Lucene search
K

238 matches found

Hacker One
Hacker One
added 2019/09/17 7:6 a.m.16 views

HackerOne: "Bounties paid in the last 90 days" discloses the undisclosed bounty amount in program statistics

Hi Team, Summary: I have found a bypass on this disclosed report: Know undisclosed Bounty Amount when Bounty Statistics are enabled. Description: When a program does not disclose how much bounty is paid to particular report, but if bounty statics is enabled then undisclosed Bounty Amount can be...

Exploits0
ThreatPost
ThreatPost
added 2019/09/06 7:18 p.m.225 views

China's APT3 Pilfers Cyberweapons from the NSA

The advanced persistent threat APT group known as APT3, which researchers across the board link to the Chinese government, has built a full in-house battery of exploits and cybertools collectively dubbed “UPSynergy.” An analysis of the toolkit has uncovered a geopolitical cat-and-mouse spy game: ...

9.3CVSS7.9AI score0.93307EPSS
Exploits47References8
NVD
NVD
added 2019/07/30 7:15 p.m.18 views

CVE-2018-20859

edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem...

6.1CVSS6AI score0.01202EPSS
Exploits0References3
OSV
OSV
added 2019/07/30 7:15 p.m.9 views

CVE-2018-20859

edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem...

6.1CVSS5.7AI score
Exploits0References3
Prion
Prion
added 2019/07/30 7:15 p.m.11 views

Design/Logic Flaw

edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem...

4.3CVSS5.9AI score0.01202EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/07/30 6:46 p.m.47 views

CVE-2018-20859

CVE-2018-20859 affects the Open edX platform (edx-platform). It describes an XSS vulnerability: edx-platform before 2018-07-18 allows executing client-side code via a response to a Chemical Equation advanced problem. The root cause is lack of proper validation of client data in the web applicatio...

6.1CVSS5.8AI score0.01202EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/07/30 6:46 p.m.12 views

CVE-2018-20859

edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem...

6AI score0.01202EPSS
Exploits0References3
0day.today
0day.today
added 2019/07/05 12:0 a.m.270 views

Microsoft Exchange 2003 - base64-MIME Remote Code Execution Exploit

Python 2.7 included with ImmunityDBG Exchange 2003 SP0 base64-MIME memory corruption NSA's ENGLISHMANSDENTIST Platform: Windows Server 2003 R2 Shout out to the Equation Group, NSA Tailored Access Operations Author: Charles Truscott @r0ss1n1 Shout out to Offensive Security, from Australia with Lov...

10CVSS0.3AI score0.6616EPSS
Exploits2
Packet Storm
Packet Storm
added 2019/07/05 12:0 a.m.132 views

Microsoft Exchange 2003 base64-MIME Remote Code Execution

Python 2.7 included with ImmunityDBG Exchange 2003 SP0 base64-MIME memory corruption NSA's ENGLISHMANSDENTIST Platform: Windows Server 2003 R2 Shout out to the Equation Group, NSA Tailored Access Operations Author: Charles Truscott @r0ss1n1 Shout out to Offensive Security, from Australia with Lov...

10CVSS0.3AI score0.6616EPSS
Exploits2
exploitpack
exploitpack
added 2019/07/05 12:0 a.m.38 views

Microsoft Exchange 2003 - base64-MIME Remote Code Execution

Microsoft Exchange 2003 - base64-MIME Remote Code Execution Python 2.7 included with ImmunityDBG Exchange 2003 SP0 base64-MIME memory corruption NSA's ENGLISHMANSDENTIST Platform: Windows Server 2003 R2 Shout out to the Equation Group, NSA Tailored Access Operations Author: Charles Truscott...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2019/07/05 12:0 a.m.424 views

Microsoft Exchange 2003 - base64-MIME Remote Code Execution

Python 2.7 included with ImmunityDBG Exchange 2003 SP0 base64-MIME memory corruption NSA's ENGLISHMANSDENTIST Platform: Windows Server 2003 R2 Shout out to the Equation Group, NSA Tailored Access Operations Author: Charles Truscott @r0ss1n1 Shout out to Offensive Security, from Australia with Lov...

7.4AI score
Exploits0
ThreatPost
ThreatPost
added 2019/05/07 5:52 p.m.109 views

Chinese Spies Stole NSA Cyberweapons Long Before Shadow Brokers Leak

Hacking tools allegedly developed by the National Security Agency NSA were being used in the wild by at least one APT long before the Shadow Brokers released the now-infamous trove of U.S. cyberweapons, new analysis suggests. According to researchers at Symantec, an attack group affiliated with t...

9.3CVSS0.1AI score0.93307EPSS
Exploits47References13
The Hacker News
The Hacker News
added 2019/05/07 8:41 a.m.252 views

Chinese Hackers Used NSA Hacking Tools Before Shadow Brokers Leaked Them

In a shocking revelation, it turns out that a hacking group believed to be sponsored by Chinese intelligence had been using some of the zero-day exploits linked to the NSA's Equation Group almost a year before the mysterious Shadow Brokers group leaked them. According to a new report published by...

9.3CVSS0.93307EPSS
Exploits47
Carbon Black Blog
Carbon Black Blog
added 2019/03/20 7:14 p.m.1550 views

TAU Threat Intelligence Notification: NanoCore – Old Malware, New Tricks!

In analyzing the stream of raw emails seen in the wild, TAU discovered a campaign of what first appeared to be a fairly standard spear-phishing attack. The email contained a Word document which carried an exploit for CVE-2017-11882, a vulnerability that allows for Microsoft Office documents to ru...

9.3CVSS0.2AI score0.99945EPSS
Exploits33
Kitploit
Kitploit
added 2019/02/24 12:11 p.m.637 views

HexRaysCodeXplorer - Hex-Rays Decompiler Plugin For Better Code Navigation

The Hex-Rays Decompiler plugin for better code navigation in RE process. CodeXplorer automates code REconstruction of C++ applications or modern malware like Stuxnet, Flame, Equation, Animal Farm ... The CodeXplorer plugin is one of the first publicly available Hex-Rays Decompiler plugins. We kee...

7.3AI score
Exploits0References9
myhack58
myhack58
added 2018/12/25 12:0 a.m.2663 views

A use cve-2017-11882 and cve-2018-0802 combination of vulnerability a malicious document analysis-vulnerability warning-the black bar safety net

! Recently intercepted an extension doc word document to attack the samples, which format is actually RTF format. By analyzing the document composition the use of a cve-2017-11882 and cve-2018-0802 vulnerability, and use the embedded excel object is used to trigger the vulnerability. The release ...

9.3CVSS8.4AI score0.99945EPSS
Exploits36
myhack58
myhack58
added 2018/12/02 12:0 a.m.1254 views

A CVE-2017-11882 vulnerability is a new variation of a sample of the debugging and analysis-vulnerability warning-the black bar safety net

Recently harvested a suffix called doc word document, view the After is actually a rich text format document. In a test environment to open after the discovery of a network connection and executing a program of action, determine the sample is malware document. After a preliminary analysis, found...

9.3CVSS8.6AI score0.99945EPSS
Exploits36
Metasploit
Metasploit
added 2018/10/11 2:56 a.m.1215 views

MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption

This module is a port of the Equation Group ETERNALBLUE exploit, part of the FuzzBunch toolkit released by Shadow Brokers. There is a buffer overflow memmove operation in Srv!SrvOs2FeaToNt. The size is calculated in Srv!SrvOs2FeaListSizeToNt, with mathematical error where a DWORD is subtracted in...

8.8CVSS7.3AI score0.99693EPSS
Exploits94
ThreatPost
ThreatPost
added 2018/09/13 7:26 p.m.78 views

ThreatList: Microsoft Macros Remain Top Vector for Malware Delivery

Attacks using malicious Microsoft macros, always a popular method for compromising target machines, are more virulent than ever, accounting for 45 percent of all delivery mechanisms analyzed in August. Top Malware Delivery Mechanisms in August Just behind this tried-and-true method lies the...

9.3CVSS0.3AI score0.99945EPSS
Exploits33References15
myhack58
myhack58
added 2018/07/30 12:0 a.m.1404 views

An attacker with Office vulnerability propagation FELIXROOT Backdoor-vulnerability warning-the black bar safety net

! One, the attack event details 2017 9 months, in response to Ukrainian attacks, FireEye found FELIXROOT Backdoor this malicious payload, and feedback to our intelligence perception of the customers. The attack activities using some malicious Ukrainian banks document that contains a macro, used t...

9.3CVSS0.1AI score0.99945EPSS
Exploits62
Rows per page
Query Builder