CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

RedhatCVE•added 2025/05/22 8:19 a.m.•9 views

CVE-2019-17271

vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter...

4.9CVSS8.2AI score0.00347EPSS

Exploits2References1

Huntr•added 2023/01/10 3:36 a.m.•6 views

Site-wide CSRF (Bypass Strict Cookie) leave to Website Takeover

I reported this vulnerability once a long time ago, but you still haven't fixed it. I report back to remind you need to fix it. Description At the api/hooks.unfurl, when sending a post request containing a param challenge, the server will return the value of that param, which inadvertently leave ...

7.2AI score

Exploits0

OSSF Malicious Packages•added 2022/06/20 8:21 p.m.•2 views

Malicious code in @instant-api-hooks/assethub-campaigns (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3cd0ffbe2349da7aea9f042d99b1fc38ec727b62ded2bee52f82d613acfc9f1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References1

Kitploit•added 2021/06/26 9:30 p.m.•48 views

SharpHook - Tool Tath Uses Various API Hooks In Order To Give Us The Desired Credentials

SharpHook is inspired by the SharpRDPThief project, It uses various API hooks in order to give us the desired credentials. In the background it uses the EasyHook project, Once the desired process is up and running SharpHook will automatically inject its dependencies into the target process and...

7.6AI score

Exploits0References6

FireEye•added 2020/12/01 12:0 a.m.•92 views

Using Speakeasy Emulation Framework Programmatically to Unpack Malware

Andrew Davis recently announced the public release of his new Windows emulation framework named Speakeasy. While the introductory blog post focused on using Speakeasy as an automated malware sandbox of sorts, this entry will highlight another powerful use of the framework: automated malware...

7.1AI score

Exploits0References14

Kitploit•added 2017/04/27 2:30 p.m.•109 views

Inspeckage - (Android Package Inspector) Dynamic Analysis With Api Hooks, Start Unexported Activities And More

Inspeckage is a tool developed to offer dynamic analysis of Android applications. By applying hooks to functions of the Android API, Inspeckage will help you understand what an Android application is doing at runtime. http://ac-pm.github.io/Inspeckage https://twitter.com/inspeckage...

7.1AI score

Exploits0References2

n0where•added 2017/03/04 6:45 p.m.•96 views

Android Package Inspector: Inspeckage

Inspeckage is a tool developed to offer dynamic analysis of Android applications. By applying hooks to functions of the Android API, Inspeckage will help you understand what an Android application is doing at runtime. Inspeckage will let you interact with some elements of the app, such as...

7.1AI score

Exploits0References1

FireEye•added 2016/02/23 8:0 a.m.•302 views

Using EMET to Disable EMET

UPDATE July 7: This post has been updated in advance of a Black Hat 2016 presentation. Microsoft’s Enhanced Mitigation Experience Toolkit EMET is a project that adds security mitigations to user mode programs beyond those built in to the operating system. It runs inside “protected” programs as a...

10CVSS0.2AI score0.86212EPSS

Exploits17