CVE-2024-6127 : BC SECURITY EMPIRE UP TO 5.9.2 PATH TRAVERSAL

Description

BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payload data containing a malicious path.

References

https://aceresponder.com/blog/exploiting-empire-c2-framework

https://github.com/ACE-Responder/Empire-C2-RCE-PoC

https://github.com/BC-SECURITY/Empire/blob/8283bbc77250232eb493bf1f9104fdd0d468962a/CHANGELOG.md?plain=1#L102

https://vulncheck.com/advisories/empire-unauth-rce

For More Information

CVERecord

Contact us to get started

CVE-2024-6284 : GOOGLE NFTABLES UP TO 0.1.0 ADDSET INPUT VALIDATION

Description In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not

Learn more

CVE-2024-34750 : APACHE TOMCAT UP TO 9.0.89/10.1.24/11.0.0-M20 HTTP/2 STREAM EXCEPTIONAL CONDITION

Description Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did

Learn more

CVE-2024-35227 : DISCOURSE UP TO 3.3.0.BETA2/3.2.2 URL DENIAL OF SERVICE

Description Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the

Learn more