Forwarded from APT
This media is not supported in your browser
VIEW IN TELEGRAM
🔥 VMware vRealize Network Insight — Pre-authenticated RCE (CVE-2023-20887)
This post will examine the exploitation process of CVE-2023-20887 in VMware Aria Operations for Networks (formerly known as vRealize Network Insight). This vulnerability comprises a chain of two issues leading to Remote Code Execution (RCE) that can be exploited by unauthenticated attackers.
Exploit:
https://github.com/sinsinology/CVE-2023-20887
Research:
https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/
#VMware #vRealize #rce #cve
This post will examine the exploitation process of CVE-2023-20887 in VMware Aria Operations for Networks (formerly known as vRealize Network Insight). This vulnerability comprises a chain of two issues leading to Remote Code Execution (RCE) that can be exploited by unauthenticated attackers.
Exploit:
https://github.com/sinsinology/CVE-2023-20887
Research:
https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/
#VMware #vRealize #rce #cve
Forwarded from SHADOW:Group
💻 Что поискать на сайте с IIS?
1. Используем shortscan, для поиска коротких (а по возможности и полных) имен файлов и расширений.
2. Проверяем наличие реверс прокси и пробуем directory traversal:
Подробнее можно почитать тут.
3. Когда удастся получить раскрытие файлов, смотрим ключи в
4. Пробуем грузить файлы
#web #iis #rce
1. Используем shortscan, для поиска коротких (а по возможности и полных) имен файлов и расширений.
2. Проверяем наличие реверс прокси и пробуем directory traversal:
/backend/ -> 10.0.0.1/api/
/backend/..%2Ftest -> 10.0.0.1/test
Подробнее можно почитать тут.
3. Когда удастся получить раскрытие файлов, смотрим ключи в
web.conf
и пробуем получить RCE через дисериализацию. Почитать об этом тут.4. Пробуем грузить файлы
.asp
, .aspx
, .ashx
и тд (полный список тут)#web #iis #rce
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from APT
The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387.
The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems.
🔗 Research:
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
🔗 PoC:
https://github.com/7etsuo/cve-2024-6387-poc
#openssh #glibc #rce #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
Ralf Hacker Channel
cve-2024-6387-poc.zip
21.1 KB
Forwarded from APT
This media is not supported in your browser
VIEW IN TELEGRAM
PoC for:
— CVE-2024-38094
— CVE-2024-38024
— CVE-2024-38023
🔗 Source:
https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC
#sharepoint #poc #rce #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from APT
Nagios XI 2024R1.01 has a vulnerability in the
monitoringwizard.php
component, allowing authenticated SQL injection (CVE-2024-24401) that lets attackers create an admin account and remote code execution. 🔗 Source:
https://github.com/MAWK0235/CVE-2024-24401
#nagios #sql #rce #privesc #poc #exploit
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from APT
A critical deserialization vulnerability in .NET Remoting has been discovered in Veeam Backup & Replication, allowing unauthenticated remote code execution (RCE). The flaw affects versions
12.1.2.172
and earlier.🔗 Research:
https://labs.watchtowr.com/veeam-backup-response-rce-with-auth-but-mostly-without-auth-cve-2024-40711-2/
🔗 Source:
https://github.com/watchtowrlabs/CVE-2024-40711
#veeam #backup #deserialization #unauth #rce
Please open Telegram to view this post
VIEW IN TELEGRAM
watchTowr Labs - Blog
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
Every sysadmin is familiar with Veeam’s enterprise-oriented backup solution, ‘Veeam Backup & Replication’. Unfortunately, so is every ransomware operator, given it's somewhat 'privileged position' in the storage world of most enterprise's networks. There's…