Tags archives: execution

 

 

 

0

Microsoft Windows LNK File Code Execution

This Metasploit module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 (CVE-2015-0096). The created LNK file is similar except an additional SpecialFolderDataBlock is included. The folder ID set in this SpecialFolderDataBlock is set to the […]

The post Microsoft Windows LNK File Code Execution appeared first on MondoUnix.

 

0

tnftp "savefile" Arbitrary Command Execution

This Metasploit module exploits an arbitrary command execution vulnerability in tnftp’s handling of the resolved output filename – called “savefile” in the source – from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the last component of the requested resource. If the output filename […]

The post tnftp "savefile" Arbitrary Command Execution appeared first on MondoUnix.

 

 

 

 

 

0

Shadowsocks Log Manipulation / Command Execution

Several issues have been identified, which allow attackers to manipulate log files, execute commands and to brute force Shadowsocks with enabled autoban.py brute force detection. Brute force detection from autoban.py does not work with suggested tail command. The key of captured Shadowsocks traffic can be brute forced. The latest commit 2ab8c6b on Sep 6, 2017 […]

The post Shadowsocks Log Manipulation / Command Execution appeared first on MondoUnix.