attacker to gain access to sensitive data.
Search at Netlas.io:
๐ Link: https://nt.ls/N9Jj8
๐ Dork: http.description:"Navidrome Music Server"
Vendor's advisory: https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6
๐พ5๐ฅ4
CVE-2024-42505, -42506, -42507: Multiple vulnerabilities in Aruba, 9.8 rating ๐ฅ
Due to improper neutralization of special elements in commands, Aruba entities may be vulnerable to RCE, potentially creating a risk for enterprise networks.
Search at Netlas.io:
๐ Link: https://nt.ls/m0jnO
๐ Dork: http.favicon.hash_sha256:dfa04944308ed6c96563ff88cdb767ed5177c76c8a386f7a5803b534e9bff753
Vendor's advisory: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us&docLocale=en_US
Due to improper neutralization of special elements in commands, Aruba entities may be vulnerable to RCE, potentially creating a risk for enterprise networks.
Search at Netlas.io:
๐ Link: https://nt.ls/m0jnO
๐ Dork: http.favicon.hash_sha256:dfa04944308ed6c96563ff88cdb767ed5177c76c8a386f7a5803b534e9bff753
Vendor's advisory: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us&docLocale=en_US
๐ฅ5๐พ2
CVE-2024-8353: RCE in WordPress GiveWP Plugin, 10.0 rating ๐ฅ๐ฅ๐ฅ
Due to Deserialization of Untrusted Data weakness, an attacker can inject malicious PHP code into the system. If you are using GiveWP, update it to last version as soon as possible.
Search at Netlas.io:
๐ Link: https://nt.ls/tpSXM
๐ Dork: http.body:"plugins/give/assets/dist"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/give/givewp-donation-plugin-and-fundraising-platform-3161-unauthenticated-php-object-injection
Due to Deserialization of Untrusted Data weakness, an attacker can inject malicious PHP code into the system. If you are using GiveWP, update it to last version as soon as possible.
Search at Netlas.io:
๐ Link: https://nt.ls/tpSXM
๐ Dork: http.body:"plugins/give/assets/dist"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/give/givewp-donation-plugin-and-fundraising-platform-3161-unauthenticated-php-object-injection
๐ฅ5๐พ5
CVE-2024-45519: RCE in Zimbra, critical rating ๐ฅ
A bug in the postjournal service allows an attacker to remotely execute commands via email. According to Proofpoint, hackers are already trying to exploit the vulnerability.
Search at Netlas.io:
๐ Link: https://nt.ls/fea6Z
๐ Dork: http.favicon.hash_sha256:1afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637
Vendor's advisory: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
A bug in the postjournal service allows an attacker to remotely execute commands via email. According to Proofpoint, hackers are already trying to exploit the vulnerability.
Search at Netlas.io:
๐ Link: https://nt.ls/fea6Z
๐ Dork: http.favicon.hash_sha256:1afd891aacc433e75265e3ddc9cb4fc63b88259977811384426c535037711637
Vendor's advisory: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
๐ฅ6๐4๐พ3
FSCT-2024-0006 and other: Multiple vulnerabilities in DrayTek Vigor Routers, 7.5 - 10.0 rating ๐ฅ๐ฅ๐ฅ
Researchers from Vedere Labs discovered problems in 24 router models. RCE, DoS, XSS - vulnerabilities for every taste. We recommend that owners of these devices take action as quickly as possible.
Search at Netlas.io:
๐ Link: https://nt.ls/PyUd8
๐ Dork: certificate.issuer.common_name:"Vigor Router"
Read more: https://www.forescout.com/resources/draybreak-draytek-research/
Researchers from Vedere Labs discovered problems in 24 router models. RCE, DoS, XSS - vulnerabilities for every taste. We recommend that owners of these devices take action as quickly as possible.
