[SECURITY] Fedora 39 Update: wildcard-0.3.3-3.fc39
Wildcard gives you a nice and simple to use interface to test/practice regu lar...
[SECURITY] Fedora 39 Update: rust-sequoia-sqv-1.2.1-2.fc39
A simple OpenPGP signature verification...
[SECURITY] Fedora 39 Update: rust-silver-2.0.1-8.fc39
A cross-shell customizable powerline-like prompt with...
[SECURITY] Fedora 39 Update: rust-hexyl-0.14.0-3.fc39
hexyl is a simple hex viewer for the terminal. It uses a colored output to distinguish different categories of bytes (NUL bytes, printable ASCII characters, ASCII whitespace characters, other ASCII characters and non-ASC...
[SECURITY] Fedora 39 Update: rust-jql-7.1.2-3.fc39
Jql - JSON Query Language - is a fast and simple command-line tool to manipulate JSON...
[SECURITY] Fedora 39 Update: rust-fd-find-9.0.0-3.fc39
Fd is a simple, fast and user-friendly alternative to...
7.3AI Score
Reaper - Proof Of Concept On BYOVD Attack
Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate, vulnerable driver into a target system, which allows attackers to exploit the driver to perform malicious actions. Reaper was...
7.5AI Score
Oracle Linux 8 : virt:ol / and / virt-devel:rhel (ELSA-2024-3253)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3253 advisory. hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt [8.0.0-23.1.0.1] - Set SOURCE_DATE_EPOCH from changelog...
8AI Score
Ars0N-Framework - A Modern Framework For Bug Bounty Hunting
Howdy! My name is Harrison Richardson, or rs0n (arson) when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built a simple web...
7AI Score
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...
8AI Score
I don't think it's an exaggeration to predict that artificial intelligence will affect every aspect of our society. Not by doing new things. But mostly by doing things that are already being done by humans, perfectly competently. Replacing humans with AIs isn't necessarily interesting. But when an....
7.4AI Score
CVE-2024-24919 Checker A simple bash script to check for the...
7.2AI Score
0.019EPSS
Intro Simple POC Python script that check & leverage Check...
7.3AI Score
0.019EPSS
Amazon Linux 2 : tigervnc (ALAS-2024-2558)
The version of tigervnc installed on the remote host is prior to 1.8.0-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2558 advisory. A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be...
7.9AI Score
7.4AI Score
In the jungle of AWS S3 Enumeration
By Daily Contributors Amazon Web Services (AWS) Simple Storage Service (S3) is a foundational pillar of cloud storage, offering scalable object… This is a post from HackRead.com Read the original post: In the jungle of AWS S3...
7.3AI Score
CVE-2024-24919 Quick and simple script that takes as input a...
6.6AI Score
0.019EPSS
Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks
My wife (no stranger to weird types of scams) recently received a fake text message from someone claiming to be New Jersey's E-ZPass program saying that she had an outstanding balance from highway tolls that she owed, prompting her to visit a site so she could pay and avoid additional fines. There....
7.4AI Score
Beware of scammers impersonating Malwarebytes
Scammers love to bank on the good name of legitimate companies to gain the trust of their intended targets. Recently, it came to our attention that a cybercriminal is using fake websites for security products to spread malware. One of those websites was impersonating the Malwarebytes brand. Image.....
7.3AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
9.2AI Score
0.001EPSS
symfony/validator XML Entity Expansion vulnerability
Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...
7.2AI Score
symfony/validator XML Entity Expansion vulnerability
Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...
7.2AI Score
symfony/translation XML Entity Expansion vulnerability
Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...
7.2AI Score
symfony/translation XML Entity Expansion vulnerability
Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...
7.2AI Score
Symfony XML Entity Expansion security vulnerability
Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...
7.2AI Score
Symfony XML Entity Expansion security vulnerability
Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...
7.2AI Score
LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader
By Anna Bennett, Nicole Hoffman, Asheer Malhotra, Sean Taylor and Brandon White. Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we're calling "LilacSquid." LilacSquid's victimology includes a...
