APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor

A South Korea-aligned cyber espionage has been linked to the zero-day exploitation of a now-patched critical remote code execution flaw in Kingsoft WPS Office to deploy a bespoke backdoor dubbed SpyGlace. The activity has been attributed to a threat actor dubbed APT-C-60, according to cybersecuri...

Microsoft (& Apple) Patch Tuesday, April 2023 Edition

Microsoft today released software updates to plug 100 security holes in its Windows operating systems and other software, including a zero-day vulnerability that is already being used in active attacks. Not to be outdone, Apple has released a set of important updates addressing two zero-day...

Researchers Reveal Detail for Windows Zero-Day Vulnerability Patched Last Month

Details have emerged about a now-patched security flaw in Windows Common Log File System CLFS that could be exploited by an attacker to gain elevated permissions on compromised machines. Tracked as CVE-2022-37969 CVSS score: 7.8, the issue was addressed by Microsoft as part of its Patch Tuesday...

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

D-Link Central WiFi Manager CWM(100) Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'D-Link Central WiFi Manager CWM100 RCE', 'Description' = %q This module exploits a PHP code injection vulnerability in D-Link Central WiFi Manage...

NUUO NVRmini2 / NVRsolo - Arbitrary File Upload

Exploit Title: NUUO NVRmini2 / NVRsolo Arbitrary File Upload Vulnerability Google Dork: intitle:NUUO Network Video Recorder Login Date: 2018-05-20 Exploit Author: M3@Pandas Vendor Homepage: http://www.nuuo.com Software Link: N/A Version: all Tested on: PHP Linux CVE : CVE-2018-11523...

Aleph 500 SQL Injection

Greetings: I found on a ALEPH500 Integrated library management system SQL Injection Vulnerabilityï¼›CVE-ID is CVE-2014-3719. Aleph 500, fully meet the industry standard, is an art class perfect librarysolution, the Ex Libris to pursue the essence of philosophy is flexible and easy to use. Ex Libr...

Aleph 500 Cross Site Scripting

Greetings: a ALEPH500 Integrated library management system Cross Site Scripting£»CVE-ID is CVE-2014-3718. Aleph 500, fully meet the industry standard, is an art class perfect librarysolution, the Ex Libris to pursue the essence of philosophy is flexible and easy to use. Ex Libris is the world...

Syslog Watcher Pro 'Date' Parameter Cross Site Scripting Vulnerability

Title: Syslog Watcher Pro 'Date' Parameter Cross Site Scripting Vulnerability Software : Syslog Watcher Pro Software Version : v2.8.0.812Jun 15, 2009 Vendor: http://www.snmpsoft.com/ Vulnerability Published : 2013-04-27 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 6.4,...

Syslog Watcher Pro 2.8.0.812 - Date Cross-Site Scripting

Syslog Watcher Pro 2.8.0.812 - Date Cross-Site Scripting Title: Syslog Watcher Pro 'Date' Parameter Cross Site Scripting Vulnerability Software : Syslog Watcher Pro Software Version : v2.8.0.812Jun 15, 2009 Vendor: http://www.snmpsoft.com/ Vulnerability Published : 2013-04-27 Vulnerability Update...

Syslog Watcher Pro 2.8.0.812 - 'Date' Cross-Site Scripting

Title: Syslog Watcher Pro 'Date' Parameter Cross Site Scripting Vulnerability Software : Syslog Watcher Pro Software Version : v2.8.0.812Jun 15, 2009 Vendor: http://www.snmpsoft.com/ Vulnerability Published : 2013-04-27 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 6.4,...

Syslog Watcher Pro 2.8.0.812 Cross Site Scripting

Title: Syslog Watcher Pro 'Date' Parameter Cross Site Scripting Vulnerability Software : Syslog Watcher Pro Software Version : v2.8.0.812Jun 15, 2009 Vendor: http://www.snmpsoft.com/ Vulnerability Published : 2013-04-27 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 6.4,...