809 matches found
HTTP Fetch, Windows Command Shell, Bind IPv6 TCP Stager with UUID Support (Windows x86)
Fetch and execute an x86 payload from an HTTP server. Spawn a piped command shell staged. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/http/x86/shell/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf...
HTTP Fetch, Windows shellcode stage, Reverse Ordinal TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/custom/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf payloadreverseordtcp show...
EUVD-2026-17371
OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote attachment paths containing shell metacharacters...
CVE-2026-32917
OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote attachment paths containing shell metacharacters...
CVE-2026-32917
OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote attachment paths containing shell metacharacters...
CVE-2026-32917 OpenClaw < 2026.3.13 - Remote Command Injection via Unsanitized iMessage Attachment Paths in SCP
OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote attachment paths containing shell metacharacters...
CVE-2026-32917 OpenClaw < 2026.3.13 - Remote Command Injection via Unsanitized iMessage Attachment Paths in SCP
OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability exists because unsanitized remote attachment paths containing shell metacharacters...
CVE-2026-32917
OpenClaw prior to 2026.3.13 is affected by a remote command injection vulnerability in the iMessage attachment staging flow. The issue arises because unsanitized remote attachment paths containing shell metacharacters are passed directly to the SCP remote operand without validation, allowing arbi...
PT-2026-29227
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.13 Description OpenClaw is affected by a remote command injection issue in the iMessage attachment staging flow. The issue arises because unsanitized remote attachment paths containing shell metacharacters are...
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers. "The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered through phishing emails...
CVE-2026-31990
OpenClaw versions prior to 2026.3.2 contain a vulnerability in the stageSandboxMedia function in which it fails to validate destination symlinks during media staging, allowing writes to follow symlinks outside the sandbox workspace. Attackers can exploit this by placing symlinks in the...
CVE-2026-31990 OpenClaw < 2026.3.2 - Symlink Traversal in stageSandboxMedia Destination
OpenClaw versions prior to 2026.3.2 contain a vulnerability in the stageSandboxMedia function in which it fails to validate destination symlinks during media staging, allowing writes to follow symlinks outside the sandbox workspace. Attackers can exploit this by placing symlinks in the...
Command Injection
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via the remote attachment staging process. An attacker can execute arbitrary commands on the configured remote host by supplying a crafted iMessage attachment filename...
Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT
Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan RATs payloads that correspond to XWorm, AsyncRAT, and Xeno RAT. The stealthy attack chain has been codenamed VOIDGEIST by...
GHSA-CFVJ-7RX7-FC7C OpenClaw: stageSandboxMedia destination symlink traversal can overwrite files outside sandbox workspace
Summary stageSandboxMedia allowed destination symlink traversal during media staging, which could overwrite files outside the sandbox workspace root. Impact When sandbox media staging handled inbound files, destination writes under media/inbound were not destination-alias-safe. If a symlink exist...
OpenClaw: stageSandboxMedia destination symlink traversal can overwrite files outside sandbox workspace
Summary stageSandboxMedia allowed destination symlink traversal during media staging, which could overwrite files outside the sandbox workspace root. Impact When sandbox media staging handled inbound files, destination writes under media/inbound were not destination-alias-safe. If a symlink exist...
PT-2026-26411
Summary When iMessage remote attachment fetching is enabled channels.imessage.remoteHost, stageSandboxMedia accepted arbitrary absolute paths and used SCP to copy them into local staging. If a non-attachment path reaches this flow, files outside expected iMessage attachment directories on the...
PT-2026-26230
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.2 Description The stageSandboxMedia function does not properly validate destination symlinks during media staging, potentially allowing writes to follow symlinks outside the sandbox workspace. This could allow...
Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging
Microsoft has disclosed details of a new version of the ClickFix social engineering tactic in which the attackers trick unsuspecting users into running commands that carry out a Domain Name System DNS lookup to retrieve the next-stage payload. Specifically, the attack relies on using the "nslooku...
CVE-2026-1727
The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an...