CVE-2024-43468: ConfigMgr/SCCM 2403 Unauth SQLi to RCE

PATCHED: Oct 8, 2024

Exploit: https://github.com/synacktiv/CVE-2024-43468

Blog: https://www.synacktiv.com/advisories/microsoft-configuration-manager-configmgr-2403-unauthenticated-sql-injections

#git #exploit #ad #rce #sccm #pentest #redteam

🩸 CitrixBleed 2 — Citrix NetScaler Memory Leak (CVE-2025-5777)

Critical memory leak vulnerability in Citrix NetScaler ADC/Gateway. Sending malformed POST request with login parameter without value causes server to return ~127 bytes of uninitialized stack memory, including session tokens, enabling MFA bypass and active session hijacking.

🔗 Research:
https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/

🔗 Source:
https://github.com/win3zz/CVE-2025-5777

#citrix #netscaler #memoryleak #exploit