Cryptolocker ransomware drops a PE file in the AppDataRoaming directory which then tries to load a DLL named “netapi32.dll”. Therefore, we can drop our own DLL to intercept and terminate the malware pre-encryption. The exploit DLL checks if the current directory is “C:WindowsSystem32” and if not we grab our process ID and terminate. We do […]
Radamant ransomware tries to load a DLL named “PROPSYS.dll” and execute a hidden PE file “DirectX.exe” from the AppDataRoaming directory. Therefore, we can drop our own DLL to intercept and terminate the malware pre-encryption. The exploit DLL checks if the current directory is “C:WindowsSystem32” and if not we grab our process ID and terminate. We […]
http://ret2.go.th/readme.htm notified by AnonCoders
Tags: defacementCraft CMS version 3.7.36 suffers from a password reset poisoning vulnerability. An unauthenticated attacker who knows valid email addresses or account names of Craft CMS backend users is able to manipulate the password reset functionality in a way that the registered users of the CMS receive password reset emails containing a malicious password reset link.
Red Planet Laundry Management System version 1.0 suffers from a remote SQL injection vulnerability.
SAP Web Dispatcher suffers from an HTTP request smuggling vulnerability.
PHProjekt PhpSimplyGest and MyProjects version 1.3.0 suffer from a cross site scripting vulnerability.
This Metasploit module exploits an arbitrary file write in the debug log file option chained with a path traversal in the language settings that leads to remote code execution in ZoneMinder surveillance software versions before 1.36.13 and before 1.37.11
This Metasploit module exploits an arbitrary file write in the debug log file option chained with a path traversal in the language settings that leads to remote code execution in ZoneMinder surveillance software versions before 1.36.13 and before 1.37.11
Conti ransomware looks for and loads a DLL named “wow64log.dll” in WindowsSystem32. Therefore, we can drop our own DLL to intercept and terminate the malware pre-encryption. The exploit DLL will simply display a Win32API message box and call exit(). Our Conti.Ransom exploit DLL must export the “InterlockedExchange” function or it fails with an error. We […]