Mr.Trunk · @mrtrunk
9 followers · 17195 posts · Server dromedary.seedoubleyou.meSecurityOnline: electron_shell: RAT tool by leveraging Electron’s features for command injection https://securityonline.info/electron_shell-rat-tool-by-leveraging-electrons-features-for-command-injection/ #Electroncommandinjection #CommandInjection #Exploitation #Electron
#electroncommandinjection #commandinjection #exploitation #electron
Mr.Trunk · @mrtrunk
6 followers · 13282 posts · Server dromedary.seedoubleyou.me
SecurityOnline: commix v3.8 releases: Automated All-in-One OS command injection and exploitation tool https://securityonline.info/commix-os-command-injection-exploitation-tool/ #WebVulnerabilityAnalysis #CommandInjection #WebExploitation #commix
#webvulnerabilityanalysis #commandinjection #webexploitation #commix
aegilops :github::microsoft: · @aegilops
160 followers · 606 posts · Server fosstodon.orgI've had my first :github: CodeQL query merged into the experimental section of the official CodeQL rules!
https://lnkd.in/dk_tTiQZ (and a "local" variant, https://lnkd.in/dP88QJwa).
That's query ids java/command-line-injection-extra and java/command-line-injection-extra-local
They spot something the existing :java: command injection query does, but in a way that's more robust to unusual code.
It’s an edge case, but one that was important to a customer.
#CodeQL #sast #java #commandinjection
ITSEC News · @itsecbot
1360 followers · 35907 posts · Server schleuss.onlineGhostscript bug could allow rogue documents to run system commands - Even if you've never heard of the venerable Ghostscript project, you may have it installe... https://nakedsecurity.sophos.com/2023/07/04/ghostscript-bug-could-allow-rogue-documents-to-run-system-commands/ #commandinjection #cve-2023-36664 #vulnerability #ghostscript #pipe #rce
#rce #pipe #ghostscript #vulnerability #cve #commandinjection
sekurak News · @sekurakbot
30 followers · 232 posts · Server mastodon.com.plKrytyczna podatność w bramce pocztowej mającej chronić przed złośliwymi wiadomościami. Złośliwą wiadomością można wykonać dowolny kod na bramce.
Wspomniana w tytule podatność została zidentyfikowana w urządzeniu od Barracuda. Więcej szczegółów znajdziecie tutaj. Gratulacje dla autora opisu, bo mamy tutaj samą esencję: A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure...
#WBiegu #Barracuda #CommandInjection #Email
https://sekurak.pl/krytyczna-podatnosc-w-bramce-pocztowej-majacej-chronic-przed-zlosliwymi-wiadomosciami-zlosliwa-wiadomoscia-mozna-wykonac-dowolny-kod-na-bramce/
#wbiegu #barracuda #commandinjection #email
Security Affairs RSS feed · @securityaffairs
1 followers · 193 posts · Server 0twitter.comFortinet fixed multiple command injection bugs in FortiADC and FortiTester https://securityaffairs.com/140322/security/fortinet-bugs-fortiadc-fortitester.html #informationsecuritynews #ITInformationSecurity #PierluigiPaganini #commandinjection #SecurityAffairs #BreakingNews #SecurityNews #FortiTester #hackingnews #Security #FortiADC #Fortinet #Hacking
#informationsecuritynews #ITInformationSecurity #PierluigiPaganini #commandinjection #SecurityAffairs #BreakingNews #SecurityNews #FortiTester #hackingnews #Security #FortiADC #Fortinet #Hacking
ITSEC News · @itsecbot
856 followers · 32557 posts · Server schleuss.online
OpenSSL issues a bugfix for the previous bugfix - Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all... https://nakedsecurity.sophos.com/2022/06/24/openssl-issues-a-bugfix-for-the-previous-bugfix/ #commandinjection #vulnerability #cryptography #openssl #crypto
#crypto #openssl #cryptography #vulnerability #commandinjection
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
VMware Rolls a Fix for Formerly Critical Zero-Day Bug - VMware has issued a full patch and revised the severity level of the NSA-reported vulnerability to... https://threatpost.com/vmware-fix-critical-zero-day-bug/161896/ #securityvulnerability #privilegeescalation #commandinjection #securityadvisory #vulnerabilities #severityrating #cve-2020-4006 #cybersecurity #workaround #cisaalert #critical #zeroday #vmware #patch #nsa
#nsa #patch #vmware #zeroday #critical #cisaalert #workaround #cybersecurity #cve #severityrating #vulnerabilities #securityadvisory #commandinjection #privilegeescalation #securityvulnerability
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Critical VMware Zero-Day Bug Allows Command Injection; Patch Pending - VMware explained it has no patch for a critical escalation-of-privileges bug that impacts both Win... https://threatpost.com/vmware-zero-day-patch-pending/161523/ #vmwareworkspaceoneaccess #securityvulnerability #vmwareidentitymanager #privilegeescalation #commandinjection #vulnerabilities #vmwarezero-day #cloudsecurity #cve-2020-4006 #zero-day #0-day
#zero #cve #cloudsecurity #vmwarezero #vulnerabilities #commandinjection #privilegeescalation #vmwareidentitymanager #securityvulnerability #vmwareworkspaceoneaccess
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.onlineMozi Botnet Accounts for Majority of IoT Traffic - Mozi’s spike comes amid a huge increase in overall IoT botnet activity. https://threatpost.com/mozi-botnet-majority-iot-traffic/159337/ #commandinjection #internetofthings #vulnerabilities #websecurity #bruteforce #iottraffic #peertopeer #90percent #malware #routers #botnet #telnet #mirai #cmdi #mozi #wget #iot #dht #ibm #p2p
#p2p #ibm #dht #iot #wget #mozi #cmdi #mirai #telnet #botnet #routers #malware #90percent #peertopeer #iottraffic #bruteforce #websecurity #vulnerabilities #internetofthings #commandinjection