Binary Vulnerability in NetSarang Xshell7

Xshell7 is a remote terminal connection management software. A binary vulnerability exists in NetSarang Xshell7, which can be exploited by attackers to cause a denial of service...

Backdoor.Win32.Augudor.a Remote File Write / Code Execution

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/bf1b1a2f4be78d6b62ed7c316c77a9a1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Augudor.a Vulnerability: Unauthenticated Remote File Write - RCE Description: Augudor...

DEBIAN-CVE-2022-26126

Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isisnbnotifications.c...

Local Privilege Escalation in polkits pkexec

A bug exists in the polkit pkexec binary in how it processes arguments. If the binary is provided with no arguments, it will continue to process environment variables as argument variables, but without any security checking. By using the execve call we can specify a null argument list and populat...

Citrix Workspace App Installed (nix)

Binary data citrixworkspaceappnixinstalled.nbin...

Google Chrome < 99.0.4844.51 Multiple Vulnerabilities

Binary data 701393.pasl...

VISAM Automation Base (VBASE) Web-Remote Path Traversal (CVE-2020-7008)

Binary data visamvbasecve-2020-7008.nbin...

VISAM Automation Base (VBASE) Web-Remote Detection

Binary data visamvbasewebremotedetect.nbin...

USN-5292-4: snapd regression

USN-5292-1 fixed a vulnerability in snapd. Unfortunately that update introduced a regression that could break the fish shell. This update fixes the problem. We apologize for the inconvenience. Original advisory details: James Troup discovered that snap did not properly manage the permissions for...

CVE-2022-23653

B2 Command Line Tool is the official command line tool for the backblaze cloud storage service. Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a...

PYSEC-2022-32

B2 Command Line Tool is the official command line tool for the backblaze cloud storage service. Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a...

CVE-2022-23653 B2 Command Line Tool TOCTOU application key disclosure

B2 Command Line Tool is the official command line tool for the backblaze cloud storage service. Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a...

Adobe Illustrator Installed (macOS)

Binary data macosadobeillustratorinstalled.nbin...

H2 Database JNDI Lookup RCE (CVE-2021-42392)

Binary data h2databasecve-2021-42392.nbin...

Cyclades Serial Console Server 3.3.0 Privilege Escalation

Exploit Title: Cyclades Serial Console Server 3.3.0 - Local Privilege Escalation Date: 09 Feb 2022 Exploit Author: @ibby Vendor Homepage: https://www.vertiv.com/en-us/ Software Link: https://downloads2.vertivco.com/SerialACS/ACS/ACSv3.3.0-16/FL0536-017.zip Version: Legacy Versions V1.0.0 to...

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

SharpCookieMonster - Extracts Cookies From Chrome

This is a Sharp port of @defaultnamehere's cookie-crimes module - full credit for their awesome work! This C project will dump cookies for all sites, even those with httpOnly/secure/session flags. Usage Simply run the binary. SharpCookieMonster.exe https://sitename.com chrome-debugging-port user...

USN-5292-2 snapd vulnerabilities

USN-5292-1 fixed vulnerabilities in snapd. This update provides the corresponding update for the riscv64 architecture. Original advisory details: James Troup discovered that snap did not properly manage the permissions for the snap directories. A local attacker could possibly use this issue to...

Intel Management Engine Components 6.0.0.1189 Unquoted Service Path

Exploit Title: IntelR Management Engine Components 6.0.0.1189 - 'LMS' Unquoted Service Path Exploit Author : SamAlucard Exploit Date: 2022-02-17 Vendor : Intel Version : IntelR Management Engine Components 6.0.0.1189 Vendor Homepage : https://www.intel.com Tested on OS: Windows 7 Pro Analyze PoC ...

IBM Maximo Anywhere Encryption Issue Vulnerability (CNVD-2022-12745)

IBM Maximo Anywhere is a next-generation mobile solution from IBM built on the IBM Worklight platform. The solution supports remote access to IBM Maximo Asset Management a comprehensive asset lifecycle and maintenance management solution workflow and asset management via mobile devices. an...