A recently discovered vulnerability, CVE-2023-36845, affects Juniper SRX firewalls and EX switches, allowing for remote code execution without writing to the disk
🔍 Scanner:
https://github.com/vulncheck-oss/cve-2023-36845-scanner
🌐 Research:
https://vulncheck.com/blog/juniper-cve-2023-36845
#juniper #rce #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
❤🔥8❤1👍1
May 21st, Veeam published an advisory stating that all the versions BEFORE Veeam Backup Enterprise Manager 12.1.2.172 is affected by an authentication bypass allowing an unauthenticated attacker to bypass the authentication and log in to the Veeam Backup Enterprise Manager web interface as any user the CVSS for this vulnerability is 9.8.
🔗 Source:
https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/
🔗 PoC:
https://github.com/sinsinology/CVE-2024-29849
#veeam #authentication #bypass #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥7👍2
🔥 VMware vCenter Server RCE + PrivEsc
Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol. They could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted network packet.
— CVE-2024-37079: A heap-overflow vulnerability in the DCERPC protocol implementation of vCenter Server that allows a malicious actor with network access to send specially crafted packets, potentially leading to remote code execution. (CVSS v3.1 score: 9.8 "critical");
— CVE-2024-37080: Another heap overflow vulnerability in the DCERPC protocol of vCenter Server. Similar to CVE-2024-37079, it allows an attacker with network access to exploit heap overflow by sending crafted packets, potentially resulting in remote code execution. (CVSS v3.1 score: 9.8 "critical");
— CVE-2024-37081: This vulnerability arises from a misconfiguration of sudo in vCenter Server, permitting an authenticated local user to exploit this flaw to elevate their privileges to root on the vCenter Server Appliance. (CVSS v3.1 score: 7.8 "high").
Nuclei Template (PoC):
🔗 https://gist.github.com/tothi/0ff034b254aca527c3a1283ff854592a
Shodan
FOFA
#vmware #vcenter #rce #lpe #cve
Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol. They could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted network packet.
— CVE-2024-37079: A heap-overflow vulnerability in the DCERPC protocol implementation of vCenter Server that allows a malicious actor with network access to send specially crafted packets, potentially leading to remote code execution. (CVSS v3.1 score: 9.8 "critical");
— CVE-2024-37080: Another heap overflow vulnerability in the DCERPC protocol of vCenter Server. Similar to CVE-2024-37079, it allows an attacker with network access to exploit heap overflow by sending crafted packets, potentially resulting in remote code execution. (CVSS v3.1 score: 9.8 "critical");
— CVE-2024-37081: This vulnerability arises from a misconfiguration of sudo in vCenter Server, permitting an authenticated local user to exploit this flaw to elevate their privileges to root on the vCenter Server Appliance. (CVSS v3.1 score: 7.8 "high").
Nuclei Template (PoC):
🔗 https://gist.github.com/tothi/0ff034b254aca527c3a1283ff854592a
Shodan
product:"VMware vCenter Server"
FOFA
app="vmware-vCenter"
#vmware #vcenter #rce #lpe #cve
🔥12👍3
The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387.
The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems.
🔗 Research:
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
🔗 PoC:
https://github.com/acrono/cve-2024-6387-poc
#openssh #glibc #rce #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥22❤1👍1
APT
🔥 VMware vCenter Server RCE + PrivEsc Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol. They could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted…
VMware vCenter - CVE-2024-37081.pdf
1.3 MB
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.
🔗 Source:
https://github.com/mbadanoiu/CVE-2024-37081
#vmware #vcenter #lpe #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
👍5🔥3❤1
VMware vCenter - CVE-2024-22274.pdf
1.1 MB
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system as the "root" user.
🔗 Source:
https://github.com/mbadanoiu/CVE-2024-22274
https://github.com/l0n3m4n/CVE-2024-22274-RCE
#vmware #vcenter #rce #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥9👍3❤2
This media is not supported in your browser
VIEW IN TELEGRAM
PoC for:
— CVE-2024-38094
— CVE-2024-38024
— CVE-2024-38023
🔗 Source:
https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC
#sharepoint #poc #rce #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥9👍4
🔐 FreeIPA Rosting (CVE-2024-3183)
A vulnerability recently discovered by my friend @Im10n in FreeIPA involves a Kerberos TGS-REQ being encrypted using the client’s session key. If a principal’s key is compromised, an attacker could potentially perform offline brute-force attacks to decrypt tickets by exploiting the encrypted key and associated salts.
