PAX Technology A930 安全漏洞

PAX Technology A930 is an Android mobile payment terminal from PAX Global PAX Technology, China. A security vulnerability exists in the PAX A930 PayDroid7.1.1VirgoV04.5.0220220722 version, which originates from a vulnerability that allows an attacker to compile malicious shared libraries and bypa...

Malicious NPM Libraries Caught Installing Password Stealer and Ransomware

Malicious actors have yet again published two more typosquatted libraries to the official NPM repository that mimic a legitimate package from Roblox, the game company, with the goal of distributing stealing credentials, installing remote access trojans, and infecting the compromised systems with...

USN-4870-1 bundler vulnerability

It was discovered that Bundler incorrectly created directories with insecure permissions in /tmp. An attacker could write malicious libraries to this location for later execution...

USN-4870-1: Bundler vulnerability

It was discovered that Bundler incorrectly created directories with insecure permissions in /tmp. An attacker could write malicious libraries to this location for later execution...

DLL Hijacking Vulnerability in Dahua Player

Zhejiang Dahua Technology Co., Ltd. is a leading supplier and solution provider of surveillance products. DLL hijacking vulnerability exists in Dahua Player, which can be exploited by attackers to load malicious dll and execute malicious code...

Government VPN Servers Targeted in Zero-Day Attack

As the Chinese government turns to virtual private networks VPNs to provide access to official resources for those working remotely amid the COVID-19 pandemic, the DarkHotel APT has seized the opportunity to target those VPNs in a zero-day attack, researchers said. According to security analysts...

DLL Hijacking Vulnerability in Big Wisdom 365 PC Version

Dawei 365 is a software for investors focused on the A-share market. A DLL hijacking vulnerability exists in Dawei 365 for PC, which can be exploited by attackers to execute malicious DLL files...

CVE-2018-1796

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426...

CVE-2018-1796

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426...

CVE-2018-1796

IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426...

PT-2019-9537 · Ibm · Ibm Informix Dynamic Server Enterprise Edition

Name of the Vulnerable Software and Affected Versions: IBM Informix Dynamic Server Enterprise Edition version 12.1 Description: A local user could potentially load malicious libraries and gain root privileges. Recommendations: For IBM Informix Dynamic Server Enterprise Edition version 12.1, at th...

Remote Code Execution (RCE)

Bundler is vulnerable to remote code execution RCE. The attack is possible because a world writable temporary directory with predictable name tmp/: is created by tmphomepath when there is no writable home directory, allowing a remote attacker to create a directory and to write malicious libraries...

CVE-2017-7755

The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack only affects Windows operating systems. Other operating syste...

OpenJDK: untrusted extension directories search path in Launcher (JCE, 8163528)

An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges...

Microsoft windows DLL Load Arbitrary Code Execution Vulnerability

Microsoft Windows is an operating system developed by Microsoft. Microsoft Windows fails to properly parse shortcuts, allowing attackers to build malicious DLLs that are tricked into being loaded by applications and executed with application privileges...

CentOS Update for cpp CESA-2010:0039 centos3 i386

Check for the Version of cpp OpenVAS Vulnerability Test CentOS Update for cpp CESA-2010:0039 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

CVE-2006-1566

Untrusted search path vulnerability in libtunepimp-perl 0.4.2-1 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the tunepimp.so module, which might allow local users to gain privileges by installing malicious libraries in that directory...

Design/Logic Flaw

Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the 1 modauthzsvn.so and 2 moddavsvn.so modules, which might allow local users to gain privileges by installing malicious libraries in that...

CVE-2006-1564

Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the 1 modauthzsvn.so and 2 moddavsvn.so modules, which might allow local users to gain privileges by installing malicious libraries in that...

CVE-2006-1566

Untrusted search path vulnerability in libtunepimp-perl 0.4.2-1 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the tunepimp.so module, which might allow local users to gain privileges by installing malicious libraries in that directory...