Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users.
The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers. We added these tests to the Detectify scanner from November 2 – November 13.
CVE-2020-14750: Oracle Weblogic RCE
This module tests for a RCE vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware. If vulnerable, an attacker will be able to execute arbitrary commands on the application.
CVE-2020-13485: Craft CMS Plugin “Knock Knock” Bypass
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header. On successful exploitation, an attacker can bypass the password protection mechanism.
CVE-2019-13335: SalesAgility SuiteCRM SSRF
SalesAgility SuiteCRM versions 7.10.x, 7.10.19 and 7.11.x before and 7.11.7 are vulnerable to SSRF. On successful exploitation, an unauthenticated attacker will be able to send requests on behalf of the affected service. It may be possible to reach systems on the same intranet as the affected application.
CVE-2020-12283: Sourcegraph Open Redirect
Sourcegraph versions before 3.15.1 are vulnerable to open redirects. An attacker can redirect visitors to origins under the attackers control.
CVE-2018-16341: Nuxeo RCE via SSTI
This module tests for a RCE vulnerability via SSTI in Nuxeo versions < 10.3. If vulnerable, an attacker will be able to execute arbitrary commands on the application.
OSGi Web-Console Default Credentials
This module looks for default credentials in OSGi Management Console which comes bundled with or is usually installed for software such as Apache Karaf and Apache Sling often through Apache Felix Web Management Console. An attacker can read sensitive information about the system as well as configuring, adding or removing bundles in the system.
SAP NetWeaver Default Credentials
This module searches for instances of SAP NetWeaver that use default credentials. An attacker would be able to get unlimited access to any business data stored in the system.
CVE-2020-14183: Atlassian Products SEN Disclosure via HTTP Response Headers
This module searches for an information disclosure vulnerability in Atlassian products. An attacker can create support issues using the Support Entitlement Number (SEN).
CVE-2020-25540: ThinkAdmin Directory Traversal
This module searches for a directory traversal vulnerability in ThinkAdmin v6. On successful exploitation, an attacker can download arbitrary files from the server.
CVE-2020-1147: Sharepoint RCE
This module tests for a RCE vulnerability in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content.
Questions or comments on the latest Detectify security updates? Let us know in the comments below.
Begin a scan for the latest vulnerabilities today. Start a free trial with Detectify here!
Already have an account? Login to check your assets.
Detectify is a continuous web vulnerability scanner service and we release Detectify security updates at least bi-weekly. Detectify offers a crowdsource-powered testbed of 2000+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!