CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
This strike exploits a vulnerability in the TerraMaster NAS device. This device allows for the option to pass command line arguments to the system during the creation of a user but does not properly validate the arguments passed via the groupname parameter. It is possible to execute system commands as a root user on a vulnerable device.
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
This strike exploits a command injection vulnerability in Centreon 19.10. The vulnerability is due to improper validation of the server_ip parameter in a HTTP request. An authenticated attacker could exploit this by sending a maliciously crafted request to the server. A successful attack may result in arbitrary command execution in the context of the server process.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
This strike simulates a phishing email that has been seen in the wild during the COVID-19 pandemic. This specific phishing attempt is related to the Hancitor April 2020 malware campaign and tries to trick the user into clicking a malicious link by using COVID-19 insurance as a lure. From the headers we can see the header was originally sent from a Russian TLD which has been associated with other...
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the TerraMaster NAS device. This device allows for the option to pass command line arguments to the system during the creation of a user but does not properly validate the arguments passed. It is possible to execute system commands as a root user on a vulnerable device.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
A memory corruption vulnerability has been reported in Windows Media Foundation component of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted ASF media file. Successful exploitation could result in the execution of arbitrary code within the context of the user running...
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
A memory corruption vulnerability has been reported in Windows Media Foundation component of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted QuickTime media file. Successful exploitation could result in the execution of arbitrary code within the context of the user...
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
A remote command injection vulnerability exists in D-Link DIR-859 routers due to lack of user input validation. By exploiting the flaw, a remote unauthenticated attacker may execute arbitrary system commands by sending a crafted UPnP SUBSCRIBE request.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
A command injection vulnerability exists in ASUSWRT firmware version 3.0.0.4.382.50624 and earlier. The flaw results from lack of user input validation for HTTP parameters on the appGet.cgi path. By sending a crafted hook parameter, a remote attacker may execute arbitrary OS commands as the root user.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the TerraMaster NAS device. This device allows for the option to pass command line arguments to the system during the creation of a user but does not properly validate the arguments passed via the password parameter. It is possible to execute system commands as a root user on a vulnerable device.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in Apple Safari WebKit. Specifically the vulnerability exists in WebKits WebCore::FormSubmission::create method. An attacker can craft javascript in such a way that when invoking the create method in a form a Use-After-Free condition can occur. This can lead to a denial of service or potentially allow for remote code execution on the vulnerable system.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An out-of-bounds read vulnerability exists in OpenSMTPD versions before 6.6.4 due to a logical flaw, causing a server to read multi-line error messages. The attacker-controlled message error may contain directives that get stored in an envelope file, then executed by the vulnerable server. An attacker may obtain command execution or escalate privileges by either causing a vulnerable server to bounce...
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in Apple Safari WebKit. Specifically the vulnerability exists in WebKits WebCore::RenderObject::previousSibling method. An attacker can craft javascript in such a way that when invoking the create method in a form a Use-After-Free condition can occur. This can lead to a denial of service or potentially allow for remote code execution on the vulnerable system....
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An unauthenticated remote command injection vulnerability exists in DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, Vigor300B 1.3.3_Beta, 1.4.2.1_Beta and 1.4.4_Beta routers, due to lack of user input sanitization. By sending a crafted 'keyPath' HTTP parameter, a remote unauthenticated attacker may execute commands as the system's superuser.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
This strike exploits a stack-based buffer overflow vulnerability in Memcached. This vulnerability is due to a lack of bounds checking in the 'try_read_command_binary' function while processing binary commands. A remote, unauthenticated attacker could exploit this vulnerability by sending a specially crafted packet to the vulnerable service. Successful exploitation could result in code...
CVSS: 9.0 (AV:N/AC:L/Au:N/C:P/I:P/A:C)
An OS command injection vulnerability exists in Dell KACE K1000 versions before 6.4.120822, due to lack of sanitization of user-supplied data. By sending a crafted kuid parameter in a HTTP request to /service/krashrpt.php, a remote unauthenticated attacker may execute arbitrary OS commands as the user www.
This strike simulates Andariel-2019 Command and Control traffic after installing ApolloZeus Loader module. This Strike sends data over TCP port 443, although many packet capture tools like Wireshark will call this encrypted data, this is not actually SSL Encrypted Data. These are encrypted/encoded command and control exchanges, but they are not SSL.
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
This strike exploits a script injection vulnerability in Apache Solr via dataConfig parameter in the DataImportHandler module. DataImportHandler DIH module allows the user to pull in data from databases and other sources. The dataConfig parameter allows to specify the entire DIH config as a request parameter. Since a DIH config can contain scripts, this allows the attacker to construct a threatening...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
A PHP code injection vulnerability exists in Horde Groupware Webmail Edition 5.2.22 due to lack of user-supplied data sanitization. Remote authenticated attackers may send a crafted 'quote' parameter in a HTTP request to 'mnemo/data.php' to achieve PHP code execution.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a virtualenv variable path loading vulnerability inside Microsoft Visual Code Studio. Specifically, the vulnerability is due to how VSCode selects and loads the virtualenv from a project folder. This project folder can be loaded without user interaction only requiring for the user to click on the python .py file to execute the code. By adding a malicious folder to the workspace...
CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
A type confusion vulnerability exists in V8 JavaScript engine in Google Chrome prior to 80.0.3987.122. The vulnerability may be triggered by changing array elements types (e.g. from SmallInteger to Double) after optimization takes place. By successfully exploiting this flaw, an attacker can execute arbitrary code in the context or the Chrome's 'renderer' process.
Pages