π₯ Netlas.io Discord server π₯
Engage in live chat with our community on Discord!
Here you can quickly get answers to important questions, talk with other users, and read the latest news in a new convenient format.
π Follow the link: https://nt.ls/discord
Engage in live chat with our community on Discord!
Here you can quickly get answers to important questions, talk with other users, and read the latest news in a new convenient format.
π Follow the link: https://nt.ls/discord
Discord
Join the Netlas.io Community Server Discord Server!
Connect for support and engage in cybersecurity discussions to enhance your skills and knowledge. | 377 members
πΎ6π5
CVE-2024-21006: Vulnerability in Oracle WebLogic Server, 7.5 ratingβ
Vulnerability from the report on the new Oracle patch. Allows an unauthenticated attacker to gain unauthorized access to critical activities. According to NVD, exploitation is quite simple.
Search at Netlas.io:
π Link: https://nt.ls/RrPD2
π Dork: port:7001 AND protocol:t3
Read more: https://nvd.nist.gov/vuln/detail/CVE-2024-21006
Vulnerability from the report on the new Oracle patch. Allows an unauthenticated attacker to gain unauthorized access to critical activities. According to NVD, exploitation is quite simple.
Search at Netlas.io:
π Link: https://nt.ls/RrPD2
π Dork: port:7001 AND protocol:t3
Read more: https://nvd.nist.gov/vuln/detail/CVE-2024-21006
πΎ5π₯4π3
Business-focused OSINT with Netlas.io π
Our new article is devoted to researching company resources using Netlas tools.
It shows how to collect contacts, files, explore subnets and much more. Read it quickly!
π Read here: https://nt.ls/osint
Our new article is devoted to researching company resources using Netlas tools.
It shows how to collect contacts, files, explore subnets and much more. Read it quickly!
π Read here: https://nt.ls/osint
Medium
Netlas.io β Medium
Read writing from Netlas.io on Medium. Discover, research and monitor any assets available online. Every day, Netlas.io and thousands of other voices read, write, and share important stories on Medium.
πΎ5π₯3π1
Good news π₯
Yesterday we fixed three bugs in subscription system that were discovered during the penetration testing.
Now Netlas has become even safer!
ππ» Changelog: https://docs.netlas.io/changelog/
Yesterday we fixed three bugs in subscription system that were discovered during the penetration testing.
Now Netlas has become even safer!
ππ» Changelog: https://docs.netlas.io/changelog/
docs.netlas.io
Changelog - Netlas Docs
Explore the latest updates, enhancements, and fixes on the Netlas platform. Stay informed with our Changelog for all product and feature developments.
πΎ5π2
New vulnerability in CrushFTP, "serious" rating π₯
The vulnerability, which does not yet have a CVE, was discovered in CrushFTP. According to the vendor's report, its use could allow an attacker to leave the VFS and download system files. Moreover, the vulnerability has already been used in real attacks!
Search at Netlas.io:
ππ» Link: https://nt.ls/5fGPm
ππ» Dork: http.headers.server:"CrushFTP"
Vendor's advisory: https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
The vulnerability, which does not yet have a CVE, was discovered in CrushFTP. According to the vendor's report, its use could allow an attacker to leave the VFS and download system files. Moreover, the vulnerability has already been used in real attacks!
Search at Netlas.io:
ππ» Link: https://nt.ls/5fGPm
ππ» Dork: http.headers.server:"CrushFTP"
Vendor's advisory: https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
π5πΎ4π₯3π1
CVE-2024-20356: Command Injection in Cisco Integrated Management Controller, 8.7 rating π₯
The vulnerability allows attacker to inject almost any code, as demonstrated by the example of the launch of Doom (oh yes, now on Cisco)!
Search at Netlas.io:
ππ» Link: https://nt.ls/WixwE
ππ» Dork: http.title:"Cisco Integrated Management Controller"
Read more: https://labs.nettitude.com/blog/cve-2024-20356-jailbreaking-a-cisco-appliance-to-run-doom/
The vulnerability allows attacker to inject almost any code, as demonstrated by the example of the launch of Doom (oh yes, now on Cisco)!
