6335 matches found
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function. PoC js var root = require"global-modules-path" root.getPath"& touch JHU","& touch exploit" Remediation Upgrade...
Dissecting the Empire C2 Framework
Introduction In this blog we will be taking a quick dive into Empire, a popular open-source post-exploitation framework. Empire provides an adversary with the capability to expand his foothold in a victim’s environment by leveraging hundreds of modules, RATs in multiple languages and stealthy C2...
SAP Basis 代码注入漏洞
SAP Basis is a content management system. SAP Basis suffers from a code injection vulnerability that stems from the unrestricted scope of its RFC function modules allowing an authenticated, non-administrator attacker to access a system class and execute any of its public methods using...
IIS modules: The evolution of web shells and how to detect them
Web exploitation and web shells are some of the most common entry points in the current threat landscape. Web servers provide an external avenue directly into your corporate network, which often results in web servers being an initial intrusion vector or mechanism of persistence. Monitoring for...
IIS modules: The evolution of web shells and how to detect them
Web exploitation and web shells are some of the most common entry points in the current threat landscape. Web servers provide an external avenue directly into your corporate network, which often results in web servers being an initial intrusion vector or mechanism of persistence. Monitoring for...
CVE-2022-45934
An integer overflow flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user generates malicious L2CAPCONFREQ packets. This flaw allows a local or bluetooth connection user to crash the system. Mitigation To mitigate these vulnerabilities on the operating system level,...
CVE-2022-3564
A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. Mitigati...
Mitsubishi Electric FA Engineering Software (Update C)
1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GX Works3, MX OPC UA Module Configurator-R Vulnerabilities: Cleartext Storage of Sensitive Information, Use of Hard-coded Password, Insufficiently Protected Credentials,...
[SECURITY] Fedora 35 Update: drupal7-i18n-1.31-1.fc35
This is a collection of modules to extend Drupal core multilingual capabiliti es and be able to build real life multilingual sites. Some features: Taxonomy translation both, per language terms and translatable terms Multilingual variables Multilingual blocks control visibility per language and...
[SECURITY] Fedora 36 Update: drupal7-i18n-1.31-1.fc36
This is a collection of modules to extend Drupal core multilingual capabiliti es and be able to build real life multilingual sites. Some features: Taxonomy translation both, per language terms and translatable terms Multilingual variables Multilingual blocks control visibility per language and...
[SECURITY] Fedora 37 Update: drupal7-i18n-1.31-1.fc37
This is a collection of modules to extend Drupal core multilingual capabiliti es and be able to build real life multilingual sites. Some features: Taxonomy translation both, per language terms and translatable terms Multilingual variables Multilingual blocks control visibility per language and...
CVE-2022-29833
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illgally...
CVE-2022-29833
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illgally...
CVE-2022-29831
Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions from 1.015R to 1.095Z allows a remote unauthenticated attacker to obtain information about the project file for MELSEC safety CPU modules...
Design/Logic Flaw
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illgally...
Hardcoded credentials
Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions from 1.015R to 1.095Z allows a remote unauthenticated attacker to obtain information about the project file for MELSEC safety CPU modules...
CVE-2022-29833
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illgally...
CVE-2022-29833
CVE-2022-29833 affects Mitsubishi Electric GX Works3, versions 1.015R and later. The issue is labeled Insufficiently Protected Credentials, enabling a remote unauthenticated attacker to disclose sensitive information, potentially allowing access to MELSEC safety CPU modules. Connected advisories ...
CVE-2022-29832
Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result,...
CVE-2022-29831
Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions from 1.015R to 1.095Z allows a remote unauthenticated attacker to obtain information about the project file for MELSEC safety CPU modules...