137 matches found
CVE-2026-39420
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allows an authenticated user with tool execution privileges to escape the LDPRELOAD-based sandbox. By env command the attacker can clear the environment variables and drop...
EUVD-2005-4527
Malware in sbrugna...
EUVD-2001-0169
Malware in sbrugna...
EUVD-2002-1455
Malware in sbrugna...
EUVD-2020-20535
Malware in sbrugna...
EUVD-2006-1630
Malware in sbrugna...
EUVD-2003-0603
Malware in sbrugna...
CVE-2023-27199
PAX Technology A930 PayDroid7.1.1VirgoV04.5.0220220722 allows attackers to compile a malicious shared library and use LDPRELOAD to bypass authorization checks...
CVE-2020-28045
An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires installed applications and all system binaries to be signed either by the manufacturer or by the Point Of Sale application developer and distributor. The signature is a 2048-byte RSA signature verified in...
CVE-2023-1521
On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LDPRELOAD. If the server is run as root which is the default when installing the snap package https://snapcraft.io/sccache , this means a user...
CVE-2023-1521 Local Privilege Escalation in sccache
On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LDPRELOAD. If the server is run as root which is the default when installing the snap package https://snapcraft.io/sccache , this means a user...
CVE-2024-41956 Soft Serve allows arbitrary code execution by crafting git-lfs requests
Soft Serve is a self-hostable Git server for the command line. Prior to 0.7.5, it is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git. The issue is that Soft Serve passes all environment variables given by...
D3m0n1z3dShell - Demonized Shell Is An Advanced Tool For Persistence In Linux
Demonized Shell is an Advanced Tool for persistence in linux. Install git clone https://github.com/MatheuZSecurity/D3m0n1z3dShell.git cd D3m0n1z3dShell chmod +x demonizedshell.sh sudo ./demonizedshell.sh One-Liner Install Download D3m0n1z3dShell with all files: curl -L...
Exploit for CVE-2023-1521
PoC bash gcc -sha...
Authorization
PAX Technology A930 PayDroid7.1.1VirgoV04.5.0220220722 allows attackers to compile a malicious shared library and use LDPRELOAD to bypass authorization checks...
CVE-2023-27199
PAX Technology A930 PayDroid7.1.1VirgoV04.5.0220220722 allows attackers to compile a malicious shared library and use LDPRELOAD to bypass authorization checks...
Behind the Screen: Three Vulnerabilities in RenderDoc
The Qualys Threat Research Unit TRU has discovered three vulnerabilities in RenderDoc. This blog will delve into the details of these three newly discovered vulnerabilities found within RenderDocs implementation. As part of our ongoing commitment to safeguard digital assets and strengthen...
sccache vulnerable to privilege escalation if server is run as root
Impact On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LDPRELOAD. If the server is run as root which is the default when installing the snap package, this means a user running the sccache...
Exploit for Out-of-bounds Read in Adobe Bridge
Exploit for CVE-2021-44168 Purpose Exploit CVE-2021-44168...
Exploit for Download of Code Without Integrity Check in Fortinet Fortios
Exploit for CVE-2021-44168 Purpose Exploit CVE-2021-44168...