I've found an SSRF vulnerability in the Tumbler plugin for XFCE that works by default in the latest Kali Linux, Debian XFCE, etc.
https://t.co/jI09j12raf
#xfce#kali#debian#ssrf#security#exploit#linux
I've found several vulnerabilities (CVE-2022-29938, CVE-2022-29939, CVE-2022-29940) in LibreHealth EHR 2.0.0.
Write-up:
https://t.co/O8qcwp7FLE
#security#zeroday#librehealth#exploit#poc
Опять проблемы с принтерами у Microsoft. Опубликован эксплойт (не проверял) на CVE-2022–22718, который позволяет поднять права до SYSTEM и добавить нового администратора. Base score по CVSS 8.3 из 10.
https://t.co/x687FEVVgk
#exploit#microsoft
Всем, у кого версия Moodle с 3.11 по 3.11.4, нужно срочно обновиться. В сети гуляет эксплойт, который позволяет получить доступ к базе данных (SQL-инъекция). Отмечайте IT-отделы университетов.
#moodle#security#exploit
https://t.co/ooRdBFxTWn
Когда я говорю, что работаю в сфере информационной безопасности, многие думают, что я охранник. Это все что вам надо знать про cybersecurity awareness в народе.
#иб#инфосек#Awareness#CyberSec#zeroday
Found an unauthenticated SQL injection in Chamilo LMS. Thanks to @chamilonoticias developers, the vuln was fixed quickly! But unfortunately @MITREcorp is ignoring me, and yet didn't assign CVE id for this :(
Details at https://t.co/zEsIe8iwzI
#research#security#chamilo#mitre
The only IT / InfoSec / *OPS open conference in Kazakhstan without advertising and vendors is coming (2 weeks left). Interesting reports from experienced specialists. Hurry up to register (at https://t.co/jIBwPDM9V0)!
#sysconf#security#cybersecurity#opensysconf#Almaty
Found an unauthenticated SQL injection in Chamilo LMS. Thanks to @chamilonoticias developers, the vuln was fixed quickly! But unfortunately @MITREcorp is ignoring me, and yet didn't assign CVE id for this :(
Details at https://t.co/zEsIe8iwzI
#research#security#chamilo#mitre
@KumarKandarp @eLearnSecurity What's good in this certification, that whole things related to the WEB only! But, if you are new on cybersecurity, I recommend you to start with eJPT.
Now I am an eWPTX2!
The exam was exciting! Thanks to @eLearnSecurity for the opportunity to test my knowledge under extreme conditions!
#elearnsecurity#ewptx
@Captain33011@offsectraining Hi! Just buy VIP account at @hackthebox_eu before buying OSCP course. Solve 1-2 machines per day. Then, after 8-12 months, you can buy OSCP course. Also google "OSCP mindmap" and "OSCP cheat sheet". Hope I helped you :)
CVE-2020-29139, CVE-2020-29140, CVE-2020-29142, CVE-2020-29143.
Found multiple SQL injections in OpenEMR 6.0.0-dev, 5.0.2(5).
https://t.co/QOykd6ib30
https://t.co/MynuszhGEl
https://t.co/lE48BqcpjK
https://t.co/IghSZgeBtB
Thanks to @OpenEMR for the quick response and fixes!