Lucene search
K

312 matches found

ThreatPost
ThreatPost
added 2017/08/03 3:57 p.m.15 views

WannaCry Hero Arrested, One of Two Charged with Distribution of Kronos Malware

Marcus Hutchins, the researcher hailed for his work in blunting the WannaCry ransomware outbreak in May, was arrested Wednesday in Las Vegas and charged with creating and distributing the Kronos banking malware. Hutchins, known online as Malwaretech, is a U.K. citizen and arrived in Las Vegas las...

7.2AI score
Exploits0References6
The Hacker News
The Hacker News
added 2017/08/03 6:39 a.m.14 views

FBI Arrests Researcher Who Found 'Kill-Switch' to Stop Wannacry Ransomware

The 22-year-old British security researcher who gained fame for discovering the "kill switch" that stopped the outbreak of the WannaCry ransomware—has been reportedly arrested in the United States after attending the Def Con hacking conference in Las Vegas. Marcus Hutchins, operates under the ali...

6.7AI score
Exploits0
0day.today
0day.today
added 2017/06/06 12:0 a.m.70 views

Kronos Telestaff < 2.92EU29 - SQL Injection Vulnerability

Exploit for asp platform in category web applications Software: Kronos Telestaff Web Application Version: compare timing with device=stdbrowser&action=doLogin&user='ifDBNAME'TELESTAFF'waitfor%20delay'00%3a00%3a12';--&pwd=&code= PoC 2 - Execute Code Remotely example inject benign code e.g...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2017/06/05 12:0 a.m.53 views

Kronos Telestaff SQL Injection

Software: Kronos Telestaff Web Application Version: compare timing with device=stdbrowser&action=doLogin&user='ifDBNAME'TELESTAFF'waitfor%20delay'00%3a00%3a12';--&pwd=&code= PoC 2 - Execute Code Remotely example inject benign code e.g. ping a remote systems ?ph...

0.8AI score
Exploits0
exploitpack
exploitpack
added 2017/06/05 12:0 a.m.35 views

Kronos Telestaff 2.92EU29 - SQL Injection

Kronos Telestaff 2.92EU29 - SQL Injection Software: Kronos Telestaff Web Application Version: compare timing with device=stdbrowser&action=doLogin&user='ifDBNAME'TELESTAFF'waitfor%20delay'00%3a00%3a12';--&pwd=&code= PoC 2 - Execute Code Remotely example inject benign code e.g. ping a remote syste...

0.8AI score
Exploits0
Exploit DB
Exploit DB
added 2017/06/05 12:0 a.m.55 views

Kronos Telestaff &lt; 2.92EU29 - SQL Injection

Software: Kronos Telestaff Web Application Version: compare timing with device=stdbrowser&action=doLogin&user='ifDBNAME'TELESTAFF'waitfor%20delay'00%3a00%3a12';--&pwd=&code= PoC 2 - Execute Code Remotely example inject benign code e.g. ping a remote systems ?php $cmdtoexecute = strToHex"pi...

7.4AI score
Exploits0
ThreatPost
ThreatPost
added 2014/07/15 11:30 a.m.11 views

New Kronos Banking Malware Advertised On Russian Forums

Criminals are advertising a new banking Trojan on Russian forums, one going for a hefty price and being marketed as a method of evading detection and analysis. To date, however, security researchers have yet to obtain a sample of Kronos, which is available on a few forums for pre-order at a cost ...

0.4AI score
Exploits0References2
Prion
Prion
added 2009/04/08 10:30 a.m.11 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Kronos webTA allow remote attackers to inject arbitrary web script or HTML via the description field to 1 servlet/com.threeis.webta.H710selProject and 2 servlet/com.threeis.webta.H720editProjectInfo. NOTE: BID:29610 states that the initial repo...

4.3CVSS6.1AI score0.01223EPSS
Exploits0References6
NVD
NVD
added 2009/04/08 10:30 a.m.14 views

CVE-2008-6666

Multiple cross-site scripting XSS vulnerabilities in Kronos webTA allow remote attackers to inject arbitrary web script or HTML via the description field to 1 servlet/com.threeis.webta.H710selProject and 2 servlet/com.threeis.webta.H720editProjectInfo. NOTE: BID:29610 states that the initial repo...

4.3CVSS5.8AI score0.01223EPSS
Exploits0References6
Cvelist
Cvelist
added 2009/04/08 10:0 a.m.19 views

CVE-2008-6666

Multiple cross-site scripting XSS vulnerabilities in Kronos webTA allow remote attackers to inject arbitrary web script or HTML via the description field to 1 servlet/com.threeis.webta.H710selProject and 2 servlet/com.threeis.webta.H720editProjectInfo. NOTE: BID:29610 states that the initial repo...

5.8AI score0.01223EPSS
Exploits0References6
CVE
CVE
added 2009/04/08 10:0 a.m.39 views

CVE-2008-6666

CVE-2008-6666 affects Kronos webTA. The vulnerability is a cross-site scripting (XSS) flaw in the description field of two servlets (servlet/com.threeis.webta.H710selProject and servlet/com.threeis.webta.H720editProjectInfo). Exploitation details are not provided in the documents; no specific exp...

4.3CVSS5.9AI score0.01223EPSS
Exploits0References6Affected Software1
securityvulns
securityvulns
added 2008/06/09 12:0 a.m.62 views

webTA by kronos - XSS

http://www.kronos.com/Products/webTA.htm webTA is used by thousands of fed. employees. I did a limited security review of a couple deployments. Because of certain contractual limitations I have been able to verify XSS in its Project Management module only, but I suspect it also exists in...

6.3AI score
Exploits0
Rows per page
Query Builder