China-linked Hackers Targeting Unpatched SonicWall SMA Devices with Malware

A suspecting China-linked hacking campaign has been observed targeting unpatched SonicWall Secure Mobile Access SMA 100 appliances to drop malware and establish long-term persistence. "The malware has functionality to steal user credentials, provide shell access, and persist through firmware...

China-linked Hackers Targeting Unpatched SonicWall SMA Devices with Malware

A suspecting China-linked hacking campaign has been observed targeting unpatched SonicWall Secure Mobile Access SMA 100 appliances to drop malware and establish long-term persistence. "The malware has functionality to steal user credentials, provide shell access, and persist through firmware...

Constellation allows Emergency shell access during initramfs boot phase

Impact An active attacker could let the boot fail on purpose in the initramfs, dropping the serial console into an emergency shell. This gives attackers with access to the serial console full control over the VM. Patches The issue has been patched in v2.6.0. Workarounds none...

Command injection

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to...

mailcow 操作系统命令注入漏洞

mailcow is a mail server suite. An operating system command injection vulnerability exists in mailcow. An attacker could use this vulnerability to gain shell access to a Docker container running dovecot...

The vulnerability of the MKLogic-500 PLC, related to the use of hidden functions, allows a hacker to gain full control over the device.

The vulnerability of the MKLogic-500 PLC is related to the presence of hidden features such as SSH access. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain full control over the device...

ABUS Security Camera TVIP 20000-21150 LFI / Remote Code Execution Vulnerability

ABUS Security Camera version TVIP 20000-21150 suffers from local file inclusion, hardcoded credential, and command injection vulnerabilities. When coupled together, they can be leveraged to achieve remote access as root via ssh...

Gmailc2 - A Fully Undetectable C2 Server That Communicates Via Google SMTP To Evade Antivirus Protections And Network Traffic Restrictions

A Fully Undetectable C2 Server That Communicates Via Google SMTP to evade Antivirus Protections and Network Traffic Restrictions Note: This RAT communicates Via Gmail SMTP or u can use any other smtps as well but Gmail SMTP is valid because most of the companies block unknown traffic so gmail...

K06024431: BIG-IQ vulnerability CVE-2021-23024

Security Advisory Description The BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. CVE-2021-23024 Impact This vulnerability allows an authenticated admin user or a user account assigned with an administrator role and no shell access to...

K17248: OpenSSL vulnerability CVE-2010-0742

Security Advisory Description The Cryptographic Message Syntax CMS implementation in crypto/cms/cmsasn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or...

K75133288: Linux kernel vulnerability CVE-2021-33909

Security Advisory Description fs/seqfile.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. CVE-2021-33909 Impact...

K31300402: Virtual Machine Manager L1 Terminal Fault vulnerability CVE-2018-3646

Security Advisory Description Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a...

K55102004: BIG-IP Edge Client for Windows vulnerability CVE-2020-5855

Security Advisory Description When the Windows Logon Integration feature is configured for BIG-IP Edge Client, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user. CVE-2020-5855 Impact Attackers may be able to bypass...

K40378764: F5 tmsh vulnerability CVE-2019-6642

Security Advisory Description Authenticated users with the ability to upload files via scp, for example can escalate their privileges to allow root shell access from within the TMOS Shell tmsh interface. The tmsh interface allows users to execute a secondary program via tools like sftp or scp...

K05513373: Linux kernel vulnerability CVE-2016-9576

Security Advisory Description The blkrqmapuseriov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service use-after-free by leveraging...

K16383: Linux RPM vulnerability CVE-2013-6435

Security Advisory Description Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d...

SUSE CVE-2007-3280

The Database Link library dblink in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system...

SUSE CVE-2009-3701

Multiple cross-site scripting XSS vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1...

SUSE CVE-2015-4650

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors...

SUSE CVE-2016-4484

The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password...