24 matches found
org.sonatype.nexus.assemblies:nexus-base-feature (>=3.4.0-02 <=3.70.1-02), org.sonatype.nexus.assemblies:nexus-base-overlay (>=3.60.0-02 <=3.70.1-02) +3 more potentially affected by CVE-2026-5189 via org.sonatype.nexus:nexus-base (>=3.10.0-04 <=3.70.1-02)
org.sonatype.nexus:nexus-base MAVEN version =3.10.0-04, =3.4.0-02, =3.60.0-02, =3.4.0-02, =0.1.6, =3.48.0-01, =3.70.1-02 Source cves: CVE-2026-5189 Source advisory: SNYK:JAVA-ORGSONATYPENEXUS-16427423...
org.sonatype.nexus.assemblies:nexus-base-overlay (>=3.60.0-02 <=3.70.1-02), org.sonatype.nexus.assemblies:nexus-base-template (>=3.4.0-02 <=3.70.1-02) +39 more potentially affected by CVE-2026-3438 via org.sonatype.nexus:nexus-repository (>=3.0.0-03 <=3.8.0-02)
org.sonatype.nexus:nexus-repository MAVEN version =3.0.0-03, =3.60.0-02, =3.4.0-02, =3.0.0-03, =3.5.0-02, =3.4.0-02, =0.0.1, =3.17.0-01, =0.0.2, =0.0.2, =3.19.0-01, =0.0.3, =1.0.0, =0.0.4, =0.0.2, =0.0.7 and more Source cves: CVE-2026-3438 Source advisory: SNYK:JAVA-ORGSONATYPENEXUS-164...
CISA: Security and Resiliency Guide - Public Assembly Annex
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the embed feature. An attacker can access unpublished or private resource data by inferring the slug or URL of the resource that can be embedded. Note: This is only exploitable if the resource allows embedding a...
Blutter - Flutter Mobile Application Reverse Engineering Tool
Flutter Mobile Application Reverse Engineering Tool by Compiling Dart AOT Runtime Currently the application supports only Android libapp.so arm64 only. Also the application is currently work only against recent Dart versions. For high priority missing features, see TODO Environment Setup This...
ModernLoader delivers multiple stealers, cryptominers and RATs
By Vanja Svajcer Cisco Talos recently observed three separate, but related, campaigns between March and June 2022 delivering a variety of threats, including the ModernLoader bot, RedLine information-stealer and cryptocurrency-mining malware to victims. The actors use PowerShell, .NET assemblies,...
org.apache.camel:camel-xmlsecurity (>=2.0-M1 <=2.5.0), org.apache.cxf.dosgi.samples:cxf-dosgi-ri-samples-greeter-client (=1.0) +71 more potentially affected by CVE-2009-0217 via org.apache.santuario:xmlsec (=1.4.2)
org.apache.santuario:xmlsec MAVEN version =1.4.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.santuario:xmlsec and may be impacted: - org.apache.camel:camel-xmlsecurity =2.0-M1, =2.0.10, =2.0.10, =2.0.10, =2.0.10, =2.0.10, =2.0.10, =2.2.2...
SQLRecon - A C# MS SQL Toolkit Designed For Offensive Reconnaissance And Post-Exploitation
A C MS-SQL toolkit designed for offensive reconnaissance and post-exploitation. For detailed usage information on each technique, refer to the wiki. Usage You can grab a copy of SQLRecon from the releases page. Alternatively, feel free to compile the solution yourself This should be as straight...
Inject-Assembly - Inject .NET Assemblies Into An Existing Process
This tool is an alternative to traditional fork and run execution for Cobalt Strike. The loader can be injected into any process, including the current Beacon. Long-running assemblies will continue to run and send output back to the Beacon, similar to the behavior of execute-assembly. There are t...
org.sonatype.nexus.assemblies:nexus-base-template (>=3.10.0-04 <=3.33.1-01), org.sonatype.nexus.assemblies:nexus-core-feature (>=3.0.0-03 <=3.33.1-01) +37 more potentially affected by CVE-2021-40143 via org.sonatype.nexus:nexus-repository (>=3.0.0-03 <=3.33.1-01)
org.sonatype.nexus:nexus-repository MAVEN version =3.0.0-03, =3.10.0-04, =3.0.0-03, =3.10.0-04, =3.10.0-04, =0.0.1, =3.17.0-01, =0.0.2, =0.0.2, =3.19.0-01, =0.0.3, =1.0.0, =0.0.4, =0.0.2, =3.17.0-01, =0.0.13, =1.0.10 and more Source cves: CVE-2021-40143 Source advisory: OSV:GHSA-F34X-8P...
