Changelog

Sniper can exploit a Remote Code Execution vulnerability found in Ivanti Connect Secure (CVE-2024-21887).

Network Scanner detects if CVE-2022-1471 (CVSSv3 10), a Remote Code Execution in SnakeYAML library - Atlassian Confluence, impacts your targets.

Network Scanner detects if CVE-2023-46805 (CVSSv3 8.2), an authentication Bypass in Ivanti Connect Secure, affects your targets.

Sniper can exploit a Remote Code Execution vulnerability found in Apache ActiveMQ (CVE-2023-46604).

Sniper can exploit a Remote Code Execution vulnerability found in SysAid (CVE-2023-47246).

Sniper can exploit an authenticated RCE vulnerability found in Cisco IOS XE (CVE-2023-20273), based on an Authentication Bypass vulnerability (CVE-2023-20198).

Sniper can exploit another RCE vulnerability found in F5 BIG-IP (CVE-2023-46747).

We created an automatic CVE filtering mechanism for duplicated CVEs. For example, if the Sniper or the Nuclei engines find a CVE, only the Sniper finding will be displayed in the report. We'll show them based on prioritization (Sniper > Nuclei > OpenVAS).

Network Scanner detects if CVE-2023-44487 (DOS in HTTP/2 - Rapid Reset) affects your targets.

Sniper can exploit a File Read vulnerability found in SonicWall (CVE-2023-0126).

Sniper can exploit an Information Disclosure vulnerability found in Citrix (CVE-2023-4966 - Citrix Bleed).

Network Scanner detects if CVE-2023-29357 (Authentication Bypass in Microsoft Sharepoint) affects your targets.

Network Scanner detects if CVE-2023-42115 (RCE in Exim) affects your targets.

Sniper can exploit a RCE vulnerability discovered in Juniper (CVE-2023-36845).

Network Scanner can now detect if CVE-2022-27510 (Authentication Bypass in Citrix ADC & Gateway) affects your targets.

Sniper can exploit a RCE vulnerability discovered in VMware Aria Operations for Networks (CVE-2023-34039).

Sniper can exploit a RCE vulnerability discovered in CloudPanel (CVE-2023-35885).

Network Scanner can now detect if CVE-2022-27518 (RCE in Citrix ADC & Gateway) impacts your targets.

Sniper can exploit a RCE vulnerability discovered in Wago (CVE-2023-1698).

Sniper can exploit this RCE vulnerability found in Adobe ColdFusion (CVE-2023-29300).

Sniper can exploit a RCE vulnerability discovered in OpenTSDB (CVE-2023-25826).

Sniper can exploit a RCE vulnerability discovered in Metabase (CVE-2023-38646).

Network Scanner can now detect if CVE-2023-3519 (Citrix ADC & Gateway) affect your targets.

Sniper can exploit a RCE vulnerability discovered in Apache RocketMQ (CVE-2023-33246).

Sniper can exploit a RCE vulnerability discovered in Chamilo (CVE-2023-34960).

Sniper can exploit an Unauthenticated API Access vulnerability discovered in Ivanti Endpoint Manager Mobile (CVE-2023-35078).

Network Scanner can now detect if CVE-2023-35078 (Ivanti EPMM) and CVE-2023-35078 (Ivanti EPMM) affect your targets.

Sniper can exploit a RCE vulnerability discovered in Nuxt (CVE-2023-3224).

Network Scanner can now detect if CVE-2023-29300, CVE-2023-29298 (Adobe Coldfusion) and CVE-2023-36934 (MOVEit) affect your targets.

Sniper can exploit a RCE vulnerability discovered in TerraMaster NAS (CVE-2022-24990).

Sniper can exploit a Path Traversal vulnerability discovered in GitLab (CVE-2023-2825).

Network Scanner can now detect if a MOVEit Transfer server is vulnerable to a SQL Injection vulnerability (CVE-2023-34362).

Sniper can exploit an authenticated bypass vuln discovered in Papercut (CVE-2023-27350).

Sniper can exploit an RCE vuln discovered in Oracle E-Business Suite (CVE-2022-21587).

Sniper can exploit an RCE vuln discovered in vBulletin (CVE-2023-25135).

Sniper can exploit an RCE vuln discovered in Sophos Web Appliance (CVE-2023-1671).

Network Scanner can now detect if a Microsoft MSMQ service is vulnerable to a Remote Code Execution vulnerability (CVE-2023-21554).

Sniper can exploit an RCE vuln discovered in the Oracle Coherence product of Oracle Fusion Middleware (CVE-2020-2555).

Sniper can exploit an RCE vuln discovered in Oracle Weblogic (CVE-2020-2883).

Sniper can exploit an RCE vuln discovered in Liferay Portal (CVE-2020-7961).

Sniper can exploit an Information Disclosure vulnerability in Minio (CVE-2023-28432).

Sniper can exploit an RCE vuln discovered in Atlassian Jira (CVE-2019-11581).

Sniper can exploit an RCE vuln discovered in the Oracle WebLogic Servers (CVE-2023-21839).

Sniper can exploit an RCE vulnerability found in the archive unpacking utility named cpio, which is part of the Zimbra Collaboration (CVE-2022-41352).

Sniper can exploit a critical flaw in Joomla 4.0.0 through 4.2.7. An improper access check allows unauthorized access to web service endpoints. (CVE-2023-23752)

Sniper can exploit a critical RCE flaw in Apache Commons Text packages 1.5 through 1.9. This vuln affects the StringSubstitutor interpolar class, which is included in the Commons Text library.

Sniper can exploit an unauthenticated RCE vuln found in the external control of file name or path in the Fortinet FortiNAC versions. (CVE-2022-39952)

Sniper can exploit an RCE vuln found in the remote_agent.php file of the Cacti servers (CVE-2022-46169)

Sniper can exploit a command injection vuln in the License Response Servlet (CVE-2023-0699)

Sniper can exploit an OS command injection vuln found in centOS Web Panel, that allows remote attackers to execute commands via shell metacharacters in the login parameter. (CVE-2022-44877)

Sniper can now exploit a RCE in multiple Zoho ManageEngine on-premise products. (CVE-2022-47966)

Sniper can now exploit a path traversal vuln located in the /public/plugins/endpoint of the Palo Alto servers. (CVE-2017-15944)

Sniper can now exploit a Remote Code Execution vulnerability in the /password_change.cgi endpoint of the Webmin server. (CVE-2019-15107).

Sniper can now exploit a Remote Code Execution vulnerability in the web-based management interface of Cisco Small Business routers (CVE-2019-1653).

Sniper can now exploit a Remote Code Execution vulnerability in the Apache APISIX API Gateway server (CVE-2022-24112).

Sniper can now exploit a Remote Code Execution vulnerability in the htmlawed module from GLPI (CVE-2022-35914).

Sniper can now exploit a Remote Code Execution vulnerability affecting the web-based management interface of Cisco Small Business RV Series Routers (CVE-2021-1472).

Sniper can now exploit a Remote Code Execution vulnerability affecting pfBlockerNG packages (CVE-2022-31814).

Sniper can now exploit a Server Side Request Forgery vulnerability affecting the Fusion Builder WordPress plugin, used in the well known Avada Wordpress theme (CVE-2022-1386).

Sniper can now exploit a Remote Code Execution vulnerability affecting EJS (Embedded JavaScript templates) Node.js package (CVE-2022-29078).

Network Scanner can now detect if a Zoho ManageEngine ADAudit Plus server is vulnerable to XML External Entity Injection (CVE-2022-28219).

Sniper can now exploit an Authentication Bypass vulnerability affecting Fortinet FortiOS, FortiProxy and FortiSwitchManager (CVE-2022-40684).

Network Scanner can now detect if a Grafana server is vulnerable to Authentication Bypass (CVE-2021-39226).

Network Scanner can now detect if a Microsoft Exchange server is vulnerable to Remote Code Execution (CVE-2022-41040/41082).

Sniper can now exploit a Remote Code Execution vulnerability affecting Atlassian Bitbucket (CVE-2022-36804).

Network Scanner can now detect if a Sophos server is vulnerable to a Remote Code Execution vulnerability (CVE-2022-1040).

Sniper can now exploit a Remote Code Execution vulnerability affecting Remote Desktop Protocol/Services (CVE-2017-0144).

Network Scanner can now detect if a Gitlab Comunity/Enterprise server is vulnerable to a Remote Code Execution vulnerability (CVE-2022-2884).

Sniper can now exploit a Remote Code Execution vulnerability affecting the Jenkins Script Security Plugin (CVE-2018-1000861, CVE-2019-1003005, CVE-2019-1003029).

Sniper can now exploit a Remote Code Execution vulnerability affecting ManageEngine, Password Manager Pro and ManageEngine PAM360 (CVE-2022-35405).

Network Scanner can now detect if a Microsoft Windows server is vulnerable to a Remote Code Execution vulnerability affecting RDP (CVE-2019-0708).

Network Scanner can now detect if a Zoho ManageEngine ADSelfService Plus server is vulnerable to Stored Cross-Site Scripting (CVE-2022-24681).

Sniper can now exploit a Pre-Authorization Arbitrary File Read vulnerability affecting Atlassian Jira (CVE-2020-29453).

Sniper can now exploit a Pre-Authorization Arbitrary File Read vulnerability affecting a VMware Workspace One server (CVE-2022-31656).

Network Scanner can now detect if a Django application is vulnerable to SQL Injection (CVE-2022-34265).

Sniper can now exploit a Pre-Authorization Arbitrary File Read vulnerability affecting Atlassian Jira (CVE-2021-26086).

Sniper can now exploit an Authentication Bypass vulnerability (CVE-2022-27925) and an Arbitrary File Upload (CVE-2022-37042) affecting the Zimbra collaboration suite.

Network Scanner can now detect if an Apache HTTP Server is vulnerable to Cache-Digest Denial of Service Attack (CVE-2020-9490).

Sniper can now exploit a Pre-Authorization Arbitrary File Read vulnerability affecting Atlassian Jira (CVE-2019-8442).

Network Scanner can now detect if a Jira server is vulnerable to Information Disclosure (CVE-2020-14179).

Network Scanner can now detect if an Emlog instance is vulnerable to Path Disclosure (CVE-2021-3293).

Sniper can now exploit a Pre-Authorization Arbitrary File Read vulnerability affecting Atlassian Confluence (CVE-2021-26085).

Network Scanner can now detect if an Apache Tomcat Server is vulnerable to Open Redirect (CVE-2018-11784).

Network Scanner can now detect if the web interfaces of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) are vulnerable to Cross-Site Scripting (CVE-2020-3580).

Network Scanner can now detect if an Atlassian Confluence server is vulnerable to an Authentication Bypass vulnerability (CVE-2022-26138).

Sniper can now exploit a Remote Code Execution vulnerability affecting the Timelion visualizer from a Kibana instance (CVE-2019-7609).

Network Scanner can now detect if a Spring Data MongoDB application is vulnerable to SpEL(Spring Expression Language) Injection (CVE-2022-22980).

Sniper can now exploit a Remote Code Execution vulnerability affecting Microsoft SharePoint (CVE-2019-0604).

Sniper can now exploit a Remote Code Execution vulnerability affecting Atlassian Crowd and Crowd Data Center instances (CVE-2019-11580).

Sniper can now exploit a Remote Code Execution vulnerability affecting Drupal Core (CVE-2019-6340).

Sniper can now exploit a OS command injection vulnerability in the CGI program of Zyxel Firewall (CVE-2022-30525).

Sniper can now exploit a Remote Code Execution vulnerability affecting DotCMS systems (CVE-2022-26352).

Sniper can now exploit a Remote Code Execution vulnerability affecting Atlassian Confluence server instances (CVE-2022-26134).

The Network Scanner can now detect if a Jira Seraph (the core authentication mechanism of Jira) instance is vulnerable to authentication bypass (CVE-2022-0540).

Sniper can now exploit a Local File Inclusion vulnerability inside the Console component of Oracle WebLogic Server (CVE-2022-21371).

Sniper can now exploit an RCE vulnerability in F5 BIG-IP (CVE-2022-1388).

The Network Scanner can now detect if a Jira Server or Data Center instance is vulnerable to a server-side template injection vulnerability (CVE-2019-11581).

Sniper can now exploit an unauthenticated RCE vulnerability in Zoho ManageEngine (CVE-2021-44077).

Sniper can now exploit an unrestricted file upload vulnerability in certain WSO2 products (CVE-2022-29464).