CVE-2022-30524

There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by for example sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denia...

golang: debug/macho: invalid dynamic symbol table command can cause panic

An out of bounds read vulnerability was found in debug/macho of the Go standard library. When using the debug/macho standard library stdlib and malformed binaries are parsed using Open or OpenFat, it can cause golang to attempt to read outside of a slice array causing a panic when calling...

多款Hewlett Packard Enterprise安全漏洞

Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays are products of Hewlett Packard Enterprise.Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays is an adaptive flash array storage product.Hewlett Packard Enterprise Nimble Storage All Flash Arrays is an all-flash array storag...

ManageEngine Access Manager Plus REST API Restriction Bypass (CVE-2022-29081)

Binary data manageengineaccessmanagerpluscve-2022-29081.nbin...

NewStart CGSL MAIN 4.06 : kernel Multiple Vulnerabilities (NS-SA-2022-0075)

The remote NewStart CGSL host, running version MAIN 4.06, has kernel packages installed that are affected by multiple vulnerabilities: - The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMITSTACK is set to RLIMINFINITY and 1 Gigabyte of memory is allocated the maxim...

Google Storage Bucket Takeover which is getting used in github repository "github.com/wardviaene/kubernetes-course"

Description wardviaene have a opensource project for kubernetes-course In the project, there is a README file which is contains installation instruction of helm. Those instructions are suggesting to download helm binary from a google bucket which was not registered on GCP. So I was able to takeov...

GoSH - Golang Reverse/Bind Shell Generator

Golang reverse/bind shell generator. Description This tool generates a Go binary that launches a shell of the desired type on the targeted host. The shell binary can be compiled for multiple platforms, supports partial polymorphism unique functions' names and can use UDP protocol instead of the...

[SECURITY] Fedora 36 Update: golang-x-exp-0-0.42.20220330git053ad81.fc36

This subrepository holds experimental and deprecated packages. The idea for this subrepository originated as the pkg/exp directory of the ma in repository, but its presence there made it unavailable to users of the binary downloads of the Go installation. The subrepository has therefore been...

[SECURITY] Fedora 36 Update: golang-github-appc-docker2aci-0.17.2-8.fc36

Docker2aci is a small library and CLI binary that converts Docker images to A CI. It takes as input either a file generated by "docker save" or a Docker regist ry URL. It gets all the layers of a Docker image and squashes them into an ACI image. Optionally, it can generate one ACI for each layer,...

CVE-2022-28005

An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server via /Electron/download directory traversal in conjunction with a path component that uses...

PT-2022-18743 · 3Cx · 3Cx Phone System Management Console

Name of the Vulnerable Software and Affected Versions: 3CX Phone System Management Console versions prior to 18 Update 3 FINAL Description: An issue was discovered in the 3CX Phone System Management Console, where an unauthenticated attacker could abuse improperly secured access to arbitrary file...

ManageEngine SharePoint Manager Plus Detection

Binary data manageenginesharepointmanagerplusdetect.nbin...

ManageEngine SharePoint Manager Plus < 4329 Multiple Vulnerabilities

Binary data manageenginesharepointmanagerplus4329.nbin...

Denial of Service in Apache POI

The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service OutOfMemoryError exception and possibly JVM destabilization via a crafted length value in a Channel Definition Format CDF or Compound Fi...

GHSA-JQX5-H2HW-5Q4F Denial of Service in Apache POI

The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service OutOfMemoryError exception and possibly JVM destabilization via a crafted length value in a Channel Definition Format CDF or Compound Fi...

Trend Micro Apex One Management Web Console Detection

Binary data trendmicroapexonewebuidetect.nbin...

Splunk Installed (macOS)

Binary data macossplunkinstalled.nbin...

Checkbox Survey Installed (Windows)

Binary data checkboxsurveywininstalled.nbin...

D-Link DIR-825 G1 Command Injection Vulnerability

The DIR-825 G1 is a router from D-Link in Taiwan, China. A command injection vulnerability exists in the D-Link DIR-825 G1 firmware version, which stems from a lack of parameter validation in the "webupg" binary file. The vulnerability can be exploited to execute arbitrary system commands with th...

[SECURITY] Fedora 34 Update: golang-github-appc-docker2aci-0.17.2-8.fc34

Docker2aci is a small library and CLI binary that converts Docker images to A CI. It takes as input either a file generated by "docker save" or a Docker regist ry URL. It gets all the layers of a Docker image and squashes them into an ACI image. Optionally, it can generate one ACI for each layer,...