CHAOS RAT web panel version 5.0.1 is vulnerable to command injection, which can be triggered from a cross site scripting attack, allowing an attacker to takeover the RAT server.
343ca35b11570c993ed8818aa37a56638c474563d756a7ac0c8f9334b16b6ca5Jasmin Ransomware version 1.1 suffers from an arbitrary file read vulnerability.
31f4b2bfcea7721b795130a73ea23eb4c455761a9210c8e57d648ef7f5a73b61NorthStar C2 agent version 1.0 applies insufficient sanitization on agent registration routes, allowing an unauthenticated attacker to send multiple malicious agent registration requests to the teamserver to incrementally build a functioning javascript payload in the logs web page. This cross site scripting payload can be leveraged to execute commands on NorthStar C2 agents.
e3d03b1bb5d42cd9ee527169a57dc6bfa52c6c6b50d4e1a990a6c9443e01b3b1Ladder versions 0.0.1 through 0.0.21 fail to apply sufficient default restrictions on destination addresses, allowing an attacker to make GET requests to addresses that would typically not be accessible from an external context. An attacker can access private address ranges, locally listening services, and cloud instance metadata APIs.
f06f89665ccf4436395e34e316f44542fe2c8e5818e1b20f6b1def5ff8cf0c48
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed