812 matches found
CVE-2020-12027
All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within...
Design/Logic Flaw
All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within...
CVE-2020-12027 Rockwell Automation FactoryTalk View SE
All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within...
CVE-2020-12027
CVE-2020-12027 affects Rockwell Automation FactoryTalk View SE; all versions disclose hostnames and file paths, enabling recon by a remote, authenticated attacker. Public docs indicate remediation guidance: enable built‑in security features and follow KB guidance 109056/1126943 to deploy IPSec an...
Microsoft Windows MSHTA.EXE .HTA File XML Injection Vulnerability
Microsoft Windows MSHTA.EXE .HTA File XML Injection Vulnerability Vendor www.microsoft.com Product Windows MSHTA.EXE .HTA File An HTML Application HTA is a Microsoft Windows program whose source code consists of HTML, Dynamic HTML, and one or more scripting languages supported by Internet Explore...
Microsoft Windows mshta.exe 2019 - XML External Entity Injection
Exploit Title: Microsoft Windows mshta.exe 2019 - XML External Entity Injection Date: 2020-07-07 Exploit Author: hyp3rlinx Vendor homepage: https://www.microsofft.com/ CVE: N/A + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
Microsoft Windows MSHTA.EXE .HTA File XML Injection
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-MSHTA-HTA-FILE-XML-EXTERNAL-ENTITY-INJECTION.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows MSHTA.EXE .HTA File An...
Spyse: All-In-One Cybersecurity Search Engine
Spyse is a cybersecurity search engine for finding technical information about different internet entities, business data, and vulnerabilities. It’s an all-in-one platform for fast and effortless reconnaissance without using any additional tools. Spyse engine implements a ready-to-use database wi...
Spyse – A Cyber Security Search Engine
Spyse is a search engine which can be used to identify internet assets and perform external reconnaissance easily. Results are delivered fast. Pentestlab has recently… Continue reading - Spyse - A Cyber Security Search Engine...
Recox - Master Script For Web Reconnaissance
The script aims to help in classifying vulnerabilities in web applications. The methodology RecoX is arising can spot weaknesses other than OWASP top ten. The script presents information against the target system. It gathers the information recursively over each subdomain, and IP addr for a...
Bing-Ip2Hosts - Bingip2Hosts Is A Bing.com Web Scraper That Discovers Websites By IP Address
Bing-ip2hosts is a Bing.com web scraper to discover hostnames by IP address. Description Bing-ip2hosts is a Bing.com web scraper that discovers hostnames by IP address. Bing is the flagship Microsoft search engine formerly known as MSN Search and Live Search. It provides a feature unique to searc...
FinalRecon - The Last Web Recon Tool You'll Need
FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with ease. Featured NullByte https://null-byte.wonderhowto.com/how-to/conduct-recon-web-target-with-python-tools-0198114/...
Chafer APT Hits Middle East Govs With Latest Cyber-Espionage Attacks
Researchers have uncovered new cybercrime campaigns from the known Chafer advanced persistent threat APT group. The attacks have hit several air transportation and government victims in hopes of data exfiltration. The Chafer APT has been active since 2014 and has previously launched cyber espiona...
Web Hacker's Weapons - A Collection Of Cool Tools Used By Web Hackers
A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting. Weapons Type | Name | Description ---|---|--- Army-Knife/ALL | BurpSuite | the BurpSuite project Army-Knife/SCAN | jaeles | The Swiss Army knife for automated Web Application Testing Army-Knife/ALL | zaproxy | The...
U.S. Defense Warns of 3 New Malware Used by North Korean Hackers
Yesterday, on the 3rd anniversary of the infamous global WannaCry ransomware outbreak for which North Korea was blamed, the U.S. government released information about three new malware strains used by state-sponsored North Korean hackers. Called COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH, the...
Nuclei - Nuclei Is A Fast Tool For Configurable Targeted Scanning Based On Templates Offering Massive Extensibility And Ease Of Use
Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. Nuclei is used to send requests across targets based on a template leading to zero false positives and providing effective scanning for known paths. Main use cases for nucle...
Google Sees State-Sponsored Hackers Ramping Up Coronavirus Attacks
More than 12 government-backed groups are using the pandemic as cover for digital reconnaissance and espionage, according to a new report...
Information_Collection_Handbook
It is an offensive tool for information collection. The repository contains a collection of tools and scripts for gathering information about a target, including domain information, application information, and more. The tools are likely used for reconnaissance and intelligence gathering purposes...
Serious Exchange Flaw Still Plagues 350K Servers
Over 80 percent of exposed Exchange servers are still vulnerable to a severe vulnerability – nearly two months after the flaw was patched, and after researchers warned that multiple threat groups were exploiting it. The vulnerability in question CVE-2020-0688 exists in the control panel of...
It’s Your Money and They Want It Now — The Cycle of Adversary Pursuit
When we discover new intrusions, we ask ourselves questions that will help us understand the totality of the activity set. How common is this activity? Is there anything unique or special about this malware or campaign? What is new and what is old in terms of TTPs or infrastructure? Is this being...