SawtoothSoftware Lighthouse Studio < 9.16.14 - Pre-Auth Remote Code Execution

A pre-authentication remote code execution vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14. The issue arises from the unsafe use of the eval function within the Perl CGI component ciwweb.pl, where attacker-supplied input inside hidRandomACARAT is directly...

📄 Sawtooth Lighthouse Studio 9.16.14 Remote Command Execution

Sawtooth Lighthouse Studio version 9.16.14 proof of concept remote command execution exploit. ============================================================================================================================================= | Title : Sawtooth Lighthouse Studio 9.16.14 RCE | | Author :...

Scam USPS and E-Z Pass Texts and Websites

Google has filed a complaint in court that details the scam: In a complaint filed Wednesday, the tech giant accused "a cybercriminal group in China" of selling "phishing for dummies" kits. The kits help unsavvy fraudsters easily “execute a large-scale phishing campaign,” tricking hordes of...

Google Sues to Disrupt Chinese SMS Phishing Triad

Google is suing more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out text message lures, and convert phished payment card data into mobile wallets from Apple and...

1 million victims, 17,500 fake sites: Google takes on toll-fee scammers

A Phishing-as-a-Service PhaaS platform based in China, known as “Lighthouse,” is the subject of a new Google lawsuit. Lighthouse enables smishing SMS phishing campaigns, and if you’re in the US there is a good chance you've seen their texts about a small amount you supposedly owe in toll fees...

Google Sues China-Based Hackers Behind $1 Billion Lighthouse Phishing Platform

Google has filed a civil lawsuit in the U.S. District Court for the Southern District of New York SDNY against China-based hackers who are behind a massive Phishing-as-a-Service PhaaS platform called Lighthouse that has ensnared over 1 million users across 120 countries. The PhaaS kit is used to...

This Is the Platform Google Claims Is Behind a 'Staggering’ Scam Text Operation

Google is suing 25 people it alleges are behind a “relentless” scam text operation that uses a phishing-as-a-service platform called Lighthouse...

EUVD-2005-0963

Malware in sbrugna...

EUVD-2016-6742

Malware in sbrugna...

EUVD-2016-6725

Malware in sbrugna...

EUVD-2016-0876

Malware in sbrugna...

EUVD-2016-6732

Malware in sbrugna...

17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge

The phishing-as-a-service PhaaS offerings known as Lighthouse and Lucid has been linked to more than 17,500 phishing domains targeting 316 brands from 74 countries. "Phishing-as-a-Service PhaaS deployments have risen significantly recently," Netcraft said in a new report. "The PhaaS operators...

Metasploit Wrap-Up 09/12/25

New LightHouse Studio RCE module This week we've added a new module that exploits an unauthenticated template injection vulnerability CVE-2025-34300 in Sawtooth Software’s Lighthouse Studio, allowing arbitrary Perl execution via survey templates in versions prior to 9.16.14. This module has the...

Template Injection Vulnerability in Sawtooth Software's Lighthouse Studio (CVE-2025-34300)

This module exploits a template injection vulnerability in the Sawtooth Software Lighthouse Studio's ciwweb.pl web application. The application fails to properly sanitize user input within survey templates, allowing unauthenticated attackers to inject and execute arbitrary Perl commands on the...

📄 Sawtooth Software Lighthouse Studios Template Injection

This Metasploit module exploits a template injection vulnerability in the Sawtooth Software Lighthouse Studios ciwweb.pl web application. The application fails to properly sanitize user input within survey templates, allowing unauthenticated attackers to inject and execute arbitrary Perl commands...

Exploit for CVE-2025-34300

Sawtooth Lighthouse Studio has a template injection vulnerabilit...

Malicious code in lighthouse-vinegar-neu2 (npm)

The package lighthouse-vinegar-neu2 was found to contain malicious code...

Malicious code in grape-lighthouse-8yb7 (npm)

The package grape-lighthouse-8yb7 was found to contain malicious code...

Malicious code in lighthouse-beetroot-3esx (npm)

The package lighthouse-beetroot-3esx was found to contain malicious code...