3109 matches found
PyRDP - RDP Monster-In-The-Middle (Mitm) And Library For Python With The Ability To Watch Connections Live Or After The Fact
PyRDP is a Python Remote Desktop Protocol RDP Monster-in-the-Middle MITM tool and library. It features a few tools: RDP Monster-in-the-Middle Logs credentials used when connecting Steals data copied to the clipboard Saves a copy of the files transferred over the network Crawls shared drives in th...
Fortinet FortiSIEM Windows Agent Command Execution Vulnerability
Fortinet FortiSIEM Windows Agent is an agent program for collecting logs and other behaviors from Windows servers from Fortinet, Inc. A security vulnerability exists in Fortinet FortiSIEM Windows Agent versions 4.1.4 and below, which can be exploited by an attacker to execute privileged code or...
Mekotio Banking Trojan Resurges with Tweaked Code, Stealthy Campaign
The Mekotio Latin American banking trojan is bouncing back after several of the gang that operates it were arrested in Spain. More than 100 attacks in recent weeks have featured a new infection routine, indicating that the group continues to actively retool. “The new campaign started right after...
Unspecified Vulnerability in Fortinet FortiSIEM Windows Agent
Fortinet FortiSIEM Windows Agent is an agent program for collecting logs and other behaviors from Windows servers from Fortinet, Inc. A security vulnerability exists in Fortinet FortiSIEM Windows Agent versions 4.1.4 and below, which can be exploited by an attacker to execute privileged code or...
ADLab - Custom PowerShell Module To Setup An Active Directory Lab Environment To Practice Penetration Testing
The purpose of this module is to automate the deployment of an Active Directory lab for practicing internal penetration testing. Credits to Joe Helle and his PowerShell for Pentesters course regarding the generation of the attack vectors. Instructions Preparation Optional but recommended: Move...
CVE-2021-41022
A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts...
CVE-2021-41022
A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts...
CVE-2021-41022
A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts...
CVE-2021-41022
A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts...
CVE-2021-41022
CVE-2021-41022 affects Fortinet FortiSIEM Windows Agent versions 4.1.4 and earlier, due to improper privilege management that enables an attacker to execute privileged code or commands via PowerShell scripts. Combined sources (NVD, Red Hat, CNVD, CNVD CNVD, FortiGuard advisory) describe the issue...
Fortinet FortiSIEM Windows Agent安全漏洞
Fortinet FortiSIEM Windows Agent is an agent program for collecting logs and other behaviors from Windows servers from Fortinet, Inc. A security vulnerability exists in Fortinet FortiSIEM Windows Agent versions 4.1.4 and below, which can be exploited by an attacker to execute privileged code or...
Browse the session filesystem in a Web Browser
This module allows you to browse the session filesystem via a local browser window. Module Options msf use post/multi/manage/fileshare msf postfileshare show actions ...actions... msf postfileshare set ACTION msf postfileshare show options ...show and set options... msf postfileshare run This...
Atlassian Confluence WebWork OGNL Injection
This module exploits an OGNL injection in Atlassian Confluence's WebWork component to execute commands as the Tomcat user. Module Options msf use exploit/multi/http/atlassianconfluencewebworkognlinjection msf exploitatlassianconfluencewebworkognlinjection show targets ...targets... msf...
A Guide to Shift Away from Legacy Authentication Protocols in Microsoft 365
Microsoft 365 M365, formerly called Office 365 O365, is Microsoft's cloud strategy flagship product with major changes ahead, such as the deprecation of their legacy authentication protocols. Often stored on or saved to the device, Basic Authentication protocols rely on sending usernames and...
What is fileless malware?
Unlike traditional malware, which relies on a file being written to a disk, fileless malware is intended to be memory resident only, ideally leaving no trace after its execution. The malicious payload exists in the computer’s memory, which means nothing is ever written directly to the hard drive...
GridPro Request Management For Windows Azure Pack 2.0.7905 Directory Traversal Vulnerability
GridPro Request Management for Windows Azure Pack versions 2.0.7905 and below suffer from a traversal vulnerability that can allow for arbitrary execution of Powershell scripts. PRODUCT : GridPro Request Management for Windows Azure Pack VENDOR : GridPro Software SEVERITY : Critical AFFECTED...
GridPro Request Management For Windows Azure Pack 2.0.7905 Directory Traversal
Certitude Securtiy Advisory - CSA-2021-003 PRODUCT : GridPro Request Management for Windows Azure Pack VENDOR : GridPro Software SEVERITY : Critical AFFECTED VERSION : =2.0.7905 IDENTIFIERS : CVE-2021-40371 PATCH VERSION : 2.0.7912 FOUND BY : Giulian Guran, Certitude Lab Introduction ------------...
'Lone Wolf' Hacker Group Targeting Afghanistan and India with Commodity RATs
A new malware campaign targeting Afghanistan and India is exploiting a now-patched, 20-year-old flaw affecting Microsoft Office to deploy an array of commodity remote access trojans RATs that allow the adversary to gain complete control over the compromised endpoints. Cisco Talos attributed the...
Clinic Management System 1.0 Code Execution / SQL Injection
Exploit Title: Clinic Management System 1.0 - SQL injection to Remote Code Execution Date:21/10/2021 Exploit Author: Pablo Santiago Vendor Homepage: https://www.sourcecodester.com/php/14243/open-source-clinic-management-system-php-full-source-code.html Software Link:...
CVE-2021-42098
An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell...