Many exploit kits, when connecting to HTTP servers for malware download, use a non-dotted decimal IP literal as the server name. Using such notation may be indicative of malware download.
Category Archives: Checkpoint
Checkpoint
KaiXin Exploit Kit
KaiXin exploit kit is a web exploit kit that operates by delivering malicious payload to the victim’s computer. Remote attackers can infect users with KaiXin exploit kit by enticing them to visit a malicious web page. Successful infection will allow the attacker to perform Remote Code Execution on the victim’s computer.
Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow (CVE-2017-7269)
A buffer overflow exists in Microsoft Internet Information Services 6.0. The vulnerability is due to improper validation of a long header in HTTP request. A remote attacker could exploit this vulnerability by sending a crafted request over a network to the vulnerable application. Successful exploitation could result in denial of service conditions or execute arbitrary code on the target machine.
Adobe Acrobat and Reader Heap Overflow (APSB17-01: CVE-2017-2971)
A code execution vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to heap overflow vulnerability in the JPEG decoder routine. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted JPEG file.
Microsoft Windows iSNS Server Memory Corruption (MS17-012: CVE-2017-0104)
A memory corruption vulnerability exist in Windows iSNS Server. The vulnerability is due to incorrect input validation of malformed attribute in iSNS packet. A remote attacker can exploit this vulnerability to execute arbitrary code on the server.
Trend Micro Control Manager Widget importFile.php Directory Traversal
A directory traversal vulnerability has been reported in Trend Micro Control Manager. This vulnerability is caused by improper sanitization of directory traversal characters by importFile php. A remote, unauthenticated attacker could exploit this vulnerability by uploading arbitrary files onto the vulnerable server.server.
Trend Micro Control Manager download.php Information Disclosure
An information disclosure vulnerability exists in Trend Micro Control Manager. The vulnerability is due to security misconfiguration which allows access to the unreferenced download.php file, which in turn allow reading of the arbitrary files.
CakePHP Cache Corruption Code Execution (CVE-2010-4335)
A remote code execution vulnerability exists in CakePHP. The vulnerability is due to the way the security component of CakePHP fails to validate user input. A remote attacker can exploit this issue by sending a specially crafted HTTP request.
CMSmap Security Scanner
CMSmap is a dedicated vulnerability scanning product for Content Management Systems. Remote attackers can use CMSmap to detect vulnerabilities on a target server.
WeBid converter.php Remote PHP Code Execution
A remote code execution vulnerability exists in WeBid. The vulnerability is due to the way WeBid handles injected PHP code in the includes/currencies.php script without any authentication. A remote attacker can exploit this issue by sending a specially crafted HTTP request.