155 matches found
GHSA-QMXF-FXQ7-W59F Malicious Package in angular-material-sidenav-rnd
Version 0.1.1 of angular-material-sidenav-rnd contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.1.1 of this module is found...
Malicious Package
json-serializer is a malicious package. The malicious code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...
Malicious Package
Overview Version 1.1.3 of pensi-scheduler contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's...
Malicious Package
Overview Version 1.0.2 of uploader-plugin contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's...
Malicious Package
Overview Version 1.1.5 of ngx-pica contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and...
Malicious Package
Overview Version 1.0.2 of radic-util contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and...
Malicious Package
Overview Version 0.1.1 of grunt-radic contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and...
WordPress Ultimate Member 2.0.38 Cross Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Ultimate Member Plugin 2.0.38 CSRF Discovered By: Georg Knabl Vendor Website: https://ultimatemember.com/ Software Link: https://wordpress.org/plugins/ultimate-member/ Software Download URL :...
See how I dig in and successfully exploited India's Popular Sports company web site Host header SQL injection vulnerability-vulnerability warning-the black bar safety net
Today I want to share one I'm doing bugbounty project, discovered a very interesting vulnerability, and this vulnerability appeared in India, a popular sports company website. This article is about“how do I use the host header to find out theSQL injectionvulnerabilities, and the use of sqlmap...
Malicious Package
Overview Version 1.0.2 of oauth-validator contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.2 of this module is found...
Malicious Package
Overview Version 0.0.4 of dossier contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.4 of this module is found installed you...
Malicious Package
Overview Version 0.3.1 of codify contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.3.1 of this module is found installed you...
Mimikittenz - Post-Exploitation Powershell Tool for Extracting Juicy info from Memory
mimikittenz is a post-exploitation powershell tool that utilizes the Windows function ReadProcessMemory in order to extract plain-text passwords from various target processes. mimikittenz can also easily extract other kinds of juicy info from target processes using regex patterns including but no...
Post Exploitation Powershell Tool: mimikittenz
Post Exploitation Powershell Tool mimikittenz is a post-exploitation powershell tool that utilizes the Windows function ReadProcessMemory in order to extract plain-text passwords from various target processes. mimikittenz can also easily extract other kinds of juicy info from target processes usi...
Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 LSA Secrets Vulnerability
Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 LSA Secrets Vulnerability. Local exploit for windows platform source: http://www.securityfocus.com/bid/231/info The HKeyLocalMachine\SECURITY\Policy\Secrets\ key contains obfuscated data for various system services/resources. Clear-text usernames a...