2681 matches found
OESA-2022-1914 colord security update
colord is a system service that makes it easy to manage, install and generate color profiles to accurately color manage input and output devices. Security Fixes: There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db....
Powershell Exec, Windows shellcode stage, Windows x86 Reverse Named Pipe (SMB) Stager
Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker via a named pipe pivot Module Options msf use payload/cmd/windows/powershell/custom/reversenamedpipe msf payloadreversenamedpipe show actions ...actions... msf payloadreversenamedpipe set...
Powershell Exec, Windows shellcode stage, Windows x64 Reverse TCP Stager
Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/custom/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetc...
Powershell Exec, Windows shellcode stage, Hidden Bind Ipknock TCP Stager
Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Listen for a connection. First, the port will need to be knocked from the IP defined in KHOST. This IP will work as an authentication method you can spoof it with tools like hping. After that you could get your shellcod...
Powershell Exec, Windows shellcode stage, Windows Reverse HTTP Stager (winhttp)
Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Tunnel communication over HTTP Windows winhttp Module Options msf use payload/cmd/windows/powershell/custom/reversewinhttp msf payloadreversewinhttp show actions ...actions... msf payloadreversewinhttp set ACTION msf...
Powershell Exec, Windows shellcode stage, Reverse UDP Stager with UUID Support
Execute an x86 payload from a command via PowerShell. Custom shellcode stage. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/powershell/custom/reverseudp msf payloadreverseudp show actions ...actions... msf payloadreverseudp set ACTION msf...
(Pwn2Own) ConnMan received_data Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installation of ConnMan. Authentication is not required to exploit this vulnerability. The specific flaw exists within the receiveddata method. Crafted data in a HTTP response can trigger a write past the e...
PT-2022-24790 · Libdwarf · Libdwarf
Name of the Vulnerable Software and Affected Versions: libdwarf version 0.4.1 Description: The issue is related to a double free in the dwarf exec frame instr function located in dwarf frame.c. Recommendations: For libdwarf version 0.4.1, at the moment, there is no information about a newer versi...
Command Injection
moment-timezone is vulnerable to command injection. An attacker can inject and execute the malicious commands using the childprocess exec function as it does not sanitize the input...
Font-Converter Vulnerable to Arbitrary Command Injection
Overview font-converter is a FontForge wrapper that allows conversion between different font formats TTF, WOFF, OTF All versions of this package are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the childprocess.exec function. PoC js va...
GHSA-G2C3-VWFF-M3XR Font-Converter Vulnerable to Arbitrary Command Injection
Overview font-converter is a FontForge wrapper that allows conversion between different font formats TTF, WOFF, OTF All versions of this package are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the childprocess.exec function. PoC js va...
Apache Airflow Remote Code Execution Vulnerability (CNVD-2022-59057)
Apache Airflow is an open source platform for creating, managing and monitoring workflows from the Apache Foundation. The platform is scalable and dynamically monitored, etc. A remote code execution vulnerability exists in versions of Apache Airflow prior to 3.0.0. The vulnerability stems from th...
EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-2253)
According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempti...
CVE-2022-30580
A flaw was found in the os/exec golang package. This issue occurs when invoking different Cmd methods and the Cmd.Path is unset. This could lead to a command injection, allowing an attacker to execute any binaries in the working directory...
Empty Cmd.Path can trigger unintended binary in os/exec on Windows
...
OffensiveVBA - Code Execution And AV Evasion Methods For Macros In Office Documents
In preparation for a VBS AV Evasion Stream/Video I was doing some research for Office Macro code execution methods and evasion techniques. The list got longer and longer and I found no central place for offensive VBA templates - so this repo can be used for such. It is very far away from being...
CVE-2022-30580
Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset...
AZL-10532 CVE-2022-30580 affecting package golang for versions less than 1.18.5-1
Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset...
CVE-2022-30580
Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset...
Code injection
Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset...