Zero-click RCE vulnerability in Hikvision security cameras could lead to network compromise.
https://portswigger.net/daily-swig/zero-click-rce-vulnerability-in-hikvision-security-cameras-could-lead-to-network-compromise
https://portswigger.net/daily-swig/zero-click-rce-vulnerability-in-hikvision-security-cameras-could-lead-to-network-compromise
portswigger.net
Web Application Security, Testing, & Scanning - PortSwigger
PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.
Microsoft Exchange Autodiscover bugs leak 100K Windows credentials
https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-autodiscover-bugs-leak-100k-windows-credentials/
https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-autodiscover-bugs-leak-100k-windows-credentials/
BleepingComputer
Microsoft Exchange Autodiscover bugs leak 100K Windows credentials
Bugs in the implementation of Microsoft Exchange's Autodiscover feature have leaked approximately 100,000 login names and passwords for Windows domains worldwide.
Cisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Aironet%20Access%20Points%20WLAN%20Control%20Protocol%20Packet%20Buffer%20Leak%20Denial%20of%20Service%20Vulnerability&vs_k=1
A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition.
This vulnerability is due to incorrect error handling when an affected device receives an unexpected 802.11 frame. An attacker could exploit this vulnerability by sending certain 802.11 frames over the wireless network to an interface on an affected AP. A successful exploit could allow the attacker to cause a packet buffer leak. This could eventually result in buffer allocation failures, which would trigger a reload of the affected device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL
Security Impact Rating: High
CVE: CVE-2021-34740
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Aironet%20Access%20Points%20WLAN%20Control%20Protocol%20Packet%20Buffer%20Leak%20Denial%20of%20Service%20Vulnerability&vs_k=1
A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition.
This vulnerability is due to incorrect error handling when an affected device receives an unexpected 802.11 frame. An attacker could exploit this vulnerability by sending certain 802.11 frames over the wireless network to an interface on an affected AP. A successful exploit could allow the attacker to cause a packet buffer leak. This could eventually result in buffer allocation failures, which would trigger a reload of the affected device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL
Security Impact Rating: High
CVE: CVE-2021-34740
Cisco
Cisco Security Advisory: Cisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vulnerability
A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition.
This…
This…
Cisco SD-WAN Software Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-maapi-cmdinjec-znUYTuC?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20SD-WAN%20Software%20Command%20Injection%20Vulnerability&vs_k=1
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system of an affected device.
This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to execute commands with root-level privileges.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-maapi-cmdinjec-znUYTuC
Security Impact Rating: Medium
CVE: CVE-2021-34726
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-maapi-cmdinjec-znUYTuC?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20SD-WAN%20Software%20Command%20Injection%20Vulnerability&vs_k=1
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system of an affected device.
This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to execute commands with root-level privileges.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-maapi-cmdinjec-znUYTuC
Security Impact Rating: Medium
CVE: CVE-2021-34726
Cisco
Cisco Security Advisory: Cisco SD-WAN Software Command Injection Vulnerability
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system of an affected device.
This vulnerability is due to…
This vulnerability is due to…
⚙️ "Cómo redirigir fácilmente el tráfico web con Tor" https://noticiasseguridad.com/tutoriales/como-redirigir-facilmente-el-trafico-web-con-tor/
Noticias de seguridad informática, ciberseguridad y hacking
Cómo redirigir fácilmente el tráfico web con Tor
Cómo redirigir fácilmente el tráfico web con Tor - Tutoriales
Forwarded from Bitácora Crackslatinos [Canal]
Udemy_Escuela_Hacker!_Hacking_Wifi_desde_cero_Técnicas_de_Ataque.rar
192.3 MB
Forwarded from Bitácora Crackslatinos [Canal]
Escuela Hacker! Hacking Wifi desde cero
El Curso está enfocado para preparar a los alumnos a realizar test de penetración en su propia red wifi (inalámbrica) y lo mejor de todo es que todo está explicado paso a paso.
