CVE-2024-34070 Froxlor Vulnerable to Blind XSS Leading to Froxlor Application Compromise

Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting XSS vulnerability was identified in the Failed Login Attempts Logging Feature of the Froxlor Application. An unauthenticated User can inject malicious scripts in the loginname parameter on t...

The vulnerability of the command-line interface of the Cisco Integrated Management Controller, a remote administration tool, allows a malicious actor to execute arbitrary commands on the underlying operating system and elevate their privileges to root-level.

The vulnerability of the command-line interface of the Cisco Integrated Management Controller remote administration software exists due to the lack of measures taken to neutralize the special commands used in the operating system’s command line. Exploiting this vulnerability allows an attacker to...

CVE-2023-50256 Froxlor username/surname AND company field Bypass

Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements...

CVE-2023-50256 Froxlor username/surname AND company field Bypass

Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements...

Exploring New Techniques of Fake Browser Updates Leading to NetSupport RAT

Exploring New Techniques of Fake Browser Updates Leading to NetSupport RAT By Jonell Baltazar and Antonio Ribeiro · August 10, 2023 Trellix detected an ongoing campaign using fake Chrome browser updates to lure victims to install a remote administration software tool called NetSupport Manager...

Iranian Hackers Using New Marlin Backdoor in 'Out to Sea' Espionage Campaign

An advanced persistent threat APT group with ties to Iran has refreshed its malware toolset to include a new backdoor dubbed Marlin as part of a long-running espionage campaign that started in April 2018. Slovak cybersecurity company ESET attributed the attacks — codenamed "Out to Sea" — to a...

Phishing Campaign Steals Money From Industrial Companies

Industrial production companies are the targets in a large-scale spear-phishing email campaign aimed at installing legitimate remote administration software on victims’ systems. Researchers with Kaspersky Lab said that emails purporting to be commercial offers were the conduit to enabling attacke...

Attacks on industrial enterprises using RMS and TeamViewer

Main facts Kaspersky Lab ICS CERT has identified a new wave of phishing emails with malicious attachments targeting primarily companies and organizations that are, in one way or another, associated with industrial production. The phishing emails are disguised as legitimate commercial offers and a...

Diamondback T4nk on hand to teach you hand off dove gray 2 0 0 7 Beta 2 to the latest version-bug warning-the black bar safety net

Article title】: Diamondback T4nk on hand to teach you hand off dove gray 2 0 0 7 Beta 2 to the latest version 【Author】: T4nk 【Author the mailbox】: [email protected] 【Author of the Home button: http://www.upx.com.cn 【Software name】: dove gray 2 0 0 7 Beta 2 【Size】: 1.71 M 【Shell】: ASProtect 1.22 - 1.2...

NetOp Products Detection (TCP)

This script detects if the remote system has a Danware NetOp program enabled and running on TCP. These programs are used for remote system administration, for telecommuting and for live online training. They also usually allow authenticated users to access the local system remotely. This NASL...

virtuanews103.txt

Software: VirtuaNews Admin Panel Vendor: http://www.virtuanews.co.uk Versions: 1.0.3 Pro Platforms: Unix/Windows Bug: Cross Site Scripting Vulnerabillity Risk: Medium Exploitation: Remote with browser Date: 19 Feb 2004 Author: Rafel Ivgi, The-Insider e-mail: [email protected] web:...

Allmanage.pl vulnerability

Allmanage.pl vulnerability 13 may 2000 Websites using 'Allmanage Website Administration Software 2.6 WITH the upload ability', and maybe earlier versions , contain a vulnerability wich gives you full add/del/change access in the user-account directories and you can change the files in the main...