39 matches found
EUVD-2009-3729
Malware in sbrugna...
EUVD-2011-5138
Malware in sbrugna...
CVE-2011-5238
google-checkout-php-sample-code before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
SUSE CVE-2025-37938
In the Linux kernel, the following vulnerability has been resolved: tracing: Verify event formats that have "%p.." The trace event verifier checks the formats of trace events to make sure that they do not point at memory that is not in the trace event itself or in data that will never be freed. I...
CVE-2025-37938
In the Linux kernel, the following vulnerability has been resolved: tracing: Verify event formats that have "%p.." The trace event verifier checks the formats of trace events to make sure that they do not point at memory that is not in the trace event itself or in data that will never be freed. I...
UBUNTU-CVE-2025-37938
In the Linux kernel, the following vulnerability has been resolved: tracing: Verify event formats that have "%p.." The trace event verifier checks the formats of trace events to make sure that they do not point at memory that is not in the trace event itself or in data that will never be freed. I...
GHSA-QC59-CXJ2-C2W4 aws-cdk-lib's aspect order change causes different Permissions Boundary assigned to Role
Summary The AWS Cloud Development Kit AWS CDK is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. In the CDK, developers organize their applications into reusable components called "constructs," which are...
kernel: Linux kernel: Denial of Service due to file descriptor leak in BPF sample code
A flaw was found in the Linux kernel. This vulnerability, a file descriptor leak, occurs in the samples/bpf component when the fout file pointer is opened but not properly closed in the hbm's runbpfprog function. A local attacker could exploit this by repeatedly triggering the flaw, leading to...
CKEditor 4.x < 4.24.0-lts Multitple XSS
The version of CKEditor included on the remote web host is 4.x prior to 4.24.0-lts. It may, therefore, be affected by multiple cross-site scripting XSS vulnerabilities. - A cross-site scripting vulnerability affecting editor instances that enabled full-page editing mode or enabled CDATA elements ...
K30340506: Intel Multiple CPU vulnerabilities CVE-2020-8738,CVE-2020-8739,CVE-2020-8740,CVE-2020-8764
Security Advisory Description CVE-2020-8738 Improper conditions check in Intel BIOS platform sample code for some IntelR Processors before may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2020-8739 Use of potentially dangerous function in Intel BIOS...
CallObfuscator - Obfuscate Specific Windows Apis With Different APIs
Obfuscate hide the PE imports from static/dynamic analysis tools. Theory This's pretty forward, let's say I've used VirtualProtect and I want to obfuscate it with Sleep, the tool will manipulate the IAT so that the thunk that points to VirtualProtect will point instead to Sleep, now at executing...
CVE-2020-8740
CVE-2020-8740 is an out-of-bounds write in Intel BIOS platform sample code for certain Intel processors that may allow a locally authenticated attacker to escalate privileges. The Intel advisory (INTEL-SA-00390) documents this alongside related CVEs and indicates updates to BIOS platform sample c...
CVE-2020-8738
CVE-2020-8738 is tied to Intel BIOS platform sample code with an improper conditions check that may allow a locally authenticated user to escalate privileges on certain Intel processors. The CVE is detailed in Intel advisory Intel-SA-00390, which also covers related CVEs (8739, 8740, 8764) and ma...
WhatTheHack - A Collection Of Challenge Based Hack-A-Thons Including Student Guide, Proctor Guide, Lecture Presentations, Sample/Instructional Code And Templates
WhatTheHack is a collection of challenge based hack-a-thons including student guide, proctor guide, lecture presentations, sample/instructional code and templates. What, Why and How "What the Hack" is a challenge based hackathon format Challenges describe high-level tasks and goals to be...
LiveHiddenCamera - Library Which Record Live Video And Audio From Android Device Without Displaying A Preview
Live Hidden Camera LHC is a library which record live video and audio from Android device without displaying a preview. How to use I've created a library to make it more usable. The only requirement is to add the library to your project and pass the Rtmp URL to it. Additionally you should care...
GPAC Null Pointer Dereference Vulnerability
GPAC is a multimedia framework for rich media and distributed under the LGPL license. A null pointer dereference vulnerability exists in the gfisomgetoriginalformattype function in isomedia/drmsample.c in libgpac.a in GPAC 0.7.1. No details of the vulnerability are provided at this time...
CVE-2018-12169
Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypas...
CVE-2017-5704
Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password information in memory to a local attacker with administrative privileges...
CVE-2017-5704
Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password information in memory to a local attacker with administrative privileges...
CVE-2018-7559
The CVE-2018-7559 issue affects OPC UA .NET Standard/Legacy Stack and Sample Code, where remote attackers can determine a server’s private key by sending specially crafted bad UserIdentityTokens as part of an oracle attack. Public details reference GitHub commits before 2018-04-12 (Standard) and ...