26 matches found
CVE-2026-7572
An off-by-one error CWE-193 in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service DoS via a process crash by providing a specially crafted .evtx file to the parseevtx VQL...
SUSE CVE-2026-7572
An off-by-one error CWE-193 in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service DoS via a process crash by providing a specially crafted .evtx file to the parseevtx VQL...
Off-by-one Error
Overview Affected versions of this package are vulnerable to Off-by-one Error in the ConsumeUnit16Array and ConsumeUnit64Array functions. An attacker can cause a process crash by supplying a specially crafted .evtx file to the parseevtx VQL plugin on Windows and Linux systems. Remediation A fix w...
GHSA-6CMP-QV2F-X97X Velocidex Velociraptor has an off-by-one error
An off-by-one error CWE-193 in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service DoS via a process crash by providing a specially crafted .evtx file to the parseevtx VQL...
Velocidex Velociraptor has an off-by-one error
An off-by-one error CWE-193 in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service DoS via a process crash by providing a specially crafted .evtx file to the parseevtx VQL...
CVE-2026-7572
An off-by-one error CWE-193 in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service DoS via a process crash by providing a specially crafted .evtx file to the parseevtx VQL...
EUVD-2026-27516
An off-by-one error CWE-193 in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service DoS via a process crash by providing a specially crafted .evtx file to the parseevtx VQL...
CVE-2026-7572 Velociraptor EVTX Parser — Process Crash via Crafted .evtx File
An off-by-one error CWE-193 in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service DoS via a process crash by providing a specially crafted .evtx file to the parseevtx VQL...
CVE-2026-7572 Velociraptor EVTX Parser — Process Crash via Crafted .evtx File
An off-by-one error CWE-193 in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service DoS via a process crash by providing a specially crafted .evtx file to the parseevtx VQL...
CVE-2026-7572
An off-by-one error CWE-193 in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service DoS via a process crash by providing a specially crafted .evtx file to the parseevtx VQL...
PT-2026-37338
Name of the Vulnerable Software and Affected Versions Velocidex Velociraptor versions prior to 0.76.5 Description An off-by-one error in the ConsumeUnit16Array and ConsumeUnit64Array functions allows a local attacker to cause a Denial of Service DoS via a process crash. This occurs when a special...
CVE-2024-34060
IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The iris-evtx-module is a pipeline plugin of iris-web that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely...
Pentest-and-Development-Tips
Pentest-and-Development-Tips A collection of pentest and development tips Author: 3gstudent Click on me to view the English version 声明 以下技巧不应用于非法用途 --- Tips 1. 手动端口探测 nmap的-sV可以探测出服务版本,但有些情况下必须手动探测去验证 使用Wireshark获取响应包未免大材小用,可通过nc简单判断 eg. 对于8001端口,nc连接上去,随便输入一个字符串,得到了以下结果: $ nc -vv localhost 8001...
CVE-2024-34060
IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The iris-evtx-module is a pipeline plugin of iris-web that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely...
CVE-2024-34060 Arbitrary File Write in IRIS EVTX Pipeline
IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The iris-evtx-module is a pipeline plugin of iris-web that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely...
CVE-2024-34060 Arbitrary File Write in IRIS EVTX Pipeline
IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The iris-evtx-module is a pipeline plugin of iris-web that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely...
CVE-2024-34060 Arbitrary File Write in IRIS EVTX Pipeline
IrisEVTXModule is an interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX log files. The iris-evtx-module is a pipeline plugin of iris-web that processes EVTX files through IRIS web application. During the upload of an EVTX through this pipeline, the filename is not safely...
PT-2024-4060 · Unknown · Irisevtxmodule
Name of the Vulnerable Software and Affected Versions: IrisEVTXModule versions prior to 1.0.0 Description: The issue is related to the incorrect restriction of the directory path name with limited access in the IrisEVTXModule, which handles Microsoft EVTX log files. This can lead to remote code...
Winevt_Logs_Analysis - Searching .Evtx Logs For Remote Connections
Simple script for the purpose of finding remote connections to Windows machine and ideally some public IPs. It checks for some EventIDs regarding remote logins and sessions. You should pip install -r requirements.txt so the script can work and parse some of the .evtx files inside winevt folder. T...
Grafiki - Threat Hunting Tool About Sysmon And Graphs
Grafiki is a Django project about Sysmon and graphs, for the time being. In my opinion EventViewer, Elastic and even Kibana, are not graphic enough. The current threats are complicated and if attackers think in graphs, defenders also must do it. This is a proof of concept, the code was not debugg...