668 matches found
Purple Fox EK Adds Microsoft Exploits to Arsenal
The Purple Fox exploit kit EK has added two new exploits targeting critical- and high-severity Microsoft vulnerabilities to its bag of tricks – and researchers say they expect more attacks to be added in the future. The Purple Fox EK was previously analyzed in September, when researchers said tha...
SQL Injection Vulnerability in Shanghai Silverfox Information Technology Co.
Shanghai Silver Fox Information Technology Co., Ltd. is a high-tech company dedicated to enterprise information technology services. Shanghai Silverfox Information Technology Co., Ltd. station building system SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive...
fox-exe.ru Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1103313 Security Researcher kun-fly Helped patch 719 vulnerabilities Received 7 Coordinated Disclosure badges Received 43 recommendations , a holder of 7 badges for responsible and coordinated disclosure, found a security vulnerability affecting fox-exe.ru website and its...
Iran-Backed APTs Collaborate on 3-Year 'Fox Kitten' Global Spy Campaign
Two Iran-backed APTs could be working together on a sprawling, three-year campaign to compromise high-value organizations from the IT, telecom, oil and gas, aviation, government and security sectors in Israel and around the world, according to a report by researchers at ClearSky. They maintain,...
Iranian APT group hacking VPN servers for “Fox Kitten Campaign”
By Waqas An Iranian APT group ran a hacking campaign to hack VPN servers and install backdoors or bugs to access networks of firms across the globe. This is a post from HackRead.com Read the original post: Iranian APT group hacking VPN servers for “Fox Kitten Campaign”...
Telerik UI - Remote Code Execution via Insecure Deserialization Exploit
Exploit for asp platform in category web applications Telerik UI - Remote Code Execution via Insecure Deserialization Exploit See the full write-up at Bishop Fox, CVE-2019-18935: https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui, for a complete walkthrough of...
Telerik UI - Remote Code Execution via Insecure Deserialization
See the full write-up at Bishop Fox, CVE-2019-18935: https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui, for a complete walkthrough of vulnerability and exploit details for this issue along with patching instructions. Install git clone...
SQL Injection Vulnerability in Jinhua Flying Fox Network System
Jinhua Flying Fox Network Technology Co., Ltd. for a set of domain name registration, web hosting, enterprise post office, website construction, network promotion as one of the comprehensive technology enterprises. Jinhua Flying Fox Network website builder system has a SQL injection vulnerability...
Purple Fox Exploit Kit Landing Page
Purple Fox exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...
Orbit Fox by ThemeIsle <= 2.6.3 -Does not properly Authenticate REST API Calls
Orbit Fox by Themeisle aka Themeisle Companion version = 2.6.3 does not properly authenticate REST API calls allowing unauthenticated users to execute several API calls. In some cases one of these calls can be used to upload arbitrary files which can lead to remote code execution...
Video: Bishop Fox on Device Threats and Layered Security
Threatpost talked to Christie Terrill, partner at Bishop Fox, about the top trends and security issues that were discussed at Black Hat USA in Las Vegas this month...
fox-honda.com XSS vulnerability
Open Bug Bounty ID: OBB-631313 Description| Value ---|--- Affected Website:| fox-honda.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
TIBCO Security Advisory: June 12, 2018 - TIBCO Runtime Agent -2018-5434
XML eXternal Entity Expansion Vulnerabilities with TIBCO Runtime Agent Original release date: June 12,2018 Last revised: -- CVE-2018-5434 Source: TIBCO Software Inc. XML eXternal Entity Expansion Vulnerabilities with TIBCO Runtime Agent Original release date: June 12, 2018 Last revised: -- Source...
foxrivervalleyhomes.com XSS vulnerability
Open Bug Bounty ID: OBB-584932 Description| Value ---|--- Affected Website:| foxrivervalleyhomes.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
foxegyptnews.com XSS vulnerability
Open Bug Bounty ID: OBB-551008 Description| Value ---|--- Affected Website:| foxegyptnews.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
A week in security (December 11 – December 17)
Last week we explained what fast flux is and how it's being abused, we showed you all kinds of Bitcoin-related scams, presented a video recording of a tech support scammer trying to sell free software, and pointed out some free software to keep an eye on your Internet traffic. We also informed yo...
Microsoft Issues Patches For Severe Flaws, Including Office Zero-Day & DNS Attack
As part of its "October Patch Tuesday," Microsoft has today released a large batch of security updates to patch a total of 62 vulnerabilities in its products, including a severe MS office zero-day flaw that has been exploited in the wild. Security updates also include patches for Microsoft Window...
Microsoft Patches Critical Windows DNS Client Vulnerabilities
Three critical Windows DNS client vulnerabilities were patched today by Microsoft, closing off an avenue where an attacker could relatively simply respond to DNS queries with malicious code and gain arbitrary code execution on Windows clients or Windows Server installations. The flaws were...
Niagara Fox (Flexible Object eXchange) Service Detection
A Niagara Fox Flexible Object eXchange service is running at this host. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Beijing Cloud Fox Times Android App Has Arbitrary Password Reset Vulnerability
Beijing Cloud Fox Times Technology Co., Ltd. is a cutting-edge domestic special intelligent equipment research and development company, is the industry terminal and service solution experts. Beijing Cloud Fox Times Android App exists arbitrary password reset vulnerability, through the other party...