Lucene search
K

837 matches found

ThreatPost
ThreatPost
added 2015/04/03 10:12 a.m.46 views

IBM Outs Dyre Wolf Campaign Steals $1 Million

The Dyre banking Trojan‘s ascension to the top of the financial malware food chain took a massive leap forward in the first three months of 2015. Already spreading a damaging piece of malware that targets corporate bank accounts, the Eastern European keepers of Dyre recently upped their social...

9.3CVSS0.6AI score0.81628EPSS
Exploits22References5
ThreatPost
ThreatPost
added 2015/02/09 12:0 p.m.9 views

Cryptowall 3.0 Slims Down, Removes Exploits From Dropper

A slimmed down version of Cryptowall is in circulation, and this one contains no built-in exploits, confirming a growing trend that most ransomware will be spread almost exclusively via exploit kits. Kits such as Angler, Nuclear, and most recently Hanjuan, have been busy incorporating Flash...

0.6AI score
Exploits0References5
Exploit DB
Exploit DB
added 2015/01/13 12:0 a.m.34 views

Lexmark MarkVision Enterprise - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Lexmark MarkVision Enterprise Arbitrary File Upload', 'Description' = %q This module exploits a code execution flaw in Lexmark...

10CVSS7.4AI score0.77198EPSS
Exploits6
0day.today
0day.today
added 2015/01/07 12:0 a.m.81 views

Pandora 3.1 Auth Bypass / Arbitrary File Upload Vulnerabilities

This Metasploit module exploits an authentication bypass vulnerability in Pandora version 3.1 as disclosed by Juan Galiana Lara. It also integrates with the built-in pandora upload which allows a user to upload arbitrary files to the '/images/' directory. This Metasploit module was created as an...

10CVSS0.65618EPSS
Exploits10
ThreatPost
ThreatPost
added 2014/09/08 11:2 a.m.12 views

'Kyle and Stan' Malvertising Network Targets Windows and Mac Users

A malvertising network that has been operating since at least May has been able to place malicious ads on a number of high-profile sites, including Amazon and YouTube and serves a unique piece of malware to each victim. The network, dubbed Kyle and Stan by the Cisco researchers who analyzed its...

1.5AI score
Exploits0References1
The Hacker News
The Hacker News
added 2014/09/06 2:6 a.m.11 views

Malware Can Bypass Chrome Extension Security Feature Easily

Researchers have uncovered a new social engineering trick that leads users to a malicious extension from Google Chrome impersonating to deliver Adobe’s Flash Player in order to lure victims in a click fraud campaign. Security experts at TrendMicro believe that the malware is triggered by opening...

6.7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

OpenEMR PHP File Upload Vulnerability

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

ibstat $PATH Privilege Escalation

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class Metasploit4 Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::File include Msf::Exploit::FileDropper def initializein...

6.7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

Simple E-Document Arbitrary File Upload

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2014/05/02 12:0 a.m.78 views

Apache Struts ClassLoader Manipulation Remote Code Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Apache Struts ClassLoader Manipulation Remote Code Execution', 'Description' = %q This module exploits a remote command execution...

7.5CVSS0.3AI score0.99614EPSS
Exploits7
Exploit DB
Exploit DB
added 2013/10/26 12:0 a.m.38 views

Open Flash Chart 2 - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Open Flash Chart v2 Arbitrary File Upload", 'Description' = %q This module exploits a file upload vulnerability found in Open Flash...

7.4AI score
Exploits0
0day.today
0day.today
added 2013/10/26 12:0 a.m.45 views

Open Flash Chart 2 Arbitrary File Upload Vulnerability

This Metasploit module exploits a file upload vulnerability found in Open Flash Chart version 2. Attackers can abuse the 'ofcuploadimage.php' file in order to upload and execute malicious PHP files. This module requires Metasploit: http//metasploit.com/download Current source:...

7.5CVSS6.7AI score0.75838EPSS
Exploits8
seebug.org
seebug.org
added 2013/10/24 12:0 a.m.38 views

ZABBIX API及Frontend多个SQL注入漏洞(CVE-2013-5743)

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

9.6AI score0.79988EPSS
Exploits9
0day.today
0day.today
added 2013/10/15 12:0 a.m.109 views

Zabbix 2.0.8 SQL Injection and Remote Code Execution

This Metasploit module exploits an unauthenticated SQL injection vulnerability affecting Zabbix versions 2.0.8 and lower. The SQL injection issue can be abused in order to retrieve an active session ID. If an administrator level user is identified, remote code execution can be gained by uploading...

0.2AI score0.79988EPSS
Exploits9
exploitpack
exploitpack
added 2013/10/15 12:0 a.m.34 views

Zabbix 2.0.8 - SQL Injection Remote Code Execution (Metasploit)

Zabbix 2.0.8 - SQL Injection Remote Code Execution Metasploit This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

0.1AI score0.79988EPSS
Exploits9
0day.today
0day.today
added 2013/10/08 12:0 a.m.22 views

ClipBucket Remote Code Execution Vulnerability

This Metasploit module exploits a vulnerability found in ClipBucket version 2.6 and lower. The script "/adminarea/charts/ofc-library/ofcuploadimage.php" can be used to upload arbitrary code without any authentication. This Metasploit module has been tested on version 2.6 on CentOS 5.9 32-bit. Thi...

7.5AI score
Exploits0
Exploit DB
Exploit DB
added 2013/09/17 12:0 a.m.37 views

D-Link Devices - UPnP SOAP TelnetD Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'D-Link Devices UPnP SOAP Telnetd...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2013/09/11 9:5 p.m.27 views

Kaspersky revealed "Kimsuky" Cyber Espionage campaign targeting South Korea

Russian Security Firm Kaspersky Lab has revealed that it has been following a sustained attack on South Korea by hackers seemingly based in North Korea., This new Cyber Espionage campaign dubbed "Kimsuky" has targeted several South Korean think tanks. Researchers believe the Kimsuky malware is mo...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2013/05/02 12:14 a.m.15 views

Mysterious Avatar rootkit with API, SDK, and Yahoo Groups for C&C communication

Early 2012 ESET company a mysterious malware, dubbed the Avatar rootkit Win32/Rootkit.Avatar, advertised in the underground forums by Russian cyber crime. "We present you here previously announced product. In connection with work on other projects, we moved the release date for the public from Ma...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2013/04/09 7:15 a.m.14 views

Malware that turns computers into Bitcoin miners

Researchers from Kaspersky Lab have discovered a new spam message campaign being transmitted via Skype contains malware capable of using an infected computer to mine for Bitcoins. The malware, identified as Trojan.Win32.Jorik.IRCbot.xkt. Bitcoin is a non-governmental, fully-digital currency based...

6.8AI score
Exploits0
Rows per page
Query Builder