CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3117 matches found

NVD•added 2021/04/07 3:15 p.m.•10 views

CVE-2021-28927

The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platformwin32.c via the accessibilityspeakwindows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection...

7.8CVSS0.01502EPSS

Exploits1References4

OSV•added 2021/04/07 3:15 p.m.•14 views

CVE-2021-28927

7.8CVSS7.8AI score

Exploits0References4

Prion•added 2021/04/07 3:15 p.m.•193 views

Command injection

4.6CVSS8AI score0.01502EPSS

Exploits1References4Affected Software1

Cvelist•added 2021/04/07 2:9 p.m.•13 views

CVE-2021-28927

8.2AI score0.01502EPSS

Exploits1References4

Debian CVE•added 2021/04/07 2:9 p.m.•19 views

CVE-2021-28927

7.8CVSS8AI score0.01502EPSS

Exploits1

Citrix•added 2021/04/07 12:0 a.m.•6 views

Error: Unable to Create Authentication Service for Receiver StoreFront

This article is intended for Citrix administrators and technical teams only.Non-admin users must contact their company’s Help Desk/IT support team and can refer toCTX297149for more information During the initial setup of Receiver StoreFront server on either deployment option, Single or...

7AI score

Exploits0

Malwarebytes•added 2021/04/06 9:37 p.m.•18 views

A deep dive into Saint Bot, a new downloader

This post was authored by Hasherezade with contributions from Hossein Jazi and Erika Noerenberg In late March 2021, Malwarebytes analysts discovered a phishing email with an attached zip file containing unfamiliar malware. Contained within the zip file was a PowerShell script masquerading as a li...

8.4AI score

Exploits0

Kitploit•added 2021/03/31 11:30 a.m.•33 views

InveighZero - Windows C# LLMNR/mDNS/NBNS/DNS/DHCPv6 Spoofer/Man-In-The-Middle Tool

InveighZero is a C LLMNR/NBNS/mDNS/DNS/DHCPv6 spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system. This version shares many features with the PowerShell version of Inveigh. Privileged Mode Features elevated admin...

7.6AI score

Exploits0References4

Krebs on Security•added 2021/03/28 5:40 p.m.•189 views

No, I Did Not Hack Your MS Exchange Server

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. Lets just get this out of the way right now: It wasnt me. The Shadowserver Foundation, a nonprofit...

7AI score

Exploits0

Packet Storm•added 2021/03/24 12:0 a.m.•648 views

Codiad 2.8.4 Remote Code Execution

Exploit Title: Codiad 2.8.4 - Remote Code Execution Authenticated Discovery by: WangYihang Vendor Homepage: http://codiad.com/ Software Links : https://github.com/Codiad/Codiad/releases Tested Version: Version: 2.8.4 CVE: CVE-2018-14009 !/usr/bin/env python encoding: utf-8 import requests import...

10CVSS0.2AI score0.38444EPSS

Exploits4

0day.today•added 2021/03/23 12:0 a.m.•68 views

Advantech iView Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated configuration change combined with an unauthenticated file write primitive, leading to an arbitrary file write that allows for remote code execution as the user running iView, which is typically NT AUTHORITY\SYSTEM. This issue was demonstrated in...

9.8CVSS0.6AI score0.36845EPSS

Exploits4

Kitploit•added 2021/03/20 8:30 p.m.•332 views

Invoke-SocksProxy - Socks Proxy, And Reverse Socks Server Using Powershell

Creates a local or "reverse" Socks proxy using powershell. The local proxy is a simple Socks 4/5 proxy. The reverse proxy creates a tcp tunnel by initiating outbond SSL connections that can go through the system's proxy. The tunnel can then be used as a socks proxy on the remote host to pivot int...

7.2AI score

Exploits0References2

ThreatPost•added 2021/03/16 9:15 p.m.•64 views

PYSA Ransomware Pillages Education Sector, Feds Warn

The FBI has issued a warning about an uptick in cyberattacks on the education sector that are delivering the PYSA ransomware. In a “Flash” alert to the cybersecurity community issued on Tuesday, the Feds said that PYSA has been seen in attacks on schools in 12 U.S. states and in the United Kingdo...

0.8AI score

Exploits0References7

The Hacker News•added 2021/03/16 6:6 a.m.•698 views

Use This One-Click Mitigation Tool from Microsoft to Prevent Exchange Attacks

Microsoft on Monday released a one-click mitigation software that applies all the necessary countermeasures to secure vulnerable environments against the ongoing widespread ProxyLogon Exchange Server cyberattacks. Called Exchange On-premises Mitigation Tool EOMT, the PowerShell-based script serve...

9.8CVSS0.2AI score0.99999EPSS

Exploits63

Kitploit•added 2021/03/14 8:30 p.m.•415 views

PowerSharpPack - Many usefull offensive CSharp Projects wraped into Powershell for easy usage

Many usefull offensive CSharp Projects wraped into Powershell for easy usage. Why? In my personal opinion offensive Powershell is not dead because of AMSI, Script-block-logging, Constrained Language Mode or other protection features. Any of these mechanisms can be bypassed. Since most new...

7.6AI score

Exploits0References55

The Hacker News•added 2021/03/10 9:24 a.m.•68 views

FIN8 Hackers Return With More Powerful Version of BADHATCH PoS Malware

Threat actors known for keeping a low profile do so by ceasing operations for prolonged periods in between to evade attracting any attention as well as constantly refining their toolsets to fly below the radar of many detection technologies. One such group is FIN8, a financially motivated threat...

8AI score

Exploits0

The Hacker News•added 2021/03/10 9:24 a.m.•4 views

FIN8 Hackers Return With More Powerful Version of BADHATCH PoS Malware

6AI score

Exploits0