new tests
May 17, 2024
Now testing for the following vulnerabilities
Alfred BergSecurity Researcher
Alfred Berg
Security Researcher
New tests released based on submissions by our Detectify Crowdsource hackers:
- CVE-2024-32399: RaidenMAILD LFI
- CVE-2024-31851: CData Sync LFI
- CVE-2024-31850: CData Arc LFI
- CVE-2024-31849: CData Connect LFI
- CVE-2024-31848: CData Api-Server LFI
- CVE-2024-31621: Flowise Authentication Bypass
- CVE-2024-3097: WordPress plugin NextGEN Gallery Information Disclosure
- CVE-2024-29059: ASP.NET RCE
- CVE-2024-1183: Gradio Open Redirect
- CVE-2024-0246: IceWarp XSS
- CVE-2023-6549: Citrix NetScaler ADC and Citrix NetScaler Gateway Out-Of-Bounds Memory Read
- CVE-2023-3188: Owncast SSRF
- CVE-2023-25194: Apache Druid Kafka Connect - Remote Code Execution
- Barracuda Reflected XSS
- Caprover Default Credentials
- Changedetection Dashboard Exposure
- Content-Security-Policy Bypass via Instagram
- Content-Security-Policy Bypass via WhatsApp
- IceWarp Mailserver Open Redirect
- Icecast Default Credentials
- Magnolia Installer Exposure
- Piwigo Installer Exposure
- Reflected Odoo XSS
- SABnzbd Installer Exposure
- SABnzbd Unauthenticated Web Server
New tests released by Detectify staff:
- CVE-2021-42013: Apache Path Traversal
- CVE-2021-42013: Apache Remote Code Execution
- Bitrix Site Manager Open Redirect
- Spring Boot Actuator / Status
Improved tests to reduce false negatives:
- Angular Workspace Configuration Exposure
- Apache HTTP Server Configuration Exposure
- Apache HTTP Server httpd.conf Exposure
Thanks for your feedback