CVE-2023-21823:
Windows Graphics Component RCE
https://github.com/Elizarfish/CVE-2023-21823
CVE-2023-6875:
WordPress POST SMTP Mailer 2.8.7 Authorization Bypass / Cross Site Scripting
https://github.com/UlyssesSaicha/CVE-2023-6875
Windows Graphics Component RCE
https://github.com/Elizarfish/CVE-2023-21823
CVE-2023-6875:
WordPress POST SMTP Mailer 2.8.7 Authorization Bypass / Cross Site Scripting
https://github.com/UlyssesSaicha/CVE-2023-6875
(Remote Code Execution) Vulnerability In #Confluence Data Center and Confluence Server with #CVSS v3: 10/10
Severity:
Atlassian rates the severity level of this vulnerability as critical (10.0 with the following vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) per our internal assessment.
This is our assessment, and you should evaluate its applicability to your own IT environment.
Affected Versions:
This RCE (Remote Code Execution) vulnerability affects out-of-date Confluence Data Center and Server 8 versions released before Dec. 5, 2023 as well as 8.4.5 which no longer receives backported fixes in accordance with our Security Bug Fix Policy. Atlassian recommends patching to the latest version.
Note: 7.19.x LTS versions are not affected by this vulnerability
Product
Confluence Data Center and Server
Affected Versions
8.0.x
8.1.x
8.2.x
8.3.x
8.4.x
8.5.0-8.5.3
https://www.opencve.io/cve/CVE-2023-22527
https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html
PoC: https://github.com/Avento/CVE-2023-22527_Confluence_RCE
Severity:
Atlassian rates the severity level of this vulnerability as critical (10.0 with the following vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) per our internal assessment.
This is our assessment, and you should evaluate its applicability to your own IT environment.
Affected Versions:
This RCE (Remote Code Execution) vulnerability affects out-of-date Confluence Data Center and Server 8 versions released before Dec. 5, 2023 as well as 8.4.5 which no longer receives backported fixes in accordance with our Security Bug Fix Policy. Atlassian recommends patching to the latest version.
Note: 7.19.x LTS versions are not affected by this vulnerability
Product
Confluence Data Center and Server
Affected Versions
8.0.x
8.1.x
8.2.x
8.3.x
8.4.x
8.5.0-8.5.3
https://www.opencve.io/cve/CVE-2023-22527
https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html
PoC: https://github.com/Avento/CVE-2023-22527_Confluence_RCE
Acunetix Windows v24.1 - 11 Jan 2024
Download:
Too long for a post, refer here:
Enjoy!
Download:
https://ponies.cloud/scanner_web/acunetix/Acunetix-v24.1.240111130-Windows-Pwn3rzs-CyberArsenal.rar
Password: Pwn3rzs
Changelog:Too long for a post, refer here:
https://www.acunetix.com/changelogs/acunetix-premium/v24-1-11-january-2024/
Enjoy!
CVE-2024-20656: Windows LPE in the VSStandardCollectorService150 service
Blog: https://www.mdsec.co.uk/2024/01/cve-2024-20656-local-privilege-escalation-in-vsstandardcollectorservice150-service/
PoC: https://github.com/Wh04m1001/CVE-2024-20656
Blog: https://www.mdsec.co.uk/2024/01/cve-2024-20656-local-privilege-escalation-in-vsstandardcollectorservice150-service/
PoC: https://github.com/Wh04m1001/CVE-2024-20656
Forwarded from The Intercept BR
#QuemMatouMarielle: Ronnie Lessa delatou Domingos Brazão como mandante da morte de Marielle Franco
Por @TheInterceptBr
Por @TheInterceptBr
Intercept Brasil
Domingos Brazão é delatado como mandante da morte de Marielle
Ronnie Lessa, ex-PM preso pela execução, afirmou em delação que crime foi encomendado em março de 2018.
