Lucene search
K

65 matches found

Pen Test Partners Blog
Pen Test Partners Blog
added 2021/05/21 6:33 a.m.60 views

Getting a persistent shell on a 747 IFE

TL:DR The Coronavirus pandemic has hit the airline industry hard. One sad consequence was early retirement of most of the 747 passenger fleet. This does however create opportunities for aviation security research, as airframes are parked up before parting out in breakers yards. This 747 was flyin...

8.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/05/05 1:37 p.m.43 views

New Study Warns of Security Threats Linked to Recycled Phone Numbers

A new academic study has highlighted a number of privacy and security pitfalls associated with recycling mobile phone numbers that could be abused to stage a variety of exploits, including account takeovers, conduct phishing and spam attacks, and even prevent victims from signing up for online...

0.5AI score
Exploits0
OSV
OSV
added 2020/08/06 10:16 p.m.11 views

OPENSUSE-SU-2020:1155-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.1.0 ESR Fixed: Various stability, functionality, and security fixes bsc1174538 CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker CVE-2020-6514: WebRTC data channel...

9.3CVSS8.3AI score0.0779EPSS
Exploits6References12
BDU FSTEC
BDU FSTEC
added 2020/07/29 12:0 a.m.11 views

The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, Adobe Acrobat 2015, Adobe Acrobat Reader 2015 are related to security exploits that allow attackers to escalate their privileges within the context of the current user.

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015 are related to bypassing security features. Exploiting these vulnerabilities can allow attackers...

9.3CVSS6.8AI score0.02795EPSS
Exploits0References4
Malwarebytes
Malwarebytes
added 2020/04/14 3:0 p.m.39 views

Keep Zoombombing cybercriminals from dropping a load on your meetings

While shelter in place has left many companies struggling to stay in business during the COVID-19 epidemic, one company in particular has seen its fortunes rise dramatically. Zoom, the US-based maker of teleconferencing software, has become the web conference tool of choice for employees working...

7.2AI score
Exploits0
ThreatPost
ThreatPost
added 2020/03/09 3:41 p.m.13 views

AMD Downplays CPU Threat Opening Chips to Data Leak Attacks

AMD is seeking to downplay side-channel attacks that can leak potentially sensitive data from its processors released between 2011 and 2019. The “Take A Way” attack, so-called by researchers with the Graz University of Technology in a new analysis this weekend, is a side-channel attack...

0.6AI score
Exploits0References14
ThreatPost
ThreatPost
added 2019/04/23 5:30 p.m.69 views

Exploits for Social Warfare WordPress Plugin Reach Critical Mass

UPDATE Active exploits for a recently disclosed bug in a popular WordPress plugin, Social Warfare, are snowballing in the wild – potentially putting more than 40,000 websites at risk. The vulnerability, CVE-2019-9978, tracks both a stored cross-site scripting XSS vulnerability and a remote...

4.3CVSS0.6AI score0.73543EPSS
Exploits20References11
The Hacker News
The Hacker News
added 2019/01/10 11:0 a.m.175 views

Hackers Using Zero-Width Spaces to Bypass MS Office 365 Protection

Security researchers have been warning about a simple technique that cybercriminals and email scammers are already being using in the wild to bypass security features of Microsoft Office 365, including Safe Links, which are originally designed to protect users from malware and phishing attacks...

Exploits0
GithubExploit
GithubExploit
added 2018/10/02 1:59 p.m.6 views

routeros

RouterOS Security Research This repository contains various t...

9.3AI score
Exploits0
ThreatPost
ThreatPost
added 2018/02/28 9:59 a.m.16 views

Intel Releases Updated Spectre Fixes For Broadwell and Haswell Chips

Intel has issued updated microcode to help safeguard its Broadwell and Haswell chips from the Spectre Variant 2 security exploits. According to Intel documents, an array of its older processors, including the Broadwell Xeon E3, Broadwell U/Y, Haswell H,S and Haswell Xeon E3 platforms, have now be...

2.4AI score
Exploits0References4
ThreatPost
ThreatPost
added 2018/02/21 4:21 p.m.18 views

Intel Issues Updated Spectre Firmware Fixes For Newer Processors

Intel has issued updated microcode to help protect its newer processors from Spectre security exploits. The Santa Clara, Calif.-based company’s new microcode updates – which impact its newer chip platforms, such as Kaby Lake, Coffee Lake, and Skylake – have been released to OEM customers and...

1.1AI score
Exploits0References4
Circl
Circl
added 2017/08/17 12:0 a.m.17 views

CVE-2017-8640

creationtimestamp| type| source ---|---|--- 2017-08-17 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42476...

7.6CVSS6.8AI score0.69277EPSS
Exploits3References1
exploitpack
exploitpack
added 2016/12/04 12:0 a.m.602 views

BlackStratus LOGStorm 4.5.1.354.5.1.96 - Remote Code Execution

BlackStratus LOGStorm 4.5.1.354.5.1.96 - Remote Code Execution !/usr/bin/python logstorm-root.py BlackStratus LOGStorm Remote Root Exploit Jeremy Brown jbrown3264/gmail Dec 2016 -Synopsis- "Better Security and Compliance for Any Size Business" BlackStratus LOGStorm has multiple vulnerabilities th...

5.5CVSS0.1AI score0.37016EPSS
Exploits13
WPVulnDB
WPVulnDB
added 2015/10/10 12:0 a.m.12 views

Ajax Load More <= 2.8.1.1 - Authenticated File Upload & Deletion

Authenticated file upload in file ajax-load-more/admin/admin.php file, in the function almsaverepeater. The variable $f is set to a predictable PHP file path, and then the content of the variable $c is written into that file. The following code proves that this second variable is also set from...

0.5AI score
Exploits0References2Affected Software1
exploitpack
exploitpack
added 2014/12/19 12:0 a.m.64 views

Ettercap 0.8.0 0.8.1 - Multiple Denial of Service Vulnerabilities

Ettercap 0.8.0 0.8.1 - Multiple Denial of Service Vulnerabilities Exploit Title: 6 Remote ettercap Dos exploits to 1 Date: 19/12/2014 Exploit Author: Nick Sampanis Vendor Homepage: http://ettercap.github.io Software Link: https://github.com/Ettercap/ettercap/archive/v0.8.1.tar.gz Version: 8.0-8.1...

7.5CVSS6.5AI score0.13056EPSS
Exploits4
Packet Storm
Packet Storm
added 2014/09/15 12:0 a.m.29 views

DVWA Cross Site Request Forgery

//document.getElementById"loader".innerHTML = 'Loading...'; var one = "createdb":'whatever'; var two = "username":"admin","password":"password","Login":"Login"; var three = "security":"low","seclevsubmit":"Submit"; //windows opens calculator; change this to whatever your desire var four =...

0.9AI score
Exploits0
The Hacker News
The Hacker News
added 2014/07/23 8:35 p.m.13 views

Researchers Demonstrate Zero-Day Vulnerabilities in Tails Operating System

The critical zero-day security flaws, discovered in the privacy and security dedicated Linux-based Tails operating system by the researcher at Exodus Intelligence that could help attackers or law enforcements to de-anonymize anyone’s identity, actually lie in the I2P software that’s bundled with...

7.2AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.28 views

GNU Anubis 3.6.x/3.9.x auth.c auth_ident() Function Overflow

No description provided by source. source: http://www.securityfocus.com/bid/9772/info GNU Anubis has been reported prone to multiple buffer overflow and format string vulnerabilities. It has been conjectured that a remote attacker may potentially exploit these vulnerabilities to have arbitrary co...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2013/02/25 12:0 a.m.54 views

Java Applet JMX Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false def initialize inf...

5CVSS0.2AI score0.89987EPSS
Exploits8
Exploit DB
Exploit DB
added 2013/01/02 12:0 a.m.26 views

osTicket - &#039;l.php?url&#039; Arbitrary Site Redirect

source: https://www.securityfocus.com/bid/57111/info osTicket is prone to multiple input-validation vulnerabilities including: 1. Multiple cross-site scripting vulnerabilities 2. An open-redirection vulnerability 3. Multiple SQL-injection vulnerabilities An attacker may leverage these issues to...

7.4AI score
Exploits0
Rows per page
Query Builder