78 matches found
CVE-2022-43665
ESTsoft Alyac 2.5.8.645 is affected by CVE-2022-43665 due to a denial-of-service caused by an NT header out-of-bounds read in the malware-scanning path. Talos details show the crash occurs while Alyac analyzes a PE file, specifically when GetTextSectionRange interacts with the NT header after par...
CVE-2022-43665
A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a malicious file to trigger this vulnerability...
PT-2023-14281 · Estsoft · Estsoft Alyac
Name of the Vulnerable Software and Affected Versions: ESTsoft Alyac version 2.5.8.645 Description: A denial of service issue exists in the malware scan functionality. This can be triggered by a specially-crafted PE file, leading to the termination of the target process. An attacker can exploit...
Authentication flaw
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users...
CVE-2022-4417
CVE-2022-4417 affects the WordPress plugin WP Cerber Security, Anti-spam & Malware Scan older than 9.3.3. The issue is improper access control of the REST API users endpoint when the blog is hosted in a subdirectory, enabling potential user enumeration. The practical impact is limited to informat...
CVE-2022-21147
An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this vulnerability to cause denial of service and termination of malware scan. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2022-21147
An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this vulnerability to cause denial of service and termination of malware scan. An attacker can provide a malicious file to trigger this vulnerability...
Cross site scripting
An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this vulnerability to cause denial of service and termination of malware scan. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2022-21147
ESTsoft Alyac 2.5.7.7 contains an out-of-bounds read in the malware scan module (coen.aym) used when parsing PE files, which can crash Alyac and effectively stop the malware scan. TALOS confirms the vulnerability exists in the Alyac PE scanning path and identifies the exact module path and a loop...
CVE-2022-21147
An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this vulnerability to cause denial of service and termination of malware scan. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2022-21147
An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this vulnerability to cause denial of service and termination of malware scan. An attacker can provide a malicious file to trigger this vulnerability...
ESTsoft Alyac PE section headers out of bounds read
Talos Vulnerability Report TALOS-2022-1452 ESTsoft Alyac PE section headers out of bounds read May 10, 2022 CVE Number CVE-2022-21147 SUMMARY An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this...
WordPress WP Cerber Security, Anti-spam & Malware Scan Plugin < 8.9.6 XSS Vulnerability
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
Cross site scripting
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability...
CVE-2022-0429
CVE-2022-0429 affects the WordPress plugin “WP Cerber Security, Anti-spam & Malware Scan”
WP Cerber Security, Anti-spam & Malware Scan < 8.9.6 - Unauthenticated Stored Cross-Site Scripting
The plugin does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability. POST /"/onmouseover=alert1;// HTTP/1.1 Host: 127.0.0.1 Content-Type:...
WP Cerber Security, Anti-spam & Malware Scan < 8.9.6 - Unauthenticated Stored Cross-Site Scripting
The plugin does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability. PoC POST /"/onmouseover=alert1;// HTTP/1.1 Host: 127.0.0.1 Content-Type:...
How to speed up your computer or laptop
Why do machines always throw a tantrum when you are in a hurry? It’s called Murphy’s Law which some people may know as the butter side down rule. Anything that can go wrong will go wrong. And usually at a time when it is most inconvenient. That being said, there are ways to speed things up. Let’s...
Security & Malware scan by CleanTalk < 2.51 - Security Nonce Leak leading to Unauthorised AJAX call
Security nonce leak, allowing any authenticated users such as subscribers to make unauthorised AJAX call which could lead to arbitrary file deletion/download and function call. Note WPScanTeam: We do not consider the issue fully remediated, as the AJAX calls rely on CSRF check for authorisation,...
CVE-2019-20000
The malware scan function in BullGuard Premium Protection 20.0.371.8 has a TOCTOU issue that enables a symbolic link attack, allowing privileged files to be deleted...