116 matches found
CVE-2024-44083
ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked. NOTE: in many use cases, this is an inconvenience but not a security issue...
Hex Rays IDA Pro 安全漏洞
Hex Rays IDA Pro is a powerful disassembler and a versatile debugger from Hex Rays Belgium. It is commonly used for reverse engineering. A security vulnerability exists in Hex Rays IDA Pro 8.4 and earlier versions, which stems from a possible crash of ida64.dll when processing a code section with...
CVE-2024-44083
CVE-2024-44083 affects Hex-Rays IDA Pro (IDA64.dll)
PT-2024-30940
Name of the Vulnerable Software and Affected Versions Hex-Rays IDA Pro versions 8.4 and earlier Description The issue occurs when there is a section with many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked, causing ida64.dll in Hex-Ra...
CVE-2024-36409
SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue...
CVE-2024-36409
CVE-2024-36409 affects SuiteCRM before versions 7.14.4 and 8.6.1, where poor input validation enables an SQL Injection at the Tree data entry point. The root cause is inadequate input validation in the Tree entry point, allowing crafted input to alter database queries. Public advisories consisten...
CVE-2024-36409 SuiteCRM authenticated SQL Injection in TreeData entrypoint
SuiteCRM is an open-source Customer Relationship Management CRM software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue...
CVE-2024-35803
In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stack needs to b...
zMeedA
It is an offensive tool for Windows. The repository appears to b...
GHSA-69P4-J5V5-X234 Server/API for Vela Insecure Variable Substitution
Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...
Exploit for Forced Browsing in Fortra Goanywhere_Managed_File_Transfer
It is an exploit module targeting the GoAnywhere MFT vulnerabili...
Malvertisers zoom in on cryptocurrencies and initial access
During the past month, we have observed an increase in the number of malicious ads on Google searches for "Zoom", the popular piece of video conferencing software. Threat actors have been alternating between different keywords for software downloads such as "Advanced IP Scanner" or "WinSCP"...
CVE-2023-37142
ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::EntryPointInfo::HasInlinees...
ChakraCore 资源管理错误漏洞
ChakraCore is a chakra-core open source JavaScript engine with C API. ChakraCore has a security vulnerability that stems from the inclusion of a segmentation violation in the function Js::EntryPointInfo::HasInlinees...
SUSE CVE-2021-38578
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize...
OESA-2022-2122 edk2 security update
EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.CVE-2021-38578...
Malicious Package
Overview @kraken-frontend/entry-point is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...
CVE-2022-28782
Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability...
UBUNTU-CVE-2021-38578
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize...
ImpulsiveDLLHijack - C# Based Tool Which Automates The Process Of Discovering And Exploiting DLL Hijacks In Target Binaries
C based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during RedTeam Operations to evade EDR's. 1. Methodological Approach : The tool basically acts on automating following stages performed for...