Malicious code in graphicsctxr (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 10408decaf8cace14b8124fa392ee96996c3c91358cb454cbfcd45790d18cdf9 Package contains code to exfiltrate .env to a remote target. Prior to version 2.1.1, it also created a persistent backdoor via embedding a hardcoded SSH key...

HTTP Fetch, Linux Execute Command

Fetch and execute an MIPSBE payload from an HTTP server. A very small shellcode for executing commands. This module is sometimes helpful for testing purposes. Module Options msf use payload/cmd/linux/http/mipsbe/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf...

Executor can effectively bypass _checkSubAccountSecurityConfig by adding a new Module

Lines of code Vulnerability details Impact An Executor is an account authorized to perform module execution on a subAccount through the ExecutorPlugin. Gnosis Safe Modules manage to bypass the entire guard logic Safe 1.5 has that new guard hook, but there's also no hook logic done in Brahma. For...

PT-2023-27044 · Unknown · Uplight Cookiebanner

Name of the Vulnerable Software and Affected Versions: UpLight cookiebanner versions prior to 1.5.1 Description: The issue is related to a SQL injection vulnerability via the component Hook::getHookModuleExecList. This vulnerability was discovered in UpLight cookiebanner. Recommendations: For...

Code Injection

go is vulnerable to Code Injection. The vulnerability exists when running an untrusted module which contains directories with newline characters in their names which allows an attacker to inject and execute arbitrary commands...

Metasploit Tips and Tricks for HaXmas 2020

For this year's HaXmas, we're giving the gift of Metasploit knowledge! We'll cover a mix of old, new, or recently improved features that you can incorporate into your workflows. Some of our readers may already know these tips and tricks for using Metasploit, but for the others who aren't aware of...

CVE-2019-20044

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULEPATH=/dir/with/module zmodload with a module that calls setuid...

GShark Framework - Check all your backdoors with only one telegram account

This framework can perform web post exploitation, with this you can interact with multiple web backdoor and execute custom module, script. Check all your backdoors with only one telegram messenger account! Connect web backdoor to master server and control it with Telegram Download visual backdoor...

Fedora 20 : bugzilla-4.2.13-1.fc20 (2015-1699)

This is a security update for Bugzilla which fixes two issues : - A user with editcomponents permissions could possibly inject system commands in product names and possibly other attributes. - Methods from imported modules could possibly be executed using the WebService API. The first issue is...

GTK+ 1.2.8 - Arbitrary Loadable Module Execution

GTK+ 1.2.8 - Arbitrary Loadable Module Execution // source: https://www.securityfocus.com/bid/2165/info GTK+ is the Gimp Toolkit, freely available to the public and maintained by the GTK Development Team. A problem exists in the Gimp Toolkit that could allow a user elevated privileges. The proble...