We've successfully developed a new PoC exploit for CVE-2024-3400 PAN-OS Command Injection without the Telemetry enablement requirement. Please patch it ASAP π
#CVE-2024-3400
Oops! V.A.R check: Bug collision! Hopefully we'll have better luck next year. Kudos to our guys @ducnt_@tuo4n8@xchym@n3mohb also thanks to ZDI with awesome event.
Collision β The VNG Security Response Center was able to execute a 2-bug chain against the QNAP TS-464. However, the exploit they used was previously known. They still earn $5,000 and 1 Master of Pwn point. #Pwn2Own
Our team has successfully reproduced PoC for CVE-2023-2825 GitLab Arbitrary file read via uploads path traversal. Only effect to GitLab 16.0.0 version. Patch it ASAP ππ.
We're really happy to share our improvements and some experiments for the CookieMonster tool.
Weaponizing Monster for Cookies Attacks: https://t.co/zUlvGEHTkr
Also include burp-extender plugin for burp suite. Hope you guys enjoy it.
~Cheers,
VSRC
Ladies and Gentlemen: The new Dojo opens to welcome black belt Hackers to fight for honor!!! #VSRC
Liferay revisited: A tale of 20k$. https://t.co/Opa58lorMO
Hope you guys enjoy it and stay tuned for more technique writeups / blogs / exploits ... will come.
~Cheers,
VSRC