🖼️ RegreSSHion — OpenSSH Unauthenticated RCE

The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387.

The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems.

🔗 Research:
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server

🔗 PoC:
https://github.com/7etsuo/cve-2024-6387-poc
https://github.com/acrono/cve-2024-6387-poc

#openssh #glibc #rce #cve

💻 VMware vCenter Server — Multiple LPE (CVE-2024-37081)

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.

🔗 Source:
https://github.com/mbadanoiu/CVE-2024-37081

#vmware #vcenter #lpe #cve

💻 VMware vCenter Server — Remote Code Execution (CVE-2024-22274)

The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system as the "root" user.

🔗 Source:
https://github.com/mbadanoiu/CVE-2024-22274
https://github.com/l0n3m4n/CVE-2024-22274-RCE

#vmware #vcenter #rce #cve

🖼️ Microsoft SharePoint Server 2019 — RCE

PoC for:
— CVE-2024-38094
— CVE-2024-38024
— CVE-2024-38023

🔗 Source:
https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC

#sharepoint #poc #rce #cve

🔐 FreeIPA Rosting (CVE-2024-3183)

A vulnerability recently discovered by my friend @Im10n in FreeIPA involves a Kerberos TGS-REQ being encrypted using the client’s session key. If a principal’s key is compromised, an attacker could potentially perform offline brute-force attacks to decrypt tickets by exploiting the encrypted key and associated salts.

🔗Source:
https://github.com/Cyxow/CVE-2024-3183-POC

#freeipa #kerberos #hashcat #cve

———
Добавляем доклад Миши в вишлист на Offzone 🚶‍♂️

⌨️ Roundcube Webmail Critical XSS

A critical Cross-Site Scripting (XSS) vulnerability has been found in Roundcube Webmail, enabling attackers to inject and execute arbitrary JavaScript upon viewing a malicious email. This vulnerability could lead to the theft of emails, contacts, and passwords, as well as unauthorized email sending from the victim's account.

🛠 PoC:

<body title="bgcolor=foo" name="bar style=animation-name:progress-bar-stripes onanimationstart=alert(origin) foo=bar">  Foo </body>

🔗 Source:
https://www.sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail

#roundcube #xss #cve #poc

💻 Exploiting Windows Kernel via Kernel Streaming Proxying

An in-depth look at CVE-2024-30090, a vulnerability in Kernel Streaming, allowing privilege escalation via malformed IOCTL requests. By leveraging KS Event mishandling during 32-bit to 64-bit conversions, can exploit the bug pattern to gain arbitrary kernel mode access.

🔗 Research:
Proxying to Kernel - Part I
Proxying to Kernel - Part II

🔗 Source:
https://github.com/Dor00tkit/CVE-2024-30090

#windows #streaming #kernel #cve #poc

💻 Elevation of Privilege via Network Configuration Operators (CVE-2025-21293)

This article discusses a vulnerability in Active Directory (CVE-2025-21293) related to the Network Configuration Operators group, which has excessive permissions to create subkeys in the registry for DnsCache and NetBT. This allows attackers to leverage Performance Counters to execute code with NT\SYSTEM privileges, potentially leading to privilege escalation.

🔗 Source:
https://birkep.github.io/posts/Windows-LPE/

#ad #network #group #lpe #cve