Security
Headlines
HeadlinesLatestCVEs

Headline

VegaBird Vooki 5.2.9 DLL Hijacking

VegaBird Vooki version 5.2.9 suffers from a dll hijacking vulnerability.

Packet Storm
#vulnerability#web#auth
====================================CVE ID: CVE-2024-45874Author: Iulian FloreaVendor: VegaBirdProduct:  Vooki - Dynamic Web Application & REST API Vulnerability Scanner (DAST Tool)Vulnerability Type: DLL Hijacking========================================================================Summary==================================== A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe.====================================Exploitation====================================By placing an arbitrary DLL (Example: dcomp.dll) within the application folder (C:\Program Files\Vooki) and opening the application (Vooki.exe) it can be noted that the DLL is being loaded. This can lead to persistence or in some cases to privilege escalation.

Packet Storm: Latest News

Debian Security Advisory 5808-1