Lucene search
K

432 matches found

AlmaLinux
AlmaLinux
added 2021/06/29 1:41 p.m.11 views

tuned bug fix and enhancement update

The tuned packages provide a service that tunes system settings according to a selected profile. Bug Fixes and Enhancements: Updates to the mssql tuned profile BZ1945617...

2AI score
Exploits0
Rockylinux
Rockylinux
added 2021/06/29 1:41 p.m.13 views

tuned bug fix and enhancement update

An update is available for tuned. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The tuned packages provide a service that tunes system settings according to a...

1.8AI score
Exploits0
CNVD
CNVD
added 2021/04/22 12:0 a.m.3 views

SQL Injection Vulnerability in Razor's Human Resource Management System

LeiSpeed Human Resource Management System can quickly establish the human resource within the enterprise, the system is developed by ASP.NET MSSQL, which contains the functions of personnel information query and file management and so on. There is a SQL injection vulnerability in Leixu HRMS, whic...

7.4AI score
Exploits0
vulnersOsv
vulnersOsv
added 2021/04/19 2:56 p.m.3 views

com.manydesigns:demo-tt (>=5.0.0 <=5.2.0), com.manydesigns:portofino-atmosphere (>=5.0.0 <=5.0.3) +17 more potentially affected by CVE-2021-29451 via com.manydesigns:portofino-dispatcher (>=5.0.0 <=5.2.0)

com.manydesigns:portofino-dispatcher MAVEN version =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.2.0 and more Source cves: CVE-2021-29451 Source advisory: OSV:GHSA-6G3C-2MH5-7Q6X...

9.1CVSS7.2AI score0.00949EPSS
Exploits0
The Hacker News
The Hacker News
added 2021/01/21 2:24 p.m.5 views

MrbMiner Crypto-Mining Malware Links to Iranian Software Company

A relatively new crypto-mining malware that surfaced last year and infected thousands of Microsoft SQL Server MSSQL databases has now been linked to a small software development company based in Iran. The attribution was made possible due to an operational security oversight, said researchers fro...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/21 2:24 p.m.92 views

MrbMiner Crypto-Mining Malware Links to Iranian Software Company

A relatively new crypto-mining malware that surfaced last year and infected thousands of Microsoft SQL Server MSSQL databases has now been linked to a small software development company based in Iran. The attribution was made possible due to an operational security oversight, said researchers fro...

1.1AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/05 12:0 a.m.759 views

MOVEit Transfer 11.1.1 - &#039;token&#039; Unauthenticated SQL Injection

Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection Google Dork: inurl:human.aspx intext:moveit Date: 2020-10-05 Exploit Author: Aviv Beniash Vendor Homepage: https://www.ipswitch.com/ Version: MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before...

9.4CVSS0.7AI score0.05187EPSS
Exploits4
Packet Storm
Packet Storm
added 2020/07/16 12:0 a.m.486 views

Infor Storefront B2B 1.0 SQL Injection

Exploit Title: Infor Storefront B2B 1.0 - 'usrname' SQL Injection Google Dork: inurl:storefrontb2bweb Date: 2020-06-27 Exploit Author: ratboy Vendor Homepage: https://www.insitesoft.com/infor-storefront/ Version: Infor Storefront Tested on: Windows All Versions POC Multiple Vulns python sqlmap.py...

0.3AI score
Exploits0
Kitploit
Kitploit
added 2020/07/15 9:30 p.m.72 views

Capsulecorp-Pentest - Vagrant VirtualBox Environment For Conducting An Internal Network Penetration Test

Vagrant VirtualBox Environment For Conducting An Internal Network Penetration Test. 1. Capsulecorp Pentest The Capsulecorp Pentest is a small virtual network managed by vagrant and ansible. It contains five virtual machines, including one Linux attacking system running xubuntu and 4 Windows 2019...

7.4AI score
Exploits0References2
0day.today
0day.today
added 2020/07/15 12:0 a.m.221 views

Infor Storefront B2B 1.0 - (usr_name) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Infor Storefront B2B 1.0 - 'usrname' SQL Injection Google Dork: inurl:storefrontb2bweb Exploit Author: ratboy Vendor Homepage: https://www.insitesoft.com/infor-storefront/ Version: Infor Storefront Tested on: Windows All Version...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2020/06/25 6:30 p.m.304 views

Golang Worm Widens Scope to Windows, Adds Payload Capacity

A new version of a known malware campaign aimed at installing cryptominers has changed up its tactics, adding attacks on Windows servers and a new pool of exploits to its bag of tricks. It is also swiftly evolving to position itself as a backdoor for downloading future, more damaging malware,...

