XAMPP installs running on Windows system configured to use Japanese or
Chinese (simplified or traditional) locales are vulnerable to a PHP CGI
argument injection vulnerability. This exploit module returns a session
running in the context of the Administrator user
The powershell_base64 encoder was changed to use the Windows start
command, which broke some payload after they were encoded. This was
because when using start, the argument can not be a string of commands
joined by & which is required by the fetch payloads. This fixes that
issue by removing the start command from the encoder
The junos_phprc_auto_prepend_file module used to depend on having a user
authenticated to the J-Web application to steal the necessary session
tokens in order to exploit. With this enhancement the module will now
create a session if one doesnt exist. Also it adds datastore options to
change the hash format to be compatible with older version as well an
option to attempt to set ssh root login to true before attempting to
establish a root ssh session
This module leverages an unauthenticated arbitrary root file read
vulnerability for Check Point Security Gateway appliances. When the
IPSec VPN or Mobile Access blades are enabled on affected devices,
traversal payloads can be used to read any files on the local file
system. This vulnerability is tracked as CVE-2024-24919.
This exploit module leverages an arbitrary file write vulnerability
(CVE-2024-25641) in Cacti versions prior to 1.2.27 to achieve RCE. It
abuses the Import Packages feature to upload a specially crafted package
that embeds a PHP file.
improve documentation guidance to mention upgrading to a newer supported version (as 2.x is no longer supported)
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
VSCode allows users open a Jypiter notebook (.ipynb) file. Versions
v1.4.0 - v1.71.1 allow the Jypiter notebook to embed HTML and
javascript, which can then open new terminal windows within VSCode. Each
of these new windows can then execute arbitrary code at startup
sud0Ru