new tests
March 28, 2024
Now testing for the following vulnerabilities
Alfred BergSecurity Researcher
Alfred Berg
Security Researcher
New tests released based on submissions by our Detectify Crowdsource hackers:
- CVE-2024-1212: Unauthenticated Command Injection In Progress Kemp LoadMaster
New tests released by Detectify staff:
- CVE-2019-16097: Harbor Privilege Escalation
- GLPI Status Disclosure
- Hangfire Dashboard Exposure
- Harbor Default Credentials
- Harbor Default Credentials (v2)
- Harbor Label Disclosure
- Harbor Registry Default Credentials
- Harbor Self-Registration Enabled
- Symfony Profiler Phpinfo Exposure
Improved tests to reduce false negatives:
- CVE-2024-22024: Ivanti Connect Secure and Policy Secure XXE
- CVE-2022-46463: Harbor Public Projects
- CVE-2021-43798: Grafana Path Traversal
- CVE-2021-41773: Apache HTTP Server Path Traversal
- CVE-2021-41277: Metabase Local File Inclusion
- CVE-2019-12593: IceWarp LFI
- CVE-2018-13379: Fortinet VPN Path Traversal
- CVE-2017-1000028: Oracle GlassFish Path Traversal
- Django running in Debug-mode
- Exposed PHP-Info
- Jolokia Path Traversal
- PHP Configuration File
- WordPress Plugin "image-export" (image-export) Path Traversal
Test now running in both Application scanning and Surface Monitoring, previously only in Application scanning:
- CVE-2020-5245: Dropwizard SSTI
Improved finding information:
- CVE-2023-41892: Craft CMS RCE
- Craft CMS Output From Debug Methods Exposed
Thanks for your feedback