CloudMiner - Execute Code Using Azure Automation Service Without Getting Charged

Execute code within Azure Automation service without getting charged Description CloudMiner is a tool designed to get free computing power within Azure Automation service. The tool utilizes the upload module/package flow to execute code which is totally free to use. This tool is intended for...

Zyxel zysh Format String Proof Of Concept

!/usr/bin/expect -f raptorzyshfhtagn.exp - zysh format string PoC exploit Copyright c 2022 Marco Ivaldi "We live on a placid island of ignorance in the midst of black seas of infinity, and it was not meant that we should voyage far." -- H. P. Lovecraft, The Call of Cthulhu "Multiple improper inpu...

FreeBSD : Composer -- Code execution and possible privilege escalation (33ba2241-c68e-11ee-9ef3-001999f8d30b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 33ba2241-c68e-11ee-9ef3-001999f8d30b advisory. - Composer is a dependency Manager for the PHP language. In affected versions several files within the...

RHEL 8 : container-tools:rhel8 (RHSA-2024:0764)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0764 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc: file descript...

Zyxel zysh - Format string

!/usr/bin/expect -f raptorzyshfhtagn.exp - zysh format string PoC exploit Copyright c 2022 Marco Ivaldi "We live on a placid island of ignorance in the midst of black seas of infinity, and it was not meant that we should voyage far." -- H. P. Lovecraft, The Call of Cthulhu "Multiple improper inpu...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.12.49 packages and security update

Red Hat OpenShift Container Platform release 4.12.49 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.49 bug fix update and security update

Red Hat OpenShift Container Platform release 4.12.49 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.11.58 packages and security update

Red Hat OpenShift Container Platform release 4.11.58 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

@gun-vue/relay (>=0.4.2 <=0.5.0), @mimik/configuration (>=4.4.10 <=5.0.11) +5 more potentially affected by CVE-2023-42282 via ip (=2.0.0)

ip NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on ip and may be impacted: - @gun-vue/relay =0.4.2, =4.4.10, =1.0.0, =1.0.19, =1.0.0, =1.0.3 Source cves: CVE-2023-42282 Source advisory: OSV:GHSA-78XJ-CGH5-2H22...

GHSA-7C6P-848J-WH5H Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php

Impact Several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code...

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 29, 2024 to February 4, 2024)

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 122 vulnerabilities disclosed in 110...

RHEL 8 : container-tools:4.0 (RHSA-2024:0748)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0748 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc: file...

RHEL 8 : OpenShift Container Platform 4.12.49 (RHSA-2024:0666)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0666 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud...

Composer -- Code execution and possible privilege escalation

Copmposer reports: Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php. Several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions...

CVE-2024-23653 affecting package moby-cli for versions less than 20.10.27-3

CVE-2024-23653 affecting package moby-cli for versions less than 20.10.27-3. A patched version of the package is available...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.14.11 packages and security update

Red Hat OpenShift Container Platform release 4.14.11 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Exploit for Path Traversal in Jenkins

Jenkins is an open source automation server. It helps automate t...

The vulnerability of the command-line interface of the Cisco Prime Infrastructure monitoring and network device management system, as well as the Cisco Evolved Programmable Network (EPN) Manager software, allows a attacker to gain access to the basic operating system as a root user.

The vulnerability of the Application CLI component of the Cisco Prime Infrastructure monitoring and network management system, as well as the Cisco Evolved Programmable Network EPN Manager software, is related to the implementation or modification of arguments. Exploiting this vulnerability can...

Total Upkeep < 1.15.9 - Improper Authorization to Unauthenticated Arbitrary File Download

Description The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check in all versions up to, and including, 1.15.8. This makes it possible for unauthenticated attackers to...

SUSE SLES12 Security Update : runc (SUSE-SU-2024:0328-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0328-1 advisory. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an...