RECENT VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
COMPILED BY THE QUALYS VULNERABILITY RESEARCH TEAM

This is a list of recent vulnerabilities for which exploits are available. System administrators can use this list to help in prioritization of their remediation activities. The Qualys Vulnerability Research Team compiles this information based on various exploit frameworks, exploit databases, exploit kits and monitoring of internet activity.

ID: CVE-2022-20083
Title: Out-of-bounds write in Modem 2G/3G CC
Description: In Modem 2G/3G CC, there is a possible out-of-bounds write due to missing bounds check. This could lead to remote code execution when decoding combined FACILITY with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS v3.1 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

ID: CVE-2022-21744
Title: Out-of-bounds write in Modem 2G RR
Description: In Modem 2G RR, there is a possible out-of-bounds write due to missing bounds check. This could lead to remote code execution when decoding GPRS Packet Neighbour Cell Data (PNCD) improper neighboring cell size with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS v3.1 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

ID: CVE-2022-33936
Title: Remote code execution vulnerability in Dell EMC Storage
Description: Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains an RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue; so, Dell recommends customers upgrade at the earliest opportunity.
CVSS v3.1 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

ID: CVE-2022-32449
Title: Command injection vulnerability in TOTOLINK EX300_V2 V4.0.3c.7484
Description: TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet.
CVSS v3.1 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

ID: CVE-2022-31137
Title: Remote code execution vulnerability in Roxy-WI
Description: Roxy-WI is a web interface for managing Haproxy, Nginx, Apache, and Keepalived servers.
Roxy-WI versions older than 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Attackers need not be authenticated to exploit this vulnerability.
CVSS v3.1 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

ID: CVE-2022-25046
Title: Path traversal vulnerability in CWP v0.9.8.1122
Description: A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request.
CVSS v3.1 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

mail.acronis.com is vulnerable to zero day vulnerability CVE-2022-41040

https://hackerone.com/reports/1719719

tryhackme.com/christmas

Don't miss this

#Leaked ⚡️ Red Teaming tryhackme 🧑‍💻

Learn the skills needed to become a Red Team Operator

Use diverse techniques for initial access
Enumerate and persist on targets`
Evade security solutions
Exploit Active Directory

Level: Intermediate | 48 hours

@redteamcollection

├───1 Red Team Fundamentals
│ ├───TryHackMe _ Intro to C2_files
│ ├───TryHackMe _ Red Team Engagements_files
│ ├───TryHackMe _ Red Team Fundamentals_files
│ ├───TryHackMe _ Red Team OPSEC_files
│ └───TryHackMe _ Red Team Threat Intel_files
├───2 Initial Access
│ ├───TryHackMe _ Password Attacks_files
│ ├───TryHackMe _ Phishing_files
│ ├───TryHackMe _ Red Team Recon_files
│ └───TryHackMe _ Weaponization_files
├───3 Post Compromise
│ ├───TryHackMe _ Data Exfiltration_files
│ ├───TryHackMe _ Enumeration_files
│ ├───TryHackMe _ Lateral Movement and Pivoting_files
│ ├───TryHackMe _ The Lay of the land_files
│ ├───TryHackMe _ Windows Local Persistence_files
│ └───TryHackMe _ Windows Privilege Escalation_files
├───4 Host Evasions
│ ├───TryHackMe _ Abusing Windows Internals_files
│ ├───TryHackMe _ AV Evasion_ Shellcode_files
│ ├───TryHackMe _ Bypassing UAC_files
│ ├───TryHackMe _ Evading Logging and Monitoring_files
│ ├───TryHackMe _ Introduction to Antivirus_files
│ ├───TryHackMe _ Introduction to Windows API_files
│ ├───TryHackMe _ Living Off the Land_files
│ ├───TryHackMe _ Obfuscation Principles_files
│ ├───TryHackMe _ Runtime Detection Evasion_files
│ ├───TryHackMe _ Signature Evasion_files
│ └───TryHackMe _ Windows Internals_files
├───5 Network Scurity Evasion
│ ├───TryHackMe _ Firewalls_files
│ ├───TryHackMe _ Network Security Solutions_files
│ └───TryHackMe _ Sandbox Evasion_files
└───6 Compromising AD
├───TryHackMe _ Active Directory Basics_files
├───TryHackMe _ Breaching Active Directory_files
├───TryHackMe _ Credentials Harvesting_files
├───TryHackMe _ Enumerating Active Directory_files
├───TryHackMe _ Exploiting Active Directory_files
├───TryHackMe _ Lateral Movement and Pivoting_files
└───TryHackMe _ Persisting Active Directory_files

XRY Reader to XAMN Viewer transition course

Module 1:
https://bit.ly/2tgjipU

Module 2:
https://bit.ly/2DBrHJc

Module 3:
https://bit.ly/2RSAmfH

Module 4:
https://bit.ly/2N0uZu0

password for the course is “xamnviewer”

