All posts by cK-bot

■■■■□ Grafana 8.x Local File Inclusion (Pre-Auth) https://golangrepo.com/repo/taythebot-grafana-lfi-vulnerability https://t.me/cKure/10366

■■■■□ Grafana v8.x LFI. shodan: shodan search –color ‘app=”Grafana”‘ –fields ip_str https://t.me/cKure/10365

■■■□□ Attackers exploit another zero-day in ManageEngine software (CVE-2021-44515). https://www.helpnetsecurity.com/2021/12/07/cve-2021-44515/ https://t.me/cKure/10364

■■□□□ Data-Leak: A state-owned French transportation giant has inadvertently exposed nearly 60,000 employees to identity fraud after leaking their personal information via an unsecured HTTP server, according to researchers. https://www.infosecurity-magazine.com/news/french-transport-giant-exposes/ https://t.me/cKure/10363

■■■□□ A Mirai-based botnet called ‘Moobot’ is spreading aggressively via exploiting a critical command injection flaw in the webserver of many Hikvision products. https://www.bleepingcomputer.com/news/security/moobot-botnet-spreading-via-hikvision-camera-vulnerability/ https://t.me/cKure/10360

■□□□□ Privacy: Telegram has added content protection support to enable users to block others from saving or forwarding posts shared in groups and channels. https://www.bleepingcomputer.com/news/software/telegram-adds-content-protection-support-for-groups-and-channels/ https://t.me/cKure/10359

■■■■□ The hidden side of Seclogon part 2: Abusing leaked handles to dump LSASS memory https://splintercod3.blogspot.com/p/the-hidden-side-of-seclogon-part-2.html https://t.me/cKure/10358

■■□□□ Grafana nuclei Zero-Day template: https://github.com/projectdiscovery/nuclei-templates/blob/master/vulnerabilities/grafana/grafana-file-read.yaml https://t.me/cKure/10357

■□□□□ Grafana Zero-Day https://nosec.org/m/share/4914.html https://t.me/cKure/10356

■■□□□ One line command to detect unauth arbitrary file reading vulnerability in Grafana. https://t.co/9jzPH7KeUY https://t.me/cKure/10355