Active Exploitation of VMware Horizon Servers

This post is co-authored by Charlie Stafford, Lead Security Researcher. We will update this blog with further information as it becomes available. CVE | Vendor Advisory | AttackerKB | IVM Content | Patching Urgency | Blog's Last Update ---|---|---|---|---|--- CVE-2021-44228 | VMware Advisory |...

Command Injection

firefox-esr is vulnerable to command injection. The constructed curl command from the Copy as curl feature in DevTools is not correctly escaped from PowerShell, allowing an attacker to inject and execute malicious commands...

Microsoft PowerShell Spoofing Vulnerability (Dec 2021) - Windows

This host is missing an important security update for PowerShell Core according to Microsoft security advisory CVE-2021-43896. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Exploit for CVE-2022-21907

CVE-2022-21907 Description 1. This repository detects a...

Iranian Hackers Exploit Log4j Vulnerability to Deploy PowerShell Backdoor

An Iranian state-sponsored actor has been observed scanning and attempting to abuse the Log4Shell flaw in publicly-exposed Java applications to deploy a hitherto undocumented PowerShell-based modular backdoor dubbed "CharmPower" for follow-on post-exploitation. "The actor's attack setup was...

CVE-2022-22744

The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt. This bug only affects Thunderbird for Windows. Other operating systems are unaffected.. This vulnerabilit...

Description of the security update for SharePoint Server Subscription Edition: January 11, 2022 (KB5002111)

Description of the security update for SharePoint Server Subscription Edition: January 11, 2022 KB5002111 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft Office remote code execution vulnerability. To learn more about the...

Mozilla Thunderbird < 91.5

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-03 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyso...

Mozilla Firefox 命令注入漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox, which stems from a curl command constructed from the copy-to-curl function in DevTools that is not properly escaped into PowerShell.If pasted into a...

CVE-2021-43896 affecting package powershell 7.0.2-1

CVE-2021-43896 affecting package powershell 7.0.2-1. An upgraded version of the package is available that resolves this issue...

Shellcode-Encryptor - A Simple Shell Code Encryptor/Decryptor/Executor To Bypass Anti Virus

A simple shell code encryptor/decryptor/executor to bypass anti virus. Note: I have completely redone the work flow for creating the bypass, I have found injecting the binary into memory using PowerShell as the most effective method. Purpose To generate a .Net binary containing base64 encoded, AE...

Automox Agent 32 - Local Privilege Escalation Exploit

Exploit Title: Automox Agent 32 - Local Privilege Escalation Date: 13/12/2021 Exploit Author: Greg Foss Writeup: https://www.lacework.com/blog/cve-2021-43326/ Vendor Homepage: https://www.automox.com/ Software Link: https://support.automox.com/help/agents Version: 31, 32, 33 Tested on: Windows 10...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228scanner modified - Deprecated Original Scrip...

Automox Agent 32 Local Privilege Escalation

Exploit Title: Automox Agent 32 - Local Privilege Escalation Date: 13/12/2021 Exploit Author: Greg Foss Writeup: https://www.lacework.com/blog/cve-2021-43326/ Vendor Homepage: https://www.automox.com/ Software Link: https://support.automox.com/help/agents Version: 31, 32, 33 Tested on: Windows 10...

Microsoft Issues Fix for Exchange Y2K22 Bug That Crippled Email Delivery Service

Microsoft, over the weekend, rolled out a fix to address an issue that caused email messages to get stuck on its Exchange Server platforms due to what it blamed on a date validation error at around the turn of the year. "The problem relates to a date check failure with the change of the new year...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4PowerShell CVE-2021-44228 Proof of Concept A Proof-Of-C...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228scanner Applications that are vulnerable to the...

Malicious Exchange Server Module Hoovers Up Outlook Credentials

Researchers have uncovered a previously unknown malicious IIS module, dubbed Owowa, that steals credentials when users log into Microsoft Outlook Web Access OWA. Internet Information Services IIS, Microsoft’s web server/web-hosting software suite, can be extended via various add-ons that are know...

AZL-7049 CVE-2021-43896 affecting package powershell for versions less than 7.2.1-1

Microsoft PowerShell Spoofing Vulnerability...

CVE-2021-43896

Microsoft PowerShell Spoofing Vulnerability...