Netlas.io
Explore the latest in cybersecurity with Netlas.io. Stay ahead with updates on high-profile vulnerabilities, expert tutorials, essential safety tips, and the latest Netlas developments.
إظهار المزيد1 201
المشتركون
+424 ساعات
+177 أيام
+3730 أيام
- المشتركون
- التغطية البريدية
- ER - نسبة المشاركة
جاري تحميل البيانات...
معدل نمو المشترك
جاري تحميل البيانات...
Photo unavailableShow in Telegram
CVE-2024-46982: Cache Poisoning in Next.js, 8.7 rating❗️
A specially crafted HTTP request can cause the server to cache forbidden data, potentially leading to cache poisoning.
Search at Netlas.io:
👉 Link: https://nt.ls/LCCSh
👉 Dork: http.headers.x_powered_by:"Next.js"
Read advisory: https://github.com/advisories/GHSA-gp8f-8m3g-qvj9
👾 3🔥 1
Photo unavailableShow in Telegram
CVE-2024-38812, -38813: Two vulnerabilities in VMware vCenter, 7.5 - 9.8 rating 🔥
Heap overflow and privilege escalation vulns on unpatched servers allow attackers to easily perform RCE using a specially crafted network packet.
Search at Netlas.io:
👉 Link: https://nt.ls/44tRg
👉 Dork: http.title:"ID_VC_Welcome" OR certificate.issuer.domain_component:"vsphere"
Vendor's advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
🔥 3👾 3
Photo unavailableShow in Telegram
CVE-2024-38816: Path Traversal in Spring Framework, 7.5 rating❗️
An attacker can create a malicious HTTP request and use it to gain access to any file accessible by the Spring application process. However, this is easily blocked using the Spring Firewall, so don't forget to enable it.
Search at Netlas.io:
👉 Link: https://nt.ls/jT0JO
👉 Dork: tag.name:"spring"
Vendor's advisory: https://spring.io/security/cve-2024-38816
👾 3🔥 2👍 1
🔥 Netlas Private Scanner is Here! 🔥
Now you can perform super fast non-intrusive scan of any attack surface or even single IP address, and analyze up-to-date results 🔍
Other improvements:
🤝 Team features (sharing) added to the Discovery and Scanner
🐛 Fixed the Discovery Download bug
🖥 Some minor updates
👉 Read more: https://docs.netlas.io/easm/scanner/
Private Scanner - Netlas Docs
Learn to use the Netlas EASM Scanner for attack surface monitoring. Configure scans, track vulnerabilities, and enhance your security posture.
👾 5🔥 3
Reminder: The update begins in one hour. Netlas will be temporarily offline. We apologize for any inconvenience caused.
👾 2
🚧 Planned Update 🚧
The application will be unavailable for a period of time❗️
The update is scheduled to start on September 16, 2024, at 08:00 UTC ⏰. It is expected to take a couple of hours, and we will do our best to complete it as quickly as possible.
Please remember to save your work before this time.
👾 3😭 1🙈 1💊 1
Photo unavailableShow in Telegram
CVE-2024-29847 and other: Multiple vulns in Ivanti EPM, 4.3 - 10.0 rating 🔥🔥🔥
Numerous vulnerabilities in Ivanti. Includes, but is not limited to, RCE with the highest severity score!
Search at Netlas.io:
👉 Link: https://nt.ls/pHqay
👉 Dork: http.headers.set_cookie:("JSESSIONID" "Path" "/mifs")
Vendor's advisory: https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
👾 3🔥 2
Photo unavailableShow in Telegram
CVE-2024-37288, -37285: RCE in Kibana, 9.9 rating 🔥🔥🔥
By improperly deserializing YAML, attackers can perform RCE. The attack is quite complex, but Elastic still recommends updating.
Search at Netlas.io:
👉 Link: https://nt.ls/cVF9O
👉 Dork: http.favicon.hash_sha256:30db4185530d8617e9f08858787a24b219ac5102321b48515baf5da7ac43b590
Read more: https://securityonline.info/critical-kibana-flaws-cve-2024-37288-cve-2024-37285-expose-systems-to-arbitrary-code-execution/
👍 3👾 3🔥 1
Photo unavailableShow in Telegram
CVE-2024-44000: Unauthenticated Account Takeover in LiteSpeed Cache plugin for WordPress, 9.8 rating 🔥
A vulnerability in the debug log allows attackers to gain access to user sessions, potentially leading to complete control over a website.
Search at Netlas.io:
👉 Link: https://nt.ls/syLAy
👉 Dork: http.body:"plugins/litespeed-cache"
Read more: https://securityonline.info/cve-2024-44000-cvss-9-8-litespeed-cache-flaw-exposes-millions-of-wordpress-sites-to-takeover-attacks/
👾 4🔥 2👍 1
Using DNS History in Cybersecurity 🔍
DNS records are one of the most valuable sources of information for a researcher. Given the opportunity to observe them in retrospect, they become almost a silver bullet.
Our new article outlines potential use cases, as well as several tools that will allow you to take full advantage of DNS History in your work 🔥
👉 Read now: https://netlas.io/blog/dns_history_in_cybersecurity/
Enjoy reading!
Using DNS History in Cybersecurity - Netlas Blog
A detailed guide on how to use DNS History in cybersecurity. Use cases, best tools, and best practices.
👾 3👍 1🔥 1👏 1
اختر خطة مختلفة
تسمح خطتك الحالية بتحليلات لما لا يزيد عن 5 قنوات. للحصول على المزيد، يُرجى اختيار خطة مختلفة.