CheeseTools - Self-developed Tools For Lateral Movement/Code Execution
This repository has been made basing onto the already existing MiscTool, so big shout-out to rasta-mouse for releasing them and for giving me the right motivation to work on them. CheeseExec Command Exec / Lateral movement via PsExec-like functionality. Must be running in the context of a...
ExecuteAssembly - Load/Inject .NET Assemblies
ExecuteAssembly is an alternative of CS execute-assembly, built with C/C++ and it can be used to Load/Inject .NET assemblies by; reusing the host spawnto process loaded CLR Modules/AppDomainManager, Stomping Loader/.NET assembly PE DOS headers, Unlinking .NET related modules, bypassing ETW+AMSI,...
KB2793634 - Windows Installer starts repeatedly after you install SQL Server 2012 SP1
KB2793634 - Windows Installer starts repeatedly after you install SQL Server 2012 SP1 Symptoms After you install SQL Server 2012 SP1 on a computer, the Windows Installer Msiexec.exe process is repeatedly started to repair certain assemblies. Additionally, the following events are logged in the...
SharpChromium - .NET 4.0 CLR Project To Retrieve Chromium Data, Such As Cookies, History And Saved Logins
SharpChromium is a .NET 4.0+ CLR project to retrieve data from Google Chrome, Microsoft Edge, and Microsoft Edge Beta. Currently, it can extract: Cookies in JSON format History with associated cookies for each history item Saved Logins Note: All cookies returned are in JSON format. If you have th...
Code injection
SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC Inter-Process Communicati...
MemoryMapper - Lightweight Library Which Allows The Ability To Map Both Native And Managed Assemblies Into Memory
Memory Mapper is a lightweight library which allows the ability to map both native and managed assemblies into memory by either using process injection of a process specified by the user or self-injection; the technique of injecting an assembly into the currently running process attempting to do...
org.eclipse.tycho.nexus:unzip-repository-plugin (=0.12.0), org.sonatype.nexus.assemblies:nexus-base-template (>=3.10.0-04 <=3.21.1-01) +27 more potentially affected by CVE-2020-10203 via org.sonatype.nexus:nexus-core (>=2.4.0-1 <=3.21.1-01)
org.sonatype.nexus:nexus-core MAVEN version =2.4.0-1, =3.10.0-04, =3.0.0-03, =2.2.1, =2.2.1, =2.4.0-1, =2.4.0-1, =2.6.0-01, =2.6.0-01, =2.4.0-1, =2.6.0-01, =2.4.0-1, =2.6.0-01, =2.5.0-01, =2.4.0-1, =2.7.0-m1 and more Source cves: CVE-2020-10203 Source advisory:...
org.eclipse.tycho.nexus:unzip-repository-plugin (=0.12.0), org.sonatype.nexus.assemblies:nexus-base-template (>=3.10.0-04 <=3.21.1-01) +27 more potentially affected by CVE-2020-10204 via org.sonatype.nexus:nexus-core (>=2.4.0-1 <=3.21.1-01)
org.sonatype.nexus:nexus-core MAVEN version =2.4.0-1, =3.10.0-04, =3.0.0-03, =2.2.1, =2.2.1, =2.4.0-1, =2.4.0-1, =2.6.0-01, =2.6.0-01, =2.4.0-1, =2.6.0-01, =2.4.0-1, =2.6.0-01, =2.5.0-01, =2.4.0-1, =2.7.0-m1 and more Source cves: CVE-2020-10204 Source advisory:...
Donut - Generates X86, X64, Or AMD64+x86 Position-Independent Shellcode That Loads .NET Assemblies, PE Files, And Other Windows Payloads From Memory
Donut generates x86 or x64 shellcode from VBScript, JScript, EXE, DLL including .NET Assemblies files. This shellcode can be injected into an arbitrary Windows processes for in-memory execution. Given a supported file type, parameters and an entry point where applicable such as Program.Main, it...
CVE-2019-18631
The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 18.8, 3.5.2 18.11, and 3.6.0 19.6 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows attackers...