6810 matches found
Podcast: NSA Reports Major Crypto-Spoofing Bug to Microsoft
A major Microsoft crypto-spoofing bug impacting Windows 10 made waves this Patch Tuesday, particularly as the flaw was found and reported by the U.S. National Security Agency NSA. Microsoft’s January Patch Tuesday security bulletin disclosed the “important”-severity vulnerability, which could all...
Spoofing
A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...
CVE-2020-0601
A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...
CVE-2020-0601
A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...
CVE-2020-0601
A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...
CVE-2020-5509
PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image...
Windows CryptoAPI Spoofing Vulnerability
A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...
Elementor < 2.7.5 - Authenticated Arbitrary File Upload
The Elementor plugin version 2.7.4 and below was found to be vulnerable to an arbitrary file upload. Due to the application not handling zip files with directories properly an attacker could upload php files which were executable, this allowed any user able to import templates WordPress role...
CVE-2020-0601, aka NSACrypt
A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...
PT-2020-18486 · Phpgurukul · Phpgurukul Car Rental Project
Name of the Vulnerable Software and Affected Versions: PHPGurukul Car Rental Project version 1.0 Description: The issue allows for Remote Code Execution via an executable file in an upload of a new profile image. Recommendations: For PHPGurukul Car Rental Project version 1.0, consider restricting...
The vulnerability of the libld component in the library that handles system calls and core functions, glibc, allows a perpetrator to execute arbitrary code.
The vulnerability of the libld component in the library that provides system calls and core functions in glibc is related to insufficient input data validation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted ELF file...
Nord Security: nordvpn Linux Desktop executable application does not use pie / no ASLR
Summary: The nordvpn Linux binary application is not compiled as position independent code or position independent Executable. Steps To Reproduce: POC: $file /usr/bin/nordvpn /usr/bin/nordvpn: ELF 64-bit LSB executable, x86-64, version 1 SYSV, dynamically linked, interpreter...
Cisco NX-OS Software Secure Configuration Bypass (cisco-sa-20190515-nxos-conf-bypass)
According to its self-reported version, Cisco NX-OS Software is affected by a configuration bypass vulnerability due to a lack of proper validation of system files when the persistent configuration information is read from the file system. An authenticated, local attacker can exploit this, by...
CVE-2019-20362
In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3, an unquoted service path can cause execution of %PROGRAMFILESX86%\Teradici\PCoIP.exe instead of the intended pcoipvchanprintingsvc.exe file...
The vulnerability of the EPSetup.exe executable file of the McAfee Endpoint Security security tool allows a perpetrator to execute arbitrary code.
The vulnerability of the EPSetup.exe executable file of the McAfee Endpoint Security security tool is related to incorrect code generation. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
Updated radare2 packages fix security vulnerabilities
Updated radare2 packages fix security vulnerabilities: In radare2 through 3.5.1, there is a heap-based buffer over-read in the regglangparsechar function of egglang.c. This allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact because of...
CVE-2019-20343
The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element within a plugin element can specify an arbitrary program in an executable element and can also specify arbitrary command-line arguments in an arguments element...
Code injection
The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element within a plugin element can specify an arbitrary program in an executable element and can also specify arbitrary command-line arguments in an arguments element...
Updated upx packages fix security vulnerability
The updated package fixes security vulnerabilities: An Integer overflow in the getElfSections function in pvmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service crash via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an...
CVE-2014-8516
Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors...