BIT-PHP-MIN-2024-4577 Argument Injection in PHP-CGI

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

DEBIAN-CVE-2024-56334

systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the getWindowsIEEE8021x function. This means that malicious content in the SSID can be executed as OS commands. This...

Fedora: Security Advisory (FEDORA-2024-6bc17db348)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WinRM Command Runner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/winrm/connection' class MetasploitModule 'WinRM Command Runner', 'Description' = %q This module runs arbitrary Windows commands using the WinRM Service ,...

Microsoft SQL Server Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server Command Execution', 'Description' = %q This module will execute a Windows command on a MSSQL/MSDE instance via the xpcmdshel...

Fedora 39 : composer (2024-bb55f8476a)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bb55f8476a advisory. Version 2.7.7 2024-06-10 Security: Fixed command injection via malicious git branch name GHSA-47f6-5gq3-vx9c / CVE-2024-35241 Security: Fixed multip...

Fedora 40 : composer (2024-9ed24c98cd)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-9ed24c98cd advisory. Version 2.7.7 2024-06-10 Security: Fixed command injection via malicious git branch name GHSA-47f6-5gq3-vx9c / CVE-2024-35241 Security: Fixed multip...

AZL-42427 CVE-2024-5585 affecting package php for versions less than 8.1.29-1

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command ar...

PHP 8.2.x < 8.2.20 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.2.20. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.20 advisory. - In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP- CGI on Windows, if the...

PT-2024-41052 · Unknown · Roundcube Webmail

Name of the Vulnerable Software and Affected Versions: Roundcube Webmail versions 1.6.x Description: The issue concerns several security problems, including cross-site scripting XSS vulnerabilities in handling SVG animate attributes and list columns from user preferences, as well as a command...

Exploit for CVE-2024-24576

CVE-2024-24576-PoC-BatBadBut PoC for CVE-2024-24576 vulnerabi...

PT-2024-26606

Name of the Vulnerable Software and Affected Versions process versions prior to 1.6.19.0 GHC versions prior to 9.10.1-alpha3 GHC versions prior to 9.8.3 GHC versions prior to 9.6.5 Node.js versions up to 21.7.2 Description A command injection vulnerability allows an attacker to perform command...

The vulnerability of the Windows command-line interpreter allows a hacker to execute arbitrary code.

The vulnerability of the Windows command-line interpreter arises from the lack of mechanisms to stop the execution of a script after an error is detected in it. Exploiting this vulnerability allows an attacker to execute arbitrary code by creating images using the built-in graphics editor MS Pain...

PT-2023-25389 · Shescape · Shescape

Name of the Vulnerable Software and Affected Versions: Shescape versions prior to 1.7.1 Description: An attacker may be able to get read-only access to environment variables. This issue affects users of Shescape on Windows using the Windows Command Prompt, and when using quote/quoteAll or...

TFTP Fetch, Windows Command Shell, Encrypted Reverse TCP Stager

Fetch and execute an x64 payload from a TFTP server. Spawn a piped command shell staged. Connect to MSF and read in stage Module Options msf use payload/cmd/windows/tftp/x64/encryptedshell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf...

PT-2023-14253 · Jitsi · Jitsi

Name of the Vulnerable Software and Affected Versions: Jitsi versions prior to commit 8aa7be58522f4264078d54752aae5483bfd854b2 Description: A command injection issue exists when launching browsers on Windows, allowing an attacker to insert an arbitrary URL, which could lead to remote execution...

Apache CouchDB Erlang Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Couchdb Erlang RCE', 'Description' = %q In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installatio...

Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization

Summary Actions to Help Protect Against APT Cyber Activity: • Enforce multifactor authentication MFA on all user accounts. • Implement network segmentation to separate network segments based on role and functionality. • Update software, including operating systems, applications, and firmware, on...

Yokogawa Rental & Lease Passage Drive 输入验证错误漏洞

The Yokogawa Rental & Lease Passage Drive is a passage drive endpoint from Yokogawa Rental & Lease, Japan. An input validation error vulnerability exists in Yokogawa Rental & Lease Passage Drive that stems from insufficient data validation of Passage Drive including inter-process communication,...

Powershell Exec, Windows Command Shell, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Execute an x86 payload from a command via PowerShell. Spawn a piped command shell staged. Listen for a connection Module Options msf use payload/cmd/windows/powershell/shell/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show...