Mallox Ransomware A Resurgent Threat Exploiting MS-SQL Flaws

Summary: Mallox is a resilient Ransomware-as-a-Service RaaS threat, utilizing tactics like exploiting MS-SQL vulnerabilities and employing brute force attacks. Operating with a prolonged presence, Malloxs recent variant, "Mallox.Resurrection," exhibits consistent functionalities, emphasizing the...

CVE-2023-2809

Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution of MS SQL command...

Sql injection

Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution of MS SQL command...

CVE-2023-2809

Affected software: Sage 200 Spain (Sage 200 Spain), version 2023.38.001. Vulnerability: plaintext credential usage within the DLL application, enabling a remote attacker to extract SQL database credentials. Root cause/impact: credentials stored in plaintext could lead to exposure of SQL credentia...

CVE-2023-2809 Use of Cleartext credentials in Sage 200 Spain

Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution of MS SQL command...

Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks

Mallox ransomware activities in 2023 have witnessed a 174% increase when compared to the previous year, new findings from Palo Alto Networks Unit 42 reveal. "Mallox ransomware, like many other ransomware threat actors, follows the double extortion trend: stealing data before encrypting an...

Trigona Ransomware Targets Improperly Managed MS-SQL Servers

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Trigona ransomware is installed on vulnerable MS-SQL servers that are not properly managed, allowing attackers to execute malicious commands and encrypt files without distinguishing file extensions. To...

SQLRecon - A C# MS SQL Toolkit Designed For Offensive Reconnaissance And Post-Exploitation

A C MS-SQL toolkit designed for offensive reconnaissance and post-exploitation. For detailed usage information on each technique, refer to the wiki. Usage You can grab a copy of SQLRecon from the releases page. Alternatively, feel free to compile the solution yourself This should be as straight...

Veeam Agent for Microsoft Windows 5.0 Can’t Be Started or Installed After Upgrade to Windows 11

Challenge After upgrading to Windows 11, the Veeam Agent for Microsoft Windows service may fail to start. The following errors can be found in C:\ProgramData\Veeam\Endpoint\Svc.VeeamEndpointBackup.log: Error Failed to start service. Error Error occurred during LocalDB instance startup: SQL Server...

MyBB 1.8.25 - Poll Vote Count SQL Injection

Exploit Title: MyBB 1.8.25 - Poll Vote Count SQL Injection Exploit Author: SivertPL [email protected] Date: 20.03.2021 Description: Lack of sanitization in the "votes" parameter in "Edit Poll" causes a second-order semi-blind SQL Injection that is triggered when performing a "Move/Copy"...

MyBB 1.8.25 - Poll Vote Count SQL Injection Vulnerability

Exploit Title: MyBB 1.8.25 - Poll Vote Count SQL Injection Exploit Author: SivertPL email protected Description: Lack of sanitization in the "votes" parameter in "Edit Poll" causes a second-order semi-blind SQL Injection that is triggered when performing a "Move/Copy" operation on the thread...

Plesk/myLittleAdmin - ViewState .NET Deserialization Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule VIEWSTATEGENERATOR = 'CA0B0334'.freeze VIEWSTATEVALIDATIONKEY = "\x5c\x7e\xef\x66\x50\x63\x9d\x2c\xb8\xfa\xa0\xda\x36\xaf\x24\x45\x2d\xcf" ...

Plesk / myLittleAdmin ViewState .NET Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule VIEWSTATEGENERATOR = 'CA0B0334'.freeze VIEWSTATEVALIDATIONKEY = "\x5c\x7e\xef\x66\x50\x63\x9d\x2c\xb8\xfa\xa0\xda\x36\xaf\x24\x45\x2d\xcf" ...

Plesk/myLittleAdmin ViewState .NET Deserialization

This module exploits a ViewState .NET deserialization vulnerability in web-based MS SQL Server management tool myLittleAdmin, for version 3.8 and likely older versions, due to hardcoded parameters in the web.config file for ASP.NET. Popular web hosting control panel Plesk offers myLittleAdmin as ...

The Vollgar Campaign: MS-SQL Servers Under Attack

Guardicore Labs uncovers an attack campaign that’s been under the radar for almost two years, breaching MS-SQL servers and infecting them with remote-access tools and cryptominers...

USN-4173-1: FreeTDS vulnerability

Felix Wilhelm discovered that FreeTDS incorrectly handled certain types after a protocol downgrade. A remote attacker could use this issue to cause FreeTDS to crash, resulting in a denial of service, or possibly execute arbitrary code...

Hackers Infect 50,000 MS-SQL and PHPMyAdmin Servers with Rootkit Malware

Cyber Security researchers at Guardicore Labs today published a detailed report on a widespread cryptojacking campaign attacking Windows MS-SQL and PHPMyAdmin servers worldwide. Dubbed Nansh0u, the malicious campaign is reportedly being carried out by an APT-style Chinese hacking group who has...

50k Servers Infected with Cryptomining Malware in Nansh0u Campaign

Up to 50,000 servers were infected over the past four months as part of a high-profile cryptojacking campaign, believed to orchestrated by Chinese-language adversaries. Researchers with Guardicore Labs, who disclosed the campaign Wednesday, said that the Nansh0u​ campaign named due to a text file...

Portier Vision 4.4.4.2 / 4.4.4.6 - SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2018-012 Product: PORTIER Affected Versions: 4.4.4.2, 4.4.4.6 Tested Versions: 4.4.4.2, 4.4.4.6 Vulnerability Type: SQL Injection CWE-89 Risk Level: HIGH Solution Status: Open Manufacturer Notification: 2018-06-13 Solution Date: -...

Portier Vision 4.4.4.2 4.4.4.6 - SQL Injection

Portier Vision 4.4.4.2 4.4.4.6 - SQL Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2018-012 Product: PORTIER Affected Versions: 4.4.4.2, 4.4.4.6 Tested Versions: 4.4.4.2, 4.4.4.6 Vulnerability Type: SQL Injection CWE-89 Risk Level: HIGH Solution Status: Open...