CVE-2024-25552

A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product...

Path traversal

A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product...

CVE-2024-25552 Wiesemann & Theis: Multiple products prone to unquoted search path

A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product...

CVE-2024-25552

CVE-2024-25552 is a local privilege escalation described as unquoted search path traversal affecting Wiesemann & Theis products (e.g., Com Redirector Legacy and related components). The core issue is an unquoted search path that allows a local attacker to place an executable in the affected produ...

Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems

The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index PyPI repository with the goal of infecting developer systems with malware. The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool. They have been...

Remote code execution

The Import any XML or CSV File to WordPress plugin before 3.7.3 accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator to upload an...

CVE-2023-7082 WP All Import < 3.7.3 - Admin+ Arbitrary File Upload to RCE

The Import any XML or CSV File to WordPress plugin before 3.7.3 accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator to upload an...

CVE-2023-49102

NZBGet 21.1 allows authenticated remote code execution because the unarchive programs 7za and unrar preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products...

CVE-2023-49102

NZBGet 21.1 allows authenticated remote code execution because the unarchive programs 7za and unrar preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products...

The vulnerability of the decode_line_info function in the dwarf2.c component of the GNU Binutils development environment allows a hacker to induce a service failure.

The vulnerability of the decodelineinfo function in the dwarf2.c component of the GNU Binutils development environment is related to reading data beyond the allowable buffer limits. Exploiting this vulnerability allows a remote attacker to trigger a service failure using a specially created ELF...

The vulnerability of the `find_abstract_instance_name` function in the `dwarf2.c` component of the GNU Binutils development environment allows a hacker to induce a service failure.

The vulnerability of the findabstractinstancename function in the dwarf2.c component of the GNU Binutils development environment is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability allows an attacker who operates remotely to trigger a service...

The vulnerability of the `apply_relocations` function in the `binutils/readelf.c` component of the GNU Binutils development environment allows a attacker to cause a service failure.

The vulnerability of the applyrelocations function in the binutils/readelf.c component of the GNU Binutils development environment is related to integer overflow. Exploiting this vulnerability allows an attacker, operating remotely, to cause a service failure through the use of a specially create...

The vulnerability of the decode_line_info function in the dwarf2.c component of the GNU Binutils development environment allows a hacker to induce a service failure.

The vulnerability of the decodelineinfo function in the dwarf2.c component of the GNU Binutils development environment is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability allows an attacker to trigger a service failure using a specially created...

The vulnerability of the _bfd_elf_slurp_version_tables function in the elf.c component of the GNU Binutils development environment allows a hacker to induce a service failure.

The vulnerability of the bfdelfslurpversiontables function in the elf.c component of the GNU Binutils development environment is related to the allocation of unlimited memory. Exploiting this vulnerability allows a remote attacker to trigger a service failure using a specially created ELF file...

The vulnerability of the _bfd_stab_section_find_nearest_line function in the syms.c component of the GNU Binutils development environment allows a attacker to cause a service failure.

The vulnerability of the bfdstabsectionfindnearestline function in the syss.c component of the GNU Binutils development environment is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to trigger a service failur...

The vulnerability in the `print_gnu_property_note` function of the `readelf.c` component of the GNU Binutils development environment allows a malicious actor to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the printgnupropertynote function in the readelf.c component of the GNU Binutils development environment is related to integer overflow. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

The vulnerability of the bfd_zalloc function in the opncls.c component of the GNU Binutils development environment allows a attacker to cause a service failure.

The vulnerability of the bfdzalloc function in the opncls.c component of the GNU Binutils development environment is related to the execution of an operation outside the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to trigger a service failure using a...

A cascade of compromise: unveiling Lazarus’ new campaign

Earlier this year, a software vendor was compromised by the Lazarus malware delivered through unpatched legitimate software. Whats remarkable is that these software vulnerabilities were not new, and despite warnings and patches from the vendor, many of the vendors systems continued to use the...

SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2023:4213-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4213-1 advisory. - It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an...

Fedora 38 : firefox (2023-7cdf31bb36)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7cdf31bb36 advisory. - Update to latest upstream 119.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...