Lucene search
K

97 matches found

Kitploit
Kitploit
added 2020/07/06 9:30 p.m.99 views

Git All The Payloads! A Collection Of Web Attack Payloads

Git All the Payloads! A collection of web attack payloads. Pull requests are welcome! Usage run ./get.sh to download external payloads and unzip any payload files that are compressed. Payload Credits fuzzdb - https://github.com/fuzzdb-project/fuzzdb SecLists -...

6.5AI score
Exploits0References38
Microsoft CVE
Microsoft CVE
added 2020/04/14 7:0 a.m.25 views

Media Foundation Information Disclosure Vulnerability

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log onto ...

5.5CVSS1.3AI score0.06488EPSS
Exploits0
CNVD
CNVD
added 2020/02/27 12:0 a.m.2 views

SQL Injection Vulnerability in YouYi Cms Movie & TV System

Youyi cms is a movie and TV station building system. UE cms movie and TV system has a SQL injection vulnerability, an attacker can build clever URL requests to get the database data running in the background of the server...

8AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/12/10 8:0 a.m.34 views

Microsoft PowerPoint Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS2.9AI score0.18328EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2019/12/10 8:0 a.m.21 views

VBScript Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabili...

7.6CVSS8.1AI score0.07709EPSS
Exploits0
OSV
OSV
added 2019/12/04 6:15 p.m.2 views

DEBIAN-CVE-2019-18346

A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the application. If the attacked user is an administrator, the attacker could for example add a new admin user...

8.8CVSS8.2AI score0.00983EPSS
Exploits4References1
Positive Technologies
Positive Technologies
added 2019/08/13 12:0 a.m.4 views

PT-2019-3013 · Microsoft · Outlook 2016 +6

Name of the Vulnerable Software and Affected Versions: Microsoft Word affected versions not specified Description: A remote code execution issue exists in Microsoft Word software due to its failure to properly handle objects in memory. This could allow an attacker to use a specially crafted file ...

9.8CVSS7.9AI score0.03968EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/08/13 12:0 a.m.3 views

PT-2019-2919 · Microsoft · Outlook 2016 +7

Name of the Vulnerable Software and Affected Versions: Microsoft Word affected versions not specified Description: A remote code execution issue exists in Microsoft Word software due to its failure to properly handle objects in memory. This could allow an attacker to use a specially crafted file ...

10CVSS8AI score0.0486EPSS
Exploits0References7
OSV
OSV
added 2019/06/12 2:29 p.m.2 views

CVE-2019-1035

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the...

7.8CVSS7.6AI score0.06558EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2019/06/07 5:15 p.m.489 views

Forget BlueKeep: Beware the GoldBrute

While everyone’s talking about the BlueKeep Mega-Worm, this is not the main monster to fear, according to recent web attack activity. Rather, a researcher is warning that the GoldBrute botnet poses the greatest threat to Windows systems right now. In the past few days, GoldBrute named after the...

10CVSS0.99999EPSS
Exploits123References10
ThreatPost
ThreatPost
added 2018/09/05 11:0 a.m.21 views

Tiny Island Atoll’s Domain Used in Widespread Ad Fraud

A scam campaign involving “.tk” domains has been active since at least May 2018, redirecting unsuspecting users to fake blogger sites that are collectively bringing in close to $22,000 per month in advertising revenue. The same actors have also been spotted running a tech-support scam in tandem,...

7.2AI score
Exploits0References8
OSV
OSV
added 2018/07/18 1:29 p.m.3 views

CVE-2018-2968

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite subcomponent: Core. Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera...

6.5CVSS7.3AI score0.01188EPSS
Exploits0References2
n0where
n0where
added 2018/06/25 4:26 p.m.37 views

Indonesian Penetration Testing LFS: Dracos Linux

Dracos Linux is the Linux operating system from Indonesian, open source is built based on the Linux From Scratch under the protection of the GNU General Public License v3.0. This operating system is one variant of Linux distributions, which is used to perform security testing penetration testing...

1.7AI score
Exploits0
CNVD
CNVD
added 2018/06/20 12:0 a.m.1 views

simple-npm-registry directory traversal vulnerability

simple-npm-registry is a package that supports distribution of private npm modules. A directory traversal vulnerability exists in simple-npm-registry. An attacker can exploit this vulnerability by placing a '. /' sequence in a URL to gain access to the file system...

7.5CVSS7.6AI score0.02005EPSS
Exploits1References1
Akamai Blog
Akamai Blog
added 2018/06/19 11:30 a.m.24 views

Summer SOTI - DDoS by the numbers

Time for a Change The State of the Internet / Security report has been the home for Akamai's research on DDoS, attack traffic and Internet threats for over three years. While the report has evolved and expanded its scope considerably over that time, the content and how it's presented have only se...

Exploits0
CNVD
CNVD
added 2018/02/26 12:0 a.m.1 views

Magento CMS Admin Panel HTML Injection Vulnerability

Magento CMS is the United States Magento company's set of open source PHP e-commerce content management system CMS. An HTML injection vulnerability exists in Magento CMS. An attacker can exploit the vulnerability to execute arbitrary script code on the browsers of affected website users, steal...

8.1AI score
Exploits0References1
exploitpack
exploitpack
added 2018/01/23 12:0 a.m.34 views

Blizzard Update Agent - JSON RPC DNS Rebinding

Blizzard Update Agent - JSON RPC DNS Rebinding All blizzard games are installed alongside a shared tool called "Blizzard Update Agent", investor.activision.com claims they have "500 million monthly active users", who presumably all have this utility installed. The agent utility creates an JSON RP...

7.4AI score
Exploits0
OSV
OSV
added 2017/03/28 2:59 a.m.10 views

CVE-2016-9470

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. www/delivery/asyncspc.php was vulnerable to the fairly new Reflected File Download RFD web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a...

9CVSS7.4AI score
Exploits0References3
Kitploit
Kitploit
added 2017/02/17 10:3 p.m.14 views

Network-Analysis-Tools - Pcap Capture File Analysis Tool

Pcap Capture File Analysis Tool Features 1-Top 10 Visited Sites 2-Emails 3-All Request Urls 4-User-Agents List 5-String Grep Mode 6-Connection details 7-Ports Used 8-ALL Ip List 9-Manuel Packet Filter 10-Smtp Analysis 11-Web Attack Detect Installation Modules $ pip install pyshark $ pip install...

7.4AI score
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2016/07/12 7:0 a.m.21 views

Microsoft Browser Information Disclosure Vulnerability

An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack...

5.3CVSS1.9AI score0.32385EPSS
Exploits0
Rows per page
Query Builder