nodeCrypto v2.0 - Ransomware Written In NodeJs

nodeCrypt is a linux Ransomware written in NodeJs that encrypt predefined files. This project was created for educational purposes, you are the sole responsible for the use of nodeCrypto. Demo video Install server Upload all file of server/ folder on your webserver. Create a sql database and impo...

Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Dec 2019)

This host is missing an important security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

The vulnerability of the Click-to-Run components of Microsoft Office and Office 365 allows attackers to enhance their privileges.

The vulnerability of the Click-to-Run components of Microsoft Office and Office 365 relates to insecure management of privileges. Exploiting this vulnerability can allow a remote attacker to enhance their privileges using a specially crafted file...

CVE-2012-4480

mom creates world-writable pid files in /var/run...

Code injection

mom creates world-writable pid files in /var/run...

CVE-2012-4480

CVE-2012-4480 affects the mom tool, where it creates world-writable PID files in /var/run. This local issue could let an attacker influence PID handling and terminate other processes, as indicated by CNVD/Fedora advisories and the NVD entry. The vulnerability is tied to local access and uncertain...

CVE-2012-4480

mom creates world-writable pid files in /var/run...

WordPress WP Maintenance Plugin CVE-2019-19979 Cross Site Request Forgery Vulnerability

Description The WP Maintenance Plugin for WordPress is prone to a cross-site request-forgery vulnerability. An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. WP Maintenance versions prior to 5.0...

Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Nov 2019)

This host is missing an important security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2019-1449

A security feature bypass vulnerability exists in the way that Office Click-to-Run C2R components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would...

CVE-2019-1449

A security feature bypass vulnerability exists in the way that Office Click-to-Run C2R components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would...

Security feature bypass

A security feature bypass vulnerability exists in the way that Office Click-to-Run C2R components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would...

CVE-2019-1449

A security feature bypass vulnerability exists in the way that Office Click-to-Run C2R components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM.To exploit this bug, an attacker would...

CVE-2019-1449

CVE-2019-1449 describes a security feature bypass in Office Click-to-Run (C2R) where specially crafted files can escalate from a standard user to SYSTEM within LPAC Protected View. Affected is the Office C2R handling component; exploitation requires user to open a crafted file. The CVSSv3.1 base ...

PYSEC-2019-196

While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory...

CVE-2019-12410

While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory...

Malicious Package

sj-tw-abc is a malicious package that downloads and runs a script that opens a reverse shell in the system...

Rockwellautomation Micrologix Missing Authentication for Critical Function

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller...

DEBIAN-CVE-2019-18808

A memory leak in the ccprunshacmd function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service memory consumption, aka CID-128c66429247...

rubygems: Escape sequence injection vulnerability in errors

An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManagerrun calls alerterror without escaping, escape sequence injection is possible. There are many ways to cause an error...