Search at Netlas.io:
๐ Link: https://nt.ls/PyUd8
๐ Dork: certificate.issuer.common_name:"Vigor Router"
Read more: https://www.forescout.com/resources/draybreak-draytek-research/
๐ฅ6๐พ2
๐ฅ Improved Interaction with Private Scanner ๐ฅ
Netlas 0.25.1 Update was published. IP/Domain information is now sourced from private scans if they are more relevant than general results. Check out the example in the picture! ๐พ
๐ Read about other changes: https://docs.netlas.io/changelog/
Netlas 0.25.1 Update was published. IP/Domain information is now sourced from private scans if they are more relevant than general results. Check out the example in the picture! ๐พ
๐ Read about other changes: https://docs.netlas.io/changelog/
๐4๐พ4โค2
CVE-2024-31449 and other: Multiple vulnerabilities in Redis, 4.5 - 8.8 ratingโ๏ธ
Three fresh vulnerabilities allow an attacker to perform RCE due to errors in the Lua scripting engine or DoS via malformed Access Control List selectors.
Search at Netlas.io:
๐ Link: https://nt.ls/1G7ul
๐ Dork: protocol:redis
Vendor's advisory: https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5
Three fresh vulnerabilities allow an attacker to perform RCE due to errors in the Lua scripting engine or DoS via malformed Access Control List selectors.
Search at Netlas.io:
๐ Link: https://nt.ls/1G7ul
๐ Dork: protocol:redis
Vendor's advisory: https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5
๐ฅ4๐พ2๐1
CVE-2024-43363 and other: Multiple vulnerabilities in Cacti, 5.7 - 7.3 ratingโ๏ธ
Four vulnerabilities in the open-source network monitoring tool Cacti: RCE and three XSS.
Search at Netlas.io:
๐ Link: https://nt.ls/uaQYU
๐ Dork: http.title:"Login to Cacti" OR http.headers.set_cookie:"Cacti"
Vendor's advisory: https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4
Four vulnerabilities in the open-source network monitoring tool Cacti: RCE and three XSS.
Search at Netlas.io:
๐ Link: https://nt.ls/uaQYU
๐ Dork: http.title:"Login to Cacti" OR http.headers.set_cookie:"Cacti"
Vendor's advisory: https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4
๐ฅ3๐พ3๐2
CVE-2024-43582: RCE in RDP Servers, 8.1 ratingโ๏ธ
A use after free vulnerability in some RDP servers could allow an attacker to carry out remote code execution. The patch is already available.
Search at Netlas.io:
๐ Link: https://nt.ls/Jyn4r
๐ Dork: protocol:rdp
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43582
A use after free vulnerability in some RDP servers could allow an attacker to carry out remote code execution. The patch is already available.
Search at Netlas.io:
๐ Link: https://nt.ls/Jyn4r
๐ Dork: protocol:rdp
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43582
๐ฅ7๐พ3
CVE-2024-9164 and other: Multiple vulnerabilitites in Gitlab, 3.7 - 9.6 rating ๐ฅ
Many vulnerabilities have been fixed in Gitlab again! The most critical one this time allows an attacker to run pipelines on arbitrary branches, while the others include XSS, SSRF attacks, etc.
Search at Netlas.io:
๐ Link: https://nt.ls/gqVLn
๐ Dork: host:gitlab.* OR http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef
Vendor's advisory: https://about.gitlab.com/releases/2024/10/09/patch-release-gitlab-17-4-2-released/
Many vulnerabilities have been fixed in Gitlab again! The most critical one this time allows an attacker to run pipelines on arbitrary branches, while the others include XSS, SSRF attacks, etc.
Search at Netlas.io:
๐ Link: https://nt.ls/gqVLn
๐ Dork: host:gitlab.* OR http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef
Vendor's advisory: https://about.gitlab.com/releases/2024/10/09/patch-release-gitlab-17-4-2-released/
๐พ4๐ฅ3๐1
CVE-2024-3656: Exposure of Sensitive Information in Keycloak, 8.1 rating ๐ฅ
A vulnerability in Keycloak's REST API could allow an attacker to execute commands and gain access to sensitive information.
Search at Netlas.io:
๐ Link: https://nt.ls/pcxk7
๐ Dork: http.favicon.hash_sha256:47dcf1f1a8f1afd68297a294a263849069a7a62b2e86550241416c2cc56c5676
Read more: https://access.redhat.com/security/cve/CVE-2024-3656
A vulnerability in Keycloak's REST API could allow an attacker to execute commands and gain access to sensitive information.