7.8AI Score
The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6.4CVSS
5.7AI Score
The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
5.7AI Score
5.7AI Score
0.004EPSS
Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that...
7.6AI Score
0.037EPSS
Symfony XXE security vulnerability
Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...
7.2AI Score
Symfony XXE security vulnerability
Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...
7.2AI Score
virt:ol and virt-devel:rhel security update
hivex libguestfs libguestfs-winsupport libiscsi libnbd libtpms libvirt [8.0.0-23.1.0.1] - Set SOURCE_DATE_EPOCH from changelog [Orabug: 32019554] - Add runtime deps for pkg librbd1 >= 1:10.2.5 (Keshav Sharma) [8.0.0-23.1.el8] - remote: check for negative array lengths before allocation...
7.7AI Score
0.001EPSS
Symfony XML Entity Expansion security vulnerability
Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...
7.2AI Score
Symfony XML Entity Expansion security vulnerability
Symfony 2.0.11 carried a [similar] XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion (XEE) attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no...
7.2AI Score
[SECURITY] Fedora 40 Update: zeal-0.7.0-10.fc40
Zeal is a simple offline documentation browser inspired by...
6.2AI Score
Oracle Linux 8 : tigervnc (ELSA-2024-3261)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3261 advisory. [1.13.1-10] - Drop patches that are already part of xorg-x11-server Resolves: RHEL-30755 Resolves: RHEL-30767 Resolves: RHEL-30761 ...
8AI Score
[1.13.1-10] - Drop patches that are already part of xorg-x11-server Resolves: RHEL-30755 Resolves: RHEL-30767 Resolves: RHEL-30761 [1.13.1-9] - Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents Resolves: RHEL-30755 - Fix...
7.4AI Score
0.0005EPSS
CVE-2024-5437 SourceCodester Simple Online Bidding System save_category cross site scripting
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as problematic. Affected is the function save_category of the file /admin/index.php?page=categories. The manipulation of the argument name leads to cross site scripting. It is possible to launch...
6.4AI Score
Treasury Sanctions Creators of 911 S5 Proxy Botnet
The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe....
7.3AI Score
pcTattletale spyware leaks database containing victim screenshots, gets website defaced
The idea behind the software is simple. When the spying party installs the stalkerware, they grant permission to record what happens on the targeted Android or Windows device. The observer can then log in on an online portal and activate recording, at which point a screen capture is taken on the...
7.2AI Score
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID:...
9.3AI Score
0.166EPSS
A vulnerability classified as problematic was found in SourceCodester Simple Online Bidding System 1.0. Affected by this vulnerability is the function save_product of the file /admin/index.php?page=manage_product of the component HTTP POST Request Handler. The manipulation leads to cross-site...
7.1AI Score
Pyrit - The Famous WPA Precomputed Cracker
Pyrit allows you to create massive databases of pre-computed WPA/WPA2-PSK authentication phase in a space-time-tradeoff. By using the computational power of Multi-Core CPUs and other platforms through ATI-Stream,Nvidia CUDA and OpenCL, it is currently by far the most powerful attack against one of....
7.2AI Score
[SECURITY] Fedora 39 Update: nextcloud-28.0.5-2.fc39
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. NextCloud is extendable via a simple but powerful API.....
7.3AI Score
[SECURITY] Fedora 40 Update: nextcloud-28.0.5-2.fc40
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. NextCloud is extendable via a simple but powerful API.....
7.3AI Score
libigl readMSH improper array index validation vulnerability
Talos Vulnerability Report TALOS-2024-1926 libigl readMSH improper array index validation vulnerability May 28, 2024 CVE Number CVE-2024-23948,CVE-2024-23951,CVE-2024-23947,CVE-2024-23950,CVE-2024-23949 SUMMARY Multiple improper array index validation vulnerabilities exist in the readMSH...
7.2AI Score