SMB Fetch, Windows x64 Command Shell, Bind TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an SMB server. Spawn a piped command shell Windows x64 staged. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/smb/x64/shell/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid...

SMB Fetch, Windows x64 LoadLibrary Path

Fetch and execute an x64 payload from an SMB server. Load an arbitrary x64 library path Module Options msf use payload/cmd/windows/smb/x64/loadlibrary msf payloadloadlibrary show actions ...actions... msf payloadloadlibrary set ACTION msf payloadloadlibrary show options ...show and set options...

SMB Fetch, Reverse TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x64 payload from an SMB server. Connect back to the attacker Module Options msf use payload/cmd/windows/smb/x64/vncinject/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show options ...show and se...

SMB Fetch, Windows x64 Reverse HTTP Stager (winhttp)

Fetch and execute an x64 payload from an SMB server. Tunnel communication over HTTP Windows x64 winhttp Module Options msf use payload/cmd/windows/smb/x64/meterpreter/reversewinhttp msf payloadreversewinhttp show actions ...actions... msf payloadreversewinhttp set ACTION msf payloadreversewinhttp...

SMB Fetch, Bind TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an SMB server. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/smb/x64/meterpreter/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid show...

SMB Fetch, Reverse TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an SMB server. Connect back to the attacker with UUID Support Windows x64 Module Options msf use payload/cmd/windows/smb/x64/vncinject/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...

SMB Fetch, Windows shellcode stage, Windows x64 IPv6 Bind TCP Stager

Fetch and execute an x64 payload from an SMB server. Custom shellcode stage. Listen for an IPv6 connection Windows x64 Module Options msf use payload/cmd/windows/smb/x64/custom/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp...

NodeJS -- Vulnerabilities

Node.js reports: Code injection and privilege escalation through Linux capabilities- High http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- High Path traversal by monkey-patching Buffer internals- High setuid does not drop all privileges due to iouring - Hi...

PT-2024-2754 · Undici · Undici

Name of the Vulnerable Software and Affected Versions: Undici versions prior to 6.6.1 Description: The issue is related to the fetch function of the Undici HTTP/1.1 client for Node.js, which can lead to uncontrolled resource consumption. This can be exploited by a remote attacker to cause a denia...

PT-2024-17458

Name of the Vulnerable Software and Affected Versions SourceCodester CRUD without Page Reload version 1.0 Description A vulnerability was found in the file fetch data.php, where the manipulation of the username or city argument leads to cross-site scripting. The attack may be launched remotely...

Malicious code in node-fetch-full (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa23bafe4cbc222c49a4c23ca3b173859fdba0359b927939a941b4768c6e0963 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-959 Malicious code in node-fetch-full (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa23bafe4cbc222c49a4c23ca3b173859fdba0359b927939a941b4768c6e0963 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c

An out-of-bounds read vulnerability was found in Oniguruma in the way it handled regular expression quantifiers. A remote attacker could abuse this flaw by providing a malformed regular expression that, when processed by an application linked to Oniguruma, could possibly crash the application,...

oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c

An out-of-bounds read vulnerability was found in Oniguruma in the way it handled regular expression quantifiers. A remote attacker could abuse this flaw by providing a malformed regular expression that, when processed by an application linked to Oniguruma, could possibly crash the application,...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote authenticated attacker due to the electron module (CVE-2023-45143)

Summary IBM App Connect Enterprise is vulnerable to allowing a remote authenticated attacker to obtain sensitive information, due to the electron module. Electron is used for Discovery Connectors in IBM App Connect Enterprise. This bulletin identifies the steps to take to address the vulnerabilit...

WP Customer Area < 8.2.1 - Subscriber+ Account Address Update

Description The plugin does not properly validate users capabilities in some of its AJAX actions, allowing malicious users to edit other users' account address. You may get the nonce from your save address form fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...

Metasploit 2023 Annual Wrap-Up: Dec. 29, 2023

As 2023 winds down, we’re taking another look back at all the changes and improvements to the Metasploit Framework. This year marked the 20th anniversary since Metasploit version 1.0 was committed and the project is still actively maintained and improved thanks to a thriving community. Version 6....

OESA-2023-1935 golang security update

. Security Fixes: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of...

WP Custom Widget Area <= 1.2.5 - Subscriber+ Menus Creation/Deletion/Update

Description The plugin does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site. Log in as a subscriber, and paste any of the following fetch call in your...

Node.js: Denial of Service by resource exhaustion in fetch() brotli decoding

A denial of service vulnerability was identified in Node.js related to resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The issue stems from fetch always decoding Brotli content, allowing an attacker controlling the URL to cause resource exhaustion...