Video wird geladen...

Video konnte nicht geladen werden

Beim Laden dieses Videos ist ein Problem aufgetreten. Dies könnte an einem vorübergehenden Netzwerkproblem liegen oder das Video ist möglicherweise nicht verfügbar.

CVE-2023-22518 - Improper Authorization Vulnerability In Confluence Data Center and Server Don’t use and never use this vulnerability lightly,because it is a master of data cleaning

ShimizuKawasaki

1,169 subscribers

97,359 Aufrufe • vor 2 Jahren •via X (Twitter)

Anya Rossi• Live Now

Private livecam show

5 Kommentare

Profilbild von CorSch

CorSchvor 2 Jahren

Is this the "delete only" vulnerability? Looks like RCE to me.

Profilbild von ShimizuKawasaki

ShimizuKawasakivor 2 Jahren

clean before and install some plugins to rce

Profilbild von Debug

Debugvor 2 Jahren

Nice work

Profilbild von Sem Jansen

Sem Jansenvor 2 Jahren

Is there any way to get poc?

Profilbild von 뚱이예요

뚱이예요vor 2 Jahren

Can I get a poc for study purposes? I beg you.

Ähnliche Videos

CVE-2023-23397 Simple and dirty PoC of the CVE-2023-23397 vulnerability impacting the Outlook thick client. #CVE #cybersecurity #infosec

CVE-2023-23397 Simple and dirty PoC of the CVE-2023-23397 vulnerability impacting the Outlook thick client. #CVE #cybersecurity #infosec

HackGit

76,809 Aufrufe • vor 3 Jahren

"A Vulnerability to Hack The World" - CVE-2023-4863 The start of a mini series digging into the recent WebP vulnerability. In this first episode, we explore huffman tables!

"A Vulnerability to Hack The World" - CVE-2023-4863 The start of a mini series digging into the recent WebP vulnerability. In this first episode, we explore huffman tables!

LiveOverflow 🔴

44,787 Aufrufe • vor 2 Jahren

CVE-2023-23397 Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability. Details: #infosec #CyberSecurity #Pentesting #redteam

CVE-2023-23397 Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability. Details: #infosec #CyberSecurity #Pentesting #redteam

HackGit

39,726 Aufrufe • vor 3 Jahren

Exfiltrate #WhatsApp chat, or internal data of any Android app, running on Android 12 or 13 by exploiting CVE-2024-0044 vulnerability

Exfiltrate #WhatsApp chat, or internal data of any Android app, running on Android 12 or 13 by exploiting CVE-2024-0044 vulnerability

Mobile Hacker

143,604 Aufrufe • vor 2 Jahren

Never use a persons vulnerability as a weapon during their time of weakness

Never use a persons vulnerability as a weapon during their time of weakness

Inky Johnson

172,619 Aufrufe • vor 2 Jahren

Data Center will use a lot of water, Listen!

Data Center will use a lot of water, Listen!

Johnny Midnight ⚡️

11,749 Aufrufe • vor 1 Monat

The CertiK Skyfall team identified and collaborated with Apple to fix a vulnerability (CVE-2024-27801) in the low-level implementation of NSXPC, affecting all Apple platforms. This vulnerability could have potentially allowed malicious apps to gain unauthorized access to system services or steal user data from certain third-party applications, particularly those with architectures similar to Telegram. Our proof-of-concept attack demonstrated how a malicious app could steal chat history (such as pictures) from Telegram and transfer it to a remote server. Upgrade all your Apple devices and stay safe! Source:

The CertiK Skyfall team identified and collaborated with Apple to fix a vulnerability (CVE-2024-27801) in the low-level implementation of NSXPC, affecting all Apple platforms. This vulnerability could have potentially allowed malicious apps to gain unauthorized access to system services or steal user data from certain third-party applications, particularly those with architectures similar to Telegram. Our proof-of-concept attack demonstrated how a malicious app could steal chat history (such as pictures) from Telegram and transfer it to a remote server. Upgrade all your Apple devices and stay safe! Source:

CertiK

341,467 Aufrufe • vor 2 Jahren

In this video walkthrough, we break down the basic info of CVE-2023-23397 the zero-day, zero-touch vulnerability that was rated 9.8 on the #CVSS scale. Follow this thread as we detail the general exploitation routine of this #vulnerability.

In this video walkthrough, we break down the basic info of CVE-2023-23397 the zero-day, zero-touch vulnerability that was rated 9.8 on the #CVSS scale. Follow this thread as we detail the general exploitation routine of this #vulnerability.

Trend Micro Research

200,099 Aufrufe • vor 3 Jahren

Think of data as a lighthouse: once it’s there, everyone can use it, and your use doesn’t diminish mine. That’s why we don’t leave lighthouse-building to the market — and why government collects & shares economic data.

Think of data as a lighthouse: once it’s there, everyone can use it, and your use doesn’t diminish mine. That’s why we don’t leave lighthouse-building to the market — and why government collects & shares economic data.

Justin Wolfers

31,531 Aufrufe • vor 10 Monaten

Demo of using #BlueDucky to exploit 0-click Bluetooth vulnerability of targeted Android smartphone (CVE-2023-45866) Executed by Raspberry Pi 4 and Android running #NetHunter

Demo of using #BlueDucky to exploit 0-click Bluetooth vulnerability of targeted Android smartphone (CVE-2023-45866) Executed by Raspberry Pi 4 and Android running #NetHunter

Mobile Hacker

129,637 Aufrufe • vor 2 Jahren

Here is ENLBufferPwn (CVE ID pending), a severe vulnerability in many first party 3DS, Wii U and Switch games. It allows remote code execution in a victim console by just having an online game session with an attacker. Vulnerability report: 🧵(1/7)

Here is ENLBufferPwn (CVE ID pending), a severe vulnerability in many first party 3DS, Wii U and Switch games. It allows remote code execution in a victim console by just having an online game session with an attacker. Vulnerability report: 🧵(1/7)

PabloMK7

590,742 Aufrufe • vor 3 Jahren

‼️🚨 This is alarming: Researchers found a one-click data exfiltration vulnerability in M365 Copilot. A single click on a trusted microsoft[.]com link let attackers pull emails, MFA codes, meeting notes, and SharePoint/OneDrive files, no permissions or second click required. Microsoft has patched it as CVE-2026-42824, rated critical.

‼️🚨 This is alarming: Researchers found a one-click data exfiltration vulnerability in M365 Copilot. A single click on a trusted microsoft[.]com link let attackers pull emails, MFA codes, meeting notes, and SharePoint/OneDrive files, no permissions or second click required. Microsoft has patched it as CVE-2026-42824, rated critical.

International Cyber Digest

137,175 Aufrufe • vor 2 Tagen

🚨CVE-2023-20198: Remote Code Execution via File Upload Vulnerability | $15,000 Bounty | PoC Credit:

🚨CVE-2023-20198: Remote Code Execution via File Upload Vulnerability | $15,000 Bounty | PoC Credit:

Dark Web Informer

22,486 Aufrufe • vor 1 Jahr

Streaming data from server to client with "use" in Next.js

Streaming data from server to client with "use" in Next.js

Alex Sidorenko

36,533 Aufrufe • vor 1 Jahr

CVE-2024-34470: Path Traversal vulnerability in HSC Mailinspector Credit:

CVE-2024-34470: Path Traversal vulnerability in HSC Mailinspector Credit:

Dark Web Informer - Cyber Threat Intelligence

20,351 Aufrufe • vor 1 Jahr

How much water do data centres really use in the UK? Sky's technology correspondent Rowland Manthorpe visits a "waterless" data centre in London and reveals how much water data centres use in the UK and why the issue is more complicated than it first appears. 🔗Full report:

How much water do data centres really use in the UK? Sky's technology correspondent Rowland Manthorpe visits a "waterless" data centre in London and reveals how much water data centres use in the UK and why the issue is more complicated than it first appears. 🔗Full report:

Sky News

39,360 Aufrufe • vor 12 Tagen

Do you use a virtual machine to browse dangerous links safely? If you use the Chrome browser inside that virtual machine, is it secure enough? As you might have guessed, the answer is not so much. We chained six unique CVEs from 2023 listed below. • Chrome Renderer RCE : CVE-2023-3079 • Chrome Sandbox Escape : CVE-2023-21674 • LPE in guest OS : CVE-2023-29360 • VMware Info Leak : CVE-2023-34044 • VMware Escape : CVE-2023-20869 • LPE in host OS : CVE-2023-36802

Do you use a virtual machine to browse dangerous links safely? If you use the Chrome browser inside that virtual machine, is it secure enough? As you might have guessed, the answer is not so much. We chained six unique CVEs from 2023 listed below. • Chrome Renderer RCE : CVE-2023-3079 • Chrome Sandbox Escape : CVE-2023-21674 • LPE in guest OS : CVE-2023-29360 • VMware Info Leak : CVE-2023-34044 • VMware Escape : CVE-2023-20869 • LPE in host OS : CVE-2023-36802

Theori

139,539 Aufrufe • vor 2 Jahren

Texas is going from 40 Data Centers to over 400 in the next 2 years - Texas could use 30% of US data center power demand by 2028 - By 2030 the Texas data centers could use 161 billion gallons of water per year - The 400 data centers will use the equivalent of 9 million homes in energy usage every year I don’t want to EVER hear the words climate change ever again

Texas is going from 40 Data Centers to over 400 in the next 2 years - Texas could use 30% of US data center power demand by 2028 - By 2030 the Texas data centers could use 161 billion gallons of water per year - The 400 data centers will use the equivalent of 9 million homes in energy usage every year I don’t want to EVER hear the words climate change ever again

Wall Street Apes

156,289 Aufrufe • vor 1 Monat

🚨CVE-2025-31161: Authentication Bypass Vulnerability in CrushFTP Credit: Exploit:

🚨CVE-2025-31161: Authentication Bypass Vulnerability in CrushFTP Credit: Exploit:

Dark Web Informer

36,563 Aufrufe • vor 1 Jahr

“Facts don’t really matter for the de-growth mob.” — The Washington Post’s James Hohmann The anti–data center hysteria around water was built on a bogus stat about a data center’s water consumption in Chile that was off by a factor of 1,000. All U.S. data centers use less than 0.5% of America’s freshwater. The war on data centers is built on junk math and is funded by China and foreign billionaires!

“Facts don’t really matter for the de-growth mob.” — The Washington Post’s James Hohmann The anti–data center hysteria around water was built on a bogus stat about a data center’s water consumption in Chile that was off by a factor of 1,000. All U.S. data centers use less than 0.5% of America’s freshwater. The war on data centers is built on junk math and is funded by China and foreign billionaires!

Steve Guest

27,687 Aufrufe • vor 1 Monat