vulnerability Archives - Attack Surface Management Solutions

Confluence RCE via OGNL template injection (CVE-2022-26134)

A critical vulnerability affecting the Atlassian Confluence was disclosed and designated CVE-2022-26134 which allows an un-authenticated attacker to execute arbitrary code on vulnerable servers. A number of Proof-of-Concept (PoC) exploits were published online and exploit activity is actively being observed. Given the impact and severity of the vulnerability, Sn1perSecurity has released an out-of-band update to help detect vulnerable servers in your environment using Sn1per Professional and Sn1per Enterprise.

Severity: CRITICAL | Exploit Available: Yes | Exploitability: Easy | Remotely Exploitable: Yes

(more…)

June 5, 2022 xer0dayz Attack Surface Management, Bug Bounties, CVE's, News, Penetration Testing No comments yet

BIG-IP iControl REST RCE (CVE-2022-1388) Detection with Sn1per Professional

A critical vulnerability affecting the F5 BIG-IP devices was disclosed and designated CVE-2022-1388 which allows an un-authenticated attacker to execute arbitrary code on vulnerable servers. A number of Proof-of-Concept (PoC) exploits were published online and exploit activity is actively being observed. Given the impact and severity of the vulnerability, Sn1perSecurity has released an out-of-band update to help detect vulnerable servers in your environment using Sn1per Professional.

Severity: CRITICAL | Exploit Available: Yes | Exploitability: Easy | Remotely Exploitable: Yes

(more…)

May 10, 2022 xer0dayz Attack Surface Management, Bug Bounties, CVE's, News, Penetration Testing No comments yet

VMware Workspace ONE Access freemarker SSTI (CVE-2022-22954) Detection with Sn1per Professional

Information regarding a critical 0-day vulnerability affecting the VMware Workspace ONE Access and Identity Manager was disclosed and designated CVE-2022-22954 which allows an un-authenticated attacker to execute arbitrary code on vulnerable servers. On April 14th, CISA & US-Cert added CVE-2022-22954 to their catalog of known exploited vulnerabilities after a number of Proof-of-Concept (PoC) exploits were published online and exploit activity was actively observed. Given the impact and severity of the vulnerability, Sn1perSecurity has released an out-of-band update to help detect vulnerable servers in your environment using Sn1per Professional.

Severity: CRITICAL | Exploit Available: Yes | Exploitability: Easy | Remotely Exploitable: Yes

(more…)

April 14, 2022 xer0dayz Attack Surface Management, Bug Bounties, CVE's, News, Penetration Testing No comments yet

Sn1per Professional Nessus Add-on Update!

In case you missed it, we recently added support for Nessus v10.x in Sn1per Professional (version 1.0 of our Nessus Add-on only supported Nessus v8.8.x integration). Our new Nessus v2.0 Add-on lets customers scan for the latest vulnerabilities using Nessus version 10.x and download detailed vulnerability reports in HTML and CSV format with Sn1per Professional. We also added the ability to select different Nessus scan profiles when configuring the scans via Sn1per to provide greater customization. Be sure to check out the full blog post for more details.

(more…)

November 21, 2021 xer0dayz News No comments yet

Sn1per Professional MassPwn Add-on Released!

Leverage the full power of Metasploit with the new “MassPwn Add-on” for Sn1per Professional v9.0. Easily customize each Metasploit scan to meet your needs! Automatically update your Sn1per Professional host data and get notifications when a remote host has been compromised or a vulnerability has been discovered. Getting the most out of Metasploit has never been easier!

(more…)