CVE-2024-11187, -12705: Vulnerabilities in BIND DNS Software, 7.5 rating❗️

Two vulnerabilities in BIND allow DoS against DNS servers, which can be a preparatory step before the main attacks.

Search at Netlas.io:
👉 Link: https://nt.ls/bGSFv
👉 Dork: dns.banner:"BIND" OR dns_tcp.banner:"BIND"

Read more: https://kb.isc.org/docs/cve-2024-12705

ProjectSend IDOR ---> https://t.iss.one/brutsecurity_poc/29

Checking Multiple Subdomains for S3 Buckets
#bugbounty #bugbountytips

0NE 0F MY B.EST FINDlNGS 0F 2024 UPL0ADED lN P0C CHA.NNEL https://t.iss.one/brutsecurity_poc/36

RustScan is a ultra-fast port scanner written In Rust (e.g., can scan 64K ports merely in seconds). It passes the results directly to Nmap for in-depth service enumeration and vulnerability analysis. This integration streamlines workflows by combining RustScan's speed with Nmap's detailed scanning capabilities 😎👇

RustScan is available on #Linux, #macOS and #Android termux

https://github.com/RustScan/RustScan

SubScan: A Chrome Extension for Bug Bounty Hunters

Check it out here:
https://github.com/Ractiurd/SubScan

Bypass WAF using Burp Repeater - Unicode Encoding

Encode payloads into UTF-16 to bypass basic input validation.

CVE-2024-56529: Session Fixation in Mailcow, 7.5 rating❗️

The application does not disable old session IDs, which allows a remote attacker to use existing IDs in the victim's browser.

Search at Netlas.io:
👉 Link: https://nt.ls/AuyJw
👉 Dork: http.title:"mailcow UI"

Vendor's advisory: https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-23c8-4wwr-g3c6