Vulners API v.3 released

Vulners development team has released a major update for Vulners API. Automate your routine operations with vulners.com database easier and effectively than ever.

What’s new:

  • The most of Vulners API v.3 request are now use Get
  • New “search/id” request to view content of the bulletin by identifier
  • Requests for searching or viewing the content by id now support option “references = true”, which adds referenced objects to the results
  • Json output is now pretty-printed by default

All API methods: https://vulners.com/api/v3/
“Validateparam” contains all input parameters and types:

"lucene": [
        {
          "requireparam": {
            "parameters": [
              "query"
            ]
          }
        },
        {
          "validateparam": {
            "parameters": [
              {
                "skip": "int",
                "query": "str",
                "size": "int",
                "sort": "str"
              }
            ]
          }
        }
      ],

Examples:

Available fields and values: https://vulners.com/api/v3/search/suggest/?type=distinct&fieldName=type

{
  "data": [
    "nessus",
    "cve",
    "exploitdb",
    "xssed",
    "zdt",
...
    "lenovo",
    "msvr",
    "paloalto",
    "nginx"
  ],
  "result": "OK"
}

Vulners.com search query speed remains extremely high:

$ curl "https://vulners.com/api/v3/search/lucene/?query=type:centos&size=3&skip=2&references=true" -w %{time_connect}:%{time_starttransfer}:%{time_total}
...
],
"result": "OK"
}0,000:0,144:0,204

Average execution time is 35-45ms

The Only Invulnerable in CityF

Our project team took a part in СityF: The Standoff competitions at PHDays VI Information Security Conference.

PHDays key theme is ‘The Standoff’. This year we are replacing the usual CTF format and are instead bringing you a fully-fledged battle. We are using a realistic scenario in a specially designed setting that mimics a typical urban infrastructure. This time, the hackers will bring out the big guns in order to take down the city (CityF), while city defenders — security experts and the SOC — will be trying to counter their attacks.

Our ‪Vulners‬ city defenders team results on PHDays VI CTF competition:

  • WTF for hacking hackers team
  • excellence at banking for defending our CTF home
  • zen sensei for keeping calm
  • The Invulnerable – no comments
  • Last man standing

PHDays VI CTF results

PHDays VI CTF Awards Ceremony

https://www.facebook.com/plugins/video.php?href=https%3A%2F%2Fwww.facebook.com%2Fmona.sax%2Fvideos%2F10208276593545592%2F&width=500&show_text=false&appId=314625102035701&height=281


Ivan is a representative of defending team. They got so bored with all situation that nothing was happening around them so they decided to hack into hackers computer. And he came to the scene without any mask on his face. And all hackers were looking at him. Who is this guy? So, Ivan, the glory is yours.

Hi everyone. Yeah, we get bored and while we’ve been bored we scanned /16 subnet. We found some neighboring defending teams, some banks. And starting from 10 and higher we have found out that there were some user machines. And some of them had lot of open ports and http servers as well. And in one of this http services there were file upload functionality. It was an Apache server with PHP on. And then we just uploaded web shell with which we just had a lot of fun.

And by the the way it’s not prohibited by the rules. Rules doesn’t say not a single word that defenders can’t break the hackers. Ivan, just tell me please what about computers of those guys, are they operational, can they do something on them?

While being good defense team and not those evil hackers, we of course let theirs computers intact and operational, but we would like to warn all of you, well, it’s a hackers conference, so if you do something Internet based, keep your ports closed and your web service also closed. Just basic security precautions. Well, if you hack somebody, it doesn’t lead that somebody can not hack you.

Advertising. We are Vulners Team and we represent Vulners Vulnerability Database.

So, they can break and they can fix!

Good day for Vulners and 0day.today

0day.today is the ultimate database of exploits and vulnerabilities. It’s a great and well-known resource for vulnerability researchers and security professionals. Now you can search for 0day.today content with vulners.com. Just use “type:zdt” in search requests.

0day.today search results

You can see publicly available exploits with full source code.

Exploit 0day.today

For private exploit you will get the message: “This is private exploit. You can buy it at http://0day.today

Private exploit 0day.today

Starting from now three popular exploit databases are supported in Vulners: Metasploit, Exploit-DB, and 0day.today.

