Lucene search
K

122 matches found

nessus
nessus
added 2025/07/03 12:0 a.m.6 views

Dante Discovery < 1.2.1

The version of Dante Discovery installed on the remote Windows host is prior to 1.2.1. It is, therefore, affected by a vulnerability. mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In the...

7.8CVSS7.8AI score0.09092EPSS
Exploits0References2
pentestpartners
pentestpartners
added 2025/05/28 5:35 a.m.17 views

How to load unsigned or fake-signed apps on iOS

TL;DR Issues commonly arise when clients provide an application which is unsigned or does not meet device requirements. Installing an application can be challenging without a Mac, access to Xcode or if the client is having trouble signing the application manually as this is normally done by the a...

6.5AI score
Exploits0
redhatcve
redhatcve
added 2025/05/23 5:19 a.m.3 views

CVE-2023-21257

In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS6.7AI score0.0009EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 3:12 a.m.4 views

CVE-2023-24578

McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading. This could enable a user with lower privileges to execute unauthorized tasks...

5.5CVSS6.8AI score0.00254EPSS
Exploits0References1
thn
thn
added 2025/02/15 10:26 a.m.18 views

Android's New Feature Blocks Fraudsters from Sideloading Apps During Calls

Google is working on a new security feature for Android that blocks device owners from changing sensitive settings when a phone call is in progress. Specifically, the in-call anti-scammer protections include preventing users from turning on settings to install apps from unknown sources and granti...

7AI score
Exploits0
cisa_kev
cisa_kev
added 2025/02/06 12:0 a.m.13 views

Dante Discovery Process Control Vulnerability

Dante Discovery contains a process control vulnerability in mDNSResponder.exe that all allows for a DLL sideloading attack. A local attacker can leverage this vulnerability in the Dante Application Library to execute arbitrary code...

7.8CVSS7.3AI score0.09092EPSS
In wildExploits0
redhatcve
redhatcve
added 2025/02/05 11:2 p.m.18 views

CVE-2022-1824

An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name. This could result in the user gaining elevated permissions and being able to execute arbitrary co...

8.2CVSS7.5AI score0.00348EPSS
Exploits0References1
thn
thn
added 2024/10/15 6:43 a.m.15 views

Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates

Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates. French cybersecurity company HarfangLab, which detected the activity at the start of the month, said the attack chains aim to deploy an...

7.3AI score
Exploits0
thn
thn
added 2024/10/07 9:15 a.m.14 views

Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection

Google has announced that it's piloting a new security initiative that automatically blocks sideloading of potentially unsafe Android apps in India, after similar tests in Singapore, Thailand, and Brazil. The enhanced fraud protection feature aims to keep users safe when they attempt to install...

7.1AI score
Exploits0
thn
thn
added 2024/09/04 5:31 a.m.12 views

Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack

A new malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN software to deliver a variant of the WikiLoader aka WailingCrab loader by means of a search engine optimization SEO campaign. The malvertising activity, observed in June 2024, is a departure from previously observed tactics...

7.3AI score
Exploits0
trellix
trellix
added 2024/06/17 12:0 a.m.10 views

Info Stealing Campaign Uses DLL Sideloading Through Legitimate Cisco Webex’s Binaries for Initial Execution and Defense Evasion

Info Stealing Campaign Uses DLL Sideloading Through Legitimate Cisco Webex’s Binaries for Initial Execution and Defense Evasion By Ale Houspanossian · June 17, 2024 Case Summary It was a quiet Monday morning in March 2024 when the EDR researchers with our Trellix Advanced Research Center identifi...

7.9AI score
Exploits0
trellix
trellix
added 2024/06/03 12:0 a.m.6 views

DarkGate again but... Improved?

DarkGate again but... Improved? By Ernesto Fernández Provecho · June 3, 2024 Executive summary During 2023, DarkGate made a comeback with a version full of new features, becoming one of the most preferred Remote Access Trojans RATs by malicious actors. However, this momentum also required...

7.8AI score
Exploits0
nvd
nvd
added 2024/05/28 3:15 p.m.32 views

CVE-2024-2451

Improper fingerprint validation in the TeamViewer Client Full & Host prior Version 15.54 for Windows and macOS allows an attacker with administrative user rights to further elevate privileges via executable sideloading...

6.4CVSS6.3AI score0.00106EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/05/28 2:27 p.m.14 views

CVE-2024-2451 Improper fingerprint validation in the TeamViewer Client

Improper fingerprint validation in the TeamViewer Client Full & Host prior Version 15.54 for Windows and macOS allows an attacker with administrative user rights to further elevate privileges via executable sideloading...

6.4CVSS6.8AI score0.00106EPSS
Exploits0References1
cvelist
cvelist
added 2024/05/28 2:27 p.m.50 views

CVE-2024-2451 Improper fingerprint validation in the TeamViewer Client

Improper fingerprint validation in the TeamViewer Client Full & Host prior Version 15.54 for Windows and macOS allows an attacker with administrative user rights to further elevate privileges via executable sideloading...

6.4CVSS6.3AI score0.00106EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/05/28 12:0 a.m.3 views

PT-2024-20428 · Teamviewer · Teamviewer Client

Name of the Vulnerable Software and Affected Versions: TeamViewer Client Full & Host versions prior to 15.54 Description: The issue concerns improper fingerprint validation, allowing an attacker with administrative user rights to elevate privileges via executable sideloading. Recommendations: For...

6.4CVSS7.2AI score0.00106EPSS
Exploits0References2
thn
thn
added 2024/04/24 7:2 a.m.25 views

eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners

A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks. Cybersecurity firm Avast said the activity is the...

7.2AI score
Exploits0
malwarebytes
malwarebytes
added 2024/04/09 7:21 p.m.30 views

Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla

In the past couple of weeks, we have observed an ongoing campaign targeting system administrators with fraudulent ads for popular system utilities. The malicious ads are displayed as sponsored results on Googles search engine page and localized to North America. Victims are tricked into downloadi...

7AI score
Exploits0
hackread
hackread
added 2024/03/05 10:13 a.m.26 views

New CHAVECLOAK Banking Trojan Targets Brazilians via Malicious PDFs

By Deeba Ahmed The CHAVECLOAK banking Trojan employs PDFs, ZIP downloads, DLL sideloading, and deceptive pop-ups to target Brazil's unsuspecting banking users financial sector. This is a post from HackRead.com Read the original post: New CHAVECLOAK Banking Trojan Targets Brazilians via Malicious...

7.2AI score
Exploits0
wired
wired
added 2024/03/02 2:0 p.m.14 views

The Privacy Danger Lurking in Push Notifications

Plus: Apple warns about sideloading apps, a court orders NSO group to turn over the code of its Pegasus spyware, and an investigation finds widely available security cams are wildly insecure...

7.2AI score
Exploits0
Rows per page
Query Builder