Summary: A new fish in town with two version of itself, a malware, that impacts Windows machines named Lucifer, is a powerful DDos based malware does crypto jacking and other such nefarious activities using old and new vulnerabilities. In actual, out of the two versions of Lucifer the second sample was compiled on Thursday, June 11, 2020 caught by Palo Alto Networks Next-Generation … Continue reading “Lucifer malware multiple DDoS vulnerabilites (CVE-2019-9081, CVE-2014-6287, CVE-2018-1000861, CVE-2017-10271, CVE-2018-20062, CVE-2018-7600, CVE-2017-9791, CVE-2019-9081, CVE-2017-0144, CVE-2017-0145, CVE-2017-8464)”
Tag: CVE-2018-20062
ThinkPHP Remote Code Execution Vulnerability(CVE-2018-20062,CVE-2019-9082)
Vulnerability Overview Over the last few months, a remote code execution bug on Chinese open source framework ThinkPHP is being actively exploited by attackers to deliver a variety of malware. Poorly handled input is a leading cause behind the vulnerability. As a result, a remote attacker can send a crafted HTTP request to execute arbitrary … Continue reading “ThinkPHP Remote Code Execution Vulnerability(CVE-2018-20062,CVE-2019-9082)”
ThinkPHP Remote Code Execution Vulnerability
Recently, ThinkPHP released an advisory, for a high-risk remote code execution (RCE) vulnerability. The vulnerability exists because ThinkPHP framework improperly checks controller names. This may lead to possible getshell vulnerabilities without the forced routing enabled. A proof of concept (PoC) exploiting this vulnerability was also published soon after the advisory. The proof-of-concept code exploits a … Continue reading “ThinkPHP Remote Code Execution Vulnerability”