Lucene search
K

17 matches found

seebug.org
seebug.org
added 2021/06/01 12:0 a.m.214 views

Microsoft Hyper-V 远程代码执行漏洞(CVE-2021-28476)

CVE-2021-28476: a guest-to-host "Microsoft Hyper-V Remote Code Execution Vulnerability" in vmswitch.sys. This is a proof of concept for CVE-2021-28476 "Hyper-V Remote Code Execution Vulnerability", an arbitrary memory read in vmswitch.sys Network virtualization service provider patched by Microso...

6.5CVSS9.3AI score0.38368EPSS
Exploits4
GithubExploit
GithubExploit
added 2021/05/31 6:2 p.m.208 views

Exploit for CVE-2021-28476

CVE-2021-28476: a guest-to-host "Microsoft Hyper-V Remote Code...

9.9CVSS9.3AI score0.38368EPSS
Exploits4
ThreatPost
ThreatPost
added 2020/08/05 1:0 p.m.90 views

A Cyber 'Vigilante' is Sabotaging Emotet's Return

The banking trojan Emotet has returned after a five-month hiatus. But, in an amusing twist, one cyber vigilante is thwarting the malware’s comeback. Researchers say a mysterious vigilante is fighting the threat actors behind the malware’s comeback by replacing malicious Emotet payloads with...

Exploits0References23
pentestit
pentestit
added 2019/11/25 3:14 a.m.83 views

UPDATE: Tsurugi Linux 2019.1

Tsurugi Linux 2019.1 has now been released. I briefly mentioned it in my older post titled List of Operating Systems for OSINT. This post discusses the updates made to the latest version of Tsurugi Linux, that was released at BlackHat USA. This release includes a lot of bug fixes, updates, additi...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2019/08/23 3:57 p.m.772 views

U.S. Dept Of Defense: Command Injection (via CVE-2019-11510 and CVE-2019-11539)

Summary: The Navy has a Pulse Secure SSL VPN https://████████/dana-na/auth/urldefault/welcome.cgi that is vulnerable to: CVE-2019-11510 - Pre-auth Arbitrary File Reading CVE-2019-11539 - Post-auth Command Injection vulnerable hostname from ssl certificate: ██████████.navy.mil The pre-auth arbitra...

7.5CVSS0.9AI score0.99999EPSS
Exploits34
ThreatPost
ThreatPost
added 2019/08/06 3:42 p.m.71 views

Millions of Android Smartphones Vulnerable to Trio of Qualcomm Bugs

UPDATE Security researchers from Tencent’s Blade Team are warning Android smartphone and tablet users of flaws in Qualcomm chipsets, called QualPwn. The bugs collectively allow hackers to compromise Android devices remotely simply by sending malicious packets over-the-air – no user interaction...

10CVSS9.8AI score0.01135EPSS
Exploits0References8
Akamai Blog
Akamai Blog
added 2019/07/30 4:0 p.m.97 views

Time to Transfer Risk: Why Security Complexity & VPNs Are No Longer Sustainable

We all heed the gospel of patching, but as recent incidents made clear, even cutting-edge disruptors struggle to patch everything, everywhere, and all the time. Maybe this is associated with the growing volume of common vulnerabilities and exposures CVEs. As they say, there is only one way and...

6.8AI score
Exploits0
ripstech
ripstech
added 2018/08/14 10:0 a.m.35 views

What is Phar Deserialization

Summary The security researcher Sam Thomas from Secarma found a new exploitation technique that can lead to critical PHP object injection vulnerabilities - without using the PHP function unserialize. The new technique was announced at the BlackHat USA conference in his talk Its a PHP...

7.9AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2017/07/13 1:49 a.m.65 views

Meet with Wallarm at BlackHat USA 2017

Meet Wallarm team at BlackHat USA 2017 Start your day with a good cup of coffee and a hearty breakfast at PRESS lounge. Join Wallarm team for breakfast on the last day of BlackHat conference. Meet and network with like-minded white hat security professionals while fueling up for another day of...

