Secure Parsing and Serializing with Separation Logic Applied to CBOR, CDDL, and COSE

Incorrect handling of security-critical data formats, particularly in low-level languages, are the root cause of many security vulnerabilities. Provably correct parsing and serialization tools that target languages like C can help. Towards this end, we present PulseParse, a library of verified...

ReCopilot: Reverse Engineering Copilot in Binary Analysis

Binary analysis plays a pivotal role in security domains such as malware detection and vulnerability discovery, yet it remains labor-intensive and heavily reliant on expert knowledge. General-purpose large language models LLMs perform well in programming analysis on source code, while...

PT-2025-22533 · Unknown · Nexus Series +2

Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3. NEXUS Series versions through 3. MATRIX Series versions through 3. Description: The issue is related to DLL's not being digitally signed when loaded in ASPECT's configuration toolset. This exposes the...

CVE-2002-2221

Untrusted search path vulnerability in Pedro Lineu Orso chetcpasswd 2.4.1 and earlier allows local users to gain privileges via a modified PATH that references a malicious cp binary. NOTE: this issue might overlap CVE-2006-6639...

CVE-2025-5051

A vulnerability classified as critical has been found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component BINARY Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may...

CVE-2025-5051 FreeFloat FTP Server BINARY Command buffer overflow

A vulnerability classified as critical has been found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component BINARY Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may...

CVE-2025-5051 FreeFloat FTP Server BINARY Command buffer overflow

A vulnerability classified as critical has been found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component BINARY Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may...

FreeFloat FTP Server 安全漏洞

FreeFloat FTP Server is a FTP Server software developed by FreeFloat Inc. FreeFloat FTP Server suffers from a BINARY command buffer overflow vulnerability. The vulnerability is caused due to incorrect boundary checking in the component BINARY command handler, and no detailed vulnerability details...

[slackware-security] glibc

New glibc packages are available for Slackware 15.0 to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/aaaglibc-solibs-2.33-i586-8slack15.0.txz: Rebuilt. patches/packages/glibc-2.33-i586-8slack15.0.txz: Rebuilt. This update fixes a security issue: el...

Exploit for CVE-2025-40634

CVE-2025-40634 The TP-Link Archer AX50 router is vulnerable t...

Zscaler Client Connector Installed (Linux)

Binary data zscalerclientconnectorlinuxinstalled.nbin...

Zscaler Client Connector Installed (macOS)

Binary data zscalerclientconnectormacosinstalled.nbin...

PT-2025-22127 · Tp Link · Tp-Link Archer C50

Name of the Vulnerable Software and Affected Versions: TP-Link Archer AX50 versions prior to 1.0.15 build 241203 rel61480 Description: The issue is a stack-based buffer overflow vulnerability in the 'conn-indicator' binary running as root on the TP-Link Archer AX50 router. This vulnerability allo...

The vulnerability of the dlopen() function in the system library glibc, which allows a hacker to execute arbitrary code

The vulnerability of the dlopen function in the glibc system library is related to the use of an insecure path for searching executable programs when processing the LDLIBRARYPATH variable. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially...

D-Link DCS-932L 安全漏洞

The D-Link DCS-932L is a network surveillance camera from China AUO D-Link. It is used for security and surveillance. The D-Link DCS-932L suffers from a buffer overflow vulnerability that originates from the failure of the parameter CameraName in the file /sbin/ucp to properly validate the length...

CLSA-2025-1747431252 Update of alt-php

Bump ABI 4.4.0-274...

CLSA-2025-1747431031 Update of alt-php

Bump ABI 4.15.0-247...

Evaluating the Robustness of Adversarial Defenses in Malware Detection Systems

Machine learning is a key tool for Android malware detection, effectively identifying malicious patterns in apps. However, ML-based detectors are vulnerable to evasion attacks, where small, crafted changes bypass detection. Despite progress in adversarial defenses, the lack of comprehensive...

The vulnerability of the ssdpcgi_main function in the binary file cgibin of D-Link DIR-815 router microprogramming software, allowing a hacker to execute any command they desire.

The vulnerability of the ssdpcgimain function in the binary file cgibin of D-Link DIR-815 router microprogramming software is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2024-23815

A vulnerability has been identified in Desigo CC All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone, Desigo CC All versions if access from Installed Clients to Desigo CC server is only allowed within highly protected zones...