CVE-2019-20933

creationtimestamp| type| source ---|---|--- 2020-11-19 07:41:05+00:00| seen| https://t.me/cibsecurity/16573 2022-01-19 18:02:44+00:00| published-proof-of-concept| https://t.me/cybersecs/528 2023-03-06 21:00:32+00:00| published-proof-of-concept|...

Microsoft SharePoint Server 2019 - Remote Code Execution

Exploit Title: Microsoft SharePoint Server 2019 - Remote Code Execution Google Dork: inurl:quicklinks.aspx Date: 2020-08-14 Exploit Author: West Shepherd Vendor Homepage: https://www.microsoft.com Version: SharePoint Enterprise Server 2013 Service Pack 1, SharePoint Enterprise Server 2016 ,...

SharePoint DataSet / DataTable Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SharePoint DataSet / DataTable Deserialization', 'Description' = %q A remotely exploitable vulnerability exists within SharePoint that can be...

RHEL 8 : .NET Core (RHSA-2020:2988)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2988 advisory. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

Remote Code Execution (RCE)

system.data.common is vulnerable to remote code execution RCE. The vulnerability exists as it allows unrestricted polymorphic deserialization in DataSet without proper validation...

Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB4566467)

Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 KB4566467 Applies to: Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2...

July 14, 2020-KB4566516 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 and Windows Server 2019

July 14, 2020-KB4566516 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 and Windows Server 2019 Release Date: July 14, 2020 Version: .NET Framework 3.5, 4.7.2 and 4.8 Summary A remote code execution vulnerability exists in .NET Framework when the software fails...

PCFG Cracker - Probabilistic Context Free Grammar (PCFG) Password Guess Generator

PCFG = Probabilistic Context Free Grammar PCFG = Pretty Cool Fuzzy Guesser In short: A collection of tools to perform research into how humans generate passwords. These can be used to crack password hashes, but also create synthetic passwords honeywords, or help develop better password strength...

Karonte - A Static Analysis Tool To Detect Multi-Binary Vulnerabilities In Embedded Firmware

Karonte is a static analysis tool to detect multi-binary vulnerabilities in embedded firmware. Research paper We present our approach and the findings of this work in the following research paper: KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware PDF Nilo Redini, Aravind...

AVCLASS++ - Yet Another Massive Malware Labeling Tool

AVCLASS++ is an appealing complement to AVCLASS 1, a state-of-the-art malware labeling tool. Overview AVCLASS++ is a labeling tool for creating a malware dataset. Addressing malware threats requires constant efforts to create and maintain a dataset. Especially, labeling malware samples is a vital...

Quantopian: Stored cross-site scripting in dataset owner.

Hi again. Another XSS this time. Summary: Unescaped chars in 'dataset owner' could be abused to store arbitrary javascript. Description: There is a 'dataset owner' field in new 'custom dataset dashboard' which contains unsanitized output. If attacker would modify his name, like first name '', the...

CVE-2019-11082

core/api/datasets/internal/actions/Explode.java in the Dataset API in DKPro Core through 1.10.0 allows Directory Traversal, resulting in the overwrite of local files with the contents of an archive...

CVE-2019-11082

core/api/datasets/internal/actions/Explode.java in the Dataset API in DKPro Core through 1.10.0 allows Directory Traversal, resulting in the overwrite of local files with the contents of an archive...

Directory traversal

core/api/datasets/internal/actions/Explode.java in the Dataset API in DKPro Core through 1.10.0 allows Directory Traversal, resulting in the overwrite of local files with the contents of an archive...

CVE-2019-11082

CVE-2019-11082 : The Dataset API in DKPro Core (through 1.10.0) is vulnerable to a directory traversal issue in the file Explode.java (core/api/datasets/internal/actions/Explode.java). The underlying flaw allows an attacker-supplied archive to overwrite local files due to inadequate validation of...

Top 10 Benefits that Make Upgrading to the PSC a Priority

If you are running either of Carbon Black’s on-premise products CB Response & CB Protection, you are already seeing the benefits of a strong endpoint security solution. With something this effective already in place, why would you need to consider moving to a cloud platform? The answer is twofold...

Microsoft AI competition explores the next evolution of predictive technologies in security

Predictive technologies are already effective at detecting and blocking malware at first sight. A new malware prediction competition on Kaggle will challenge the data science community to push these technologies even furtherto stop malware before it is even seen. The Microsoft-sponsored competiti...

Tablib: Arbitrary command execution

Background Tablib is an MIT Licensed format-agnostic tabular dataset library, written in Python. It allows you to import, export, and manipulate tabular data sets. Description A vulnerability was discovered in Tablib’s Databook loading functionality, due to improper input validation. Impact A...

CVE-2018-8547

creationtimestamp| type| source ---|---|--- 2018-11-14 17:39:01+00:00| seen| MISP/5bec5b59-b2b0-4506-9c63-32a40a021402...

11 million personal unprotected MongoDB records leaked online

By Uzair Amir Another day, another trove of sensitive data exposed online. This time, a MongoDB database containing a whopping 43.5GB of the dataset used in marketing campaigns has been left exposed for public access. The data was discovered by Bob Diachenko, an independent security researcher wh...