new tests
April 19, 2024
Now testing for the following vulnerabilities
Alfred BergSecurity Researcher
Alfred Berg
Security Researcher
New tests released based on submissions by our Detectify Crowdsource hackers:
- CVE-2024-3400: Palo Alto Networks - Global Connect RCE (v.1)
- CVE-2024-3400: Palo Alto Networks - Global Connect RCE (v.2)
- CVE-2024-29882: SRS DOM XSS
- CVE-2024-29269: Telesquare RCE
- CVE-2023-49785: NextChat SSRF
- CVE-2023-49785: NextChat Reflected XSS
- CVE-2023-0678: phpIPAM Missing Authorization
- Loadmaster Installer Exposure
- Phpipam Installer Exposure
New tests released by Detectify staff:
- CVE-2023-50968: Apache OFBiz SSRF (v.1)
- CVE-2023-50968: Apache OFBiz SSRF (v.2)
- CloudFlare Secret Key Disclosure
- Docker Daemon Exposed
- Node-Red Default Credentials
- vBulletin Full Path disclosure
Improved tests to reduce false negatives:
- CVE-2023-38203: Adobe ColdFusion Deserialization of Untrusted Data
- CVE-2019-12593: IceWarp LFI (v.1)
- CVE-2019-12593: IceWarp LFI (v.2)
- CVE-2019-12593: IceWarp LFI (v.3)
Improved tests to reduce false positives:
- CVE-2021-33766: Microsoft Exchange Authentication Bypass
- CVE-2017-5616: cPanel Reflected XSS
- CVE-2017-5616: cPanel Reflected XSS
- Bitrix Component XSS via log_cnt
- Worldox Web XSS
Improved finding information:
- CVE-2021-22054: VMware Workspace One SSRF
- CVE-2021-40822: Geoserver SSRF
- IBM WebSphere Portal SSRF
- OpenAPI SSRF
- Proxy Request CRLF Injection
- Proxy Request CRLF Injection
- Proxy Request CRLF Injection
- Proxy Request Modification
- WordPress Oembed SSRF
Thanks for your feedback