MAL-2025-35451 Malicious code in test-mlw2-grief-vulns (npm)

The package test-mlw2-grief-vulns was found to contain malicious code...

Malicious code in test-mlw2-grief-vulns (npm)

The package test-mlw2-grief-vulns was found to contain malicious code...

Infor Storefront B2B 1.0 SQL Injection

Exploit Title: Infor Storefront B2B 1.0 - 'usrname' SQL Injection Google Dork: inurl:storefrontb2bweb Date: 2020-06-27 Exploit Author: ratboy Vendor Homepage: https://www.insitesoft.com/infor-storefront/ Version: Infor Storefront Tested on: Windows All Versions POC Multiple Vulns python sqlmap.py...

U.S. Dept Of Defense: Examples directory is PUBLIC on https://████████mil, leading to multiple vulns

Description: Hello, In an effort to consolidate reporting. I have located 4 issues with having the Examples Directory openmy require just 1 solution to mitigate The following URLs that show concern are the following: 1. https://█████mil/examples/servlets/servlet/SessionExample --Will lead to...

February 2019 Patch Tuesday – 74 Vulns, 20 Critical, Exchange 0-day, Adobe Vulns

This month's Patch Tuesday is very large, with 74 vulns being addressed of which 20 are labeled as critical. Fifteen of these critical vulns are in the Scripting Engine and browsers, with the remainder being GDI+, SharePoint, and DHCP. Microsoft also issued an Advisory for an Exchange 0-day, alon...

Beers with Talos EP 16: Strong Copy - Bad Rabbit and the Nyetya Connection

Beers with Talos BWT Podcast Episode 16 is now available. Download this episode and subscribe to Beers with Talos:img border="0" data-original-height="45" data-original-width="160" src="https://2.bp.blogspot.com/-E-RSSZ9jbUY/WaWCkLGZnZI/AAAAAAAAAJE/Ciiz-Si...

October 17, 2017 – Morning Cyber Coffee Headlines – “The Flintstones” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! October 17, 2017 - Headlines Carbon Black in the News: Dark Web Ransomware...

Web Application Security Scanner: Spaghetti

Spaghetti is a web application security scanner tool. It is designed to find various default and insecure files, configurations and misconfigurations. Spaghetti is built on python2.7 and can run on any platform which has a Python environment. Installation $ git clone...

CVE-2017-1000363

Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parportptr integer is static, a 'secure boot' kernel command line adversary can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partia...

ManageEngine EventLog Analyzer SQL / Credential Disclosure

ManageEngine EventLog Analyzer suffers from SQL information and credential disclosure vulnerabilities. This is the 6th part of the ManageOwnage series. For previous parts see 1. This time we have two 0 day vulns CVE-2014-6038 and 6039 that can be abused to dump information from the database and...

ME Download System <= 1.3 (header.php) Remote Inclusion Vulnerability

No description provided by source. +-------------------------------------------------------------------- + + ME Download System 1.3 Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: ME Download System 1.3 + Venedor ...........:...

Hosting Controller <= 6.1 Hotfix 3.2 - Remote Unauthenticated Vulns

No description provided by source. Hosting Controller 6.1 Hotfix = 3.2 Multi Vuln. SQLInjection, Command Injection ------- KAPDA::59 - Hosting Controller 6.1 Hotfix = 3.2 Vendor: Hosting Controller Vendor URL: www.hostingcontroller.com Solution: Hotfix 3.3 Found Date: 7/1/2006 Release Date:...

iScripts Support Desk 4.1 SQL Injection

Normal Sql postticketbeforeregistersave.php Staff table post : txtname=faris&[email protected]&prty=0&deptid=11 /!1337andselect 1 fromselect count,concatselect select select distinct concat0x7e,0x27,unhexHexcasttablename as char,0x27,0x7e from informationschema.tables where tableschema=databas...

Nmap NSE 6.01: smb-check-vulns

This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Astium VoIP PBX 2.1 Remote Root

!/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Astium VoIP PBX 0x90.nl Software link :...

smb-vuln-ms10-061 NSE Script

Tests whether target machines are vulnerable to ms10-061 Printer Spooler impersonation vulnerability. This vulnerability was used in Stuxnet worm. The script checks for the vuln in a safe way without a possibility of crashing the remote system as this is not a memory corruption vulnerability. In...

distcc-cve2004-2687 NSE Script

Detects and exploits a remote code execution vulnerability in the distributed compiler daemon distcc. The vulnerability was disclosed in 2002, but is still present in modern implementation due to poor configuration of the service. Script Arguments cmd the command to run at the remote server...

Nmap NSE net: smb-check-vulns

This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Puzzle Apps CMS 3.2 Local File Inclusion

------------------------------------------------------------------------ Software................ Puzzle Apps CMS 3.2 Vulnerability........... Local File Inclusion Site.................... http://www.puzzleapps.org/ Download Link...

eZoneScripts Hotornot2 Script (Admin Bypass) Multiple Remote Vulns

No description provided by source. + Hotornot2 Script Remote apload Admin Bypass Vulnerability ===== ++ by sniper code++============================================ Author : sniper code S.C.T-443 website : www.sec-code.com...