subzero-wolf.co.uk Cross Site Scripting vulnerability OBB-3312585

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

KNOTWEED exploits zero-days to target US and Europe

Threat Level Actor Report For a detailed advisory, download the pdf file here Summary KNOTWEED, an Austria-based private-sector offensive actor PSOA, are exploiting 0-day vulnerabilities of Windows and Adobe to perform targeted attacks against European and Central American customers by using thei...

Microsoft Uncovers Austrian Company Exploiting Windows and Adobe Zero-Day Exploits

A cyber mercenary that "ostensibly sells general security and information analysis services to commercial customers" used several Windows and Adobe zero-day exploits in limited and highly-targeted attacks against European and Central American entities. The company, which Microsoft describes as a...

Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits

The Microsoft Threat Intelligence Center MSTIC and the Microsoft Security Response Center MSRC found a private-sector offensive actor PSOA using multiple Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, in limited and targeted attacks against European and...

Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits

The Microsoft Threat Intelligence Center MSTIC and the Microsoft Security Response Center MSRC found a private-sector offensive actor PSOA using multiple Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, in limited and targeted attacks against European and...

bj-xss.txt

BJ Webring XSS By : sn0oPy Risk : high exploit : just inject any script on the add link menu : http://www.target.ma/webring/formulaire.php Dork : intitle:".: index webring :." contact : [email protected] greetz : subzero, http://forums.avenir-geopolitique.net. reference :...

jbrowser.txt

JBrowser acces to admin/config files By : sn0oPy Risk : high Dork : inurl:"JBrowser/index.php" exploit : juste replace the http://www.target.ma/jbrowser/index.php by http://www.target.ma/jbrowser/admin/ contact : [email protected] greetz : subzero, Avg...

Allons_voter Version 1.0 xss and admin votes

Allonsvoter Version 1.0 xss and admin votes wihtout password By : sn0oPy Risk : medium Dork : inurl:"Allonsvoter" exploit : Be admin : http://www.target.com/Allonsvoter/menu.html replace it by http://www.target.com/Allonsvoter/adminajouter.php or http://www.target.com/Allonsvoter/adminsupprimer.p...

rblasp-sql.txt

RBL - ASP scripts with db SQL injection By : sn0oPy Risk : high Site : http://www.aspside.com Dork : intitle:"RBL - ASP" exploit : user = 'or' '=' pass = 'or' '=' contact : [email protected] greetz : subzero, Avg Teamhttp://forums.avenir-geopolitique.net reference =...

ATutor1.5.3.2.txt

====================================================================== Atutor ====================================================================== Info:- Download: http://prdownloads.sourceforge.net/atutor/ATutor-1.5.3.2.tar.gz?download Version : ATutor 1.5.3.2...