new tests
March 15, 2024
Now testing for the following vulnerabilities
Alfred BergSecurity Researcher
Alfred Berg
Security Researcher
New tests released based on submissions by our Detectify Crowdsource hackers:
- CVE-2024-21893: Ivanti Connect Secure, Policy Secure and Neurons for ZTA SSRF
- CVE-2024-27198: TeamCity CI Authentication Bypass
- CVE-2024-27199: TeamCity Authentication Bypass
- Proxy Request Modification
- Proxy Request Modification (v.2)
New tests released by Detectify staff:
- CVE-2018-11759: JK Status Manager Bypass (v.2)
- Babel Configuration Exposure (v.2)
- CirCarLife Installer Exposure
- Jhipster Public Registration
- Proxy Request CRLF Injection
- mCloud Panel Installer Exposure
Improved tests to reduce false negatives:
- Babel Configuration Exposure (v.1)
- CKEditor Drag-and-Drop XSSJK Status Manager Exposure
- Spring Application-Context Exposure
- Spring Boot Actuator / Auto-Configuration Route
- Spring Boot Actuator / Beans Route
- Spring Boot Actuator / Caches Route
- Spring Boot Actuator / Conditions
- Spring Boot Actuator / Configuration Properties
- Spring Boot Actuator / Environment Route
- Spring Boot Actuator / Environment Route
- Spring Boot Actuator / Environment Route
- Spring Boot Actuator / Features
- Spring Boot Actuator / Flyway Route
- Spring Boot Actuator / Gateway
- Spring Boot Actuator / HTTP Exchanges
- Spring Boot Actuator / Health Route
- Spring Boot Actuator / Heap Dump
- Spring Boot Actuator / Heap Dump
- Spring Boot Actuator / Heap Dump
- Spring Boot Actuator / Info Route
- Spring Boot Actuator / Integration Graph
- Spring Boot Actuator / Liquibase Route
- Spring Boot Actuator / Logfile Route
- Spring Boot Actuator / Loggers Route
- Spring Boot Actuator / Mappings Route
- Spring Boot Actuator / Metrics Route
- Spring Boot Actuator / Quartz
- Spring Boot Actuator / Scheduled Tasks Route
- Spring Boot Actuator / Startup
- Spring Boot Actuator / Thread Dump Route
- Spring Boot Actuator / Thread Dump Route
- Spring Boot Actuator / Trace Route
- Spring Boot Admin Exposure
Test now running in both Application scanning and Surface Monitoring, previously only in Application scanning:
- CVE-2018-9205: Drupal avatar_uploader Path Traversal
- CVE-2007-2440: Caucho Resin File Disclosure
- Craft CMS Full Path Disclosure
- Craft CMS License Key Exposure
- Craft CMS Log Disclosure
- Drupal Backup Exposure
Improved finding information:
- Gogs Installer Exposure
- WordPress Database Repair Script Exposed
Thanks for your feedback