#xxe #sharepoint
SharePoint XML eXternal Entity (XXE) Injection Vulnerability
‼️ CVE-2024-30043 ‼️
https://cybersecuritynews.com/poc-exploit-xxe-injection-vulnerability/
SharePoint XML eXternal Entity (XXE) Injection Vulnerability
‼️ CVE-2024-30043 ‼️
https://cybersecuritynews.com/poc-exploit-xxe-injection-vulnerability/
🔥1
🚨CVE-2024-29849~29852: Veeam’s Backup Nightmare, Full System Access Exposed
⚠Veeam Backup Enterprise Manager has been issued 4 critical vulnerabilities, allowing unauthorized access, account takeover, and data exposure.
💥PoC: https://github.com/sinsinology/CVE-2024-29849
💥Dorks:
Hunter:/product.name="Veeam Backup Enterprise Manager"
FOFA:app="Veeam-Backup-Enterprise-Manager"
SHODAN:http.title:"Veeam Backup Enterprise Manager"
#Veeam #backup #infosec #infosecurity #Infosys #Vulnerability #bugbounty #bugbountytips
⚠Veeam Backup Enterprise Manager has been issued 4 critical vulnerabilities, allowing unauthorized access, account takeover, and data exposure.
💥PoC: https://github.com/sinsinology/CVE-2024-29849
💥Dorks:
Hunter:/product.name="Veeam Backup Enterprise Manager"
FOFA:app="Veeam-Backup-Enterprise-Manager"
SHODAN:http.title:"Veeam Backup Enterprise Manager"
#Veeam #backup #infosec #infosecurity #Infosys #Vulnerability #bugbounty #bugbountytips
🔥1
Cloudflare Resolver
Free online tool. Enter the name of the domain protected by CloudFlare and the service will find subdomains that are not protected by CloudFlare.
https://www.skypeipresolver.net/cloudflare.php
Free online tool. Enter the name of the domain protected by CloudFlare and the service will find subdomains that are not protected by CloudFlare.
https://www.skypeipresolver.net/cloudflare.php
🔥2
🚨cloud_enum🚨
👉Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
🔗https://github.com/initstring/cloud_enum
#bugbounty #bugbountytips
👉Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
🔗https://github.com/initstring/cloud_enum
#bugbounty #bugbountytips
GitHub
GitHub - initstring/cloud_enum: Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud. - initstring/cloud_enum
🔥1
Forwarded from CYBER-BRO Kiberxavfsizlik kompaniyasi
O‘zbekiston Respublikasi "Huquqni muhofaza qilish" akademiyasi negizida "Raqamli kriminalistika ilmiy-tadqiqot" institutini tashkil etish nazarda tutilgan. Institut raqamli kriminalistika sohasida innovatsion tadqiqot va ishlanmalar markaziga aylanishni maqsad qilgan.
Qarorning asosiy jihatlari:
1. Institutga raqamli kriminalistika sohasida sud-tibbiy ekspertiza va tadqiqotlar o‘tkazish vakolati berish;
2. Kiberjinoyatlarni tergov qilish jarayonlariga zamonaviy texnologiyalarni joriy etish. Huquqni muhofaza qilish organlari faoliyati samaradorligini oshirishda “katta hajmli ma’lumotlar” (Big Data) tahlili, sun’iy intellekt va boshqa ilg‘or texnologiyalardan foydalanishga alohida e’tibor qaratish;
3. Huquqni muhofaza qiluvchi organlarga jinoyatlarning raqamli izlarini aniqlash, olib qo‘yish, saqlash va tadqiq etishda amaliy yordam ko‘rsatish;
4. Raqamli kriminalistika bo‘yicha sud ekspertizalarini o‘tkazish usullarini ishlab chiqish va takomillashtirish;
5. Kripto-aktivlar va blokcheyn texnologiyalaridan foydalangan holda sodir etilgan jinoyatlarni aniqlash va tergov qilish usullarini ishlab chiqish;
6. Raqamli kriminalistika sohasida yuqori malakali kadrlar tayyorlash;
7. Kiberjinoyatchilikka qarshi kurashish sohasida xalqaro ilmiy-texnikaviy hamkorlikni kengaytirish.
https://uza.uz/oz/posts/raqamli-kriminalistika-ilmiy-tadqiqot-instituti-tashkil-etiladi_609757
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥1
CVE-2024-34470: An Unauthenticated Path Traversal vulnerability in HSC Mailinspector!
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.
PoC: https://lnkd.in/gK4NHJ4C
Video POC: https://youtube.com/shorts/Ij8nWAZQ978?feature=share
Dorks:
Hunter: web.title=="..:: HSC MailInspector ::.."
FOFA: title=="..:: HSC MailInspector ::.."
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.
PoC: https://lnkd.in/gK4NHJ4C
Video POC: https://youtube.com/shorts/Ij8nWAZQ978?feature=share
Dorks:
Hunter: web.title=="..:: HSC MailInspector ::.."
FOFA: title=="..:: HSC MailInspector ::.."
lnkd.in
LinkedIn
This link will take you to a page that’s not on LinkedIn
🔥1
Forwarded from Turan Security
📢 99% chegirma bilan eng yaxshi Kiber xavfsizlik kurslaridan birini sotib oling❗️
Kurs orqali:
🔍 Veb ilovalar xavfsizligini tekshirish va ularni xavfsizligini ta'minlash;
💻 4 xil labaratoriya orqali amaliy ko'nikmaga ega bo'lish;
🏆 Dars ohirida Pentester yoki Bug bounty hunter kabi xodim bo'lib yetishib chiqish mumkin.
Ushbu kurs Pentest 101, Offensive SQL, Burp Suite 101 darsliklari jamlanmasi hisoblanadi...
O'quvchilar tomonidan natijalar:
☕️ Amazon, Alibaba kabi kompaniyalardan Bug Bounty;
🏆 eWPT, CAP kabi xalqaro sertifikatlar;
Narx:1,200,000 so'm 12,600 so'm
Chegirma muddati: 27-iyun, 11:00 gacha
Kursni chegirma narxida olish uchun bizning Telegram, Youtube kanallarimizga obuna bo'ling va bizga murojaat qiling!
Bog'lanish: @turan_admin
Telegram | Linkedin | Youtube
Kurs orqali:
🔍 Veb ilovalar xavfsizligini tekshirish va ularni xavfsizligini ta'minlash;
💻 4 xil labaratoriya orqali amaliy ko'nikmaga ega bo'lish;
🏆 Dars ohirida Pentester yoki Bug bounty hunter kabi xodim bo'lib yetishib chiqish mumkin.
Ushbu kurs Pentest 101, Offensive SQL, Burp Suite 101 darsliklari jamlanmasi hisoblanadi...
O'quvchilar tomonidan natijalar:
☕️ Amazon, Alibaba kabi kompaniyalardan Bug Bounty;
🏆 eWPT, CAP kabi xalqaro sertifikatlar;
Narx:
Chegirma muddati: 27-iyun, 11:00 gacha
Kursni chegirma narxida olish uchun bizning Telegram, Youtube kanallarimizga obuna bo'ling va bizga murojaat qiling!
Bog'lanish: @turan_admin
Telegram | Linkedin | Youtube
🔥3