This media is not supported in your browser
VIEW IN TELEGRAM
π [ bishopfox, Bishop Fox ]
We just published a detailed analysis of #CVE-2023-3519, which we previously wrote about. Today, weβre going even further into how this #RCE vulnerability can be exploited.
Our team created a #python script for generating shellcode given the fixup address and callback URL by calling nasm from Python. The final #exploit with addresses for VPX version 13.1-48.47 is available on our #GitHub.
π bfx.social/3YjMxpz
#infosec #Citrix
π₯ [ tweet ]
We just published a detailed analysis of #CVE-2023-3519, which we previously wrote about. Today, weβre going even further into how this #RCE vulnerability can be exploited.
Our team created a #python script for generating shellcode given the fixup address and callback URL by calling nasm from Python. The final #exploit with addresses for VPX version 13.1-48.47 is available on our #GitHub.
π bfx.social/3YjMxpz
#infosec #Citrix
π₯ [ tweet ]
π₯4
Forwarded from APT
The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSHβs server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387.
The vulnerability, which is a signal handler race condition in OpenSSHβs server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems.
π Research:
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
π PoC:
https://github.com/7etsuo/cve-2024-6387-poc
#openssh #glibc #rce #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯12
π [ DSAS by INJECT @DevSecAS ]
#Outlook CVE-2024-21413 to #RCE
π https://blog.injectexp.dev/outlook-cve-2024-21413-for-rce-hacking-through-a-letter/07/rce/
π₯ [ tweet ]
#Outlook CVE-2024-21413 to #RCE
π https://blog.injectexp.dev/outlook-cve-2024-21413-for-rce-hacking-through-a-letter/07/rce/
π₯ [ tweet ]
π₯±8π₯5