19 matches found
CVE-2025-14956
CVE-2025-14956 affects WebAssembly Binaryen up to 125. The vulnerability is in WasmBinaryReader::readExport (src/wasm/wasm-binary.cpp), causing a heap-based buffer overflow that can be exploited on the local host. Public exploit details exist; patch referenced as 4f52bff8c4075b5630422f902dd92a0af...
UBUNTU-CVE-2025-34449
Genymobile/scrcpy versions up to and including 3.3.3, prior to commit 3e40b24, contain a buffer overflow vulnerability in the scdevicemsgdeserialize function. A compromised device can send crafted messages that cause out-of-bounds reads, which may result in memory corruption or a denial-of-servic...
EUVD-2015-2430
Malware in sbrugna...
EUVD-2008-1393
Malware in sbrugna...
EUVD-2021-30370
Malicious code in bioql PyPI...
EUVD-2021-28375
Malicious code in bioql PyPI...
CVE-2025-6816
CVE-2025-6816 affects HDF5 1.14.6 and earlier; the heap-based overflow occurs in H5O__fsinfo_encode within /src/H5Ofsinfo.c. Impact is local: an attacker on the same host could trigger a crash or corruption as described. A patched version is available (e.g., 1.14.6-1 or newer); upgrade to the pat...
CVE-2025-3805
A vulnerability classified as critical was found in sarrionandia tournatrack up to 4c13a23f43da5317eea4614870a7a8510fc540ec. Affected by this vulnerability is an unknown functionality of the file checkid.py of the component Jinja2 Template Handler. The manipulation of the argument ID leads to...
UPDATED VERSION: AutoSploit 2.2
PenTestIT RSS Feed It has been some days since there was a lot of hue and cry about AutoSploit and eventually everything subsided. I wrote about it in a post titled AutoSploit = Shodan/Censys/Zoomeye + Metasploit too. Recently, an updated an improved updated version - AutoSploit 2.2 was released...
Moxa AWK-3131A 1.4 < 1.7 - Username OS Command Injection Exploit
Exploit for hardware platform in category remote exploits !/usr/bin/env python2 import telnetlib import re import random import string Split string into chunks, of which each is /var/a' - 1 completed = temp = re.split'\n', script for content in temp: if lencontent != 0: for s in re.split' ',...
Automated Mass Exploiter: AutoSploit
As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets are collected automatically as well by employing the Shodan.io API. The program allows the user to enter their platform specific search query such as; Apache , IIS , etc, upon which a list of...
ITA Forum Multiple Scripts SQL Injection
The remote host is running ITA Forum, a forum software written in PHP. There is a SQL injection issue in the remote version of this software which may allow an attacker to execute arbitrary SQL statements on the remote host and to potentially overwrite arbitrary files on the remote system, by...
Minis minis.php month Parameter Traversal Arbitrary File Access
The remote host is running Minis, a weblogging system written in PHP. The remote version of this software is vulnerable to a directory traversal attack. Input to the 'month' parameter of the 'minis.php' script is not properly sanitized. A remote attacker could exploit this to read arbitrary files...
CVSTrac < 1.1.5 Multiple XSS
The remote host seems to be running CVSTrac, a web-based bug and patch-set tracking system for CVS. According to its version number, the remote installation of CVSTrac has multiple cross-site scripting flaws. A remote attacker could exploit this by tricking a user into requesting a malicious URL,...
F-Secure SSH Password Authentication Policy Evasion
According to its banner, the version of F-Secure SSH running on the remote host allows a user to log in using a password, even though the server policy disallows it. An attacker could exploit this flaw to run a dictionary attack against the SSH server. C Tenable Network Security, Inc...
Solaris sadmind AUTH_SYS Credential Remote Command Execution
The remote host is running the sadmind RPC service. It is possible to misuse this service to execute arbitrary commands on this host as root. C Tenable Network Security, Inc. Greatly improved by H D Moore include"compat.inc"; if description scriptid11841; scriptversion"1.34"; scriptcvsdate"Date:...
CSO Lanifex Outreach Project Tool 0.946b - Request Origin Spoofing
CSO Lanifex Outreach Project Tool 0.946b - Request Origin Spoofing source: https://www.securityfocus.com/bid/6630/info It has been reported that OPT accepts the values supplied supplied by users in HTTP headers as the originating IP address of a request. It is possible for a remote host to supply...
CSO Lanifex Outreach Project Tool 0.946b - Request Origin Spoofing
source: https://www.securityfocus.com/bid/6630/info It has been reported that OPT accepts the values supplied supplied by users in HTTP headers as the originating IP address of a request. It is possible for a remote host to supply a fake IP address in one of these environment variables that would...
SGI InfoSearch infosrch.cgi fname Parameter Arbitrary Command Execution
The remote web server is hosting the 'infosrch.cgi' script. The installed version of this script fails to properly sanitize user- supplied input to the 'fname' variable. An attacker, exploiting this flaw, could execute arbitrary commands on the remote host subject to the privileges of the web...