8 matches found
eCPPT-Penetration-Testing-Reports
eCPPT Penetration Testing Reports Penetration testing lab rep...
PT-2026-3668
Name of the Vulnerable Software and Affected Versions Milner ImageDirector Capture versions 7.0.9.0 through 7.6.3.25808 Description The software contains a flaw due to the use of a broken cryptographic algorithm DES. This impacts the Password class within the C2SConnections.dll component on Windo...
Exploit for Uncontrolled Resource Consumption in Oracle Mysql_Cluster
CVE-2025-21574-Exploit Key Features of this Black-Box Exploi...
Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery
Cybersecurity researchers have disclosed a surge in "mass scanning, credential brute-forcing, and exploitation attempts" originating from IP addresses associated with a Russian bulletproof hosting service provider named Proton66. The activity, detected since January 8, 2025, targeted organization...
Password Spray Attacks Taking Advantage of Lax MFA
In the first quarter of 2025, Rapid7’s Managed Threat Hunting team observed a significant volume of brute-force password attempts leveraging FastHTTP, a high-performance HTTP server and client library for Go, to automate unauthorized logins via HTTP requests. This rapid volume of credential...
SAP Management Console Brute Force
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP Management Console Brute Force', 'Description' = %q This module simply attempts to brute force the username and password for the SAP Manageme...
CVE-2017-13719
The Amcrest IPM-721S AmcrestIPC-AWXXEngNV2.420.AC00.17.R.20170322 allows HTTP requests that permit enabling various functionalities of the camera by using HTTP APIs, instead of the web management interface that is provided by the application. This HTTP API receives the credentials as base64 encod...
TheMoon Rises Again, With a Botnet-as-a-Service Threat
TheMoon, an IoT botnet targeting home routers and modems, is entering a new phase, as it were: It has added a previously undocumented module that allows it to be sold as-a-service to other malicious actors. This has already had significant real-world consequences, according to CenturyLink Threat...