🚨Alert🚨 CVE-2023–29357 CVE-2023–24955 #SharePoint's Pre-Auth RCE chain
🧷https://hunter.how/list?searchValue=protocol.banner%3D%22MicrosoftSharePointTeamServices%22

Dorks 👇👇👇
FOFA app="Microsoft-SharePoint"
Shodan http.headers_hash:-1968878704

💡💡💡Deep-dive from
@starlabs_sg

https://twitter.com/starlabs_sg/status/1706267228436599185
#infosec #infosecurity #Infosys

🚨Alert🚨 CVE-2023-41892 #Craft CMS's CVSS 🔥10.0🔥 Vulnerability
🧷https://hunter.how/list?searchValue=web.body%3D%22SEOmatic%22

Dorks 👇👇👇
FOFA body="SEOmatic"
Shodan http.html:"SEOmatic"

🙌🙌🙌 @chybeta has reproduced this vulnerability
https://twitter.com/chybeta/status/1703685169637704121
#infosec #infosecurity #Infosys

🚨Alert🚨 CVE-2023-37895 Apache Jackrabbit RMI #RCE

🧷https://hunter.how/list?searchValue=web.body%3D%22webdav-jcr.jsp%22

Other Dorks 👇👇👇
FOFA app="Apache-Jackrabbit-JCR-Server"
Shodan http.html:webdav-jcr.jsp

Credit to @Y4er_ChaBug
https://y4er.com/posts/cve-2023-37895-apache-jackrabbit-rmi-rce/
#Infosys #infosec #infosecurity

🚨Alert🚨 CVE-2023-37895 Apache Jackrabbit RMI #RCE

🧷https://hunter.how/list?searchValue=web.body%3D%22webdav-jcr.jsp%22

Other Dorks 👇👇👇
FOFA app="Apache-Jackrabbit-JCR-Server"
Shodan http.html:webdav-jcr.jsp

Credit to @Y4er_ChaBug
https://y4er.com/posts/cve-2023-37895-apache-jackrabbit-rmi-rce/
#Infosys #infosec #infosecurity

🚨Alert🚨 CVE-2023-40068 #WordPress custom field(ACF) plugin #XSS vulnerability

🧷 https://hunter.how/list?searchValue=web.body%3D%22%2Fwp-content%2Fplugins%2Facf-frontend-form-element%2F%22

Dork 👇👇👇
"/wp-content/plugins/acf-frontend-form-element/"

Refer to 📰
https://securityonline.info/wordpress-custom-field-plugin-bug-cve-2023-40068-exposes-1m-sites-to-xss-attacks/
#infosec #infosys #infosecurity

🙅Rejected🙅‍♂️ CVE-2023-39848 Feel free to laugh out loud 🤣🤣🤣, unless your instances are exposed 👀

🧷https://hunter.how/list?searchValue=web.body%3D%22Damn%20Vulnerable%20Web%20Application%20%28DVWA%29%22

Dork 👇👇👇
"Damn Vulnerable Web Application (DVWA)"

https://twitter.com/digininja/status/1692208663329484859
#infosec #infosys #BugBounty

🚨Alert🚨 CVE-2023-26067 #Printer #Lexmark Command Injection
🌻🌻🌻 Credit to
@JamesHorseman2
and
@hacks_zach
. They just give their speech at #DEFCON

🧷https://hunter.how/list?searchValue=product.name%3D%22Lexmark%20Printer%20Firmware%22

https://twitter.com/JamesHorseman2/status/1689739672334094339
#infosec #infosys #BugBounty

🚨Alert🚨 🩹#Microsoft Patch Tuesday🔨⚙️
Critical #RCE in Microsoft Message Queuing Services(#MSMQ)
CVE-2023-35385 CVE-2023-36911 CVE-2023-36910

🧷 https://hunter.how/list?searchValue=ip.port%3D%3D%221801%22%20and%20protocol%3D%3D%22msmq%22

🔖 Refer to:
https://bleepingcomputer.com/news/microsoft/microsoft-august-2023-patch-tuesday-warns-of-2-zero-days-87-flaws/

🍵A must-read on #MSMQ from
@fortinet

https://fortinet.com/blog/threat-research/microsoft-message-queuing-service-vulnerabilities

🚨Alert🚨 CVE-2023-3718 #Aruba CX #Switches #RCE

🧷 https://hunter.how/list?searchValue=web.body%3D%22%2Fassets%2Freact-grid-layout.css%22

👇🏻 Other Dorks👇🏻
FOFA: body="/assets/react-grid-layout.css"
Sodan http.html_hash:-799642671

⚙️Security Advisory⚙️
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbnw04498en_us

#Infosys #infosec #infosecurity #cve

🚨Alert🚨 CVE-2023-35078 #Ivanti(#MobileIron) zero-day was used to hack 🇳🇴 govt IT systems
📎 https://hunter.how/list?searchValue=protocol.banner%3D%22%2Fmics%2Fmics.html%22

Other Dorks
📍FOFA icon_hash="967636089"
📍Shodan http.favicon.hash:"967636089"

Refer to 🗒️:
https://bleepingcomputer.com/news/security/norway-says-ivanti-zero-day-was-used-to-hack-govt-it-systems/
#infosec #CyberSecurity #intelligence