CVE-2023-46316:
Traceroute Privilege Escalation
https://packetstormsecurity.com/files/176660/Traceroute-2.1.2-Privilege-Escalation.html
Linux Kernel GSM Multiplexing Race Condition LPE Vulnerability
https://github.com/Nassim-Asrir/ZDI-24-020
]-> scripts for automatically extracting symbol offsets for Ubuntu/CentOS/RHEL kernels:
https://github.com/Nassim-Asrir/ZDI-24-020/tree/main/symbols
Traceroute Privilege Escalation
https://packetstormsecurity.com/files/176660/Traceroute-2.1.2-Privilege-Escalation.html
Linux Kernel GSM Multiplexing Race Condition LPE Vulnerability
https://github.com/Nassim-Asrir/ZDI-24-020
]-> scripts for automatically extracting symbol offsets for Ubuntu/CentOS/RHEL kernels:
https://github.com/Nassim-Asrir/ZDI-24-020/tree/main/symbols
Private Bug Hunting Methodology
https://github.com/WadQamar10/My-Hunting-Methodology-/tree/main
https://github.com/WadQamar10/My-Hunting-Methodology-/tree/main
GitHub
GitHub - wadgamaraldeen/My-Hunting-Methodology-: My Private Bug Hunting Methodology
My Private Bug Hunting Methodology . Contribute to wadgamaraldeen/My-Hunting-Methodology- development by creating an account on GitHub.
Forwarded from Sputnik Brasil
🚨📱Mídia: PF apreende celulares e notebooks pertencentes a Abin na casa do ex-diretor Ramagem
A Polícia Federal apreendeu seis celulares e quatro notebooks no apartamento funcional do deputado federal Alexandre Ramagem (PL-RJ), sendo que um notebook e um celular encontrados sob posse do parlamentar ainda pertencem à Agência Brasileira de Inteligência (Abin).
A informação foi noticiada pelo jornal O Globo nesta quinta-feira (25). Também foram apreendidos 20 pen-drives e documentos relacionados à agência na residência, além de computadores e documentos no gabinete do parlamentar que também é ex-diretor-geral da Abin.
Mas cedo, de acordo com a PF, também foram feitas buscas em domicílios de servidores suspeitos de envolvimento em atividades de espionagem ilegal. Ao todo foram cumpridas 21 mandados de busca e apreensão em Brasília-DF (18), Juiz de Fora-MG (1), São João Del Rei-MG (1) e Rio de Janeiro-RJ (1).
Siga a @sputnikbrasil no Telegram e tenha acesso a temas não abordados pela grande mídia brasileira
A Polícia Federal apreendeu seis celulares e quatro notebooks no apartamento funcional do deputado federal Alexandre Ramagem (PL-RJ), sendo que um notebook e um celular encontrados sob posse do parlamentar ainda pertencem à Agência Brasileira de Inteligência (Abin).
A informação foi noticiada pelo jornal O Globo nesta quinta-feira (25). Também foram apreendidos 20 pen-drives e documentos relacionados à agência na residência, além de computadores e documentos no gabinete do parlamentar que também é ex-diretor-geral da Abin.
Mas cedo, de acordo com a PF, também foram feitas buscas em domicílios de servidores suspeitos de envolvimento em atividades de espionagem ilegal. Ao todo foram cumpridas 21 mandados de busca e apreensão em Brasília-DF (18), Juiz de Fora-MG (1), São João Del Rei-MG (1) e Rio de Janeiro-RJ (1).
Siga a @sputnikbrasil no Telegram e tenha acesso a temas não abordados pela grande mídia brasileira
Windows CLFS Driver Privilege Escalation
This vulnerability targets the Common Log File System (CLFS) and allows attackers to escalate privileges and potentially fully compromise an organization’s Windows systems. In April 2023, Microsoft released a patch for this vulnerability and the CNA CVE-2023-28252 was assigned.
Affects version:
— Windows 11 21H2 (clfs.sys version 10.0.22000.1574);
— Windows 11 22H2;
— Windows 10 21H2;
— Windows 10 22H2;
— Windows Server 2022.
Research:
https://www.coresecurity.com/core-labs/articles/analysis-cve-2023-28252-clfs-vulnerability
Exploit:
https://github.com/duck-sec/CVE-2023-28252-Compiled-exe
This vulnerability targets the Common Log File System (CLFS) and allows attackers to escalate privileges and potentially fully compromise an organization’s Windows systems. In April 2023, Microsoft released a patch for this vulnerability and the CNA CVE-2023-28252 was assigned.
