GHSA-37VR-VMG4-JWPW Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets

Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected version...

PT-2024-20594 · Node.Js +1 · Node.Js +1

Name of the Vulnerable Software and Affected Versions: pkg affected versions not specified Description: The issue arises from the pkg tool writing native code packages to a hardcoded directory, specifically /tmp/pkg/ on Unix systems, which is a shared directory for all users on the same local...

pkg security vulnerability

npm pkg is a library from npm that packages Node.js projects into executables. A security vulnerability exists in pkg 5.8.1 and earlier, which stems from the fact that any native code package pkg built writes to a hardcoded directory, and can be exploited by an attacker to replace a genuine...

CVE-2023-6518

Plaintext Storage of a Password vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7...

Spoofing

Plaintext Storage of a Password vulnerability in Mia Technology Inc. MIA-MED allows Read Sensitive Strings Within an Executable.This issue affects MIA-MED: before 1.0.7...

CVE-2023-6518 Password Disclosure in Mia Technology's Mia-Med

Plaintext Storage of a Password vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable. This issue affects MİA-MED: before 1.0.7...

Mia Technology MIA-MED Security Vulnerability

Mia Technology MIA-MED is a hospital management system from Mia Technology. A security vulnerability exists in Mia Technology MIA-MED versions prior to 1.0.7. An attacker can exploit the vulnerability to read sensitive strings within an executable file...

Mia Technology MIA-MED Security Vulnerability

Mia Technology MIA-MED is a hospital management system from Mia Technology. A security vulnerability exists in Mia Technology MIA-MED versions prior to 1.0.7 that originates from storing passwords in plaintext. An attacker can exploit the vulnerability to read sensitive strings in an executable...

kernel: Executable Space Protection Bypass

A vulnerability was found in the Linux kernel when certain binary files have the exec-all attribute with gcc. This issue can cause the execution of bytes located in the non-executable regions of a file...

Design/Logic Flaw

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the...

Input validation

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

CVE-2024-1201

Search path or unquoted item vulnerability in HDD Health affecting versions 4.2.0.112 and earlier. This vulnerability could allow a local attacker to store a malicious executable file within the unquoted search path, resulting in privilege escalation...

OESA-2024-1117 shim security update

Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker...

Puppet Config Gather

This module will grab Puppet config files, credentials, host information, and file buckets. Module Options msf use post/linux/gather/puppet msf postpuppet show actions ...actions... msf postpuppet set ACTION msf postpuppet show options ...show and set options... msf postpuppet run This module...

AnyDesk Desktop Detection Consolidation

Consolidation of AnyDesk Desktop detections. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; ifdescription...

AZL-35273 CVE-2023-40549 affecting package shim-unsigned-x64 for versions less than 15.8-3

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service...

Saltstack Minion Payload Deployer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Saltstack Minion Payload Deployer', 'Description' = %q This exploit module uses saltstack salt to deploy a payload and run it on all targets whic...

Saltstack Minion Payload Deployer Exploit

This Metasploit exploit module uses saltstack salt to deploy a payload and run it on all targets which have been selected default all. Currently only works against nix targets. This module requires Metasploit: https://metasploit.com/download Current source:...

UBUNTU-CVE-2023-40548

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This fl...

PT-2024-2763 · Shim +6 · Shim +6

Name of the Vulnerable Software and Affected Versions: Shim affected versions not specified Description: The issue is related to an out-of-bounds read flaw in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE...