This media is not supported in your browser
VIEW IN TELEGRAM
CVE-2021-43267 — Linux TIPC (PoC)
An article on how to escalate privileges via the slab-buffer-overflow in the Transparent Inter-Process Communication (TIPC) module.
Reference:
https://haxx.in/posts/pwning-tipc/
PoC:
https://github.com/ohnonoyesyes/CVE-2021-43267
#poc #cve #linux #lpe
An article on how to escalate privileges via the slab-buffer-overflow in the Transparent Inter-Process Communication (TIPC) module.
Reference:
https://haxx.in/posts/pwning-tipc/
PoC:
https://github.com/ohnonoyesyes/CVE-2021-43267
#poc #cve #linux #lpe
Apache APISIX Dashboard — Unauthorized RCE (CVE-2021-45232)
Attackers can access certain interfaces without logging in to Apache APISIX Dashboard, thus making unauthorized changes or obtaining relevant configuration information such as Apache APISIX Route, Upstream, Service, etc., and cause problems such as SSRF, malicious traffic proxies built by attackers, and arbitrary code execution.
Shodan Dorks:
#apache #apisix #cve #poc
Attackers can access certain interfaces without logging in to Apache APISIX Dashboard, thus making unauthorized changes or obtaining relevant configuration information such as Apache APISIX Route, Upstream, Service, etc., and cause problems such as SSRF, malicious traffic proxies built by attackers, and arbitrary code execution.
Shodan Dorks:
title:"Apache APISIX Dashboard"PoC:
curl https://IP:9000/apisix/admin/migrate/exporthttps://apisix.apache.org/blog/2021/12/28/dashboard-cve-2021-45232/
#apache #apisix #cve #poc
😈 Fortinet RCE (CVE-2022-40684)
Fortinet recently patched a critical authentication bypass vulnerability in their FortiOS, FortiProxy, and FortiSwitchManager projects (CVE-2022-40684). This vulnerability gives an attacker the ability to login as an administrator on the affected system.
Shodan Dork:
product:"Fortinet FortiGate"
Research:
https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/
PoC:
https://github.com/horizon3ai/CVE-2022-40684
Detection for SOC:
https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/
#fortinet #rce #research #poc #exploit
Fortinet recently patched a critical authentication bypass vulnerability in their FortiOS, FortiProxy, and FortiSwitchManager projects (CVE-2022-40684). This vulnerability gives an attacker the ability to login as an administrator on the affected system.
Shodan Dork:
product:"Fortinet FortiGate"
Research:
https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/
PoC:
https://github.com/horizon3ai/CVE-2022-40684
Detection for SOC:
https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/
#fortinet #rce #research #poc #exploit
Horizon3.ai
FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)
Fortinet recently patched a critical authentication bypass vulnerability that gives an attacker the ability to login as an administrator,
🔥8👍5
😈 Microsoft Exchange: OWASSRF + TabShell
(CVE-2022-41076)
The TabShell vulnerability its a form of Privilege Escalation which allows breaking out of the restricted Powershell Sandbox after you have successfully gained access through OWASSRF.
For a detailed write see research:
https://blog.viettelcybersecurity.com/tabshell-owassrf/
PoC:
https://gist.github.com/testanull/518871a2e2057caa2bc9c6ae6634103e
#owa #ssrf #tabshell #poc
(CVE-2022-41076)
The TabShell vulnerability its a form of Privilege Escalation which allows breaking out of the restricted Powershell Sandbox after you have successfully gained access through OWASSRF.
For a detailed write see research:
https://blog.viettelcybersecurity.com/tabshell-owassrf/
PoC:
https://gist.github.com/testanull/518871a2e2057caa2bc9c6ae6634103e
#owa #ssrf #tabshell #poc
YouTube
Exchange TabShell RCE PoC (CVE-2022-41076)
Copy paste PoC from VCS blog: https://blog.viettelcybersecurity.com/tabshell-owassrf/
🔥9👍2👎1
🎯 GitLab CE/EE Path Traversal Vulnerability (CVE-2023-2825)
On May 23, 2023, GitLab released version 16.0.1, which addressed a critical vulnerability, CVE-2023-2825, impacting both the Community Edition (CE) and Enterprise Edition (EE) version 16.0.0. This vulnerability enables unauthenticated users to read arbitrary files by exploiting a path traversal bug. Additionally, an unauthenticated malicious user can leverage a path traversal vulnerability to read arbitrary files on the server if there is an attachment present in a public project nested within a minimum of five groups.
