{"vulnerability": "cve-2021-26415", "sightings": [{"uuid": "46bcfe4e-9e7e-41c0-8beb-8b05acb4e992", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-26415", "type": "published-proof-of-concept", "source": "https://t.me/cKure/4985", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 CVE-2021-26415:\nWindows Installer Elevation of Privilege Vulnerability (PoC).\n\nhttps://www.cloaked.pl/2021/04/cve-2021-26415", "creation_timestamp": "2021-04-22T06:44:10.000000Z"}, {"uuid": "8aaa96a2-5425-4895-8f59-514efed12426", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-26415", "type": "seen", "source": "https://t.me/bhhub/251", "content": "#BugBountyTips of the Day\nHere's a promised write-up of Windows Privilege Elevation bug that I've discovered / CVE-2021-26415  https://t.co/1uQoF9wAip  #security #EOP #LPE #bugbounty  https://t.co/VJzEcXw4tu\n---\nThe best Bug Bounty study is to approach programs even without finding any bugs.  this way your mind study scenarios and methods who are probably not vulnerable, doing so you constantly improve your workflow and become more efficient.  Get those \"flight hours\" in.  #bugbountytips\n---\n1. Testing an instance accessable to only employees through Login 2. Analysed source code and found a js file: /scripts/app-847d3aae5c.js 3. Used \"LinkFinder tool\" to check for endpoints 4. Found two endpoints disclosing admin and store details  without authentication. #bugbounty\n---\n\ud83d\udea8 #SecurityZine - Day 9/30 \ud83d\udea8  You might know what XSS is, but still a short zine read will be fun.  Read full coming soon @  https://t.co/yW06DGkCyU  Till then enjoy video from @theXSSrat :  https://t.co/e9oRlD7QLn  #xss #infosec #appsec #security #bugbounty #bugbountytips  https://t.co/tdtYLccIRj\n---\nI shared some basic recon idea with @KathanP19 that I used on @Hacker0x01 VDP programs to find sensitive information disclosure bugs. Attached screenshot as reference of my words   https://t.co/mUM0LA2mtE #bugbountytips  https://t.co/X8TXl7xuwl", "creation_timestamp": "2021-04-22T13:37:04.000000Z"}, {"uuid": "4952caad-4afe-4366-908d-70eacbbacd4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-26415", "type": "published-proof-of-concept", "source": "https://t.me/pwnwiki_zhchannel/239", "content": "CVE-2021-26415 Windows Installer \u7279\u6b0a\u63d0\u5347\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2021-26415_Windows_Installer_%E7%89%B9%E6%AC%8A%E6%8F%90%E5%8D%87%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-04-22T05:02:56.000000Z"}, {"uuid": "a7baf677-589e-40e5-8eb9-8debd4cc8a91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-26415", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/3186", "content": "CVE-2021-26415:\nWindows Installer Elevation of Privilege Vulnerability (PoC)\nhttps://www.cloaked.pl/2021/04/cve-2021-26415\n]-> All files needed to reproduce PoC:\nhttps://github.com/adenkiewicz/CVE-2021-26415", "creation_timestamp": "2021-04-27T05:15:50.000000Z"}, {"uuid": "32440553-c983-4308-80ca-289d39ab7fba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-26415", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/3219", "content": "#Analytics\n10 most exploited vulnerabilities of the week (April 19-25)\nCVE-2021-3156 Heap-Based Buffer Overflow in Sudo\nhttps://t.me/cybersecuritytechnologies/2577\nCVE-2021-1732 Win kernel 0-day\nhttps://t.me/cybersecuritytechnologies/2679\nCVE-2021-22893 Pulse SecureVPN RCE\nhttps://t.me/cybersecuritytechnologies/3185\nCVE-2021-22204 Improper neutralization of user data in DjVu\nhttps://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800\nCVE-2021-26415 Win Installer EoP\nhttps://t.me/cybersecuritytechnologies/3186\nCVE-2021-3493 OverlayFS PE\nhttps://t.me/cybersecuritytechnologies/3164\nCVE-2021-26413 Win Installer Spoofing\nhttps://t.me/cybersecuritytechnologies/3176\nCVE-2016-7836 SKYSEA Client View Arbitrary Code Exec\nhttps://www.virusbulletin.com/virusbulletin/2020/05/vb2019-paper-apt-cases-exploiting-vulnerabilities-regionspecific-software\nCVE-2021-27905 Apache Solr SSRF\nhttps://t.me/cybersecuritytechnologies/3213", "creation_timestamp": "2021-04-26T11:02:21.000000Z"}]}