Summary A template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Attacker was able to trigger SSTI via the Laravel dispatcher functionality. Advisory: (https://github.com/cachethq/cachet/security/advisories/GHSA-hv79-p62r-wg3p)

An issue in Roundcube Plus Plugin: Two Factor Authentication (x2fa) 1.0 to 1.1.8 allows attackers to bypass the security mechanism and gain unauthorized access via a crafted request.

https://galogetlatorre.blogspot.com/2023/06/cve-2023-34096-path-traversal-thruk.html

https://github.com/affix/CVE-2022-36231

how to exploit or do a poc for this vulnerability

Technical Details by Researcher is published here : https://link.medium.com/5Vi22ULA8xb

This is a complete detailed technical analysis of the CVE-2022-44877 with exploitation script and video explaining how to use the tool https://www.vicarius.io/vsociety/blog/unauthenticated-rce-in-centos-control-web-panel-7-cwp-cve-2022-44877 https://www.vicarius.io/vsociety/blog/unique-exploit-cve-2022-44877-exploitation-tool https://www.vicarius.io/vsociety/posts/1347

Advisory can be found at our website. (https://cyberdanube.com/en/en-authenticated-command-injection-in-hirschmann-belden-bat-c2/). The vulnerability was discovered with the help of our emulation framework MEDUSA

Advisory can be found at our website. (https://cyberdanube.com/en/en-multiple-vulnerabilities-in-delta-electronics-dx-2100-l1-cn/). The vulnerability was discovered with the help of our emulation framework MEDUSA

Activity Feed