CVE-2024-21338: Windows Admin-to-Kernel LPE
Уязвимы Windows 10 & 11
PoC: https://github.com/hakaioffsec/CVE-2024-21338
Blog: https://hakaisecurity.io/cve-2024-21338-from-admin-to-kernel-through-token-manipulation-and-windows-kernel-exploitation/research-blog/
#lpe #windows #exploit #redteam
Уязвимы Windows 10 & 11
PoC: https://github.com/hakaioffsec/CVE-2024-21338
Blog: https://hakaisecurity.io/cve-2024-21338-from-admin-to-kernel-through-token-manipulation-and-windows-kernel-exploitation/research-blog/
#lpe #windows #exploit #redteam
🔥26👍8😁5
CVE-2024-22120: Time Based SQL Injection in Zabbix Server Audit Log
PoC: https://support.zabbix.com/secure/attachment/236280/236280_zabbix_server_time_based_blind_sqli.py
#exploit #pentest
Affected and fixed version/s:
* 6.0.0 - 6.0.27 / 6.0.28rc1
* 6.4.0 - 6.4.12 / 6.4.13rc1
* 7.0.0alpha1 - 7.0.0beta1 / 7.0.0beta2
Allows to dump any values from database. As an example of exploit above allows privilege escalation from user to admin. In some cases, SQL injection leads to RCE.
PoC: https://support.zabbix.com/secure/attachment/236280/236280_zabbix_server_time_based_blind_sqli.py
#exploit #pentest
🔥22👍5🤯3
CVE-2024-21683: Confluence Auth RCE
https://github.com/W01fh4cker/CVE-2024-21683-RCE
#exploit #git #web
https://github.com/W01fh4cker/CVE-2024-21683-RCE
#exploit #git #web
GitHub
GitHub - W01fh4cker/CVE-2024-21683-RCE: CVE-2024-21683 Confluence Post Auth RCE
CVE-2024-21683 Confluence Post Auth RCE. Contribute to W01fh4cker/CVE-2024-21683-RCE development by creating an account on GitHub.
👍9🔥4
CVE-2024-4577: PHP CGI Argument Injection (RCE)
PoC: https://github.com/watchtowrlabs/CVE-2024-4577
Blog: blog1 & blog2
#exploit #rce
on Windows
PHP 8.3 < 8.3.8
PHP 8.2 < 8.2.20
PHP 8.1 < 8.1.29
PoC: https://github.com/watchtowrlabs/CVE-2024-4577
Blog: blog1 & blog2
#exploit #rce
GitHub
GitHub - watchtowrlabs/CVE-2024-4577: PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC
PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC - watchtowrlabs/CVE-2024-4577
🔥9👍2
CVE-2024-26229: Windows LPE
PATCHED: Apr 9, 2024
https://github.com/RalfHacker/CVE-2024-26229-exploit
P.S. Чуть поправил оригинальный эксплоит
#git #exploit #lpe #pentest #redteam
PATCHED: Apr 9, 2024
https://github.com/RalfHacker/CVE-2024-26229-exploit
P.S. Чуть поправил оригинальный эксплоит
#git #exploit #lpe #pentest #redteam
🔥30👍10
Forwarded from APT
Nagios XI 2024R1.01 has a vulnerability in the
monitoringwizard.php component, allowing authenticated SQL injection (CVE-2024-24401) that lets attackers create an admin account and remote code execution. 🔗 Source:
https://github.com/MAWK0235/CVE-2024-24401
#nagios #sql #rce #privesc #poc #exploit
Please open Telegram to view this post
VIEW IN TELEGRAM
👍25🔥11
CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177: Linux OpenPrinting CUPS RCE
blog: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
PoC: https://github.com/RickdeJager/cupshax
patch:
#exploit #git #pentest #redteam
blog: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
PoC: https://github.com/RickdeJager/cupshax
patch:
sudo systemctl stop cups-browsed
sudo systemctl disable cups-browsed
#exploit #git #pentest #redteam
evilsocket
Attacking UNIX Systems via CUPS, Part I
Hello friends, this is the first of two, possibly three (if and when I have time to finish the Windows research) writeups. We will start with targeting GNU/Linux systems with an RCE. As someone who’s
🔥30😁11👍7
CVE-2024-7479 & CVE-2024-7481: TeamViewer User to Kernel LPE
PoC: https://youtu.be/lUkAMAK-TPI
exploit: https://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481
#lpe #pentest #redteam #exploit
PoC: https://youtu.be/lUkAMAK-TPI
exploit: https://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481
Affected:
* from 15.0.0 before 15.58.4
* from 14.0.0 before 14.7.48796
* from 13.0.0 before 13.2.36225
* from 12.0.0 before 12.0.259312
* from 11.0.0 before 11.0.259311
#lpe #pentest #redteam #exploit
YouTube
TeamViewer User to Kernel Privilege Escalation PoC - CVE-2024-7479 & CVE-2024-7481 - Short Demo
https://www.cve.org/CVERecord?id=CVE-2024-7479
https://www.cve.org/CVERecord?id=CVE-2024-7481
https://www.zerodayinitiative.com/advisories/ZDI-24-1289/
https://www.zerodayinitiative.com/advisories/ZDI-24-1290/
https://www.teamviewer.com/en/resources/trust…
https://www.cve.org/CVERecord?id=CVE-2024-7481
https://www.zerodayinitiative.com/advisories/ZDI-24-1289/
