26 matches found
CVE-2025-41739
CVE-2025-41739 affects the CODESYS Control runtime system (Linux and QNX). The issue is a race-condition in the system’s communication servers that allows an unauthenticated, remote attacker to trigger an out-of-bounds read via crafted socket communication, potentially leading to a denial of serv...
CVE-2025-41739 CODESYS Control - Linux/QNX SysSocket flaw
An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service...
PT-2025-48434
An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service...
EUVD-2010-2526
Malware in sbrugna...
CVE-2024-50050
Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead...
CVE-2024-50050
Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead...
CVE-2024-50050
Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead...
CVE-2024-50050
CVE-2024-50050 affects the Llama Stack (Meta Llama Stack) prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005, where the Python Inference API used pickle over a socket/ZeroMQ transport for deserialization. This insecure pattern enables remote code execution (RCE) when untrusted data is des...
CVE-2024-50050
Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead...
Llama Stack 安全漏洞
Llama Stack is a model component of the Llama Stack API open-sourced by Meta Llama. A security vulnerability exists in versions prior to Llama Stack 7a8aa775e5a267cf8660d83140011a0b7f91e005, which stems from the use of pickle as a serialization format for socket communication, and could allow...
PT-2024-33890
Name of the Vulnerable Software and Affected Versions Llama Stack versions prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 Meta Llama Framework affected versions not specified Description Llama Stack, prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005, used Pickle as a...
Fuzzing µCOS protocol stacks, Part 2: Handling multiple requests per test case
So far in this series, Ive developed a fuzzer for the µC/HTTP-server. As described in the previous post, this fuzzer reads from a file to enable compatibility with AFL++. That implementation only fuzzes a single request at a time. Although that single request fuzzer uncovered a few security...
CVE-2023-43632 Freely Allocate Buffer on The Stack With Data From Socket
As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients to execute tpm2-tools binaries from a list of hardcoded options” The communication with this server is done using...
Nimc2 - A C2 Fully Written In Nim
nimc2 is a very lightweight C2 written fully in nim implant & server. If you want to give it a try check out the wiki to learn how to install and use nimc2. It's features include: Windows & Linux implant generation TCP socket communication with HTTP communication coming soon Ability to create as...
Worm.Win32.Busan.k Insecure Transit
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/bcad7aa6cb6cb9d94377cd88acbca1c9.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Worm.Win32.Busan.k Vulnerability: Insecure Communication Protocol Description: Busan.k launches a...
Reverse-Shell
Establish a reverse shell and get persistance on your target using this script,copy this script to your target and leave it run it on the background after a successfull exploitation. Multi-sessions are supported. Shell Script created using Exploit Pack http://www.exploitpack.com -...
Jason Maloney's Guestbook 3.0 - Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9139/info A vulnerability has been reported in Jason Maloney's Guestbook that could result in remote command execution with the privileges of the web server. The problem occurs due to the application failing to sanitize...
Novell Netware XNFS.NLM NFS Rename Remote Code Execution
Application: Novell Netware XNFS.NLM NFS Rename Remote Code Execution Vulnerability Platforms: Novell Netware 6.5 SP8 Exploitation: Remote code execution CVE Number: Novell TID: 5117430 ZDI: ZDI-12-06 PRL: 2012-02 Author: Francis Provencher Protek Research Lab's Website:...
CVE-2010-2522
The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel, which allows local users to spoof netlink socket communication via a crafted unicast message...
Code injection
The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel, which allows local users to spoof netlink socket communication via a crafted unicast message...