Exploit

CVE-2022-24066

Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)

Published: Apr 1, 2022 / Updated: 31mo ago

Node.js simple-git module could allow a remote attacker to execute arbitrary commands on the system, caused by command injection flaw. By sending a specially-crafted request using the the –upload-pack feature, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

In Beyond Root I’ll show some unintended paths, first using a weird permissions setting on the LibreNMS directory to skip the SNMP trap exploitation, and then using the LibreOffice Calc API to write formulas into a worksheet that read files from the file system, which I’ll turn into a nice Python script to get arbitrary file read. When I get access to the server, I can see that is loading, which is what gets the messages from the server, and then loads them into the page with this code by setting it’s, which doesn’t trigger the loading of the tag.

Original release date: April 11, 2022 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info escanav -- escan_anti-virus An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values. 2022-04-01 10 CVE-2021-26624 MISC pagekit -- pagekit pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing. 2022-04-01 10 CVE-2021-44135 MISC allmediaserver -- allmediaserver Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932. 2022-04-03 10 CVE-2022-28381 MISC MISC qualcomm -- apq8096au_firmware An Out of Bounds read may potentially occur while processing an IBSS beacon, in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music 2022-04-01 9.4 CVE-2021-35117 CONFIRM dell -- wyse_management_suite Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unrestricted file upload vulnerability. A malicious user with admin privileges can exploit this vulnerability in order to execute arbitrary code on the system. 2022-04-01 9 CVE-2022-23155 CONFIRM hitrontech -- chita_firmware Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulnerability via the Device/DDNS ddnsUsername field. 2022-04-01 9 CVE-2022-25017 MISC idearespa -- reftree An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource.

In Beyond Root I’ll show some unintended paths, first using a weird permissions setting on the LibreNMS directory to skip the SNMP trap exploitation, and then using the LibreOffice Calc API to write formulas into a worksheet that read files from the file system, which I’ll turn into a nice Python script to get arbitrary file read. When I get access to the server, I can see that is loading, which is what gets the messages from the server, and then loads them into the page with this code by setting it’s, which doesn’t trigger the loading of the tag.

A remote attacker can pass specially crafted data to the application via the new Range function and perform regular expression denial of service (ReDos) attack. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

CVE Id : CVE-2022-25912 Published Date: 2022-12-07T16:21:00+00:00 The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306). inTheWild added a link to an exploit: https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3153532

GitHub Security Advisory: GHSA-9p95-fxvg-qgq2 Release Date: 2022-12-06 Update Date: 2022-12-07 Severity: High CVE-2022-25912 Base Score: 8.1 Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Package Information Package: simple-git Affected Versions: Patched Versions: 3.15.0 Description The package simple-git before 3.15.0 is vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method.

The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306). (CVSS:0.0) (Last Update:2022-12-06)