Category Archives: Advisories

CVE-2020-36516

Read Time:12 Second

An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim’s TCP session or terminate that session.

Read More

Disclosure of DLL-Hijacking-Vulnerability-in-Technitium-Installer-v4.4

Read Time:23 Second

Posted by YEUNG, Tsz Ko on Feb 24

Hi all,

I would like to disclose
the DLL-Hijacking-Vulnerability-in-Technitium-Installer-v4.4

Details as below:

Vulnerable Software and Version:

1. Technitium Installer v4.4

Vulnerable software download link:
https://technitium.com/tmac/

Date discovered and reported:
25 Feb 2022

Description:
Technitium Installer v4.4 is suffering from DLL Hijacking by placing x86
SXS.dll in the same directory as the installer , which could cause…

Read More

Disclosure of DLL-Hijacking-Vulnerability-in-Technitium-Installer-v4.4

Read Time:23 Second

Posted by YEUNG, Tsz Ko on Feb 24

Hi all,

I would like to disclose
the DLL-Hijacking-Vulnerability-in-Technitium-Installer-v4.4

Details as below:

Vulnerable Software and Version:

1. Technitium Installer v4.4

Vulnerable software download link:
https://technitium.com/tmac/

Date discovered and reported:
25 Feb 2022

Description:
Technitium Installer v4.4 is suffering from DLL Hijacking by placing x86
SXS.dll in the same directory as the installer , which could cause…

Read More

DSA-5087 cyrus-sasl2 – security update

Read Time:14 Second

It was discovered that the SQL plugin in cyrus-sasl2, a library
implementing the Simple Authentication and Security Layer, is prone to a
SQL injection attack. An authenticated remote attacker can take
advantage of this flaw to execute arbitrary SQL commands and for
privilege escalation.

Read More

CVE-2020-10632

Read Time:10 Second

Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner.

Read More

CVE-2020-10640

Read Time:9 Second

Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.

Read More