7.5CVSS9AI score0.99993EPSS
Exploits124References8
0day.today
0day.today
added 2020/05/26 12:0 a.m.129 views

Plesk/myLittleAdmin - ViewState .NET Deserialization Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule VIEWSTATEGENERATOR = 'CA0B0334'.freeze VIEWSTATEVALIDATIONKEY = "\x5c\x7e\xef\x66\x50\x63\x9d\x2c\xb8\xfa\xa0\xda\x36\xaf\x24\x45\x2d\xcf" ...

9.8CVSS0.7AI score0.77635EPSS
Exploits5
Packet Storm
Packet Storm
added 2020/05/22 12:0 a.m.365 views

Plesk / myLittleAdmin ViewState .NET Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule VIEWSTATEGENERATOR = 'CA0B0334'.freeze VIEWSTATEVALIDATIONKEY = "\x5c\x7e\xef\x66\x50\x63\x9d\x2c\xb8\xfa\xa0\xda\x36\xaf\x24\x45\x2d\xcf" ...

7.5CVSS0.6AI score0.77635EPSS
Exploits5
Packet Storm
Packet Storm
added 2020/04/13 12:0 a.m.106 views

MOVEit Transfer 11.1.1 SQL Injection

Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection Google Dork: inurl:human.aspx intext:moveit Date: 2020-04-12 Exploit Authors: Aviv Beniash, Noam Moshe Vendor Homepage: https://www.ipswitch.com/ Version: MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and...

7.5CVSS0.2AI score0.05187EPSS
Exploits4
0day.today
0day.today
added 2020/04/13 12:0 a.m.39 views

MOVEit Transfer 11.1.1 - (token) Unauthenticated SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection Google Dork: inurl:human.aspx intext:moveit Exploit Authors: Aviv Beniash, Noam Moshe Vendor Homepage: https://www.ipswitch.com/ Version: MOVEit Transfer 2018 SP2...

0.2AI score0.05187EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/04/13 12:0 a.m.181 views

MOVEit Transfer 11.1.1 - &#039;token&#039; Unauthenticated SQL Injection

Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection Google Dork: inurl:human.aspx intext:moveit Date: 2020-04-12 Exploit Authors: Aviv Beniash, Noam Moshe Vendor Homepage: https://www.ipswitch.com/ Version: MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and...

9.4CVSS7AI score0.05187EPSS
Exploits4
Kitploit
Kitploit
added 2020/04/01 11:30 a.m.90 views

MSSQLi-DUET - SQL Injection Script For MSSQL That Extracts Domain Users From An Active Directory Environment Based On RID Bruteforcing

SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing. Supports various forms of WAF bypass techniques through the implementation of SQLmap tamper functions. Additional tamper functions can be incorporated by the user depending on...

8.6AI score
Exploits0References1
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/04/01 5:23 a.m.48 views

Honeyroasting. How to detect Kerberoast breaches with honeypots

Introduction As we know one of the main issues facing defenders, especially in large environments, is protecting against threat actors after they gain a foothold in the environment. If an attacker lands on a domain-joined PC, the attack surface is massive, and it is vital to detect them as quickl...

7.2AI score
Exploits0
ThreatPost
ThreatPost
added 2020/02/05 6:50 p.m.377 views

New Lemon Duck Malware Campaign Targets IoT, Large Manufacturers

Printers, smart TVs and automated guided vehicles that depend on Windows 7 have become the latest juicy targets for cybercriminals leveraging a “self-spreading” variant of the malware Lemon Duck. In a report released Wednesday by TrapX Security, researchers warn manufacturers dependent on IoT...

2.2AI score0.0552EPSS
Exploits1References5
Malwarebytes
Malwarebytes
added 2019/10/28 4:5 p.m.42 views

A week in security (October 21 – 27)

Last week on Malwarebytes Labs, we explored a link between Magecart Group 5 and the Carbanak APT, we discussed the growing rate of robocalls threatening user privacy, and we tipped you off on how to protect yourself from doxing. We were glad to see the BBC raise awareness about stalkerware, much...

0.6AI score
Exploits0
Rows per page
Query Builder