Lucene search
K

83 matches found

Metasploit
Metasploit
added 2023/05/18 7:52 p.m.258 views

HTTP Fetch

Fetch and execute an x64 payload from an HTTP server. Module Options msf use payload/cmd/windows/http/x64/powershellreversetcpssl msf payloadpowershellreversetcpssl show actions ...actions... msf payloadpowershellreversetcpssl set ACTION msf payloadpowershellreversetcpssl show options ...show and...

5.9AI score
Exploits0
Metasploit
Metasploit
added 2023/05/18 7:52 p.m.245 views

HTTP Fetch, Windows shellcode stage, Windows x64 IPv6 Bind TCP Stager

Fetch and execute an x64 payload from an HTTP server. Custom shellcode stage. Listen for an IPv6 connection Windows x64 Module Options msf use payload/cmd/windows/http/x64/custom/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf payloadbindipv6tcp...

5.9AI score
Exploits0
Metasploit
Metasploit
added 2023/05/18 7:52 p.m.281 views

HTTP Fetch, Windows x64 Bind Named Pipe Stager

Fetch and execute an x64 payload from an HTTP server. Listen for a pipe connection Windows x64 Module Options msf use payload/cmd/windows/http/x64/vncinject/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf payloadbindnamedpipe show options...

5.9AI score
Exploits0
Metasploit
Metasploit
added 2023/05/18 7:52 p.m.695 views

HTTP Fetch, Windows shellcode stage, Windows x64 Reverse TCP Stager

Fetch and execute an x64 payload from an HTTP server. Custom shellcode stage. Connect back to the attacker Windows x64 Module Options msf use payload/cmd/windows/http/x64/custom/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show...

6AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/20 12:0 a.m.424 views

AspEmail v5.6.0.2 - Local Privilege Escalation

Exploit Title: AspEmail 5.6.0.2 - Local Privilege Escalation Vulnerability Category: Weak Services Permission - Binary Permission Vulnerability Date: 13/04/2023 Exploit Author: Zer0FauLT [email protected] Vendor Homepage: https://www.aspemail.com Software Link:...

7.4AI score
Exploits0
OSV
OSV
added 2023/04/04 4:15 p.m.6 views

CVE-2022-48223

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK repair, certutil.exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory...

6.7CVSS5.8AI score0.00115EPSS
Exploits0References2
OSV
OSV
added 2023/04/04 4:15 p.m.6 views

CVE-2022-48222

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full...

7.8CVSS6.2AI score0.00135EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/04 12:0 a.m.5 views

PT-2023-15619 · Acuant · Acuant Acufill Sdk

Name of the Vulnerable Software and Affected Versions: Acuant AcuFill SDK versions prior to 10.22.02.03 Description: An issue in the Acuant AcuFill SDK allows a standard user to break out of a window running with elevated privileges during SDK installation, resulting in a full SYSTEM command prom...

7.8CVSS7.7AI score0.00135EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/04/04 12:0 a.m.5 views

Acuant AcuFill SDK 代码问题漏洞

Acuant AcuFill SDK is a data capture technology from the American company Acuant. All major data fields can be extracted from documents. A security vulnerability exists in the Acuant AcuFill SDK that stems from a call to certutil.exe by the Acuant installer to repair certificates during SDK repai...

6.7CVSS6.7AI score0.00115EPSS
Exploits0References3
Rapid7 Blog
Rapid7 Blog
added 2023/03/21 3:10 p.m.66 views

Rapid7 Observed Exploitation of Adobe ColdFusion

Rapid7’s Threat Intelligence and Detection Engineering team has identified active exploitation of Adobe ColdFusion in multiple customer environments. The observed activity dates back to January 2023 and has not been tied back to a specific CVE at this time. IOCs are included below. Rapid7 has...