Search at Netlas.io:
๐ Link: https://nt.ls/pcxk7
๐ Dork: http.favicon.hash_sha256:47dcf1f1a8f1afd68297a294a263849069a7a62b2e86550241416c2cc56c5676
Read more: https://access.redhat.com/security/cve/CVE-2024-3656
๐2๐ฅ2๐พ2
Google Dorking in Cybersecurity: Examples and Automation ๐ฅ
Discover the most useful dorks, principles for constructing queries, examples, and even a script for automating reconnaissance within a given scope. Mastering Google Dorks has never been easier ๐
๐ Read now: https://netlas.io/blog/google_dorking_in_cybersecurity
Discover the most useful dorks, principles for constructing queries, examples, and even a script for automating reconnaissance within a given scope. Mastering Google Dorks has never been easier ๐
๐ Read now: https://netlas.io/blog/google_dorking_in_cybersecurity
netlas.io
Google Dorking in Cybersecurity - Netlas Blog
Explore Google dorking techniques to boost your OSINT and penetration testing. Learn automation tricks, best practices, and top analogues.
1๐ฅ3๐พ3โค1๐1
CVE-2024-49193: Email Spoofing in Zendesk ๐ฅ
Knowing the support email and ticket id, an attacker can view the entire history of the ticket, thus gaining access to sensitive data.
Search at Netlas.io:
๐ Link: https://nt.ls/dWuES
๐ Dork: http.unknown_headers.key:"x_zendesk_processed_host_header" OR http.unknown_headers.key:"x_zendesk_origin_server"
Read more: https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52
Knowing the support email and ticket id, an attacker can view the entire history of the ticket, thus gaining access to sensitive data.
Search at Netlas.io:
๐ Link: https://nt.ls/dWuES
๐ Dork: http.unknown_headers.key:"x_zendesk_processed_host_header" OR http.unknown_headers.key:"x_zendesk_origin_server"
Read more: https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52
๐พ3๐2๐ฅ2๐ค1
Critical vulnerability in Jetpack WordPress Plugin ๐ฅ
The vulnerability, fixed in the latest update, allowed registered users to read the forms of other site visitors, theoretically allowing access to sensitive information.
Search at Netlas.io:
๐ Link: https://nt.ls/hJKpB
๐ Dork: http.body:"plugins/jetpack"
Security bulletin: https://jetpack.com/blog/jetpack-13-9-1-critical-security-update/
The vulnerability, fixed in the latest update, allowed registered users to read the forms of other site visitors, theoretically allowing access to sensitive information.
Search at Netlas.io:
๐ Link: https://nt.ls/hJKpB
๐ Dork: http.body:"plugins/jetpack"
Security bulletin: https://jetpack.com/blog/jetpack-13-9-1-critical-security-update/
๐ฅ3๐พ3
CVE-2024-9634: RCE in GiveWP WordPress Plugin, 9.8 rating ๐ฅ
Another one critical vulnerability in GiveWP. This time, attackers can inject PHP code using one parameter.
Search at Netlas.io:
๐ Link: https://nt.ls/9tUYx
๐ Dork: http.body:"plugins/give/assets/dist"
Read more: https://github.com/advisories/GHSA-6fx6-wrpf-cpgv
Another one critical vulnerability in GiveWP. This time, attackers can inject PHP code using one parameter.
Search at Netlas.io:
๐ Link: https://nt.ls/9tUYx
๐ Dork: http.body:"plugins/give/assets/dist"
Read more: https://github.com/advisories/GHSA-6fx6-wrpf-cpgv
๐ฅ4๐พ3
CVE-2024-45216: Improper Authentication in Apache Solr, 9.8 rating ๐ฅ
Fake ending in Solr API URLs allows attackers to bypass authentication, which can lead to sensitive data leakage.
Search at Netlas.io:
๐ Link: https://nt.ls/x1SZG
๐ Dork: tag.name:"apache_solr"
Vendor's advisory: https://solr.apache.org/security.html#cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending
Fake ending in Solr API URLs allows attackers to bypass authentication, which can lead to sensitive data leakage.
Search at Netlas.io:
๐ Link: https://nt.ls/x1SZG
๐ Dork: tag.name:"apache_solr"
Vendor's advisory: https://solr.apache.org/security.html#cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending
๐ฅ4๐พ2