CVE-2023-24582

Two OS command injection vulnerabilities exist in the urvpnclient cmdnameaction functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injectio...

Milesight UR32L 操作系统命令注入漏洞

The Milesight UR32L is a 4G industrial router from China's Milesight. A command execution vulnerability exists in the Milesight UR32L urvpnclient cmdnameaction function, which can be exploited by an attacker to execute arbitrary commands on the system...

Milesight UR32L 命令注入漏洞

The Milesight UR32L is a 4G industrial router from China's Milesight. A command execution vulnerability exists in the Milesight UR32L urvpnclient cmdnameaction function, which can be exploited by an attacker to execute arbitrary commands on the system...

RHEL 9 : go-toolset and golang (RHSA-2023:3923)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3923 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go...

RHEL 7 : go-toolset-1.19 and go-toolset-1.19-golang (RHSA-2023:3920)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3920 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: cmd/go: go...

RHEL 8 : go-toolset:rhel8 (RHSA-2023:3922)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3922 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: cmd/go: go...

CVE-2023-35931 Shescape potential environment variable exposure on Windows with CMD

Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1...

Fedora 37 : golang (2023-30f7ad4709)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-30f7ad4709 advisory. go1.19.10 released 2023-06-06 includes four security fixes to the cmd/go and runtime packages, as well as bug fixes to the compiler, the go command, and the...

TFTP Fetch, Linux Meterpreter Service, Reverse TCP Inline

Fetch and execute a x86 payload from a TFTP server. Stub payload for interacting with a Meterpreter Service Module Options msf use payload/cmd/linux/tftp/x86/metsvcreversetcp msf payloadmetsvcreversetcp show actions ...actions... msf payloadmetsvcreversetcp set ACTION msf payloadmetsvcreversetcp...

CVE-2023-29404

...

GitHub: CVE-2023-29012 Git CMD erroneously executes `doskey.exe` in current directory, if it exists

...

Brazilian Cybercriminals Using LOLBaS and CMD Scripts to Drain Bank Accounts

An unknown cybercrime threat actor has been observed targeting Spanish- and Portuguese-speaking victims to compromise online banking accounts in Mexico, Peru, and Portugal. "This threat actor employs tactics such as LOLBaS living-off-the-land binaries and scripts, along with CMD-based scripts to...

AlmaLinux 8 : kernel (ALSA-2023:2951)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2951 advisory. - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. CVE-2021-26341 - When sending...

TFTP Fetch, Windows x64 Command Shell, Windows x64 Bind TCP Stager

Fetch and execute an x64 payload from a TFTP server. Spawn a piped command shell Windows x64 staged. Listen for a connection Windows x64 Module Options msf use payload/cmd/windows/tftp/x64/shell/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp...

Oracle Linux 9 : kernel (ELSA-2023-2458)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2458 advisory. - A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6streamops/inet6dgramops of...

RHEL 9 : kernel-rt (RHSA-2023:2148)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2148 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

CVE-2020-18280

Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a local attacker to execute arbitrary code via the EMBED SRC function...

CVE-2020-18280

Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a local attacker to execute arbitrary code via the EMBED SRC function...

Cross site scripting

Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a local attacker to execute arbitrary code via the EMBED SRC function...

Phodal CMD 跨站脚本漏洞

Phodal CMD is a drop-in editor for the WeChat media platform by Fengda Huang, an individual developer in China. A security vulnerability exists in Phodal CMD version v.1.0, which stems from the presence of a cross-site scripting vulnerability that allows local attackers to execute arbitrary code...