Search at Netlas.io:
ππ» Link: https://nt.ls/WixwE
ππ» Dork: http.title:"Cisco Integrated Management Controller"
Read more: https://labs.nettitude.com/blog/cve-2024-20356-jailbreaking-a-cisco-appliance-to-run-doom/
π₯4π4πΎ4π1
pfSense-SA-24_04: XSS in pfSense Plus and pfSense CEβ
A vulnerability was discovered in the jquery-treegrid library that could cause arbitrary JavaScript code to be executed in the user's browser.
According to the vendor's advisory, the library is used for testing only and can be safely disabled.
Search at Netlas.io:
π Link: https://nt.ls/E5AZ1
π Dork: http.title:"pfSense - Login" OR http.title:"pfSense Plus"
Vendor's advisory: https://docs.netgate.com/downloads/pfSense-SA-24_04.webgui.asc
A vulnerability was discovered in the jquery-treegrid library that could cause arbitrary JavaScript code to be executed in the user's browser.
According to the vendor's advisory, the library is used for testing only and can be safely disabled.
Search at Netlas.io:
π Link: https://nt.ls/E5AZ1
π Dork: http.title:"pfSense - Login" OR http.title:"pfSense Plus"
Vendor's advisory: https://docs.netgate.com/downloads/pfSense-SA-24_04.webgui.asc
π4πΎ4π₯2π1
π Webinar by Our Partners: The Art and Science of C2: Veni, non vidi, non vici?
This May 7th, join our partners as they demonstrate detecting and analyzing C2 servers with Netlas. Expert insights and real-time demonstrations await!
π See it live on LinkedIn!
https://www.linkedin.com/events/7191004213999542272/
This May 7th, join our partners as they demonstrate detecting and analyzing C2 servers with Netlas. Expert insights and real-time demonstrations await!
π See it live on LinkedIn!
https://www.linkedin.com/events/7191004213999542272/
Linkedin
The Art and Science of C2: Veni, non vidi, non vici? | LinkedIn
π Join us for an in-depth exploration of Command and Control (C2) servers in our webinar:
"The Art and Science of C2: Veni, non vidi, non vici? ".
π€Ώ Dive into the deep water of C2 infrastructure, understanding its role in cyber attacks, and how to combatβ¦
"The Art and Science of C2: Veni, non vidi, non vici? ".
π€Ώ Dive into the deep water of C2 infrastructure, understanding its role in cyber attacks, and how to combatβ¦
π2πΎ2π1
CVE-2024-26304, -26305, -33511, -33512 and other: Multiple vulnerabilities in ArubaOS, 5.3 - 9.8 rating π₯π₯π₯
More recently disclosed vulnerabilities allow an unauthenticated attacker to perform RCE via a buffer overflow and cause a denial of service.
Search at Netlas.io:
ππ» Link: https://nt.ls/myG4Y
ππ» Dork: http.favicon.hash_sha256:dfa04944308ed6c96563ff88cdb767ed5177c76c8a386f7a5803b534e9bff753
Vendor's advisory: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt
More recently disclosed vulnerabilities allow an unauthenticated attacker to perform RCE via a buffer overflow and cause a denial of service.
Search at Netlas.io:
ππ» Link: https://nt.ls/myG4Y
ππ» Dork: http.favicon.hash_sha256:dfa04944308ed6c96563ff88cdb767ed5177c76c8a386f7a5803b534e9bff753
Vendor's advisory: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt
π₯4πΎ4
CVE-2023-49606: RCE in Tinyproxy 1.10.0, 1.11.1, 9.8 rating π₯
A use-after-free vulnerability in Tinyproxy allows an attacker to perform RCE via a specially crafted HTTP header.
Search at Netlas.io:
π Link: https://nt.ls/vWqHD
π Dork: http.headers.server:"tinyproxy/1.11.1" OR http.headers.server:"tinyproxy/1.10.0"
Read more: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889
A use-after-free vulnerability in Tinyproxy allows an attacker to perform RCE via a specially crafted HTTP header.
Search at Netlas.io:
π Link: https://nt.ls/vWqHD
π Dork: http.headers.server:"tinyproxy/1.11.1" OR http.headers.server:"tinyproxy/1.10.0"
Read more: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889
π5πΎ3π₯1
CVE-2024-26026, -21793: Two injections in F5 Big IP, 7.5 ratingβοΈ
SQL injection and OData injection allow an unauthenticated attacker to conduct a remote attack and gain access to sensitive information.
