UBUNTU-CVE-2022-48827

In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix the behavior of READ near OFFSETMAX Dan Aloni reports: Due to commit 8cfb9015280d "NFS: Always provide aligned buffers to the RPC read layers" on the client, a read of 0xfff is aligned up to server rsize of 0x1000. As a...

How to Make the Provisioning Services Server Client Coexist with Third-party Network Drivers

This article describes how to run the Provisioning Server client on a target device along with third-party network applications that also occupy the network device driver stack. Background In the Windows Driver Model WDM, systems manage a device through a linked stack of layered device drivers. T...

CVE-2024-21415

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability...

CVE-2024-2462

Allow attackers to intercept or falsify data exchanges between the client and the server...

PT-2024-26764

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37 Description The issue is related to a potential use-after-free bug in the Linux kernel's SMB client when walking DFS referrals, mounting, and performing DFS failover. This is resolved by ensuring all...

DNS-Tunnel-Keylogger - Keylogging Server And Client That Uses DNS Tunneling/Exfiltration To Transmit Keystrokes

This post-exploitation keylogger will covertly exfiltrate keystrokes to a server. These tools excel at lightweight exfiltration and persistence, properties which will prevent detection. It uses DNS tunelling/exfiltration to bypass firewalls and avoid detection. Server Setup The server uses python...

Security Bulletin: Multiple security vulnerabilities have been identified in DB2 JDBC driver shipped with IBM Tivoli Business Service Manager

Summary DB2 JDBC driver is shipped as part of the XMLToolkit component for IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

AZL-27468 CVE-2023-22053 affecting package mysql for versions less than 8.0.34-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Client programs. Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

Microsoft Windows PGM 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Windows PGM. An attacker exploiting this vulnerability could remotely execute code. The following products and versions a...

The vulnerability of the Client programs of the MySQL Server database management system allows a hacker to execute arbitrary code.

The vulnerability of the Client programs of the MySQL Server database management system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

SUSE CVE-2007-4135

The NFSv4 ID mapper nfsidmap before 0.17 does not properly handle return values from the getpwnamr function when performing a username lookup, which can cause it to report a file as being owned by "root" instead of "nobody" if the file exists on the server but not on the client...

SUSE CVE-2011-0901

Multiple stack-based buffer overflows in the tsclaunchremote function src/support.c in Terminal Server Client tsclient 0.150, and possibly other versions, allow user-assisted remote attackers to execute arbitrary code via a .RDP file with a long 1 username, 2 password, or 3 domain argument. NOTE:...

SUSE CVE-2011-0900

Stack-based buffer overflow in the tsclaunchremote function src/support.c in Terminal Server Client tsclient 0.150, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a .RDP file with a long hostname argument...

Microsoft Internet Storage Name Service 安全漏洞

Microsoft Internet Storage Name Service is used by Microsoft Corporation USA for the interaction between iSNS servers and iSNS clients. A security vulnerability exists in Microsoft Internet Storage Name Service. The following products and editions are affected: Windows 10 Version 20H2 for x64-bas...

[SECURITY] Fedora 37 Update: tor-0.4.7.13-1.fc37

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and...

Microsoft Windows Point-to-Point Tunneling Protocol 竞争条件问题漏洞

Microsoft Windows Point-to-Point Tunneling Protocol PPTP is a network protocol from Microsoft that enables the secure transmission of data from remote clients to private corporate servers by creating a virtual private network VPN over a TCP/IP-based data network. VPN. A competitive conditions iss...

The vulnerability of the ActiveX control on SCADA servers of Measuresoft ScadaPro Server and ScadaPro Server Client allows attackers to enhance their privileges.

The vulnerability of the ActiveX control used by SCADA servers of Measuresoft ScadaPro Server and ScadaPro Server Client is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

Velocidex Velociraptor 授权问题漏洞

Velocidex Velociraptor is a tool from Velocidex Australia that uses Velociraptor Query Language VQL queries to collect host-based state information. An authorization issue vulnerability exists in Velocidex Velociraptor versions prior to 0.6.5-2, which stems from an error in the handling of...

USN-4969-1: DHCP vulnerability

Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly handled lease file parsing. A remote attacker could possibly use this issue to cause DHCP to crash, resulting in a denial of service...

SCIMono Injection Vulnerability

Parvan Dobrev scimono is Parvan Dobrev an open source application . It provides a server-side and a client-side. An injection vulnerability exists in SCIMono, which could allow an attacker to inject and execute java expressions, thereby compromising system availability and integrity. The followin...