554 matches found
CVE-2023-27197
CVE-2023-27197 affects PAX A930 with PayDroid 7.1.1 Virgo V04.5.02 20220722. The flaw lets an attacker with shell access gain root by running a crafted binary that uses an exported function from a shared library. Affected component/root cause: exploited via a shared-library export; impact is root...
CVE-2023-27199
PAX Technology A930 PayDroid7.1.1VirgoV04.5.0220220722 allows attackers to compile a malicious shared library and use LDPRELOAD to bypass authorization checks...
CVE-2023-27197
PAX A930 device with PayDroid7.1.1VirgoV04.5.0220220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker must have shell access to the device in order to exploit this vulnerability...
CVE-2022-47757
In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker to save a shared library under a special directory which the app uses to dynamically load module...
Path traversal
In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker to save a shared library under a special directory which the app uses to dynamically load module...
Google Chrome 109.0.5414.74 - Code Execution via missing lib file Vulnerability
Exploit Title: Google Chrome 109.0.5414.74 - Code Execution via missing lib file Ubuntu Product: Google Chrome Discovered by: Rafay Baloch and Muhammad Samak Version: 109.0.5414.74 Impact: Moderate Company: Cyber Citadel Website: https://www.cybercitadel.com Tested-on : Ubuntu 22.04.1 Description...
Samba Remote Code Execution Vulnerability
Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it...
Google Chrome 109.0.5414.74 Unsafe Library Load
Vulnerability: Google Chrome code execution via missing lib file Ubuntu Product: Google Chrome Discovered by: Rafay Baloch and Muhammad Samak Version: 109.0.5414.74 Impact: Moderate Company: Cyber Citadel Website: https://www.cybercitadel.com Tested-on : Ubuntu 22.04.1 Description Google chrome...
[SECURITY] Fedora 37 Update: plasma-thunderbolt-5.27.1-1.fc37
Plasma Sytem Settings module and a KDED module to handle authorization of Thunderbolt devices connected to the computer. There's also a shared library libkbolt that implements common interface between the modules and the system-wide bolt daemon, which does the actual hard work of talking to the...
K13551136: Samba remote code execution vulnerability CVE-2017-7494
Security Advisory Description All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. CVE-2017-7494 Impact There is no impact; F5...
SUSE CVE-2010-3369
The 1 mdb and 2 mdb-symbolreader scripts in mono-debugger 2.4.3, and other versions before 2.8.1, place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
SUSE CVE-2010-3689
soffice in OpenOffice.org OOo 3.x before 3.3 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
SUSE CVE-2010-3996
festivalserver in Centre for Speech Technology Research CSTR Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
Fedora: Security Advisory for libapreq2 (FEDORA-2022-cf658a432f)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: libapreq2-2.17-1.fc35
libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...
[SECURITY] Fedora 37 Update: libapreq2-2.17-1.fc37
libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Functionality includes parsing of application/x-www-form-urlencoded and multipart/form-data content, as well as HTTP cookies...
Dlinject - Inject A Shared Library (I.E. Arbitrary Code) Into A Live Linux Process, Without Ptrace
Inject a shared library i.e. arbitrary code into a live linux process, without ptrace. Inspired by Cexigua and linux-inject, among other things. Usage .. . | /| | || || / | .. / | | | | |/ \ | |/ / \ \ \ | \ | |/|| /| |\ \ | /| // | / /| / / /|| / source:...
Malicious code in shared-library-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc75dde7f09ece6b14dd7e91131013f1af31223f238d015382c497ea79107ccc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6079 Malicious code in shared-library-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc75dde7f09ece6b14dd7e91131013f1af31223f238d015382c497ea79107ccc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Jenkins Groovy Plugin sandbox bypass vulnerability
Jenkins Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code elements. Both the pipeline validation REST APIs and actual script/pipeline execution are affected. This allowed users with...