CVE-2020-14004

An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script run as part of the icinga2 systemd service executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrar...

Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Jun 2020)

This host is missing an important security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Dynamic Data Resolver (DDR) — IDA Plugin 1.0 beta

By Holger Unterbrink Executive summaryStatic reverse-engineering in IDA can often be problematic. Certain values are calculated at run time, which makes it difficult to understand what a certain basic block is doing. If you try to perform dynamic analysis by debugging a piece of malware, the...

CVE-2020-1116

An information disclosure vulnerability exists when the Windows Client Server Run-Time Subsystem CSRSS fails to properly handle objects in memory, aka 'Windows CSRSS Information Disclosure Vulnerability'...

Unspecified Vulnerabilities in eQ-3 Homematic CCU2 and CCU3

The eQ-3 Homematic CCU3 and eQ-3 HomeMatic CCU2 are both central control units for a smart home system from eQ-3 Germany. A security vulnerability exists in eQ-3 Homematic CCU2 version 2.51.6 and earlier and CCU3 version 3.51.6 and earlier, which stems from turning on the default automatic login...

CVE-2020-12834

eQ-3 Homematic Central Control Unit CCU2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup or factory...

Microsoft Office 365 (2016 Click-to-Run) Excel RCE Vulnerability (May 2020)

This host is missing an important security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

PT-2020-2699 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: A cross-site scripting issue exists due to improper sanitization of specially crafted web requests. An authenticated attacker could exploit this by sending a crafted...

Raonwiz Dext5.ocx ActiveX Code Execution Vulnerability

Raonwiz Dext5.ocx ActiveX is a control from Raonwiz Korea for use in the Dext5 Upload file transfer software development kit. A security vulnerability exists in Raonwiz Dext5.ocx ActiveX 5.0.0.116 and earlier versions. A remote attacker can exploit the vulnerability by setting the parameter to...

May 5, 2020, update for PowerPoint 2016 (KB4484337)

May 5, 2020, update for PowerPoint 2016 KB4484337 This article describes update 4484337 for Microsoft PowerPoint 2016 that was released on May 5, 2020.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply t...

CVE-2020-11013

Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. lookup is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific resources and get details about them. This can be us...

UBUNTU-CVE-2020-11013

Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. lookup is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific resources and get details about them. This can be us...

QRadar Community Edition 7.3.1.6 Insecure File Permissions Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------ Local privilege escalation in QRadar due to run-result-reader.sh insecure file permissions ------------------------------------------------------------------------ Abstra...

Microsoft Office 365 (2016 Click-to-Run) Autodesk FBX Vulnerabilities (Apr 2020)

This host is missing an important security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796 Working Exploit PoC CVE-202...

Description of the Office Web Apps Server update: April 9, 2013

Description of the Office Web Apps Server update: April 9, 2013 INTRODUCTION Microsoft has released an update for Microsoft Office Web Apps Server. This update provides the latest fixes for Office Web Apps Server. Additionally, this update contains stability and performance improvements. Issues...

Malicious Package

Overview arethusacli is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using arethusacli...

Malicious Package

Overview agilecli is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using agilecli altogethe...

Malicious Package

Overview secondhandspider is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

Malicious Package

Overview active-delivery is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...