Affects version:
— Windows 11 21H2 (clfs.sys version 10.0.22000.1574);
— Windows 11 22H2;
— Windows 10 21H2;
— Windows 10 22H2;
— Windows Server 2022.
Research:
https://www.coresecurity.com/core-labs/articles/analysis-cve-2023-28252-clfs-vulnerability
Exploit:
https://github.com/duck-sec/CVE-2023-28252-Compiled-exe
Malware and cryptography 24: encrypt/decrypt file via Madryga
https://cocomelonc.github.io/malware/2024/01/16/malware-cryptography-24.html
https://cocomelonc.github.io/malware/2024/01/16/malware-cryptography-24.html
Vulnerabilidades executadas em Bug Bounty
1️⃣ Remote Code Execution através de Local File Inclusion
2️⃣ Reflected XSS em um subdomínio da American Airlines
3️⃣ Stored XSS no site da Microsoft
@HackingBRA
1️⃣ Remote Code Execution através de Local File Inclusion
2️⃣ Reflected XSS em um subdomínio da American Airlines
3️⃣ Stored XSS no site da Microsoft
@HackingBRA
Breaking Bitlocker - Bypassing the Windows Disk Encryption
https://www.youtube.com/watch?v=wTl4vEednkQ
https://www.youtube.com/watch?v=wTl4vEednkQ
YouTube
Breaking Bitlocker - Bypassing the Windows Disk Encryption
In this video we will use a hardware attack to bypass TPM-based Bitlocker encryption as used on most Microsoft Windows devices.
Errata:
- PIN can also be enabled using manage-bde, not just using group policies
Questions:
- Does this work on TPM2.0? Yes…
Errata:
- PIN can also be enabled using manage-bde, not just using group policies
Questions:
- Does this work on TPM2.0? Yes…
- exploit
CVE-2024-23208:
Apple tvOS Memory Corruption
https://github.com/hrtowii/CVE-2024-23208-test
CVE-2023-35759:
WhatsUp Gold 2022 22.1.0 - XSS
https://packetstormsecurity.com/files/176978/WhatsUp-Gold-2022-22.1.0-Build-39-Cross-Site-Scripting.html
IOS screentime remover using the KFD exploit (WIP)
https://github.com/cintagram/ScreenTimeRemover
CVE-2024-23208:
Apple tvOS Memory Corruption
https://github.com/hrtowii/CVE-2024-23208-test
CVE-2023-35759:
WhatsUp Gold 2022 22.1.0 - XSS
https://packetstormsecurity.com/files/176978/WhatsUp-Gold-2022-22.1.0-Build-39-Cross-Site-Scripting.html
IOS screentime remover using the KFD exploit (WIP)
https://github.com/cintagram/ScreenTimeRemover
MultiDump
This is a post-exploitation tool written in C for dumping and extracting LSASS memory discreetly. MultiDump supports LSASS dump via ProcDump.exe or Comsvc.dll, it offers two modes: a local mode that encrypts and stores the dump file locally, and a remote mode that sends the dump to a handler for decryption and analysis
https://github.com/Xre0uS/MultiDump
This is a post-exploitation tool written in C for dumping and extracting LSASS memory discreetly. MultiDump supports LSASS dump via ProcDump.exe or Comsvc.dll, it offers two modes: a local mode that encrypts and stores the dump file locally, and a remote mode that sends the dump to a handler for decryption and analysis
https://github.com/Xre0uS/MultiDump
MediaTek WLAN Driver Memory Corruption
https://packetstormsecurity.com/files/177011/MediaTek-WLAN-Driver-Memory-Corruption.html
CVE-2023-5178:
NVMe-oF TCP vulnerability
https://github.com/rockrid3r/CVE-2023-5178
https://packetstormsecurity.com/files/177011/MediaTek-WLAN-Driver-Memory-Corruption.html
CVE-2023-5178:
NVMe-oF TCP vulnerability
https://github.com/rockrid3r/CVE-2023-5178