PT-2026-41961

When chaincode is deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server INFO level logging includes the TLS private key password in plaintext. An attacker with access to the chaincode server logs could recover the TLS private key password. If the attacker can also obtain...

CVE-2024-36355

Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 sleep wake up, potentially resulting in arbitrary code execution...

EUVD-2022-43445

Malicious code in bioql PyPI...

CVE-2022-40126

A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated...

CVE-2022-40126

A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated...

CVE-2022-40126

A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated...

CVE-2022-40126

A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated...

CVE-2022-40126

A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated...

CVE-2022-40126

CVE-2022-40126 describes a misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 that allows privilege escalation and arbitrary command execution when Service Mode is activated. Public sources consistently identify the affected software as Clash for Windows and the v...

Clash 安全漏洞

Clash is a multi-platform agent client developed in the Go language by the individual developers of Dreamacro. A security vulnerability exists in Clash for Windows version v0.19.9, which originates from a misconfiguration in the Service Mode Configuration File directory, and can be exploited by a...

CVE-2022-24797 Exposure of Sensitive Information in Pomerium

Pomerium is an identity-aware access proxy. In distributed service mode, Pomerium's Authenticate service exposes pprof debug and prometheus metrics handlers to untrusted traffic. This can leak potentially sensitive environmental information or lead to limited denial of service conditions. This...

How to Customize App Shortcuts with Receiver for Windows

As a Receiver administrator, you can configure Receiver for Windows 4.2.100 to automatically place application and desktop shortcuts directly in the Start menu or on the desktop in a similar way that Receiver for Windows 3.4 Enterprise places them. The new shortcut only mode provides a seamless...

CVE-2019-11341

On certain Samsung P9.0 phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the 9900 check code, but is protected by an OTP password. However, this password is created locally...

Default credentials

On certain Samsung P9.0 phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the 9900 check code, but is protected by an OTP password. However, this password is created locally...

App Shortcuts with Receiver for Windows

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. As a Receiver administrator, you can configure Receiver for Windows 4.x to automatically place...

Citrix Receiver 4.9 LTSR - Self service mode set to false, desktop icons constantly flashing

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Installed Citrix Receiver 4.9 LTSR on some of the test VDAs published desktops and ever since...

NameLess the back door of technical analysis full-contact-vulnerability warning-the black bar safety net

NameLess's name should be heard of it, estimated there are quite a lot of people used it, personally think that this back door is very classic, we'll simply look at about it description: there is only one DLL file, usually do not start in the mouth,can be a reverse connection back door program...

Servers Alive: Local Privilege Escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory information: Title: Servers Alive - Privilege Escalation CVE Candidate Number: CAN-2005-0352 Application: Servers Alive Versions known affected: 4.1, 5.0; other versions not tested. Classification: Privilege Escalation Author: Michael Starks...

CVE-2003-0936

Symantec PCAnywhere 10.x and 11 are affected when running as a Windows service. The vulnerability lies in the GUI help interface, which can be manipulated via AWHOST32.exe to give a non-privileged user SYSTEM privileges on the local host. Exploitation is local and tied to service-mode operation; ...

RE: Secure Network Operations SRT2003-11-13-0218, PCAnywhere allows local users to become SYSTEM

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Security Response Advisory 13 November 2003 Symantec pcAnywhere Service-Mode Help File Elevation of Privilege Risk Impact High very dependent on product configuration and operating environment Overview Security analysts from Secure Network...