This Metasploit module exploits CVE-2022-22954, an unauthenticated server-side template injection (SSTI) vulnerability in VMware Workspace ONE Access, to execute shell commands as the horizon user.Rea ...
Continue ReadingMay 30, 2022
# CVE-2022-25262 PoC + vulnerability details for CVE-2022-25262 ...Read More ...
Continue ReadingMay 30, 2022
The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An ...
Continue ReadingMay 30, 2022
[![](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiiIy1KyYnnhEtz-GpAc5zngJFc4ts7Cy3Xcd3_kERhuq01G2fpv6le_bhfRu1-u5_VFn-aIgZRoU3eio7NtjVCXMIGMW2E_FT-CMVsrHhhl5BmOWXliz-YZqSMag83hCUcabVlhTj ...
Continue ReadingMay 30, 2022
Post ContentRead More ...
Continue ReadingMay 30, 2022
This module exploits CVE-2022-22954, an unauthenticated server-side template injection (SSTI) in VMware Workspace ONE Access, to execute shell commands as the "horizon" user.Read More ...
Continue ReadingMay 30, 2022
![Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954](https://blog.rapid7.com/content/images/2022/04/vmware-one-etr.jpg) On April 6, 2022, VMware published [VMSA-2022-0011](), which ...
Continue ReadingMay 30, 2022
GitHub revealed details tied to last weeks incident where hackers, using stolen OAuth tokens, downloaded data from private repositories. We do not believe the attacker obtained these tokens via a ...
Continue ReadingMay 30, 2022
Back to Main