The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
#PHISHING

Follow the latest phishing trends by reading articles published by the CanIPhish team.

Analyse suspicious files, domains, IPs and URLs to detect malware and other breaches, automatically share them with the security community.

Analyze suspicious emails with Tines & urlscan. Forward a suspicious email (or an .eml attachment) to scan@phish.ly, Tines will automatically analyze the URLs with urlscan and send you a report.

Enter a domain or URL into the search engine to view details about its current URL categories. To request recategorization of this website, click Request Change below the search results.

Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection. The list of websites below allow attackers to use their domain or subdomain.

The quiz for phishing. Can you spot when you’re being phished? Identifying phishing can be harder than you think. Phishing is an attempt to trick you into giving up your personal information by pretending to be someone you know. Can you tell what's fake?