PT-2022-6663 · Cisco · Cisco Secure Client

Name of the Vulnerable Software and Affected Versions: Cisco Secure Client formerly Cisco AnyConnect Secure Mobility Client versions affected versions not specified Description: A vulnerability in the client update process of Cisco Secure Client Software for Windows could allow a low-privileged,...

CVE-2022-38199

A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to launch a process in the victim's PATH environment. Current browsers provide users with warnings...

Email-Worm.Win32.Kipis.c MVID-2022-0652 File Write / Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/8d0df60c96e4011c312d61ed3e6dc70e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Email-Worm.Win32.Kipis.c Vulnerability: Remote File Write Code Execution Description: The...

Exploit for Cross-site Scripting in Helpsystems Cobalt_Strike

CVE-2022-39197-RCE First This project was modified from...

CVE-2022-42943

A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process...

CVE-2022-42937

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process...

CVE-2022-42933

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process...

CVE-2022-42939

A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process...

Autodesk Design Review 缓冲区错误漏洞

Autodesk Design Review ADR is a suite of AutoCAD drafting software assistance software from the American company Autodesk. The software supports viewing, marking, measuring, printing, and tracking changes to 2D and 3D design files. A security vulnerability exists in Autodesk Design Review version...

Autodesk Design Review 缓冲区错误漏洞

Autodesk Design Review ADR is a suite of AutoCAD drafting software assistance software from the American company Autodesk. The software supports viewing, marking, measuring, printing, and tracking changes to 2D and 3D design files. A security vulnerability exists in Autodesk Design Review version...

Autodesk Design Review 缓冲区错误漏洞

Autodesk Design Review ADR is a suite of AutoCAD drafting software assistance software from the American company Autodesk. The software supports viewing, marking, measuring, printing, and tracking changes to 2D and 3D design files. A security vulnerability exists in Autodesk Design Review version...

PT-2022-26671 · Autodesk · Designreview.Exe

Name of the Vulnerable Software and Affected Versions: DesignReview.exe affected versions not specified Description: A maliciously crafted dwf or .pct file consumed through the DesignReview.exe application could lead to a memory corruption issue due to a read access violation. This issue, when...

Autodesk Design Review 缓冲区错误漏洞

Autodesk Design Review ADR is a suite of AutoCAD drafting software assistance software from the American company Autodesk. The software supports viewing, marking, measuring, printing, and tracking changes to 2D and 3D design files. A security vulnerability exists in Autodesk Design Review version...

Zimbra Privilege Escalation Exploit

This Metasploit module exploits a vulnerable sudo configuration that permits the Zimbra user to execute postfix as root. In turn, postfix can execute arbitrary shellscripts, which means it can execute a root shell. This module requires Metasploit: https://metasploit.com/download Current source:...

CVE-2022-36438

AsusSwitch.exe on ASUS personal computers running Windows sets weak file permissions, leading to local privilege escalation this also can be used to delete files within the system arbitrarily. This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0...

CVE-2022-35059

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0414...

CVE-2022-35054

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6171b2...

CVE-2022-35050

OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b04de...

SAP 3D Visual Enterprise Author 缓冲区错误漏洞

SAP 3D Visual Enterprise Author is a desktop application from SAP Germany for managing 2D, 3D, animation, video and audio assets. SAP 3D Visual Enterprise Author suffers from a buffer overflow vulnerability that stems from a lack of proper memory management and can be exploited by attackers to Th...

SAP 3D Visual Enterprise Author 缓冲区错误漏洞

SAP 3D Visual Enterprise Author is a desktop application from SAP Germany for managing 2D, 3D, animation, video and audio assets. SAP 3D Visual Enterprise Author suffers from a buffer overflow vulnerability that stems from a lack of proper memory management and can be exploited by attackers to Th...