LeakDB - Web-Scale NoSQL Idempotent Cloud-Native Big-Data Serverless Plaintext Credential Search

LeakDB is a tool set designed to allow organizations to build and deploy their own internal plaintext "Have I Been Pwned"-like service. The LeakDB tool set can normalize, deduplicate, index, sort, and search leaked data sets on the multi-terabyte-scale, without the need to distribute large files ...

CVE-2021-41616

CVE-2021-41616 concerns Apache DB DdlUtils 1.0, where the BinaryObjectsHelper deserializes data via ObjectInputStream.readObject without validating input. This insecure deserialization could lead to arbitrary code execution. Multiple sources (NVD, OSV, CNVD) describe the root cause as the untrust...

[SECURITY] Fedora 35 Update: rust-wasmparser-0.80.1-1.fc35

Simple event-driven library for parsing WebAssembly binary files...

Google Chrome < 94.0.4606.71 Multiple Vulnerabilities

Binary data 701369.pasl...

Elastic Elasticsearch Installed (Linux)

Binary data elasticelasticsearchnixinstalled.nbin...

Boston Scientific Zoom Latitude Programmer/Recorder/Monitor Model 3120 安全漏洞

The Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor PRM Model 3120 is a portable cardiac rhythm management Crm programming system from Boston Scientific, Inc. The Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor PRM Model 3120 contains a security vulnerability that could be...

Eclipse Che 安全漏洞

Eclipse Che is an open source Java-based online integrated development environment IDE from the Eclipse Foundation. A security vulnerability exists in Eclipse Che, which stems from a security issue in the language stack build of Eclipse Che version 6. An attacker who successfully exploited the...

Thunderbird Credential Gatherer

This module searches for Thunderbird credentials on a Windows host. Module Options msf use post/windows/gather/credentials/thunderbird msf postthunderbird show actions ...actions... msf postthunderbird set ACTION msf postthunderbird show options ...show and set options... msf postthunderbird run...

Binary Vulnerability in KingView

KingView is an industrial automation configuration software produced by Beijing Asian Control Technology Development Co. A binary vulnerability exists in KingView, which can be exploited by attackers to cause the program to crash...

ctf

It is an offensive tool for reverse engineering. The repository contains a binary decompiler for a "Magic Word" challenge, which appears to be a reverse engineering exercise. The code is written in C++ and utilizes the basicstring class from the C++ Standard Library. The decompiled main function ...

QueenSono - Golang Binary For Data Exfiltration With ICMP Protocol

QueenSono tool only relies on the fact that ICMP protocol isn't monitored. It is quite common. It could also been used within a system with basic ICMP inspection ie. frequency and content length watcher. Try to imitate PyExfil and others with the idea that the target machine does not necessary ha...

Dr.Web Firewall 代码问题漏洞

Dr.Web Firewall is a network firewall from the Russian company Dr.Web. A code issue vulnerability exists in Dr.Web Firewall that originates from Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A custom loaded DLL in a legitimate binary e.g. frwlsvc.exe...

Apple iOS < 12.5.5 Multiple Vulnerabilities (HT212824)

Binary data appleios1255check.nbin...

ManageEngine Log360 Detection

Binary data manageenginelog360detect.nbin...

ManageEngine Log360 < Build 5229 REST API Restriction Bypass RCE

Binary data manageenginelog360cve-2021-40539.nbin...

mysql:8.0 security, bug fix, and enhancement update

mysql 8.0.26-1 - Update to MySQL 8.0.26 8.0.25-1 - Update to MySQL 8.0.25 8.0.24-1 - Update to MySQL 8.0.24 - Upstreamed patch: mysql-main-cast.patch 8.0.23-1 - Update to MySQL 8.0.23 - Created mysql-fix-includes-robin-hood.patch - Created mysql-main-cast.patch 8.0.22-1 - Update to MySQL 8.0.22 -...

New Capoae Malware Infiltrates WordPress Sites and Installs Backdoored Plugin

A recently discovered wave of malware attacks has been spotted using a variety of tactics to enslave susceptible machines with easy-to-guess administrative credentials to co-opt them into a network with the goal of illegally mining cryptocurrency. "The malware's primary tactic is to spread by...

Google Chrome < 94.0.4606.54 Multiple Vulnerabilities

Binary data 701368.pasl...

ManageEngine ADSelfService Plus has been abused in the wild due to a zero-day vulnerability

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. An APT actor is attempting to exploit a zero-day vulnerability in ManageEngine ADSelfService Plus, a self-service password management and single sign-on solution that poses a high risk to critical infrastructure companies,...

IBM Cognos Analytics Web Interface Detection

Binary data ibmcognosanalyticswebdetect.nbin...