6.9AI score
Exploits0
Silent Robot Systems
Silent Robot Systems
added 2016/05/01 4:0 a.m.135 views

Exploiting XXE In File Upload Functionality

Just wanted to post some details from my BH USA 2015 briefing "Exploiting XXE In File Upload Functionality". The youtube video is up: I also gave an updated version of the presentation in November for the Blackhat Webcast Series. It included more file types; PDF, JPG, and GIF. The link is here:...

7AI score
Exploits0
Kitploit
Kitploit
added 2016/04/16 6:58 p.m.28 views

ROPInjector - Convert any Shellcode in ROP and patch it into a given Portable Executable (PE)

A tool written in C Win32 to convert any shellcode in ROP and patch it into a given portable executable PE. It supports only 32-bit target PEs and the x86 instruction set. Published in Blackhat USA 2015, "ROPInjector: Using Return Oriented Programming for Polymorphism and Antivirus Evasion" More...

7.5AI score
Exploits0References1
Kitploit
Kitploit
added 2013/02/27 4:15 p.m.113 views

[ARPwner] ARP and DNS Poisoning Attack Tool

ARPwner is a tool to do ARP poisoning and DNS poisoning attacks, with a simple GUI and a plugin system to do filtering of the information gathered, also has a implementation of sslstrip and is coded 100% in python and on Github, so you can modify according to your needs. This tool was released by...

9.7AI score
Exploits0References2
rdot
rdot
added 2011/11/14 12:0 a.m.16 views

[pdf] A crushing blow at the heart of SAP J2EE Engine

Доклад А.Полякова на конференции BlackHat USA 2011. Презентация интересна для тех, кто знает что такое SAP, и в чём принцип уязвимостей SMB Relay и Verb tampering. http://erpscan.ru/wp-content/uploads...2EEEngine.pdf З.Ы. Слушал эту презентацию в реале не на blackhat, к сожалению видео нигде не...

Exploits0
The Hacker News
The Hacker News
added 2011/08/02 11:33 a.m.8 views

On 4th August SAP systems will be hacked on internet in BlackHat USA 2011

On 4th August SAP systems will be hacked on internet in BlackHat USA 2011 On the 4th of august at the world largest technical security conference - BlackHat USA 2011, which will take place in Las Vegas, SAP security expert and CTO of ERPScan Alexander Polyakov will show how any malicious attacker...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2011/08/02 11:33 a.m.5 views

On 4th August SAP systems will be hacked on internet in BlackHat USA 2011

On 4th August SAP systems will be hacked on internet in BlackHat USA 2011 On the 4th of august at the world largest technical security conference - BlackHat USA 2011, which will take place in Las Vegas, SAP security expert and CTO of ERPScan Alexander Polyakov will show how any malicious attacker...

7.7AI score
Exploits0
securityvulns
securityvulns
added 2010/05/11 12:0 a.m.45 views

MOPS-2010-006: PHP addcslashes() Interruption Information Leak Vulnerability

MOPS-2010-006: PHP addcslashes Interruption Information Leak Vulnerability May 3rd, 2010 PHP’s addcslashes function can be abused for information leak attacks, because of the call time pass by reference feature. Affected versions Affected is PHP 5.2 = 5.2.13 Affected is PHP 5.3 = 5.3.2 Credits Th...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2010/05/11 12:0 a.m.51 views

MOPS-2010-014: PHP ZEND_BW_XOR Opcode Interruption Address Information Leak Vulnerability

MOPS-2010-014: PHP ZENDBWXOR Opcode Interruption Address Information Leak Vulnerability May 8th, 2010 PHP’s ZENDBWXOR opcode can be abused for address information leak attacks by an userspace error handler interruption attack. Affected versions Affected is PHP 5.2 = 5.2.13 Affected is PHP 5.3 =...

7.3AI score
Exploits0
Rows per page
Query Builder