WatchGuard XTM Firebox Unauthenticated Remote Command Execution Exploit

This Metasploit module exploits a buffer overflow at the administration interface 8080 or 4117 of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This...

CVE-2024-3094

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in...

Siemens Polarion ALM Detection

Binary data siemenspolarionalmdetect.nbin...

Linear eMerge Code RCE (CVE-2019-7256)

Binary data linearemergecve-2019-7256.nbin...

Potential exposure to XZ Utils SSH Backdoor (CVE-2024-3094)

Binary data xzutilsbackdoorcve-2024-3094.nbin...

Fedora: Security Advisory (FEDORA-2024-de10068888)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WatchGuard XTM Firebox Unauthenticated Remote Command Execution

This module exploits a buffer overflow at the administration interface 8080 or 4117 of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This vulnerability impac...

CVE-2024-0259

Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to ga...

Untrusted Search Path

PanelSwWix4.Sdk is vulnerable to Untrusted Search Path. The vulnerability is due to Burn's practice of copying binaries to the unprotected C:\Windows\Temp directory and running them from that unprotected location. This directory is not adequately protected against low privilege user modifications...

Critical: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift Builds 1.0.1

An update is now available for Red Hat OpenShift Builds 1.0. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...

PT-2024-15419 · Fortra · Robot Schedule Enterprise Agent

Name of the Vulnerable Software and Affected Versions: Fortra's Robot Schedule Enterprise Agent for Windows versions prior to 3.04 Description: The issue allows a low-privileged user to overwrite the service executable. When the service is restarted, the replaced binary runs with local system...

CVE-2024-0077

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, where it allows a guest OS to allocate resources for which the guest OS is not authorized. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information...

Noia - Simple Mobile Applications Sandbox File Browser Tool

Noia is a web-based tool whose main aim is to ease the process of browsing mobile applications sandbox and directly previewing SQLite databases, images, and more. Powered by frida.re. Please note that I'm not a programmer, but I'm probably above the median in code-savyness. Try it out, open an...

CLSA-2024-1711475067 libssh: Fix of 2 CVEs

CVE-2023-1667: fix possible NULL-pointer dereference during re-keying with algorithm guessing - CVE-2023-48795: fix the prefix truncation attack on Binary Packet Protocol...

Oracle Session Border Controller (SBC) Detection

Binary data oraclesbcdetect.nbin...

Fortra FileCatalyst Direct Server Installed (Linux / Unix)

Binary data fortrafilecatalystdirectnixinstalled.nbin...

GHSA-RF39-3F98-XR7R WiX based installers are vulnerable to binary hijack when run as SYSTEM

Summary Burn uses an unprotected C:\Windows\Temp directory to copy binaries and run them from there. This directory is not entirely protected against low privilege users. Details When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to dro...

WiX based installers are vulnerable to binary hijack when run as SYSTEM

Summary Burn uses an unprotected C:\Windows\Temp directory to copy binaries and run them from there. This directory is not entirely protected against low privilege users. Details When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to dro...

GHSA-G4V6-69P6-Q3P4 WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM

Summary Burn uses an unprotected C:\Windows\Temp directory to copy binaries and run them from there. This directory is not entirely protected against low privilege users. Details When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to dro...

WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM

Summary Burn uses an unprotected C:\Windows\Temp directory to copy binaries and run them from there. This directory is not entirely protected against low privilege users. Details When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to dro...