Backdoor.Win32.Zaratustra Remote File Write / Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/f240c16af2189ea9c94f317281ce7e59.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zaratustra Vulnerability: Unauthenticated Remote File Write Remote Code Exec...

GSD-2021-1001360 powerpc/mm: Fix lockup on kernel exec fault

powerpc/mm: Fix lockup on kernel exec fault This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.133 by commit...

UVI-2021-1001360 powerpc/mm: Fix lockup on kernel exec fault

powerpc/mm: Fix lockup on kernel exec fault This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.133 by commit...

UVI-2021-1001225 powerpc/mm: Fix lockup on kernel exec fault

powerpc/mm: Fix lockup on kernel exec fault This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.13.3 by commit...

Cross-Site Scripting (XSS)

Apache drill-java-exec is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the queryId...

CVE-2021-31580

The restricted shell provided by Akkadian Provisioning Manager Engine PME can be bypassed by switching the OpenSSH channel from shell to exec and providing the ssh client a single execution parameter. This issue was resolved in Akkadian OVA appliance version 3.0 and later, Akkadian Provisioning...

Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-62476)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA.Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. A remote code execution vulnerability exists in the DNS Snap-in in...

The vulnerability of the PostScriptFunction::exec function in the Function.cc component of the Poppler PDF rendering library, related to division by zero, allows a malicious actor to cause a service failure.

The vulnerability of the PostScriptFunction::exec function in the Function.cc component of the Poppler PDF rendering library is related to division by zero. Exploiting this vulnerability allows a remote attacker to cause a service failure...

CVE-2020-22249

Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the...

Virus.Win32.Shodi.e Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/37d4a5ba123dd32f1e2c4ba0be14e77cB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Virus.Win32.Shodi.e Vulnerability: Unauthenticated Remote Command Execution Description: The virus...

PT-2024-11348 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The powerpc kernel is not prepared to handle exec faults from kernel. The function is exec fault returns 'false' when an exec fault is taken by kernel, because the check is based on...

GHSA-V85C-HGQ5-7PFW Arbitrary Command Injection

This affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

CVE-2021-23399

This affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

HashiCorp Nomad Remote Command Execution Exploit

This Metasploit module lets you create a batch job on HashiCorp's Nomad service to spawn a shell. The default option is to use the rawexec driver, which runs with high privileges. Development servers and clients explicitly enabling the rawexec plugin can spawn these type of jobs. Regular exec job...

CVE-2021-20198

A flaw was found in the OpenShift Installer. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this port during installation can make unauthenticated /exec...

Fuzzing iOS code on macOS at native speed

Or how iOS apps on macOS work under the hood Posted by Samuel Groß, Project Zero This short post explains how code compiled for iOS can be run natively on Apple Silicon Macs. With the introduction of Apple Silicon Macs, Apple also made it possible to run iOS apps natively on these Macs. This is...

PT-2021-6126 · Gcc +6 · Gcc +6

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.16.10 Description: The issue is related to a buffer overflow in the Linux kernel, which can be exploited by a remote attacker to execute arbitrary code. Certain binary files built around 2003, for example with...

GHSA-6M8P-4FXJ-PGC2 OS Command Injection in mversion

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...

OS Command Injection in mversion

The issue occurs because tagName user input is formatted inside the exec function is executed without any checks...

Microweber CMS 1.1.20 Remote Code Execution

Exploit Title: Microweber CMS 1.1.20 - Remote Code Execution Authenticated Date: 2020-10-31 Exploit Author: sl1nki Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/tree/1.1.20 Version: " . shellexec$REQUEST"fexec" . ""; ?' Notes: SSL verification is...