Lucene search
+L

78 matches found

CVE
CVE
added 2023/02/02 9:59 a.m.66 views

CVE-2022-43665

ESTsoft Alyac 2.5.8.645 is affected by CVE-2022-43665 due to a denial-of-service caused by an NT header out-of-bounds read in the malware-scanning path. Talos details show the crash occurs while Alyac analyzes a PE file, specifically when GetTextSectionRange interacts with the NT header after par...

5.5CVSS5.4AI score0.00327EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/02/02 9:59 a.m.58 views

CVE-2022-43665

A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a malicious file to trigger this vulnerability...

5CVSS5.6AI score0.00327EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/02/02 12:0 a.m.11 views

PT-2023-14281 · Estsoft · Estsoft Alyac

Name of the Vulnerable Software and Affected Versions: ESTsoft Alyac version 2.5.8.645 Description: A denial of service issue exists in the malware scan functionality. This can be triggered by a specially-crafted PE file, leading to the termination of the target process. An attacker can exploit...

5.5CVSS5AI score0.00327EPSS
Exploits1References4
Prion
Prion
added 2023/01/02 10:15 p.m.18 views

Authentication flaw

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...

5CVSS5.3AI score0.00671EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/01/02 9:49 p.m.69 views

CVE-2022-4417

CVE-2022-4417 affects the WordPress plugin WP Cerber Security, Anti-spam & Malware Scan older than 9.3.3. The issue is improper access control of the REST API users endpoint when the blog is hosted in a subdirectory, enabling potential user enumeration. The practical impact is limited to informat...

5.3CVSS5.2AI score0.00671EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2022/05/12 5:15 p.m.15 views

CVE-2022-21147

An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this vulnerability to cause denial of service and termination of malware scan. An attacker can provide a malicious file to trigger this vulnerability...

5.5CVSS0.00638EPSS
Exploits1References2
OSV
OSV
added 2022/05/12 5:15 p.m.6 views

CVE-2022-21147

An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this vulnerability to cause denial of service and termination of malware scan. An attacker can provide a malicious file to trigger this vulnerability...

5.5CVSS6.1AI score0.00638EPSS
Exploits1References2
Prion
Prion
added 2022/05/12 5:15 p.m.20 views

Cross site scripting

An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this vulnerability to cause denial of service and termination of malware scan. An attacker can provide a malicious file to trigger this vulnerability...

4.3CVSS5.3AI score0.00638EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/05/12 5:1 p.m.70 views

CVE-2022-21147

ESTsoft Alyac 2.5.7.7 contains an out-of-bounds read in the malware scan module (coen.aym) used when parsing PE files, which can crash Alyac and effectively stop the malware scan. TALOS confirms the vulnerability exists in the Alyac PE scanning path and identifies the exact module path and a loop...

5.5CVSS5.3AI score0.00638EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/05/12 5:1 p.m.23 views

CVE-2022-21147

An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this vulnerability to cause denial of service and termination of malware scan. An attacker can provide a malicious file to trigger this vulnerability...

5CVSS5.6AI score0.00638EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/05/12 5:1 p.m.11 views

CVE-2022-21147

An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this vulnerability to cause denial of service and termination of malware scan. An attacker can provide a malicious file to trigger this vulnerability...

5CVSS5.4AI score0.00638EPSS
Exploits1References2
Talos
Talos
added 2022/05/10 12:0 a.m.40 views

ESTsoft Alyac PE section headers out of bounds read

Talos Vulnerability Report TALOS-2022-1452 ESTsoft Alyac PE section headers out of bounds read May 10, 2022 CVE Number CVE-2022-21147 SUMMARY An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this...

5.5CVSS5.3AI score0.00638EPSS
Exploits1
OpenVAS
OpenVAS
added 2022/03/22 12:0 a.m.19 views

WordPress WP Cerber Security, Anti-spam & Malware Scan Plugin < 8.9.6 XSS Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

6.1CVSS6.4AI score0.01378EPSS
Exploits2References1
Prion
Prion
added 2022/03/07 9:15 a.m.15 views

Cross site scripting

The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability...

4.3CVSS6AI score0.01378EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/03/07 8:16 a.m.111 views

CVE-2022-0429

CVE-2022-0429 affects the WordPress plugin “WP Cerber Security, Anti-spam & Malware Scan”

6.1CVSS6AI score0.01378EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2022/02/14 12:0 a.m.115 views

WP Cerber Security, Anti-spam & Malware Scan < 8.9.6 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability. POST /"/onmouseover=alert1;// HTTP/1.1 Host: 127.0.0.1 Content-Type:...

6.1CVSS0.1AI score0.01378EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2022/02/14 12:0 a.m.49 views

WP Cerber Security, Anti-spam & Malware Scan < 8.9.6 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability. PoC POST /"/onmouseover=alert1;// HTTP/1.1 Host: 127.0.0.1 Content-Type:...

6.1CVSS0.01378EPSS
Exploits2Affected Software1
Malwarebytes
Malwarebytes
added 2022/02/02 11:5 a.m.23 views

How to speed up your computer or laptop

Why do machines always throw a tantrum when you are in a hurry? It’s called Murphy’s Law which some people may know as the butter side down rule. Anything that can go wrong will go wrong. And usually at a time when it is most inconvenient. That being said, there are ways to speed things up. Let’s...

0.1AI score
Exploits0
WPVulnDB
WPVulnDB
added 2020/07/06 12:0 a.m.12 views

Security & Malware scan by CleanTalk < 2.51 - Security Nonce Leak leading to Unauthorised AJAX call

Security nonce leak, allowing any authenticated users such as subscribers to make unauthorised AJAX call which could lead to arbitrary file deletion/download and function call. Note WPScanTeam: We do not consider the issue fully remediated, as the AJAX calls rely on CSRF check for authorisation,...

2.9AI score
Exploits0References1Affected Software1
OSV
OSV
added 2019/12/26 5:15 a.m.2 views

CVE-2019-20000

The malware scan function in BullGuard Premium Protection 20.0.371.8 has a TOCTOU issue that enables a symbolic link attack, allowing privileged files to be deleted...

5.9CVSS5.8AI score0.00561EPSS
Exploits1References1
Rows per page
Query Builder