Lucene search
+L

322 matches found

The Hacker News
The Hacker News
added 2020/06/03 12:56 p.m.7 views

Newly Patched SAP ASE Flaws Could Let Attackers Hack Database Servers

A new set of critical vulnerabilities uncovered in SAP's Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios. The six flaws, disclosed by cybersecurity firm Trustwave today, reside in...

9.1CVSS7.7AI score0.01888EPSS
Exploits0
ThreatPost
ThreatPost
added 2020/05/21 12:0 p.m.58 views

Crooks Tap Google Firebase in Fresh Phishing Tactic

A series of phishing campaigns using Google Firebase storage URLs have surfaced, showing that cybercriminals continue to leverage the reputation of Google’s cloud infrastructure to dupe victims and skate by secure email gateways. Google Firebase is a mobile and web application development platfor...

7.2AI score
Exploits0References7
Kitploit
Kitploit
added 2020/05/20 12:30 p.m.60 views

Spray - A Password Spraying Tool For Active Directory Credentials By Jacob Wilkin(Greenwolf)

A Password Spraying tool for Active Directory Credentials by Jacob WilkinGreenwolf Getting Started These instructions will show you the requirements for and how to use Spray. Prerequisites All requirements come preinstalled on Kali Linux, to run on other flavors or Mac just make sure curlowa & ly...

7.4AI score
Exploits0References6
NVD
NVD
added 2020/01/21 10:15 p.m.39 views

CVE-2019-19886

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...

7.5CVSS7.4AI score0.02501EPSS
Exploits0References4
OSV
OSV
added 2020/01/21 10:15 p.m.23 views

CVE-2019-19886

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...

7.5CVSS6.5AI score0.02501EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2020/01/21 10:15 p.m.24 views

CVE-2019-19886

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...

7.5CVSS7.1AI score0.02501EPSS
Exploits0References4
Prion
Prion
added 2020/01/21 10:15 p.m.23 views

Code injection

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...

5CVSS7.3AI score0.02501EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2020/01/21 10:15 p.m.4 views

UBUNTU-CVE-2019-19886

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...

7.5CVSS5.8AI score0.02501EPSS
Exploits0References5
Cvelist
Cvelist
added 2020/01/21 9:59 p.m.54 views

CVE-2019-19886

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...

7.3AI score0.02501EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2020/01/21 9:59 p.m.21 views

CVE-2019-19886

Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive Denial of Service because of a flaw in Transaction::addRequestHeader in transaction.cc...

7.5CVSS7.3AI score0.02501EPSS
Exploits0
CVE
CVE
added 2020/01/21 9:59 p.m.94 views

CVE-2019-19886

The CVE affects Trustwave ModSecurity v3 (libmodsecurity), specifically versions 3.0.0–3.0.3, where a flaw in Transaction::addRequestHeader in transaction.cc can cause denial of service when crafted requests are sent rapidly in large volumes. Reported impact is server slowdown or unavailability. ...

7.5CVSS7.2AI score0.02501EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2020/01/21 12:0 a.m.3 views

PT-2020-10284 · Trustwave · Modsecurity

Name of the Vulnerable Software and Affected Versions: Trustwave ModSecurity versions 3.0.0 through 3.0.3 Description: The issue allows an attacker to send crafted requests that may lead to the server becoming slow or unresponsive due to a flaw in Transaction::addRequestHeader in transaction.cc...

7.5CVSS6.8AI score0.02501EPSS
Exploits0References24
ThreatPost
ThreatPost
added 2019/11/19 4:27 p.m.71 views

Fake 'Windows Update' Installs Cyborg Ransomware

A malicious spam campaign that informs victims it contains a “critical Windows update” instead leads to the installation of Cyborg ransomware, researchers have found. Further, they were able to access its builder, which can be used to create malware variants. The email-based threat, discovered...

Exploits0References5
The Hacker News
The Hacker News
added 2019/09/10 4:41 p.m.86 views

Some D-Link and Comba WiFi Routers Leak Their Passwords in Plaintext

What could be worse than your router leaking its administrative login credentials in plaintext? Cybersecurity researchers from Trustwave's SpiderLabs have discovered multiple security vulnerabilities in some router models from two popular manufacturers—D-Link and Comba Telecom—that involve insecu...

8.1CVSS0.4AI score0.89294EPSS
Exploits7
ThreatPost
ThreatPost
added 2019/09/10 12:0 p.m.118 views

Vulnerabilities in D-Link, Comba Routers Can Leak Credentials

Researchers have discovered vulnerabilities in D-Link and Comba Telecom routers that can leak passwords for the devices and have the potential to affect every user on networks that use them for access. Trustwave SpiderLabs Security Researcher Simon Kenin discovered the vulnerabilities—two in a...

0.9AI score
Exploits0References9
ThreatPost
ThreatPost
added 2019/07/26 7:13 p.m.261 views

Rare Steganography Hack Can Compromise Fully Patched Websites

An unusual steganographic technique that an attacker can use to implant a malicious webshell on unsuspecting websites has been spotted in Latin America. According to research from Trustwave shared exclusively with Threatpost, a forensic investigation showed that an adversary is implanting PHP cod...

7.4AI score
Exploits0References6
HackRead
HackRead
added 2019/03/14 1:22 p.m.65 views

Pakistani Govt’s passport application tracking site hacked with Scanbox framework

By Waqas Hackers are after anyone seeking Pakistani passport while there is no response from the website's administrator. Researchers at information security firm Trustwave have made a startling new discovery about data breach on a Pakistani government website involving the Scanbox Framework. It ...

1.3AI score
Exploits0
HackRead
HackRead
added 2019/02/11 11:10 p.m.58 views

Critical zero-day vulnerabilities hit Lifesize video conferencing products

By Waqas The IT security researchers at TrustWave have discovered critical zero-day vulnerabilities in video conferencing products developed by Lifesize which, if exploited by attackers can cause a great deal of damage. Lifesize is an audio and video telecommunication firm based in the United...

2.1AI score
Exploits0
ThreatPost
ThreatPost
added 2018/11/19 4:20 p.m.568 views

Cryptojacking Attack Targets Make-A-Wish Foundation Website

Hackers have been stealing CPU-cycles from visitors to the Make-A-Wish Foundation’s international website in order to mine for Monero cryptocurrency. Researchers said they found the CoinIMP mining script embedded in the non-profit’s website, and that it was taking advantage of the Drupalgeddon 2...

7.5CVSS9.9AI score0.99993EPSS
Exploits46References6
Metasploit
Metasploit
added 2018/09/28 4:0 p.m.43 views

Windows Gather PureVPN Client Credential Collector

Finds the password stored for the PureVPN Client. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather PureVPN Client Credential Collector', 'Description' = %q Finds the password stor...

7.3AI score
Exploits0
Rows per page
Query Builder