Suse Linux and Samba

Search in Samba and Suse Linux security bulletins with vulners.com!

stat
Suse support is a great deal. Bulletins describe vulnerabilities in many software products: SLES, SLED. openSUSE, Suse, Suse SDK, Suse for VMware, SUSE LTSS, etc. All versions of patched packages for all processor architectures were parsed and available in machine-readable form.

sles bulletin

Suse bulletins contain more records in affected section than all other bulletins all together. For example, SUSE-SA:2005:045  has 110 entries.

So, now Vulners supports almost all common Linux distributions:  Debian, Ubuntu, Arch Linux, RedHat, Oracle Linux, Cent OS and Suse (SLES, SLED, openSUSE).

Another hot topic is, of course, Samba.  Waited for details on Badlock? So, here it is: SAMBA:CVE-2016-2118(BADLOCK)

badlock

It is also interesting to see the hype about this vulnerability: https://vulners.com/search?query=badlock

HackApp indexed: 135,000 potential vulnerabilities in TOP 13,000 Android applications

Good news for all Vulners users. You can now search for vulnerabilities in more than 13,000 Android applications from US Google Play store. Just specify the “type: hackapp”. This became possible by adding the HackApp vulnerability database. The search results contain bulletin title, number of vulnerabilities by severity (red circle – critical, yellow circle – medium, gray circle – notice), information about the application (icon, current version, vendor name and release date).

Android vulnerabilities search results

Links to the application bulletin looks like https://vulners.com/hackapp/HACKAPP:COM.TIR.SIMULASYONU.APK. The bulletin contains brief description of vulnerabilities and vulnerable version of the application.

Android application vulnerabilities

HackApp storage scheme:

“hackapp”: {
“scheme”: {
“href”: “”,
“objectVersion”: “1.0”,
“modified”: “1970-01-01T00:00:00”,
“cvss”: {

},
“bulletinFamily”: “software”,
“hackapp”: {
“vendor”: “”,
“store”: “”,
“icon”: “”,
“apk”: “”,
“version”: “”,
“release”: “”,
“name”: “”,
“link”: “”,
“bugs”: [

]
},
“reporter”: “Hackapp.org”,
“hash”: “”,
“title”: “”,
“references”: [

],
“affectedSoftware”: [

],
“id”: “”,
“published”: “1970-01-01T00:00:00”,
“lastseen”: “1970-01-01T00:00:00”,
“cvelist”: [

],
“type”: “hackapp”,
“description”: “”
},
“displayName”: “Hackapp”,
“bulletinFamily”: “software”,
“lastrun”: “2016-04-04T08:49:30”,
“count”: 13516
}

Use this tags to make complex queries, for example, search the vendor: hackapp.vendor:”Umisoft Games”

Search by vendor name

Managing fresh MITRE CVEs on Vulners

Important vulners.com update. Now fresh CVE IDs will be added to vulners.com right after they appeared in MITRE feed.

Why is it important?

You all know that CVE number is an vulnerability ID. And each CVE number corresponds to a short text description: what kind of vulnerability it is, in what component and who have found it. This identifier can be used to connect various entities associated with vulnerability: patches, detection plugins, exploits, etc.

It is usually assumed that CVE number have to be associated with a list of vulnerable platforms (CPE IDs) and CVSS-vector, which describes how critical vulnerability is. The fact is that two organizations involved in working with CVEs. MITRE is responsible for issuing IDs, and NVD adds CPE and CVSS. When people talk about the CVE feed they usually mention processed NVD content. The problem is that there is a delay between the issuance ID in MITRE feed and it appearance in NVD feed. In other words, ID may be already in use in vulnerability management process, and in the NVD feed it has not yet appeared. Not good.

For example, new OpenSSH vulnerability has reserved ID CVE-2016-3115 on MITRE.

CVE-2016-3115 is reserved

This ID doesn’t exist in NVD feed yet.

CVE-2016-3115 Not Found in NVD

Previously vulners.com used only CVEs from NVD feed. And it was impossible to see entities associated with fresh MITRE CVE IDs. Now you can track the changes in state of the most recent vulnerabilities, check for patches, exploits, Nessus plugins simply by updating the CVE ID page. Description of CVE identifier will be updated as new information in MITRE feed, NVD feeds or in other sources will appeared.

CVE-2016-3115 on Vulners. You can see available patches and exploits.

CVE-2016-3115 on vulners.com
By the way, 21 March MITRE introduces CVE-IDs of another type, which could be produced not only by MITRE, but also by other authorities.

Federated CVE ID syntax

More information you can be read here.