Video yükleniyor...

Video Yüklenemedi

Bu video yüklenirken bir sorun oluştu. Bu geçici bir ağ sorunundan kaynaklanıyor olabilir veya video kullanılamıyor olabilir.

Ana Sayfaya Dön

CVE-2023-22518 - Improper Authorization Vulnerability In Confluence Data Center and Server Don’t use and never use this vulnerability lightly,because it is a master of data cleaning

ShimizuKawasaki

1,169 subscribers

97,359 görüntüleme • 2 yıl önce •via X (Twitter)

Anya Rossi• Live Now

Private livecam show

5 Yorum

CorSch profil fotoğrafı

CorSch2 yıl önce

Is this the "delete only" vulnerability? Looks like RCE to me.

ShimizuKawasaki profil fotoğrafı

ShimizuKawasaki2 yıl önce

clean before and install some plugins to rce

Debug profil fotoğrafı

Debug2 yıl önce

Nice work

Sem Jansen profil fotoğrafı

Sem Jansen2 yıl önce

Is there any way to get poc?

뚱이예요 profil fotoğrafı

뚱이예요2 yıl önce

Can I get a poc for study purposes? I beg you.

Benzer Videolar

CVE-2023-23397 Simple and dirty PoC of the CVE-2023-23397 vulnerability impacting the Outlook thick client. #CVE #cybersecurity #infosec

CVE-2023-23397 Simple and dirty PoC of the CVE-2023-23397 vulnerability impacting the Outlook thick client. #CVE #cybersecurity #infosec

HackGit

76,809 görüntüleme • 3 yıl önce

"A Vulnerability to Hack The World" - CVE-2023-4863 The start of a mini series digging into the recent WebP vulnerability. In this first episode, we explore huffman tables!

"A Vulnerability to Hack The World" - CVE-2023-4863 The start of a mini series digging into the recent WebP vulnerability. In this first episode, we explore huffman tables!

LiveOverflow 🔴

44,787 görüntüleme • 2 yıl önce

CVE-2023-23397 Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability. Details: #infosec #CyberSecurity #Pentesting #redteam

CVE-2023-23397 Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability. Details: #infosec #CyberSecurity #Pentesting #redteam

HackGit

39,726 görüntüleme • 3 yıl önce

Exfiltrate #WhatsApp chat, or internal data of any Android app, running on Android 12 or 13 by exploiting CVE-2024-0044 vulnerability

Exfiltrate #WhatsApp chat, or internal data of any Android app, running on Android 12 or 13 by exploiting CVE-2024-0044 vulnerability

Mobile Hacker

143,609 görüntüleme • 2 yıl önce

Never use a persons vulnerability as a weapon during their time of weakness

Never use a persons vulnerability as a weapon during their time of weakness

Inky Johnson

172,619 görüntüleme • 2 yıl önce

Data Center will use a lot of water, Listen!

Data Center will use a lot of water, Listen!

Johnny Midnight ⚡️

11,749 görüntüleme • 1 ay önce

The CertiK Skyfall team identified and collaborated with Apple to fix a vulnerability (CVE-2024-27801) in the low-level implementation of NSXPC, affecting all Apple platforms. This vulnerability could have potentially allowed malicious apps to gain unauthorized access to system services or steal user data from certain third-party applications, particularly those with architectures similar to Telegram. Our proof-of-concept attack demonstrated how a malicious app could steal chat history (such as pictures) from Telegram and transfer it to a remote server. Upgrade all your Apple devices and stay safe! Source:

The CertiK Skyfall team identified and collaborated with Apple to fix a vulnerability (CVE-2024-27801) in the low-level implementation of NSXPC, affecting all Apple platforms. This vulnerability could have potentially allowed malicious apps to gain unauthorized access to system services or steal user data from certain third-party applications, particularly those with architectures similar to Telegram. Our proof-of-concept attack demonstrated how a malicious app could steal chat history (such as pictures) from Telegram and transfer it to a remote server. Upgrade all your Apple devices and stay safe! Source:

CertiK

341,467 görüntüleme • 2 yıl önce

In this video walkthrough, we break down the basic info of CVE-2023-23397 the zero-day, zero-touch vulnerability that was rated 9.8 on the #CVSS scale. Follow this thread as we detail the general exploitation routine of this #vulnerability.

In this video walkthrough, we break down the basic info of CVE-2023-23397 the zero-day, zero-touch vulnerability that was rated 9.8 on the #CVSS scale. Follow this thread as we detail the general exploitation routine of this #vulnerability.

Trend Micro Research

200,099 görüntüleme • 3 yıl önce

Think of data as a lighthouse: once it’s there, everyone can use it, and your use doesn’t diminish mine. That’s why we don’t leave lighthouse-building to the market — and why government collects & shares economic data.

Think of data as a lighthouse: once it’s there, everyone can use it, and your use doesn’t diminish mine. That’s why we don’t leave lighthouse-building to the market — and why government collects & shares economic data.

Justin Wolfers

31,531 görüntüleme • 10 ay önce

Demo of using #BlueDucky to exploit 0-click Bluetooth vulnerability of targeted Android smartphone (CVE-2023-45866) Executed by Raspberry Pi 4 and Android running #NetHunter

Demo of using #BlueDucky to exploit 0-click Bluetooth vulnerability of targeted Android smartphone (CVE-2023-45866) Executed by Raspberry Pi 4 and Android running #NetHunter

Mobile Hacker

129,652 görüntüleme • 2 yıl önce

Here is ENLBufferPwn (CVE ID pending), a severe vulnerability in many first party 3DS, Wii U and Switch games. It allows remote code execution in a victim console by just having an online game session with an attacker. Vulnerability report: 🧵(1/7)

Here is ENLBufferPwn (CVE ID pending), a severe vulnerability in many first party 3DS, Wii U and Switch games. It allows remote code execution in a victim console by just having an online game session with an attacker. Vulnerability report: 🧵(1/7)

PabloMK7

590,742 görüntüleme • 3 yıl önce

‼️🚨 This is alarming: Researchers found a one-click data exfiltration vulnerability in M365 Copilot. A single click on a trusted microsoft[.]com link let attackers pull emails, MFA codes, meeting notes, and SharePoint/OneDrive files, no permissions or second click required. Microsoft has patched it as CVE-2026-42824, rated critical.

‼️🚨 This is alarming: Researchers found a one-click data exfiltration vulnerability in M365 Copilot. A single click on a trusted microsoft[.]com link let attackers pull emails, MFA codes, meeting notes, and SharePoint/OneDrive files, no permissions or second click required. Microsoft has patched it as CVE-2026-42824, rated critical.

International Cyber Digest

139,933 görüntüleme • 3 gün önce

🚨CVE-2023-20198: Remote Code Execution via File Upload Vulnerability | $15,000 Bounty | PoC Credit:

🚨CVE-2023-20198: Remote Code Execution via File Upload Vulnerability | $15,000 Bounty | PoC Credit:

Dark Web Informer

22,486 görüntüleme • 1 yıl önce

Streaming data from server to client with "use" in Next.js

Streaming data from server to client with "use" in Next.js

Alex Sidorenko

36,533 görüntüleme • 1 yıl önce

CVE-2024-34470: Path Traversal vulnerability in HSC Mailinspector Credit:

CVE-2024-34470: Path Traversal vulnerability in HSC Mailinspector Credit:

Dark Web Informer - Cyber Threat Intelligence

20,351 görüntüleme • 1 yıl önce

How much water do data centres really use in the UK? Sky's technology correspondent Rowland Manthorpe visits a "waterless" data centre in London and reveals how much water data centres use in the UK and why the issue is more complicated than it first appears. 🔗Full report:

How much water do data centres really use in the UK? Sky's technology correspondent Rowland Manthorpe visits a "waterless" data centre in London and reveals how much water data centres use in the UK and why the issue is more complicated than it first appears. 🔗Full report:

Sky News

39,595 görüntüleme • 14 gün önce

Do you use a virtual machine to browse dangerous links safely? If you use the Chrome browser inside that virtual machine, is it secure enough? As you might have guessed, the answer is not so much. We chained six unique CVEs from 2023 listed below. • Chrome Renderer RCE : CVE-2023-3079 • Chrome Sandbox Escape : CVE-2023-21674 • LPE in guest OS : CVE-2023-29360 • VMware Info Leak : CVE-2023-34044 • VMware Escape : CVE-2023-20869 • LPE in host OS : CVE-2023-36802

Do you use a virtual machine to browse dangerous links safely? If you use the Chrome browser inside that virtual machine, is it secure enough? As you might have guessed, the answer is not so much. We chained six unique CVEs from 2023 listed below. • Chrome Renderer RCE : CVE-2023-3079 • Chrome Sandbox Escape : CVE-2023-21674 • LPE in guest OS : CVE-2023-29360 • VMware Info Leak : CVE-2023-34044 • VMware Escape : CVE-2023-20869 • LPE in host OS : CVE-2023-36802

Theori

139,539 görüntüleme • 2 yıl önce

Texas is going from 40 Data Centers to over 400 in the next 2 years - Texas could use 30% of US data center power demand by 2028 - By 2030 the Texas data centers could use 161 billion gallons of water per year - The 400 data centers will use the equivalent of 9 million homes in energy usage every year I don’t want to EVER hear the words climate change ever again

Texas is going from 40 Data Centers to over 400 in the next 2 years - Texas could use 30% of US data center power demand by 2028 - By 2030 the Texas data centers could use 161 billion gallons of water per year - The 400 data centers will use the equivalent of 9 million homes in energy usage every year I don’t want to EVER hear the words climate change ever again

Wall Street Apes

156,289 görüntüleme • 1 ay önce

🚨CVE-2025-31161: Authentication Bypass Vulnerability in CrushFTP Credit: Exploit:

🚨CVE-2025-31161: Authentication Bypass Vulnerability in CrushFTP Credit: Exploit:

Dark Web Informer

36,563 görüntüleme • 1 yıl önce

“Facts don’t really matter for the de-growth mob.” — The Washington Post’s James Hohmann The anti–data center hysteria around water was built on a bogus stat about a data center’s water consumption in Chile that was off by a factor of 1,000. All U.S. data centers use less than 0.5% of America’s freshwater. The war on data centers is built on junk math and is funded by China and foreign billionaires!

“Facts don’t really matter for the de-growth mob.” — The Washington Post’s James Hohmann The anti–data center hysteria around water was built on a bogus stat about a data center’s water consumption in Chile that was off by a factor of 1,000. All U.S. data centers use less than 0.5% of America’s freshwater. The war on data centers is built on junk math and is funded by China and foreign billionaires!

Steve Guest

27,692 görüntüleme • 1 ay önce