PolarisOffice 缓冲区错误漏洞

Polaris Office is an application from Polaris Office, a South Korean company that provides greater convenience by improving file opening speed, storage reliability and printing performance. A security vulnerability exists in PolarisOffice v9.103.83.44230, which originates from PolarisOffice...

PT-2021-7837 · Rockwell Automation · Isagraf Runtime

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ISaGRAF Runtime versions 4.x through 5.x Description: The issue concerns the storage of passwords in plaintext within a file located in the same directory as the executable file. This file is read by ISaGRAF Runtime, and t...

CVE-2021-33879

Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only...

CVE-2021-33879

Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only...

Design/Logic Flaw

Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only...

CVE-2021-33879

Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only...

Tencent GameLoop 安全漏洞

Tencent GameLoop is an Android emulator from Tencent, a Chinese company. It enables players to play Android games on their computers. Tencent GameLoop before 4.1.21.90 suffers from a security vulnerability that originates from a malicious attacker in the MITM position that can be exploited to spo...

Revisiting the NSIS-based crypter

This blog post was authored by hasherezade NSIS Nullsoft Scriptable Install System is a framework dedicated to creating software installers. It allows to bundle various elements of an application together i.e. the main executable, used DLLs, configs, along with a script that controls where are th...

CVE-2021-31703

Frontier ichris through 5.18 allows users to upload malicious executable files that might later be downloaded and run by any client user...

Code injection

Frontier ichris through 5.18 allows users to upload malicious executable files that might later be downloaded and run by any client user...

Frontier ichris 代码问题漏洞

Frontier ichris is an application from Frontier Australia. A payroll software. A security vulnerability exists in Frontier ichris version 5.18 that allows users to upload malicious executable files that could later be downloaded and run by any client user. No details of the vulnerability are...

Backdoor.Win32.NerTe.772 Authentication Bypass / Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/464d7073f884b586b17950eef2908a6e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NerTe.772 Vulnerability: Authentication Bypass RCE Description: The malware listens o...

Node.js: Node Installer Local Privilege Escalation

Node is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking. To demonstrate thi...

[SECURITY] Fedora 33 Update: upx-3.96-9.fc33

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

[SECURITY] Fedora 34 Update: upx-3.96-9.fc34

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

UBUNTU-CVE-2021-30500

Null pointer dereference was found in upx PackLinuxElf::canUnpack in plxelf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file...

Fedora: Security Advisory for upx (FEDORA-2021-737766a313)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for upx (FEDORA-2021-ceb9db8de0)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Design/Logic Flaw

An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors...

CVE-2021-26032 [20210501] - Core - Adding HTML to the executable block list of MediaHelper::canUpload

An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors...