Buffer-Overflow-Exploit-C

Buffer Overflow & Stack Smashing Exploit Overview This pro...

Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure

High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The activity, which has targeted aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors, has been...

SUSE CVE-2026-26201

emp3r0r is a C2 designed by Linux users for Linux environments. Prior to version 3.21.2, multiple shared maps are accessed without consistent synchronization across goroutines. Under concurrent activity, Go runtime can trigger fatal error: concurrent map read and map write, causing C2 process cra...

CVE-2026-26201

The GHSA advisory describes a DoS due to concurrent map access in emp3r0r components written in Go. Specifically, operator relay, port-forwarding, and FTPStreams maps are accessed without consistent synchronization, leading to a panic: fatal error: concurrent map read and map write under high con...

PT-2026-7913

Name of the Vulnerable Software and Affected Versions emp3r0r versions prior to 3.21.1 Description emp3r0r is a command and control C2 tool designed for Linux environments. Versions prior to 3.21.1 accept untrusted agent metadata, specifically Transport and Hostname, during the check-in process...

ProbeSuite

text...

EUVD-2017-16971

Malware in sbrugna...

EUVD-2020-10112

Malware in sbrugna...

EUVD-2020-25525

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2022-21256

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.27 and prior...

BIT-NODE-MIN-2024-21892

On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAPNETBINDSERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this...

Progress OpenEdge Installed (Linux)

Binary data progressopenedgenixinstalled.nbin...

Perfectl Malware

Perfectl in an impressive piece of malware: The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua Security...

Moby (Docker Engine) started with non-empty inheritable Linux process capabilities

Impact A bug was found in Moby Docker Engine where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during...

Security Bulletin: IBM Spectrum Conductor provides upgraded software packages to address known CVEs

IBM Spectrum Conductor 2.5.1 Fix 601861 provides upgraded software packages to address known CVEs. Several software versions have been upgraded with Fix 601861. IBM Spectrum Conductor 2.5.1 Fix 601861 is a security fix that provides upgraded versions of software packages included with IBM Spectru...

CBL Mariner 2.0 Security Update: moby-runc (CVE-2022-24769)

The version of moby-runc installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-24769 advisory. - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bu...

SUSE CVE-2017-7652

In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lots of clients connected so that there are no more file descriptors/sockets available default limit...

Oracle Linux 9 : runc (ELSA-2022-8090)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-8090 advisory. 4:1.1.4-1 - update to https://github.com/opencontainers/runc/releases/tag/v1.1.4 - Related: 2061316 Tenable has extracted the preceding description block direct...

runc: incorrect handling of inheritable capabilities

A flaw was found in runc, where runc exec --cap executed processes with non-empty inheritable Linux process capabilities. This issue creates an atypical Linux environment and enables programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-2129)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...