Загрузка видео...

Не удалось загрузить видео

Возникла проблема при загрузке этого видео. Это может быть связано с временными проблемами сети или видео может быть недоступно.

На главную

CVE-2023-22518 - Improper Authorization Vulnerability In Confluence Data Center and Server Don’t use and never use this vulnerability lightly,because it is a master of data cleaning

ShimizuKawasaki

1,172 subscribers

97,432 просмотров • 2 лет назад •via X (Twitter)

Anya Rossi• Live Now

Private livecam show

Комментарии: 5

Фото профиля CorSch

CorSch2 лет назад

Is this the "delete only" vulnerability? Looks like RCE to me.

Фото профиля ShimizuKawasaki

ShimizuKawasaki2 лет назад

clean before and install some plugins to rce

Фото профиля Debug

Debug2 лет назад

Nice work

Фото профиля Sem Jansen

Sem Jansen2 лет назад

Is there any way to get poc?

Фото профиля 뚱이예요

뚱이예요2 лет назад

Can I get a poc for study purposes? I beg you.

Похожие видео

CVE-2023-23397 Simple and dirty PoC of the CVE-2023-23397 vulnerability impacting the Outlook thick client. #CVE #cybersecurity #infosec

CVE-2023-23397 Simple and dirty PoC of the CVE-2023-23397 vulnerability impacting the Outlook thick client. #CVE #cybersecurity #infosec

HackGit

76,809 просмотров • 3 лет назад

"A Vulnerability to Hack The World" - CVE-2023-4863 The start of a mini series digging into the recent WebP vulnerability. In this first episode, we explore huffman tables!

"A Vulnerability to Hack The World" - CVE-2023-4863 The start of a mini series digging into the recent WebP vulnerability. In this first episode, we explore huffman tables!

LiveOverflow 🔴

44,787 просмотров • 2 лет назад

CVE-2023-23397 Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability. Details: #infosec #CyberSecurity #Pentesting #redteam

CVE-2023-23397 Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability. Details: #infosec #CyberSecurity #Pentesting #redteam

HackGit

39,726 просмотров • 3 лет назад

Exfiltrate #WhatsApp chat, or internal data of any Android app, running on Android 12 or 13 by exploiting CVE-2024-0044 vulnerability

Exfiltrate #WhatsApp chat, or internal data of any Android app, running on Android 12 or 13 by exploiting CVE-2024-0044 vulnerability

Mobile Hacker

143,609 просмотров • 2 лет назад

Never use a persons vulnerability as a weapon during their time of weakness

Never use a persons vulnerability as a weapon during their time of weakness

Inky Johnson

172,619 просмотров • 2 лет назад

Data Center will use a lot of water, Listen!

Data Center will use a lot of water, Listen!

Johnny Midnight ⚡️

11,749 просмотров • 1 месяц назад

The CertiK Skyfall team identified and collaborated with Apple to fix a vulnerability (CVE-2024-27801) in the low-level implementation of NSXPC, affecting all Apple platforms. This vulnerability could have potentially allowed malicious apps to gain unauthorized access to system services or steal user data from certain third-party applications, particularly those with architectures similar to Telegram. Our proof-of-concept attack demonstrated how a malicious app could steal chat history (such as pictures) from Telegram and transfer it to a remote server. Upgrade all your Apple devices and stay safe! Source:

The CertiK Skyfall team identified and collaborated with Apple to fix a vulnerability (CVE-2024-27801) in the low-level implementation of NSXPC, affecting all Apple platforms. This vulnerability could have potentially allowed malicious apps to gain unauthorized access to system services or steal user data from certain third-party applications, particularly those with architectures similar to Telegram. Our proof-of-concept attack demonstrated how a malicious app could steal chat history (such as pictures) from Telegram and transfer it to a remote server. Upgrade all your Apple devices and stay safe! Source:

CertiK

341,467 просмотров • 2 лет назад

In this video walkthrough, we break down the basic info of CVE-2023-23397 the zero-day, zero-touch vulnerability that was rated 9.8 on the #CVSS scale. Follow this thread as we detail the general exploitation routine of this #vulnerability.

In this video walkthrough, we break down the basic info of CVE-2023-23397 the zero-day, zero-touch vulnerability that was rated 9.8 on the #CVSS scale. Follow this thread as we detail the general exploitation routine of this #vulnerability.

Trend Micro Research

200,099 просмотров • 3 лет назад

Think of data as a lighthouse: once it’s there, everyone can use it, and your use doesn’t diminish mine. That’s why we don’t leave lighthouse-building to the market — and why government collects & shares economic data.

Think of data as a lighthouse: once it’s there, everyone can use it, and your use doesn’t diminish mine. That’s why we don’t leave lighthouse-building to the market — and why government collects & shares economic data.

Justin Wolfers

31,531 просмотров • 10 месяцев назад

Demo of using #BlueDucky to exploit 0-click Bluetooth vulnerability of targeted Android smartphone (CVE-2023-45866) Executed by Raspberry Pi 4 and Android running #NetHunter

Demo of using #BlueDucky to exploit 0-click Bluetooth vulnerability of targeted Android smartphone (CVE-2023-45866) Executed by Raspberry Pi 4 and Android running #NetHunter

Mobile Hacker

129,652 просмотров • 2 лет назад

Here is ENLBufferPwn (CVE ID pending), a severe vulnerability in many first party 3DS, Wii U and Switch games. It allows remote code execution in a victim console by just having an online game session with an attacker. Vulnerability report: 🧵(1/7)

Here is ENLBufferPwn (CVE ID pending), a severe vulnerability in many first party 3DS, Wii U and Switch games. It allows remote code execution in a victim console by just having an online game session with an attacker. Vulnerability report: 🧵(1/7)

PabloMK7

590,742 просмотров • 3 лет назад

🚨CVE-2023-20198: Remote Code Execution via File Upload Vulnerability | $15,000 Bounty | PoC Credit:

🚨CVE-2023-20198: Remote Code Execution via File Upload Vulnerability | $15,000 Bounty | PoC Credit:

Dark Web Informer

22,486 просмотров • 1 год назад

‼️🚨 This is alarming: Researchers found a one-click data exfiltration vulnerability in M365 Copilot. A single click on a trusted microsoft[.]com link let attackers pull emails, MFA codes, meeting notes, and SharePoint/OneDrive files, no permissions or second click required. Microsoft has patched it as CVE-2026-42824, rated critical.

‼️🚨 This is alarming: Researchers found a one-click data exfiltration vulnerability in M365 Copilot. A single click on a trusted microsoft[.]com link let attackers pull emails, MFA codes, meeting notes, and SharePoint/OneDrive files, no permissions or second click required. Microsoft has patched it as CVE-2026-42824, rated critical.

International Cyber Digest

140,521 просмотров • 5 дней назад

Streaming data from server to client with "use" in Next.js

Streaming data from server to client with "use" in Next.js

Alex Sidorenko

36,533 просмотров • 1 год назад

CVE-2024-34470: Path Traversal vulnerability in HSC Mailinspector Credit:

CVE-2024-34470: Path Traversal vulnerability in HSC Mailinspector Credit:

Dark Web Informer - Cyber Threat Intelligence

20,351 просмотров • 1 год назад

How much water do data centres really use in the UK? Sky's technology correspondent Rowland Manthorpe visits a "waterless" data centre in London and reveals how much water data centres use in the UK and why the issue is more complicated than it first appears. 🔗Full report:

How much water do data centres really use in the UK? Sky's technology correspondent Rowland Manthorpe visits a "waterless" data centre in London and reveals how much water data centres use in the UK and why the issue is more complicated than it first appears. 🔗Full report:

Sky News

39,595 просмотров • 15 дней назад

Do you use a virtual machine to browse dangerous links safely? If you use the Chrome browser inside that virtual machine, is it secure enough? As you might have guessed, the answer is not so much. We chained six unique CVEs from 2023 listed below. • Chrome Renderer RCE : CVE-2023-3079 • Chrome Sandbox Escape : CVE-2023-21674 • LPE in guest OS : CVE-2023-29360 • VMware Info Leak : CVE-2023-34044 • VMware Escape : CVE-2023-20869 • LPE in host OS : CVE-2023-36802

Do you use a virtual machine to browse dangerous links safely? If you use the Chrome browser inside that virtual machine, is it secure enough? As you might have guessed, the answer is not so much. We chained six unique CVEs from 2023 listed below. • Chrome Renderer RCE : CVE-2023-3079 • Chrome Sandbox Escape : CVE-2023-21674 • LPE in guest OS : CVE-2023-29360 • VMware Info Leak : CVE-2023-34044 • VMware Escape : CVE-2023-20869 • LPE in host OS : CVE-2023-36802

Theori

139,539 просмотров • 2 лет назад

Texas is going from 40 Data Centers to over 400 in the next 2 years - Texas could use 30% of US data center power demand by 2028 - By 2030 the Texas data centers could use 161 billion gallons of water per year - The 400 data centers will use the equivalent of 9 million homes in energy usage every year I don’t want to EVER hear the words climate change ever again

Texas is going from 40 Data Centers to over 400 in the next 2 years - Texas could use 30% of US data center power demand by 2028 - By 2030 the Texas data centers could use 161 billion gallons of water per year - The 400 data centers will use the equivalent of 9 million homes in energy usage every year I don’t want to EVER hear the words climate change ever again

Wall Street Apes

156,330 просмотров • 1 месяц назад

🚨CVE-2025-31161: Authentication Bypass Vulnerability in CrushFTP Credit: Exploit:

🚨CVE-2025-31161: Authentication Bypass Vulnerability in CrushFTP Credit: Exploit:

Dark Web Informer

36,563 просмотров • 1 год назад

“Facts don’t really matter for the de-growth mob.” — The Washington Post’s James Hohmann The anti–data center hysteria around water was built on a bogus stat about a data center’s water consumption in Chile that was off by a factor of 1,000. All U.S. data centers use less than 0.5% of America’s freshwater. The war on data centers is built on junk math and is funded by China and foreign billionaires!

“Facts don’t really matter for the de-growth mob.” — The Washington Post’s James Hohmann The anti–data center hysteria around water was built on a bogus stat about a data center’s water consumption in Chile that was off by a factor of 1,000. All U.S. data centers use less than 0.5% of America’s freshwater. The war on data centers is built on junk math and is funded by China and foreign billionaires!

Steve Guest

27,692 просмотров • 1 месяц назад