https://www.zerodayinitiative.com/advisories/ZDI-24-1290/
https://www.teamviewer.com/en/resources/trust…
26🔥20👍12😁4
CVE-2024-48990: Linux LPE via needrestart
PATCHED: Nov 19, 2024
PoC: https://github.com/makuga01/CVE-2024-48990-PoC
Info: https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
P.S. Хоть для привеска и нужно дожидаться запуска
#exploit #pentest #redteam #lpe #linux
PATCHED: Nov 19, 2024
PoC: https://github.com/makuga01/CVE-2024-48990-PoC
Info: https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
P.S. Хоть для привеска и нужно дожидаться запуска
needrestart (который стартует, например, при apt upgrade), патчу всего три дня, и он еще не добавлен во все репы Debian)#exploit #pentest #redteam #lpe #linux
👍20🔥9🤯5
CVE-2024-38193: Windows LPE
PATCHED: August 13, 2024
https://github.com/Nephster/CVE-2024-38193
Upd.: https://github.com/killvxk/CVE-2024-38193-Nephster
P.S. Протестил на Win11, работает
#git #exploit #lpe #pentest #redteam
PATCHED: August 13, 2024
Upd.: https://github.com/killvxk/CVE-2024-38193-Nephster
P.S. Протестил на Win11, работает
#git #exploit #lpe #pentest #redteam
🔥41👍11😁6🙏1
CVE-2024-43468: ConfigMgr/SCCM 2403 Unauth SQLi to RCE
PATCHED: Oct 8, 2024
Exploit: https://github.com/synacktiv/CVE-2024-43468
Blog: https://www.synacktiv.com/advisories/microsoft-configuration-manager-configmgr-2403-unauthenticated-sql-injections
#git #exploit #ad #rce #sccm #pentest #redteam
PATCHED: Oct 8, 2024
Exploit: https://github.com/synacktiv/CVE-2024-43468
Blog: https://www.synacktiv.com/advisories/microsoft-configuration-manager-configmgr-2403-unauthenticated-sql-injections
#git #exploit #ad #rce #sccm #pentest #redteam
GitHub
GitHub - synacktiv/CVE-2024-43468
Contribute to synacktiv/CVE-2024-43468 development by creating an account on GitHub.
🔥15👍7🤯3
Вчера пошумел IngressNightmare: Unauth RCE в Ingress NGINX Controller, что может привести к захвату кластера Kubernetes.
Patched: Feb 7, 2025
Blog: https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
PoC: https://github.com/sandumjacob/IngressNightmare-POCs
#rce #kuber #pentest #exploit
Patched: Feb 7, 2025
Blog: https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
PoC: https://github.com/sandumjacob/IngressNightmare-POCs
А вас тоже расстраивают ресерчи без кода PoC??
#rce #kuber #pentest #exploit
👍30🔥7😱6🙏1
CVE-2025-49113: Roundcube (1.6.10) Auth RCE
blog: https://fearsoff.org/research/roundcube
PoC: https://github.com/fearsoff-org/CVE-2025-49113
#exploit #git #pentest #redteam
blog: https://fearsoff.org/research/roundcube
PoC: https://github.com/fearsoff-org/CVE-2025-49113
#exploit #git #pentest #redteam
fearsoff.org
Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization [CVE-2025-49113]
A deep technical breakdown of CVE-2025-49113, a critical Roundcube vulnerability involving PHP session serialization. Learn how the bug was discovered, exploited, and responsibly disclosed with full PoC and recommendations for defenders and developers. Kirill…
🔥16👍7🤯3🥰1😁1
CVE-2025-32756: Fortinet UnAuth RCE
PoC: https://github.com/kn0x0x/CVE-2025-32756-POC
#exploit #git #pentest #redteam
PoC: https://github.com/kn0x0x/CVE-2025-32756-POC
Affected Products: FortiVoice, FortiMail, FortiNDR, FortiRecorder, FortiCamera
#exploit #git #pentest #redteam
👍23🔥5🤔5😁2🥰1
Forwarded from APT
This media is not supported in your browser
VIEW IN TELEGRAM
🩸 CitrixBleed 2 — Citrix NetScaler Memory Leak (CVE-2025-5777)
Critical memory leak vulnerability in Citrix NetScaler ADC/Gateway. Sending malformed POST request with login parameter without value causes server to return ~127 bytes of uninitialized stack memory, including session tokens, enabling MFA bypass and active session hijacking.
🔗 Research:
https://doublepulsar.com/citrixbleed-2-electric-boogaloo-cve-2025-5777-c7f5e349d206
🔗 Source:
https://github.com/win3zz/CVE-2025-5777
#citrix #netscaler #memoryleak #exploit
Critical memory leak vulnerability in Citrix NetScaler ADC/Gateway. Sending malformed POST request with login parameter without value causes server to return ~127 bytes of uninitialized stack memory, including session tokens, enabling MFA bypass and active session hijacking.
🔗 Research:
https://doublepulsar.com/citrixbleed-2-electric-boogaloo-cve-2025-5777-c7f5e349d206
🔗 Source:
https://github.com/win3zz/CVE-2025-5777
#citrix #netscaler #memoryleak #exploit
🔥15👍10😁2