HP ILO 4 1.00-2.50 Authentication Bypass Administrator Account Creation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP iLO 4 1.00-2.50 Authentication Bypass Administrator Account Creation', 'Description' = %q This module exploits an authentication bypass in HP...

Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware

A pair of recently disclosed zero-day flaws in Ivanti Connect Secure ICS virtual private network VPN devices have been exploited to deliver a Rust-based payload called KrustyLoader that's used to drop the open-source Sliver adversary simulation tool. The security vulnerabilities, tracked as...

Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems

Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to execute arbitrary code on an affected device. Tracked as CVE-2024-20253 CVSS score: 9.9, the issue stems...

Backup Migration < 1.3.8 - Unauthenticated RCE

Description The plugin is vulnerable to Remote Code Execution via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated...

Exploit for Untrusted Pointer Dereference in Microsoft

PoC for CVE-2023-29360 Exploit targeting MSKSSRV.S...

Snappy PHAR deserialization vulnerability

Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. To fix this issue, the version 1.4.2 was released with an additional check in the affected function to prevent the usage of the phar:// wrapper...

Hacks at Pwn2Own Vancouver 2023

An impressive array of hacks were demonstrated at the first day of the Pwn2Own conference in Vancouver: On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model ...

GHSA-72P8-V4HG-V45P Weak private key generation in SSH.NET

During an X25519 key exchange, the client’s private is generated with System.Random: cs var rnd = new Random; privateKey = new byteMontgomeryCurve25519.PrivateKeySizeInBytes; rnd.NextBytesprivateKey; Source: KeyExchangeECCurve25519.cs Source commit:...

Weak private key generation in SSH.NET

During an X25519 key exchange, the client’s private is generated with System.Random: cs var rnd = new Random; privateKey = new byteMontgomeryCurve25519.PrivateKeySizeInBytes; rnd.NextBytesprivateKey; Source: KeyExchangeECCurve25519.cs Source commit:...

Sentry 8.2.0 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Sentry 8.2.0 - Remote Code Execution RCE Authenticated Exploit Author: Mohin Paramasivam Shad0wQu35t Vulnerability Discovered By : Clement Berthaux SYNACKTIV Software Link: https://sentry.io/welcome/ Advisory: https://doc.lagout.org/Others/synacktivadvisorysentrypickle.pdf Tested o...

Sentry 8.2.0 Remote Code Execution

Exploit Title: Sentry 8.2.0 - Remote Code Execution RCE Authenticated Date: 22/09/2021 Exploit Author: Mohin Paramasivam Shad0wQu35t Vulnerability Discovered By : Clement Berthaux SYNACKTIV Software Link: https://sentry.io/welcome/ Advisory:...

WordPress Activity Log plugin <= 2.6.1 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Synacktiv in WordPress Activity Log plugin versions = 2.6.1. Solution Update the WordPress Activity Log plugin to the latest available version at least 2.7.0...

Google Hacker Details Zero-Click 'Wormable' Wi-Fi Exploit to Hack iPhones

Google Project Zero white-hat hacker Ian Beer on Tuesday disclosed details of a now-patched critical "wormable" iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi. The exploit makes it possible to "view all the photos,...

CVE-2020-0796 - Windows SMBv3 LPE Exploit #SMBGhost

Windows SMBv3 LPE Exploit Authors Daniel García Gutiérrez @danigargu Manuel Blanco Parajón @dialluvioso References https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 https://www.synacktiv.com/posts/exploit/im-smbghost-daba-dee-daba-da.html...

Exploit for CVE-2019-15846

Exim CVE-2019-15846 =================== PoC materials to exploi...

FreeBSD-SA-19:06.pf

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:06.pf Security Advisory The FreeBSD Project Topic: ICMP/ICMP6 packet filter bypass in pf Category: contrib Module: pf Announced: 2019-05-14 Credits: Synackti...

Old WordPress Plugin Being Exploited in RCE Attacks

Researchers are warning that attackers are abusing a vulnerability in WordPress site admins’ outdated versions of a migration plugin called Duplicator – allowing them to execute remote code. Made by Snap Creek Software, all Duplicator plugins earlier than version 1.2.42 are vulnerable to the...

HP iLO 4 1.00-2.50 Authentication Bypass Administrator Account Creation

This module exploits an authentication bypass in HP iLO 4 1.00 to 2.50, triggered by a buffer overflow in the Connection HTTP header handling by the web server. Exploiting this vulnerability gives full access to the REST API, allowing arbitrary accounts creation. This module requires Metasploit:...

HPE iLO 4 &lt; 2.53 - Add New Administrator User

!/usr/bin/env python """ Exploit trigger was presented @reconbrx 2018 Vulnerability found and documented by synacktiv: https://www.synacktiv.com/posts/exploit/rce-vulnerability-in-hp-ilo.html Original advisory from HP: https://support.hpe.com/hpsc/doc/public/display?docId=hpesbhf03769enus Other...

HPE iLO 4 2.53 - Add New Administrator User

HPE iLO 4 2.53 - Add New Administrator User !/usr/bin/env python """ Exploit trigger was presented @reconbrx 2018 Vulnerability found and documented by synacktiv: https://www.synacktiv.com/posts/exploit/rce-vulnerability-in-hp-ilo.html Original advisory from HP:...