Lucene search
K

8 matches found

Rapid7 Blog
Rapid7 Blog
added 2023/05/19 6:44 p.m.50 views

Metasploit Weekly Wrap-Up

Fetch Based Payloads: Making the Path from Command Injection to Metasploit Session Shorter This week we’re releasing Metasploit fetch payloads. Fetch payloads are command-based payloads that leverage network-enabled applications on remote hosts and different protocol servers to serve, download, a...

5.8CVSS8.6AI score0.84697EPSS
Exploits6
Metasploit
Metasploit
added 2023/05/18 7:52 p.m.392 views

invscout RPM Privilege Escalation

This module exploits a command injection vulnerability in IBM AIX invscout set-uid root utility present in AIX 7.2 and earlier. The undocumented -rpm argument can be used to install an RPM file; and the undocumented -o argument passes arguments to the rpm utility without validation, leading to...

8.4CVSS7.9AI score0.01457EPSS
Exploits3
Circl
Circl
added 2023/04/28 7:27 a.m.11 views

CVE-2023-28528

creationtimestamp| type| source ---|---|--- 2023-04-28 07:27:02+00:00| seen| https://t.me/cibsecurity/63027 2023-05-18 00:11:48+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/aix/local/invscoutrpmprivesc.rb 2025-02-06 03:13:45+00:00| seen|...

8.4CVSS7.7AI score0.01457EPSS
Exploits3References2
CVE
CVE
added 2023/04/28 2:6 a.m.163 views

CVE-2023-28528

CVE-2023-28528 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. The vulnerability resides in the invscout command, enabling a non-privileged local user to trigger arbitrary command execution via a set-UID root context (a command-injection weakness). Affected fileset: invscout.rte (2.2.0.0–2.2.0.23). R...

8.4CVSS7.8AI score0.01457EPSS
Exploits3References4Affected Software2
Vulnrichment
Vulnrichment
added 2023/04/28 2:6 a.m.9 views

CVE-2023-28528 IBM AIX command execution

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207...

8.4CVSS8.2AI score0.01457EPSS
Exploits3References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/24 3:57 p.m.51 views

Security Bulletin: AIX is vulnerable to arbitrary command execution due to invscout (CVE-2023-28528)

Summary A vulnerability in the AIX invscout command could allow a non-privileged local user to execute arbitrary commands CVE-2023-28528. Vulnerability Details CVEID:CVE-2023-28528 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in the invscout command to...

8.4CVSS8AI score0.01457EPSS
Exploits3Affected Software1
Talos Blog
Talos Blog
added 2023/04/24 2:59 p.m.62 views

Vulnerability Spotlight: Vulnerabilities in IBM AIX could lead to command injection with elevated privileges

Tim Brown of Cisco Security Advisory EMEA discovered these vulnerabilities and contributed to this blog post. A Cisco security researcher recently discovered two vulnerabilities in the IBM AIX Unix platforms that could be exploited to inject commands and logs into targeted systems with elevated...

4.3CVSS8AI score0.01457EPSS
Exploits3
Talos
Talos
added 2023/04/24 12:0 a.m.33 views

IBM Corporation AIX invscout SetUID Binary OS Command Injection Vulnerability

Talos Vulnerability Report TALOS-2023-1691 IBM Corporation AIX invscout SetUID Binary OS Command Injection Vulnerability April 24, 2023 CVE Number CVE-2023-28528 SUMMARY An OS command injection vulnerability exists in the invscout setUID binary functionality of IBM Corporation AIX 7.2. A...

8.4CVSS8.4AI score0.01457EPSS
Exploits3
Rows per page
Query Builder