10AI score0.97339EPSS
Exploits13
The Hacker News
The Hacker News
added 2022/11/15 11:3 a.m.54 views

Researchers Say China State-backed Hackers Breached a Digital Certificate Authority

A suspected Chinese state-sponsored actor breached a digital certificate authority as well as government and defense agencies located in different countries in Asia as part of an ongoing campaign since at least March 2022. Symantec, by Broadcom Software, linked the attacks to an adversarial group...

1.4AI score
Exploits0
Kitploit
Kitploit
added 2021/06/15 9:30 p.m.38 views

TChopper - Conduct Lateral Movement Attack By Leveraging Unfiltered Services Display Name To Smuggle Binaries As Chunks Into The Target Machine

New technique I have discovered recently and give it a nickname Chop chop to perform lateral movement using windows services display name and WMI by smuggling the malicious binary as base64 chunks and automate the process using the TChopper tool. How it works the tool will get the file you willin...

7.6AI score
Exploits0References2
OpenVAS
OpenVAS
added 2021/04/13 12:0 a.m.30 views

Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2021-1744)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.7CVSS7AI score0.00337EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2020/07/21 3:0 p.m.5324 views

Chinese APT group targets India and Hong Kong using new variant of MgBot malware

This blog post was authored by Hossein Jazi and Jérôme Segura On July 2, we found an archive file with an embedded document pretending to be from the government of India. This file used template injection to drop a malicious template which loaded a variant of Cobalt Strike. One day later, the sam...

9.3CVSS8.8AI score0.99966EPSS
Exploits21
ThreatPost
ThreatPost
added 2020/06/24 9:20 p.m.15579 views

Self-Propagating Lucifer Malware Targets Windows Systems

Security experts have identified a self-propagating malware, dubbed Lucifer, that targets Windows systems with cryptojacking and distributed denial-of-service DDoS attacks. The never-before-seen malware initially tries to infect PCs by bombarding them with exploits in hopes of taking advantage of...

9.3CVSS8.8AI score0.99993EPSS
Exploits162References18
FireEye
FireEye
added 2019/10/29 6:0 p.m.19 views

CertUtil Qualms: They Came to Drop FOMBs

This blog post covers an interesting intrusion attempt that Mandiant Managed Defense thwarted involving the rapid weaponization of a recently disclosed vulnerability combined with the creative use of WMI compiled “.bmf” files and CertUtil for obfuscated execution. This intrusion attempt highlight...

Exploits0References13
The Hacker News
The Hacker News
added 2019/07/09 8:17 a.m.98 views

Watch Out! Microsoft Spotted Spike in Astaroth Fileless Malware Attacks

Security researchers at Microsoft have released details of a new widespread campaign distributing an infamous piece of fileless malware that was primarily being found targeting European and Brazilian users earlier this year. Dubbed Astaroth, the malware trojan has been making the rounds since at...

0.3AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/07/08 5:0 p.m.112 views

How Carbon Black is Prioritizing Living Off the Land Attacks Part 2

What are Living Off the Land LoL Attacks? In recent years, Living off the Land Binaries and Scripts LoLBas have become increasingly popular tools for cybercriminals. These types of attacks leverage native, signed, and often pre-installed applications in malicious ways that their creators never...

0.2AI score
Exploits0
Microsoft KB
Microsoft KB
added 2018/05/02 12:0 a.m.5 views

February 22, 2018—KB4077525 (OS Build 14393.2097)

February 22, 2018—KB4077525 OS Build 14393.2097 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses issue that causes Hyper-V VMs that are replicated using Hyper-V Replica or Azure...

7.8AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2018/03/15 4:31 p.m.84 views

Threat Analysis: Recent Attack Technique Attempts to Bypass Whitelisting by Leveraging MS Office Document Macros, MSBuild, Certutil

Carbon Black continues to monitor and track evolving techniques that attackers leverage. Over the last several years, there has been an increase in attackers leveraging open source frameworks and proof of concept POC techniques that are released publically by researchers. A document was recently...

7.3AI score
Exploits0
Rows per page
Query Builder