Scammers mass-mailing the Efimer Trojan to steal crypto

Introduction In June, we encountered a mass mailing campaign impersonating lawyers from a major company. These emails falsely claimed the recipient's domain name infringed on the sender's rights. The messages contained the Efimer malicious script, designed to steal cryptocurrency. This script als...

No Rate Limit On Reset Password Page

Description I have identified that when Reset Password for account , the request has no rate limit which then can be used to loop through one request. This can annoy to the root users sending mass password to one email. A rate limiting algorithm is used to check if the user session or IP-address...

Cross-Site Request Forgery (CSRF) in justingit/dada-mail

✍️ Description Attacker able to Send any Mass mailing with CSRF attack. In CSRF attacks it is necessary that a user logged into your application and just going to a malicious website and after that only with a redirection attacker can perform attack on unprotected endpoint, this means only with...

UPchieve: No rate Limit on Password Reset page on upchieve

Summary: Introduction A little bit about Rate Limit: A rate limiting algorithm is used to check if the user session or IP-address has to be limited based on the information in the session cache. In case a client made too many requests within a given timeframe, HTTP-Servers can respond with status...

UPchieve: No Rate Limit On Reset Password

welcome all : i found that no rate limit in reset password in ::: ==https://app.upchieve.org/resetpassword== Summary: No rate limit check on forgot password which can lead to mass mailing and spamming of users and possible employees A little bit about Rate Limit: A rate limiting algorithm is used...

The copper plate while the net mass mailing statistics system v1. 2 vulnerability-vulnerability warning-the black bar safety net

'Fenlei. asp IF Request. QueryString"Action"="del" Then ID=Request. QueryString"ID" IF Countss "tui","Fenlei",ID 0 then 'Slightly IF Request. QueryString"Action"="Add" Then Tname=Request. Form"Typename" Set Rs=Server. CreateObject"adodb. Recordset" Sql="Select From Fenlei Order by id Desc" Rs. Op...

The copper plate while the net mass mailing statistics system v1. 2 vulnerability and the Fix-vulnerability warning-the black bar safety net

Team:makebugs Author: fate 'Fenlei. asp IF Request. QueryString"Action"="del" Then ID=Request. QueryString"ID" IF Countss "tui","Fenlei",ID 0 then 'Slightly IF Request. QueryString"Action"="Add" Then Tname=Request. Form"Typename" Set Rs=Server. CreateObject"adodb. Recordset" Sql="Select From Fenl...

New Email Worm Turns Back the Clock on Virus Attacks

There appears to be an actual email worm in circulation right now, using the tried-and-true infection method of sending malicious emails to all of the names in a user’s email address book. As of Friday afternoon, the malicious files had been deleted from the remote server in the UK that was servi...

VU Online Mailing SQL Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : Inj3ct0r.com 0 1 + Support e-mail :...

VU Mass Mailer - Authentication Bypass

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : Inj3ct0r.com 0 1 + Support e-mail :...

Chipmunk NewsLetter - Cross-Site Request Forgery

------------------------------------------------------------------------------------------------- Title: Chipmunk Newsletter CSRF Vulnerabilities Author: Milos Zivanovic Date: 11. December 2009. -------------------------------------------------------------------------------------------------...

Go to the Black anti-phishing-exploit warning-the black bar safety net

With phishing attacksartin the country to be disclosed later, the networkas if into the vastness of the ocean, a wide variety of phishing attacks everywhere. A newtechnologyis public, I how could not go to attention? So they go online and in magazines to find some information abouttechnologyof...

Microsoft Windows NT 4.0/2000 - Process Handle Local Privilege Escalation

source: https://www.securityfocus.com/bid/4287/info A vulnerability in Microsoft Windows 2000 and NT 4 could allow a user to gain SYSTEM-level privileges on the local host. The debugging subsystem, which is available to all users, may be used to create duplicate handles to a privileged process...