CVE-2024-52052, -053, -054, -055, -056: Multiple vulnerabilitites in Wowza Streaming Engine, 5.1 - 9.4 rating ๐ฅ
Five recent vulnerabilities we almost missed. RCE, stored XSS, file read, file write, and folder deletion - vulnerabilities for every taste!
Search at Netlas.io:
๐ Link: https://nt.ls/8BudC
๐ Dork: http.favicon.hash_sha256:3641ed4d68a0362f1ef45069584a71b0940acfcdb6abf8c13b8fc29837160a81 OR http.headers.server:"WowzaStreamingEngine"
Read more: https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed/
Five recent vulnerabilities we almost missed. RCE, stored XSS, file read, file write, and folder deletion - vulnerabilities for every taste!
Search at Netlas.io:
๐ Link: https://nt.ls/8BudC
๐ Dork: http.favicon.hash_sha256:3641ed4d68a0362f1ef45069584a71b0940acfcdb6abf8c13b8fc29837160a81 OR http.headers.server:"WowzaStreamingEngine"
Read more: https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed/
๐1
This media is not supported in your browser
VIEW IN TELEGRAM
1. Go to
chrome://extensions2. Turn on Developer mode
3. Copy the extension ID
4. Go to
~/Library/Application Support/Google/Chrome/Default/Extensions5. Find the matching
ID then find the manifest.json file!Please open Telegram to view this post
VIEW IN TELEGRAM
๐7
CVE-2024-8932, -8929, -11233, -11236, -11234: Multiple vulnerabilities in PHP, 4.8 - 9.8 rating ๐ฅ
Five vulnerabilities in some PHP versions, which allowing attackers to leak sensitive information, execute arbitrary code, or launch DoS attacks.
More then 700k instances at Netlas.io:
๐ Link 1 (tag, more precisely): https://nt.ls/yIHH8
๐ Dork: tag.php.version:(>=8.1.0 AND <8.1.31) OR tag.php.version:(>=8.2.0 AND <8.2.26) OR tag.php.version:(>=8.3.0 AND <8.3.14)
๐ Link 2 (not tag, all PHP instances): https://nt.ls/9GJlg
๐ Dork: http.headers.x_powered_by:"php" OR http.headers.set_cookie:"PHPSESSID" OR http.headers.server:"PHP"
Vendor's advisories: https://github.com/php/php-src/security
Five vulnerabilities in some PHP versions, which allowing attackers to leak sensitive information, execute arbitrary code, or launch DoS attacks.
More then 700k instances at Netlas.io:
๐ Link 1 (tag, more precisely): https://nt.ls/yIHH8
๐ Dork: tag.php.version:(>=8.1.0 AND <8.1.31) OR tag.php.version:(>=8.2.0 AND <8.2.26) OR tag.php.version:(>=8.3.0 AND <8.3.14)
๐ Link 2 (not tag, all PHP instances): https://nt.ls/9GJlg
๐ Dork: http.headers.x_powered_by:"php" OR http.headers.set_cookie:"PHPSESSID" OR http.headers.server:"PHP"
Vendor's advisories: https://github.com/php/php-src/security
๐3โค2
Black Friday & Cyber Monday Discount at Netlas ๐
Take advantage of our exclusive Black Friday & Cyber Monday deal: 20% off Freelancer and Business subscriptions for both monthly and annual billing cycles!
The best part? This isnโt just a one-time discount โ itโs your forever price as long as your subscription remains active or until base prices are reconsidered ๐ฅ
All you need to claim your forever discount is the code: BFCM2024.
๐ Learn more here: https://nt.ls/2WiQ0
Take advantage of our exclusive Black Friday & Cyber Monday deal: 20% off Freelancer and Business subscriptions for both monthly and annual billing cycles!
The best part? This isnโt just a one-time discount โ itโs your forever price as long as your subscription remains active or until base prices are reconsidered ๐ฅ
All you need to claim your forever discount is the code: BFCM2024.
๐ Learn more here: https://nt.ls/2WiQ0
๐2โค1๐ณ1
CyberWarFare Labs is offering 90% OFF for some of its certifications, perfect especially for those looking for their first certification or to improve your skills. I highly recommend it, especially if you want an affordable option for certifications.
