CVE-2022-34008

Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privileged attacker can use an NTFS directory junction to restore a malicious DLL from quarantine into the System32 folder...

Comodo Antivirus 后置链接漏洞

Comodo Antivirus is a gaming antivirus from Comodo, Inc. A security vulnerability exists in Comodo Antivirus version 12.2.2.8012 that originates from the ability to restore a malicious DLL from quarantine to a System32 folder using an NTFS directory link. An attacker can exploit this vulnerabilit...

OSV-2022-490 Stack-buffer-overflow in spvtools::opt::CompositeInsertToCompositeConstruct

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48060 Crash type: Stack-buffer-overflow READ 4 Crash state: spvtools::opt::CompositeInsertToCompositeConstruct std::1::function::funcbool spvtools::opt::InstructionFolder::FoldInstructionInternal...

The vulnerability of the Work Folder Service in Windows operating systems arises from synchronization errors when using a shared resource, allowing attackers to escalate their privileges.

The vulnerability of the Work Folder Service in Windows operating systems is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to increase their privileges...

PT-2022-21718 · Trend Micro · Trend Micro Vpn Proxy One Pro

Name of the Vulnerable Software and Affected Versions: Trend Micro VPN Proxy Pro versions 5.2.1026 and below Description: The issue involves overly permissive folders in a key directory, which could allow a local attacker to obtain privilege escalation on an affected system. Recommendations: For...

WordPress Enqueue Anything plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

Real Player v.20.0.8.310 G2 Control - DoGoToURL() Remote Code Execution Exploit

Exploit Title: Real Player v.20.0.8.310 G2 Control - 'DoGoToURL' Remote Code Execution RCE Exploit Author: Eduardo Braun Prado Vendor Homepage: http://real.com/ Software Link: http://real.com/ Version: v.20.0.8.310 Tested on: Windows 7, 8.1, 10 CVE : N/A Full PoC:...

The vulnerability of D-Link DIR816L router’s microprogramming software allows a hacker to gain access to the folder_view.php and category_view.php folders.

The vulnerability of D-Link DIR816L router’s microprogramming software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to the folders folderview.php and categoryview.php...

Real Player v.20.0.8.310 G2 Control - 'DoGoToURL()' Remote Code Execution (RCE)

Exploit Title: Real Player v.20.0.8.310 G2 Control - 'DoGoToURL' Remote Code Execution RCE Google Dork: n/a Date: May 31, 2022 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://real.com/ Software Link: http://real.com/ Version: v.20.0.8.310 Tested on: Windows 7, 8.1, 10 CVE : N/A Full...

Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks

The Iranian state-sponsored threat actor tracked under the moniker Lyceum has turned to using a new custom .NET-based backdoor in recent campaigns directed against the Middle East. "The new malware is a .NET based DNS Backdoor which is a customized version of the open source tool 'DIG.net,'"...

The vulnerability of the conf_id parameter in the TrueConf Server software lies in the possibility of bypassing the path in the script /client/upsld/v1. This allows a perpetrator to execute arbitrary code by writing a specially crafted php file into a folder accessible through the web interface.

The vulnerability of the confid parameter in the TrueConf Server software relates to the possibility of bypassing the path in the script /client/upsld/v1. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by writing a specially crafted php file to a folder accessibl...

CVE-2022-32270

In Real Player 20.0.7.309 and 20.0.8.310, external::Import allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder DLL planting could also occur...

CVE-2022-32270

In Real Player 20.0.7.309 and 20.0.8.310, external::Import allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder DLL planting could also occur...

Directory traversal

In Real Player 20.0.7.309 and 20.0.8.310, external::Import allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder DLL planting could also occur...

Jfinal CMS SQL Injection Vulnerability

Jfinal CMS is a powerful information consulting website developed by java, using the simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS version 5.1 has a SQL injection vulnerability, the vulnerability originate...

PersistBOF - Tool To Help Automate Common Persistence Mechanisms

A tool to help automate common persistence mechanisms. Currently supports Print Monitor SYSTEM, Time Provider Network Service, Start folder shortcut hijacking User, and Junction Folder User Usage Clone, run make, add .cna to Cobalt Strike client. run: help persist-ice in CS console Syntax:...

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the modification of contents in the intermediate build folder by default obj. An attacker can alter the contents of this folder by authenticating and exploiting the...

GHSA-3HCM-6FJC-47QQ NuGet Package Manager Tampering Vulnerability

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder by default obj, aka 'NuGet Package Manager Tampering Vulnerability'...

CVE-2022-23050

ManageEngine AppManager15 Build No:15510 allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality...

CVE-2022-23050

ManageEngine AppManager15 Build No:15510 allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality...