remote code execution – WindowsTechs.com

BeyondTrust Report: Microsoft Security Vulnerabilities Decreased by 5% in 2023

Posted on April 26, 2024 by Megan Crouse

Refreshed software and collaboration with the security researcher community may have contributed to the 5% drop. Continue reading BeyondTrust Report: Microsoft Security Vulnerabilities Decreased by 5% in 2023→

Phar file deserialization in PHP < 8.0

Posted on April 8, 2024 by OrenIshShalom

TLDR:

I want to reproduce the RCE from phar file deserialization described in GitHub/advisory/97m3.
I fabricate an html file that includes a malicious svg file in its <img> tag.
Adding debug prints, I make sure I hit file_exists wit… Continue reading Phar file deserialization in PHP < 8.0→

xp_cmdshell as dbo user only able to run ‘ping localhost’ to verify RCE?

Posted on April 5, 2024 by dawn breaker

I am doing a pentest on a client’s ASP web application and I have identified a blind SQL injection. However, after enabling xp_cmdshell, I am only able to run the ping localhost command to verify the RCE, which has a 3-second delay. I also… Continue reading xp_cmdshell as dbo user only able to run ‘ping localhost’ to verify RCE?→

Storing APFS password in Apple’s Keychain for Time Machine

Posted on March 17, 2024 by Alexander K.

If you are using an encrypted APFS container, for example, to encrypt the Time Machine, whenever the physical disk is plugged in, MacOS asks for a decryption password with an option to store it ("remember the password") in the ke… Continue reading Storing APFS password in Apple’s Keychain for Time Machine→

Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin

Posted on February 26, 2024 by Ionut Arghire

The vulnerability carries a CVSS severity score of 9.8/10 and affects web sites running the Ultimate Member WordPress membership plugin.
The post Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin appeared first on SecurityWeek.
Continue reading Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin→

How to bypass ascii_letters and run the code in eval

Posted on February 26, 2024 by oracle

I have next code:
if request.method == ‘POST’:
exp = request.form[‘Expression’]
for i in exp:
if i in ascii_letters:
return render_template(‘index.html’, exp=”, result="Only [0-9] and s… Continue reading How to bypass ascii_letters and run the code in eval→

ConnectWise Confirms ScreenConnect Flaw Under Active Exploitation

Posted on February 21, 2024 by Ryan Naraine

Security experts describe exploitation of the CVSS 10/10 flaw as “trivial and embarrassingly easy.”
The post ConnectWise Confirms ScreenConnect Flaw Under Active Exploitation appeared first on SecurityWeek.
Continue reading ConnectWise Confirms ScreenConnect Flaw Under Active Exploitation→

Microsoft Patch Tuesday: Critical Spoofing and Remote Code Execution Flaws

Posted on December 12, 2023 by Ryan Naraine

Microsoft warns of critical spoofing and remote code execution bugs in the Windows MSHTML Platform and Microsoft Power Platform Connector.
The post Microsoft Patch Tuesday: Critical Spoofing and Remote Code Execution Flaws appeared first on SecurityWeek.
Continue reading Microsoft Patch Tuesday: Critical Spoofing and Remote Code Execution Flaws→

Does other frontend framework have similar issue like AngularJS?

Posted on November 24, 2023 by daisy

I’m reading an article that talks about XSS exploitation on AngularJS,

AngularJS will render the template in ng-html, and it bypasses sanitize-html.
My questions,

I’m wondering if other frameworks like Vue.js and React is also vulnerable… Continue reading Does other frontend framework have similar issue like AngularJS?→

Python Code Injection With int()

Posted on November 11, 2023 by elidibus

I discovered reading the documentation for int() in python that I could execute operating system commands if something like the following were passed to the int() constructor:
type(”,(),{‘a’:5,’b’:6,’c’:7,’__int__’:lambda x : exec("i… Continue reading Python Code Injection With int()→