Platform updates

April updates: Get RCE evidence for 6 critical CVEs

Publisher
Pentest-Tools.com
Updated at
Article tags

Cybercriminals don’t give up. Neither do we.

We’re proud to bring you the only tools that currently detect CVE-2022-24086 affecting Magento and Adobe Commerce.

After weeks of working on auto-exploitation for this critical CVE (CVSSv3 9.8), we finally have it!

As a Pentest-Tools.com customer, you can run Sniper Auto-Exploiter to get conclusive proof that validates targets vulnerable to this high-risk vulnerability, which bad actors have already shown interest in.

This exclusive capability is also embedded into our Network Scanner which provides pre-filled, ready-to-send reports and automatically populates the Attack Surface view.

Find vulnerable targets

Wait, there’s more?

In the past weeks, our team also worked on more platform updates to support your work.

  • 5 new high-risk CVEs you can now exploit with Sniper

  • API support added for the Find Domains tool

  • Website Scanner findings include an “Unconfirmed” tag

1. Prove exploitation risk for these 5 widespread CVEs with Sniper

Besides the high-risk Magento vulnerability, our team also enhanced Sniper Automatic Exploiter with automatic (and safe) exploitation capabilities for:

  1. the critical RCE vulnerability that impacts various Redis versions – CVE-2022-0543 (CVSSv3 10)
    another high-risk RCE vulnerability affecting VMware Workspace ONE Access and Identity Manager – CVE-2022-22954 (CVSSv3 9.8)

  2. the critical RCE vulnerability found in specific Apache Struts 2 versions – CVE-2021-31805 (CVSSv3 9.8)

  3. the severe RCE vulnerability discovered in different Drupal versions – CVE-2018-7600 (CVSSv3 9.8)

  4. the unrestricted file upload vulnerability found in Adobe ColdFusion versions – CVE-2018-15961 (CVSSv3 9.8)

Get exploitation proof

Curious to unpack the technical details behind high-risk vulnerabilities such as the unsafe session storage in Zabbix or the notorious Spring4Shell RCE?

Our security research team provides a steady supply of manual exploitation guides that can expand your know-how or help train your team.

2. API support now available for Domain Finder

The improvement allows you to programmatically run focused scans against your targets through our API.

Using specific parameters, you can automate the scanning workflow to quickly discover domain names owned by a company and map its attack surface.

Find all the details here and save invaluable time with our pre-configured scanners.

3. Easily find and filter your Website Scanner findings

When you scan your targets with our custom-built Website Scanner, findings that aren’t automatically validated get a specific “Unconfirmed” tag.

To make things easier for you, our scanner automatically validates findings and tags them as Confirmed so you can select and add them to your pentest report.

With the Unconfirmed tag, you can easily spot findings that require your attention. Do a manual check before reporting them for high-quality engagements. Check out the support article for more details on how to validate findings.

Here’s where you’ll find the Unconfirmed tag in the Findings section after each scan:

Website Scanner results

Hope these updates help you streamline your ethical hacking engagements so you can do more of the things you enjoy.

Get fresh security research

In your inbox. (No fluff. Actionable stuff only.)

I can see your vulns image

Related articles

Suggested articles

Discover our ethical hacking toolkit and all the free tools you can use!

Create free account

Footer

© 2013-2024 Pentest-Tools.com

Pentest-Tools.com has a LinkedIn account it's very active on

Join over 45,000 security specialists to discuss career challenges, get pentesting guides and tips, and learn from your peers. Follow us on LinkedIn!

Pentest-Tools.com has a YouTube account where you can find tutorials and useful videos

Expert pentesters share their best tips on our Youtube channel. Subscribe to get practical penetration testing tutorials and demos to build your own PoCs!

G2 award badge

Pentest-Tools.com recognized as a Leader in G2’s Spring 2023 Grid® Report for Penetration Testing Software. Discover why security and IT pros worldwide use the platform to streamline their penetration and security testing workflow.

OWASP logo

Pentest-Tools.com is a Corporate Member of OWASP (The Open Web Application Security Project). We share their mission to use, strengthen, and advocate for secure coding standards into every piece of software we develop.