Search Go hack yourself with Detectify
×

A web security blog from Detectify

Detectify Security Updates for March 8

March 8, 2021

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users.

The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers. We added these tests to the Detectify scanner from February 23 – March 4.

CRITICAL – CVE-2021-26855: Microsoft Exchange SSRF
There is a SSRF in Microsoft Exchange that can be used in an exploit chain to get RCE. An attacker can make HTTP requests to servers within the vulnerable systems network/intranet. It is possible to run arbitrary commands on the server by chaining it with other vulnerabilities.

This is a critical vulnerability and you can views the details on Microsoft’s blog.

CRITICAL – CVE-2021-21973: VMware vCenter RCE
The vSphere Client (HTML5) has a remote code execution vulnerability in the vCenter Server plug-in. An attacker can execute arbitrary code on the server. VMware published work-around instructions on their knowledge base.

CVE-2020-2036: Palo Alto Networks PAN-OS XSS
This module looks for a reflected XSS vulnerability in PAN-OS. An attacker can use this flaw to steal credentials and otherwise execute JavaScript in the origin of the affected domain.

CVE-2020-26935: phpMyAdmin SQL Injection
PhpMyAdmin before 4.9.6 and 5.x before 5.0.3 has a SQL injection vulnerability. An attacker may be able to execute SQL-code, which includes reading/writing to the database and possible write directly to the file system.

CVE-2020-17518: Apache Flink Arbitrary File Upload
Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system. A remote attacker can send a specially crafted HTTP request and upload files on the system.

CVE-2020-1942: Apache NiFi RCE
This module looks for a remote code execution vulnerability in Apache NiFi. An attacker can leverage this to get full control of the server.

CVE-2020-3243: Cisco UCS LFI
This module looks for an LFI vulnerability in Cisco UCS Director before version 6.7.4.0 and in Cisco UCS Director Express for Big Data before version 3.7.4.0. An attacker can leverage this to get full control of the server.

CVE-2020-5722: Grandstream UCM6200 Series SQL Injection
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions before 1.0.20.17.

CVE-2020-16194: PrestaShop Opartdevis < 4.0.2 IDOR on addresses fields
This module searches for an Insecure Direct Object Reference (IDOR) in Prestashop Opart devis < 4.0.2. An IDOR vulnerability was found in PrestaShop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user’s invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.

How can Detectify help?

Begin a scan for the latest vulnerabilities today. Start a free trial with Detectify here!

Already have an account? Login to check your assets.

Detectify is a continuous web vulnerability scanner service and we release Detectify security updates at least bi-weekly. Detectify offers a crowdsource-powered testbed of 2000+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!

Check your website for the latest vulnerabilities with Detectify Run a scan now