PT-2026-41960

Summary Alice runs zrok2 copy from a WebDAV or zrok drive controlled by Bob into a local filesystem target. Bob returns a DAV href such as /../outside.txt. The sync pipeline stores that path in the source inventory and passes it to FilesystemTarget.WriteStream, which joins it with the target root...

DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability

A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra aka DarkCasino targeting financial market traders. Trend Micro, which began tracking the campaign in late December 2023, said it entails...

Real Player 16.0.3.51 - 'external::Import()' Directory Traversal to Remote Code Execution (RCE)

Exploit Title: Real Player 16.0.3.51 - 'external::Import' Directory Traversal to Remote Code Execution RCE Google Dork: n/a Date: May 31, 2022 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://real.com/ Software Link: http://real.com/ Version: ver. 16.00.282, 16.0.3.51, Cloud 17.0.9.17,...

Microsoft Internet Explorer ShowSaveFileDialog DLL Loading Arbitrary Code Execution Vulnerability

Microsoft Internet Explorer is a web browser from Microsoft. Microsoft Internet Explorer suffers from an arbitrary code execution vulnerability in its implementation, which can be exploited by an attacker who places a file in a remotely accessible UNC or WebDAV share location to execute arbitrary...

HyperAccess - Multiple Vulnerabilities

Not long now... ======================================================================== = Hyper Access - Multiple Vulnerabilities = = Vendor Website: = http://www.hilgraeve.com = = Affected Software: = Hyper Access 8.4 and possibly lower = = Public disclosure on Thursday December 14, 2006...