Sliver - Implant Framework

Sliver is a general purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTPS, and DNS. Implants are dynamically compiled with unique X.509 certificates signed by a per-instance certificate authority generated when you first run the binary. The server, client, and implant a...

The vulnerability of the microprogrammed logic controller Modicon Quantum, related to errors in code generation, allows a intruder to unauthorizedly modify the built-in software and cause malfunctions during maintenance.

The vulnerability of the microprogrammed programmable logic controller Modicon Quantum is related to errors in code generation. Exploiting this vulnerability allows an intruder to unauthorizedly modify the built-in software and cause malfunctions using the Modbus protocol...

The vulnerability of the CAPICOM cryptographic module, related to errors in code generation, allows a perpetrator to execute arbitrary code.

The vulnerability of the CAPICOM cryptographic module is related to errors in code generation control. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Intel Converged Security and Manageability Engine and the Intel Trusted Execution Engine, related to improper code generation management, allows attackers to enhance their privileges.

The vulnerability of the Intel Converged Security and Manageability Engine and the Intel Trusted Execution Engine is related to incorrect code generation management. Exploitation of this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the RichFaces library, related to errors in code generation, allows attackers to execute arbitrary Java code.

The vulnerability of the RichFaces library is related to errors in code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary Java code with privileges of the target server...

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Enterprise Server, and the Microsoft SharePoint Foundation software for electronic document management relates to errors in code generation, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Enterprise Server, and the Microsoft SharePoint Foundation software relates to errors in code generation. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

CVE-2018-19002

LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash...

The vulnerability of the PDFInfo plugin of the SpamAssassin software for spam filtering allows a hacker to execute arbitrary code.

The vulnerability of the PDFInfo plugin of the SpamAssassin filtering software relates to errors in code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

[SECURITY] Fedora 28 Update: CuraEngine-lulzbot-3.2.23-1.fc28

CuraEngine-lulzbot is a C++ console application for 3D printing G-code gene ration. It has been made as a better and faster alternative to the old Skeinforge engi ne. This is just a console application for G-code generation. For a full graphi cal application look at cura-lulzbot which is the...

The vulnerability of the map/reduce function implementation in the PouchBD database allows a hacker to execute arbitrary code.

The vulnerability of the map/reduce function implementation in the PouchBD database is related to deficiencies in code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code or system commands remotely...

Remote Code Execution (RCE)

microsoft.chakracore is vulnerable to remote code execution. This happens because it allows redeferral of functions during byte code generation.This CVE ID is different from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800,...

The vulnerability of the conference communication component in Telecommunications Systems Mitel Connect OnSite and ST14.2 allows a intruder to execute arbitrary code.

The vulnerability of the conference communication components in Mitel Connect OnSite and ST 14.2 systems relates to improper code generation. Exploiting this vulnerability allows an attacker to inject arbitrary code into the generated PHP file and execute it using specially crafted requests to th...

The vulnerability of the executable file RunExeFile.exe of the DEWESoft data collection and processing software allows a perpetrator to execute arbitrary code.

The vulnerability of the RunExeFile.exe executable file of the DEWESoft data collection and processing software is related to improper code generation management. Exploiting this vulnerability allows an attacker who operates remotely to execute internal commands or execute arbitrary code...

The vulnerability of the conference communication component in Telecommunications Systems Mitel Connect OnSite and ST14.2 allows a intruder to execute arbitrary code.

The vulnerability of the conference communication components in Mitel Connect OnSite and ST 14.2 systems relates to improper handling of code generation. Exploiting this vulnerability allows a malicious actor to inject arbitrary code into the generated PHP files and execute it using specially...

The vulnerability of the conference communication component in Telecommunications Systems Mitel Connect OnSite and ST14.2 allows a intruder to execute arbitrary code.

The vulnerability of the conference communication components in Mitel Connect OnSite and ST 14.2 systems is related to improper code generation. Exploiting this vulnerability allows an attacker to inject arbitrary code into the generated PHP files and execute it using specially crafted requests t...

Information disclosure

Edger8r tool in the Intel SGX SDK before version 2.1.2 Linux and 1.9.6 Windows may generate code that is susceptible to a side channel potentially allowing a local user to access unauthorized information...

The vulnerability of the Junos operating system, related to improper code generation, allows a perpetrator to execute arbitrary code or cause service failures.

The vulnerability of the Junos operating system is related to incorrect code generation management. Exploiting this vulnerability allows a malicious actor to enhance their privileges and gain full control over the device by executing arbitrary commands or code on the target device. Alternatively,...

CVE-2016-5397

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...

CVE-2016-5397

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...

UBUNTU-CVE-2016-5397

The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0...