Last Login: April 21, 2023
NinjaOperator's Latest (20) Contributions
RCE vulnerability that effects Bently Nevada 3701 (OT device)
Maintenance interface has undocumented,
Authenticated Remote Code Execution in Tp-Link Routers. PoC is publicly available
Muhstik Gang has been seen exploiting this vulnerability to target Redis servers
Poc is publicly available https://github.com/aodsec/CVE-2022-0543
An improper input validation vulnerability exists within Solarwinds Serv-U 15.2.3 Hotfix1. Exploit code is not publicly available.
PoC is publicly available https://github.com/iilegacyyii/PoC-CVE-2021-41773/blob/main/CVE-2021-41773.py
According to Florian Roth: “You can detect the exploitation of Windows InstallerFileTakeOver LPE CVE-2021-41379 with the published PoC with events from the ‘Application’ Eventlog
Search for EventID 1033 and the keyword ‘test pkg’
Update: Unnamed threat actors are exploiting this vulnerability to drop Cobalt Strike
Remote Desktop Client Remote Code Execution Vulnerability
Undisclosed threat actors exploited this vulnerability to gain initial access to and deploy ransomware to a US-based engineering company.
A RCE vulnerability exists in vCenter Server 6.7 and 7.0 which could allow an actor to with access to port 443 can execute commands and software on unpatched vCenter Server deployments by uploading a specially crafted file.
Microsoft MSHTML Remote Code Execution Vulnerability
Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.
A threat actor could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
PoC exploit is publicly available https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md
Unknown actors are actively exploiting a disclosed command injection vulnerability affecting WebSVN, an open-source web application for browsing source.
The actors used a command injection to download a shell script that will infect the system with malware.
An unauthenticated actor can perform configuration actions on mailboxes belonging to arbitrary users. Which can be used to copy all emails addressed to a target and account and forward them to an account controlled by the threat actor.
PoC exploit is publicly available https://www.atredis.com/blog/2021/8/18/sophos-utm-cve-2020-25223
PoC is publicly available https://blog.orange.tw/2021/08/proxyoracle-a-new-attack-surface-on-ms-exchange-part-2.html?m=1
Microsoft has already patched this vulnerabilities and exploitation has not been observed. However, threat actors could exploit these vulnerabilities by sending users an email to visit a malicious link and recover passwords in plaintext.
PoC is publicly available
Excellent analysis. Thank you