Directory traversal

The Brizy Page Builder plugin = 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizycreateblockscreenshot AJAX action. The file would be named using the id parameter, which could be prepended with "../" to perform directory...

WordPress 插件代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress Plugins is an open source application plugin for WordPress. A code issue vulnerability exists in WordPress Plugins that...

FUSE - A Penetration Testing Tool For Finding File Upload Bugs

FUSE is a penetration testing system designed to identify Unrestricted Executable File Upload UEFU vulnerabilities. The details of the testing strategy is in our paper, "FUSE: Finding File Upload Bugs via Penetration Testing", which appeared in NDSS 2020. To see how to configure and execute FUSE,...

Exploit for Path Traversal in Microsoft

This repository is an exploit module for CVE-2021-40444, a remote code execution vulnerability in Microsoft Office Word. The repository contains a Python script exploit.py that generates a malicious docx document, a Windows DLL calc.dll that pops a calc.exe when executed, and a server script...

Medium: containerd

Issue Overview: A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended...

Backdoor.Win32.Yoddos.an Unquoted Service Path

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/bf2417bf23a3b7ae2e44676882b4b9dd.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Yoddos.an Vulnerability: Insecure Service Path Description: The malware creates a...

Backdoor.Win32.Bifrose.ahyg Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/d6aff119c03ff378d386b30b36b07a69.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Bifrose.ahyg Vulnerability: Insecure Permissions Description: The malware creates an...

Virus.Win32.Renamer.a Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/001fc372acc853aa1cf92588a43a7deb.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Virus.Win32.Renamer.a Vulnerability: Insecure Permissions Description: The malware creates an dir wi...

Backdoor.Win32.LolBot.gen Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/56a93a2a0a4c6a09e2761f2e0351b020.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.LolBot.gen Vulnerability: Insecure Permissions Description: The malware creates an...

CVE-2021-41092

Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running docker login my-private-registry.example.com with a misconfigured configuration file typically /.docker/config.json listing a credsStore or credHelpers that could not be...

CVE-2021-41103

containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory...

CVE-2021-41103

containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory...

CVE-2021-41103

containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory...

Trojan-Downloader.Win32.VB.abb Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/8f81373b0f0e6f60206a1a707de2ed77.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Downloader.Win32.VB.abb Vulnerability: Insecure Permissions Description: The malware creates ...

The vulnerability of the p_lx_elf.cpp component in the UPX executable file packaging mechanism, which involves reading data beyond the allowed buffer size, allows attackers to access confidential information and cause system failures.

The vulnerability of the plxelf.cpp component in the UPX executable file packaging tool is related to reading data beyond the allowed buffer size. Exploiting this vulnerability can allow an attacker to gain access to confidential data, as well as cause service interruptions...

OPENSUSE-SU-2021:1273-1 Security update for ghostscript

This update for ghostscript fixes the following issues: Security issue fixed: - CVE-2021-3781: Fixed a trivial -dSAFER bypass command injection bsc1190381 Also a hardening fix was added: - Link as position independent executable bsc1184123 This update was imported from the SUSE:SLE-15:Update upda...

SUSE-SU-2021:3044-1 Security update for ghostscript

This update for ghostscript fixes the following issues: Security issue fixed: - CVE-2021-3781: Fixed a trivial -dSAFER bypass command injection bsc1190381 Also a hardening fix was added: - Link as position independent executable bsc1184123...

OPENSUSE-SU-2021:3044-1 Security update for ghostscript

This update for ghostscript fixes the following issues: Security issue fixed: - CVE-2021-3781: Fixed a trivial -dSAFER bypass command injection bsc1190381 Also a hardening fix was added: - Link as position independent executable bsc1184123...

seatd-launch -- privilege escalation with SUID

Kenny Levinsen reports: seatd-launch used execlp, which reads the PATH environment variable to search for the requested executable, to execute seatd. This meant that the caller could freely control what executable was loaded by adding a user-writable directory to PATH. If seatd-launch had the SUI...

Tenable Network Security Nessus 输入验证错误漏洞

Tenable Network Security Nessus is an open source system vulnerability scanner from Tenable Network Security. Tenable Network Security Nessus Agent suffers from an input validation error vulnerability that stems from Nessus Agent version 8.3.0 and earlier versions were found to contain multiple...