Latest Infosec News and Articles
- Researcher publishes PoC for Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2021-42287, CVE-2021-42278) https://securityonline.info/researcher-publishes-poc-for-active-directory-domain-services-elevation-of-privilege-vulnerability-cve-2021-42287-cve-2021-42278/
- How i was able to bypass Cloudflare WAF for SQLi payload https://infosecwriteups.com/how-i-was-able-to-bypass-cloudflare-waf-for-sqli-payload-b9e7a4260026
- Remote Deserialization Bug in Microsoft’s RDP Client through Smart Card Extension (CVE-2021-38666) https://thalium.github.io/blog/posts/deserialization-bug-through-rdp-smart-card-extension/
- Reverse Engineering Crypto Functions: AES https://www.goggleheadedhacker.com/blog/post/reversing-crypto-functions-aes
- log4JFrida https://github.com/Ch0pin/log4JFrida
- Windows 10 RCE: The exploit is in the link https://positive.security/blog/ms-officecmd-rce
- Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077 https://github.com/horizon3ai/CVE-2021-44077
- Grafana Unauthorized arbitrary file reading vulnerability https://github.com/jas502n/Grafana-CVE-2021-43798
- Log4Shell: RCE 0-day exploit found in log4j2, a popular Java logging package https://www.lunasec.io/docs/blog/log4j-zero-day/
- T-Reqs HTTP Fuzzer: HTTP Request Smuggling with Differential Fuzzing https://securityonline.info/t-reqs-http-fuzzer-http-request-smuggling-with-differential-fuzzing/
Latest Vulnerabilities, POCs, and Exploit
- Arunna 1.0.0 – ‘Multiple’ Cross-Site Request Forgery (CSRF) https://www.exploit-db.com/exploits/50608
- Booked Scheduler 2.7.5 – Remote Command Execution (RCE) (Authenticated) https://www.exploit-db.com/exploits/50594
- Apache Log4j 2 – Remote Code Execution (RCE) https://www.exploit-db.com/exploits/50592
- Laravel Valet 2.0.3 – Local Privilege Escalation (macOS) https://www.exploit-db.com/exploits/50591
- Apache Log4j2 2.14.1 – Information Disclosure https://www.exploit-db.com/exploits/50590
- WebHMI 4.0 – Remote Code Execution (RCE) (Authenticated) https://www.exploit-db.com/exploits/50589