Posted by Stefan Kanthak on Sep 28
Hi @ll,
<https://cwe.mitre.org/data/definitions/73.html>
CWE-73: External Control of File Name or Path
is a well-known and well-documented weakness.
<https://seclists.org/fulldisclosure/2020/Mar/48> as well as
<https://skanthak.homepage.t-online.de/offender.html> demonstrate how to
(ab)use just one instance of this weakness (introduced about 7 years ago
with Microsoft Defender, so-called “security software”) due to…
More Stories
Backdoor.Win32.Benju.a / Unauthenticated Remote Command Execution
Posted by malvuln on Sep 28 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/88922242e8805bfbc5981e55fdfadd71.txt Contact:...
Backdoor.Win32.Prorat.jz / Remote Stack Buffer Overflow (SEH)
Posted by malvuln on Sep 28 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/277f9a4db328476300c4da5f680902ea.txt Contact:...
Backdoor.Win32.Amatu.a / Remote Arbitrary File Write (RCE)
Posted by malvuln on Sep 28 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/1e2d0b90ffc23e00b743c41064bdcc6b.txt Contact:...
Backdoor.Win32.Agent.pw / Remote Stack Buffer Overflow (SEH)
Posted by malvuln on Sep 28 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/68dd7df213674e096d6ee255a7b90088.txt Contact:...
Backdoor.Win32.Boiling / Remote Command Execution
Posted by malvuln on Sep 28 Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/80cb490e5d3c4205434850eff6ef5f8f.txt Contact:...
SEC Consult SA-20240925-0 :: Uninstall Password Bypass in BlackBerry CylanceOPTICS Windows Installer Package (CVE-2024-35214)
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Sep 28 SEC Consult Vulnerability Lab Security Advisory < 20240925-0 >...