Microsoft Excel / 365 MSO Remote Code Execution

Title: Microsoft Excel Microsoft® Microsoft 365 MSO Version 2305 Build 16.0.16501.20074 32-bit Remote Code Execution Vulnerability Author: nu11secur1ty Date: 06.27.2023 Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/microsoft-365/excel Reference:...

CVE-2023-33137

Microsoft Excel Remote Code Execution Vulnerability Recent assessments: nu11secur1ty at June 27, 2023 9:52am UTC reported: CVE-2023-33137 Vendor Software Description: This exploit is connected with third part exploit server, which waits for the victim to call him and execute the content from him...

Exploit for Improper Input Validation in Moodle

CVE-2022-35649 Payload Generator using Python 2 and Det...

WordPress Slider Revolution 4.6.5 Shell Upload

==================================================================================================================================== | Title : WordPress - Slider Revolution 4.6.5 WordPress - Slider Revolution 4.6.5 shell upload 0-day exploit | | Author : indoushka | | Tested on : windows 10...

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 CVE-2022-22963 PoC Slight modified for Englis...

U.S. Dept Of Defense: Log4Shell: RCE 0-day exploit on █████████

Hi team, log4 shell is recent 0-day exploit it's Java package vulnerable. ██████████ domain is vulnerable Impact RCE System Hosts █████████ Affected Products and Versions CVE Numbers CVE-2021-44228 Steps to Reproduce 1. Go to this url =...

Microsoft Patch Tuesday, December 2021 Edition

Microsoft, Adobe, and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that is already being actively exploited. But this months Patch Tuesday is overshadowed by the "Log4Shell" 0-day exploit in a popular Ja...

Microsoft discovers threat actor targeting SolarWinds Serv-U software with 0-day exploit

Microsoft has detected a 0-day remote code execution exploit being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks. The Microsoft Threat Intelligence Center MSTIC attributes this campaign with high confidence to DEV-0322, a group operating out of China, based on...

Microsoft discovers threat actor targeting SolarWinds Serv-U software with 0-day exploit

Microsoft has detected a 0-day remote code execution exploit being used to attack SolarWinds Serv-U FTP software in limited and targeted attacks. The Microsoft Threat Intelligence Center MSTIC attributes this campaign with high confidence to DEV-0322, a group operating out of China, based on...

SolarWinds Releases Advisory for Serv-U Vulnerability

SolarWinds has released an advisory addressing a vulnerability—CVE-2021-35211—affecting Serv-U Managed File Transfer and Serv-U Secure FTP. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Note: this vulnerability does not affect any other...

Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium

Executive summary Kaspersky Exploit Prevention is a component part of Kaspersky products that has successfully detected a number of zero-day attacks in the past. Recently, it caught a new unknown exploit for Google's Chrome browser. We promptly reported this to the Google Chrome security team...

Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe vulnerabilities could allow an attacker to execute arbitrary co...

PolarBear

An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would require unprivileged...

Security Bulletin: MySQL 0-day exploit (CVE-2016-6662)

Question Security Bulletin: MySQL 0-day exploit CVE-2016-6662 Answer Summary Aspera software is not affected by the 0-day MySQL vulnerability. This vulnerability allows attackers to remotely inject SQL code with root privileges and thus compromise a system. The attack would involve modifying...

Microsoft windows October release of the 62 flaws vulnerability bug patch, and repair of the National researchers submitted the 0-day flaw vulnerability bug-vulnerability warning-the black bar safety net

Microsoft on Tuesday's Patch Tuesday on the breath announced a 62 bug. the bug of the patch, which contains a has been applied to the major Office 0-day exploits flaws in the bug, this is by memory of the destruction occasioned by the long-distance code to perform vulnerability flaws bug（...

Not Just Criminals, But Governments Were Also Using MS Word 0-Day Exploit

Recently we reported about a critical code execution vulnerability in Microsoft Word that was being exploited in the wild by cyber criminal groups to distribute malware like Dridex banking trojans and Latentbot. Now, it turns out that the same previously undisclosed vulnerability in Word...

http-vuln-cve2017-5638 NSE Script

Detects whether the specified URL is vulnerable to the Apache Struts Remote Code Execution Vulnerability CVE-2017-5638. Script Arguments http-vuln-cve2017-5638.path The URL path to request. The default path is "/". http-vuln-cve2017-5638.method The HTTP method for the request. The default method ...

Rough Auditing Tool for Security (RATS) 2.3 - Array Out of Block Crash

Exploit Title: RATS 2.3 Array Out of Block Crash Date: 29th April 2016 Exploit Author: David Silveiro Author Contact: twitter.com/davidsilveiro Website: Xino.co.uk Software Link: https://code.google.com/archive/p/rough-auditing-tool-for-security/downloads Version: RATS 2.3 Tested on: Ubuntu 14.04...

Ammyy Admin 3.5 - Remote Code Execution (Metasploit)

Ammyy Admin 3.5 - Remote Code Execution Metasploit Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/34647.zip aa0day.zip The Revenge of the Scammers This exploit is an 0day in Ammyy Admin http://www.ammyy.com/en/ a remote desktop type software that is wel...

CA Internet Security Suite 2010 - KmxSbx.sys Kernel Pool Overflow (0day)

No description provided by source. / Exploit Title: CA Internet Security Suite 2010 KmxSbx.sys Kernel Pool Overflow 0-day Exploit Date: 2010-11-28 Author: Nikita Tarakanov CISS Research Team Software Link: http://shop.ca.com/ca/products/internetsecurity/internetsecuritysuite.asp Version: up to...