CVE-2022-22954 #VMware Workspace ONE Access freemarker #SSTI
https://github.com/bewhale/CVE-2022-22954

windows #spooler service #LPE which was patched on #patchtuesday

https://github.com/grigoritchy/pocs/tree/main/windows/spooler-splenumforms-iov

Exploiting Struts RCE on 2.5.26
for fix problem should upgrade to 2.5.30
https://mc0wn.blogspot.com/2021/04/exploiting-struts-rce-on-2526.html

APT Cyber Tools Targeting ICS/SCADA Devices:
https://www.cisa.gov/uscert/ncas/alerts/aa22-103a
lateral movement and disrupt critical devices in ICS network:
https://github.com/stong/CVE-2020-15368

Now reFlutter not only allows you to monitor traffic, but also shows absolute offsets of the functions in the target Android or iOS application. Root is not required.
https://github.com/Impact-I/reFlutter

CVE-2022-1329
WordPress-Elementor-3.6.0-3.6.1-3.6.2
type: RCE
#wordpress #rce

Microsoft Sharepoint RCE (CVE-2022-22005)

https://hnd3884.github.io/posts/cve-2022-22005-microsoft-sharepoint-RCE/

#sharepoint #rce

A proof-of-concept WordPress plugin fuzzer

https://github.com/kazet/wpgarlic#usage-cheatsheet

#wordpress #redteam #BugBounty

WatchGuard Pre-Auth RCE - CVE-2022-26318

https://blog.assetnote.io/2022/04/13/watchguard-firebox-rce/
#watchgaurd #rce

cve-2022-29072
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.

https://github.com/kagancapar/CVE-2022-29072
#7zip #lpe

Use-After-Free Exploit in HackSysExtremeVulnerableDriver
https://sophieboyle.github.io/2022/04/09/HEVD-UAF-Exploit.html
https://github.com/hacksysteam/HackSysExtremeVulnerableDriver
#LPE

A Python based gitleaks wrapped tool to enable scanning of multiple Gitlab repositories in parallel.
https://github.com/codekuu/Gitlab-Scanner
#Gitlab #scanner

Inspired by 7-Zip CVE-2022-29072 this vulnerability also exist in XVI32
by: will dormann

https://twitter.com/wdormann/status/1516217431437500419?s=21&t=f9YqLUEf65ykpDUdF5MCYw

7zip: https://news.1rj.ru/str/Peneter_Tools/305

Security Researcher Maddie stone from google’s Project Zero has published a blog to review in-the-wild 0-days exploits discovered in 2021:

I added Pocs or available exploits for easier access

Blog :

https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html


Exploits:


RCE in #Apache HTTP CVE-2021-41773

https://github.com/thehackersbrain/CVE-2021-41773


14 in Google #Chrome

6 JavaScript Engine - v8 (CVE-2021-21148, CVE-2021-30551, CVE-2021-30563, CVE-2021-30632, CVE-2021-37975, CVE-2021-38003)

https://github.com/xmzyshypnc/CVE-2021-30551

https://github.com/Phuong39/PoC-CVE-2021-30632

https://github.com/github/securitylab/tree/main/SecurityExploits/Chrome/v8/CVE-2021-37975

2 DOM Engine - Blink (CVE-2021-21193 & CVE-2021-21206)

1 WebGL (CVE-2021-30554)

1 IndexedDB (CVE-2021-30633)

1 webaudio (CVE-2021-21166)

1 Portals (CVE-2021-37973)

1 Android Intents (CVE-2021-38000)

1 Core (CVE-2021-37976)



7 in Webkit #safari

4 Javanoscript Engine - JavaScript Core (CVE-2021-1870, CVE-2021-1871, CVE-2021-30663, CVE-2021-30665)

1 IndexedDB (CVE-2021-30858)

1 Storage (CVE-2021-30661)

1 Plugins (CVE-2021-1879)



4 in #IE

MSHTML browser engine (CVE-2021-26411, CVE-2021-33742, CVE-2021-40444)

Javanoscript Engine - JScript9 (CVE-2021-34448)


10 in #Windows

2 Enhanced crypto provider (CVE-2021-31199, CVE-2021-31201)

2 NTOS kernel (CVE-2021-33771, CVE-2021-31979)

2 Win32k (CVE-2021-1732, CVE-2021-40449)

https://github.com/Al1ex/WindowsElevation/tree/master/CVE-2021-1732

https://github.com/Kristal-g/CVE-2021-40449_poc

1 Windows update medic (CVE-2021-36948)

1 SuperFetch (CVE-2021-31955)

https://github.com/freeide/CVE-2021-31955-POC

1 dwmcore.dll (CVE-2021-28310)

https://github.com/Rafael-Svechinskaya/IOC_for_CVE-2021-28310/blob/main/Malicious%20Payloads

1 ntfs.sys (CVE-2021-31956)

https://github.com/aazhuliang/CVE-2021-31956-EXP



5 in #iOS and #macOS

IOMobileFrameBuffer (CVE-2021-30807, CVE-2021-30883)

https://github.com/jsherman212/iomfb-exploit

XNU Kernel (CVE-2021-1782 & CVE-2021-30869)

https://github.com/synacktiv/CVE-2021-1782

CoreGraphics (CVE-2021-30860)

https://github.com/jeffssh/CVE-2021-30860

CommCenter (FORCEDENTRY sandbox escape - CVE requested, not yet assigned)



7 in #Android

Qualcomm Adreno GPU driver (CVE-2020-11261, CVE-2021-1905, CVE-2021-1906)

ARM Mali GPU driver (CVE-2021-28663, CVE-2021-28664)

Upstream Linux kernel (CVE-2021-1048, CVE-2021-0920)



5 in Microsoft #Exchange Server

(CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065)

https://github.com/0xAbdullah/CVE-2021-26855

https://github.com/sirpedrotavares/Proxylogon-exploit

https://github.com/hictf/CVE-2021-26855-CVE-2021-27065

(CVE-2021-42321)

https://github.com/DarkSprings/CVE-2021-42321

An open source, lightweight, fast, and cross-platform website vulnerability scanning tool that helps you quickly detect potential website security risks.
https://github.com/hktalent/scan4all

MalSCCM
Tooling for red teams and attackers has long since shifted to .NET, however there are very few tools publicly available for abusing SCCM, making it an attack path that may not be explored as much.
https://labs.nettitude.com/blog/introducing-malsccm/

PoC for an NTLM relay attack dubbed DFSCoerce.
The method leverages the Distributed File System: Namespace Management Protocol (MS-DFSNM) to seize control of a Windows domain.
https://github.com/Wh04m1001/DFSCoerce

It's a Docker Environment for pentesting which having all the required tool for VAPT.
https://github.com/RAJANAGORI/Nightingale
Tools List:
https://owasp.org/www-project-nightingale/