#VMware Workspace ONE Access Server-side Template Injection CVE-2022-22954 #SSTI

https://github.com/sherlocksecurity/VMware-CVE-2022-22954/blob/main/CVE-2022-22954.yaml

nuclei Template for Detect:
https://github.com/projectdiscovery/nuclei-templates/pull/4113

Privilege Escalation vulnerability in Amazon Web Service (AWS) VPN Client (CVE-2022-25165).
blog: https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/
POC : https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2022-25166

#nginx 0-day on latest nginx-1.21.6

Github: https://github.com/gamozolabs/nginx_shitpost

by https://twitter.com/gamozolabs

CVE-2022-22954 #VMware Workspace ONE Access freemarker #SSTI
https://github.com/bewhale/CVE-2022-22954

windows #spooler service #LPE which was patched on #patchtuesday

https://github.com/grigoritchy/pocs/tree/main/windows/spooler-splenumforms-iov

Exploiting Struts RCE on 2.5.26
for fix problem should upgrade to 2.5.30
https://mc0wn.blogspot.com/2021/04/exploiting-struts-rce-on-2526.html

APT Cyber Tools Targeting ICS/SCADA Devices:
https://www.cisa.gov/uscert/ncas/alerts/aa22-103a
lateral movement and disrupt critical devices in ICS network:
https://github.com/stong/CVE-2020-15368

Now reFlutter not only allows you to monitor traffic, but also shows absolute offsets of the functions in the target Android or iOS application. Root is not required.
https://github.com/Impact-I/reFlutter

CVE-2022-1329
WordPress-Elementor-3.6.0-3.6.1-3.6.2
type: RCE
#wordpress #rce

Microsoft Sharepoint RCE (CVE-2022-22005)

https://hnd3884.github.io/posts/cve-2022-22005-microsoft-sharepoint-RCE/

#sharepoint #rce

A proof-of-concept WordPress plugin fuzzer

https://github.com/kazet/wpgarlic#usage-cheatsheet

#wordpress #redteam #BugBounty

WatchGuard Pre-Auth RCE - CVE-2022-26318

https://blog.assetnote.io/2022/04/13/watchguard-firebox-rce/
#watchgaurd #rce

cve-2022-29072
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.

https://github.com/kagancapar/CVE-2022-29072
#7zip #lpe

Use-After-Free Exploit in HackSysExtremeVulnerableDriver
https://sophieboyle.github.io/2022/04/09/HEVD-UAF-Exploit.html
https://github.com/hacksysteam/HackSysExtremeVulnerableDriver
#LPE

A Python based gitleaks wrapped tool to enable scanning of multiple Gitlab repositories in parallel.
https://github.com/codekuu/Gitlab-Scanner
#Gitlab #scanner

Inspired by 7-Zip CVE-2022-29072 this vulnerability also exist in XVI32
by: will dormann

https://twitter.com/wdormann/status/1516217431437500419?s=21&t=f9YqLUEf65ykpDUdF5MCYw

7zip: https://news.1rj.ru/str/Peneter_Tools/305

Security Researcher Maddie stone from google’s Project Zero has published a blog to review in-the-wild 0-days exploits discovered in 2021:

I added Pocs or available exploits for easier access

Blog :

https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html


Exploits:


RCE in #Apache HTTP CVE-2021-41773

https://github.com/thehackersbrain/CVE-2021-41773


14 in Google #Chrome

6 JavaScript Engine - v8 (CVE-2021-21148, CVE-2021-30551, CVE-2021-30563, CVE-2021-30632, CVE-2021-37975, CVE-2021-38003)

https://github.com/xmzyshypnc/CVE-2021-30551

https://github.com/Phuong39/PoC-CVE-2021-30632

https://github.com/github/securitylab/tree/main/SecurityExploits/Chrome/v8/CVE-2021-37975

2 DOM Engine - Blink (CVE-2021-21193 & CVE-2021-21206)

1 WebGL (CVE-2021-30554)

1 IndexedDB (CVE-2021-30633)

1 webaudio (CVE-2021-21166)

1 Portals (CVE-2021-37973)

1 Android Intents (CVE-2021-38000)

1 Core (CVE-2021-37976)



7 in Webkit #safari

4 Javanoscript Engine - JavaScript Core (CVE-2021-1870, CVE-2021-1871, CVE-2021-30663, CVE-2021-30665)

1 IndexedDB (CVE-2021-30858)

1 Storage (CVE-2021-30661)

1 Plugins (CVE-2021-1879)



4 in #IE

MSHTML browser engine (CVE-2021-26411, CVE-2021-33742, CVE-2021-40444)

Javanoscript Engine - JScript9 (CVE-2021-34448)


10 in #Windows

2 Enhanced crypto provider (CVE-2021-31199, CVE-2021-31201)

2 NTOS kernel (CVE-2021-33771, CVE-2021-31979)

2 Win32k (CVE-2021-1732, CVE-2021-40449)

https://github.com/Al1ex/WindowsElevation/tree/master/CVE-2021-1732

https://github.com/Kristal-g/CVE-2021-40449_poc

1 Windows update medic (CVE-2021-36948)

1 SuperFetch (CVE-2021-31955)

https://github.com/freeide/CVE-2021-31955-POC

1 dwmcore.dll (CVE-2021-28310)

https://github.com/Rafael-Svechinskaya/IOC_for_CVE-2021-28310/blob/main/Malicious%20Payloads

1 ntfs.sys (CVE-2021-31956)

https://github.com/aazhuliang/CVE-2021-31956-EXP



5 in #iOS and #macOS

IOMobileFrameBuffer (CVE-2021-30807, CVE-2021-30883)

https://github.com/jsherman212/iomfb-exploit

XNU Kernel (CVE-2021-1782 & CVE-2021-30869)

https://github.com/synacktiv/CVE-2021-1782

CoreGraphics (CVE-2021-30860)

https://github.com/jeffssh/CVE-2021-30860

CommCenter (FORCEDENTRY sandbox escape - CVE requested, not yet assigned)



7 in #Android

Qualcomm Adreno GPU driver (CVE-2020-11261, CVE-2021-1905, CVE-2021-1906)

ARM Mali GPU driver (CVE-2021-28663, CVE-2021-28664)

Upstream Linux kernel (CVE-2021-1048, CVE-2021-0920)



5 in Microsoft #Exchange Server

(CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065)

https://github.com/0xAbdullah/CVE-2021-26855

https://github.com/sirpedrotavares/Proxylogon-exploit

https://github.com/hictf/CVE-2021-26855-CVE-2021-27065

(CVE-2021-42321)

https://github.com/DarkSprings/CVE-2021-42321