Search Go hack yourself with Detectify
×

A web security blog from Detectify

Security Updates for August 17

August 17, 2021

Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users.

The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers. We have added these tests to the Detectify scanner in the last weeks:

CVE-2021-21985: VMware vCenter RCE
The vSphere Client (HTML5) has a remote code execution vulnerability in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. An attacker can execute arbitrary code on the server.

CVE-2021-27850: Apache Tapestry RCE
The vulnerability is a bypass of the fix for CVE-2019-0195. An unauthenticated attacker can bypass the file extension check and access the file AppModule.class which may contain an HMAC key and sign serialized Java objects to achieve RCE.

CVE-2021-32820: Express Handlebars File Disclosure
This module looks for an LFI vulnerability in Express-handlebars. An attacker can download arbitrary files from the server.

CVE-2020-36289: Atlassian Jira Unauthenticated User Enumeration
This module tries to enumerate usernames in the QueryComponentRendererValue!Default.jspa endpoint. An attacker can use exposed usernames in other attacks against the affected organization.

CVE-2019-11600: OpenProject Unauthentication SQL Injection
OpenProject versions before 8.3.1 has a SQL Injection vulnerability. An attacker can get full access to the underlying database.

CVE-2021-22175: Gitlab SSRF
GitLab prior to versions 10.5 is vulnerable to an SSRF vulnerability on an instance where registration is disabled. On successful exploitation, an unauthencated attacker will be able to send requests on behalf of the affected service. It may be possible to reach systems on the same intranet as the affected application.

CVE-2021-28854: VICIdial Sensitive File Exposure
This module looks for a sensitive file exposure vulnerability in VICIdial’s Web Client. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP’s, User-Agents and non-plain text credentials.

CVE-2021-3021: ISPConfig SQL Injection
This module looks for a SQL injection vulnerability in ISPConfig before version 3.2.2. An attacker can use this flaw to read data stored in the database.

CVE-2021-33564: Argument Injection in Ruby Dragonfly
This module looks for an argument injection in the Ruby Gem “Dragonfly”. An attacker can download arbitrary files from the server.

CVE-2019-7481: Sonicwall SMA 100 SQL Injection
This module looks for an SQL Injection vulnerability in SonicWall SMA100 version 9.0.0.3 and earlier. An attacker can use this flaw to gain read-only access to unauthorized resources.

CVE-2020-3580: Cisco ASA/FTD XSS
This module looks for a reflected XSS vulnerability in Cisco ASA/FTD. An attacker can use this flaw to steal credentials and otherwise execute JavaScript in the origin of the affected domain.

CVE-2020-11110: Grafana XSS
There is a XSS vulnerability in Grafana before version 6.7.1. User interaction is required to trigger the XSS. An attacker can use this flaw to steal credentials and otherwise execute JavaScript in the origin of the affected domain.

CVE-2020-24701: OX Appsuite XSS
This module looks for a reflected XSS vulnerability in OX Appsuite before version 7.10.3. An attacker can use this flaw to steal credentials and otherwise execute JavaScript in the origin of the affected domain.

WooCommerce SQL Injection
This module looks for an SQL injection in WooCommerce. An attacker can use this flaw to read data stored in the database.

CVE-2021-22145: ElasticSearch Memory Disclosure
This module searches for a memory disclosure vulnerability in Elasticsearch’s error reporting. Attackers can read buffers which may contain sensitive information such as Elasticsearch authentication details.

CVE-2021-26475: EPrints 3.4.2 XSS
This module searches for a reflected XSS vulnerability in EPrints. EPrints 3.4.2 exposes a reflected XSS opportunity via a cgi/cal URI. An attacker can use this flaw to steal credentials and otherwise execute JavaScript in the origin of the affected domain.

CVE-2021-34429: Eclipse Jetty Path Traversal
Requests to a vulnerable application are able to access protected resources within the WEB-INF directory. The web.xml file could contain sensitive information about the implementation of the web application.

Hasura GraphQL Engine PostgreSQL Query Execuction
This module tests for a command injection vulnerability in Hasura. If vulnerable, an attacker will be able to execute arbitrary commands on the application.

How can Detectify help?

Detectify checks your web applications for known vulnerabilities that are actively exploited in the wild. To begin, you need to verify ownership of the domain and then you can begin a scan within minutes. The Detectify scanners will run a check to determine your web technology profile, and then dispatch the relevant tests based on the results. The testing is context-based using hacker techniques like fuzzing, crawling and real hacker payloads to help discover where the vulnerabilities are.

Detectify scanners are based on HTTP request tests

image: Detectify only shows you vulnerabilities that we can verify as exploitable. You will always get to see the REQUEST and RESPONSE.

Detectify pushes security updates every week. Begin a scan for the latest vulnerabilities today. Start a free trial with Detectify here!

Already have an account? Login to check your assets.

To keep up with today’s cyber threats, you need continuous security that’s integrated with development. With Detectify, you get more than a DAST with access to payload-based security tests beyond the OWASP Top 10. Check for the latest vulnerabilities!

Test your website's security with Detectify Sign up for a free trial