Codiad 2.8.4 - Remote Code Execution (Authenticated) Exploit (3)

Exploit Title: Codiad 2.8.4 - Remote Code Execution Authenticated 3 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: http://codiad.com/ Software Link: https://github.com/Codiad/Codiad/releases/tag/v.2.8.4 Version: 2.8.4 Tested on Xubuntu 20.04 CVE: CVE-2018-19423 ''' Description: Codiad 2.8...

Code injection

An issue was discovered in Acronis True Image 2020 24.5.22510. antiransomwareservice.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the GUI to antiransomwareservice.exe. This can be exploited to add an arbitrary malicious...

CVE-2020-9450

Affected product: Acronis True Image 2020 (build 24.5.22510). The issue lies in anti_ransomware_service.exe, whose REST API is exposed for GUI communication and is accessible to unprivileged users. This allows adding arbitrary executables to the whitelist or excluding an entire drive from monitor...

GHSA-X5C7-X7M2-RHMF Local directory executable lookup in sops (Windows-only)

Impact Windows users using the sops direct editor option sops file.yaml can have a local executable named either vi, vim, or nano executed if running sops from cmd.exe This attack is only viable if an attacker is able to place a malicious binary within the directory you are running sops from. As...

Local directory executable lookup in sops (Windows-only)

Impact Windows users using the sops direct editor option sops file.yaml can have a local executable named either vi, vim, or nano executed if running sops from cmd.exe This attack is only viable if an attacker is able to place a malicious binary within the directory you are running sops from. As...

Local directory executable lookup in sops (Windows-only)

Impact Windows users using the sops direct editor option sops file.yaml can have a local executable named either vi, vim, or nano executed if running sops from cmd.exe This attack is only viable if an attacker is able to place a malicious binary within the directory you are running sops from. As...

in tagspaces/tagspaces

Vulnerability Code Execution using Reflected Cross Site Scripting ✍️ Description Tagspaces is a file organizer that also works as a file manager. When you open a file, it tries to provide a preview of common files like images, code and text files. But if the extension is not known to tagspaces, it...

Design/Logic Flaw

In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the impersonation and modification of the library to execute code on the system. This was tested in Windows 7 x64/Windows 10 x64...

OPENSUSE-SU-2021:0750-1 Security update for ibsim

This update for ibsim fixes the following issues: - Hardening: link as position independent executable bsc1184123. This update was imported from the SUSE:SLE-15-SP2:Update update project...

Backdoor.Win32.Danton.43 Code Execution / Hardcoded Credentials

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/85f7ef2b6b8da9adb7723a13b91ac1c7.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Danton.43 Vulnerability: Weak Hardcoded Credentials RCE Description: The malware...

Security update for ibsim (low)

openSUSE Security Update: Security update for ibsim Announcement ID: openSUSE-SU-2021:0750-1 Rating: low References: 1184123 Affected Products: openSUSE Leap 15.2 An update that contains security fixes can now be installed. Description: This update for ibsim fixes the following issues: - Hardenin...

OPENSUSE-SU-2021:0745-1 Security update for ipvsadm

This update for ipvsadm fixes the following issues: - Hardening: link as position independent executable bsc1184988. This update was imported from the SUSE:SLE-15:Update update project...

SUSE-SU-2021:1606-1 Security update for ibsim

This update for ibsim fixes the following issues: - Hardening: link as position independent executable bsc1184123...

SUSE SLES15 Security Update : ibutils (SUSE-SU-2021:1597-1)

This update for ibutils fixes the following issues : Hardening: Link ibis executable with -pie bsc1184123. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much ...

UPX 缓冲区错误漏洞

UPX is an open source executable file packaging program that supports a variety of file formats from different operating systems. A heap buffer overflow vulnerability exists in UPX version 4.0.0. The vulnerability stems from an imperfect check in plxelf.cpp. No detailed vulnerability details are...

SUSE-SU-2021:1599-1 Security update for ipvsadm

This update for ipvsadm fixes the following issues: - Hardening: link as position independent executable bsc1184988...

SUSE-SU-2021:1597-1 Security update for ibutils

This update for ibutils fixes the following issues: - Hardening: Link ibis executable with -pie bsc1184123...

Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities (cisco-sa-anyconnect-code-exec-jR3tWTA6)

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execut...

Duplicate Advisory: "Arbitrary code execution in socket.io-file"

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6495-8jvh-f28x. This link is maintained to preserve external references. Original Description "The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows...

GHSA-FMF5-J5J9-99PP OS Command Injection in pulverizr

pulverizr through 0.7.0 allows execution of arbitrary commands. Within lib/job.js, the variable filename can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this...