The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must
Loading
Latest
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands. CVE-2024-45519 is a vulnerability in Zimbra Collaboration (ZCS) that allows unauthenticated users to execute commands through the postjournal service. This guide walks you through setting
Nortek Linear eMerge E3 (CVE-2024-9441), which is vulnerable to Remote Code Execution (RCE) in a pre-authentication state. The vulnerability is triggered via a flaw in the password recovery feature, which allows an attacker to inject malicious PHP code into the system, leading to arbitrary code execution. This PoC allows you to: Vulnerability Details:
Zimbra, a widely used email and collaboration platform, recently released a critical security update addressing a severe vulnerability in its postjournal service. This vulnerability, identified as CVE-2024-45519, allows unauthenticated attackers to execute arbitrary commands on affected Zimbra installations. In this blog post, we delve into the nature of this vulnerability, our journey in analyzing the patch, and
Office URI Schemes Previously, a method for capturing NTLMv2 hashes over SMB using the Office URI Schemes was shared LINK. This is the inspiring point for me. If we look Office URI Schemes page, we can see that usage of https:// protocol within URI scheme. This situation indicates that http:// can also potentially be used. Capturing the NTLMv2 hash over HTTP is
NanoCore is an example of a RAT, which is a type of malware designed to provide an attacker with access to and control over an infected machine. Like most RATs, NanoCore provides a wide range of capabilities, including: NanoCore is one of the leading malware variants currently in operation. In fact, it was number ten
CVE-2024-7965 affects the V8 JavaScript engine used in Google Chrome. This zero-day vulnerability stems from a flawed implementation that allows attackers to exploit heap corruption through specially crafted HTML pages. With a CVSS score of 8.8, it poses a serious threat to the confidentiality and integrity of affected systems. First discovered by the security researcher known as
An attacker with authenticated access to VICIdial as an “agent” can execute arbitrary shell commands as the “root” user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective. This repository contains a combined exploit for two critical vulnerabilities discovered in VICIdial by KoreLogic: These vulnerabilities allow an attacker to retrieve
676Examine the Potential of Remote Administration. Remote Support. Remote Monitoring. Penetration Testing. PASSWORD: ONIMAI FUCKERS FUCKING ONIMAIOffensive Remote Administration & Pentesting ToolFeatures:
CVE-2024-44000 is a vulnerability in the LiteSpeed Cache plugin, a popular WordPress plugin. This vulnerability affects session management in LiteSpeed Cache, allowing attackers to gain unauthorized access to sensitive data.The script works in the following steps: If the response includes a 302 Redirect with a Location header containing the wp-admin path, it considers the hijacking successful. The script generates URLs with
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. Potential impact : Exploitation of CVE-2024-28987 could allow an attacker to bypass security policies implemented in SolarWinds Web Help Desk, which could result in unauthorized access to sensitive data, modification
Discovered and reported a vulnerability in wappd, a network daemon that is a part of the MediaTek MT7622/MT7915 SDK and RTxxxx SoftAP driver bundle. This chipset is commonly used on embedded platforms that support Wifi6 (802.11ax) including Ubiquiti, Xiaomi, and Netgear devices. As is the case for a handful of other bugs I’ve found, I originally
CVE-2024-7029 highlights a severe security issue in AVTech devices, where attackers can bypass authentication and execute arbitrary commands remotely. This vulnerability poses significant risks to the integrity and security of affected networks. 💀 Vulnerability OverviewCVE-2024-7029 is a critical security flaw in AVTech devices that allows unauthorized access through authentication bypass, potentially leading to remote code
721📱 Compatible with all devices🔓 Bypass Play Store Signature📦 The bypass does not depend on APK files outside the Play Store🛡 100% FUD APK file💸 Money back guarantee if the bypass doesn’t work🔒 No screen permissions required🚫 No permission requests when installing APKs on your device
Fully automated exploit for CVE-2024-25641. When a user is authenticated, Cacti version 1.2.26 is vulnerable to an arbitrary file write vulnerability, exploitable through the “Package Import” feature, allows authenticated users having the “Import Templates” permission to execute arbitrary PHP code on the web server (RCE). Cacti provides an operational monitoring and fault management framework. Prior
poc for CVE-2024-38063, a RCE in tcpip.sys patched on August 13th 2024. usage Modify the fields in the script: Run the script: The easiest way to reproduce the vuln is by using bcdedit /set debug on and restarting the machine/VM. This makes the default network adapter driver kdnic.sys, which is very happy to coalesce packets. If you’re trying to
242XSSLite is an information stealer. It was developed as part of a monetary prize-driven competition held on a Russian hacker forum. There are several variants of this malware; the original version written in the C# programming language was made available for free by the developers, while another variant was created by rewriting the stealer in C++. XSSLite was
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1. The LiteSpeed Cache plugin’s user simulation feature is protected by a weak security hash generated using predictable values. An attacker can exploit this vulnerability by brute-forcing the security hash and passing it in a
A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-38793-PoC Proof of Concept code for exploitation of CVE-2024-38793 (Best Restaurant Menu by PriceListo <= 1.4.1 – Authenticated (Contributor+) SQL Injection). This is a proof of concept exploit for the vulnerability CVE-2024-38793, an SQL injection vulnerability for versions of the WordPress plugin Best Restaurant Menu a.k.a Great Restaurant Menu WP before 1.4.2. The vulnerability occurs because of a
A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. This repository
Subscribe & Follow
