MacOS — CVE-2021-30657 (POC)
A vulnerability in syspolicyd allows specially crafted application bundle downloaded from internet to
bypass foundational macOS security features such as File Quarantine, Gatekeeper, and Notarization.
Armed with this capability attackers could hack macOS systems with a simple user (double)-click.
https://github.com/shubham0d/CVE-2021-30657
#macos #poc #cve #syspolicyd
A vulnerability in syspolicyd allows specially crafted application bundle downloaded from internet to
bypass foundational macOS security features such as File Quarantine, Gatekeeper, and Notarization.
Armed with this capability attackers could hack macOS systems with a simple user (double)-click.
https://github.com/shubham0d/CVE-2021-30657
#macos #poc #cve #syspolicyd
GitHub
GitHub - shubham0d/CVE-2021-30657: A sample POC for CVE-2021-30657 affecting MacOS
A sample POC for CVE-2021-30657 affecting MacOS. Contribute to shubham0d/CVE-2021-30657 development by creating an account on GitHub.
APT
Microsoft Exchange Deserialization RCE (CVE-2021–42321) https://peterjson.medium.com/some-notes-about-microsoft-exchange-deserialization-rce-cve-2021-42321-110d04e8852 #exchange #rce #cve #deserialization
Microsoft Exchange Server RCE (PoC)
This PoC just pop
https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398
#exchange #rce #poc
This PoC just pop
mspaint.exe on the target, can be use to recognize the signature pattern of a successful attack eventhttps://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398
#exchange #rce #poc
Gist
PoC of CVE-2021-42321: pop mspaint.exe on the target
PoC of CVE-2021-42321: pop mspaint.exe on the target - CVE-2021-42321_poc.py
This media is not supported in your browser
VIEW IN TELEGRAM
CVE-2021-43267 — Linux TIPC (PoC)
An article on how to escalate privileges via the slab-buffer-overflow in the Transparent Inter-Process Communication (TIPC) module.
Reference:
https://haxx.in/posts/pwning-tipc/
PoC:
https://github.com/ohnonoyesyes/CVE-2021-43267
#poc #cve #linux #lpe
An article on how to escalate privileges via the slab-buffer-overflow in the Transparent Inter-Process Communication (TIPC) module.
Reference:
https://haxx.in/posts/pwning-tipc/
PoC:
https://github.com/ohnonoyesyes/CVE-2021-43267
#poc #cve #linux #lpe
Apache APISIX Dashboard — Unauthorized RCE (CVE-2021-45232)
Attackers can access certain interfaces without logging in to Apache APISIX Dashboard, thus making unauthorized changes or obtaining relevant configuration information such as Apache APISIX Route, Upstream, Service, etc., and cause problems such as SSRF, malicious traffic proxies built by attackers, and arbitrary code execution.
Shodan Dorks:
#apache #apisix #cve #poc
Attackers can access certain interfaces without logging in to Apache APISIX Dashboard, thus making unauthorized changes or obtaining relevant configuration information such as Apache APISIX Route, Upstream, Service, etc., and cause problems such as SSRF, malicious traffic proxies built by attackers, and arbitrary code execution.
Shodan Dorks:
title:"Apache APISIX Dashboard"PoC:
curl http://IP:9000/apisix/admin/migrate/exporthttps://apisix.apache.org/blog/2021/12/28/dashboard-cve-2021-45232/
#apache #apisix #cve #poc
😈 Fortinet RCE (CVE-2022-40684)
Fortinet recently patched a critical authentication bypass vulnerability in their FortiOS, FortiProxy, and FortiSwitchManager projects (CVE-2022-40684). This vulnerability gives an attacker the ability to login as an administrator on the affected system.
Shodan Dork:
product:"Fortinet FortiGate"
Research:
https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/
PoC:
https://github.com/horizon3ai/CVE-2022-40684
Detection for SOC:
https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/
#fortinet #rce #research #poc #exploit
Fortinet recently patched a critical authentication bypass vulnerability in their FortiOS, FortiProxy, and FortiSwitchManager projects (CVE-2022-40684). This vulnerability gives an attacker the ability to login as an administrator on the affected system.
