5327 matches found
how2heap vulnerability technical research and analysis summary of-under-vulnerability warning-the black bar safety net
"how2heap"is shellphish team at Github on the open source stack flaws tutorial series. I this period of time non-stop in the refresher heap of flaws in the application of common sense,to see these applied skills in the future feel rewarding. This article is my training this tutorial series after ...
Joomla Component com_phpbridge SQL Injection
SQL Injection vulnerability in Joomla PHP Bridge component id parameter Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...
[SECURITY] Fedora 25 Update: cvs-1.11.23-41.fc25
CVS Concurrent Versions System is a version control system that can record the history of your files usually, but not always, source code. CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why...
Revamped Nukebot Malware Changes Targets, Adds Functions
A revamped version of the Nukebot banking trojan dubbed Jimmy Nukebot has shifted focus from stealing bankcard data and now acts as a conduit for quietly downloading malicious payloads for web-injects, cryptocurrency mining, and taking screenshots of targeted systems. The code is a modification o...
Linux Meterpreter, Reverse TCP Stager
Inject the mettle server payload staged. Connect back to the attacker This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework ReverseTcp ---------- Linux reverse TCP stager. module MetasploitModule CachedSize = 228 include...
Threat Round-up for Aug 11 - Aug 18
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between August 11 and August 18. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...
Photogallery Project 1.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Photogallery Project 1.0 - Multiple Vulnerabilities Dork: N/A Date: 17.08.2017 Vendor Homepage : http://surajkumar.in/ Software Link: http://surajkumar.in/product/photogallery-project-in-php/ Demo: http://surajkumar.in/ Version:...
jadx - Dex to Java Decompiler
jadx - Dex to Java decompiler Command line and GUI tools for produce Java source code from Android Dex and Apk files. Building from source git clone https://github.com/skylot/jadx.git cd jadx ./gradlew dist on Windows, use gradlew.bat instead of ./gradlew Scripts for run jadx will be placed in...
Information disclosure
An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code...
CVE-2017-7737
CVE-2017-7737 affects Fortinet FortiWeb 5.8.2 and earlier. The issue is an information disclosure where a logged-in admin can view the SNMPv3 user password in cleartext via the web UI HTML source code. The root cause is exposure of sensitive password data in the HTML, enabling disclosure without ...
CVE-2017-12425
An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the...
CVE-2017-12425
An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the...
Varnish -- Denial of service vulnerability
phk reports: A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert...
Decompiled SLocker Android Ransomware Source Code Published Online
Bad news for Android users — Decompiled source code of for one of the oldest mobile and popular Android ransomware families has been published online, making it available for cyber criminals who can use it to develop more customised and advanced variants of Android ransomware. Decompiled source...
Trend Micro InterScan Web Security Virtual Appliance ManageSRouteSettings RCE
Remote command execution vulnerability in Trend Micro InterScan Web Security Virtual Appliance ManageSRouteSettings Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...
CVE-2015-3198
The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL...
CVE-2015-3198
The vulnerability CVE-2015-3198 affects the Undertow module of WildFly 9.x (before 9.0.0.CR2) and 10.x (before 10.0.0.Alpha1). It allows remote attackers to disclose JSP source code by requesting a URL ending with a trailing slash, exposing JSP source to partial confidentiality impact. The issue’...
CVE-2015-3198
The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL...
java-1.8.0-openjdk security update
1:1.8.0.141-2.b16 - Update to aarch64-jdk8u141-b16. - Revert change to remove-intree-libraries.sh following backout of 8173207 - Resolves: rhbz1466509 1:1.8.0.141-2.b15 - Revert previous commit so we can revise the security update. - Resolves: rhbz1468473 1:1.8.0.141-1.b15 - Backport '8180048:...
Modified Versions of Nukebot in Wild Since Source Code Leak
Some opportunistic criminals have put the leaked source code for the Nukebot banking Trojan to use, targeting banks in the United States and France with variants of the malware, while another group has adapted it to steal mail client and browser passwords. The leak was disclosed in early March wh...