34 matches found
EUVD-2025-37852
kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend...
EUVD-2007-4952
Malware in sbrugna...
EUVD-2007-4951
Malware in sbrugna...
EUVD-2007-4948
Malware in sbrugna...
EUVD-2007-4950
Malware in sbrugna...
Malicious code in react-native-httpapi (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 872a61b5247749d233711d5fe71d6da937fd301c6cfe4317b41b6f69f4566000 Any computer that has this package installed or running should be considered...
CVE-2024-56442
Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally...
CVE-2024-56442
Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally...
Metasploit Weekly Wrap-Up 01/26/24
Direct Syscalls Support for Windows Meterpreter Direct system calls are a well-known technique that is often used to bypass EDR/AV detection. This technique is particularly useful when dynamic analysis is performed, where the security software monitors every process on the system to detect any...
SUSE CVE-2018-12547
In Eclipse OpenJ9, prior to the 0.12.0 release, the jiosnprintf and jiovsnprintf native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code...
Concealed_Code_Execution - Tools And Technical Write-Ups Describing Attacking Techniques That Rely On Concealing Code Execution On Windows
Hunt& Hackett presents a set of tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows. Here you will find explanations of how these techniques work, receive advice on detection, and get sample source code for testing your detection coverag...
Malicious code in react-native-fido-login-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 333cc71217332de2d346b777b7500a8c0699622b3e7a9320767404a40523359f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
nodejs: memory corruption in napi_get_value_string_* functions
A flaw was found in nodejs. Calling napigetvaluestringlatin1, napigetvaluestringutf8, or napigetvaluestringutf16 with a non-NULL buf, and a bufsize of 0 will cause the entire string value to be written to buf, probably overrunning the length of the buffer...
Windows exploit techniques: from any directory you create to any file-read-vulnerability warning-the black bar safety net
One, Foreword In the past few months, I'm in meetings, introduced me to the“Windows logic privilege escalation guide”tips. Meeting length is only 2 hours, I would like to introduce many interesting techniques and tricks had to have been deleted. Over time, think in training courses complete about...
CVE-2016-4304
A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can run progra...
CVE-2016-4305
A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to...
Denial of service
A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can run progra...
Denial of service
A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to...
CVE-2016-4305
A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to...
[SECURITY] Fedora 19 Update: pcre-8.32-12.fc19
Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...