Netlas.io
1.05K subscribers
116 photos
3 videos
173 links
Explore the latest in cybersecurity with Netlas.io. Stay ahead with updates on high-profile vulnerabilities, expert tutorials, essential safety tips, and the latest Netlas developments.
Download Telegram
❗️Cookie consent update❗️

To improve usability and functionality of the site, as well as in connection with new requirements from Google, we are changing the mechanism for obtaining cookie consent.

After the update, consent will be consistent across all of our resources, including the website, app, and help portal.

We would be grateful if you check the box again
Bug Bounty reconnaissance with Netlas.io 🔍

👉🏻 Try it: https://nt.ls/host
CVE-2024-3400: command injection in Palo Alto Networks PAN-OS, 10.0 rating 🔥🔥🔥

A 0-day vulnerability in PAN-OS that allows an unauthenticated attacker to execute arbitrary code on the firewall with root rights. According to Palo Alto Networks, attacks have already been carried out that exploit this vulnerability!

Search at Netlas.io:
👉 Link: https://nt.ls/eprag
👉 Dork: tag.name:"palo_alto"

Vendor's advisory: https://security.paloaltonetworks.com/CVE-2024-3400
🔥 Netlas.io Discord server 🔥

Engage in live chat with our community on Discord!

Here you can quickly get answers to important questions, talk with other users, and read the latest news in a new convenient format.

👉 Follow the link: https://nt.ls/discord
Netlas.io pinned «🔥 Netlas.io Discord server 🔥 Engage in live chat with our community on Discord! Here you can quickly get answers to important questions, talk with other users, and read the latest news in a new convenient format. 👉 Follow the link: https://nt.ls/discord»
CVE-2024-21006: Vulnerability in Oracle WebLogic Server, 7.5 rating

Vulnerability from the report on the new Oracle patch. Allows an unauthenticated attacker to gain unauthorized access to critical activities. According to NVD, exploitation is quite simple.

Search at Netlas.io:
👉 Link: https://nt.ls/RrPD2
👉 Dork: port:7001 AND protocol:t3

Read more: https://nvd.nist.gov/vuln/detail/CVE-2024-21006
Business-focused OSINT with Netlas.io 🔎

Our new article is devoted to researching company resources using Netlas tools.
It shows how to collect contacts, files, explore subnets and much more. Read it quickly!

👉 Read here: https://nt.ls/osint
Good news 🔥

Yesterday we fixed three bugs in subscription system that were discovered during the penetration testing.

Now Netlas has become even safer!

👉🏻 Changelog: https://docs.netlas.io/changelog/
New vulnerability in CrushFTP, "serious" rating 🔥

The vulnerability, which does not yet have a CVE, was discovered in CrushFTP. According to the vendor's report, its use could allow an attacker to leave the VFS and download system files. Moreover, the vulnerability has already been used in real attacks!

Search at Netlas.io:
👉🏻 Link: https://nt.ls/5fGPm
👉🏻 Dork: http.headers.server:"CrushFTP"

Vendor's advisory: https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
CVE-2024-20356: Command Injection in Cisco Integrated Management Controller, 8.7 rating 🔥

The vulnerability allows attacker to inject almost any code, as demonstrated by the example of the launch of Doom (oh yes, now on Cisco)!

Search at Netlas.io:
👉🏻 Link: https://nt.ls/WixwE
👉🏻 Dork: http.title:"Cisco Integrated Management Controller"

Read more: https://labs.nettitude.com/blog/cve-2024-20356-jailbreaking-a-cisco-appliance-to-run-doom/
pfSense-SA-24_04: XSS in pfSense Plus and pfSense CE

A vulnerability was discovered in the jquery-treegrid library that could cause arbitrary JavaScript code to be executed in the user's browser.
According to the vendor's advisory, the library is used for testing only and can be safely disabled.

Search at Netlas.io:
👉 Link: https://nt.ls/E5AZ1
👉 Dork: http.title:"pfSense - Login" OR http.title:"pfSense Plus"

Vendor's advisory: https://docs.netgate.com/downloads/pfSense-SA-24_04.webgui.asc
🚀 Webinar by Our Partners: The Art and Science of C2: Veni, non vidi, non vici?

This May 7th, join our partners as they demonstrate detecting and analyzing C2 servers with Netlas. Expert insights and real-time demonstrations await!

👉 See it live on LinkedIn!
https://www.linkedin.com/events/7191004213999542272/
CVE-2024-26304, -26305, -33511, -33512 and other: Multiple vulnerabilities in ArubaOS, 5.3 - 9.8 rating 🔥🔥🔥

More recently disclosed vulnerabilities allow an unauthenticated attacker to perform RCE via a buffer overflow and cause a denial of service.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/myG4Y
👉🏻 Dork: http.favicon.hash_sha256:dfa04944308ed6c96563ff88cdb767ed5177c76c8a386f7a5803b534e9bff753

Vendor's advisory: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt
CVE-2023-49606: RCE in Tinyproxy 1.10.0, 1.11.1, 9.8 rating 🔥

A use-after-free vulnerability in Tinyproxy allows an attacker to perform RCE via a specially crafted HTTP header.

Search at Netlas.io:
👉 Link: https://nt.ls/vWqHD
👉 Dork: http.headers.server:"tinyproxy/1.11.1" OR http.headers.server:"tinyproxy/1.10.0"

Read more: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889
CVE-2024-26026, -21793: Two injections in F5 Big IP, 7.5 rating❗️

SQL injection and OData injection allow an unauthenticated attacker to conduct a remote attack and gain access to sensitive information.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/ptJHt
👉🏻 Dork: http.headers.server:"BigIP"
You can also use the "f5_bigip" tag to get more results.

Read more: https://www.tenable.com/blog/cve-2024-21793-cve-2024-26026-proof-of-concept-available-for-f5-big-ip-next-central-manager
CVE-2024-29895, -25641, -31445, -31459: Multiple vulns in Cacti, 8.8 - 10.0 rating 🔥🔥🔥

Four new vulnerabilities in Cacti, including SQL injection, RCE, arbitrary file write. So, why are CVEs always so diverse for this product? 🧐

Search at Netlas.io:
👉🏻 Link: https://nt.ls/dxZnI
👉🏻 Dork: http.title:"Login to Cacti" OR http.headers.set_cookie:"Cacti"

Read more: https://thehackernews.com/2024/05/critical-flaws-in-cacti-framework-could.html
🚀 Netlas Python SDK v.0.5 is now available. We've made key updates for enhanced compatibility and improved downolading features.

🔧 To upgrade, run:

pip install --upgrade netlas


📈 Check out the full changelog for more details: https://docs.netlas.io/changelog/
🔥 Netlas 0.24.0 update is here! 🔥

The update brought new information to Netlas' IP/Domain info tool - Reputation Score. Thanks to our collaboration with RST Cloud, information about the Indicators of Compromise of some hosts has become available to users right inside the web application!

Minor features:
🐛 Fixed one favicon search bug,
📑 Update for Datastore API endpoint,
🖥 Some improvements in UI,
and others.

👉🏻 Try it now: https://app.netlas.io/host/
👉🏻 Read more: https://nt.ls/iocs
CVE-2024-4835, -2874 and other: Multiple vulns in GitLab, 4.3 - 8.0 rating❗️

New set of vulnerabilities for GitLab for every taste. Account takeover, CSRF, DoS, and more.

Search at Netlas.io:
👉 Link: https://nt.ls/xmir8
👉 Dork: http.meta:"Gitlab"

Vendor's advisory: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/
Create a company technological profile in one click 🔥

In a new article on our Medium we will tell you how to complete your company research using Netlas.io.
This time we will find the services used, information about providers and much more 🔍

👉🏻 Read now: https://blog.netlas.io/building-tech-profile-of-a-company-f2145dedad31