Lucene search
K

129 matches found

Openbugbounty
Openbugbounty
added 2023/07/08 5:2 p.m.13 views

vb-fun.de Cross Site Scripting vulnerability OBB-3491545

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/04/04 12:21 a.m.7 views

vb-asp-php.com Cross Site Scripting vulnerability OBB-3246325

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:58 a.m.4 views

SUSE CVE-2010-2230

The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting XSS attacks via HTML input...

4CVSS5.9AI score0.02226EPSS
Exploits0References4
Talos Blog
Talos Blog
added 2022/08/05 7:54 p.m.21 views

Threat Roundup for July 29 to August 5

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 29 and Aug. 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics,...

7AI score
Exploits0
CNVD
CNVD
added 2021/12/30 12:0 a.m.11 views

Command Execution Vulnerability in Opmantek Open-AudIT

Opmantek Open-AudIT is a network auditing program based on PHP, bash shell and VB language. Opmantek Open-AudIT suffers from a command execution vulnerability that can be exploited by a remote attacker to submit a special request and execute a command...

7.6AI score
Exploits0
Openbugbounty
Openbugbounty
added 2021/10/31 5:2 a.m.8 views

pittsburghelitevb.com Cross Site Scripting vulnerability OBB-2218164

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
The Hacker News
The Hacker News
added 2021/09/03 8:44 a.m.35 views

FIN7 Hackers Using Windows 11 Themed Documents to Drop Javascript Backdoor

A recent wave of spear-phishing campaigns leveraged weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript implant, against a point-of-sale PoS service provider located in the U.S. The attacks, which are believed to have taken...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2021/04/21 12:0 p.m.53 views

Novel Email-Based Campaign Targets Bloomberg Clients with RATs

A new email-based campaign by an emerging threat actor aims to spread various remote access trojans RATs to a very specific group of targets who use Bloomberg’s industry-based services. Cisco Talos Intelligence researchers discovered the campaign, dubbing it and its perpetrator “Fajan,” and...

0.2AI score
Exploits0References8
Malwarebytes
Malwarebytes
added 2021/01/06 3:14 p.m.44 views

Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat

This post was authored by Hossein Jazi On December 7 2020 we identified a malicious document uploaded to Virus Total which was purporting to be a meeting request likely used to target the government of South Korea. The meeting date mentioned in the document was 23 Jan 2020, which aligns with the...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/07/21 3:0 p.m.5318 views

Chinese APT group targets India and Hong Kong using new variant of MgBot malware

This blog post was authored by Hossein Jazi and Jérôme Segura On July 2, we found an archive file with an embedded document pretending to be from the government of India. This file used template injection to drop a malicious template which loaded a variant of Cobalt Strike. One day later, the sam...

9.3CVSS8.8AI score0.99966EPSS
Exploits21
0day.today
0day.today
added 2020/04/23 12:0 a.m.21 views

VB 6.0 Dirlist Object Code Execution Exploit

/ VB 6.0 Dirlist Object Code Execution Author : Hexrain Tutorial Video : https://youtu.be/BLFbUJ4n8hY Twitter : @smashedkernel Greetz : OA Cybersec wornix blacknbunny / import sys try: commandfile = sys.argv1 poc = 'End If\nEnd Sub\nlPtr = Private Type Private Type\nRtlMoveMemory ByVal lPtr, &HE8...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2019/05/03 12:0 a.m.495 views

SolarWinds DameWare Mini Remote Control 10.0 Denial Of Service

Vendor: Solarwinds Site Vendor: https://www.dameware.com/ Product: Dameware Mini Remote Control Version: 10.0 x64 Platform: Windows Tested on: Windows 7 SP1 x64 Dscription: The DWRCC executable file is affected by a buffer overflow vulnerability. The buffer size passed in on the machine name...

0.8AI score0.20587EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/05/03 12:0 a.m.138 views

SolarWinds DameWare Mini Remote Control 10.0 - Denial of Service

Vendor: Solarwinds Site Vendor: https://www.dameware.com/ Product: Dameware Mini Remote Control Version: 10.0 x64 Platform: Windows Tested on: Windows 7 SP1 x64 Dscription: The DWRCC executable file is affected by a buffer overflow vulnerability. The buffer size passed in on the machine name...

7.5CVSS7.6AI score0.20587EPSS
Exploits5
ATTACKERKB
ATTACKERKB
added 2018/12/12 12:29 a.m.3 views

CVE-2018-8619

A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 1...

7.6CVSS6.6AI score0.45762EPSS
Exploits2References4
NVD
NVD
added 2018/11/16 6:29 p.m.24 views

CVE-2018-18805

Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb...

9.8CVSS9.8AI score0.05204EPSS
Exploits5References3
Prion
Prion
added 2018/11/16 6:29 p.m.13 views

Sql injection

Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb...

7.5CVSS9.8AI score0.05204EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2018/11/16 6:0 p.m.24 views

CVE-2018-18805

Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb...

9.9AI score0.05204EPSS
Exploits5References3
CVE
CVE
added 2018/11/16 6:0 p.m.72 views

CVE-2018-18805

CVE-2018-18805 affects Point Of Sales 1.0 (VB.Net, MySQL) where the login form (LoginForm1.vb) builds a SQL query by string concatenation, enabling SQL injection. Public PoCs and exploits (Exploit DB, PacketStorm) demonstrate attacker can retrieve/modify backend data via the login screen. Connect...

9.8CVSS9.8AI score0.05204EPSS
Exploits5References3Affected Software1
exploitpack
exploitpack
added 2018/10/29 12:0 a.m.34 views

Point of Sales (POS) in VB.Net MySQL Database 1.0 - SQL Injection

Point of Sales POS in VB.Net MySQL Database 1.0 - SQL Injection Exploit Title: Point of Sales POS in VB.Net MySQL Database 1.0 - SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...

7.5CVSS0.1AI score0.05204EPSS
Exploits5
BDU FSTEC
BDU FSTEC
added 2018/05/31 12:0 a.m.8 views

The vulnerability of VBScript script handlers in Windows operating systems allows attackers to execute arbitrary code.

The vulnerability of VBScript script handlers in Windows operating systems arises from the execution of an operation beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted web page or document...

9.3CVSS8.5AI score0.18925EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder