CVE-2025-59485

CVE-2025-59485 affects Security Point (Windows) of MaLion prior to Ver.5.3.4. The flaw allows placing an arbitrary file in a specific folder by a logged-in user; if the file is a crafted DLL, it could execute code with SYSTEM privileges. Remediation: update to Security Point MaLion Ver.5.3.4 or l...

EUVD-2017-7874

Malware in sbrugna...

ScareCrow - Payload Creation Framework Designed Around EDR Bypass

If you want to learn more about the techniques utlized in this framework please take a look at Part 1 and Part 2 Description ScareCrow is a payload creation framework for generating loaders for the use of side loading not injection into a legitimate Windows process bypassing Application...

Code injection

A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll located in your Syswow64 / System32 folder from the folder the executable is in a...

CVE-2017-16690

CVE-2017-16690 describes a DLL preloading vulnerability in SAP Plant Connectivity (NwSapSetup/SAPSetup) where DLLs (e.g., DWMAPI.dll) may be loaded from the executable’s folder rather than system folders. Root cause: the loader uses the local folder before system directories, enabling code execut...

QNAPQsyncClientWindows 4.2.1.0602 Privilege Escalation

Hi @ll, the executable installer QNAPQsyncClientWindows-4.2.1.0602.exe, available from , has like almost all executable installers multiple vulnerabilities: 1: arbitrary remote code execution WITH escalation of privilege On a fully patched Windows 7 SP1 it loads and executes the following Windows...

CURL-CVE-2016-4802 Windows DLL hijacking

libcurl would load Windows system DLLs in a manner that may make it vulnerable to a DLL hijacking aka binary planting attack in certain configurations. libcurl has a unified code base that builds and runs on a multitude of different versions of Windows. To make that possible, when libcurl is buil...

MDaemon mail server weak permissions

Installation folder allows User group to create files, making it possible to spoof system DLLs with local ones...

IPSwitch IMAP Server LOGON Remote Stack Overflow

Exploit for unknown platform in category remote exploits ================================================ IPSwitch IMAP Server LOGON Remote Stack Overflow ================================================ / IpSwitch IMAP Server LOGON stack overflow. Software Hole discovered by iDEFENSE POC written...

IPSwitch IMAP Server - LOGON Remote Stack Overflow

/ IpSwitch IMAP Server LOGON stack overflow. Software Hole discovered by iDEFENSE POC written by nolimit and BuzzDee First, some information for the few of you that know how this stuff works. The reason you see no SP2 or 2003 offsets is because of Windows SEH checks. Thats right, in this one...