[webapps] WordPress Plugin All-in-One Video Gallery plugin 2.4.9 - Local File Inclusion (LFI)
WordPress Plugin All-in-One Video Gallery plugin 2.4.9 - Local File Inclusion (LFI)
https://www.exploit-db.com/exploits/50562
WordPress Plugin All-in-One Video Gallery plugin 2.4.9 - Local File Inclusion (LFI)
https://www.exploit-db.com/exploits/50562
Exploit Database
WordPress Plugin All-in-One Video Gallery plugin 2.4.9 - Local File Inclusion (LFI)
WordPress Plugin All-in-One Video Gallery plugin 2.4.9 - Local File Inclusion (LFI).. webapps exploit for PHP platform
AutoSUID - Linux Privilege Escalation
#PrivilegesEscalating #SUID #Linux
https://reconshell.com/auto-suid-linux-privilege-escalation/
#PrivilegesEscalating #SUID #Linux
https://reconshell.com/auto-suid-linux-privilege-escalation/
Penetration Testing Tools, ML and Linux Tutorials
Auto SUID - Linux Privilege Escalation - Penetration Testing Tools, ML and Linux Tutorials
AutoSUID application is the Open-Source project, the main idea of which is to automate harvesting the SUID executable files and to find a way for further
Vulnerability in Apache Log4j Library Affecting Cisco Products: December 2021
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Vulnerability%20in%20Apache%20Log4j%20Library%20Affecting%20Cisco%20Products:%20December%202021&vs_k=1
On December 9, 2021, the following vulnerability in the Apache Log4j Java logging library affecting all Log4j versions prior to 2.15.0 was disclosed:
CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
For a description of this vulnerability, see the Fixed in Log4j 2.15.0 section (https://logging.apache.org/log4j/2.x/security.html#:~:text=Fixed%20in%20Log4j%202.15.0) of the Apache Log4j Security Vulnerabilities page.
This advisory will be updated as additional information becomes available.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
Security Impact Rating: Critical
CVE: CVE-2021-44228
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Vulnerability%20in%20Apache%20Log4j%20Library%20Affecting%20Cisco%20Products:%20December%202021&vs_k=1
On December 9, 2021, the following vulnerability in the Apache Log4j Java logging library affecting all Log4j versions prior to 2.15.0 was disclosed:
CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
For a description of this vulnerability, see the Fixed in Log4j 2.15.0 section (https://logging.apache.org/log4j/2.x/security.html#:~:text=Fixed%20in%20Log4j%202.15.0) of the Apache Log4j Security Vulnerabilities page.
This advisory will be updated as additional information becomes available.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
Security Impact Rating: Critical
CVE: CVE-2021-44228
Cisco
Cisco Security Advisory: Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021
Critical Vulnerabilities in Apache Log4j Java Logging Library
On December 9, 2021, the following critical vulnerability in the Apache Log4j Java logging library affecting all Log4j2 versions earlier than 2.15.0 was disclosed:
CVE-2021-44228: Apache Log4j2…
On December 9, 2021, the following critical vulnerability in the Apache Log4j Java logging library affecting all Log4j2 versions earlier than 2.15.0 was disclosed:
CVE-2021-44228: Apache Log4j2…
Nueva entrada en el blog THW: https://thehackerway.com/2021/12/15/evil-winrm-shell-sobre-winrm-para-pentesting-en-sistemas-windows-parte-2-de-2/
Seguridad en Sistemas y Técnicas de Hacking. TheHackerWay (THW)
Evil-WinRM: Shell sobre WinRM para pentesting en sistemas Windows – Parte 2 de 2
Demostración en vídeo del post En el post anterior sobre Evil-WinRM he mencionado cómo funciona, los mecanismos de autenticación que se podrían emplear sobre un sistema Windows y cómo hacerlo con l…
Windows AD privilege escalation
CVE-2021-42278
https://reconshell.com/windows-ad-privilege-escalation/
CVE-2021-42278
https://reconshell.com/windows-ad-privilege-escalation/
Resumen CVE #Log4Shell #Log4j
🪳2021-44228 Crit: limitado a v2.x
🪳2021-45046 Crit: DoS en v2.15
🪳2021-4104 Alto: nueva para Log4j 1.x
🪳2021-42550 Mode: nueva para Logback
🪳2021-45105 Alto: DoS en v2.16
🐛Google: más de 35.000 paquetes de Java tienen defectos de Log4j
🪳Vienen más...
ACTUALIZA a Log4j 2.17.0
Info actualizada:
🔗https://blog.segu-info.com.ar/2021/12/resumen-de-todos-los-cve-de-log4j.html
🪳2021-44228 Crit: limitado a v2.x
🪳2021-45046 Crit: DoS en v2.15
🪳2021-4104 Alto: nueva para Log4j 1.x
🪳2021-42550 Mode: nueva para Logback
🪳2021-45105 Alto: DoS en v2.16
🐛Google: más de 35.000 paquetes de Java tienen defectos de Log4j
🪳Vienen más...
ACTUALIZA a Log4j 2.17.0
Info actualizada:
🔗https://blog.segu-info.com.ar/2021/12/resumen-de-todos-los-cve-de-log4j.html
Segu-Info - Ciberseguridad desde 2000
Resumen de todos los CVE de #Log4j: aparecen nuevas vulnerabilidades para v1.x y #Logback. Ya hay nueva versión 2.17.0
Para buscar apps en los hosts o maquinas que usen Java (Log4J)
https://www.rumble.run/blog/finding-log4j/
Y para sacarlo por domain controller
wmic /node:@systems.txt product get name, version, vendor
https://www.rumble.run/blog/finding-log4j/
Y para sacarlo por domain controller
wmic /node:@systems.txt product get name, version, vendor
runZero
How to find applications & services that use Log4J - runZero
A comprehensive guide on how to identify every application, device, and service using the Log4J library with runZero. Try free for 21 days.