14 matches found
MAL-2025-6100 Malicious code in jcl-over-slf4j (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6765b8e788daac3b9fcad973360085b07eb23632ecc6e6a30030682e006ff607 Any computer that has this package installed or running should be considered...
Malicious code in jcl-over-slf4j (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6765b8e788daac3b9fcad973360085b07eb23632ecc6e6a30030682e006ff607 Any computer that has this package installed or running should be considered...
Malicious code in jcl-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e5db8fba1d3af4871fe70fb88d7eef37a6740477ddfe683e8258afa4345d7055 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3105 Malicious code in jcl-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e5db8fba1d3af4871fe70fb88d7eef37a6740477ddfe683e8258afa4345d7055 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
OPENSUSE-SU-2024:11386-1 jcl-over-slf4j-1.7.30-2.5 on GA media
These are all security issues fixed in the jcl-over-slf4j-1.7.30-2.5 package on the GA media of openSUSE Tumbleweed...
openSUSE: Security Advisory for log4j (openSUSE-SU-2021:4094-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Service Bulletin 130: Updated File Naming Conventions for FTP
Abstract Direct this service bulletin to the persons at customer locations who are responsible for opening Problem Management Reports PMRs for the TPF products. This bulletin expands on information distributed in Service Bulletin 84: File Naming Conventions for FTP and Service Bulletin 112: New F...
Oracle Linux 7 : slf4j (ELSA-2018-0592)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-0592 advisory. 0:1.7.4-4 - Disallow EventData deserialization by default CVE-2018-8088 Tenable has extracted the preceding description block directly from the Oracle Linux...
Z/OS (MVS) Command Shell, Bind TCP
Provide JCL which creates a bind shell This implementation does not include ebcdic character translation, so a client with translation capabilities is required. MSF handles this automatically. This module requires Metasploit: https://metasploit.com/download Current source:...
JCL to Escalate Privileges
Elevate privileges for user. Adds SYSTEM SPECIAL and BPX.SUPERUSER to user profile. Does this by using an unsecured/updateable APF authorized library APFLIB and updating the user's ACEE using this program/library. Note: This privesc only works with z/OS systems using RACF, no other ESM is...
FTP JCL Execution
require 'msf/core' require 'msf/core/exploit/tcp' class MetasploitModule 'FTP JCL Execution', 'Description' = %qSubmit JCL to z/OS via FTP and SITE FILE=JES. This exploit requires valid credentials on the target system, 'Author' = 'Bigendian Smalls', 'mainframed a.k.a. soldier of fortran',...
FTP JCL Execution
Submit JCL to z/OS via FTP and SITE FILE=JES. This exploit requires valid credentials on the target system This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FTP JCL Execution', 'Description' =...
Z/OS (MVS) Command Shell, Reverse TCP
Provide JCL which creates a reverse shell This implementation does not include ebcdic character translation, so a client with translation capabilities is required. MSF handles this automatically. This module requires Metasploit: https://metasploit.com/download Current source:...
Generic JCL Test for Mainframe Exploits
Provide JCL which can be used to submit a job to JES2 on z/OS which will exit and return 0. This can be used as a template for other JCL based payloads This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This is a prototy...