86 matches found
EUVD-2007-6659
Malware in sbrugna...
EUVD-2007-2611
Malware in sbrugna...
EUVD-2007-1843
Malware in sbrugna...
EUVD-2008-6445
Malware in sbrugna...
EUVD-2007-1842
Malware in sbrugna...
EUVD-2008-1378
Malware in sbrugna...
EUVD-2007-1844
Malware in sbrugna...
drakehomesinc.com Cross Site Scripting vulnerability OBB-3286129
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-21716
Microsoft Word Remote Code Execution Vulnerability Recent assessments: cbeek-r7 at March 06, 2023 8:12am UTC reported: A vulnerability in Microsoft’s Word wwlib allows attackers to get LCE with the privileges of the victim opens a malicious RTF document. An attacker would be able to deliver this...
samlsso.drake.edu Cross Site Scripting vulnerability OBB-3150446
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
New Charges, Sentencing in Satori IoT Botnet Conspiracy
The U.S. Justice Department today charged a Canadian and a Northern Ireland man for allegedly conspiring to build botnets that enslaved hundreds of thousands of routers and other Internet of Things IoT devices for use in large-scale distributed denial-of-service DDoS attacks. In addition, a...
Drake Lyrics Used as Calling Card in Malware Attack
A hacker with the handle “Master X” leverages a PowerShell script that contains a reference to singer-songwriter Drake lyric’s “Kiki Do You Love Me” and ultimately delivers a malicious payload to its victims. The campaign is email based; with missives containing a malicious PowerPoint attachment...
XSRFProbe - The Prime Cross Site Request Forgery Audit And Exploitation Toolkit
XSRFProbe is an advanced Cross Site Request Forgery CSRF/XSRF Audit and Exploitation Toolkit. Equipped with a Powerful Crawling Engine and Numerous Systematic Checks, it is now able to detect most cases of CSRF vulnerabilities, their related bypasses and futher generate maliciously exploitable...
Hacker takeovers Drake’s Fortnite account to yell racial slurs
By Carolina The official Fortnite account of the Canadian rapper Drake going by the handle of "Duddus647" was hacked in an attack on Thanksgiving weekend. The hacker used the account to join Fortnite live stream charity event run by Ninja, a pro streamer and shout racial slurs and obscenities. Th...
confluence.drake.edu XSS vulnerability
Open Bug Bounty ID: OBB-610684 Description| Value ---|--- Affected Website:| confluence.drake.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
drakeapedia.cowleswiki.drake.edu XSS vulnerability
Open Bug Bounty ID: OBB-265966 Description| Value ---|--- Affected Website:| drakeapedia.cowleswiki.drake.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6....
USN-3080-1: Python Imaging Library vulnerabilities
Eric Soroos discovered that the Python Imaging Library incorrectly handled certain malformed FLI or PhotoCD files. A remote attacker could use this issue to cause Python Imaging Library to crash, resulting in a denial of service. CVE-2016-0775, CVE-2016-2533 Andrew Drake discovered that the Pytho...
Joshua Drake on Android Security Post-Stagefright
Joshua Drake of Zimperium Labs talks to Mike Mimoso about the last year post-Stagefright, the effectiveness of Google’s monthly patching cycle, and some of the security enhancements forthcoming in Android N. Download: JoshuaDrakeonPost-StagefrightAndroid.mp3 Music by Chris Gonsalves...
ASUSWRT 3.0.0.4.376_1071 - LAN Backdoor Command Execution
漏洞概要2014年10月3日,国外安全研究员Joshua J. Drake在他github(https://github.com/jduck)提交了针对华硕路由器的一个远程命令执行漏洞poc(https://github.com/jduck/asus-cmd)。该漏洞随后被编号为CVE-2014-9583。知道创宇安全研究团队在第一时间对该命令执行漏洞进行了研究和分析。a 漏洞描述华硕路由器R系列路由器使用开源路由器系统 Asuswrt,开源代码给我们随后的漏洞分析带来很多方便,不用逆向分析。在Asuswrt中存在 infosvr 进程,该进程监听在0.0.0.0...
Root Command Execution Flaw Haunts ASUS Routers
There is a serious security vulnerability in the firmware of many ASUS routers that allows unauthenticated command execution. The bug may be present in all current versions of the router firmware, and there is an exploit published for it, as well. Security researchers Joshua Drake posted an...