Shodan Dork:
https://labs.watchtowr.com/gitlab-arbitrary-file-read-gitlab-cve-2023-2825-analysis/
PoC:
https://github.com/Occamsec/CVE-2023-2825
#gitlab #path #traversal #poc #cve
On May 23, 2023, GitLab released version 16.0.1, which addressed a critical vulnerability, CVE-2023-2825, impacting both the Community Edition (CE) and Enterprise Edition (EE) version 16.0.0. This vulnerability enables unauthenticated users to read arbitrary files by exploiting a path traversal bug. Additionally, an unauthenticated malicious user can leverage a path traversal vulnerability to read arbitrary files on the server if there is an attachment present in a public project nested within a minimum of five groups.
Shodan Dork:
application-77ee44de16d2f31b4ddfd214b60b6327fe48b92df7054b1fb928fd6d4439fc7e.css
Research: https://labs.watchtowr.com/gitlab-arbitrary-file-read-gitlab-cve-2023-2825-analysis/
PoC:
https://github.com/Occamsec/CVE-2023-2825
#gitlab #path #traversal #poc #cve
👍7🔥2
Ⓜ️ Metabase Pre-auth RCE
Earlier this week, it was reported that Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 has a vulnerability that allows attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. This vulnerability was designated as CVE-2023-38646.
Research:
https://blog.calif.io/p/reproducing-cve-2023-38646-metabase
PoC:
https://gist.github.com/testanull/a7beb2777bbf550f3cf533d2794477fe
#metabase #cve #poc #rce
Earlier this week, it was reported that Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 has a vulnerability that allows attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. This vulnerability was designated as CVE-2023-38646.
Research:
https://blog.calif.io/p/reproducing-cve-2023-38646-metabase
PoC:
https://gist.github.com/testanull/a7beb2777bbf550f3cf533d2794477fe
#metabase #cve #poc #rce
🔥8👍1
This media is not supported in your browser
VIEW IN TELEGRAM
PoC for:
— CVE-2024-38094
— CVE-2024-38024
— CVE-2024-38023
🔗 Source:
https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC
#sharepoint #poc #rce #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥9👍4
🔍 Deep Dive into Windows IPv6 TCP/IP
An overview of CVE-2024-38063, a remote code execution vulnerability in Windows IPv6 TCP/IP. Includes a technical summary, PoC instructions and a reproduction guide.
🔗 Research:
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
🔗 PoC:
https://github.com/ynwarcs/CVE-2024-38063
#windows #kernel #ipv6 #rce #poc
An overview of CVE-2024-38063, a remote code execution vulnerability in Windows IPv6 TCP/IP. Includes a technical summary, PoC instructions and a reproduction guide.
🔗 Research:
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
🔗 PoC:
https://github.com/ynwarcs/CVE-2024-38063
#windows #kernel #ipv6 #rce #poc
Malwaretech
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
🔥8👍3❤1
A critical Cross-Site Scripting (XSS) vulnerability has been found in Roundcube Webmail, enabling attackers to inject and execute arbitrary JavaScript upon viewing a malicious email. This vulnerability could lead to the theft of emails, contacts, and passwords, as well as unauthorized email sending from the victim's account.
🛠 PoC:
<body title="bgcolor=foo" name="bar style=animation-name:progress-bar-stripes onanimationstart=alert(origin) foo=bar"> Foo </body>
🔗 Source:
https://www.sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail
#roundcube #xss #cve #poc
Please open Telegram to view this post
VIEW IN TELEGRAM
👍10🔥4❤1
Nagios XI 2024R1.01 has a vulnerability in the
monitoringwizard.php component, allowing authenticated SQL injection (CVE-2024-24401) that lets attackers create an admin account and remote code execution. 🔗 Source:
https://github.com/MAWK0235/CVE-2024-24401
#nagios #sql #rce #privesc #poc #exploit
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥12👍2
CVE-2024-30051 is an elevation of privilege vulnerability in Windows' DWM Core Library (dwmcore.dll). The flaw arises due to a heap-based buffer overflow in the
CCommandBuffer::Initialize method, triggered by a miscalculation during memory allocation.🖥 Affected versions
— Windows 10: 1507, 1607, 1809, 21H2, 22H2
— Windows 11: 21H2, 22H2, 23H2
— Windows Server: 2016, 2019, 2022
🔗 Source:
https://github.com/fortra/CVE-2024-30051
#windows #eop #dwm #research #poc
Please open Telegram to view this post
VIEW IN TELEGRAM
👍9🔥7❤4
This media is not supported in your browser
VIEW IN TELEGRAM
An in-depth look at CVE-2024-30090, a vulnerability in Kernel Streaming, allowing privilege escalation via malformed IOCTL requests. By leveraging KS Event mishandling during 32-bit to 64-bit conversions, can exploit the bug pattern to gain arbitrary kernel mode access.
🔗 Research:
Proxying to Kernel - Part I
Proxying to Kernel - Part II
🔗 Source:
https://github.com/Dor00tkit/CVE-2024-30090
#windows #streaming #kernel #cve #poc
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥13👍9❤1😱1