Bot helps to keep up to date with new CVEs and search new POC's
@pocfather_bot
@pocfather_bot
🔥3
SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.
https://github.com/MegaManSec/SSH-Snake
https://github.com/MegaManSec/SSH-Snake
GitHub
GitHub - MegaManSec/SSH-Snake: SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation…
SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery. - MegaManSec/SSH-Snake
CVE-2023-49070/51467 - Attacking & Defending Apache OFBiz
https://www.prio-n.com/blog/cve-2023-49070-51467-attacking-defending-Apache-OFBiz
https://www.prio-n.com/blog/cve-2023-49070-51467-attacking-defending-Apache-OFBiz
This media is not supported in your browser
VIEW IN TELEGRAM
CVE-2023-36003 (Windows LPE XAML diagnostics API)
Blog: https://m417z.com/Privilege-escalation-using-the-XAML-diagnostics-API-CVE-2023-36003/
PoC: https://github.com/m417z/CVE-2023-36003-POC
Blog: https://m417z.com/Privilege-escalation-using-the-XAML-diagnostics-API-CVE-2023-36003/
PoC: https://github.com/m417z/CVE-2023-36003-POC
🔥4
Writeup for CVE-2023-39143: PaperCut WebDAV Vulnerability
https://www.horizon3.ai/writeup-for-cve-2023-39143-papercut-webdav-vulnerability/
https://www.horizon3.ai/writeup-for-cve-2023-39143-papercut-webdav-vulnerability/
Horizon3.ai
Writeup for CVE-2023-39143: PaperCut WebDAV Vulnerability
Back in Aug. 2023 we released an advisory for CVE-2023-39143, a critical vulnerability that affects Windows installs of the PaperCut NG/MF print management software. Attackers can exploit this…
🔥2
CVE-2023-7028: Gitlab Account Takeover via Password Reset
PoC 1: https://github.com/RandomRobbieBF/CVE-2023-7028
PoC 2: https://github.com/Vozec/CVE-2023-7028
* 16.1 prior to 16.1.5
* 16.2 prior to 16.2.8
* 16.3 prior to 16.3.6
* 16.4 prior to 16.4.4
* 16.5 prior to 16.5.6
* 16.6 prior to 16.6.4
* 16.7 prior to 16.7.2
PoC 1: https://github.com/RandomRobbieBF/CVE-2023-7028
PoC 2: https://github.com/Vozec/CVE-2023-7028
* 16.1 prior to 16.1.5
* 16.2 prior to 16.2.8
* 16.3 prior to 16.3.6
* 16.4 prior to 16.4.4
* 16.5 prior to 16.5.6
* 16.6 prior to 16.6.4
* 16.7 prior to 16.7.2
GitHub
GitHub - RandomRobbieBF/CVE-2023-7028: CVE-2023-7028
CVE-2023-7028. Contribute to RandomRobbieBF/CVE-2023-7028 development by creating an account on GitHub.
👍3🔥1
tRPC Security Research: Hunting for Vulnerabilities in Modern APIs
https://medium.com/@LogicalHunter/trpc-security-research-hunting-for-vulnerabilities-in-modern-apis-b0d38e06fa71
https://medium.com/@LogicalHunter/trpc-security-research-hunting-for-vulnerabilities-in-modern-apis-b0d38e06fa71
Medium
tRPC Security Research: Hunting for Vulnerabilities in Modern APIs
In this write-up, I want to discuss my research on tRPC. Initially, we will review the concepts of tRPC before proceeding to analyse the…
🔥1
How to retrive all information about Windows Extended Rights via LDAP
https://github.com/YuryStrozhevsky/extendedRights
https://github.com/YuryStrozhevsky/extendedRights
GitHub
GitHub - YuryStrozhevsky/extendedRights: How to retrive all information about Windows Extended Rights via LDAP
How to retrive all information about Windows Extended Rights via LDAP - YuryStrozhevsky/extendedRights
🔥2
Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes
https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
Varonis
Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes
Varonis Threat Labs discovered a new Outlook exploit and three new ways to access NTLM v2 hashed passwords.
🔥4
CVE-2024-0517: Google Chrome V8 Out-of-Bounds Write Code Execution
PoC: https://blog.exodusintel.com/2024/01/19/google-chrome-v8-cve-2024-0517-out-of-bounds-write-code-execution/
PoC: https://blog.exodusintel.com/2024/01/19/google-chrome-v8-cve-2024-0517-out-of-bounds-write-code-execution/
Exodus Intelligence
Google Chrome V8 CVE-2024-0517 Out-of-Bounds Write Code Execution - Exodus Intelligence
By Javier Jimenez and Vignesh Rao Overview In this blog post we take a look at a vulnerability that we found in Google Chrome’s V8 JavaScript engine a few months ago. This vulnerability was patched in a Chrome update on 16 January 2024 and assigned CVE-2024…
🔥1
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing - Mobile Hacker
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
Mobile Hacker
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing Mobile Hacker
[update 2024-02-19] This vulnerability can be even used to remotely wipe data of targeted Android smartphone. Using this vulnerability it is possible to guess user lock screen PIN. After five incorrect PINs device is locked out for 30 seconds. This operation…
🔥3
An introduction to reverse engineering .NET AOT applications
https://harfanglab.io/en/insidethelab/reverse-engineering-ida-pro-aot-net/
https://harfanglab.io/en/insidethelab/reverse-engineering-ida-pro-aot-net/
🔥2
CVE-2024-0204: Authentication Bypass in GoAnywhere MFT
Script to create a new admin user in GoAnywhere MFT.
https://github.com/horizon3ai/CVE-2024-0204
https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-
Script to create a new admin user in GoAnywhere MFT.
https://github.com/horizon3ai/CVE-2024-0204
https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-
GitHub
GitHub - horizon3ai/CVE-2024-0204: Authentication Bypass in GoAnywhere MFT
Authentication Bypass in GoAnywhere MFT. Contribute to horizon3ai/CVE-2024-0204 development by creating an account on GitHub.
🔥2
Linux Kernel GSM Multiplexing Race Condition Local Privilege Escalation Vulnerability (CVE-2023-6546)
https://github.com/Nassim-Asrir/ZDI-24-020/
https://github.com/Nassim-Asrir/ZDI-24-020/
GitHub
GitHub - zerozenxlabs/ZDI-24-020
Contribute to zerozenxlabs/ZDI-24-020 development by creating an account on GitHub.
🔥2
Android-based PAX POS vulnerabilities (Part 1) - STM Cyber Blog
https://blog.stmcyber.com/pax-pos-cves-2023/
https://blog.stmcyber.com/pax-pos-cves-2023/
STM Cyber Blog
Android-based PAX POS vulnerabilities (Part 1) - STM Cyber Blog
In this article, we present details of 6 vulnerabilities on the Android POS devices made by the worldwide known company PAX Technology.