Lucene search
K

23 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/03 8:15 a.m.4 views

Malicious code in secmeasure (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security f566db2e1359b455ca36524d9c066854754e71ac92deca9706f69d3d71cc8414 This package installs the SilentSync remote access trojan and allows remote code execution and data exfiltration. Windows machines are...

7.1AI score
Exploits0References2
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.147 views

Dicoogle PACS Web Server Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Dicoogle PACS Web Server Directory Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability in th...

7.4AI score
Exploits0
RustSec
RustSec
added 2023/11/20 12:0 p.m.4 views

`tauri-win-rt-notification` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user gabielle55131 to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2023/11/18 6:12 a.m.315 views

Exploit for Incorrect Comparison in Dynamic-Linq Linq

Dynamic Linq injection to RCE - CVE-2023-32571 About Dynami...

9.8CVSS9.8AI score0.76907EPSS
Exploits4
GithubExploit
GithubExploit
added 2023/11/03 10:6 p.m.809 views

Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ This exploit...

10CVSS9.2AI score0.94436EPSS
Exploits31
Rapid7 Blog
Rapid7 Blog
added 2021/12/10 9:36 p.m.209 views

Metasploit Wrap-Up

Word and Javascript are a rare duo. Thanks to thesunRider. you too can experience the wonder of this mystical duo. The sole new metasploit module this release adds a file format attack to generate a very special document. By utilizing Javascript embedded in a Word document to trigger a chain of...

6.8CVSS7.4AI score0.94332EPSS
Exploits38
Tenable Nessus
Tenable Nessus
added 2020/10/15 12:0 a.m.413 views

Target Credential Status by Authentication Protocol - Valid Credentials Provided

Nessus was able to determine that valid credentials were provided for an authentication protocol available on the remote target because it was able to successfully authenticate directly to the remote target using that authentication protocol at least once. Authentication was successful because th...

5.7AI score
Exploits0
ThreatPost
ThreatPost
added 2020/06/09 5:9 p.m.37 views

Espionage Group Hits U.S. Utilities with Sophisticated Spy Tool

The APT known as TA410 has added a modular remote-access trojan RAT to its espionage arsenal, deployed against Windows targets in the United States’ utilities sector. According to researchers at Proofpoint, the RAT, called FlowCloud, can access installed applications and control the keyboard,...

1AI score
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/22 5:46 p.m.13 views

Security Bulletin: IBM Tivoli Application Dependency Discovery Manager (TADDM) could expose password hashes stored in system memory on target Windows systems that are discovered by TADDM

Summary IBM Tivoli Application Dependency Discovery Manager TADDM requires a local service account to communicate with Windows servers targets via WMI. WMI caches the password hash in memory on each target Windows system when using certain authentication methods. By TADDM design, and according to...

7.5CVSS0.1AI score0.00206EPSS
Exploits0Affected Software1
Gitee
Gitee
added 2020/03/28 4:57 p.m.2 views

shadowbroker-1

This repository, fengzihk/shadowbroker-1, contains a collection of exploits and tools leaked by the Shadow Brokers, a group known for releasing sensitive information. The repository includes a README file that lists various exploits, such as EARLYSHOVEL, EBBISLAND, ECHOWRECKER, EASYBEE, and...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.18 views

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2642)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.3CVSS5.5AI score0.00072EPSS
Exploits0References2
0day.today
0day.today
added 2018/08/12 12:0 a.m.26 views

Dicoogle PACS 2.5.0 Web Server Directory Traversal Exploit

This module exploits an unauthenticated directory traversal vulnerability in the Dicoogle PACS Web Server v2.5.0 and possibly earlier, allowing an attacker to read arbitrary files with the web server privileges. While the application is java based, the directory traversal was only successful...

0.3AI score
Exploits0
Metasploit
Metasploit
added 2018/07/22 1:31 a.m.6 views

Dicoogle PACS Web Server Directory Traversal

This module exploits an unauthenticated directory traversal vulnerability in the Dicoogle PACS Web Server v2.5.0 and possibly earlier, allowing an attacker to read arbitrary files with the web server privileges. While the application is java based, the directory traversal was only successful...

0.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/05/24 12:0 a.m.339 views

Target Credential Issues by Authentication Protocol - No Issues Found

Valid credentials were provided for an authentication protocol on the remote target and Nessus did not log any subsequent errors or failures for the authentication protocol. When possible, Nessus tracks errors or failures related to otherwise valid credentials in order to highlight issues that ma...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/11/06 12:0 a.m.1309 views

Target Credential Status by Authentication Protocol - Failure for Provided Credentials

Nessus failed to successfully authenticate directly to the remote target on an available authentication protocol. Nessus was able to connect to the remote port and identify that the service running on the port supports an authentication protocol, but Nessus failed to authenticate to the remote...

5.7AI score
Exploits0
Metasploit
Metasploit
added 2015/10/02 3:4 p.m.21 views

ManageEngine ServiceDesk Plus Arbitrary File Upload

This module exploits a file upload vulnerability in ManageEngine ServiceDesk Plus. The vulnerability exists in the FileUploader servlet which accepts unauthenticated file uploads. This module has been tested successfully on versions v9 b9000 - b9102 in Windows and Linux. The MSP versions do not...

0.1AI score
Exploits0
0day.today
0day.today
added 2011/09/06 12:0 a.m.20 views

WVxWorks FTP server Password Overflow

Exploit for windows platform in category remote exploits $Id: VxWorksFTPserver.rb 16850 2011-09-07 10:20:45Z Iraq $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2009/11/26 12:0 a.m.27 views

TFTPD32 <= 2.21 Long Filename Buffer Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'TFTPD32 %q...

7.5CVSS0.6AI score0.80027EPSS
Exploits4
ThreatPost
ThreatPost
added 2009/07/22 10:44 p.m.6 views

Adobe Flash Attacks Underway; Harden PDF Reader Immediately

Malicious hackers have found a new vulnerability in Adobe’s ever-present Flash software and are using rigged PDF documents to launch exploits against Windows targets. The Adobe Flash Player flaw, which is currently unpatched, affects millions of Windows XP and Windows Vista users. Adobe has...

1AI score
Exploits0References4
Saint
Saint
added 2009/03/05 12:0 a.m.15 views

Keystroke Logger

Added: 03/05/2009 Background This tool records all keystrokes which are typed at a computer's console. The keystrokes can be viewed in the exploit server's log. Limitations Logger works on Windows targets. A connection to the target is required to run this tool. Platforms Windows...

2.1AI score
Exploits0
Rows per page
Query Builder