Using process creation properties to catch evasion techniques

We developed a robust detection method in Microsoft Defender for Endpoint that can catch known and unknown variations of a process execution class used by attackers to evade detection. This class of stealthy execution techniques breaks some assumptions made by security products and enables...

Design/Logic Flaw

A vulnerability has been found in IVPN Client 2.6.6120.33863 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument --up cmd leads to improper privilege management. The attack needs to be approached locally. The exploit has been...

Wire Cross-Site Scripting Vulnerability (CNVD-2022-65920)

Wire is a chat software from the German company Wire. The software supports Web, WindowsiOS, Android, and OS X platforms, has group functionality, can make voice calls, send photos, and its original greeting method, PING. Wire has a cross-site scripting vulnerability that stems from insufficient...

Use After Free

A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev commit b5f1eacd and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2172-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2172-1 advisory. - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database aka dbx protection...

Unable to access ADC GUI while CLI is accessible.

ADC GUI is inaccessible. Ping and CLI is working. /Var folder was normal. Internal services are UP. GUI is enabled for NSIPif not use command : set ns ip -gui enabled...

CVE-2022-23080

In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery SSRF in the media upload functionality which allows a low privileged user to perform internal network port scans...

Redeem function can silently fail

Lines of code Vulnerability details Impact During the code review, It has been observed that return value of redeem function is not checked. Redeem operation can silently fail and the protocol can expect It is successfully executed. From compound, the comment can be seen from below. CErc20 / CEth...

Server side request forgery (ssrf)

In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery SSRF, in the “Import Recipe” functionality. When an attacker enters the localhost URL, a low privileged attacker can access/read the internal file system to access sensitive information...

ETH rescue does not work

Lines of code Vulnerability details Impact Both contracts InfinityExchange and InfinityStaker have a function rescueETH to allow an admin to rescue any ETH accidentally sent to the contracts. However, this ETH rescue functionality does not work. The code expects ETH to be sent to this function an...

All withdrawal functionality is paused when contract is paused

Lines of code Vulnerability details Impact When the strategy contract is paused, all withdrawal functionality will be paused. Based on the comments in MyStrategy.sol and baseStrategy.sol, withdrawToVault should not be affected by the pause functionality. This is not the case due to the...

WordPress Plugin iQ Block Country IP Spoofing Attack Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. An IP spoofing attack vulnerability exists in WordPress plugin iQ Block Country version 1.2.13 and prior versions, which stems from not properly...

Siemens SICAM GridEdge Resource Leakage Vulnerability

SICAM GridEdge enables your existing IEC61850 devices to have IoT functionality with just a few clicks.A resource leak vulnerability exists in Siemens SICAM GridEdge, which stems from the fact that the affected software discloses the password hash of another user upon request, which can be...

REDCap 跨站脚本漏洞

REDCap is a data collection and management web application. A security vulnerability exists in REDCap version 12.0.11, which stems from a stored cross-site scripting XSS issue in ProjectGeneral/editprojectsettings.php. An authenticated, remote attacker can exploit this vulnerability to inject...

Design/Logic Flaw

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details...

CVE-2022-31046 Information Disclosure via Export Module in TYPO3 CMS

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details...

CVE-2020-36541

A vulnerability was found in Demokratian. It has been rated as critical. Affected by this issue is some unknown functionality of the file basicosphp/generaselect.php. The manipulation of the argument idprovincia with the input -1%20union%20all%20select%201,2,3,4,database leads to sql injection. T...

Upgraded Q -> M from 268 [1654474507101]

Judge has assessed an item in Issue 268 as Medium risk. The relevant finding follows: High feeRate can break core protocol function PROBLEM There is no maximum input value on setFee in Cally.sol. But if the owner sets it to a uint greater than 1e18, the users will not be able to call exercice as...

SMB-Session-Spoofing - Tool To Create A Fake SMB Session

Welcome! This is a utility that can be compiled with Visual Studio 2019 or newer. The goal of this program is to create a fake SMB Session. The primary purpose of this is to serve as a method to lure attackers into accessing a honey-device. This program comes with no warranty or guarantees. Progr...

CVE-2020-36541 Demokratian genera_select.php sql injection

A vulnerability was found in Demokratian. It has been rated as critical. Affected by this issue is some unknown functionality of the file basicosphp/generaselect.php. The manipulation of the argument idprovincia with the input -1%20union%20all%20select%201,2,3,4,database leads to sql injection. T...