Google Chrome < 99.0.4844.74 Multiple Vulnerabilities

Binary data 701394.pasl...

Russian Ransomware Gang Retool Custom Hacking Tools of Other APT Groups

A Russian-speaking ransomware outfit likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups like Iran's MuddyWater, new research has found. The unusual attack chain involved the abuse of stolen...

Tp-link Tapo C200 Command Injection Vulnerability

A command injection vulnerability exists in Tp-link Tapo C200 1.1.15 and previous firmware versions, which is caused by the presence of a uhttpd binary file that runs as root by default and lacks filtering and escaping. An unauthenticated attacker could use this vulnerability to execute system...

PT-2022-15577 · Apple · Applescript +1

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.6.5 macOS versions prior to 12.3 Security Update versions prior to 2022-003 Catalina Description: An out-of-bounds read issue was addressed with improved bounds checking. Processing a maliciously crafted AppleScript...

Apple macOS Big Sur 缓冲区错误漏洞

Apple macOS Big Sur is a mobile application app from Apple USA. A buffer error vulnerability exists in Apple macOS Big Sur prior to version 11.6.5, which stems from a faulty boundary condition in AppleScript. A remote attacker can trick a victim into running a specially crafted binary to exploit...

Apple macOS Big Sur 缓冲区错误漏洞

Apple macOS Big Sur is a mobile application app from Apple USA. A buffer error vulnerability exists in Apple macOS Big Sur prior to 11.6.5, which stems from the fact that processing a maliciously crafted AppleScript binary may result in an unexpected application termination or process memory...

Mustang Panda targets European diplomats using enhanced PlugX backdoor

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Mustang Panda, a Chinese cyberespionage group, has been targeting European diplomats with a revised version of the PlugX backdoor in an ongoing campaign linked to the ongoing conflict in Ukraine. The group, also known as...

Dirty Pipe Local Privilege Escalation via CVE-2022-0847

This exploit targets a vulnerability in the Linux kernel since 5.8, that allows writing of read only or immutable memory. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102. The module exploits this vulnerability by overwriting a suid binary with the payload, executing it, and the...

Dirty Pipe Local Privilege Escalation Exploit

This Metasploit module exploits a vulnerability that has been in the Linux kernel since version 5.8. It allows writing of read only or immutable memory. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102. The module exploits this vulnerability by overwriting a suid binary with the...

CVE-2021-4045

TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera...

CVE-2021-4045

TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera...

Default configuration

TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera...

Dirty Pipe Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Dirty Pipe Local Privilege Escalation via CVE-2022-0847', 'Description' = %q This exploit targets a vulnerability in the Linux kernel since 5.8,...

Dirty Pipe SUID Binary Hijack Privilege Escalation Exploit

Variant proof of concept exploit for the Dirty Pipe file overwrite vulnerability. This version hijacks a SUID binary to spawn a root shell. // // dirtypipez.c // // hacked up Dirty Pipe CVE-2022-0847 PoC that hijacks a SUID binary to spawn // a root shell. and attempts to restore the damaged bina...

CVE-2022-24408

A vulnerability has been identified in SINUMERIK MC All versions V1.15 SP1, SINUMERIK ONE All versions V6.15 SP1. The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc could allow loc...

Design/Logic Flaw

A vulnerability has been identified in SINUMERIK MC All versions V1.15 SP1, SINUMERIK ONE All versions V6.15 SP1. The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc could allow loc...

CVE-2021-4045 TP-LINK Tapo C200 remote code execution vulnerability

TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera...

CVE-2021-4045

CVE-2021-4045 affects Tp-Link Tapo C200 IP cameras running firmware 1.1.15 and earlier. The vulnerability arises from a root-running uhttpd binary that does not properly filter/escape input, enabling an unauthenticated remote command execution (RCE) and full device compromise. Public documents co...

PT-2022-2572 · Tp Link · Tp-Link Tapo C200

Name of the Vulnerable Software and Affected Versions: TP-Link Tapo C200 version 1.1.15 and below Description: The issue is related to an unauthenticated remote code execution RCE vulnerability in the uhttpd binary, which runs by default as root. This vulnerability is caused by a lack of input da...

Trend Micro ServerProtect Static Credential (CVE-2022-25329)

Binary data trendmicroserverprotectcve-2022-25329.nbin...