Binary Vulnerability in Rising Antivirus V17

Rising Antivirus V17 utilizes Rising's most advanced quad-core antivirus engine with strong performance, which is capable of comprehensively checking and killing viruses and Trojans prevalent in the network. Rising Antivirus V17 suffers from a binary vulnerability. Attackers can use the...

Design/Logic Flaw

Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container...

CVE-2020-26260 Server Side Request Forgery in BookStack

BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server side requests and/o...

Russian APT28 Hackers Using COVID-19 as Bait to Deliver Zebrocy Malware

A Russian threat actor known for its malware campaigns has reappeared in the threat landscape with yet another attack leveraging COVID-19 as phishing lures, once again indicating how adversaries are adept at repurposing the current world events to their advantage. Linking the operation to a...

Blackrota Golang Backdoor Packs Heavy Obfuscation Punch

Researchers have discovered a new backdoor written in the Go programming language Golang, which turned their heads due to its heavy level of obfuscation. The backdoor, called Blackrota, was first discovered in a honeypot owned by researchers, attempting to exploit an unauthorized-access...

Code injection

Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to...

Code injection

An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions...

CVE-2020-28044

An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions...

New Flaws in Top Antivirus Software Could Make Computers More Vulnerable

Cybersecurity researchers today disclosed details of security vulnerabilities found in popular antivirus solutions that could enable attackers to elevate their privileges, thereby helping malware sustain its foothold on the compromised systems. According to a report published by CyberArk research...

New Flaws in Top Antivirus Software Could Make Computers More Vulnerable

Cybersecurity researchers today disclosed details of security vulnerabilities found in popular antivirus solutions that could enable attackers to elevate their privileges, thereby helping malware sustain its foothold on the compromised systems. According to a report published by CyberArk research...

Apache Superset Resource Management Error Vulnerability

Apache Superset is a suite of enterprise-class business intelligence Web applications from the Apache Apache Software Foundation in the United States. The program features data collection, data visualization and authentication. A resource management error vulnerability exists in Apache Superset...

CVE-2020-7311

Privilege Escalation vulnerability in the installer in McAfee Agent MA for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log files...

CVE-2020-7311

Privilege Escalation vulnerability in the installer in McAfee Agent MA for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log files...

CVE-2020-7311

Summary: CVE-2020-7311 is a privilege-escalation vulnerability affecting McAfee Agent (MA) for Windows, prior to version 5.6.6. The issue arises in the MA installer, where a local attacker can manipulate log files during installation to obtain SYSTEM-level rights. Affected component: McAfee Agent...

CVE-2020-6347

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...

CVE-2020-6330

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...

CVE-2020-6355

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...

CVE-2020-6335

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...

Huawei EulerOS: Security Advisory for nfs-utils (EulerOS-SA-2020-1871)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-7310

Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection MTP trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended file...