@remsio.bsky.social
Reposted
A few months ago, Microsoft released a critical patch for CVE-2024-43468, an unauthenticated SQL injection vulnerability in SCCM/ConfigMgr leading to remote code execution, discovered by @kalimer0x00.bsky.social.
www.synacktiv.com/advisories/m...
www.synacktiv.com/advisories/m...
Microsoft Configuration Manager (ConfigMgr) 2403 Unauthenticated SQL injections
Microsoft Configuration Manager (ConfigMgr) 2403 Unauthenticated SQL injections
www.synacktiv.com
January 16, 2025 at 1:25 PM
A few months ago, Microsoft released a critical patch for CVE-2024-43468, an unauthenticated SQL injection vulnerability in SCCM/ConfigMgr leading to remote code execution, discovered by @kalimer0x00.bsky.social.
www.synacktiv.com/advisories/m...
www.synacktiv.com/advisories/m...
We analysed vulnerability patterns based on calls to the function decrypt() from the Laravel package Illuminate\Encryption with @kain0x42.bsky.social during a few months.
This thread sums up our analyse and findings, we are still digging tho, so stay tuned if you enjoyed this research too 😁
This thread sums up our analyse and findings, we are still digging tho, so stay tuned if you enjoyed this research too 😁
Three CVEs affecting common open source Laravel projects were released on our website today! They were presented @grehack.bsky.social by our ninjas @remsio.bsky.social and @kain0x42.bsky.social 🥷
🛡️ Snipe-IT: CVE-2024-48987
🛡️ InvoiceNinja: CVE-2024-55555
🛡️ Crater Invoice: CVE-2024-55556
🛡️ Snipe-IT: CVE-2024-48987
🛡️ InvoiceNinja: CVE-2024-55555
🛡️ Crater Invoice: CVE-2024-55556
December 13, 2024 at 3:31 PM
We analysed vulnerability patterns based on calls to the function decrypt() from the Laravel package Illuminate\Encryption with @kain0x42.bsky.social during a few months.
This thread sums up our analyse and findings, we are still digging tho, so stay tuned if you enjoyed this research too 😁
This thread sums up our analyse and findings, we are still digging tho, so stay tuned if you enjoyed this research too 😁