UBUNTU-CVE-2026-53550

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size and can block...

GHSA-2G2G-8P8H-FGWM Twig: XSS in profiler HtmlDumper via unescaped template and profile names

Description Twig\Profiler\Dumper\HtmlDumper writes Profile::getTemplate and Profile::getName straight into its HTML output without escaping: php protected function formatTemplateProfile $profile, $prefix: string return \sprintf'%s└ %s', $prefix, self::$colors'template', $profile-getTemplate; The...

XSS in profiler HtmlDumper via unescaped template and profile names

More info at https://symfony.com/cve-2026-47730...

CVE-2026-4851

GRID::Machine (Perl) up to version 0.127 is affected by arbitrary code execution due to unsafe deserialization in read_operation() where $arg is deserialized via eval(); a compromised remote host can inject Perl code in the Dumper-formatted response, executing on the client with every RPC call. T...

CVE-2026-4851

GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization. GRID::Machine provides Remote Procedure Calls RPC over SSH for Perl. The client connects to remote hosts to execute code on them. A compromised or malicious remote host can execute arbitrary...

CVE-2025-10283

BBOT's gitdumper module could be abused to execute commands through a malicious git repository...

EUVD-2014-4257

Malware in sbrugna...

EUVD-2017-1347

Malware in sbrugna...

SUSE CVE-2025-39764

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: remove refcounting in expectation dumpers Same pattern as previous patch: do not keep the expectation object alive via refcount, only store a cookie value and then use that as the skip hint for dump...

UBUNTU-CVE-2025-39764

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: remove refcounting in expectation dumpers Same pattern as previous patch: do not keep the expectation object alive via refcount, only store a cookie value and then use that as the skip hint for dump...

CVE-2025-39764

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: remove refcounting in expectation dumpers Same pattern as previous patch: do not keep the expectation object alive via refcount, only store a cookie value and then use that as the skip hint for dump...

Linux Distros Unpatched Vulnerability : CVE-2020-25739

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escapemode parameter to escape fields as an XSS protection...

Linux Distros Unpatched Vulnerability : CVE-2014-4330

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context- dependent attackers to cause a denial of service stack...

Telpho10 Backup Credentials Dumper

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Telpho10 Backup Credentials Dumper', 'Description' = %q This module exploits a vulnerability present in all versions of Telpho10 telephone system...

HP ProCurve SNAC Domain Controller Credential Dumper

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'HP ProCurve SNAC Domain Controller Credential Dumper', 'Description' = %q This module will extract Domain Controller...

RHEL 4 : perl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - perl: File::Temp insecure temporary file handling CVE-2011-4116 - perl: heap buffer overrun flaw may lead...

RHEL 7 : perl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - perl: segmentation fault in Sregmatch on negative backreference CVE-2013-7422 - perl: XSLoader loads...

PPLBlade - Protected Process Dumper Tool

Protected Process Dumper Tool that support obfuscating memory dump and transferring it on remote workstations without dropping it onto the disk. Key functionalities : 1. Bypassing PPL protection 2. Obfuscating memory dump files to evade Defender signature-based detection mechanisms 3. Uploading...

SUSE CVE-2014-4330

The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service stack consumption and crash via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DDdump...

DragonCastle - A PoC That Combines AutodialDLL Lateral Movement Technique And SSP To Scrape NTLM Hashes From LSASS Process

A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process. Description Upload a DLL to the target machine. Then it enables remote registry to modify AutodialDLL entry and start/restart BITS service. Svchosts would load our DLL, set again AutodiaDL...