Todo el curso permitirá conocer el amplio grado de vulnerabilidades que pueden existir en las redes que se encuentran ofreciendo diversos servicios. El material incluye Videos donde se explica toda la parte práctica y técnica que se necesitan en este ambiente de trabajo y cada configuración y ejemplo es realizado en vivo.
El Curso está enfocado para preparar a los alumnos a realizar test de penetración en su propia red wifi (inalámbrica) y lo mejor de todo es que todo está explicado paso a paso.
Todo el curso permitirá conocer el amplio grado de vulnerabilidades que pueden existir en las redes que se encuentran ofreciendo diversos servicios. El material incluye Videos donde se explica toda la parte práctica y técnica que se necesitan en este ambiente de trabajo y cada configuración y ejemplo es realizado en vivo.
Certificación gratuita en Español, aprovechen antes de que lo quiten.
Saludos.
https://certiprof.com/pages/cyber-security-foundation-csfpc-spanish-cybok?__hstc=753710.530363c1dec60251209b8a5809c5b1ce.1621623656354.1622661518982.1623102407905.14&__hssc=753710.2.1623102407905&__hsfp=35255128
Saludos.
https://certiprof.com/pages/cyber-security-foundation-csfpc-spanish-cybok?__hstc=753710.530363c1dec60251209b8a5809c5b1ce.1621623656354.1622661518982.1623102407905.14&__hssc=753710.2.1623102407905&__hsfp=35255128
[webapps] CMSimple_XH 1.7.4 - Remote Code Execution (RCE) (Authenticated)
CMSimple_XH 1.7.4 - Remote Code Execution (RCE) (Authenticated)
https://www.exploit-db.com/exploits/50367
CMSimple_XH 1.7.4 - Remote Code Execution (RCE) (Authenticated)
https://www.exploit-db.com/exploits/50367
Exploit Database
CMSimple_XH 1.7.4 - Remote Code Execution (RCE) (Authenticated)
CMSimple_XH 1.7.4 - Remote Code Execution (RCE) (Authenticated).. webapps exploit for PHP platform
11 nuevas vulnerabilidades de seguridad en Nagios https://unaaldia.hispasec.com/2021/10/11-nueva-vulnerabilidades-de-seguridad-en-nagios.html
Una al Día
11 nuevas vulnerabilidades de seguridad en Nagios
Publicadas varias vulnerabilidades de seguridad crítica, alta y media en productos Nagios XI descubiertas por Claroty Team82’s.
List of Awesome CobaltStrike Resources
https://reconshell.com/list-of-awesome-cobaltstrike-resources/
https://reconshell.com/list-of-awesome-cobaltstrike-resources/
Explicación del Ransomware. Qué Es y Cómo Funciona
https://esgeeks.com/ransomware-que-es-como-funciona/?feed_id=8947&_unique_id=615877c3d59b6
https://esgeeks.com/ransomware-que-es-como-funciona/?feed_id=8947&_unique_id=615877c3d59b6
EsGeeks
▷ Explicación del Ransomware. Qué Es y Cómo Funciona » EsGeeks
|➨ Qué es el ransomware, cómo cifra o ataca tu información sensible y quiénes son los principales objetivos de los operadores de ransomware.
#OSCP
Preparación para la certificación OSCP
Esta página web contiene recursos online para la certificación, aparte de recomendaciones de parte de alguien que realizó la titulación.
Dentro podremos encontrar una amplia lista de máquinas para practicar y prepararnos mejor.
Recurso:
https://t.co/sPDbLxLHiX?amp=1
Más información sobre OSCP:
https://opendatasecurity.io/certificacion-oscp/
Preparación para la certificación OSCP
Esta página web contiene recursos online para la certificación, aparte de recomendaciones de parte de alguien que realizó la titulación.
Dentro podremos encontrar una amplia lista de máquinas para practicar y prepararnos mejor.
Recurso:
https://t.co/sPDbLxLHiX?amp=1
Más información sobre OSCP:
https://opendatasecurity.io/certificacion-oscp/
start.me
OSCP Prep
A startpage with online resources about OSCP Prep, created by Qiqqa.