🔗Source:
https://github.com/Cyxow/CVE-2024-3183-POC
#freeipa #kerberos #hashcat #cve
———
Добавляем доклад Миши в вишлист на Offzone🚶♂️
A vulnerability recently discovered by my friend @Im10n in FreeIPA involves a Kerberos TGS-REQ being encrypted using the client’s session key. If a principal’s key is compromised, an attacker could potentially perform offline brute-force attacks to decrypt tickets by exploiting the encrypted key and associated salts.
🔗Source:
https://github.com/Cyxow/CVE-2024-3183-POC
#freeipa #kerberos #hashcat #cve
———
Добавляем доклад Миши в вишлист на Offzone
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥17❤🔥2👍1
A critical Cross-Site Scripting (XSS) vulnerability has been found in Roundcube Webmail, enabling attackers to inject and execute arbitrary JavaScript upon viewing a malicious email. This vulnerability could lead to the theft of emails, contacts, and passwords, as well as unauthorized email sending from the victim's account.
🛠 PoC:
<body title="bgcolor=foo" name="bar style=animation-name:progress-bar-stripes onanimationstart=alert(origin) foo=bar"> Foo </body>
🔗 Source:
https://www.sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail
#roundcube #xss #cve #poc
Please open Telegram to view this post
VIEW IN TELEGRAM
👍10🔥4❤1
This media is not supported in your browser
VIEW IN TELEGRAM
An in-depth look at CVE-2024-30090, a vulnerability in Kernel Streaming, allowing privilege escalation via malformed IOCTL requests. By leveraging KS Event mishandling during 32-bit to 64-bit conversions, can exploit the bug pattern to gain arbitrary kernel mode access.
🔗 Research:
Proxying to Kernel - Part I
Proxying to Kernel - Part II
🔗 Source:
https://github.com/Dor00tkit/CVE-2024-30090
#windows #streaming #kernel #cve #poc
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥13👍9❤1😱1
This article discusses a vulnerability in Active Directory (CVE-2025-21293) related to the Network Configuration Operators group, which has excessive permissions to create subkeys in the registry for DnsCache and NetBT. This allows attackers to leverage Performance Counters to execute code with NT\SYSTEM privileges, potentially leading to privilege escalation.
🔗 Source:
https://birkep.github.io/posts/Windows-LPE/
#ad #network #group #lpe #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥13❤2👍1🤔1
🖼 AnyDesk — Local Privilege Escalation (CVE-2024-12754)
A vulnerability in AnyDesk allows low-privileged users to perform arbitrary file read and copy operations with NT AUTHORITY\SYSTEM privileges. Exploitation is possible by manipulating the background image, creating symbolic links, and leveraging ShadowCopy, granting access to SAM, SYSTEM, and SECURITY files, ultimately leading to privilege escalation to administrator.
🔗 Source:
https://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754
#windows #anydesk #lpe #cve
A vulnerability in AnyDesk allows low-privileged users to perform arbitrary file read and copy operations with NT AUTHORITY\SYSTEM privileges. Exploitation is possible by manipulating the background image, creating symbolic links, and leveraging ShadowCopy, granting access to SAM, SYSTEM, and SECURITY files, ultimately leading to privilege escalation to administrator.
🔗 Source:
https://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754
#windows #anydesk #lpe #cve
🔥22👍3❤1
⚙️ Wazuh — Unsafe Deserialization RCE (CVE-2025-24016)
An unsafe deserialization vulnerability in Wazuh servers allows remote code execution through unsanitized dictionary injection in DAPI requests/responses. If an attacker injects an unsanitized dictionary into a DAPI request or response, they can craft an unhandled exception, allowing arbitrary Python code execution.
🔗 Source:
https://github.com/0xjessie21/CVE-2025-24016
#wazuh #deserialization #rce #cve
An unsafe deserialization vulnerability in Wazuh servers allows remote code execution through unsanitized dictionary injection in DAPI requests/responses. If an attacker injects an unsanitized dictionary into a DAPI request or response, they can craft an unhandled exception, allowing arbitrary Python code execution.
🔗 Source:
https://github.com/0xjessie21/CVE-2025-24016
#wazuh #deserialization #rce #cve
1🔥15❤5👍3