3098 matches found
CVE-2018-0875
.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulnerability"...
Denial of service
.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulnerability"...
CVE-2018-0875
.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulnerability"...
CVE-2018-0875
.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulnerability"...
CVE-2018-0875
CVE-2018-0875 corresponds to a denial-of-service vulnerability in .NET Core runtimes and PowerShell Core caused by how the runtime handles certain crafted requests. Connected advisories confirm a hash-collision-based DoS vector (Red Hat RHSA-2018:0522; GHSA-XCVR-QV8H-M7XW) affecting .NET Core 1.0...
ManageEngine Applications Manage 13.5 Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Applications Manager Remote Code Execution", 'Description' = %q This module exploits command injection vulnerability in the...
Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign
Introduction From January 2018 to March 2018, through FireEye’s Dynamic Threat Intelligence, we observed attackers leveraging the latest code execution and persistence techniques to distribute malicious macro-based documents to individuals in Asia and the Middle East. We attribute this activity t...
Microsoft .NET CVE-2018-0875 Denial Of Service Vulnerability
Description Microsoft .NET is prone to a denial-of-service vulnerability. Successful exploits will attackers to cause performance to degrade resulting in a denial of service condition. Technologies Affected Microsoft ASP.NET Core 1.0 Microsoft ASP.NET Core 1.1 Microsoft ASP.NET Core 2.0 Microsoft...
ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution Exploit
Exploit for windows platform in category web applications Exploit Title: Arbitrary Code Execution Google Dork: N/A Date: 03-07-2018 Exploit Author: Clutchisback1 Vendor Homepage: https://www.acl.com Software Link: https://www.acl.com/products/acl-analytics/ Version: 11.x - 13.0.0.579 Tested on:...
ACL Analytics 13.0.0.579 Arbitrary Code Execution
Exploit Title: Arbitrary Code Execution Google Dork: N/A Date: 03-07-2018 Exploit Author: Clutchisback1 Vendor Homepage: https://www.acl.com Software Link: https://www.acl.com/products/acl-analytics/ Version: 11.x - 13.0.0.579 Tested on: Windows 7 pro SP1 x86 Clutchisback1 ///\ I'll get OSCP one...
ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution
ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution Exploit Title: Arbitrary Code Execution Google Dork: N/A Date: 03-07-2018 Exploit Author: Clutchisback1 Vendor Homepage: https://www.acl.com Software Link: https://www.acl.com/products/acl-analytics/ Version: 11.x - 13.0.0.579 Tested on:...
ManageEngine Applications Manager 13.5 - Remote Code Execution Exploit
Exploit for java platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Applications Manager Remote Code Execution", 'Description' = %q This module...
ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution
Exploit Title: Arbitrary Code Execution Google Dork: N/A Date: 03-07-2018 Exploit Author: Clutchisback1 Vendor Homepage: https://www.acl.com Software Link: https://www.acl.com/products/acl-analytics/ Version: 11.x - 13.0.0.579 Tested on: Windows 7 pro SP1 x86 Clutchisback1 ///\ I'll get OSCP one...
ManageEngine Applications Manager 13.5 - Remote Code Execution (Metasploit)
ManageEngine Applications Manager 13.5 - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Applications Manager Remote Code Execution", 'Description' ...
ManageEngine Applications Manager 13.5 - Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Applications Manager Remote Code Execution", 'Description' = %q This module exploits command injection vulnerability in the...
CredsLeaker - Tool to Display A Powershell Credentials Box
This script will display a powershell credentials box that will ask the user for his credentials. The box cannot be closed only by killing the process will keeps checking the credentials against the DC. When validated, it will close and leak it to a web server outside. How To: 1. Start a web...
Masha and these Bears
Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a prolific, well resourced, and persistent adversary. They are sometimes portrayed as wild and reckless, but as seen under our visibility, the group can be pragmatic, measured, and agile. Our previous post on their 2017 activity stepped...
Sofacy APT Adopts New Tactics and Far East Targets
CANCUN, Mexico – A new analysis of the Russian-speaking Sofacy APT gang shows a continual march toward Far East targets and overlapping of activities with other groups such as Lamberts, Turla and Danti. Researchers at Kaspersky Lab this morning at its Security Analyst Summit, released their updat...
Command injection
A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 build 13640. The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal...
CVE-2018-7890
A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 build 13640. The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal...