Collaborate Disseminate
I have ThinkPHP wordpress garbage coming at my server https://medium.com/@knownsec404team/analysis-of-thinkphp5-remote-code-execution-vulnerability-5de8a0afb2d4
, for example:
/public/index.php?s=index/%5Cthink%5Capp/invokefunction&fun… Continue reading ThinkPHP show my website as the req.host – did the request really come from my web server?
The National Security Agency on Tuesday said it alerted Microsoft to a fresh batch of critical vulnerabilities that hackers could exploit to remotely compromise the Exchange Server email software program. Microsoft said that it hadn’t see any hacks using the vulnerabilities on its customers, but the news comes at a time of heightened concern over bugs in Exchange Server. Microsoft on March 2 revealed that suspected Chinese spies had exploited another set of flaws in Exchange Server to siphon off emails from targeted U.S. organizations. A bevy of opportunistic cybercriminals proceeded to exploit those vulnerabilities, to which tens of thousands of U.S. businesses and state and local organizations were reportedly exposed. The latest software bugs that the NSA discovered are in the 2013, 2016 and 2019 versions of Exchange Server. Microsoft said that the vulnerabilities, if exploited, could allow an attacker to execute code remotely on a target computer. Like […]
The post NSA says it found new critical vulnerabilities in Microsoft Exchange Server appeared first on CyberScoop.
Continue reading NSA says it found new critical vulnerabilities in Microsoft Exchange Server
In my environment, I use Kaspersky for Windows Server and I have scans enabled in my environment to perform throughout the day. I’ve come across a potential exploit; CMD:HEUR:Win32.Generic and it points to the path where powershell.exe is … Continue reading Infected or Other Object Detected [closed]
What happens when tens of thousands of back doors have been opened? Priceless data and corporate IP stolen, espionage, but by far the most prevalent threat will be ransomware. Strap in tight – the $50M Acer ransomware attack is just the beginning…. Continue reading Tick … Tick … Boom
Is it possible to gain code execution on a machine through access to CIFS service? And if so, how? In my case, I have a valid Kerberos TGS to CIFS service running on a host and I am able to copy and download files. I want to get a shell au… Continue reading How to gain code execution through access to CIFS service on Windows?
F5 Networks, a leading provider of enterprise networking equipment, disclosed four critical vulnerabilities and 17 others on Wednesday as the recent parade of major flaws needing patches marches ahead. Three of the vulnerabilities would allow hackers to remotely execute code on target networks. It’s the second time in in two years that F5 has disclosed such a flaw. In 2020, both Cyber Command and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued warnings about the earlier reported vulnerabilities. F5 joins Microsoft, SolarWinds and Accellion on the list of companies that have needed to release major patches in recent months. In the case of F5 so far, “We are not aware of any active exploits for these vulnerabilities,” spokesperson Rob Gruening said. The flaws affect both the F5 BIG-IP local traffic manager and BIG-IQ centralized management software. The company announced fixes for all of the vulnerabilities. Despite the […]
The post F5 releases patches for nearly two dozen vulnerabilities, some critical appeared first on CyberScoop.
Continue reading F5 releases patches for nearly two dozen vulnerabilities, some critical
I recently had a breach on my site (laravel), i got aware of it after i tried to pull the code from github and found out that some files were modified.
files modified were mostly storage – logs/cache and index.php had error_reporting(E_ALL… Continue reading Is there any way an attacker can access the server and modify the site (php) code?
Researchers at security firm Trustwave on Wednesday disclosed two critical vulnerabilities in the same software that suspected Russian spies have exploited to infiltrate multiple U.S. government agencies. One of the bugs could offer an attacker a similar level of control over the software made by federal contractor SolarWinds that the alleged Russians enjoyed, the researchers said. The analysis of SolarWinds’ Orion software platform — which is used by numerous Fortune 500 firms — illustrates the greater scrutiny the firm is under since disclosing the supply-chain hack. But it also shows the security benefits of having more outside researchers sift through Orion’s code. “As people were patching against the implant backdoor [used in the espionage campaign], this would provide the ability to get back into those systems, even though the backdoor had been removed,” Trustwave’s Karl Sigler said of one of the vulnerabilities, which could allow an attacker to remotely execute […]
The post SolarWinds issues patches for two new critical bugs found in Orion software appeared first on CyberScoop.
Continue reading SolarWinds issues patches for two new critical bugs found in Orion software
I’ve analyzed an app where I’ve found different vulnerabilities.
I could upload/overwrite, delete and download anything. All critical vulns, but I didn’t know how I could get rce without making damages. I thought that I could replace the e… Continue reading RCE on a server running nodejs
I am given a task to poc Bluekeep exploit. I have found a working exploit here which gave me two options, one is bluescreen which works fine for me but when I want a shell, target (windows server 2008 R2) resets the connection immediatel… Continue reading Server sends reset during TLS connection: Bluekeep POC