For continuous coverage, we push out major every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

CVE-2018-14912: cgit Path Traversal

A vulnerability in cgit was recently made public by Project Zero. After getting it as a submission through Detectify Crowdsource we implemented it as a module. More information about the issue can be found here: https://bugs.chromium.org/p/project-zero/issues/detail?id=1627

 CVE-2018-5006: Adobe AEM SSRF via SalesforceSecretServlet

Adobe AEM, also called Adobe Experience Manager, has previously had a few known vulnerabilities. Frans Rosén, one of our security advisors, has done a presentation on this here: https://www.youtube.com/watch?v=_j9ZEIodMDs

However, a new SSRF was released recently, which in addition to all the other research has been implemented to the scanner.

Apache Hadoop RCE

Read more about the story around this vulnerability here: https://securityaffairs.co/wordpress/77565/malware/hadoop-zero-day-exploit-leaked.html

jQuery-File-Upload related vulnerabilities

The last of the three! See the following blog post: https://blog.detectify.com/2018/12/13/jquery-file-upload-a-tale-of-three-vulnerabilities/

 

 

A few of the other things implemented…

  • CVE-2018-9845: Etherpad Authentication Bypass https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9845
  • Exposed Docker configuration file
  • Header-Based SSRF
  • URL-based Authentication Bypass

Questions or comments on our latest security updates? Let us know in the section below.

Begin a scan for the latest vulnerabilities today. Start a free trial with Detectify here!

Already have an account? Login to check your assets.

Detectify is a continuous web scanner monitor service that can be set up for automated scanning for 1000+ known vulnerabilities including the OWASP 10. Check for the latest vulnerabilities!



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here