NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322, Xftp 5.0 Build 1218, and Xlpd 5.0 Build 1220 contain a malicious nssock2.dll that implements a multi-stage, DNS-based backdoor. The dormant library contacts a C2 DNS server via a specially crafted TXT record for a month‑generated domain. After receiving a decryption key, it then downloads and executes arbitrary code, creates an encrypted virtual file system (VFS) in the registry, and grants the attacker full remote code execution, data exfiltration, and persistence. NetSarang released builds for each product line that remediated the compromise: Xmanager Enterprise Build 1236, Xmanager Build 1049, Xshell Build 1326, Xftp Build 1222, and Xlpd Build 1224. Kaspersky Lab identified an instance of exploitation in the wild in August 2017.

CVE Database V5

Detailed information about CVE-2025-34252: CWE-506 Embedded Malicious Code in NetSarang Computer, Inc. Xmanager Enterprise affecting NetSarang Computer, Inc. Xm

CVE-2025-34252: CWE-506 Embedded Malicious Code in NetSarang Computer, Inc. Xmanager Enterprise - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-34252: CWE-506 Embedded Malicious Code in NetSarang Computer, Inc. Xmanager Enterprise

A vulnerability was detected in Campcodes Advanced Online Voting Management System 1.0. The impacted element is an unknown function of the file /index.php. Performing manipulation of the argument voter results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Detailed information about CVE-2025-11409: SQL Injection in Campcodes Advanced Online Voting Management System affecting Campcodes Advanced Online Voting Manage

CVE-2025-11409: SQL Injection in Campcodes Advanced Online Voting Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-11409: SQL Injection in Campcodes Advanced Online Voting Management System

In Ankitects Anki before 25.02.5, a crafted shared deck can place a YouTube downloader executable in the media folder, and this is executed for a YouTube link in the deck. The executable name could be youtube-dl.exe or yt-dlp.exe or yt-dlp_x86.exe.

Detailed information about CVE-2025-62185: CWE-427 Uncontrolled Search Path Element in Ankitects Anki affecting Ankitects Anki. Get real-time updates, technical

CVE-2025-62185: CWE-427 Uncontrolled Search Path Element in Ankitects Anki - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-62185: CWE-427 Uncontrolled Search Path Element in Ankitects Anki

Ankitects Anki before 25.02.5 allows a crafted shared deck on Windows to execute arbitrary commands when playing audio because of URL scheme mishandling.

Detailed information about CVE-2025-62186: CWE-829 Inclusion of Functionality from Untrusted Control Sphere in Ankitects Anki affecting Ankitects Anki. Get real

CVE-2025-62186: CWE-829 Inclusion of Functionality from Untrusted Control Sphere in Ankitects Anki - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-62186: CWE-829 Inclusion of Functionality from Untrusted Control Sphere in Ankitects Anki

In Ankitects Anki before 25.02.6, crafted sound file references could cause files to be written to arbitrary locations on Windows and Linux (media file pathnames are not necessarily relative to the media folder).

Detailed information about CVE-2025-62187: CWE-23 Relative Path Traversal in Ankitects Anki affecting Ankitects Anki. Get real-time updates, technical details, 

CVE-2025-62187: CWE-23 Relative Path Traversal in Ankitects Anki

CVE-2025-62187: CWE-23 Relative Path Traversal in Ankitects Anki

Description

Technical Details

Community Reviews

Related Threats

CVE-2025-34252: CWE-506 Embedded Malicious Code in NetSarang Computer, Inc. Xmanager Enterprise

CVE-2025-11409: SQL Injection in Campcodes Advanced Online Voting Management System

CVE-2025-62185: CWE-427 Uncontrolled Search Path Element in Ankitects Anki

CVE-2025-62186: CWE-829 Inclusion of Functionality from Untrusted Control Sphere in Ankitects Anki

CVE-2025-11408: Buffer Overflow in D-Link DI-7001 MINI

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility