Important: sudo

Issue Overview: When sudo runs a command in shell mode, either via the -s or -i command line option, it escapes special characters in the command's arguments with a backslash. The sudoers policy plugin will then remove the escape characters from the arguments before evaluating the sudoers policy...

Amazon Linux 2 : sudo (ALAS-2021-1590)

The version of sudo installed on the remote host is prior to 1.8.23-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1590 advisory. When sudo runs a command in shell mode, either via the -s or -i command line option, it escapes special characters in the command's...

How to build your own PoC framework Pocsuite3 using the article-the vulnerability warning-the black bar safety net

Compared to boring the usage of the description, the more I want to say about Pocsuite3 why will have these features as well as how to achieve. If you also want to build a similar tool, Pocsuite3 some of the thoughts may be able to help you. This article is also recorded Pocsuite3 development...

Arbitrary Command Execution

ceph-iscsi-cli is vulnerable to arbitrary command execution attacks. The vulnerability exists as it was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api...

Maligno v2.0 - Metasploit Payload Server

Maligno is an open source penetration testing tool written in Python that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded prior to transmission. Maligno also comes with a client tool, which...