Lucene search
K

121 matches found

Cvelist
Cvelist
added 2020/12/21 10:40 p.m.20 views

CVE-2020-26284 Hugo can execute a binary from the current directory on Windows

Hugo is a fast and Flexible Static Site Generator built in Go. Hugo depends on Go's os/exec for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system %PATH% on Windows. In Hugo before version 0.79.1, if a malicious file with the same name exe or bat is...

7.7CVSS8.6AI score0.01451EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2020/11/11 10:9 a.m.427 views

Microsoft Releases Windows Security Updates For Critical Flaws

Microsoft formally released fixes for 112 newly discovered security vulnerabilities as part of its November 2020 Patch Tuesday, including an actively exploited zero-day flaw disclosed by Google's security team last week. The rollout addresses flaws, 17 of which are rated as Critical, 93 are rated...

10CVSS9.3AI score0.5063EPSS
Exploits4
ThreatPost
ThreatPost
added 2020/10/19 5:5 p.m.33 views

Overlay Malware Targets Windows Users with a DLL Hijack Twist

Brazilians are being warned of a new overlay malware targeting Windows users in order to siphon victims’ financial data and drain their bank accounts. Researchers say what the malware, dubbed Vizom, lacks in sophistication it makes up for in its creative abuse of the Windows ecosystem. Trusteer, ...

1.3AI score
Exploits0References3
HackRead
HackRead
added 2019/03/26 10:11 p.m.68 views

ShadowHammer: ASUS software updates exploited to distribute malware

By Waqas The victims of ShadowHammer malware attack are Windows users. Kaspersky Lab researchers have made a startling new revelation that the world’s leading computer maker ASUS’s live software update system was compromised by cybercriminals to install a backdoor, which affected ASUS customers...

4.6AI score
Exploits0
The Hacker News
The Hacker News
added 2019/02/21 5:35 a.m.235 views

Warning: Critical WinRAR Flaw Affects All Versions Released In Last 19 Years

Beware Windows users... a new dangerous remote code execution vulnerability has been discovered in the WinRAR software, affecting hundreds of millions of users worldwide. Cybersecurity researchers at Check Point have disclosed technical details of a critical vulnerability in WinRAR—a popular...

2AI score
Exploits0
OSV
OSV
added 2018/06/11 9:29 p.m.10 views

CVE-2016-9079

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox 50.0.2, Firefox ESR 45.5.1, and Thunderbird 45.5.1...

7.5CVSS7.1AI score0.87598EPSS
Exploits13References12
UbuntuCve
UbuntuCve
added 2018/06/11 9:29 p.m.23 views

CVE-2018-5174

In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEEMASKFLAGNOUI" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and i...

7.5CVSS7AI score0.01871EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2018/02/07 1:0 p.m.18 views

Hotspot Shield Vulnerability Could Reveal ‘Juicy’ Info About Users, Researcher Claims

UPDATE A vulnerability in the popular HotSpot Shield VPN client, which is promoted as being able to hide users’ identities, could expose their IP addresses and “other juicy info,” according to a security researcher. Paulos Yibelo, a researcher who has collected on a number of bug bounties in the...

5CVSS7.5AI score0.11184EPSS
Exploits3References8
seebug.org
seebug.org
added 2018/02/01 12:0 a.m.79 views

BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure

Exploit Title: BMC BladeLogic RSCD agent get Windows users Filename: BMCwinUsers.py Github: https://github.com/bao7uo/bmcbladelogic Date: 2018-01-27 Exploit Author: Paul Taylor / Foregenix Ltd Website: http://www.foregenix.com/blog Version: BMC RSCD agent 8.3.00.64 CVE: CVE-2016-5063 Vendor...

5CVSS5.7AI score0.08368EPSS
Exploits5
Packet Storm
Packet Storm
added 2018/01/30 12:0 a.m.79 views

BMC BladeLogic RSCD Agent 8.3.00.64 Windows Users Disclosure

Exploit Title: BMC BladeLogic RSCD agent get Windows users Filename: BMCwinUsers.py Github: https://github.com/bao7uo/bmcbladelogic Date: 2018-01-27 Exploit Author: Paul Taylor / Foregenix Ltd Website: http://www.foregenix.com/blog Version: BMC RSCD agent 8.3.00.64 CVE: CVE-2016-5063 Vendor...

5CVSS6AI score0.08368EPSS
Exploits5
exploitpack
exploitpack
added 2018/01/30 12:0 a.m.99 views

BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure

BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure Exploit Title: BMC BladeLogic RSCD agent get Windows users Filename: BMCwinUsers.py Github: https://github.com/bao7uo/bmcbladelogic Date: 2018-01-27 Exploit Author: Paul Taylor / Foregenix Ltd Website: http://www.foregenix.com/blog...

5CVSS5.7AI score0.08368EPSS
Exploits5
OSV
OSV
added 2017/10/18 12:0 a.m.6 views

UBUNTU-CVE-2017-7096

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to...

8.8CVSS7.7AI score0.01603EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2016/12/05 12:0 a.m.52 views

Apache CouchDB 2.0.0 Local Privilege Escalation

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/APACHE-COUCHDB-LOCAL-PRIVILEGE-ESCALATION.txt + ISR: ApparitionSec Vendor: ================== couchdb.apache.org Product: ============== CouchDB v2.0.0 Apache CouchDB is open...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2016/12/05 12:0 a.m.20 views

Apache CouchDB 2.0.0 - Local Privilege Escalation

Apache CouchDB 2.0.0 - Local Privilege Escalation + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/APACHE-COUCHDB-LOCAL-PRIVILEGE-ESCALATION.txt + ISR: ApparitionSec Vendor: ================== couchdb.apache.org Product:...

0.3AI score
Exploits0
0day.today
0day.today
added 2016/12/05 12:0 a.m.58 views

Apache CouchDB 2.0.0 - Local Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits + Credits: John Page aka hyp3rlinx Vendor: ================== couchdb.apache.org Product: ============== CouchDB v2.0.0 Apache CouchDB is open source database software that focuses on ease of use and having an architecture. It has a...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2016/05/10 10:23 p.m.15 views

WhatsApp launches Desktop Software for Windows and Mac Users

The most popular messaging app WhatsApp now has a fully functional desktop app – both for Mac as well as Windows platform. Facebook-owned WhatsApp messaging software has been a mobile-only messaging platform forever, but from Tuesday, the company is offering you its desktop application for both...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2015/05/15 11:17 a.m.11 views

Google Changes Policy on Chrome Extensions

Google is rolling out a new policy that will force all Windows and Mac users to install Chrome extensions only from the Chrome Web store. The company last year began enforcing this policy for Windows users on the main, stable channel for Chrome. Google offers several different channels for Chrome...

0.3AI score
Exploits0References1
ThreatPost
ThreatPost
added 2014/07/10 11:11 a.m.11 views

Google Constrains India CCA Root Cert in Wake of Bad Google and Yahoo Certificates

The Indian Controller of Certifying Authorities said that the certificate-issuance process for the National Informatics Centre of India, which issued several fraudulent certificates recently, which were blocked by Google, has been compromised and Google has decided to constrain India CCA’s root...

1.6AI score
Exploits0References5
ThreatPost
ThreatPost
added 2014/04/28 11:43 a.m.50 views

Flash Zero Day Used to Target Victims in Syria

A couple days after Microsoft warned users about a new vulnerability in Internet Explorer that’s being used in targeted attacks, Adobe on Monday said that researchers have discovered a zero day in Flash, as well, which attackers are using to target victims in Syria through a watering hole attack ...

10CVSS9AI score0.94569EPSS
Exploits10References3
OSV
OSV
added 2014/03/26 8:0 a.m.6 views

CURL-CVE-2014-2522 not verifying certs for TLS to IP address / Schannel

When asked to do a TLS connection HTTPS, FTPS, IMAPS, etc to a URL specified with an IP address instead of a name, libcurl would wrongly not verify the server's name in the certificate. The signature whether it was signed by a trusted CA and validity whether the date was within the certificate's...

4CVSS6.1AI score0.02576EPSS
Exploits1
Rows per page
Query Builder