CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Kitploit•added 2018/09/03 3:53 p.m.•74 views

SMBetray - SMB MiTM Tool With A Focus On Attacking Clients Through File Content Swapping, Lnk Swapping, As Well As Compromising Any Data Passed Over The Wire In Cleartext

Version 1.0.0. This tool is a PoC to demonstrate the ability of an attacker to intercept and modify insecure SMB connections, as well as compromise some secured SMB connections if credentials are known. Background Released at Defcon26 at "SMBetray - Backdooring and Breaking Signatures" In SMB...

7.6AI score

0day.today•added 2018/08/28 12:0 a.m.•28 views

UltimatePOS 2.5 Remote Code Execution Vulnerability

Exploit for php platform in category remote exploits Exploit Title: UltimatePOS 2.5 - Remote Code Execution Google Dork: intext:"UltimatePOS" Exploit Author: Renos Nikolaou Vendor Homepage: http://ultimatefosters.com/ Software Link:...

ThreatPost•added 2018/08/27 8:49 p.m.•14 views

Side-Channel Attack Allows Remote Listener to ‘Hear’ On-Screen Images

A stealthy side-channel tactic for digital surveillance has been uncovered, which allows an attacker to “hear” on-screen images. According to a team of academic researchers from Columbia University, the University of Michigan, University of Pennsylvania and Tel Aviv University, inaudible acoustic...

0.4AI score

Exploits0References2

exploitpack•added 2018/08/25 12:0 a.m.•25 views

UltimatePOS 2.5 - Remote Code Execution

UltimatePOS 2.5 - Remote Code Execution Exploit Title: UltimatePOS 2.5 - Remote Code Execution Google Dork: intext:"UltimatePOS" Date: 2018-08-22 Exploit Author: Renos Nikolaou Vendor Homepage: http://ultimatefosters.com/ Software Link:...

8.1AI score

n0where•added 2018/08/21 4:25 p.m.•24 views

Backdooring and Breaking Signatures: SMBetray

In SMB connections, the security mechanisms protecting the integrity of the data passed between the server and the client are SMB signing and encryption. The signatures in on SMB packets when SMB signing is used are based on keys derived from information sent over the net in cleartext during the...

0.3AI score

n0where•added 2018/08/19 2:12 a.m.•29 views

Microsoft Research Detours Package

Detours is a software package for monitoring and instrumenting API calls on Windows. Detours has been used by many ISVs and is also used by product teams at Microsoft. Detours is now available under a standard open source license MIT. This simplifies licensing for programmers using Detours and...

3.3AI score

Exploits0References2

exploitpack•added 2018/08/17 12:0 a.m.•9 views

Microsoft Edge Chakra JIT - ImplicitCallFlags Check Bypass with Intl

Microsoft Edge Chakra JIT - ImplicitCallFlags Check Bypass with Intl / If the Intl object hasn't been initialized, access to any property of it will trigger the initialization process which will run Intl.js. The problem is that it runs Intl.js without caring about the ImplicitCallFlags flag. In t...

0.6AI score

OSV•added 2018/08/15 10:29 p.m.•1 views

CVE-2017-13105

Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication. This opens the application up to a man-in-the-middle attack having all of its encrypted traffic intercepted and read by an attacker...

5.9CVSS5.7AI score

OSV•added 2018/08/15 7:5 p.m.•16 views

GHSA-X7Q3-67VC-WVCF grunt-images downloads Resources over HTTP

Affected versions of grunt-images insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

8.1CVSS8.1AI score0.00735EPSS

OSV•added 2018/08/15 7:3 p.m.•14 views

GHSA-P65H-233C-JXVM Downloads Resources over HTTP in resourcehacker

Affected versions of resourcehacker insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

9.3CVSS8.1AI score0.00735EPSS

OSV•added 2018/08/15 6:50 p.m.•14 views

GHSA-8WG9-92FR-6J7V marionette-socket-host downloads Resources over HTTP

Affected versions of marionette-socket-host insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...

8.1CVSS8.1AI score0.00735EPSS

Pen Test Partners Blog•added 2018/08/14 9:10 a.m.•29 views

Hacking the Bitfi Part 5: MITM transactions

So what’s latest with the Bitfi unhackable/hackable crpto currency wallet? Bitfi release software version 89 over the weekend. Devices updated, so we had a look to see what had changed. First, they’ve tried to stop the passphrase and seed from being cached in memory and therefore trivially...

6.7AI score

ThreatPost•added 2018/08/13 4:15 p.m.•11 views

DEF CON 2018: ‘Man in the Disk’ Attack Surface Affects All Android Phones

A function of the Android storage mechanism opens up an attack surface that affects all Android devices, and allows an attacker to corrupt data, steal sensitive information or even take control of a mobile phone. Simply put, the issue – dubbed “man in the disk” – allows a bad actor to hijack the...

8AI score