Zscaler Client Connector Installed (Linux)

Binary data zscalerclientconnectorlinuxinstalled.nbin...

The vulnerability of the dlopen() function in the system library glibc, which allows a hacker to execute arbitrary code

The vulnerability of the dlopen function in the glibc system library is related to the use of an insecure path for searching executable programs when processing the LDLIBRARYPATH variable. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially...

D-Link DCS-932L 安全漏洞

The D-Link DCS-932L is a network surveillance camera from China AUO D-Link. It is used for security and surveillance. The D-Link DCS-932L suffers from a buffer overflow vulnerability that originates from the failure of the parameter CameraName in the file /sbin/ucp to properly validate the length...

CLSA-2025-1747431252 Update of alt-php

Bump ABI 4.4.0-274...

CLSA-2025-1747431031 Update of alt-php

Bump ABI 4.15.0-247...

Evaluating the Robustness of Adversarial Defenses in Malware Detection Systems

Machine learning is a key tool for Android malware detection, effectively identifying malicious patterns in apps. However, ML-based detectors are vulnerable to evasion attacks, where small, crafted changes bypass detection. Despite progress in adversarial defenses, the lack of comprehensive...

The vulnerability of the ssdpcgi_main function in the binary file cgibin of D-Link DIR-815 router microprogramming software, allowing a hacker to execute any command they desire.

The vulnerability of the ssdpcgimain function in the binary file cgibin of D-Link DIR-815 router microprogramming software is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2024-23815

A vulnerability has been identified in Desigo CC All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone, Desigo CC All versions if access from Installed Clients to Desigo CC server is only allowed within highly protected zones...

CyberoamOS Web Interface Detection

Binary data sophoscyberoamoswebdetect.nbin...

CVE-2025-20976

Out-of-bounds read in applying binary of text content in Samsung Notes prior to version 4.4.29.23 allows attackers to read out-of-bounds memory...

Apache Roller Detection

Binary data apacherollerdetect.nbin...

Do Not Install Development and Compilation Tools

Compilation tools in the service environment may be exploited by attackers to edit, tamper with, and perform reverse analysis on key files in the environment. Therefore, in the production environment, do not install compilation, decompilation, binary analysis tools, and compilation environments...

Attestable Builds: Compiling Verifiable Binaries on Untrusted Systems Using Trusted Execution Environments

In this paper we present attestable builds, a new paradigm to provide strong source-to-binary correspondence in software artifacts. We tackle the challenge of opaque build pipelines that disconnect the trust between source code, which can be understood and audited, and the final binary artifact,...

Disassembly As Weighted Interval Scheduling with Learned Weights

Disassembly is the first step of a variety of binary analysis and transformation techniques, such as reverse engineering, or binary rewriting. Recent disassembly approaches consist of three phases: an exploration phase, that overapproximates the binary's code; an analysis phase, that assigns...

The DCR Delusion: Measuring the Privacy Risk of Synthetic Data

Synthetic data has become an increasingly popular way to share data without revealing sensitive information. Though Membership Inference Attacks MIAs are widely considered the gold standard for empirically assessing the privacy of a synthetic dataset, practitioners and researchers often rely on...

GMOD Apollo Detection

Binary data gmodapollodetect.nbin...

CVE-2025-46630

Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable 'ate' a remote system management binary by sending a /goform/ate web request...

CVE-2025-46629

Lack of access controls in the 'ate' management binary of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to perform unauthorized configuration changes for any router where 'ate' has been enabled by sending a crafted UDP packet...

LLaMA-Factory 安全漏洞

LLaMA-Factory is a fine-tuned large-scale language model by a Chinese hoshi-hiyouga individual developer. A security vulnerability exists in LLaMA-Factory versions prior to 1.0.0, which stems from an unsafe deserialization of user-supplied .bin files in the llamafybaichuan2.py script, which could...

Tenda RX2 Pro 安全漏洞

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. The Tenda RX2 Pro suffers from an access control error vulnerability that can be exploited by an attacker to enable ate management binary...