Cristi made us a tutorial video !Read more
An experimental Firefox extension for LeakIX has landed !Read more
After weeks of developement and testing we're proud to announce the release of LeakIX v2 !Read more
Server vulnerable to Log4J CVE-2021-44228. The reply originated from a backend server, the originating frontend server has been included in the report for reference. It is critical to patch log4j or the application using since the issues is exploited in the wild and leads to RCE. - [https://www.lunasec.io/docs/blog/log4j-zero-day/](https://www.lunasec.io/docs/blog/log4j-zero-day/) - [https://issues.apache.org/jira/browse/LOG4J2-2109](https://issues.apache.org/jira/browse/LOG4J2-2109) - [https://logging.apache.org/log4j/2.x/security.html](https://logging.apache.org/log4j/2.x/security.html)Read more
The following Exchange Server is publicly accessible and looks out-dated : [https://webmail.eurofound.europa.eu](https://webmail.eurofound.europa.eu) It is critical to update to a safe version as soon as possible since multiple CVEs allow remote attackers to DoS or achieve RCE (Remote code execution) on the server. Those vulnerabilities are currently used in ransomware campaign and could damage your network. This prevention reports are identified and dispatched with the help of https://twitter.com/HaboubiAnis Reference: - [https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-42321](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-42321) - [https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26427](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26427) - [https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-41348](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-41348)Read more
The instance has been found vulnerable to CVE-2021-26086. And this allows remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. More info here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26086 The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1. To fix this, you should update to the most recent version.Read more
LeakIX is the first platform combining a search engine indexing public information AND an open reporting platform linked to the results.
We intent to provide a preemptive solution by trusting individual researchers and security companies on the most sensible data we index by delivering a clear report on the incidents, we also help to identify what information has/could be affected and how to resolve the issue.
Our first goal is one of prevention, all the voluntary reports are free.