#NotAPaidPromotion
#NotAPaidPromotion
๐4
Please open Telegram to view this post
VIEW IN TELEGRAM
๐4
CVE-2024-11667: Directory Traversal in Zyxel Firewalls, 7.3 ratingโ๏ธ
A vulnerability in the web interface of some firewalls allows an attacker to download or upload files using a special URL.
Search at Netlas.io:
๐ Link: https://nt.ls/agozE
๐ Dork: http.favicon.hash_sha256:9a02f3cf948f9409c25070f2f057b69dda5d0aaf7fa8d056552e8bda8295ca1f
Vendor's advisory: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024
A vulnerability in the web interface of some firewalls allows an attacker to download or upload files using a special URL.
Search at Netlas.io:
๐ Link: https://nt.ls/agozE
๐ Dork: http.favicon.hash_sha256:9a02f3cf948f9409c25070f2f057b69dda5d0aaf7fa8d056552e8bda8295ca1f
Vendor's advisory: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024
๐9โค1๐ฟ1
Please open Telegram to view this post
VIEW IN TELEGRAM
1๐3๐ฅ2โค1
This media is not supported in your browser
VIEW IN TELEGRAM
โItโs the 1st of December Again!โ
Another year is slipping by, but guess what? Thereโs still a whole month left to make it count. For all the bug hunters out there, this is your sign to look back and appreciate how far youโve comeโand to push even harder.
Remember that first bounty? That late-night rush when you cracked a tough challenge? The time you got that โValid Vulnerabilityโ email that made the sleepless nights worth it?
Bug bounty is a journey. Itโs a grind, a game of patience, persistence, and passion. Itโs about falling in love with the processโof learning, breaking, fixing, and growing.
If youโre stuck or frustrated, donโt let it define you. Learn from your misses, keep reading, practicing, and hunting. The next breakthrough might be just a scan, payload, or overlooked endpoint away.
December is the perfect month to reflect and refocus. Write those reports, finish that pending recon, or master a new skill. Close the year knowing you gave it your all.
Letโs finish this year strong, hunters. The worldโs full of bugs waiting to be squashedโand the next one could be yours.
โ๏ธBrutSecurity
#KeepHunting #BugBountyLife #1stDecemberMomentum
Another year is slipping by, but guess what? Thereโs still a whole month left to make it count. For all the bug hunters out there, this is your sign to look back and appreciate how far youโve comeโand to push even harder.
Remember that first bounty? That late-night rush when you cracked a tough challenge? The time you got that โValid Vulnerabilityโ email that made the sleepless nights worth it?
Bug bounty is a journey. Itโs a grind, a game of patience, persistence, and passion. Itโs about falling in love with the processโof learning, breaking, fixing, and growing.
If youโre stuck or frustrated, donโt let it define you. Learn from your misses, keep reading, practicing, and hunting. The next breakthrough might be just a scan, payload, or overlooked endpoint away.
December is the perfect month to reflect and refocus. Write those reports, finish that pending recon, or master a new skill. Close the year knowing you gave it your all.
Letโs finish this year strong, hunters. The worldโs full of bugs waiting to be squashedโand the next one could be yours.
โ๏ธBrutSecurity
#KeepHunting #BugBountyLife #1stDecemberMomentum
2๐14โค5๐ฟ3
Exploit AWS metadata & user data access in Bug Bounty & CTF challenges!
๐ https://github.com/Lu3ky13/Unauthorized-Access-to-Metadata-and-User-Data-like-CTF
#BugBounty #bugbountytip
๐ https://github.com/Lu3ky13/Unauthorized-Access-to-Metadata-and-User-Data-like-CTF
#BugBounty #bugbountytip
๐9
๐Ex-param - an automated tool designed for finding reflected parameters for XSS vulnerabilities
โ https://github.com/rootDR/ex-param
โ https://github.com/rootDR/ex-param
โค7๐3๐ฟ1
This media is not supported in your browser
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ14๐6โค5๐คจ1