What Is The Cyber Kill Chain? Process & Model

Grasping the Fundamentals: A Study of the Cyber Harm Ladder Navigating the multifaceted universe of cybersecurity is similar to solving an evolving labyrinth. This world is awash with intricate principles and techniques; with the Cyber Harm Ladder gaining increasing focus in recent times. But, wh...

CVE-2023-49620 Apache DolphinScheduler: Authenticated users could delete UDFs in resource center they were not authorized for

Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized which almost used in sql task, with unauthorized access vulnerability IDOR, but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires...

Exploit for CVE-2022-30190

AmzWord an automated attack chain based on CVE-2022-30190, 16...

New 'HrServ.dll' Web Shell Detected in APT Attack Targeting Afghan Government

An unspecified government entity in Afghanistan was targeted by a previously undocumented web shell called HrServ in what's suspected to be an advanced persistent threat APT attack. The web shell, a dynamic-link library DLL named "hrserv.dll," exhibits "sophisticated features such as custom...

samba: "rpcecho" development server allows denial of service via sleep() call on AD DC

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in...

HrServ – Previously unknown web shell used in APT attack

Introduction In the course of our routine investigation, we discovered a DLL file, identified as hrserv.dll, which is a previously unknown web shell exhibiting sophisticated features such as custom encoding methods for client communication and in-memory execution. Our analysis of the sample led t...

Clear Text Credentials Exposure

Nautobot Device Onboarding is vulnerable to Clear Text Credentials Exposure. The vulnerability is due to credentials being visible via the Job Results view under the Additional Data tab as arguments for Celery Task execution when creating an OnboardingTask. As a result the attacker is exposed to...

GHSA-QF3C-RW9F-JH7V Clear Text Credentials Exposed via Onboarding Task

Impact When credentials are provided while creating an OnboardingTask they may be visible via the Job Results view under the Additional Data tab as args for the Celery Task execution. This only applies to OnboardingTasks that are created with credentials specified while on v2.0.0-2.0.2 of Nautobo...

CVE-2023-48700 Clear Text Credentials Exposed via Onboarding Task

The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are...

Nautobot Security Vulnerability

Nautobot is a web automation platform for Nautobot individual developers. A security vulnerability exists in Nautobot Plugin Device Onboarding versions 2.0.0 through 3.0.0, which stems from the disclosure of plaintext credentials when an OnboardingTask is created...

Persistence – Scheduled Task Tampering

Windows Task Scheduler enables windows users and administrators to perform automated tasks at specific time intervals. Scheduled tasks has been commonly abused as a method… Continue reading - Persistence - Scheduled Task Tampering...

Persistence – Scheduled Task Tampering

Windows Task Scheduler enables windows users and administrators to perform automated tasks at specific time intervals. Scheduled tasks has been commonly abused as a method… Continue reading - Persistence - Scheduled Task Tampering...

Remote Code Execution (RCE)

vantage6node is vulnerable to Remote Code Execution RCE. The system fails to validate the execution of a child task if it has a specified parent task ID which could be exploited by an attacker who gains unauthorized access to the system. By setting a fake parent task ID for a malicious task, the...

XXL-JOB Security Vulnerability

XXL-JOB is a distributed task scheduling platform based on the java language from the Xu Xue Li XXL-JOB community. A security vulnerability exists in XXL-JOB xxl-job-admin version 2.4.0, which stems from a cross-site scripting XSS vulnerability in component /xxl-job-admin/joblog/logDetailPage...

CVE-2023-46023

SQL injection vulnerability in addTask.php in Code-Projects Simple Task List 1.0 allows attackers to obtain sensitive information via the 'status' parameter...

Sql injection

SQL injection vulnerability in addTask.php in Code-Projects Simple Task List 1.0 allows attackers to obtain sensitive information via the 'status' parameter...

CVE-2023-48021

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/task/update...

CVE-2023-48021

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/task/update...

Cross site request forgery (csrf)

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/task/changeStatus...

CVE-2023-48021

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/task/update...