CVE-2024-29209

The CVE-2024-29209/29210 family concerns Phish Alert Button (PAB) for Outlook and related KnowBe4 clients. Technical details across connected records show: attack via update mechanism (CVE-2024-29209) where the client fails to validate the update server’s TLS/SSL and ignores digital signatures, e...

CVE-2024-29210

CVE-2024-29210 describes a local privilege escalation in Phish Alert Button for Outlook (PAB) caused by insecure permissions on the configuration file (update server URL). An unprivileged local user can modify the configuration to point updates to a malicious server, enabling LPE in conjunction w...

Turla APT Plants Novel Backdoor In Wake of Afghan Unrest

The Turla advanced persistent threat APT group is back with a new backdoor used to infect systems in Afghanistan, Germany and the U.S., researchers have reported. On Tuesday, Cisco Talos researchers said that they’ve spotted infections they attributed to the Turla group aka Snake, Venomous Bear,...

FreeCommander XE 2020 Pathname Buffer Overflow Exploit

!/usr/bin/python Exploit Title: FreeCommander XE 2020 - Pathname Buffer Overflow SEH Version: Build 810a 32-bit Software Link: https://freecommander.com/downloads/FreeCommanderXE-32-publicsetup.zip Exploit Author: Hodorsec email protected / email protected Vendor Homepage:...

michigan.secondchancebonuszone.com XSS vulnerability

Vulnerable URL: https://michigan.secondchancebonuszone.com/goldenticket/feedback.php/%22onmouseover%3d'prompt/OPENBUGBOUNTY/'bad%3d%22 Details: Description| Value ---|--- Patched:| Yes, at 17.10.2017 Latest check for patch:| 17.10.2017 14:03 GMT Vulnerability type:| XSS Vulnerability status:|...