Search at Netlas.io:
ππ» Link: https://nt.ls/ptJHt
ππ» Dork: http.headers.server:"BigIP"
You can also use the "f5_bigip" tag to get more results.
Read more: https://www.tenable.com/blog/cve-2024-21793-cve-2024-26026-proof-of-concept-available-for-f5-big-ip-next-central-manager
SQL injection and OData injection allow an unauthenticated attacker to conduct a remote attack and gain access to sensitive information.
Search at Netlas.io:
ππ» Link: https://nt.ls/ptJHt
ππ» Dork: http.headers.server:"BigIP"
You can also use the "f5_bigip" tag to get more results.
Read more: https://www.tenable.com/blog/cve-2024-21793-cve-2024-26026-proof-of-concept-available-for-f5-big-ip-next-central-manager
πΎ5π₯3π2
CVE-2024-29895, -25641, -31445, -31459: Multiple vulns in Cacti, 8.8 - 10.0 rating π₯π₯π₯
Four new vulnerabilities in Cacti, including SQL injection, RCE, arbitrary file write. So, why are CVEs always so diverse for this product? π§
Search at Netlas.io:
ππ» Link: https://nt.ls/dxZnI
ππ» Dork: http.title:"Login to Cacti" OR http.headers.set_cookie:"Cacti"
Read more: https://thehackernews.com/2024/05/critical-flaws-in-cacti-framework-could.html
Four new vulnerabilities in Cacti, including SQL injection, RCE, arbitrary file write. So, why are CVEs always so diverse for this product? π§
Search at Netlas.io:
ππ» Link: https://nt.ls/dxZnI
ππ» Dork: http.title:"Login to Cacti" OR http.headers.set_cookie:"Cacti"
Read more: https://thehackernews.com/2024/05/critical-flaws-in-cacti-framework-could.html
πΎ4π3π₯3
π Netlas Python SDK v.0.5 is now available. We've made key updates for enhanced compatibility and improved downolading features.
π§ To upgrade, run:
π Check out the full changelog for more details: https://docs.netlas.io/changelog/
π§ To upgrade, run:
pip install --upgrade netlas
π Check out the full changelog for more details: https://docs.netlas.io/changelog/
πΎ5π3β€1π₯1
π₯ Netlas 0.24.0 update is here! π₯
The update brought new information to Netlas' IP/Domain info tool - Reputation Score. Thanks to our collaboration with RST Cloud, information about the Indicators of Compromise of some hosts has become available to users right inside the web application!
Minor features:
π Fixed one favicon search bug,
π Update for Datastore API endpoint,
π₯ Some improvements in UI,
and others.
ππ» Try it now: https://app.netlas.io/host/
ππ» Read more: https://nt.ls/iocs
The update brought new information to Netlas' IP/Domain info tool - Reputation Score. Thanks to our collaboration with RST Cloud, information about the Indicators of Compromise of some hosts has become available to users right inside the web application!
Minor features:
π Fixed one favicon search bug,
π Update for Datastore API endpoint,
π₯ Some improvements in UI,
and others.
ππ» Try it now: https://app.netlas.io/host/
ππ» Read more: https://nt.ls/iocs
π₯4πΎ4π2π1
CVE-2024-4835, -2874 and other: Multiple vulns in GitLab, 4.3 - 8.0 ratingβοΈ
New set of vulnerabilities for GitLab for every taste. Account takeover, CSRF, DoS, and more.
Search at Netlas.io:
π Link: https://nt.ls/xmir8
π Dork: http.meta:"Gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/
New set of vulnerabilities for GitLab for every taste. Account takeover, CSRF, DoS, and more.
Search at Netlas.io:
π Link: https://nt.ls/xmir8
π Dork: http.meta:"Gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/
πΎ5π2π₯2
Create a company technological profile in one click π₯
In a new article on our Medium we will tell you how to complete your company research using Netlas.io.
This time we will find the services used, information about providers and much more π
ππ» Read now: https://blog.netlas.io/building-tech-profile-of-a-company-f2145dedad31
In a new article on our Medium we will tell you how to complete your company research using Netlas.io.
This time we will find the services used, information about providers and much more π
ππ» Read now: https://blog.netlas.io/building-tech-profile-of-a-company-f2145dedad31
Medium
Netlas.io β Medium
Read writing from Netlas.io on Medium. Discover, research and monitor any assets available online. Every day, Netlas.io and thousands of other voices read, write, and share important stories on Medium.
π₯5πΎ3π1
CVE-2024-24919: Exposure of Sensitive Information in Check Point π₯
A vulnerability that has been on everyone's lips in recent days. Allows an unauthenticated attacker to gain access to sensitive information.
Search at Netlas.io:
π Link (tag, more results): https://nt.ls/z9fQV
π Dork (tag, more results): tag.name:"checkpoint"
π Link (no tag): https://nt.ls/tnMCW
π Dork (no tag): http.favicon.hash_sha256:9a3a865d8911afcd95389ec701e5e8abcad69d928efd5b52b5d0bcc70a60d11a
Vendor's advisory: https://support.checkpoint.com/results/sk/sk182336
A vulnerability that has been on everyone's lips in recent days. Allows an unauthenticated attacker to gain access to sensitive information.
Search at Netlas.io:
π Link (tag, more results): https://nt.ls/z9fQV
π Dork (tag, more results): tag.name:"checkpoint"
π Link (no tag): https://nt.ls/tnMCW
π Dork (no tag): http.favicon.hash_sha256:9a3a865d8911afcd95389ec701e5e8abcad69d928efd5b52b5d0bcc70a60d11a
Vendor's advisory: https://support.checkpoint.com/results/sk/sk182336
πΎ6π₯3π2
Netlas.io and RST Cloud collaboration π€
We trust you've observed the inclusion of threat intelligence data in the Netlas search with the release of version 0.24.0. This advancement was made achievable through our partnership with RST Cloud.
Today, we are pleased to unveil an official press release for those inclined to acquaint themselves with the full array of collaborative features.
ππ» Press release: https://www.linkedin.com/posts/netlas-io_netlas-and-rst-cloud-forge-alliance-to-enhance-activity-7204777141576581120-E1H3/
We trust you've observed the inclusion of threat intelligence data in the Netlas search with the release of version 0.24.0. This advancement was made achievable through our partnership with RST Cloud.
Today, we are pleased to unveil an official press release for those inclined to acquaint themselves with the full array of collaborative features.
ππ» Press release: https://www.linkedin.com/posts/netlas-io_netlas-and-rst-cloud-forge-alliance-to-enhance-activity-7204777141576581120-E1H3/
Linkedin
Netlas.io on LinkedIn: Netlas and RST Cloud Forge Alliance to Enhance Cyber Threat Intelligenceβ¦
Netlas and RST Cloud Forge Alliance to Enhance Cyber Threat Intelligence and Threat Hunting Capabilities
Netlas.io, a leading platform for internet-wideβ¦
Netlas.io, a leading platform for internet-wideβ¦
πΎ5π3π₯3β€1
CVE-2024-34102 and others: Multiple vulns in Magento Open Source, 4.8 - 9.8 rating π₯π₯π₯
New vulnerabilities in Magento (and Adobe Commerce) for every taste: arbitrary code execution, security feature bypass and privilege escalation!
Search at Netlas.io:
π Link: https://nt.ls/rxUR7
π Dork: tag.name:"magento"
Vendor's advisory: https://helpx.adobe.com/security/products/magento/apsb24-40.html
New vulnerabilities in Magento (and Adobe Commerce) for every taste: arbitrary code execution, security feature bypass and privilege escalation!
Search at Netlas.io:
π Link: https://nt.ls/rxUR7
π Dork: tag.name:"magento"
Vendor's advisory: https://helpx.adobe.com/security/products/magento/apsb24-40.html
π₯5πΎ4π3
CVE-2024-37079, -37080, -37081: Multiple vulns in VMware vSphere and vCenter, 7.8 - 9.8 rating π₯π₯π₯
RCE via heap overflow and local privilege escalation in several VMware products.
Search at Netlas.io:
π Link: https://nt.ls/hgQQd
π Dork: http.title:"ID_VC_Welcome" OR certificate.issuer.domain_component:"vsphere"
Vendor's advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453
RCE via heap overflow and local privilege escalation in several VMware products.
Search at Netlas.io:
π Link: https://nt.ls/hgQQd
π Dork: http.title:"ID_VC_Welcome" OR certificate.issuer.domain_component:"vsphere"
Vendor's advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453
πΎ5π₯4π2