Our Crowdsource ethical hacker community has been busy sending us security updates, including 0-day research. For Asset Monitoring, we now push out tests more frequently at record speed within 25 minutes from hacker to scanner. Due to confidentially agreements, we cannot publicize all security update releases here but they are immediately added to our scanner and available to all users.

The following are some of the security vulnerabilities reported by Detectify Crowdsource ethical hackers. We added these tests to the Detectify scanner from December 14 – December 26.

Backbone Query Parameters for DOM-XSS

This module looks for a DOM-based XSS vulnerability affecting the Javascript library Backbone Query Parameters. This library is present in several web applications, such as Atlassian Jira Service Desk.

Citrix XenMobile Server Source Code Disclosure

This modules tries to reveal the source code of files handled by Citrix XenMobile Server. The vulnerability was fixed in the latest release patches for XenMobile Server 10.12 and 10.13.

SolarWinds Orion Backdoor Version

This modules detects if SolarWinds Orion is running a version that may have been altered by a backdoor.

Application Settings File Disclosure

The “Microsoft IIS Administration” service uses a settings file that may contain tokens, passwords, and PII.

Questions or comments on the latest Detectify security updates? Let us know in the comments below.

Begin a scan for the latest vulnerabilities today. Start a free trial with Detectify here!

Already have an account? Login to check your assets.

Detectify is a continuous web vulnerability scanner service and we release Detectify security updates at least bi-weekly. Detectify offers a crowdsource-powered testbed of 2000+ known vulnerabilities including the OWASP Top 10. Check for the latest vulnerabilities!

Posted by Charlie