Search Go hack yourself with Detectify

An EASM blog from Detectify

Detectify security updates for 13 December

December 13, 2018

For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and Crowdsource ethical hacker community. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users. This post highlights a few things that we have improved in the last two weeks.

The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers. We added these tests to the Detectify scanner tool on 13 December.

CVE-2018-14912: cgit Path Traversal

A vulnerability in cgit was recently made public by Google Project Zero. After getting it as a submission through Detectify Crowdsource we implemented it as a module. More information about the issue can be found here:

 CVE-2018-5006: Adobe AEM SSRF via SalesforceSecretServlet

Adobe AEM, also called Adobe Experience Manager, has previously had a few known vulnerabilities. Frans Rosén, one of our security advisors, has done a presentation on this here:

However, a new SSRF was released recently, which in addition to all the other research has been implemented to the scanner.

Apache Hadoop RCE

Read more about the story around this vulnerability here:

jQuery-File-Upload related vulnerabilities

The last of the three! See the following blog post:



A few of the other things implemented…

  • CVE-2018-9845: Etherpad Authentication Bypass
  • Exposed Docker configuration file
  • Header-Based SSRF
  • URL-based Authentication Bypass

Questions or comments on our latest security updates? Let us know in the section below.

Begin a scan for the latest vulnerabilities today. Start a free trial with Detectify here!

Already have an account? Login to check your assets.

Detectify is a continuous web scanner monitor service that can be set up for automated scanning for 1000+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!