41 matches found
EUVD-2017-15075
Malware in sbrugna...
EUVD-2017-16465
Malware in sbrugna...
EUVD-2021-12182
Malware in sbrugna...
CVE-2021-25271
A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Sophos Hitmanpro
引用 这篇文章的目的是介绍一种基于内核态内存的越界写入通用利用技术和相关工具复现. toc 简介 笔者的在原作者池风水利用工具以下简称工具基础上进行二次开发,新增了全自动获取内核调试模块符号的偏移量及配置参数和不同漏洞利用方式优化等功能, 解决了不同Windows版本适配问题,工具包括适配驱动和利用程序两部分组成,实现了在Windows 10 19H1之后任意版本包括满补丁系统上的稳定利用. 自Windows 10 19H1开始,用户层段堆(Segment Heap)结构后端逻辑被用于内核层,主要分为低碎片化堆Low-fragmentation Heap与VS堆Variable Size...
Sophos HitmanPro has an unspecified vulnerability
Sophos HitmanPro is an excellent multi-engine cloud anti-virus scanner from Sophos UK.Sophos HitmanPro suffers from a security vulnerability that stems from a lack of authentication, access control, permission management and other security measures in the network system or product, which could be...
Sophos HitmanPro has an unspecified vulnerability (CNVD-2021-103402)
Sophos HitmanPro is an excellent multi-engine cloud anti-virus scanner from Sophos UK.A security vulnerability exists in Sophos HitmanPro, which stems from a lack of authentication, access control, privilege management and other security measures in the network system or product. A local attacker...
CVE-2021-25271
A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318...
CVE-2021-25271
A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318...
Design/Logic Flaw
A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318...
CVE-2021-25271
The CVE-2021-25271 vulnerability affects Sophos HitmanPro prior to Build 318. A local attacker can read or write arbitrary files with administrator privileges due to improper access control, enabling escalation on affected installations. Connected sources consistently reference HitmanPro and Buil...
CVE-2021-25271
A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318...
CVE-2021-25270
CVE-2021-25270 concerns HitmanPro.Alert prior to Build 901, where a local attacker could execute arbitrary code with administrator privileges. The vulnerability is described across multiple sources (e.g., Red Hat, NVD) as a local-privilege escalation affecting HitmanPro.Alert before 901. The exac...
Sophos HitmanPro 安全漏洞
Sophos HitmanPro is an excellent multi-engine cloud anti-virus scanner from Sophos UK.Sophos HitmanPro suffers from a security vulnerability that stems from a lack of authentication, access control, permission management and other security measures in the network system or product, which could be...
Sophos HitmanPro 安全漏洞
Sophos HitmanPro is an excellent multi-engine cloud anti-virus scanner from Sophos UK.A security vulnerability exists in Sophos HitmanPro, which stems from a lack of authentication, access control, privilege management and other security measures in the network system or product. A local attacker...
CVE-2020-9540
Technical details about CVE-2020-9540 are not publicly available in the provided documents; no affected products, exploit vectors, or fixes are disclosed here. Monitor for updates.
CVE-2018-3970
An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to...
CVE-2018-3971
An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption. An attacker can send IRP...
CVE-2018-3970
Sophos HitmanPro.Alert 3.7.6.744 contains an exploitable memory-disclosure vulnerability in the hmpalert IOCTL handler (0x222000). A crafted IRP/IOCTL request can leak kernel memory to user mode, as confirmed by TALOS-2018-0635 and related OpenVAS/PT-2018-16350 analyses. The issue affects the IOC...
hitmanpro-s.cleverbridge.com Open Redirect vulnerability
Open Bug Bounty ID: OBB-617311 Description| Value ---|--- Affected Website:| hitmanpro-s.cleverbridge.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...