LimeRAT Malware Analysis: Extracting the Config

Remote Access Trojans RATs have taken the third leading position in ANY. RUN's Q1 2023 report on the most prevalent malware types, making it highly probable that your organization may face this threat. Though LimeRAT might not be the most well-known RAT family, its versatility is what sets it...

CVE-2022-43773

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled...

Malicious code in ds-ember-sample (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32eba44302a74869a67c73b03d739a2f3e06ac76700e85bf314ed9bbe4efe7e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-292 Malicious code in ds-ember-sample (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 32eba44302a74869a67c73b03d739a2f3e06ac76700e85bf314ed9bbe4efe7e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2023-16993 · Mp4V2 · Mp4V2

Name of the Vulnerable Software and Affected Versions: MP4v2 version 2.1.2 Description: A vulnerability was found in the function mp4v2::impl::MP4Track::GetSampleFileOffset of the file mp4track.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit h...

The vulnerability of the Apex One antivirus software is caused by deficiencies in the authentication process, which allows a hacker to download arbitrary files into the SampleSubmission directory.

The vulnerability of the anti-virus software Apex One is due to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to download arbitrary files into the SampleSubmission directory by using the Content-Length header in the HTTP PUT request sent to the...

K30340506: Intel Multiple CPU vulnerabilities CVE-2020-8738,CVE-2020-8739,CVE-2020-8740,CVE-2020-8764

Security Advisory Description CVE-2020-8738 Improper conditions check in Intel BIOS platform sample code for some IntelR Processors before may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2020-8739 Use of potentially dangerous function in Intel BIOS...

SUSE CVE-2009-0386

Heap-based buffer overflow in the qtdemuxparsesamples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins aka gst-plugins-good 0.10.9 through 0.10.11 might allow remote attackers to execute arbitrary code via crafted Composition Time To Sample ctts atom data in a malformed QuickTime medi...

SUSE CVE-2009-0397

Heap-based buffer overflow in the qtdemuxparsesamples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins aka gst-plugins-good 0.10.9 through 0.10.11, and GStreamer Plug-ins aka gstreamer-plugins 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample aka...

SUSE CVE-2010-1459

The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by the VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project...

SUSE CVE-2011-3194

Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via the TIFFTAGSAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel...

SUSE CVE-2012-1107

The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service application crash via a crafted sampleRate in an ape file, which triggers a divide-by-zero error...

SUSE CVE-2014-1542

Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate...

SUSE CVE-2015-9099

The lameinitparams function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service invalid read and application crash via a crafted audio file with a negative sample rate...

SUSE CVE-2016-2814

Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to...

SUSE CVE-2017-5225

LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value...

SUSE CVE-2017-11311

soundlib/Loadpsm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples...

SUSE CVE-2017-18255

The perfcputimemaxpercenthandler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service integer overflow or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation...

SUSE CVE-2018-10778

Read access violation in the IIIdequantizesample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872 and CVE-2017-14409...

SUSE CVE-2018-12459

An inconsistent bits-per-sample value in the ffmpeg4decodepictureheader function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service...