CVE-2018-8174

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka “Windows VBScript Engine Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1,...

Threat Analysis: Malicious Microsoft Word Documents Being Used in Targeted Attack Campaigns

A Microsoft Word document .doc believed to be malicious was recently submitted to Carbon Black’s Threat Analysis Unit TAU. The submitting organization did not feel that that document and subsequent payload was fully executing in their analysis environment, and questioned whether or not it was...

vBulletin 5 - cacheTemplates Remote Arbitrary File Deletion

vBulletin 5 - cacheTemplates Remote Arbitrary File Deletion SSD Advisory – vBulletin cacheTemplates Unauthenticated Remote Arbitrary File Deletion Source: https://blogs.securiteam.com/index.php/archives/3573 Vulnerability Summary The following advisory describes a unauthenticated deserialization...

Threat Round-up for July 28 - August 4

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 28 and August 04. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior characteristic...

VirtualBox 5.0.32 r112930 x64 - Windows Process COM Injection Privilege Escalation Exploit

Exploit for windows platform in category local exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1103 VirtualBox: Windows Process COM Injection EoP Platform: VirtualBox v5.0.32 r112930 x64 Tested on Windows 10 Class: Elevation of Privilege Summary: The process hardening...

CVE-2016-0141

The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 export a certificate-store private key during a document-save operation, which allows attackers to obtain sensitive information via unspecified vectors, aka "Microsoft Information Disclosure Vulnerability."...

Hancitor Malware Shifts Infection Strategies

Researchers said a new variant of the Hancitor downloader has shifted tactics and adopted new dropper strategies and obfuscation techniques on infected PCs. Researchers at Palo Alto Networks are currently tracking the biggest push of the Hancitor family of malware since June that it says has...

Remote Control Backdoor Vulnerability in Canon Canon vb-c60 Camera

Canon Japan is a Japanese company dedicated to imaging, optical and office automation products, including cameras, camcorders, copiers, fax machines, image scanners and printers. A remote control backdoor vulnerability exists in the Canon vb-c60 camera, which allows an attacker to send a get...

The Uploader 2.0 - Remote File Upload Vulnerability

No description provided by source. ======================================================================================================= Script Name : The Uploader 2.0 Language : php Author : Master Mind Home : www.vbspiders.com ============================================== Exploit : example:...

VB Marketing 'tseekdir.cgi' Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27475/info VB Marketing is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to include loc...

MCPWS Personal WebServer <= 1.3.21 Denial of Service Exploit

No description provided by source. !/usr/bin/perl MCPWS Personal - Webserver = 1.3.21 DoS Exploit Vendor: http://www.mcpsoftware.de The coder used a unsecure VB-function Open to open requested files and didn't include a working error handling On Error Goto etc. It's possible to exploit this...

MobPartner Counter - Remote File Upload Vulnerability

No description provided by source. MobPartner Counter Remote File Upload Vulnerability + Author : wlhaan hacker + Email : [email protected] + Site : www.sa-hacker.com/vb + team wlhaan Hacker + Dork : MobPartner Counter upload files The exploit : http://localhost/path/upload.php edit shell...

CVE-2012-5216

Cross-site request forgery CSRF vulnerability on HP ProCurve 1700-8 aka J9079A switches with software before VA.02.09 and 1700-24 aka J9080A switches with software before VB.02.09 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

VBulletin 4.1.7多个远程文件包含漏洞

BUGTRAQ ID: 50455 vBulletin是一个强大灵活并可完全根据自己的需要定制的论坛程序套件。 vBulletin在实现上存在多个远程文件包含漏洞，攻击者可利用这些漏洞获取敏感信息或在服务器进程中执行任意脚本代码，控制应用程序或计算机。 VBulletin 4.1.7 厂商补丁： VBulletin --------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.vbulletin.com/ http://www.example.com/vB1/api.php?apiscript=RFI...

Allomani Songs & Clips 2.x (msg_id) Blind SQL Injection Exploit

Exploit for php platform in category web applications ?php / =============================================================== Allomani Songs & Clips 2.x msgid Blind SQL Injection Exploit =============================================================== +Version : 2.x +Author : ahwak2000 +home :...

vBulletin 4.1.3 SQL Injection

Exploit Title: Vbulletin 4.0.x = 4.1.3 messagegroupid SQL injection Vulnerability 0-day Google Dork: intitle: powered by Vbulletin 4 Date: 20/07/2011 Author: FB1H2S Software Link: urlhttp://www.vbulletin.com//url Version: 4.x.x Tested on: relevant os CVE : urlhttp://members.vbulletin.com//url...

Vbulletin 4.0.x => 4.1.3 (messagegroupid) SQL injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Vbulletin 4.0.x = 4.1.3 messagegroupid SQL injection Vulnerability 0-day Google Dork: intitle: powered by Vbulletin 4 Date: 20/07/2011 Author: FB1H2S Software Link: urlhttp://www.vbulletin.com//url Version: 4.x.x Tested on:...

vBulletin 4.0.x 4.1.3 - messagegroupid SQL Injection

vBulletin 4.0.x 4.1.3 - messagegroupid SQL Injection Exploit Title: Vbulletin 4.0.x = 4.1.3 messagegroupid SQL injection Vulnerability 0-day Google Dork: intitle: powered by Vbulletin 4 Date: 20/07/2011 Author: FB1H2S Software Link: urlhttp://www.vbulletin.com//url Version: 4.x.x Tested on:...

vBulletin 4.0.x 4.1.3 - &#039;messagegroupid&#039; SQL Injection

Exploit Title: Vbulletin 4.0.x = 4.1.3 messagegroupid SQL injection Vulnerability 0-day Google Dork: intitle: powered by Vbulletin 4 Date: 20/07/2011 Author: FB1H2S Software Link: urlhttp://www.vbulletin.com//url Version: 4.x.x Tested on: relevant os CVE : urlhttp://members.vbulletin.com//url...

ActiveWebSoftware Active Auction Pro SQL Injection Vulnerability

Exploit for asp platform in category web applications ================================================================ ActiveWebSoftware Active Auction Pro SQL Injection Vulnerability ================================================================...