Search
Keyword: URL
CVE-2009-3985 �Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then
Downloads and execute arbitrary file (EXEC) - Executes command (GET) - Sends GET floods (HELP) - Print Commands (OPENURL) - Opens a URL using a hidden browser (POST) - Sends POST floods (QUIT) - Terminate
and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. sun jdk 1.5.0,sun jdk 1.6.0,sun jre 1.3.1_01,sun jre
state Lock workstation Display a message box Perform port mapping Capture screen Perform remote shell NOTES: It connects to the following URL to send and receive information: http://web.{BLOCKED
downloaded url file name}[1].txt - (example: %Temporary Internet Files%\Content.IE5\{random}\discreteness[1].txt) (Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and
downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: val prime Information Theft
\Microsoft\ Internet Explorer\SearchScopes DisplayName = "Google" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\SearchScopes URL = "http://www.google.com/cse?cx
usually C:\Windows\System32.) NOTES: This Trojan sets the system time to September 27, 2019, 09:04 AM. If there is an active Internet connection, it opens the browser to view the non-malicious URL
NOTES: It connects to the following URL to report its installation: http://api.{BLOCKED}right.com/rs This adware may display advertisements such as popups and banners in browsers. This adware accepts the
certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed on to it by its components: data jar lhost lport NOTES: This malware combines the two downloaded
of this writing, the files to be downloaded are not available in the server It connects to the following URL to report system information: http://{BLOCKED}neiro1.{BLOCKED}dagemdesites.ws/cisco.asp
downloaded files are exhibited on the affected system. It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following parameter(s) passed
Windows Server 2012.) NOTES: It connects the following URL to download data related to GeoIP: https://www.{BLOCKED}d.com/en/locate-my-ip-address The downloaded data should contain OCEANIA. The downloaded
it creates file and directory I - renames file to directory name J - creates folder from filename K - creates file and sets Last Modified to new time L - connects to URL passed in z1 M - executes file
the following URL and renames the file when stored in the affected system: http://{BLOCKED}hirrotaract.org/487ygfh?sFpvKJ=sFpvKJ http://{BLOCKED}livingph.com/487ygfh?sFpvKJ=sFpvKJ http://{BLOCKED
kdb wdb nv2 flkb sko xbrl sxc p12 tax It does the following: It connects to the following URL to report the affected system's information: http://{BLOCKED}plin.net/wordpress/wp-includes/oops.php?id
when visiting malicious sites. Other Details This Coinminer accepts the following parameters: -a, --algo=ALGO cryptonight (default) or cryptonight-lite -o, --url=URL URL of mining server -O, --userpass
)|sh Creates the following cronjob to enable automatic execution of a shell script found in the URL every 10 minutes: Path: /etc/cron.d/root Content: */10 * * * * root (curl -fsSL -m180
at every system startup: Extracted content of WindowsSecure.zip Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: https://
pending payment as translated. Another email uses a free mail account, informing the victim about a document on lawsuit related topics. It contains Google Drive and Google Docs URL that has a parameter of