>> CATEGORY: exploit

XML signature verification in .NET 6 as implemented in System.Security.Cryptography.Xml.SignedXml is vulnerable to external entity injection attacks.

Sagemath version 9.0 suffers from overflow and denial of service vulnerabilities.

This Metasploit module exploits an unauthenticated command injection vulnerability in Apache Spark. Successful exploitation results in remote code execution under the context of the Spark application user. The command injection…

Trojan.Win32.Autoit.fhj malware suffers from an insecure permissions vulnerability.

FTPManager version 8.2 suffers from local file inclusion and directory traversal vulnerabilities.

Backdoor.Win32.Winshell.5_0 malware suffers from a hardcoded credential vulnerability.

Trojan-Spy.Win32.Pophot.bsl malware suffers from an insecure permissions vulnerability.

Backdoor.Win32.Hupigon.aspg malware suffers from an unquoted service path vulnerability.

FE File Explorer version 11.0.4 suffers from a local file inclusion vulnerability.

Trojan.Win32.Autoit.fhj malware creates two processes “xservice.exe” and a child process “xps.exe”. The process creates an IPC pipe with a NULL DACL allowing RW for the Everyone user group.