46 matches found
Wiz Becomes Fastest Security ISV to Reach $1 Billion in AWS Marketplace Lifetime Sales
A milestone fueled by customer trust and a partnership built for scale...
SAP S4CORE 安全漏洞
SAP S4CORE is a Managed Procurement Contracts application from SAP, Germany. A security vulnerability exists in SAP S4CORE that stems from a failure to perform required authorization checks on authenticated users, which could result in elevated privileges...
Lazarus Unleash SIGNBT Malware in Latest Campaign
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Lazarus Group has been identified as the mastermind behind a recent cyber campaign. They persistently targeted a software vendor, successfully compromising the vendors systems by exploiting software...
N. Korean Lazarus Group Targets Software Vendor Using Known Flaws
The North Korea-aligned Lazarus Group has been attributed as behind a new campaign in which an unnamed software vendor was compromised through the exploitation of known security flaws in another high-profile software. The attack sequences, according to Kaspersky, culminated in the deployment of...
A cascade of compromise: unveiling Lazarus’ new campaign
Earlier this year, a software vendor was compromised by the Lazarus malware delivered through unpatched legitimate software. Whats remarkable is that these software vulnerabilities were not new, and despite warnings and patches from the vendor, many of the vendors systems continued to use the...
NSA on Supply Chain Security
The NSA together with CISA has published a long report on supply-chain security: "Securing the Software Supply Chain: Recommended Practices Guide for Suppliers.": Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code,...
CVE-2022-39803
Due to lack of proper memory management, when a victim opens a manipulated ACIS Part and Assembly .sat, CoreCadTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a...
10-Strike Network Inventory Explorer 8.54 Buffer Overflow
Exploit Title: 10-Strike Network Inventory Explorer 8.54 - 'Add' Local Buffer Overflow SEH Date: 2020-03-24 Author: Felipe Winsnes Vendor Homepage: https://www.10-strike.com/ Software Link: https://www.10-strike.com/networkinventoryexplorer/network-inventory-setup.exe Version: 8.54 Tested on:...
Torrent 3GP Converter 1.51 - Stack Overflow (SEH) Exploit
Exploit Title: Torrent 3GP Converter 1.51 - Stack Overflow SEH Exploit Author: boku Software Vendor: torrentrockyou Vendor Homepage: http://www.torrentrockyou.com Software Link: http://www.torrentrockyou.com/download/tr3gpconverter.exe Version: Torrent 3GP Converter Version 1.51 Build 116 Tested...
BOOTP Turbo 2.0 - Denial of Service (SEH) Exploit
Exploit Title: BOOTP Turbo 2.0 - Denial of Service SEHPoC Exploit Author: boku Software Vendor: Wierd Solutions Vendor Homepage: https://www.weird-solutions.com Software Link: https://www.weird-solutions.com/download/products/bootptdemoIA32.exe Version: BOOTP Turbo x86 Version 2.0 Tested On:...
Domain Quester Pro 6.02 - Stack Overflow (SEH) Exploit
Exploit Title: Domain Quester Pro 6.02 - Stack Overflow SEH Exploit Author: boku Software Vendor: http://www.internet-soft.com/ Software Link: http://www.internet-soft.com/DEMO/questerprosetup.exe Version: Version 6.02 Tested on: Microsoft Windows 7 Enterprise - 6.1.7601 Service Pack 1 Build 7601...
Domain Quester Pro 6.02 Stack Overflow
Exploit Title: Domain Quester Pro 6.02 - Stack Overflow SEH Date: 2019-12-26 Exploit Author: boku Software Vendor: http://www.internet-soft.com/ Software Link: http://www.internet-soft.com/DEMO/questerprosetup.exe Version: Version 6.02 Tested on: Microsoft Windows 7 Enterprise - 6.1.7601 Service...
FTP Commander Pro 8.03 - Local Stack Overflow Exploit
Exploit Title: FTP Commander Pro 8.03 - Local Stack Overflow Exploit Author: boku Discovered by: UNNON Original DoS: FTP Commander 8.02 - Overwrite SEH Original DoS Link: https://www.exploit-db.com/exploits/37810 Software Vendor: http://www.internet-soft.com/ Software Link:...
FTP Commander Pro 8.03 - Local Stack Overflow
FTP Commander Pro 8.03 - Local Stack Overflow Exploit Title: FTP Commander Pro 8.03 - Local Stack Overflow Date: 2019-12-12 Exploit Author: boku Discovered by: UNNON Original DoS: FTP Commander 8.02 - Overwrite SEH Original DoS Link: https://www.exploit-db.com/exploits/37810 Software Vendor:...
Compensating Controls: When Patching Isn’t an Option
Your software vendor is asleep at the wheel and your devs still need that legacy daemon...
Zip-n-Go 4.9 - Buffer Overflow (SEH)
!/usr/bin/python ---------------------------------------------------------------------------------------------------------- Exploit Title : Zip-n-Go v4.9 - Local Buffer Overflow SEH Exploit Author : Hashim Jawad - @ihack4falafel Vendor Homepage : http://mc1soft.com/index.shtml Vulnerable Software...
New White House Announcement on the Vulnerability Equities Process
The White House has released a new version of the Vulnerabilities Equities Process VEP. This is the inter-agency process by which the US government decides whether to inform the software vendor of a vulnerability it finds, or keep it secret and use it to eavesdrop on or attack other systems. You...
CCleanup: A Vast Number of Machines at Risk
This post was authored by: Edmund Brumaghin, Ross Gibb, Warren Mercer, Matthew Molyett, and Craig WilliamsUpdate 9/18: CCleaner Cloud version 1.07.3191 is also reported to be affectedUpdate 9/19: This issue was discovered and reported by both Morphisec and Cisco in separate in-field cases and...
CVE-2016-5483
Disclaimer: This data contains information about vulnerable...
Kaspersky Lab Bug Bounty Program Launches
LAS VEGAS – Kaspersky Lab today at Black Hat USA 2016 announced the launch of a public bug bounty, one of the few offered by a software vendor in the computer security industry. The bounty begins tomorrow on the HackerOne platform, and the first phase will run for six months. The company said tha...