Centreon 23.10-1.el8 SQL Injection Vulnerability

;; Postauth SQL Injection in Centreon 23.10-1.el8 ;; by code610 ;; ;; version: centreon-vbox-vm-2310-1.el8.zip ;; details: https://code610.blogspot.com/2024/04/postauth-sqli-in-centreon-2310-1el8.html ;; ;; sqlmap request.txt POST /centreon/main.get.php?p=60201 HTTP/1.1 Host: 192.168.56.156...

Old Loader, New Threat: Exploring XWorm RAT's Distribution and Tactics 

Old Loader, New Threat: Exploring XWorm RAT's Distribution and Tactics By Pratik Pachpor and Adarsh S · July 31, 2023 Executive Summary: In March-April 2023, we detected a malicious email campaign delivering .Net based XWorm RAT in which embedded blogspot.com URLs were used as an entry point. Thi...

Old Loader, New Threat: Exploring XWorm RAT's Distribution and Tactics 

Old Loader, New Threat: Exploring XWorm RAT's Distribution and Tactics By Pratik Pachpor and Adarsh S · July 31, 2023 Executive Summary: In March-April 2023, we detected a malicious email campaign delivering .Net based XWorm RAT in which embedded blogspot.com URLs were used as an entry point. Thi...

TRENDnet TEW-812DRU - Cross-Site Request ForgeryCommand Injection Root

TRENDnet TEW-812DRU - Cross-Site Request ForgeryCommand Injection Root TRENDnet TEW-812DRU CSRF - Command Injection Shell Exploit. Please wait... //Request to enable port forwarding to the routers internal IP on port 23 //This exploit works without this request, but the exploit was more stable wi...

PCMan FTP Server 2.0.7 - Remote Buffer Overflow

PCMan FTP Server 2.0.7 - Remote Buffer Overflow !/usr/bin/env python import signal from time import sleep from socket import from sys import exit, excinfo TitlePCMan FTP Server v2.0.7 Remote Root Shell Exploit - USER Command Discovered and ReportedJune 2013 Discovered/Exploited ByJacob...

Metasploit < 4.4 - pcap_log Plugin Privilege Escalation (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

Whois.com Cross Site Scripting

Exploit Title: whois.com XSS Date: 26.11.2011 - 19.23 Author: Mr.PaPaRoSSe Tested On: Win7 Platform: Php ------------------------------------------------------------- http://domains.whois.com/hosting.php?type= "alert"DarkDevilZ / Mr.PaPaRoSSe"...

blogspot.com窃取cookie漏洞

blogspot.com站点为Google的博客.因对过滤不严，造成漏洞。支持html,然后可以在其中插入类似如下内容.获取cookie blogspot 暂无 a onblur="javascript:alertdocument.cookie" href="http://bp3.blogger.com/er6f39OjAgE/RssqA2y7uNI/AAAAAAAAABk/BbeITZK9BAg/s1600-h/5af1scd.jpg"img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;&qu...