Aggregator

CVE-2004-0842 | Microsoft Internet Explorer up to 6 Cascading Style Sheet heap-based overflow (MS04-038 / VU#291304)

Vuldb Updates
2 months 4 weeks ago
A vulnerability identified as critical has been detected in Microsoft Internet Explorer up to 6. Affected by this vulnerability is an unknown functionality of the component Cascading Style Sheet Handler. Performing manipulation results in heap-based buffer overflow. This vulnerability is identified as CVE-2004-0842. The attack can be initiated remotely. Additionally, an exploit exists. To fix this issue, it is recommended to deploy a patch.
vuldb.com

CVE-2004-0841 | Microsoft Internet Explorer up to 6 privileges management (VU#413886 / EDB-24266)

Vuldb Updates
2 months 4 weeks ago
A vulnerability was found in Microsoft Internet Explorer up to 6 and classified as critical. This impacts an unknown function. Such manipulation leads to improper privilege management. This vulnerability is traded as CVE-2004-0841. The attack may be launched remotely. Furthermore, there is an exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2004-2090 | Microsoft Internet Explorer up to 6 SP1 VBA File information disclosure (EDB-23668 / XFDB-15078)

Vuldb Updates
2 months 4 weeks ago
A vulnerability, which was classified as problematic, was found in Microsoft Internet Explorer up to 6 SP1. Affected by this vulnerability is an unknown functionality of the component VBA File Handler. Such manipulation leads to information disclosure. This vulnerability is documented as CVE-2004-2090. The attack can be executed remotely. Additionally, an exploit exists. It is best to exchange the affected component with an alternative.
vuldb.com

New FileFix Variant Delivers StealC Malware Through Multilingual Phishing Site

The Hackers News
2 months 4 weeks ago
Cybersecurity researchers have warned of a new campaign that's leveraging a variant of the FileFix social engineering tactic to deliver the StealC information stealer malware. "The observed campaign uses a highly convincing, multilingual phishing site (e.g., fake Facebook Security page), with anti-analysis techniques and advanced obfuscation to evade detection," Acronis security researcher Eliad
The Hacker News

New APT28 Attack Via Signal Messenger Delivers BeardShell and Covenant Malware

Cyber Security News
2 months 4 weeks ago

Late in the summer of 2025, cybersecurity researchers uncovered a sophisticated spearphishing campaign targeting Ukrainian military personnel via the Signal messaging platform. The operation, dubbed “Phantom Net Voxel,” begins with a malicious Office document sent through private Signal chats, masquerading as urgent administrative forms or compensation requests. Upon opening, the document’s embedded macros drop a […]

The post New APT28 Attack Via Signal Messenger Delivers BeardShell and Covenant Malware appeared first on Cyber Security News.

Tushar Subhra Dutta

HTB 靶机渗透总结之 Rebound

先知技术社区
2 months 4 weeks ago
Rebound,以域控环境为基础的疯狂难度靶机。关键是在逐步完成基础信息的枚举时,还要将密码喷洒拷票攻击、影子凭据技术、还有更高级别的委派攻击RBCD等技术结合到一起。甚至在靶机的部署中还开启了 LDAP 签名要求和通道绑定等加固手段,加大了脚本和自动化攻击的使用门槛。其中所涉及的技术是红队攻击的典型手段,是必须掌握的关键技能。

CVE-2025-7743 | Dolusoft Omaspot prior 12.09.2025 cleartext transmission (EUVD-2025-29544)

VulDB Recent Entries
2 months 4 weeks ago
A vulnerability, which was classified as problematic, was found in Dolusoft Omaspot. This impacts an unknown function. Such manipulation leads to cleartext transmission of sensitive information. This vulnerability is referenced as CVE-2025-7743. The attack needs to be initiated within the local network. No exploit is available. This product is a managed service. It is not possible for users to maintain vulnerability countermeasures themselves. You should upgrade the affected component.
vuldb.com

Managed ad