18 matches found
CVE-2026-42433
OpenClaw before 2026.4.10 contains an authorization bypass vulnerability allowing operator.write message-tool paths to access Matrix profile persistence requiring admin-level authority. Attackers can exploit insufficient access controls to mutate persistent profile configuration through non-owner...
EUVD-2026-27249
OpenClaw before 2026.4.10 contains an authorization bypass vulnerability allowing operator.write message-tool paths to access Matrix profile persistence requiring admin-level authority. Attackers can exploit insufficient access controls to mutate persistent profile configuration through non-owner...
CVE-2026-42433
OpenClaw vulnerable before 2026.4.10: an authorization bypass lets an operator.write message-tool path access Matrix profile persistence with admin-level authority. Exploitation would allow non-owner message-tools to mutate persistent profile configuration due to insufficient access controls. Aff...
CVE-2026-42433
OpenClaw before 2026.4.10 contains an authorization bypass vulnerability allowing operator.write message-tool paths to access Matrix profile persistence requiring admin-level authority. Attackers can exploit insufficient access controls to mutate persistent profile configuration through non-owner...
CVE-2026-42433 OpenClaw < 2026.4.10 - Unauthorized Matrix Profile Config Persistence Access via operator.write Message Tools
OpenClaw before 2026.4.10 contains an authorization bypass vulnerability allowing operator.write message-tool paths to access Matrix profile persistence requiring admin-level authority. Attackers can exploit insufficient access controls to mutate persistent profile configuration through non-owner...
CVE-2026-42433 OpenClaw < 2026.4.10 - Unauthorized Matrix Profile Config Persistence Access via operator.write Message Tools
OpenClaw before 2026.4.10 contains an authorization bypass vulnerability allowing operator.write message-tool paths to access Matrix profile persistence requiring admin-level authority. Attackers can exploit insufficient access controls to mutate persistent profile configuration through non-owner...
PT-2026-37005
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description An authorization bypass exists where gateway 'operator.write' message-tool paths can access Matrix profile persistence, which should require admin-level authority. This occurs due to insufficien...
Powershell Profile Persistence
This module establishes persistence by modifying a PowerShell profile script, which is automatically executed when PowerShell starts. The module supports multiple profile scopes current user or all users and safely backs up any existing profile prior to modification, enabling clean removal by...
Powershell Profile Persistence
This Metasploit module establishes persistence by modifying a PowerShell profile script, which is automatically executed when PowerShell starts. The module supports multiple profile scopes current user or all users and safely backs up any existing profile prior to modification, enabling clean...
Metasploit Weekly Wrap-Up 09/05/2025
Persistence Improvements and Exploits This week, the Metasploit team and the community has made improvements to some persistence modules such as Bash, which improves how they function behind the scenes. They have also been tagged with MITRE ATT&CK techniques. A new exploit has also been added thi...
Bash Profile Persistence Exploit
This Metasploit module writes an execution trigger to the target's Bash profile. The execution trigger executes a call back payload whenever the target user opens a Bash terminal. A handler is not run automatically, so you must configure an appropriate exploit/multi/handler to receive the callbac...
Bash Profile Persistence
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Bash Profile Persistence', 'Description' = %q" This module writes an execution trigger to the target's Bash profile. The execution trigger execut...
Bash Profile Persistence
This module writes an execution trigger to the target's Bash profile. The execution trigger executes a call back payload whenever the target user opens a Bash terminal. A handler is not run automatically, so you must configure an appropriate exploit/multi/handler to receive the callback. This...
CVE-2018-4115
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the "System Preferences" component. It allows attackers to bypass intended access...
Design/Logic Flaw
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the "System Preferences" component. It allows attackers to bypass intended access...
CVE-2018-4115
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the "System Preferences" component. It allows attackers to bypass intended access...
Dr0p1t Framework 1.3 - A Framework That Creates An Advanced FUD Dropper With Some Tricks
Have you ever heard about trojan droppers ? In short dropper is type of trojans that downloads other malwares and Dr0p1t gives you the chance to create a stealthy dropper that bypass most AVs and have a lot of tricks! Features Generated executable properties: The executable size is smaller compar...
Malicious Microsoft Office Documents: Generate-Macro
This script will generate malicious Microsoft Excel Documents that contain VBA macros. This script will prompt you for an IP address and port you will receive your shell at this address and port and the name of the malicious document. From there, the script will then prompt you to choose from a...