HackDig : Dig high-quality web security articles for hackers

The MITRE ATT&CK Framework: Execution

Of all the tactics that an adversary will take on in their campaign, none will be more widely abused than, Execution (https://attack.mitre.org/wiki/Execution). When taking into consideration off-the-shelf malware, traditional ransomware, or state of the art advanced persistent threat actors, all of them have execution in common. There’s a great quote from Al
Publish At:2020-03-31 08:17 | Read:419 | Comments:0 | Tags:Featured Articles MITRE Framework ATT&CK execution malware r

ImpressPages CMS 3.6 Multiple Vulnerabilities (XSS/SQLi/FD/RCE)

Input passed via several parameters is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and HTML/script code in a user’s browser session in context of an affected site. Input passed to the ‘files[0][file]‘ parameter in ‘/ip_
Publish At:2014-08-13 01:56 | Read:5461 | Comments:0 | Tags:Internal advisory apache arbitrary CMS code delete deletion

ACE Stream Media 2.1 (acestream://) Format String Exploit PoC

ACE Stream Media (Ace Player HD) is prone to a remote format string vulnerability because the application fails to properly sanitize user-supplied input thru the URI using the ‘acestream://’ protocol before including it in the format-specifier argument of a formatted-printing function. A remote attacker may exploit this issue to execute arbitrary
Publish At:2014-08-13 01:56 | Read:9741 | Comments:0 | Tags:Internal ace acestream address advisory code denial of servi


Share high-quality web security related articles with you:)


Tag Cloud