Hackers Set Up a Fake Cybersecurity Firm to Target Security Experts

A North Korean government-backed campaign targeting cybersecurity researchers with malware has re-emerged with new tactics in their arsenal as part of a fresh social engineering attack. In an update shared on Wednesday, Google's Threat Analysis Group said the attackers behind the operation set up...

CVE-2021-21043

ACS Commons version 4.9.2 and earlier suffers from a Reflected Cross-site Scripting XSS vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2020-32614)

Adobe Experience Manager is an enterprise content management solution that helps you simplify the management and delivery of your content and assets. A cross-site scripting vulnerability exists in Adobe Experience Manager. An attacker can exploit this vulnerability to execute arbitrary JavaScript...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2020-32613)

Adobe Experience Manager is an enterprise content management solution that helps you simplify the management and delivery of your content and assets. A cross-site scripting vulnerability exists in Adobe Experience Manager. An attacker can exploit this vulnerability to execute arbitrary JavaScript...

Valve: Buffer overflow In hl.exe's launch -game argument allows an attacker to execute arbitrary code locally or from browser

Half Life 1 allows users to set various launch arguments when running the game from the command line, one of them is "-game" which specifies the game/mod to be launched. Documented here hl.exe -game The contents of this argument is copied via a call to strcpy onto the stack without any size...

Malicious Package

Overview Version 1.3.2 of geoheat contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evalua...

Input validation

Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3.0.0, 3.1.0, 3.1.16, 3.2.3, 3.2.6, 3.5.0, 3.6.0, and 3.6.1, when WebHMI is not installed, allows an attacker to inject client-side commands or scripts to be executed on the device with privileged access, aka CYB/2019/19561. The...

Joomla Geommunity3es 1.4 SQL Injection

Exploit Title : Joomla Geommunity3es Components 1.4 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 25/02/2019 Vendor Homepage : nordmograph.com Software Download Link : nordmograph.com/extensions /index.php?option=comvirtuemart&view=productdetails...

Joomla JamBook 1.5 SQL Injection

Exploit Title : Joomla JamBook Components 1.5 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 01/02/2019 Vendor Homepage : joomlacode.org Software Download Link : joomlacode.org/gf/project/jambook/ Software Version : 1.0 and 1.5 Tested On : Windows...

Cisco Industrial Network Director Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF...

GitLab: Unauthorized users may be able to view almost all informations related to Private projects.

Summary: On the most of pages related to Private projects, cache control is inadequate, so the contents of Private projects may leak to unauthorized users. Description: For visibility of projects, you can select Public, Internal, and Private. Among them, Private projects can only be viewed from...

Chrome Bug Allowed Hackers to Find Out Everything Facebook Knows About You

With the release of Chrome 68, Google prominently marks all non-HTTPS websites as 'Not Secure' on its browser to make the web a more secure place for Internet users. If you haven't yet, there is another significant reason to immediately switch to the latest version of the Chrome web browser. Ron...

CVE-2013-10057

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/synactisconnecttosynactisbof.rb 2025-10-23 21:12:57+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

Malicious Package

Overview Version 0.4.8 of s3asy contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.4.8 of this module is found installed you...

GLitch: New 'Rowhammer' Attack Can Remotely Hijack Android Phones

For the very first time, security researchers have discovered an effective way to exploit a four-year-old hacking technique called Rowhammer to hijack an Android phone remotely. DubbedGLitch , the proof-of-concept technique is a new addition to the Rowhammer attack series which leverages embedded...

Metasploit msfd Remote Code Execution Via Browser Exploit

Metasploit's msfd-service makes it possible to get a msfconsole-like interface over a TCP socket. This Metasploit module connects to the msfd-socket through the victim's browser. To execute msfconsole-commands in JavaScript from a web application, this module places the payload in the POST-data...

WordPress WordApp Mobile 2.0.3 Cross Site Scripting

Title: WordPress WordApp Mobile App Plugin a Convert your WordPress Site to a Mobile App 2.0.3 Cross Site Scripting File: Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable WordApp Mobile App Plugin a Convert your WordPress Site to a Mobile App 2.0.3 WordApp Mobile App Plug...

Windows Browser Example Exploit

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This exploit sample demonstrates how a typical browser exploit is written using commonly used components such as: HttpServer, BrowserAutopwn, RopDB, DOM Element Property...

Weapon of Mass Destruction: WMD

Weapon of Mass Destruction This is a python tool with a collection of IT security software. The software is incapsulated in “modules”. The modules does consist of pure python code and/or external third programs. Main functions 1 To use a module, run the command “use modulecall”, e.g. “use apsniff...

MC Real Estate Pro Script - Improper Access Restrictions Vulnerability

Exploit for php platform in category web applications Vulnerability: Improper Access Restrictions Date: 15.01.2017 Vendor Homepage: http://microcode.ws/ Script Name: MC Real Estate Pro Script Buy Now: http://microcode.ws/product/mc-real-estate-pro-php-script/3858 Author: İhsan Şencan Author Web:...