EUVD-2020-6290

Malware in sbrugna...

EUVD-2018-3781

Malware in sbrugna...

Malicious code in raspberry-hotel-kilo-adlab (npm)

The package raspberry-hotel-kilo-adlab was found to contain malicious code...

MAL-2025-31656 Malicious code in raspberry-hotel-kilo-adlab (npm)

The package raspberry-hotel-kilo-adlab was found to contain malicious code...

CVE-2020-14131

The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center MiSRC to jointly ensure the safe access of millions of Xiaomi users worldwide Life...

CVE-2020-14131

The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center MiSRC to jointly ensure the safe access of millions of Xiaomi users worldwide Life...

CVE-2020-14131

Based on connected documents, CVE-2020-14131 concerns Xiaomi Security Center devices where vulnerability stems from a lack of authentication, enabling an attacker to obtain elevated privileges. The embedded reports describe a privilege escalation path without specifying exact product versions or ...

CVE-2020-14131

The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center MiSRC to jointly ensure the safe access of millions of Xiaomi users worldwide Life...

Debian DLA-1885-1 : linux-4.9 security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-18509 Denis Andzakovic reported a missing type check in the IPv4 multicast routing implementation. A user with the CAPNETADMIN capability in a...

CVE-2018-11773

Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The...

Design/Logic Flaw

Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The...

Sql injection

Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node if any was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires adm...

CVE-2018-11772

The CVE-2018-11772 entry concerns Apache VCL versions 2.1–2.5 with an SQL injection caused by improper validation of cookie input used to determine the previously selected node in the privilege tree. The cookie data is incorporated into an SQL statement, enabling injection. Access to this VCL are...

CVE-2018-11772

Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node if any was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires adm...

CVE-2018-11774

Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of securi...

CVE-2018-11773

Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The...

CVE-2018-11773

Apache VCL exposes a vulnerability in versions 2.1–2.5 where submitted block allocation form input is not properly validated and is passed to PHP’s strtotime, enabling exploitation of that function’s behavior. The advisory notes that versions earlier than 2.5.1 should be upgraded or patched; upgr...

“Phoenix Talon”in the Linux Kernel —lurking for over 11 years, the kernel vulnerability-vulnerability warning-the black bar safety net

! About “Phoenix Talon” 2017 5 November 9, qimingxing e ADLab found that the Linux kernel there is a remote vulnerability“Phoenix Talon”the Phoenix claw fourth toe of Italy, and relates to CVE-2017-8890, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, can affect almost all Linux kernel 2.5.69 Linux...

Internet Bug Bounty: Adobe Flash Player TextField Use-After-Free Vulnerability

I. Summary Adobe Flash Player is prone to a vulnerability which leads to Use-After-Free. II. Description If the variable parameter of a TextField instance equals to a getter property associated with swfRoot where the getter method includes a call to removeTextField, the TextField instance is used...

FreeBSD : pcre -- heap overflow vulnerability in '(?|' situations (ff0acfb4-3efa-11e5-93ad-002590263bf5)

Venustech ADLAB reports : PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compileregex. Exploits with advanced Heap Fengshui techniques may...