Advisory: Flarum LFI – CVE-2023-40033
Growth Setup Summary An attacker with a basic user forum account can specify a malicious avatar URL that discloses the contents of arbitrary local files on the file system. Impact An attacker…
News
Developer Access to Shodan Trends
As a quick recap, Shodan Trends is a website that lets you see how the Internet has changed over time. For example, you can use it to see how exposed…
Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway (Part 2)
In our last post we uncovered a vulnerability inside Citrix ADC and NetScaler Gateway that was in the patch fix for CVE-2023-3519. It seems that this vulnerability, while also critical,…
Cobalt Strike and Outflank Security Tooling: Friends in Evasive Places
This is a joint blog written by the Cobalt Strike and Outflank teams. It is also available on the Cobalt Strike site. Over the past few months there has been…
So you think you can block Macros?
For the purpose of securing Microsoft Office installs we see many of our customers moving to a macro signing strategy. Furthermore, Microsoft is trying to battle macro malware by enforcing…
Accepting Crypto: A Vendor Perspective
We’ve recently decided to stop accepting cryptocurrency payments (again) and I wanted to share some of the issues we encountered. Background Shodan is a website aimed at technical users and…
Historical IP Information
Shodan is turning 13 years old later this year and throughout that time we’ve kept an archive of all information we’ve ever seen. The regular search engine only shows recent…
A Tool for Fast IP enrichment
You have a long list of IPs and you quickly want to get a basic idea of what they’re running for the purpose of: Make sure they’re not exposing any…
Introducing Data Feeds for Search Results
It’s now possible for enterprise customers to subscribe to a data feed of search results. Instead of running a search query every day to ask for new results you can…
Upgraded Look and Feel
This year we rolled out the new main Shodan website and alongside it updated the look of all websites. There were a few specific goals that we had for the…