GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks

A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet. "GoBruteforcer chose a Classless Inter-Domain Routing CIDR block for scanning the network during the attack, and it targeted all I...

GoBruteforcer: New Golang-Based Malware Breaches Web Servers via Brute-Force Attacks

A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet. "GoBruteforcer chose a Classless Inter-Domain Routing CIDR block for scanning the network during the attack, and it targeted all I...

Authentication Remote Code Execution

Description Found authenticated Remote Code Execution RCE on pluck 4.7.15 While reading the source code found blacklisted extension are mentioned in the file data/inc/files.php at line 44 and 45. File upload function validating the file extension is match any one of the following extension .php,...

Malware targeting SonicWall devices could survive firmware updates

Researchers at Mandiant have identified a malware campaign targeting SonicWall SMA 100 Series appliances, thought to be of Chinese origin. The malware was likely deployed in 2021, and was able to persist on the appliances tenaciously, even surviving firmware upgrades. The malware was able to stea...

New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide

An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed i...

CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a high-severity flaw affecting the ZK Framework to its Known Exploited Vulnerabilities KEV catalog based on evidence of active exploitation. Tracked as CVE-2022-36537 CVSS score: 7.5, the issue impacts ZK Framework versions...

SQL Injection leads to code execution

Description This vulnerability allows the attacker to leverage a SQL injection attack in the database backup functionality to write arbitrary data to an arbitrary file on disk anywhere where the user can write. This includes the webroot in a default installation allowing the attack to place a web...

CVE-2022-47769

An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell...

Arbitrary file deletion

An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell...

CVE-2022-47769

An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell...

CVE-2022-47769

An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell...

CVE-2022-47769

CVE-2022-47769 involves Serenissima Informatica Fast Checkin v1.0 and is an arbitrary file write vulnerability. An unauthenticated attacker can upload malicious files to the web root, which can lead to full server access via a web shell. The underlying issue is improper handling of file uploads a...

Serenissima Informatica Fast Checkin 代码问题漏洞

Serenissima Informatica Fast Checkin is an application from Serenissima, Inc. A security vulnerability exists in Serenissima Informatica Fast Checkin version 1.0, which originates from a vulnerability that allows an unauthenticated attacker to access the server via the web shell by uploading...

Chinese Hackers Utilize Golang Malware in DragonSpark Attacks to Evade Detection

Organizations in East Asia are being targeted by a likely Chinese-speaking actor dubbed DragonSpark while employing uncommon tactics to go past security layers. "The attacks are characterized by the use of the little known open source SparkRAT and malware that attempts to evade detection through...

Food Ordering System 2 Shell Upload

Title: Food Ordering System v2 File upload Vulnerability + web-shell upload - RCE Author: nu11secur1ty Date: 01.23.2023 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html Reference:...

WordPress Slider Revolution 4.6.5 Shell Upload

==================================================================================================================================== | Title : WordPress - Slider Revolution 4.6.5 WordPress - Slider Revolution 4.6.5 shell upload 0-day exploit | | Author : indoushka | | Tested on : windows 10...

EMC RSA Archer 6.0 < 6.9 SP3 P4 / 6.10 < 6.10 P2 Remote Code Execution

The version of EMC RSA Archer running on the remote web server is 6.x prior to 6.9.3.4 6.9 SP3 P4, 6.10.x prior to 6.10.0.2 6.10 P2. It is, therefore, affected by a remote code execution vulnerability due to unrestricted upload of a file with a dangerous type. A remote, authenticated malicious us...

Exploit for Code Injection in Vmware Spring_Framework

Spring Boot CVE-2022-22965 Docker PoC for CVE-2022-22965 with...

Researchers Uncover Stealthy Techniques Used by Cranefly Espionage Hackers

A recently discovered hacking group known for targeting employees dealing with corporate transactions has been linked to a new backdoor called Danfuan. This hitherto undocumented malware is delivered via another dropper called Geppei, researchers from Symantec, by Broadcom Software, said in a...

CVE-2016-20016

MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"...