97 matches found
Git All The Payloads! A Collection Of Web Attack Payloads
Git All the Payloads! A collection of web attack payloads. Pull requests are welcome! Usage run ./get.sh to download external payloads and unzip any payload files that are compressed. Payload Credits fuzzdb - https://github.com/fuzzdb-project/fuzzdb SecLists -...
Media Foundation Information Disclosure Vulnerability
An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log onto ...
SQL Injection Vulnerability in YouYi Cms Movie & TV System
Youyi cms is a movie and TV station building system. UE cms movie and TV system has a SQL injection vulnerability, an attacker can build clever URL requests to get the database data running in the background of the server...
Microsoft PowerPoint Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...
VBScript Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabili...
DEBIAN-CVE-2019-18346
A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the application. If the attacked user is an administrator, the attacker could for example add a new admin user...
PT-2019-3013 · Microsoft · Outlook 2016 +6
Name of the Vulnerable Software and Affected Versions: Microsoft Word affected versions not specified Description: A remote code execution issue exists in Microsoft Word software due to its failure to properly handle objects in memory. This could allow an attacker to use a specially crafted file ...
PT-2019-2919 · Microsoft · Outlook 2016 +7
Name of the Vulnerable Software and Affected Versions: Microsoft Word affected versions not specified Description: A remote code execution issue exists in Microsoft Word software due to its failure to properly handle objects in memory. This could allow an attacker to use a specially crafted file ...
CVE-2019-1035
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the...
Forget BlueKeep: Beware the GoldBrute
While everyone’s talking about the BlueKeep Mega-Worm, this is not the main monster to fear, according to recent web attack activity. Rather, a researcher is warning that the GoldBrute botnet poses the greatest threat to Windows systems right now. In the past few days, GoldBrute named after the...
Tiny Island Atoll’s Domain Used in Widespread Ad Fraud
A scam campaign involving “.tk” domains has been active since at least May 2018, redirecting unsuspecting users to fake blogger sites that are collectively bringing in close to $22,000 per month in advertising revenue. The same actors have also been spotted running a tech-support scam in tandem,...
CVE-2018-2968
Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite subcomponent: Core. Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera...
Indonesian Penetration Testing LFS: Dracos Linux
Dracos Linux is the Linux operating system from Indonesian, open source is built based on the Linux From Scratch under the protection of the GNU General Public License v3.0. This operating system is one variant of Linux distributions, which is used to perform security testing penetration testing...
simple-npm-registry directory traversal vulnerability
simple-npm-registry is a package that supports distribution of private npm modules. A directory traversal vulnerability exists in simple-npm-registry. An attacker can exploit this vulnerability by placing a '. /' sequence in a URL to gain access to the file system...
Summer SOTI - DDoS by the numbers
Time for a Change The State of the Internet / Security report has been the home for Akamai's research on DDoS, attack traffic and Internet threats for over three years. While the report has evolved and expanded its scope considerably over that time, the content and how it's presented have only se...
Magento CMS Admin Panel HTML Injection Vulnerability
Magento CMS is the United States Magento company's set of open source PHP e-commerce content management system CMS. An HTML injection vulnerability exists in Magento CMS. An attacker can exploit the vulnerability to execute arbitrary script code on the browsers of affected website users, steal...
Blizzard Update Agent - JSON RPC DNS Rebinding
Blizzard Update Agent - JSON RPC DNS Rebinding All blizzard games are installed alongside a shared tool called "Blizzard Update Agent", investor.activision.com claims they have "500 million monthly active users", who presumably all have this utility installed. The agent utility creates an JSON RP...
CVE-2016-9470
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. www/delivery/asyncspc.php was vulnerable to the fairly new Reflected File Download RFD web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a...
Network-Analysis-Tools - Pcap Capture File Analysis Tool
Pcap Capture File Analysis Tool Features 1-Top 10 Visited Sites 2-Emails 3-All Request Urls 4-User-Agents List 5-String Grep Mode 6-Connection details 7-Ports Used 8-ALL Ip List 9-Manuel Packet Filter 10-Smtp Analysis 11-Web Attack Detect Installation Modules $ pip install pyshark $ pip install...
Microsoft Browser Information Disclosure Vulnerability
An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack...