Lucene search
K

5 matches found

ThreatPost
ThreatPost
added 2019/03/04 2:0 a.m.92 views

RSAC 2019: New Operation Sharpshooter Data Reveals Higher Complexity, Scope

SAN FRANCISCO – An insidious reconnaissance campaign discovered in 2018, dubbed Operation Sharpshooter, is much more widespread than previously thought, researchers said. Operation Sharpshooter was first disclosed in December 2018, using a never-before-seen implant framework to infiltrate global...

7.2AI score
Exploits0References4
ThreatPost
ThreatPost
added 2018/12/12 3:22 p.m.10 views

Operation Sharpshooter Takes Aim at Global Critical Assets

Researchers have detected a widespread reconnaissance campaign using a never-before-seen implant framework to infiltrate global defense and critical infrastructure players — including nuclear, defense, energy and financial companies. The campaign, dubbed Operation Sharpshooter, began Oct. 25 when...

Exploits0References5
hackapp
hackapp
added 2016/04/01 10:10 a.m.6 views

Global Defense: Zombie War - Dangerous filesystem permissions, WebView SSL handling enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Global Defense: Zombie War published at the 'play' market has multiple vulnerabilities...

1AI score
Exploits0References1Affected Software1
seebug.org
seebug.org
added 2015/01/07 12:0 a.m.41 views

PHPB2B某处sql注入#2

简要描述: PHPB2B某处sql注入2 详细说明: PHPB2B某处sql注入 官网下载的最新版本 绕过全局防注入。 我们先看看全局防注入怎么写的。 以下是全局防注入用到的函数 function pbattackfilter$StrFiltKey,$StrFiltValue,$ArrFiltReq ifisarray$StrFiltValue $StrFiltValue=@implode",", $StrFiltValue; if pregmatch"/".$ArrFiltReq."/is",$StrFiltValue==1 echo $StrFiltValue;...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/05/26 12:0 a.m.22 views

Destoon B2B 2014-05-21最新版绕过全局防御暴力注入(官方Demo可重现)

简要描述: destoon某加密函数缺陷可破解导致注入 由于字符串加密,所以自带的全局stripsql gpc等直接无视了 使用不安全的“随机数”的实例 搬个小凳子吧,这个一时半会儿说不完。。。 详细说明: 出问题的是用于cookie加解密的encrypt和decrypt函数 首先看一下函数内容include/global.func.php 122行 function encrypt$txt, $key = '' $key or $key = DTKEY; //DTKEY是在安装时生成的一个15位随机字符串 $rnd = md5microtime;//缺陷 下面说 $len =...

7AI score
Exploits0
Rows per page
Query Builder