31 matches found
USN-7902-1: CRaC JDK 25 vulnerabilities
Jinfeng Guo discovered that the Security component of CRaC JDK 25 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JA...
USN-7902-1 openjdk-25-crac vulnerabilities
Jinfeng Guo discovered that the Security component of CRaC JDK 25 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JA...
USN-7885-1: OpenJDK 21 vulnerabilities
Jinfeng Guo discovered that the Security component of OpenJDK 21 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JAX...
USN-7884-1: OpenJDK 25 vulnerabilities
Jinfeng Guo discovered that the Security component of OpenJDK 25 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JAX...
USN-7884-1 openjdk-25 vulnerabilities
Jinfeng Guo discovered that the Security component of OpenJDK 25 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JAX...
USN-7883-1: OpenJDK 17 vulnerabilities
Jinfeng Guo discovered that the Security component of OpenJDK 17 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JAX...
USN-7882-1 openjdk-lts vulnerabilities
Jinfeng Guo discovered that the Security component of OpenJDK 11 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JAX...
USN-7881-1: OpenJDK 8 vulnerabilities
Jinfeng Guo discovered that the Security component of OpenJDK 8 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JAXP...
EUVD-2025-16447
Malicious code in bioql PyPI...
SUSE-SU-2025:0618-1 Security update for postgresql17
This update for postgresql17 fixes the following issues: Upgrade to 17.4: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093...
Exploit for Classic Buffer Overflow in Draytek Vigor3910_Firmware
CVE-2022-32548-RCE-POC DrayTek unauthenticated remote code exe...
Automating Qakbot decode at scale
This is a technical post covering practical methodology to extract configuration data from recent Qakbot samples. In this blog, I will provide some background on Qakbot, then walk through decode themes in an easy to visualize manner. I will then share a Velociraptor artifact to detect and automat...
CVE-2019-12677
A vulnerability in the Secure Sockets Layer SSL VPN feature of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause a denial of service DoS condition that prevents the creation of new SSL/Transport Layer Security TLS connections to an affected...
Design/Logic Flaw
A vulnerability in the Secure Sockets Layer SSL VPN feature of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause a denial of service DoS condition that prevents the creation of new SSL/Transport Layer Security TLS connections to an affected...
CVE-2019-12677 Cisco Adaptive Security Appliance Software SSL VPN Denial of Service Vulnerability
A vulnerability in the Secure Sockets Layer SSL VPN feature of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause a denial of service DoS condition that prevents the creation of new SSL/Transport Layer Security TLS connections to an affected...
CVE-2019-12677 Cisco Adaptive Security Appliance Software SSL VPN Denial of Service Vulnerability
A vulnerability in the Secure Sockets Layer SSL VPN feature of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause a denial of service DoS condition that prevents the creation of new SSL/Transport Layer Security TLS connections to an affected...
Cisco Adaptive Security Appliance Software SSL VPN Denial of Service Vulnerability
A vulnerability in the Secure Sockets Layer SSL VPN feature of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to cause a denial of service DoS condition that prevents the creation of new SSL/Transport Layer Security TLS connections to an affected...
Decodify - Detect And Decode Encoded Strings Recursively
Decodify can detect and decode encoded strings, recursively. Its currently in beta phase. Lets take this string : teamultimate.in and encode it with Hex, URL, Base64 and FromChar encoding, respectively. Now lets pass this encoded string to Decodify: Boom! Thats what Decodify does. Supported...
p0wnedShell - PowerShell Runspace Post Exploitation Toolkit
p0wnedShell is an offensive PowerShell host application written in C that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment .NET. It has a lot of offensive PowerShell modules and binaries included to make the process of Post...
USN-1894-1: curl vulnerability
Timo Sirainen discovered that libcurl incorrectly handled memory when parsing URL encoded strings. An attacker could possibly use this issue to cause libcurl to crash, leading to a denial of service, or execute arbitrary code...