POC | OSG: Bits, Bytes and Packets

Skip navigation

Category Archives: POC

Palo Alto updates patching guidance for command injection vulnerability

April 16, 2024 – 5:27 pm
Posted in Attacks, Computers and Internet, Cyber security, Exploit Warning, HAck, Patch Available, POC, Vulnerability
Tagged CVSS Score 10.0, Operation MidnightEclipse, Palo Alto, PAN-252214, PAN-OS, Unit-42
Leave a Comment

https://security.paloaltonetworks.com/CVE-2024-3400

This is a command injection vulnerability that enabled an unauthenticated attacker to execute code with root privileges. POC has been released publicly.

Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability.

You can verify whether you have a GlobalProtect gateway or GlobalProtect portal configured by checking for entries in your firewall web interface (Network > GlobalProtect > Gateways or Network > GlobalProtect > Portals).

https://unit42.paloaltonetworks.com/cve-2024-3400

Hackers are targeting public internet facing Veeam backup servers

May 1, 2023 – 3:10 pm
Posted in POC
Tagged Bleepingcomputer.com, CVE-2023-27532, Fin7, Powershell, Veeam Backup & Replication
Leave a Comment

https://www.bleepingcomputer.com/news/security/hackers-target-vulnerable-veeam-backup-servers-exposed-online/

Twitter bug (now fixed) allowed “legacy” Blue Checkmark users to get them back for free.

May 1, 2023 – 10:35 am
Posted in Community, Computers and Internet, Cyber security, Exploit Warning, POC, Technology, Vulnerability, Zero Day
Tagged @Twitter, Bleepingcomputer.com, Twitter, Twitter Blue
Leave a Comment

https://www.bleepingcomputer.com/news/technology/twitter-bug-lets-legacy-verified-accounts-get-the-blue-check-back/

Proof of Concept (POC) exploit published for vulnerability in Microsoft Word with Preview Pane execution

March 6, 2023 – 5:02 pm
Posted in Attacks, Computers and Internet, Cyber security, Exploit Warning, Microsoft, Microsoft Patches, Office, Patch Available, POC
Tagged CVE-2023-21716, CVSS Score: 9.8, Office, POC exploit, RCE, Remote Code Execution, Word, wwlib.dll
Leave a Comment

https://www.bleepingcomputer.com/news/security/proof-of-concept-released-for-critical-microsoft-word-rce-bug/

Bug from Kia and Hyundai TikTok car theft challenge fixed

February 17, 2023 – 4:05 pm
Posted in Attacks, POC
Tagged Challenge, govinfosecurity.com, Hyundai, Kia, Kia Boyz, Social Media, TikTok, Viral
Leave a Comment

https://www.govinfosecurity.com/kia-hyundai-fix-tiktok-security-challenge-a-21226

Vulnerability disclosed in Cisco IP 7800 and 8800 series (except 8821) phones that allows RCE and DoS. Workaround available but no patch

December 9, 2022 – 9:25 am
Posted in Attacks, Cyber security, POC, Technology, Vulnerability
Tagged Bleepingcomputer.com, Cisco, CVE-2022-20968, DoS, Firmware version 14.2, High-Severity, LLDP, RCE
Leave a Comment

https://www.bleepingcomputer.com/news/security/cisco-discloses-high-severity-ip-phone-bug-with-exploit-code/

CISA: Windows and UnRAR vulnerabilities actively being exploited

August 10, 2022 – 11:52 am
Posted in Attacks, Business Continuity, CISA, Computers and Internet, Cyber security, Exploit Warning, Microsoft, POC, Technology, Vulnerability, Zero Day
Tagged Bleepingcomputer.com, CVE-2022-30333, CVE-2022-34713, Dogwalk, UnRAR, Windows Support Diagnostic Tool
Leave a Comment

https://www.bleepingcomputer.com/news/security/cisa-warns-of-windows-and-unrar-flaws-exploited-in-the-wild/

FEMA: Vulnerabilities in Emergency Alert System (EAS) can allow bad actors to issue “alerts” over TV, radio and cable networks

August 8, 2022 – 1:01 pm
Posted in Attacks, Business Continuity, Computers and Internet, Cyber security, Exploit Warning, Fraud, HAck, Hoax, Misconfiguration, Patch Available, POC, Social Engineering, Technology, Vulnerability
Tagged Emergency Alert System (EAS), FCC, FEMA, therecord
Leave a Comment

https://therecord.media/fema-issues-warning-to-emergency-alert-system-managers-that-devices-could-be-hacked/

Exploitations of MSDT Zero-Day (“Follina”) spotted in Australia

June 6, 2022 – 4:37 pm
Posted in Attacks, Computers and Internet, Cyber security, Exploit Warning, HAck, Malware, Microsoft, POC, Social Engineering, Vulnerability, Zero Day
Tagged CVE-2022-30190, decoded.avast.io, Follina, MSDT
Leave a Comment

Outbreak of Follina in Australia

Atlassian discloses critical zero-day RCE vulnerability in Confluence (CVE-2022-26134) that is actively being exploited and fixes next day. Patch now!

June 3, 2022 – 2:24 pm
Posted in Attacks, Breaking, Business Continuity, Cloud, Computers and Internet, Cyber security, Dont wait, Exploit Warning, HAck, Patch Available, POC, Vulnerability, Zero Day
Tagged Atlassian, Bleepingcomputer.com, Confluence, CONFSERVER-79000, CVE-2022-26134, OGNL injection, RCE
Leave a Comment

https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

https://www.bleepingcomputer.com/news/security/atlassian-fixes-confluence-zero-day-widely-exploited-in-attacks/