Lucene search
GoogleOSV:GHSA-P3J6-F45H-HW5FHistoryApr 12, 2024 - 6:33 a.m.
tiagorlampert CHAOS vulnerable to command injections
2024-04-1206:33:24
Google
osv.dev
11
remote code execution
command injections
buildclient function
An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within client_service.go
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/tiagorlampert/chaos | lt | 0.0.0-20220716132853-b47438d36e3a |
References
blog.chebuya.com/posts/remote-code-execution-on-chaos-rat-via-spoofed-agents
gist.github.com/slimwang/d1ec6645ba9012a551ea436679244496
github.com/tiagorlampert/CHAOS
github.com/tiagorlampert/CHAOS/commit/1b451cf62582295b7225caf5a7b506f0bad56f6b
github.com/tiagorlampert/CHAOS/commit/24c9e109b5be34df7b2bce8368eae669c481ed5e
github.com/tiagorlampert/CHAOS/pull/95
nvd.nist.gov/vuln/detail/CVE-2024-30850
nvd.nist.gov/vuln/detail/CVE-2024-33434
Related
osv
osv
tiagorlampert CHAOS vulnerable to arbitrary code execution
2024-05-07 15:30:37
Arbitrary code execution in github.com/tiagorlampert/CHAOS
2024-05-09 16:51:38
cve
cve
CVE-2024-33434
2024-05-07 14:15:10
CVE-2024-30850
2024-04-12 06:15:06
cvelist
cvelist
CVE-2024-33434
2024-05-07 00:00:00
CVE-2024-30850
2024-04-12 00:00:00
github
github
tiagorlampert CHAOS vulnerable to arbitrary code execution
2024-05-07 15:30:37
tiagorlampert CHAOS vulnerable to command injections
2024-04-12 06:33:24
githubexploit
githubexploit
Exploit for CVE-2024-30850
2024-04-05 21:35:04
nvd
nvd
CVE-2024-33434
2024-05-07 14:15:10
CVE-2024-30850
2024-04-12 06:15:06
veracode
veracode
Remote Code Execution (RCE)
2024-05-08 07:44:47
Code Injection
2024-04-15 06:08:03
metasploit
metasploit
Chaos RAT XSS to RCE
2024-04-24 20:51:58
zdt
zdt
CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution Exploit
2024-05-22 00:00:00
CHAOS RAT 5.0.1 Remote Command Execution Exploit
2024-04-11 00:00:00
packetstorm
packetstorm
CHAOS RAT 5.0.1 Remote Command Execution
2024-04-10 00:00:00
CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution
2024-05-21 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up 05/23/2024
2024-05-23 20:30:25