67 matches found
CVE-2026-36044
@pensar/apex = 0.0.58 is vulnerable to OS command injection via the smartenumerate tool. The createSmartEnumerateTool function in src/core/agent/tools.ts constructs a shell command by concatenating unsanitized values from the extensions array and url parameter into a string passed to Node.js...
OpenMcdf: Uncatchable infinite loop in DirectoryTree.TryGetDirectoryEntry on crafted CFB directory cycle
Summary The BST name-lookup loop in DirectoryTree.TryGetDirectoryEntry OpenMcdf/DirectoryTree.cs:35-46 walks directory entries by repeatedly calling directories.TryGetSiblingchild, siblingType, validateColor. A crafted CFB file with cyclic Left/Right sibling links among directory entries -...
EUVD-2022-40638
Malicious code in bioql PyPI...
Job Iteration API 操作系统命令注入漏洞
Job Iteration API is an open source API interface from Shopify. An operating system command injection vulnerability exists in Job Iteration API versions prior to 1.11.0, which stems from arbitrary code execution in the CsvEnumerator class that could lead to unauthorized access or data disclosure...
DNS Record Scanner and Enumerator
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DNS Record Scanner and Enumerator', 'Description' = %q This module can be used to gather information about a domain from a given DNS server by...
CloudBrute - Awesome Cloud Enumerator
A tool to find a company target infrastructure, files, and apps on the top cloud providers Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode. The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike. The complete writeup is available. here Motivation ...
Legba - A Multiprotocol Credentials Bruteforcer / Password Sprayer And Enumerator
Legba is a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust and the Tokio asynchronous runtime in order to achieve better performances and stability while consuming less resources than similar tools see the benchmark below. For the building instructions, usa...
RWS WorldServer 11.7.3 - Session Token Enumeration
Exploit Title: RWS WorldServer 11.7.3 - Session Token Enumeration Session tokens in RWS WorldServer have a low entropy and can be enumerated, leading to unauthorised access to user sessions. Details ======= Product: WorldServer Affected Versions: 11.7.3 and earlier versions Fixed Version: 11.8.0...
RWS WorldServer 11.7.3 Session Token Enumeration
Advisory: Session Token Enumeration in RWS WorldServer Session tokens in RWS WorldServer have a low entropy and can be enumerated, leading to unauthorised access to user sessions. Details ======= Product: WorldServer Affected Versions: 11.7.3 and earlier versions Fixed Version: 11.8.0 Vulnerabili...
The vulnerability of the Windows operating system’s Portable Device Enumerator Service allows a hacker to circumvent existing security restrictions.
The vulnerability of the Windows Operating System’s Portable Device Enumerator Service is related to the use of a rigidly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions...
Microsoft Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability
Microsoft Windows is an operating system for personal devices from Microsoft Corporation USA.A security feature bypass vulnerability exists in Microsoft Windows Portable Device Enumerator Service, which could be exploited by an attacker to compromise the confidentiality, integrity, or The...
CVE-2022-38032
Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability...
Security feature bypass
Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability...
CVE-2022-38032 Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability
...
CVE-2022-38032 Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability
...
PT-2022-5444 · Microsoft · Windows Portable Device Enumerator Service +1
Name of the Vulnerable Software and Affected Versions: Windows Portable Device Enumerator Service affected versions not specified Description: The issue is related to the use of a hardcoded cryptographic key in the Windows Portable Device Enumerator Service. This could allow an attacker to bypass...
Microsoft Windows Portable Device Enumerator Service 安全漏洞
Microsoft Windows is an operating system for personal devices from Microsoft Corporation USA.A security feature bypass vulnerability exists in Microsoft Windows Portable Device Enumerator Service, which could be exploited by an attacker to compromise the confidentiality, integrity, or The...
CVE-2022-38032
Technical details for CVE-2022-38032 are not publicly provided in the supplied documents; monitor for updates from Microsoft MSRC and related references.
Fedora: Security Advisory for golang-github-redteampentesting-monsoon (FEDORA-2022-37aef44d1e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: golang-github-redteampentesting-monsoon-0.6.0-7.fc36
Fast HTTP enumerator...