CELLEBRITE AND MSAB

Cellebrite magnet link:
magnet:?xt=urn:btih:f881291ab69fff48393ede2e36a4f8fcb4b5bf7a&dn=cellebrite&tr=http%3A%2F%2Ftracker.openbittorrent.com%3A80%2Fannounce&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A6969%2Fannounce&tr=https%3A%2F%2Fopentracker.i2p.rocks%3A443%2Fannounce&tr=udp%3A%2F%2Fopen.stealth.si%3A80%2Fannounce&tr=udp%3A%2F%2Fexodus.desync.com%3A6969%2Fannounce&tr=udp%3A%2F%2Fexodus.desync.com%3A6969%2Fannounce

MSAB download link:
magnet:?xt=urn:btih:0e7d11a34f71887aca3a388795e0b019cca44858&dn=msab.tar.zst&tr=http%3A%2F%2Ftracker.openbittorrent.com%3A80%2Fannounce&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A6969%2Fannounce&tr=https%3A%2F%2Fopentracker.i2p.rocks%3A443%2Fannounce&tr=udp%3A%2F%2Fopen.stealth.si%3A80%2Fannounce&tr=udp%3A%2F%2Fexodus.desync.com%3A6969%2Fannounce&tr=udp%3A%2F%2Fexodus.desync.com%3A6969%2Fannounce

✨
          🧵🟧🟧🟧🟧🟧
          🧵⬜️⬜️🔵⬜⬜
          🧵🟩🟩🟩🟩🟩
          🧵      🌿      
          🧵            🌺
          🧵     🌱        🌸
          🧵 💐
          🧵         🍃       🍀
          🧵
          🧵      🍁         🌺
          🧵
          🧵🍂       🍃    🍂
          🧵                    🌺
          🧵     🌸         
     🛑🛑🛑
  🛑🛑🛑🛑
🛑🛑🛑🛑🛑

◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉
🤎  ⃟🇮🇳☆⋆☆🤎  ⃟🇮🇳☆≛☆🤎 ⃟🇮🇳
◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉


HAPPY  REPUBLIC  DAY 🎁 🍁

◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉
🤎  ⃟🇮🇳☆≛☆🤎  ⃟🇮🇳☆⋆☆🤎 ⃟🇮🇳
◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉◉

💥𝙅𝙖𝙮 𝙃𝙞𝙣𝙙 𝙅𝙖𝙮 𝘽𝙝𝙖𝙧𝙖𝙩💥

🇮🇳𝐇𝐀𝐏𝐏𝐘 74𝐭𝐡 𝐑𝐄𝐏𝐔𝐁𝐋𝐈𝐂 𝐃𝐀𝐘

QRLJacker

QRLJacker is a highly customizable exploitation framework to hijack services that depend on QR Code as an authentication and login method

OWASP's links reference
https://www.owasp.org/index.php/QRLJacking

https://www.owasp.org/index.php/OWASP_QRLJacker

If you want to write your own module
Read here

#webshell
Decode php webshells

https://github.com/XZB-1248/Spark

https://portswigger.net/web-security/certification

CC : vipersec

♂️ Github repositories every Developer should know ♂️


❗️A very popular repo that curates all topics from Development, testing, business, etc, etc.

https://github.com/sindresorhus/awesome


❗️Clean Code JavaScript

https://github.com/ryanmcdermott/clean-code-javascript


❗️Tech Interview Handbook

https://github.com/yangshun/tech-interview-handbook


❗️Developer Roadmaps, articles and resources for developers.

https://github.com/kamranahmedse/developer-roadmap


❗️33 JS Concepts

https://github.com/leonardomso/33-js-concepts


❗️Best websites a programmer should visit

https://github.com/sdmg15/Best-websites-a-programmer-should-visit


❗️Design Resources for Developers

https://github.com/bradtraversy/design-resources-for-developers


❗️Big List of Naughty Strings:

https://github.com/minimaxir/big-list-of-naughty-strings

The repository includes links to various tools, frameworks, and resources that can be used by Red Teamers to conduct attacks, as well as resources for defenders to improve their security posture.

The repository is organized into several categories, including reconnaissance and information gathering, exploitation, post-exploitation, and defense evasion. Each category contains links to various tools and resources that can be used in Red Team Operations.

Some of the tools and frameworks included in the repository are well-known and widely used, such as Metasploit, Cobalt Strike, and Empire. Other tools and frameworks are less well-known but still valuable for Red Team Operations, such as BloodHound, which is used for Active Directory reconnaissance, and GoPhish, which is used for phishing simulations.

In addition to tools and frameworks, the repository also includes links to blogs, articles, and other resources that provide guidance on conducting Red Team Operations and improving overall security posture. These resources cover a wide range of topics, including social engineering, network infrastructure, and application security.

Overall, the "Awesome-Red-Team-Operations" repository is a valuable resource for Red Teamers, defenders, and anyone interested in learning more about cybersecurity.

https://github.com/CyberSecurityUP/Awesome-Red-Team-Operations