PT-2022-24446 · Archery · Archery

Name of the Vulnerable Software and Affected Versions: Archery versions 1.4.0 through 1.8.5 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the ThreadIDs parameter in the create kill session interface. Recommendations: For Archery versions 1.4.0 through...

Archery SQL注入漏洞

Archery is a set of open source vulnerability assessment and management tools. Archery v1.4.0 version to v1.8.5 version has a SQL injection vulnerability, the vulnerability stems from the ThreadIDs parameter in the killsession interface contains SQL injection vulnerability...

Archery SQL注入漏洞

Archery is a set of open source vulnerability assessment and management tools. A security vulnerability exists in Archery versions v1.4.0 through v1.8.5, which stems from the ThreadIDs parameter in the createkillsession interface containing a SQL injection vulnerability...

PT-2022-24448 · Archery · Archery

Name of the Vulnerable Software and Affected Versions: Archery versions 1.4.0 through 1.8.5 Description: The issue is related to a SQL injection vulnerability. It occurs via the ThreadIDs parameter in the "kill session" interface. Recommendations: For versions 1.4.0 through 1.8.5, upgrade to...

Command Injection

mc-kill-port is vulnerable to command injection. The vulnerability exists due to a lack of sanitization of the port argument allowing an attacker to inject malicious command via the kill function...

mc-kill-port vulnerable to Arbitrary Command Execution via kill function

All versions of package mc-kill-port are vulnerable to Arbitrary Command Execution via the kill function, due to missing sanitization of the port argument...

CVE-2022-25973

All versions of package mc-kill-port are vulnerable to Arbitrary Command Execution via the kill function, due to missing sanitization of the port argument...

CVE-2022-25973 Arbitrary Command Execution

All versions of package mc-kill-port are vulnerable to Arbitrary Command Execution via the kill function, due to missing sanitization of the port argument...

CVE-2022-25973

mc-kill-port is vulnerable to Arbitrary Command Execution via the kill function due to missing sanitization of the port argument. Affected versions (as described across multiple sources) expose an exploit path where an attacker can inject commands through the port parameter, enabling local comman...

CVE-2022-25973

All versions of package mc-kill-port are vulnerable to Arbitrary Command Execution via the kill function, due to missing sanitization of the port argument...

PT-2022-17621 · Unknown · Mc-Kill-Port

Name of the Vulnerable Software and Affected Versions: mc-kill-port versions all Description: The issue concerns Arbitrary Command Execution via the kill function due to missing sanitization of the port argument. This allows for potential exploitation. No information is provided about the estimat...

mc-kill-port 参数注入漏洞

npm mc-kill-port is a package from npm USA that allows termination of ports. A security vulnerability exists in mc-kill-port, which stems from a lack of parameter cleanup. An attacker can exploit this vulnerability to execute arbitrary commands...

The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs

These days ransomware analysis gets a lot of coverage in commercial and public reports, with vendors issuing dozens of ransomware-related publications each year. These reports provide analysis on specific malware families or new samples, describe the activities of a particular ransomware group,...

CVE-2022-31015 Uncaught Exception (due to a data race) leads to process termination in Waitress

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select. This will lead to the main thread raising an exception that is not handled and then causing t...

GHSA-J7FQ-P9Q7-5WFV Treekill Enables OS Command Injection

A Code Injection exists in treekill and tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command. Steps To Reproduce: Create the following PoC file: js var kill = require'treekill'; kill'3333332 & echo "HACKED" HACKED.txt & '; Execut...

GHSA-MXQ6-VRRR-PPMG Duplicate Advisory: tree-kill vulnerable to remote code execution

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-884p-74jh-xrg2. Ths link is maintained to preserve external references. Original Description A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to contr...

@angular-devkit/build-angular (>=0.8.8 <=0.900.0-rc.8), @apployees-nx/node (>=0.0.1 <=0.0.21) +188 more potentially affected by CVE-2019-15598 via tree-kill (>=0.0.6 <=1.2.1)

tree-kill NPM version =0.0.6, =0.8.8, =0.0.1, =0.0.1-alpha.1, =1.2.2, =6.0.0, =0.0.1, =0.0.1, =2.0.0-beta.22, =2.0.0-beta.1, =1.0.0, =0.0.1, =0.2.0, =7.0.2 and more Source cves: CVE-2019-15598 Source advisory: OSV:GHSA-J7FQ-P9Q7-5WFV...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2022-9260)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9260 advisory. - drm/i915: Flush TLBs before releasing backing store Tvrtko Ursulin Orabug: 33835812 CVE-2022-0330 - drm/i915: Reduce locking in execlist command...

Backdoor.Win32.Cafeini.b Hardcoded Credential

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/b24c56abb4bde960c2d51d4e509d2c68B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Cafeini.b Vulnerability: Weak Hardcoded Credentials Family: Cafeini Type: PE32 MD5:...

Arbitrary Command Execution

Overview mc-kill-port is a package allowing termination of ports. Affected versions of this package are vulnerable to Arbitrary Command Execution via the kill function, due to missing sanitization of the port argument. PoC js const kill = require"mc-kill-port"; kill"abc|echo rce newFile.txt"...