17 matches found
MiracleLinux 9 : delve-1.21.2-2.el9, golang-1.21.9-2.el9 (AXSA:2024-7759:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7759:01 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in...
CVE-2025-34433
AVideo 14.3.1–20.0.x isaffected by an unauthenticated RCE due to insecure salt generation: installation salt is created with PHP uniqid(), and the installation timestamp plus a derived hashId are exposed publicly, enabling offline brute-forcing of the remaining entropy to recover the salt. Attack...
Exploit for Out-of-bounds Write in Mediatek Software_Development_Kit
What is Registry Exploit? Phantom-Registry-Exploit-Cve2025-20...
CVE-2020-25493
Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic...
Writing a BugSleep C2 server and detecting its traffic with Snort
In June 2024, security researchers published their analysis of a novel implant dubbed "MuddyRot"aka "BugSleep". This remote access tool RAT gives operators reverse shell and file input/output I/O capabilities on a victim's endpoint using a bespoke command and control C2 protocol. This blog will...
RHEL 9 : runc (RHSA-2024:4762)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4762 advisory. The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes:...
Important: Red Hat Security Advisory: skopeo security update
An update for skopeo is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Important: buildah security update
The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...
RLSA-2024:1646 Important: grafana security and bug fix update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 Bug Fixes: TRIAGE CVE-2024-1394 grafana: golang-fips/openssl: Memory leaks i...
Important: Red Hat Security Advisory: grafana security update
An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Atomic Stealer rings in the new year with updated version
Last year, we documented malware distribution campaigns both via malvertising and compromised sites delivering Atomic Stealer AMOS onto Mac users. This stealer has proven to be quite popular in the criminal underground and its developers have been adding new features to justify its hefty...
Identifying and Mitigating Security Exposures When Using No Payload Encryption Images with Existing Cryptographic Configuration
Cisco IOS Software and Cisco IOS XE Software images come in two types: The regular universalk9 image and the No Payload Encryption NPE universalk9npe image. NPE images were introduced to satisfy import requirements in some countries that require that the platform does not support strong payload...
TerraLdr - A Payload Loader Designed With Advanced Evasion Features
TerraLdr: A Payload Loader Designed With Advanced Evasion Features Details: no crt functions imported syscall unhooking using KnownDllUnhook api hashing using Rotr32 hashing algo payload encryption using rc4 - payload is saved in .rsrc process injection - targetting 'SettingSyncHost.exe' ppid...
Powershell Exec, Bind TCP Stager (RC4 Stage Encryption, Metasm)
Execute an x86 payload from a command via PowerShell. Listen for a connection Module Options msf use payload/cmd/windows/powershell/patchupdllinject/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show and set...
MacOS Users Targeted By OceanLotus Backdoor
A macOS backdoor variant has been uncovered that relies of multi-stage payloads and various updated anti-detection techniques. Researchers linked it to the OceanLotus advanced persistent threat APT group. The Vietnam-backed OceanLotus also known as APT 32 has been around since at least 2013, and...
50m-ctf: Writeup
h1 50M CTF =========== This is my solution for the h1 ctf. On the 27th of february h1 posted this tweet: Since there is no link no any sort of challenge I supposed the challenges is self contained inside this tweet. My guess was the first clue is inside the embeded picture, and since the second o...
specially crafted sessions can cause access to files via path traveral
Using a special crafted cURL request it is under strict conditions possible to access arbitrary files the webserver has access to. This requires you to use file-based sessions, a specific directory to exist on your server, and session payload encryption to be switched off. All released versions...