CVE-2022-45184

The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafte...

CVE-2022-45184

The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafte...

CVE-2022-45184

The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafte...

CVE-2022-45183

Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. Patched Versions are 3.5.3, 3.4.7, and 2.12.6...

Privilege escalation

Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. Patched Versions are 3.5.3, 3.4.7, and 2.12.6...

Directory traversal

The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafte...

Worok Hackers Abuse Dropbox API to Exfiltrate Data via Backdoor Hidden in Images

A recently discovered cyber espionage group dubbed Worok has been found hiding malware in seemingly innocuous image files, corroborating a crucial link in the threat actor's infection chain. Czech cybersecurity firm Avast said the purpose of the PNG files is to conceal a payload that's used to...

Ironman Software PowerShell Universal 路径遍历漏洞

Ironman Software PowerShell Universal is a single pane for managing and delegating access to automation environments from Ironman Software. A security vulnerability exists in Ironman Software PowerShell Universal that stems from a web server that allows directory traversal outside of the...

CVE-2022-45184

The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafte...

Ironman Software PowerShell Universal 安全漏洞

Ironman Software PowerShell Universal is a single pane for managing and delegating access to automation environments from Ironman Software. A security vulnerability exists in Ironman Software PowerShell Universal, which stems from a privilege escalation on a web server, that allows an attacker wi...

CVE-2022-45184

The CVE-2022-45184 entry concerns Ironman Software PowerShell Universal Web Server under v3.x/v2.x where a directory-traversal flaw in the web server endpoints allows a remote attacker with administrator privileges to create, delete, update, and display files outside the configuration directory v...

CVE-2022-45183

The CVE-2022-45183 vulnerability affects Ironman Software PowerShell Universal 2.x and 3.x Web Server and enables privilege escalation: an attacker possessing a valid app token can retrieve other app tokens by ID via an HTTP request. The issue is rated high (CVSS v3.1 base score 8.8) with network...

Important Photon OS Security Update - PHSA-2022-0279

Updates of 'strongswan', 'powershell', 'pixman' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2022-4.0-0279

Updates of 'powershell', 'sudo', 'strongswan', 'pixman' packages of Photon OS have been released...

Reverse Lookup IP Addresses

This module reverse resolves an IP address or IP address range to hostnames. Module Options msf use post/multi/recon/reverselookup msf postreverselookup show actions ...actions... msf postreverselookup set ACTION msf postreverselookup show options ...show and set options... msf postreverselookup...

Patch Tuesday - November 2022

It’s a relatively light Patch Tuesday this month by the numbers – Microsoft has only published 67 new CVEs, most of which affect their flagship Windows operating system. However, four of these are zero-days, having been observed as exploited in the wild. The big news is that two older zero-day CV...

Amadey Bot Spotted Deploying LockBit 3.0 Ransomware on Hacked Machines

The Amadey malware is being used to deploy LockBit 3.0 ransomware on compromised systems, researchers have warned. "Amadey bot, the malware that is used to install LockBit, is being distributed through two methods: one using a malicious Word document file, and the other using an executable that...

Important Photon OS Security Update - PHSA-2022-4.0-0274

Updates of 'powershell' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2022-0274

Updates of 'powershell' packages of Photon OS have been released...

Apache CouchDB Erlang Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Couchdb Erlang RCE', 'Description' = %q In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installatio...