In PHP, when using Apache and PHP-CGI on Windows and if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow remote attackers to pass options to PHP binary being run, leading to execute system commands in the context of the affected application. This module will exploit the vulnerability by using the "cgi.force_redirect=0" parameter and attacking the "/php-cgi/php-cgi.exe" endpoint; which are required to exploit XAMPP on Windows. If the target is vulnerable but is not XAMPP, then the ENDPOINT parameter must point to a proper php script.
In PHP, when using Apache and PHP-CGI on Windows and if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow remote attackers to pass options to PHP binary being run, leading to execute system commands in the context of the affected application. This module will exploit the vulnerability by using the "cgi.force_redirect=0" parameter and attacking the "/php-cgi/php-cgi.exe" endpoint; which are required to exploit XAMPP on Windows. If the target is vulnerable but is not XAMPP, then the TARGET parameter must point to a proper php script.
This vulnerability allows an attacker to bypass the string comparison of the request path and access the setup wizard ("/SetupWizard.aspx") even on already-configured ScreenConnect instances. By exploiting this vulnerability and gaining access to the setup wizard, an attacker can create an administrative user and upload a malicious ScreenConnect extension to achieve remote code execution (RCE) on the ScreenConnect server. The vulnerable version of the ScreenConnect program is version 23.9.7 and earlier.
This vulnerability allows an attacker to bypass the string comparison of the request path and access the setup wizard ("/SetupWizard.aspx") even on already-configured ScreenConnect instances. By exploiting this vulnerability and gaining access to the setup wizard, an attacker can create an administrative user and upload a malicious ScreenConnect extension to achieve remote code execution (RCE) on the ScreenConnect server. The vulnerable version of the ScreenConnect program is version 23.9.7 and earlier.
This module exploits an OS Command Injection to deploy an agent in Jetbrains TeamCity. The vulnerability is in the handleRequestInternal method of the BaseController class which allows bypass of authentication in HTTP requests with a path that return a 404 response and that contain an HTTP parameter named jsp. The path must end with the ".jsp" string and cannot contain the "admin/" string.
This module exploits an OS Command Injection to deploy an agent in Jetbrains TeamCity. The vulnerability is in the handleRequestInternal method of the BaseController class which allows bypass of authentication in HTTP requests with a path that return a 404 response and that contain an HTTP parameter named jsp. The path must end with the ".jsp" string and cannot contain the "admin/" string.
This vulnerability allows unauthenticated attackers to read arbitrary files on the Jenkins controller file system by exploiting a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents. This could expose sensitive information and compromise the integrity of the system. This exploit does not install any agent.
Microsoft Windows Internet Shortcut is prone to a vulnerability that may allow remote attackers to bypass the SmartScreen security feature. The specific flaw exists within the handling of Internet Shortcut (.URL) files. The issue results from the lack of a security check on chained Internet Shortcut files. An attacker can leverage this vulnerability to execute code in the context of the current user.
Subscribe to Windows