27 matches found
CVE-2026-25185
Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-10656
Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-10655
Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-25185
Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-25185
Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-25185
Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-25185 Windows Shell Link Processing Spoofing Vulnerability
...
CVE-2026-25185 Windows Shell Link Processing Spoofing Vulnerability
...
CVE-2026-25185
Technical details (affected products, components, root cause, impact, and remediation) are not provided in the supplied documents. Monitor for updates.
Windows Shell Link Processing Spoofing Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network...
PT-2026-24309
Name of the Vulnerable Software and Affected Versions Windows affected versions prior to March 2026 updates Description An issue in Windows Shell Link Processing, specifically within the IShellLink interface, involves the exposure of sensitive information due to insufficient protection of service...
Linux Distros Unpatched Vulnerability : CVE-2017-12426
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab Community Edition CE and Enterprise Edition EE before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4...
Finding the LNK: Techniques and methodology for advanced analysis with Velociraptor
Malicious exploitation of LNK files, commonly known as Windows shortcuts, is a well-established technique used by threat actors for delivery and persistence. While the value of LNK forensics for cyber threat intelligence CTI is fairly well-understood, analysts may overlook less well-known data...
Little Crumbs Can Lead To Giants
This week is the Virus Bulletin Conference in London. Part of the conference is the Cyber Threat Alliance summit, where CTA members like Rapid7 showcase their research into all kinds of cyber threats and techniques. Traditionally, when we investigate a campaign, the focus is mostly on the code of...
Following the LNK metadata trail
Adversaries shift toward Shell Link LNK files, likely sparked by Microsofts decision to block macros, provides the opportunity to capitalize on information that can be provided by LNK metadata. Cisco Talos analyzed metadata in LNK files and correlated it with threat actors tactics techniques and...
WordPress Plugin GoURL.io 1.4.14 - File Upload
WordPress Plugin GoURL.io 1.4.14 - File Upload Shell link...
ALPINE-CVE-2017-1000117
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim...
PHP Utility Belt - Remote Code Execution
Exploit Title : PHP utility belt Remote Code Execution vulnerability Author : WICS Date : 8/12/2015 Software Link : https://github.com/mboynes/php-utility-belt Overview: PHP utility belt is a set of tools for PHP developers. Install in a browser-accessible directory and have at it. ajax.php is...
Social Engine 4.x (Music Plugin) Arbitrary File Upload Vulnerability
No description provided by source. Exploit Title: Social Engine 4.x Music Plugin Arbitrary File Upload Google Dork: inurl:user/auth/forgot Date: 22/12/2010 Author: MyDoom Moroccan Hacker Contact: [email protected] Software Link: http://http://www.socialengine.net Version: Social Engine 4.x...
PHP-Nuke Shell Upload
PHP-Nuke Shell Upload Vulnerability By : h311 c0d3 Contact : [email protected] Home : Black-Hat.cc Dork : inurl:modules.php?name=Upload Exploit : 1- you should first install Tamper Data from here https://addons.mozilla.org/en-us/firefox/addon/tamper-data/ 2- start tamper then, upload your shell as...