🚨 Critical — CVE-2025-10035 (CVSS 10.0): Fortra has disclosed a deserialization flaw in the GoAnywhere MFT License Servlet that can allow remote command-injection.
I've created a #nuclei script to detect vulnerable instances at scale:
https://t.co/tgEvGaFAJh
⚠️⚠️ CVE-2023-52251 and CVE-2024-32030: Remote code execution(RCE) in UI for Apache Kafka
🎯5.8k+ Results are found on the https://t.co/uLIbgJcaq5 nearly year.
FOFA Link🔗: https://t.co/uxvrF68cPQ
FOFA Query: app="UI-for-Apache-Kafka"
PoC🔖: https://t.co/0dIcqvfKdd
#OSINT #FOFA
🚨Alert🚨CVE-2024-37079 & CVE-2024-37080 (CVSS scores: 9.8): Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol!
⚠They could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted network packet
📊34K+ Services are found on https://t.co/g3tSyh1Boc
🔗Hunter Link: https://t.co/jm6vQe2ZzV
📰Refer: https://t.co/CwqlZre3cz
👇Query
Hunter:/product.name="VMware vCenter Server"
FOFA: app="vmware-vCenter"
SHODAN: product:"VMware vCenter Server"
#VMware #hunterhow #infosec #infosecurity #Infosys #Vulnerability
Always test the :83 default port on servers, maybe there is Telerik Report Server, you can take advantage of the newly revealed vulnerability.
#BugBounty#BugBountyTip#CVE-2024-4358 / #CVE-2024-1800
https://t.co/9yEQkk5toi
GIVEAWAY 🎁🎁
It's simple, here are the rules:
🧑💻 Be a hacker
🔁 Retweet
❤️ Like
📝 Fill out the survey
👇 Drop an emoji when done
You could win an entire swag bundle just by filling out the survey 😱
https://t.co/hJToX6cWHq
You guys always ask me how do I find SQL injections, its just simple. Avoid what everyone does and make your own methodology. Here is mine:
1. I don't normally go if the target is just https://t.co/eCSul2K1wx. I always prefer the target with wide scope.
1/n
#BugBounty
🔍 #BugBountyTip:
Found a JS file that's hard to read?
Try deobfuscating it at https://t.co/MNEJWWJvMf. Learn the obfuscation techniques used, as some methods might not be reversible by this tool. 🛠️ Key JS obfuscation techniques:
- Reordering
- Encoding
- Splitting
- Renaming
- Logic Concealing
Dive in and decode! 👍 **#JavaScript #CyberSecurity**
We earned $35,000 in total with @GodfatherOrwa for submissions on @bugcrowd#ItTakesACrowd#Tip:
command `ffuf -w /subdomain_megalist.txt -u 'https://XXXFUZZ[.]target[.]com/' -c -t 350 -mc all -fs 0` also
`https://FUZZXXX[.]target[.]com/`
@Bugcrowd Who’s asking about what wordlist I use
I use mostly
https://t.co/nqlos11edo
and
https://t.co/ZUu1EvaAsn
Important note all the time update your wordlist manually by adding interesting endpoints / dirs that you have
Great weekend on H1 @Hacker0x01
Found /.git/config while fuzzing ( medium )
used GitTools : https://t.co/a0DhwhXhpZ to dump whole .git directory form server
Found DB creds in dumped files which are not accessible directly ( Critical )
#bugbountytip#bugbountytips