β‘CVE-2024-50603: Aviatrix Controller Unauthenticated Command Injection
πhttps://github.com/th3gokul/CVE-2024-50603/
β Join Telegram- https://t.iss.one/brutsecurity
πhttps://github.com/th3gokul/CVE-2024-50603/
β Join Telegram- https://t.iss.one/brutsecurity
β€9
β¨Gitleaks: a tool to detect secrets like passwords, API keys, and tokens in git repositories and files.
β https://t.co/BvaiYNWouP
β https://t.co/BvaiYNWouP
π₯11β€2π1
https://seclists.org/oss-sec/2018/q3/142
These are critical and trivial remote code execution bugs in things like ImageMagick, Evince, GIMP, and most other PDF/PS tools.
https://www.exploit-db.com/exploits/45243Please open Telegram to view this post
VIEW IN TELEGRAM
seclists.org
oss-sec: More Ghostscript Issues: Should we disable PS coders in policy.xml by default?
β€1
CVE-2025-22777: Privilege Escalation in GiveWP WordPress Plugin, 9.8 rating π₯
Unauthenticated PHP Object Injection allows attackers to take control of websites.
Search at Netlas.io:
π Link: https://nt.ls/amyWM
π Dork: http.body:"plugins/give/assets/dist"
Read more: https://patchstack.com/articles/critical-vulnerability-patched-in-givewp-plugin/
Unauthenticated PHP Object Injection allows attackers to take control of websites.
Search at Netlas.io:
π Link: https://nt.ls/amyWM
π Dork: http.body:"plugins/give/assets/dist"
Read more: https://patchstack.com/articles/critical-vulnerability-patched-in-givewp-plugin/
π6
PoC collection of Atlassian(Jira, Confluence, Bitbucket) products and Jenkins, Solr, Nexus,etc
github.com/shadowsock5/Poc
github.com/shadowsock5/Poc
β€6π3
βοΈ Exciting News for Aspiring Bug Hunters! βοΈ
π₯ Enrollments are now open for Brut Ethical Hacking and Basic to Advanced Web Penetration Testing (Bug Bounty) courses, starting January 2025!
Course Highlights:
β’ Comprehensive training on Business Logic, SQL Injection, and more.
β’ 40 hours of live, online sessions.
β’ Practical, hands-on exercises to master real-world vulnerabilities.
β’ Pathway to becoming a skilled bug hunter and advancing your cybersecurity career.
π Classes Begin: January 2025 (PAID COURSE)
π Contact: Whatsapp for details and enrollment.
π Visit: Brut Security
π₯ Enrollments are now open for Brut Ethical Hacking and Basic to Advanced Web Penetration Testing (Bug Bounty) courses, starting January 2025!
Course Highlights:
β’ Comprehensive training on Business Logic, SQL Injection, and more.
β’ 40 hours of live, online sessions.
β’ Practical, hands-on exercises to master real-world vulnerabilities.
β’ Pathway to becoming a skilled bug hunter and advancing your cybersecurity career.
Please open Telegram to view this post
VIEW IN TELEGRAM
WhatsApp.com
Brut Security
Business Account
β€6π1
CVE-2025-21598: Out-of-bounds Read in Juniper Junos OS, 8.2 ratingβοΈ
An out-of-bouds read vulnerability in the RDP daemon, fixed last week, could potentially lead to DoS.
Search at Netlas.io:
π Link: https://nt.ls/HqWq2
π Dork: http.title:"Juniper"
Vendor's advisory: https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-traceoptions-are-configured-receipt-of-malformed-BGP-packets-causes-RPD-to-crash-CVE-2025-21598
An out-of-bouds read vulnerability in the RDP daemon, fixed last week, could potentially lead to DoS.
Search at Netlas.io:
π Link: https://nt.ls/HqWq2
π Dork: http.title:"Juniper"
Vendor's advisory: https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-traceoptions-are-configured-receipt-of-malformed-BGP-packets-causes-RPD-to-crash-CVE-2025-21598
π3
β‘οΈLazyXss - Cross site scriptiong Testing Automation Tool v1.2
β Link: github.com/iamunixtz/LazyXss
β Link: github.com/iamunixtz/LazyXss
β€12π1
π» All About Bug Bounty - Updated!
π₯https://github.com/daffainfo/AllAboutBugBounty
#BugBounty #bugbountytips
π₯https://github.com/daffainfo/AllAboutBugBounty
#BugBounty #bugbountytips
1β€14π4π₯2
CVE-2025-0066, -0070 and other: Multiple vulnarabilities in SAP, 2.2 - 9.9 rating π₯π₯π₯
Several vulnerabilities in SAP services for every taste and color: SQLi, Improper Authentication, DLL Hijacking, etc.
Search at Netlas.io:
π Link: https://nt.ls/zbP5e
π Dork: http.headers.server:"SAP"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/january-2025.html
Several vulnerabilities in SAP services for every taste and color: SQLi, Improper Authentication, DLL Hijacking, etc.
Search at Netlas.io:
π Link: https://nt.ls/zbP5e
π Dork: http.headers.server:"SAP"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/january-2025.html
π9
Exploiting Leaked Zoom Meeting Links via Wayback Machine.pdf
85.1 KB
π‘ Bug Bounty Tip: Exploiting Leaked Zoom Meeting Links via Wayback Machine
π° Credit: Shivam Kumar Singh
π° Credit: Shivam Kumar Singh
π₯13π4πΏ1