Lucene search
K

812 matches found

NVD
NVD
added 2020/07/20 4:15 p.m.39 views

CVE-2020-12027

All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within...

4.3CVSS4.7AI score0.53024EPSS
Exploits3References3
Prion
Prion
added 2020/07/20 4:15 p.m.33 views

Design/Logic Flaw

All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within...

4CVSS4.6AI score0.53024EPSS
Exploits3References3
Cvelist
Cvelist
added 2020/07/20 3:13 p.m.25 views

CVE-2020-12027 Rockwell Automation FactoryTalk View SE

All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within...

4.3CVSS4.3AI score0.53024EPSS
Exploits3References3
CVE
CVE
added 2020/07/20 3:13 p.m.152 views

CVE-2020-12027

CVE-2020-12027 affects Rockwell Automation FactoryTalk View SE; all versions disclose hostnames and file paths, enabling recon by a remote, authenticated attacker. Public docs indicate remediation guidance: enable built‑in security features and follow KB guidance 109056/1126943 to deploy IPSec an...

4.3CVSS4.6AI score0.53024EPSS
Exploits3References3Affected Software1
0day.today
0day.today
added 2020/07/07 12:0 a.m.204 views

Microsoft Windows MSHTA.EXE .HTA File XML Injection Vulnerability

Microsoft Windows MSHTA.EXE .HTA File XML Injection Vulnerability Vendor www.microsoft.com Product Windows MSHTA.EXE .HTA File An HTML Application HTA is a Microsoft Windows program whose source code consists of HTML, Dynamic HTML, and one or more scripting languages supported by Internet Explore...

Exploits0
Exploit DB
Exploit DB
added 2020/07/07 12:0 a.m.294 views

Microsoft Windows mshta.exe 2019 - XML External Entity Injection

Exploit Title: Microsoft Windows mshta.exe 2019 - XML External Entity Injection Date: 2020-07-07 Exploit Author: hyp3rlinx Vendor homepage: https://www.microsofft.com/ CVE: N/A + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/07/06 12:0 a.m.227 views

Microsoft Windows MSHTA.EXE .HTA File XML Injection

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-MSHTA-HTA-FILE-XML-EXTERNAL-ENTITY-INJECTION.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows MSHTA.EXE .HTA File An...

Exploits0
Kitploit
Kitploit
added 2020/06/26 4:33 a.m.69 views

Spyse: All-In-One Cybersecurity Search Engine

Spyse is a cybersecurity search engine for finding technical information about different internet entities, business data, and vulnerabilities. It’s an all-in-one platform for fast and effortless reconnaissance without using any additional tools. Spyse engine implements a ready-to-use database wi...

4.9CVSS6.4AI score0.02138EPSS
Exploits1
Penetration Testing Lab
Penetration Testing Lab
added 2020/06/15 8:5 p.m.30 views

Spyse – A Cyber Security Search Engine

Spyse is a search engine which can be used to identify internet assets and perform external reconnaissance easily. Results are delivered fast. Pentestlab has recently… Continue reading - Spyse - A Cyber Security Search Engine...

0.9AI score
Exploits0
Kitploit
Kitploit
added 2020/06/05 12:30 p.m.59 views

Recox - Master Script For Web Reconnaissance

The script aims to help in classifying vulnerabilities in web applications. The methodology RecoX is arising can spot weaknesses other than OWASP top ten. The script presents information against the target system. It gathers the information recursively over each subdomain, and IP addr for a...

7.2AI score
Exploits0References6
Kitploit
Kitploit
added 2020/05/31 9:30 p.m.74 views

Bing-Ip2Hosts - Bingip2Hosts Is A Bing.com Web Scraper That Discovers Websites By IP Address

Bing-ip2hosts is a Bing.com web scraper to discover hostnames by IP address. Description Bing-ip2hosts is a Bing.com web scraper that discovers hostnames by IP address. Bing is the flagship Microsoft search engine formerly known as MSN Search and Live Search. It provides a feature unique to searc...

6.7AI score
Exploits0References6
Kitploit
Kitploit
added 2020/05/26 12:30 p.m.55 views

FinalRecon - The Last Web Recon Tool You'll Need

FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with ease. Featured NullByte https://null-byte.wonderhowto.com/how-to/conduct-recon-web-target-with-python-tools-0198114/...

7AI score
Exploits0References1
ThreatPost
ThreatPost
added 2020/05/22 1:30 p.m.63 views

Chafer APT Hits Middle East Govs With Latest Cyber-Espionage Attacks

Researchers have uncovered new cybercrime campaigns from the known Chafer advanced persistent threat APT group. The attacks have hit several air transportation and government victims in hopes of data exfiltration. The Chafer APT has been active since 2014 and has previously launched cyber espiona...

0.3AI score
Exploits0References12
Kitploit
Kitploit
added 2020/05/20 9:30 p.m.126 views

Web Hacker's Weapons - A Collection Of Cool Tools Used By Web Hackers

A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting. Weapons Type | Name | Description ---|---|--- Army-Knife/ALL | BurpSuite | the BurpSuite project Army-Knife/SCAN | jaeles | The Swiss Army knife for automated Web Application Testing Army-Knife/ALL | zaproxy | The...

7.5AI score
Exploits0References91
The Hacker News
The Hacker News
added 2020/05/13 9:35 a.m.7 views

U.S. Defense Warns of 3 New Malware Used by North Korean Hackers

Yesterday, on the 3rd anniversary of the infamous global WannaCry ransomware outbreak for which North Korea was blamed, the U.S. government released information about three new malware strains used by state-sponsored North Korean hackers. Called COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH, the...

6AI score
Exploits0
Kitploit
Kitploit
added 2020/04/27 12:30 p.m.62 views

Nuclei - Nuclei Is A Fast Tool For Configurable Targeted Scanning Based On Templates Offering Massive Extensibility And Ease Of Use

Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use. Nuclei is used to send requests across targets based on a template leading to zero false positives and providing effective scanning for known paths. Main use cases for nucle...

7.5AI score
Exploits0References10
Wired Threat Level
Wired Threat Level
added 2020/04/22 4:0 p.m.25 views

Google Sees State-Sponsored Hackers Ramping Up Coronavirus Attacks

More than 12 government-backed groups are using the pandemic as cover for digital reconnaissance and espionage, according to a new report...

3.2AI score
Exploits0
Gitee
Gitee
added 2020/04/21 11:39 a.m.2 views

Information_Collection_Handbook

It is an offensive tool for information collection. The repository contains a collection of tools and scripts for gathering information about a target, including domain information, application information, and more. The tools are likely used for reconnaissance and intelligence gathering purposes...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2020/04/07 9:19 p.m.637 views

Serious Exchange Flaw Still Plagues 350K Servers

Over 80 percent of exposed Exchange servers are still vulnerable to a severe vulnerability – nearly two months after the flaw was patched, and after researchers warned that multiple threat groups were exploiting it. The vulnerability in question CVE-2020-0688 exists in the control panel of...

9CVSS8.4AI score0.99965EPSS
Exploits31References16
FireEye
FireEye
added 2020/03/31 12:0 a.m.16 views

It’s Your Money and They Want It Now — The Cycle of Adversary Pursuit

When we discover new intrusions, we ask ourselves questions that will help us understand the totality of the activity set. How common is this activity? Is there anything unique or special about this malware or campaign? What is new and what is old in terms of TTPs or infrastructure? Is this being...

7.1AI score
Exploits0References5
Rows per page
Query Builder