[webapps] OpenBMCS 2.4 - SQLi (Authenticated)
OpenBMCS 2.4 - SQLi (Authenticated)
https://www.exploit-db.com/exploits/50668

[webapps] OpenBMCS 2.4 - Cross Site Request Forgery (CSRF)
OpenBMCS 2.4 - Cross Site Request Forgery (CSRF)
https://www.exploit-db.com/exploits/50667

📃 "Datos que se pueden obtener de las aplicaciones de mensajería cifradas" https://blog.segu-info.com.ar/2021/12/datos-que-se-pueden-obtener-de-las.html

Un ciberataque masivo deja inoperativos varios sitios webs del Gobierno de Ucrania

https://unaaldia.hispasec.com/2022/01/un-ciberataque-masivo-deja-inoperativos-varios-sitios-webs-del-gobierno-de-ucrania.html

Los NFTs y el registro mundial de los dueños de activos digitales en el Metaverso

http://www.elladodelmal.com/2022/01/los-nfts-y-el-registro-mundial-de-los.html

[webapps] OpenBMCS 2.4 - Create Admin / Remote Privilege Escalation
OpenBMCS 2.4 - Create Admin / Remote Privilege Escalation
https://www.exploit-db.com/exploits/50669

Medios de comunicación noruegos son hackeados https://unaaldia.hispasec.com/2022/01/medios-de-comunicacion-noruegos-son-hackeados.html

Próximamente, nuevo canal de Youtube NFT

Multiple Cisco Products Snort Modbus Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-9D3hJLuj?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Cisco%20Products%20Snort%20Modbus%20Denial%20of%20Service%20Vulnerability&vs_k=1

A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit this vulnerability by sending crafted Modbus traffic through an affected device. A successful exploit could allow the attacker to cause the Snort process to hang, causing traffic inspection to stop.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-9D3hJLuj



Security Impact Rating: High



CVE: CVE-2022-20685

[webapps] Rocket LMS 1.1 - Persistent Cross Site Scripting (XSS)
Rocket LMS 1.1 - Persistent Cross Site Scripting (XSS)
https://www.exploit-db.com/exploits/50677

VMSA-2021-0028.9

CVSSv3 Range:9.0-10.0
Issue Date:2021-12-10
Updated On:2022-01-19

CVE(s): CVE-2021-44228, CVE-2021-45046

Synopsis:
VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

https://www.vmware.com/security/advisories/VMSA-2021-0028.html

“IndexedDB Leaks” la nueva vulnerabilidad en Safari

https://unaaldia.hispasec.com/2022/01/indexeddb-leaks-la-nueva-vulnerabilidad-en-safari.html

📃 "Mejores distribuciones de Linux para hacking ético" https://blog.elhacker.net/2021/11/mejores-distribuciones-de-linux-para-hacking-etico-pentest.html
🛠 Kali Linux (Debian)
🛠 ArchStrike (ex ArchAssault)
🛠 BackArch (Arch)
🛠 Demon Linux (Debian)
🛠 BackBox (Ubuntu)
🛠 Parrot OS (Debian)
🛠 CAINE
🛠 Pentoo
🛠 Network Security (NST, Debian)
🛠 Samurai Web Training Framework OWASP (OVA)
🛠 Cyborg Hawk

Vulnerabilidad crítica en plugins WordPress

https://unaaldia.hispasec.com/2022/01/vulnerabilidad-critica-en-plugins-wordpress.html

Nueva vulnerabilidad en SolarWinds es utilizada para aprovechar fallas de Log4j
https://blog.segu-info.com.ar/2022/01/nueva-vulnerabilidad-en-solarwinds-es.html