This Metasploit module generates a malicious Microsoft Word document that when loaded, will leverage the remote template feature to fetch an HTML document and then use the ms-msdt scheme to execute PowerShell code.
dfd70a501deb66860bda3d2c8fb70eb21aec791b445093014e637e57d9f6c39c
Backdoor.Win32.Cabrotor.10.d malware suffers from an unauthenticated remote command execution vulnerability.
781c3249eb6aa36f7b01597bb27d91c8d79a40805368b694be3b50761acdfb32
Haron ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit DLL will check if the current directory is "C:\Windows\System32" and if not we grab our process ID and terminate. We do not need to rely on hash signatures or third-party products as the malware's own flaw will do the work for us. Endpoint protection systems and or antivirus can potentially be killed prior to executing malware, but this method cannot as there's nothing to kill the DLL that just lives on disk waiting. From a defensive perspective you can add the DLLs to a specific network share containing important data as a layered approach. All basic tests were conducted successfully in a virtual machine environment.
a7bd8f153e57e54fb1756517560dc5963dec37175fe2367abb498be3cb192cc2
Trojan-Proxy.Win32.Symbab.o malware suffers from a heap corruption vulnerability.
d87eadfc59cb93da41ff57f425f1d203ea3db932253b3a8c23cde42e7b31c47c
Trojan-Banker.Win32.Banbra.cyt malware suffers from an insecure permissions vulnerability.
59d78448228c37d3ef646c8d1875471e29b3ea9f4f7baf50d7b0322510692ded
Trojan-Banker.Win32.Banker.agzg malware suffers from an insecure permissions vulnerability.
1876a4e6434c2516144ce66e1f105fb0ab5f8cd4fd16271c066310d836f2d9c2
Proof of concept script that exploits the remote code execution vulnerability affecting Atlassian Confluence versions 7.18 and below. The OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance. All supported versions of Confluence Server and Data Center are affected. Confluence Server and Data Center versions after 1.3.0 and below 7.18.1 are affected. The vulnerability has a CVSS score of 10 out of 10 for criticality.
af35a5a0af240395f62e977601885f29387ee4fc958081d1910e6f6f0d3d428a
Through the Wire is a proof of concept exploit for CVE-2022-26134, an OGNL injection vulnerability affecting Atlassian Confluence Server and Data Center versions 7.13.6 LTS and below and versions 7.18.0 "Latest" and below. This was originally a zero-day exploited in-the-wild.
942e5b3f32027294cb480a1f6e34ca8ed1933380c4aa4a79161e45a5c6ec7cbc
Confluence suffers from a pre-authentication remote code execution vulnerability that is leveraged via OGNL injection. All 7.4.17 versions before 7.18.1 are affected.
26aa29ff2f763421c60482664f517397136737aa76c3603580bd9bdd40a7e339
Red Hat Security Advisory 2022-4929-01 - PostgreSQL is an advanced object-relational database management system.
c936a76cde58fe9ba0c6dd841e33111a64c142b0ecb0bb7beef8319cffacaab0
Red Hat Security Advisory 2022-4930-01 - Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. Issues addressed include a HTTP request smuggling vulnerability.
256d7d730e436d272a26e847294a772d62a4b31ae61933881d4dc5e1f36ebe9d
Red Hat Security Advisory 2022-4924-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
babd3ebc2a8b7287f09962e7e66593d8aa7f2bf82e3320c57e7b67071c1f3727
Ubuntu Security Notice 5463-1 - It was discovered that NTFS-3G incorrectly handled the ntfsck tool. If a user or automated system were tricked into using ntfsck on a specially crafted disk image, a remote attacker could possibly use this issue to execute arbitrary code. Roman Fiedler discovered that NTFS-3G incorrectly handled certain return codes. A local attacker could possibly use this issue to intercept protocol traffic between FUSE and the kernel.
4d148171efede88e748de7cd3b3a79ab2fc64b62b7ceb59bf5a5473185daa9f8
Ubuntu Security Notice 5462-2 - USN-5462-1 fixed several vulnerabilities in Ruby. This update provides the corresponding CVE-2022-28739 update for ruby2.3 on Ubuntu 16.04 ESM. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.
b47ace4598aa16889d8fd13a61ab6776251e8e1f05e571cdb335797d23e1ec0c
Red Hat Security Advisory 2022-4919-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include HTTP request smuggling, code execution, denial of service, memory leak, and traversal vulnerabilities.
bf1afc73c8ba9c4a4c22d13d1cf262785aff0e2266900d5107732077a9be4c4c
Red Hat Security Advisory 2022-4918-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include HTTP request smuggling, code execution, denial of service, memory leak, and traversal vulnerabilities.
8f6215dbc6e2ca60403953e5fff933cecb7aae3db0e8684fc171f45b5bcbc430
Red Hat Security Advisory 2022-4922-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include HTTP request smuggling, code execution, denial of service, memory leak, and traversal vulnerabilities.
7662acf836b5f242e6276a07b00c0aa87639c1a35f4ad678bade67af019843c5
Ubuntu Security Notice 5462-1 - It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.
93396c53d1b014d262f3aed6dacbfc8d58faaea61e4dae6cbadc94a05bec397a
Ubuntu Security Notice 5461-1 - It was discovered that FreeRDP incorrectly handled empty password values. A remote attacker could use this issue to bypass server authentication. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. It was discovered that FreeRDP incorrectly handled server configurations with an invalid SAM file path. A remote attacker could use this issue to bypass server authentication.
1d0fe0613b35cc1b905808b45f71bafa367f62e1a5115148c9a99c5ea7cc94c8
Ubuntu Security Notice 5460-1 - It was discovered that Vim was incorrectly processing Vim buffers. An attacker could possibly use this issue to perform illegal memory access and expose sensitive information. It was discovered that Vim was not properly performing bounds checks for column numbers when replacing tabs with spaces or spaces with tabs, which could cause a heap buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
b8f2244664433fce0a0b514e45737c4c9a7b3540bab47163fb5325853a62ca5f
Red Hat Security Advisory 2022-4914-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
b43f0c89fd3414efa475d6ec07c2e68d3f66f12f846e7070d1966227905eca9d
Red Hat Security Advisory 2022-4915-01 - PostgreSQL is an advanced object-relational database management system.
da10d33ae9ab76b4cc74c4d3a81cfa7948b1d187fe82fbc6316cd849f2b6be19
Red Hat Security Advisory 2022-4913-01 - PostgreSQL is an advanced object-relational database management system.
84e0920c55ee4159c03535d6369c2e18f99d67e3b2865dea3143bf316fd42261