Shodan Dork:
product:"Fortinet FortiGate"
Research:
https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/
PoC:
https://github.com/horizon3ai/CVE-2022-40684
Detection for SOC:
https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/
#fortinet #rce #research #poc #exploit
Horizon3.ai
FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684)
Fortinet recently patched a critical authentication bypass vulnerability that gives an attacker the ability to login as an administrator,
🔥8👍5
😈 Microsoft Exchange: OWASSRF + TabShell
(CVE-2022-41076)
The TabShell vulnerability its a form of Privilege Escalation which allows breaking out of the restricted Powershell Sandbox after you have successfully gained access through OWASSRF.
For a detailed write see research:
https://blog.viettelcybersecurity.com/tabshell-owassrf/
PoC:
https://gist.github.com/testanull/518871a2e2057caa2bc9c6ae6634103e
#owa #ssrf #tabshell #poc
(CVE-2022-41076)
The TabShell vulnerability its a form of Privilege Escalation which allows breaking out of the restricted Powershell Sandbox after you have successfully gained access through OWASSRF.
For a detailed write see research:
https://blog.viettelcybersecurity.com/tabshell-owassrf/
PoC:
https://gist.github.com/testanull/518871a2e2057caa2bc9c6ae6634103e
#owa #ssrf #tabshell #poc
YouTube
Exchange TabShell RCE PoC (CVE-2022-41076)
Copy paste PoC from VCS blog: https://blog.viettelcybersecurity.com/tabshell-owassrf/
🔥9👍2👎1
🎯 GitLab CE/EE Path Traversal Vulnerability (CVE-2023-2825)
On May 23, 2023, GitLab released version 16.0.1, which addressed a critical vulnerability, CVE-2023-2825, impacting both the Community Edition (CE) and Enterprise Edition (EE) version 16.0.0. This vulnerability enables unauthenticated users to read arbitrary files by exploiting a path traversal bug. Additionally, an unauthenticated malicious user can leverage a path traversal vulnerability to read arbitrary files on the server if there is an attachment present in a public project nested within a minimum of five groups.
Shodan Dork:
https://labs.watchtowr.com/gitlab-arbitrary-file-read-gitlab-cve-2023-2825-analysis/
PoC:
https://github.com/Occamsec/CVE-2023-2825
#gitlab #path #traversal #poc #cve
On May 23, 2023, GitLab released version 16.0.1, which addressed a critical vulnerability, CVE-2023-2825, impacting both the Community Edition (CE) and Enterprise Edition (EE) version 16.0.0. This vulnerability enables unauthenticated users to read arbitrary files by exploiting a path traversal bug. Additionally, an unauthenticated malicious user can leverage a path traversal vulnerability to read arbitrary files on the server if there is an attachment present in a public project nested within a minimum of five groups.
Shodan Dork:
application-77ee44de16d2f31b4ddfd214b60b6327fe48b92df7054b1fb928fd6d4439fc7e.css
Research: https://labs.watchtowr.com/gitlab-arbitrary-file-read-gitlab-cve-2023-2825-analysis/
PoC:
https://github.com/Occamsec/CVE-2023-2825
#gitlab #path #traversal #poc #cve
👍7🔥2
Ⓜ️ Metabase Pre-auth RCE
Earlier this week, it was reported that Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 has a vulnerability that allows attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. This vulnerability was designated as CVE-2023-38646.
Research:
https://blog.calif.io/p/reproducing-cve-2023-38646-metabase
PoC:
https://gist.github.com/testanull/a7beb2777bbf550f3cf533d2794477fe
#metabase #cve #poc #rce
Earlier this week, it was reported that Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 has a vulnerability that allows attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. This vulnerability was designated as CVE-2023-38646.
Research:
https://blog.calif.io/p/reproducing-cve-2023-38646-metabase
PoC:
https://gist.github.com/testanull/a7beb2777bbf550f3cf533d2794477fe
#metabase #cve #poc #rce
🔥8👍1