PT-2024-32867 · Extract +1 · Textract +1

Name of the Vulnerable Software and Affected Versions: Extract versions prior to 4.0.0 Description: A maliciously crafted archive may allow an attacker to create a symlink outside the extraction target directory. This issue can be exploited by using a specially crafted archive in zip, tar.gz, or...

emlog 安全漏洞

emlog is a PHP and MySQL based CMS website builder for emlog individual developers. A security vulnerability exists in emlog versions prior to v2.3.15, which stems from the presence of a Remote Code Execution RCE vulnerability that allows an attacker to gain system privileges by uploading a...

Canon IR-Adv Password Extractor

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Canon IR-Adv Password Extractor', 'Description' = %q This module will extract the passwords from address books on various Canon IR-Adv mfp device...

Cambium EPMP 1000 Ping Password Hash Extractor

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cambium ePMP 1000 'ping' Password Hash Extractor up to v2.5", 'Description' = % This module exploits an OS Command Injection vulnerability in...

Xerox Workcentre 5735 LDAP Service Redential Extractor

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xerox Workcentre 5735 LDAP Service Redential Extractor', 'Description' = %q This module extract the printer's LDAP username and password from Xer...

Exploit for CVE-2022-30190

Follina-CVE-2022-...

Malicious code in css-rule-extractor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 53e9ced95ce8313baa1160e05f65af9e6247750f6dbd09fcaf40d1ded1874a86 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-7429 Malicious code in css-rule-extractor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 53e9ced95ce8313baa1160e05f65af9e6247750f6dbd09fcaf40d1ded1874a86 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-20893

Improper input validation in libmediaextractorservice.so prior to SMR Jul-2024 Release 1 allows local attackers to trigger memory corruption...

BIT-MATTERMOST-2022-0904

A stack overflow bug in the document extractor in Mattermost Server in versions up to and including 6.3.2 allows an attacker to crash the server via submitting a maliciously crafted Apple Pages document...

Mhf - Mobile Helper Framework - A Tool That Automates The Process Of Identifying The Framework/Technology Used To Create A Mobile Application

Mobile Helper Framework is a tool that automates the process of identifying the framework/technology used to create a mobile application. Additionally, it assists in finding sensitive information or provides suggestions for working with the identified platform. How work? The tool searches for fil...

Updated xpdf packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Logic bug in text extractor led to invalid memory access. CVE-2022-30524 Integer overflow in rasterizer. CVE-2022-30775 PDF object loop in Catalog::countPageTree. CVE-2022-33108 PDF object loop in AcroForm::scanField. CVE-2022-36561 Logic bug in...

Metasploit Weekly Wrap-Up 01/12/24

New module content 1 Windows Gather Mikrotik Winbox "Keep Password" Credentials Extractor Author: Pasquale 'sid' Fiorillo Type: Post Pull request: 18604 contributed by siddolo Path: windows/gather/credentials/winboxsettings Description: This pull request introduces a new post module to extract th...

Windows Gather Mikrotik Winbox "Keep Password" Credentials Extractor

This module extracts Mikrotik Winbox credentials saved in the "settings.cfg.viw" file when the "Keep Password" option is selected in Winbox. Module Options msf use post/windows/gather/credentials/winboxsettings msf postwinboxsettings show actions ...actions... msf postwinboxsettings set ACTION ms...

tracker-miners security update

An update is available for tracker-miners. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Tracker is a powerful desktop-neutral first class object database,...

OESA-2024-1025 metadata-extractor2 security update

Metadata Extractor is a straightforward Java library for reading metadata from image files. Security Fixes: metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. This could be used to mount a...

ALSA-2023:7732 Important: tracker-miners security update

Tracker is a powerful desktop-neutral first class object database, tag/metadata database and search tool. This package contains various miners and metadata extractors for tracker. Security Fixes: tracker-miners: sandbox escape CVE-2023-5557 For more details about the security issues, including th...

CVE-2023-42721

In flv extractor, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed...

CVE-2023-42721

In flv extractor, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed...

Input validation

In flv extractor, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed...