CVE-2023-36434: Elevation of Privilege in Windows IIS Server, 9.8 rating 🔥

In a network-based attack, an attacker could brute force user account passwords to log in as that user. So, faster get fresh Windows update!

Search at Netlas.io:
👉🏻 Link: https://nt.ls/5rvmi
👉🏻 Dork: http.headers.server:"Microsoft-IIS"

Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36434

Meet Netlas Cookbook!
A thousand and one ways to use Netlas in your code

Today we launch Netlas Cookbook, a guide that will help our users to build automations. No matter how deep your programming skills are or what programming language do you preffer. We'll try our best to give you a clear and simple recipe for the automation you need.

Netlas Cookbook includes:
- Search query syntax and examples
- Search tips and tricks
- Use-cases and usage scenarios
- Code examples
- Tools for working with Netlas API

You will find out how to write automations using Python, Bash, NodeJS, Ruby, Go, AI tools. We will talk about using Netlas for bug bounty jobs, penetration testing, OSINT and other tasks.

⭐️ Give us a star if you want to show your appreciation for our work.
👁️ Subscribe to the repo to get notified on updates.

👉🏼 https://github.com/netlas-io/netlas-cookbook

Do you have any automation related questions? Perhaps you've already developed an awsome script and want to share it? Write us in the comments.

Many thanks to Cyber Detective for help: https://t.me/cybdetective

A small cheat sheet with Netlas queries useful for OSINT investigations.

Try it here: https://nt.ls/shP9f

#cheatsheet #cybersecurity #osint

CVE-2023-20198: Privilege Escalation in Cisco IOS XE Web UI, 10.0 rating 🔥🔥🔥

The vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/7dU0x
👉🏻 Dork: certificate.issuer_dn:"IOS-Self-Signed-Certificate" AND http.body:"webui"

Vendor's advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z

Have you ever gotten confused about the fields from the Netlas API response❓

This won't happen anymore, because the new cheat sheet presents the most popular fields! 🔥

👉 Try Netlas.io: https://nt.ls/shP9f

New article on our Medium! 🔥

This time we will tell you how to activate and use the Netlas.io module integrated into Subfinder by ProjectDiscovery.

👉 Link: https://netlas.medium.com/using-subfinder-with-netlas-io-module-9e7fa4e630dd

New cheat sheet 👍

Which of these packages do you mostly use?

New article on our blog! 🔥

Today you will learn how to recognize phishing sites and explore Shadow IT using Netlas.

👉🏻 Link: https://netlas.medium.com/how-to-detect-scam-and-shadow-it-domains-with-netlas-io-f72085e6f18b
👉🏻 Also read about phishing in our CookBook: https://nt.ls/cook

Good reading!

We continue to publish small cheat sheets for using Netlas 📄

Have you ever tried to use our search engine for entertainment? 🙃

👉🏻 Try now with example: https://nt.ls/RCpox

CVE-2023-4967: Sensitive information disclosure in Citrix NetScaler ADC/Gateway, 9.4 rating❗️

The vulnerability emerges from the return value of the snprintf function, which can lead to a buffer over-read if exploited. By this, the session token can be intercepted. Also, PoC is available now.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/5g7Md
👉🏻 Dork: http.title:"Netscaler Gateway" OR http.headers.x_powered_by:"Citrix ADC (formerly NetScaler)"

Read about PoC: https://www.bleepingcomputer.com/news/security/citrix-bleed-exploit-lets-hackers-hijack-netscaler-accounts/
Vendor's advisory: https://support.citrix.com/article/CTX579459

CVE-2023-46747: Auth Bypass in F5 BIG-IP, 9.8 rating 🔥

An attacker using undisclosed requests can bypass authentication and gain access to execute arbitrary commands on the victim system.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/OcYHT
👉🏻 Dork: http.headers.server:"BigIP"
You can also use the "f5_bigip" tag to get more results.

Vendor's advisory: https://my.f5.com/manage/s/article/K000137353

New cheatsheet 📄

Today we have prepared for you useful search filters that will greatly facilitate the creation of queries for Netlas.io 🔍

Do you remember that Netlas can be used as an extension for Google Chrome?

Well, from today our plugin is also available for the Mozilla Firefox browser! 🦊

Now it's users can explore the site they are on at any time with a couple of clicks. Find out potential vulnerabilities, host data, and much more.

👉🏻 Read more (updated): https://netlas.medium.com/netlas-io-chrome-extension-65a8e3d03bc0
👉🏻 Add-on: https://addons.mozilla.org/en-GB/firefox/addon/netlas-io/

CVE-2023-22518: Improper Authorization in Atlassian Confluence Data&Server, 9.1 rating 🔥

Not a very fresh vulnerability, but the recently released PoC makes it worthy of attention.

Search at Netlas.io:
👉🏻 Link (tag, more results): https://nt.ls/MwYfk
👉🏻 Link (no tag, less results): https://nt.ls/nysj9

👉🏻 Dork №1: tag.name:"atlassian_confluence"
👉🏻 Dork №2: http.meta:"confluence-base-url"

Vendor's advisory: https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.html
More about PoC: https://github.com/sanjai-AK47/CVE-2023-22518

ZDI-23-1578, 1579, 1580, 1581: 0-day vulnerabilities in Microsoft Exchange, 7.1-7.5 rating ❗️

These vulns require authorization to operate, which greatly reduces their threat, but ZDI researchers still recommend limiting access to Exchange servers.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/t8cJK
👉🏻 Dork: tag.name:"microsoft_exchange"

Read more: https://www.zerodayinitiative.com/advisories/ZDI-23-1578/

CVE-2023-46849, -46850: DoS and use-after-free in OpenVPN Access Server ❗️

If the --fragment parameter is present in the target device's configuration, an attacker can crash the software by dividing by zero and also gain access to sensitive information.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/GpBD3
👉🏻 Dork: http.headers.server:"OpenVPN-AS"

Vendor's advisory: https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/

New article on our blog. And this time with the fresh script 🔥

Today we will tell how you can use Netlas to search for potentially vulnerable objects in your attack surface. Do not miss the Github link at the end of the article!

👉🏻 Link: https://netlas.medium.com/how-to-find-probably-vulnerable-objects-in-your-own-surface-with-netlas-io-7f3448363892

CVE-2023-49103: Exposure of Sensitive Information in ownCloud, 10.0 rating 🔥🔥🔥

Due to the owncloud/graphapi component, important configuration facts such as license keys, admin credentials may be exposed.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/Igs48
👉🏻 Dork: http.title:"ownCloud"

Vendor's advisory: https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments/

CVE-2023-48121: Auth Bypass in Hikvision, 8.2 rating ❗️

Some Hikvision products have been affected by an authentication bypass vulnerability in the Hik-Connect Module, which could allow remote attackers to consume services by sending crafted messages to the affected devices.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/hbCPs
👉🏻 Dork: http.favicon.hash_sha256:7d249b2fca8ab8d5ab373444732b8bc9104ab597976640f3441ddfd70148b527

Vendor's advisory: https://www.hikvision.com/hk/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-products/

CVE-2023-34060: Authentication Bypass in VMware Cloud Director Appliance, 9.8 rating 🔥

Devices running version 10.5 and using authentication on ports 22 or 5480 may be vulnerable. The recommended protection method is to update to version 10.5.1.

Search at Netlas.io:
👉🏻 Link: https://nt.ls/H5pYN
👉🏻 Dork: http.title:"Cloud Director"

Vendor's advisory: https://www.vmware.com/security/advisories/VMSA-2023-0026.html