Siemens Simcenter Femap Out-of-Bounds Write Vulnerability (CNVD-2022-51431)

An out-of-bounds write vulnerability exists in Siemens Simcenter Femap, an advanced simulation application for creating, editing, and inspecting finite element models of complex products or systems, which can be exploited by attackers to execute code in the context of the current process...

Hackers Abusing BRc4 Red Team Penetration Tool in Attacks to Evade Detection

Malicious actors have been observed abusing legitimate adversary simulation software in their attacks in an attempt to stay under the radar and evade detection. Palo Alto Networks Unit 42 said a malware sample uploaded to the VirusTotal database on May 19, 2022, contained a payload associated wit...

Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156 Visualization, Fuzzing, Exploit and Patch...

Microsoft Defender for Office 365 receives highest award in SE Labs Enterprise Email Security Services test

In today’s evolving threat landscape, email represents the primary attack vector for cybercrime, making effective email protection a key component of any security strategy.1 In Q1 2022, Microsoft participated in an evaluation of email security solutions, carried out by SE labs—a testing lab focus...

Upgraded Q -> M from 270 [1655579826704]

Judge has assessed an item in Issue 270 as Medium risk. The relevant finding follows: Gas stipend for payable.send may be too low for contract wallets ETH withdrawals in both the minter and token contracts use payableaddress.send to transfer ether to the vault address. If the configured vault is ...

The vulnerability of the “Loans And Deposits” sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model allows a perpetrator to gain access to and modify data.

The vulnerability of the “Loans And Deposits” sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read,...

AWS-Threat-Simulation-and-Detection - Playing Around With Stratus Red Team (Cloud Attack Simulation Tool) And SumoLogic

This repository is a documentation of my adventures with Stratus Red Team - a tool for adversary emulation for the cloud. Stratus Red Team is "Atomic Red Team for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner. We run the attacks covered in the...

CVE-2022-1975

There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space...

PT-2022-4329 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a sleep-in-atomic bug in the /net/nfc/netlink.c component of the Linux kernel. This bug allows an attacker to crash the Linux kernel by simulating a NFC device...

Ransomware-Simulator - Ransomware Simulator Written In Golang

The goal of this repository is to provide a simple, harmless way to check your AV's protection on ransomware. This tool simulates typical ransomware behaviour, such as: Staging from a Word document macro Deleting Volume Shadow Copies Encrypting documents embedded and dropped by the simulator into...

QEMU Buffer Overflow Vulnerability (CNVD-2023-80120)

QEMU Quick Emulator is a set of simulation processor software. The software is fast and cross-platform. QEMU suffers from a buffer overflow vulnerability that stems from an integer overflow in cursoralloc that could lead to a heap buffer overflow. A malicious privileged attacker can exploit this...

The vulnerability of the FANUC ROBOGUIDE simulation software for robotics, related to errors in assigning permissions to files, allows a hacker to increase their privileges.

The vulnerability of the FANUC ROBOGUIDE software for robotization-related modeling tasks is related to errors in assigning permissions to files. Exploiting this vulnerability can allow attackers to increase their privileges...

Siemens Simcenter Femap File Parsing Vulnerability (CNVD-2022-36399)

Siemens Simcenter Femap is an engineering simulation application from Siemens, Germany. It is used to create, edit and import/reuse mesh-based finite element analysis models of complex products or systems. Siemens Simcenter Femap is vulnerable to file parsing, which can be exploited by attackers ...

CVE-2022-28120

Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server...

CVE-2022-28120

Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server...

Unrestricted file upload

Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server...

CVE-2022-28120

Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server...

CVE-2022-28120

The CVE-2022-28120 entry concerns Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0. A vulnerability in the file upload feature allows an attacker to gain control of the server. The root cause is described in connected sources...

Open virtual simulation experiment teaching management platform software 代码问题漏洞

Beijing Runnier Network Technology Open virtual simulation experiment teaching management platform software open virtual simulation experiment teaching management platform software is a management software for teaching by Beijing Runnier Network Technology Beijing Runnier Network Technology...

Siemens PROFINET Stack Integrated on Interniche Stack Uncontrolled Resource Consumption (CVE-2022-25622)

A vulnerability has been identified in SIMATIC CFU DIQ All versions, SIMATIC CFU PA All versions, SIMATIC S7-1500 CPU family incl. related ET200 CPUs and SIPLUS variants All versions V2.0.0, SIMATIC S7-300 CPU family incl. related ET200 CPUs and SIPLUS variants All versions, SIMATIC S7-400 H V6 C...