CVE-2021-21950

CVE-2021-21950 affects Anker Eufy Homebase 2 (binary home_security) with CMD_DEVICE_GET_SERVER_LIST_REQUEST. TALOS details/hardened code path: in recv_server_device_response_msg_process, an attacker-controlled nums value drives a loop that writes domain strings and then writes to a fixed buffer (...

CVE-2021-43978

Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary files, which allows users to access and modify data using the same credentials...

CVE-2021-43978

Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary files, which allows users to access and modify data using the same credentials...

Deserialization of Untrusted Data

Overview SinGooCMS.Utility is a collection of tools, including configuration, file, date, data, serialization, reflection, image processing, network, cache, Web related, encryption and decryption, compression, class expansion and other tools, almost covering the development of All tool...

Allegro Windows 安全漏洞

Allegro Windows is an accounting and management solution from the Belgian company Allegro. A security vulnerability exists in Allegro Windows that stems from Allegro WIndows embedding software administrator database credentials into a binary file, allowing users to access and modify data using th...

Reprise License Manager 14.2 Remote Binary Execution Vulnerability

Product: Reprise License Manager 14.2 Vendor: Reprise Software CVE ID: CVE-2021-44153 Vulnerability Title: Authenticated Remote Binary Execution Severity: High Authors: Mark Staal Steenberg, Bilal El Ghoul, Gionathan Armando Reale, Andreas Fyhn Andersen, Oliver Lind Nordestgaard Introduction: Whe...

CODESYS V3 Web Server Heap-based Buffer Overflow (CVE-2021-33485)

Binary data scadacodesys2021-09.nbin...

Reprise License Manager 14.2 Remote Binary Execution

Product: Reprise License Manager 14.2 Vendor: Reprise Software CVE ID: CVE-2021-44153 Vulnerability Title: Authenticated Remote Binary Execution Severity: High Authors: Mark Staal Steenberg, Bilal El Ghoul, Gionathan Armando Reale, Andreas Fyhn Andersen, Oliver Lind Nordestgaard Date: 2021-11-25...

GHSA-6R7C-6W96-8PVW Remote Code Execution in AjaxNetProfessional

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution. Description Serialization is a process of converting an object into a sequence of...

CVE-2021-43037

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Unitrends Windows agent was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed privilege escalation from an unprivileged user to SYSTEM...

CVE-2021-43037

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Unitrends Windows agent was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed privilege escalation from an unprivileged user to SYSTEM...

Design/Logic Flaw

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Unitrends Windows agent was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed privilege escalation from an unprivileged user to SYSTEM...

OSV-2021-1651 Heap-buffer-overflow in PCIDSK::CPCIDSKFile::ReadFromFile

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41993 Crash type: Heap-buffer-overflow WRITE Crash state: PCIDSK::CPCIDSKFile::ReadFromFile PCIDSK::CPCIDSKSegment::ReadFromFile PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment...

HP PageWide Printer Web Interface Detection

Binary data hppagewidewebdetect.nbin...

PT-2021-23726 · Kaseya +1 · Kaseya Unitrends Backup Appliance +1

Name of the Vulnerable Software and Affected Versions: Kaseya Unitrends Backup Appliance versions prior to 10.5.5 Description: An issue was discovered in the Unitrends Windows agent, which was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed...

IAM Vulnerable - Use Terraform To Create Your Own Vulnerable By Design AWS IAM Privilege Escalation Playground

Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground. IAM Vulnerable uses the Terraform binary and your AWS credentials to deploy over 250 IAM resources into your selected AWS account. Within minutes, you can start learning how to identify and exploit...

IDA2Obj - Static Binary Instrumentation

IDA2Obj is a tool to implement SBI StaticBinary Instrumentation. The working flow is simple: Dump object files COFF directly from one executable binary. Link the object files into a new binary, almost the same as the old one. During the dumping process, you can insert any data/code at any locatio...

IBM HTTP Server Installed (Windows)

Binary data ibmhttpdwininstalled.nbin...

openSUSE 15 Security Update : permissions (openSUSE-SU-2021:1520-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1520-1 advisory. - The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the easy permission profile and sniff...

CVE-2021-23263

Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/, /templates/ and some of the files in /.git/ non-binary...