25 matches found
EUVD-2023-41635
Malicious code in bioql PyPI...
CVE-2023-37759
Incorrect access control in the User Registration page of Crypto Currency Tracker CCT before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request...
CVE-2023-37759
Incorrect access control in the User Registration page of Crypto Currency Tracker CCT before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request...
Improper access control
Incorrect access control in the User Registration page of Crypto Currency Tracker CCT before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request...
CVE-2023-37759
Incorrect access control in the User Registration page of Crypto Currency Tracker CCT before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request...
CVE-2023-37759
Incorrect access control in the User Registration page of Crypto Currency Tracker CCT before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request...
CVE-2023-37759
The CVE-2023-37759 entry concerns Crypto Currency Tracker (CCT) prior to v9.5, where an improper access control in the User Registration page allows unauthenticated attackers to create an Admin account. The vulnerability is triggered via a crafted POST to /en/user/register (as shown in Exploit-DB...
IT threat evolution in Q2 2023
IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. Mobile statistics Targeted attacks Gopuram backdoor deployed through 3CX supply-chain attack Earlier this year, a Trojanized version of the 3CXDesktopApp, a popular VoIP program, w...
Crypto Currency Tracker (CCT) 9.5 Add Administrator
Exploit Title: Crypto Currency Tracker CCT - Admin Account Creation Unauthenticated Date: 11.08.2023 Exploit Author: 0xBr Software Link: https://codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008 Version: =9.5 CVE: CVE-2023-37759 POST /en/user/register HTTP...
Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated) Vulnerability
Exploit Title: Crypto Currency Tracker CCT 9.5 - Admin Account Creation Unauthenticated Exploit Author: 0xBr Software Link: https://codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008 Version: =9.5 CVE: CVE-2023-37759 POST /en/user/register HTTP/2 Host:...
Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)
Exploit Title: Crypto Currency Tracker CCT 9.5 - Admin Account Creation Unauthenticated Date: 11.08.2023 Exploit Author: 0xBr Software Link: https://codecanyon.net/item/crypto-currency-tracker-prices-charts-news-icos-info-and-more/21588008 Version: =9.5 CVE: CVE-2023-37759 POST /en/user/register...
IT threat evolution Q1 2022
IT threat evolution in Q1 2022 IT threat evolution in Q1 2022. Non-mobile statistics IT threat evolution in Q1 2022. Mobile statistics Targeted attacks MoonBounce: the dark side of UEFI firmware Late last year, we became aware of a UEFI firmware-level compromise through logs from our firmware...
New Android Malware Steals Banking Passwords, Private Data and Keystrokes
A new type of mobile banking malware has been discovered abusing Android's accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and hijack SMS-based two-factor authentication codes. Called "EventBot" by Cybereason researchers, the malware is...
Threat Analysis Unit (TAU) Threat Intelligence Notification: Tofsee Botnet
Tofsee is a botnet which has not been reported on since the following analysis in September of 2016 by the Cert Polka team and Cisco Talos. This updated campaign employs new techniques in order to aggressively send large volumes of spam emails primarily targeting the adult dating scene. This new...
Stealthy MacOS Malware Tied to Lazarus APT
Researchers have identified new MacOS malware that can execute remote code in memory that they believe is the work of the powerful North Korean APT group Lazarus, they said Thursday. Security researcher Dinesh Devadoss on Twitter posted a hash for a MacOS trojan he discovered that hides behind a...
Microsoft Bounty Program Updates: Faster bounty review, faster payments, and higher rewards
In 2018 The Microsoft Bounty Program awarded over $2,000,000 to encourage and reward external security research in key technologies to protect our customers. Building on that success, we are excited to announce a number of improvements in our bounty programs to better serve the security research...
Crypto currency mining machine using Elasticsearch vulnerability propagation-vulnerability warning-the black bar safety net
ElasticSearch is based on Lucene search server. It provides a distributed multi-user capability of the full-text search engine, based on the RESTful web interface. Elasticsearch is developed in Java, and as the Apache license under the terms of the open source release, is the current popular...
Unicode Technique Used to Deliver Cryptomining Malware Through Telegram
Attackers are using the time-tested right-to-left override technique to deliver cryptomining malware through the popular Telegram messaging application, say researchers. The right-to-left RLO technique uses Unicode to hide malicious file names and trick users into executing what appear to be beni...
Google Play Boots 3 Fake Bitcoin Wallet Apps
Google moved quickly to kick three fake bitcoin wallet apps from its Google Play marketplace earlier this month after researchers at mobile security firm Lookout discovered them. The apps pretended to be legitimate bitcoin wallets, but instead were fake. Apps were designed to trick sellers to...
Claymore's Dual Ethereum Miner unauth stack buffer overflow(CVE-2017-16929)
VuNote =================== Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-16929 Version: 0.2 Date: Nov 30th, 2017 Tag: claymore dual ethereum decred crypto currency miner Overview -------- Name: Claymore's Dual ETH + DCR/SC/LBC/PASC GPU Miner Vendor: nanopool/claymore...