122 matches found
Design/Logic Flaw
Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module...
CVE-2020-21585
Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module...
CVE-2020-21585
CVE-2020-21585 affects emlog v6.0.0. Affected component: zip plugin module that enables uploading of webshells. Root cause described as a vulnerability allowing arbitrary webshell upload. Public references (NVD, Red Hat, OSV, CVE listings) consistently describe the same issue; CVSS scores indicat...
Webshells Observed in Post-Compromised Exchange Servers
CISA has added two new Malware Analysis Reports MARs to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities. Each new MAR AR21-084A and AR21-084B identifies a webshell observed in post-compromised Microsoft Exchange Servers. After successful exploiting a Microsoft Exchange Server...
How Akamai Can Help You Fight the Latest Exploitation Attempts Against Microsoft Exchange
Co-authored by Ryan Barnett. AppSec Protections for Microsoft Exchange CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065 On March 2, 2021, the Microsoft Security Response Center alerted its customers to several critical security updates to Microsoft Exchange Server, addressing...
Updates on Microsoft Exchange Server Vulnerabilities
CISA has added seven Malware Analysis Reports MARs to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities. Each MAR identifies a webshell associated with exploitation of the vulnerabilities in Microsoft Exchange Server products. After successful exploiting a Microsoft Exchange...
Exploit for Server-Side Request Forgery in Microsoft
It is an offensive tool for Microsoft Exchange server vulnerabil...
Iran Targets Mideast Oil with ZeroCleare Wiper Malware
A freshly-discovered wiper malware dubbed “ZeroCleare” has been deployed to target the energy and industrial sectors in the Middle East. According to IBM’s X-Force Incident Response and Intelligence Services IRIS, ZeroCleare so-named because of the program database pathname of its binary file was...
File Upload Vulnerability in EnterCRM Backend
Hangzhou Ensoft Information Technology Co., Ltd. is a comprehensive company specializing in foreign trade customer resource management and order management products and services. An upload vulnerability exists in the EnterCRM backend. Allows attackers to upload webshell and gain server privileges...
Arbitrary Command Execution Vulnerability in Omnicom's AuteGate Security Gateway
AuteGate is a virtual security gateway product. An arbitrary command execution vulnerability exists in the AuteGate security gateway. An attacker can exploit this vulnerability to construct specific code, remotely execute commands, write webshells, and gain server privileges, posing information...
BackdoorMan - Toolkit That Helps You Find Malicious, Hidden And Suspicious PHP Scripts And Shells
A Python open source toolkit that helps you find malicious, hidden and suspicious PHP scripts and shells in a chosen destination, it automates the process of detecting the above. Purpose The main purpose of BackdoorMan is to help web-masters and developers to discover malicious scripts in their...
Multiple Command Execution Vulnerabilities in Gale Secure Authentication Gateway System
Gehl Secure Authentication Gateway provides high-strength authentication services based on digital certificates and high-strength data link encryption services for network applications. Gale Secure Authentication Gateway system has multiple command execution vulnerabilities. Attackers can utilize...
Open Source Database Fuzzing: FuzzDB
FuzzDB is the most comprehensive Open Source database of malicious inputs, predictable resource names, greppable strings for server response messages, and other resources like web shells. It’s like an application security scanner, without the scanner. What’s in FuzzDB? Predictable Resource...
Axway Secure Transport 5.1 SP2 - Arbitrary File Upload (via Cross-Site Request Forgery)
function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "https://sftp.example.org/api/v1.0/files/", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q...
interphoto gallery - Multiple Vulnerabilities
No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | Day 6 0day | | | | || / \ || | | | || ||// \/|/ ''' - Title : InterPhoto Gallery Multiple Remote Vulnerabilities - Affected Version : = 2.4.0 - Vendor Site :...
[fuzzdb] Attack and Discovery Pattern Database for Application Fuzz Testing
fuzzdb aggregates known attack patterns, predictable resource names, server response messages, and other resources like web shells into the most comprehensive Open Source database of malicious and malformed input test cases. What's in fuzzdb? Predictable Resource Locations - Because of the...
Qi Bo cms back-end database tool at the filter is not strictly the actuator can be written in a word-vulnerability and early warning-the black bar safety net
If your account password is leaked then you're in danger. in the background can directly get a webshell The background for the convenience of webmasters to have a database tool where the implementation Select '%execute request"value"%' into outfile 'F:/wwwroot/shiyanshi/cache/1.asp'; Just write t...
File Lite 3.33.5 PRO iOS - Multiple Vulnerabilities
File Lite 3.33.5 PRO iOS - Multiple Vulnerabilities Title: ====== File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities Date: ===== 2013-05-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=939 VL-ID: ===== 939 Common Vulnerability Scoring System:...
Feindura CMS 2.0.4 Shell Upload
Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail : submitat1337day.com 1 0 0 1 1 0 I'm KedAns-Dz member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Title : Feindura CM...
DDoS Attacks on Major US Banks Resurface
UPDATE — The group that claimed responsibility for large-scale distributed denial-of-service attacks against major U.S. banks in September and October has carried out another flurry of attacks that are still ongoing today. Izz ad-Din al-Qassam Cyber Fighters posted its latest threat on Pastebin,...