Exploit for CVE-2022-30190

Five Nights at Follina's A Fullstack Academy Cybersecurity pro...

Exploit for CVE-2022-30190

Five Nights at Follina's A Fullstack Academy Cybersecurity pro...

Citrix Provisioning Console communication error while running on Azure

The Citrix Provisioning Console fails to communicate with Azure after TLS 1.0 has been disabled. This prevents the use of CVAD Setup Wizard or power management in Azure using the Citrix Provisioning Console or Citrix Provisioning PowerShell interfaces. This affects all version of Citrix...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2022-2156)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : git (EulerOS-SA-2022-2156)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where...

Command Injection

shescape is vulnerable to command injection. White spaces are not escaped for the escape or escapeAll functions with the interpolation option set to true on Bash, Dash, and Zsh on Unix and Powershell on Windows systems, allowing an attacker to inject malicious characters...

Carriage Return And Line Feed (CLRF) Injection

shescape is vulnerable to carriage return line feed CRLF injection. User provided data for Powershell and cmd.exe on Windows systems are not escaped sufficiently, allowing an attacker to input a line feed character '\n'...

Exploit for CVE-2022-22029

It is an offensive tool for Windows. The repository appears to b...

PT-2022-20592 · Microsoft +1 · Powershell +2

Name of the Vulnerable Software and Affected Versions: Shescape versions prior to 1.5.8 Description: The issue impacts users of the escape or escapeAll functions with the interpolation option set to true. If an attacker can include whitespace in their input, they can invoke shell-specific behavio...

Researchers Uncover New Attempts by Qakbot Malware to Evade Detection

The operators behind the Qakbot malware are transforming their delivery vectors in an attempt to sidestep detection. "Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel XLM 4.0 to trick...

July 12, 2022—KB5015811 (OS Build 17763.3165)

July 12, 2022—KB5015811 OS Build 17763.3165 NEW 7/12/22 After September 20, 2022, there will no longer be optional, non-security releases known as "C" or preview releases for the 2019 LTSC editions and Windows Server 2019. Only cumulative monthly security updates known as the "B" or Update Tuesda...

July 12, 2022—KB5015808 (OS Build 14393.5246) - EXPIRED

July 12, 2022—KB5015808 OS Build 14393.5246 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. --- 11/19/20 For...

July 12, 2022—KB5015827 (OS Build 20348.825)

July 12, 2022—KB5015827 OS Build 20348.825 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when ne...

July 12, 2022—KB5015814 (OS Build 22000.795)

July 12, 2022—KB5015814 OS Build 22000.795 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11 original release, see its update history page.Note Follow @WindowsUpdate to find out...

EulerOS 2.0 SP9 : git (EulerOS-SA-2022-1965)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where...

Microsoft-365-Extractor-Suite - A Set Of PowerShell Scripts That Allow For Complete And Reliable Acquisition Of The Microsoft 365 Unified Audit Log

This suite of scripts contains two different scripts that can be used to acquire the Microsoft 365 Unified Audit Log Read the accompanying blog post on https://invictus-ir.medium.com/introduction-of-the-microsoft-365-extractor-suite-b85e148d4bfe 1. Microsoft365Extractor , the original script stem...

SharpWSUS - CSharp tool for lateral movement through WSUS

SharpWSUS is a CSharp tool for lateral movement through WSUS. There is a corresponding blog https://labs.nettitude.com/blog/introducing-sharpwsus/ which has more detailed information about the tooling, use case and detection. Credits Massive credit to the below resources that really did 90% of th...

Forced Chrome extensions get removed, keep reappearing

In the continued saga of annoying search extensions we have a new end-of-level boss. Victims have been reporting browser extensions that were removed by Malwarebytes, but “magically” came back later. Since the victims also complained about the message saying their browser was "managed", we had a...

Metasploit Weekly Wrap-Up

Add Windows target support for the Confluence OGNL injection module Improves the exploit/multi/http/atlassianconfluencenamespaceognlinjection module to support Windows server targets. This new target can be used to run payloads in memory with Powershell using the new payload adapters or drop an...

Exploit for CVE-2021-34527

CVE-2021-34527 - PrintNightmare LPE PowerShell Caleb Stew...