Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
6053d97499c83feb87ce1d7f732d9c889c6c18bb334de67e65dca11483b0514e
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
2b9e96572a7002c3e53b79683cf92f8172217e64c17ecaaf612eb68c2a7556ec
This is a thorough write up of how to exploit a local privilege escalation vulnerability in iTunes for Windows version 12.13.2.3. Apple fixed this in version 12.13.3.
d695b4f1b1028346552105f4ee8239edee8add156e7b797895b5d5337070f75f
The Nitro PDF Pro application uses a .msi installer file (embedded into an executable .exe installer file) for installation. The MSI installer uses custom actions in repair mode in an unsafe way. Attackers with low-privileged system access to a Windows system where Nitro PDF Pro is installed, can exploit the cached MSI installer's custom actions to effectively escalate privileges and get a command prompt running in context of NT AUTHORITY\SYSTEM. Versions prior to 14.26.1.0 and 13.70.8.82 and affected.
a84e46e6f47edcfa84a24b20d405dc9009aef6635aeed2d4103f5c1e3b453e54
Red Hat Security Advisory 2024-7436-03 - The components for Red Hat OpenShift for Windows Containers 10.17.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.
f9f6a21021825712bf4746f21d3128dde3ff2cc370b717d9e3f6b54dc5961898
VegaBird Vooki version 5.2.9 suffers from a dll hijacking vulnerability.
c5f33bc21c9e871866fcbc9aa668c73fe0ec052f868a7c993eb644b8d7aa159e
VegaBird Yaazhini version 2.0.2 suffers from a dll hijacking vulnerability.
378aa772f21ffc902834ecaa037a742ac5bf2f8dbac879f976178e59558b4845
A single command line can show you about 20,000 instances of CWE-73 issues with Microsoft Windows.
98cca0958bfbc8ebf3577e8e302960e439c3a7358827822332a2847dd420517e
Backdoor.Win32.Benju.a malware suffers from a remote command execution vulnerability. This is the 700th release of a malvuln finding.
f79228aaf64af956558118e52f0cae8c6690433d9087c20cfbb14080997449f1
Backdoor.Win32.Prorat.jz malware suffers from a buffer overflow vulnerability.
a1f2f2d06b92875d0d19569387aac4e9a1c23766a1289286cdc961ea4b1b0fd1
Backdoor.Win32.Amatu.a malware suffers from a remote arbitrary file write vulnerability.
0ac4d1e102fa50d12c1ed2087d7d607e89de02d81742b58cfdd99a95944c55f4
Backdoor.Win32.Agent.pw malware suffers from a buffer overflow vulnerability.
7fa82baa98ac10e7877b5d15186d291cc19793db34d1c44febf37e06a22af7aa
Backdoor.Win32.Boiling malware suffers from a code execution vulnerability.
b666a8b57ce06bc159252f69fc3abb01c3f39d13ebb66f288c0201d4507a0a1e
Red Hat Security Advisory 2024-6734-03 - The components for Red Hat OpenShift for Windows Containers 7.2.2 are now available.This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.
be505ca2f3802cff25f63ab64134208833ab546ae1e49eddd55ed15bf211b2ad
Backdoor.Win32.CCInvader.10 malware suffers from a bypass vulnerability.
7f8fbab739d2fc6fb8f975250a5f1be05abc1adfae0b192591971bf6f66b9101
Backdoor.Win32.BlackAngel.13 malware suffers from a code execution vulnerability.
717e62131924ca1af11ac62c8dd44bd60d6cffaaf4066df556a537c3442d678e
Backdoor.Win32.Delf.yj malware suffers from an information leakage vulnerability.
145f23a8746541655af47b6cc26039a64ce706d01053710c1a2fcdd7dc5aa7a8
CVE-2024-30088 is a Windows kernel elevation of privilege vulnerability which affects many recent versions of Windows 10, Windows 11 and Windows Server 2022. The vulnerability exists inside the function called AuthzBasepCopyoutInternalSecurityAttributes specifically when the kernel copies the _AUTHZBASEP_SECURITY_ATTRIBUTES_INFORMATION of the current token object to user mode. When the kernel performs the copy of the SecurityAttributesList, it sets up the list of the SecurityAttributes structure directly to the user supplied pointed. It then calls RtlCopyUnicodeString and AuthzBasepCopyoutInternalSecurityAttributeValues to copy out the names and values of the SecurityAttribute leading to multiple Time Of Check Time Of Use (TOCTOU) vulnerabilities in the function.
a4e521839032a10c16e91b79eb43b6f9620dcc27482be434b0d2b62d5ac92e66
This Python script for Linux can analyze Microsoft Windows .msi Installer files and point out potential vulnerabilities.
5acb6c6d8634611b63c2c7dbe9d099afc2807b183f5f065ed3557bc52c57aa7d
This Metasploit module creates a RAR file that exploits CVE-2022-30333, which is a path-traversal vulnerability in unRAR that can extract an arbitrary file to an arbitrary location on a Linux system. UnRAR fixed this vulnerability in version 6.12 (open source version 6.1.7). The core issue is that when a symbolic link is unRARed, Windows symbolic links are not properly validated on Linux systems and can therefore write a symbolic link that points anywhere on the filesystem. If a second file in the archive has the same name, it will be written to the symbolic link path.
2df85540ffe31bd6abf8706295866ebd1d381d12c36e4680836b772ead8e9445
Red Hat Security Advisory 2024-6461-03 - The components for Red Hat OpenShift for Windows Containers 8.1.3 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.
a94249ed049993a7bc563b3b10bb0d96714766e31214ef508fe10f390b70cbb5
Red Hat Security Advisory 2024-6460-03 - The components for Red Hat OpenShift for Windows Containers 9.0.3 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.
a23d4b1cfe7359499fbd669db4aaa7f2ebfce5622158e6ecdf9cb51d4d649552
Proof of concept code for the Microsoft Windows DWM Core library elevation of privilege vulnerability. The researcher shows how they reversed the patch, how the heap overflow is produced, and overall gives a complete walk through of their process.
ae21b7b798fa9141cefb1411db92e94dfef6796823599323e49ec4cfcc3f7c0d
Backdoor.Win32.Symmi.qua malware suffers from a buffer overflow vulnerability.
0bc924461f903a4b4b69a0e094001ae59f6aed7881aa5a2aff5dfa55c34905b6
HackTool.Win32.Freezer.br (WinSpy) malware suffers from an insecure credential storage vulnerability.
574e327046bc7ed7b91b795a2eebcc7e87a001021d334845c357d1bc082517f0