CaptfEncoder - An Extensible Cross Platform Network Security Tool Suite

Captfencoder is an extensible cross platform network security tool suite, providing network security related code conversion, classical cryptography, cryptography, asymmetric encryption, special coding, miscellaneous tools, and aggregating all kinds of online tools. CaptfEncoder all functions...

CVE-2021-38510

The executable file warning was not presented when downloading .inetloc files, which, due to a flaw in Mac OS, can run commands on a user's computer.Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.. This vulnerability affects Firefox 94, Thunderbird...

CVE-2021-38510

CVE-2021-38510 describes a Mac‑OS specific flaw where the executable file warning was not shown when downloading .inetloc files, which can cause commands to run on a user’s computer. Affected products and versions from the provided documents: Mozilla Firefox (Mac) < 94, Thunderbird < 91.3, ...

Exploit for Missing Authentication for Critical Function in Zohocorp Manageengine_Servicedesk_Plus

CVE-2021-44077 Proof of Concept Exploit for CVE-2021-44077: Pr...

DLLHijackingScanner - This Is A PoC For Bypassing UAC Using DLL Hijacking And Abusing The "Trusted Directories" Verification

This is a PoC for bypassing UAC using DLL hijacking and abusing the "Trusted Directories" verification. Generate Header from CSV The python script CsvToHeader.py can be used to generate a header file. By default it will use the CSV file dllhijackingcandidates.csv that can be found here:...

The vulnerability of the Windows Installer installer service on the Windows operating system allows a hacker to increase their privileges.

The vulnerability of the Windows Installer installer service stems from deficiencies in the handling of group access policies. Exploiting this vulnerability can allow an attacker to enhance their privileges by executing a specially crafted executable file...

Backdoor.Win32.Vernet.axt Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/f529d60abbdafccce3dc5e5ffd6cdfa6.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Vernet.axt Vulnerability: Insecure Permissions Description: The malware writes an .EX...

Elecom Edwrc Operating System OS Command Injection Vulnerability

The Elecom Edwrc is a series of routers from Elecom Japan. The Elecom Edwrc suffers from an operating system command injection vulnerability that originates from a network system or product not properly filtering specific elements of the data entered externally to the ELECOM router during the...

The vulnerability of the TightVNC Viewer (tvnviewer.exe) component of the TightVNC remote desktop access system allows a hacker to execute arbitrary code.

The vulnerability of the TightVNC Viewer tvnviewer.exe component of the TightVNC remote desktop access system is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the command-line utility reg.exe, a tool for development and automatic updates of VMware InstallBuilder installer for Windows operating systems, allows a malicious individual to execute arbitrary commands.

The vulnerability of the command-line utility reg.exe, a tool for development and automatic updates of VMware InstallBuilder installer for Windows operating systems, is related to errors in the mechanism for checking pathfinding for dynamically linked libraries. Exploiting this vulnerability coul...

Zoom Client < 5.5.4 Signature Bypass Vulnerability (ZSB-21016) - Windows

The Zoom Client is prone to a signature bypass vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

F-Secure AV parsing engine 安全漏洞

F-secure F-Secure AV parsing engine is an antivirus reconnaissance engine from the Finnish company F-Secure F-Secure. A security vulnerability exists in the F-Secure antivirus engine, which can be exploited to cause a denial of service by an attacker to decompress UPX files...

openSUSE 15 Security Update : MozillaFirefox (openSUSE-SU-2021:3745-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3745-1 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing...

The vulnerability of the R8000 router software allows a hacker to re-record the executable files.

The vulnerability of the R8000 router software is related to the possibility of executing arbitrary code in NETGEAR devices. Exploiting this vulnerability could allow a remote attacker to re-record the executable files...

GHSA-364W-9G92-3GRQ Withdrawn: Laravel Framework does not sufficiently block the upload of executable PHP content.

Withdrawn This advisory has been withdrawn after the maintainers of Laravel noted this issue is not a security vulnerability with Laravel itself, but rather a userland issue. Original CVE based description Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP...

Laravel Framework has an unspecified vulnerability

Laravel Framework is a PHP-based web application development framework from Taylor Otwell, a personal developer.A security vulnerability exists in versions of Laravel Framework prior to 8.70.2, which stems from the fact that the framework does not adequately prevent the upload of executable PHP...

The vulnerability of the BKHOdeq.exe component in Yokogawa’s software products allows a hacker to execute arbitrary code with user privileges of the CENTUM system.

The vulnerability of the “BKHOdeq.exe” service in Yokogawa’s software products is caused by a buffer overflow based on a stack. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code with user privileges of CENTUM, by sending a specially created package to...

CVE-2021-41091

A file permissions vulnerability was found in the Moby Docker Engine. The Moby data directory usually /var/lib/docker contains subdirectories with insufficiently restricted permissions, allowing unprivileged Linux users to traverse directory contents and execute programs. When the running contain...

VulnCheck KEV: CVE-2012-0151

The Authenticode Signature Verification function in Microsoft Windows WinVerifyTrust does not properly validate the digest of a signed portable executable PE file, which allows user-assisted remote attackers to execute code...

CVE-2021-43617

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for...