5111 matches found
WordPress Beacon Lead Magnets and Lead Capture Plugin <= 1.5.7 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Beacon Lead Magnets and Lead Capture versions = 1.5.7...
Malicious code in walletcore-gen (npm)
The package contains several malicious PowerShell and VBS scripts used to harvest browser data, take screenshots, log keystrokes, and establish startup persistence. It also bundles a password stealer and exfiltrates stolen data via Slack and Discord webhooks. --- -= Per source details. Do not edi...
SUSE CVE-2024-56667
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix NULL pointer dereference in captureengine When the intelcontext structure contains NULL, it raises a NULL pointer dereference error in drminfo. cherry picked from commit 754302a5bc1bd8fd3b7d85c168b0a1af6d4bba4d...
Malicious code in solana-login (npm)
The package contains several malicious PowerShell and VBS scripts used to harvest browser data, take screenshots, log keystrokes, and establish startup persistence. It also bundles a password stealer and exfiltrates stolen data via Slack and Discord webhooks. --- -= Per source details. Do not edi...
CTFd 安全漏洞
CTFd is a Capture The Flag framework open-sourced by CTFd. A security vulnerability exists in CTFd versions 3.7.0 through 3.7.4, which stems from a flaw in the logical implementation that allows authenticated users to reset their team bracket and join a new team while a match is in progress...
CTFd 安全漏洞
CTFd is a Capture The Flag framework open-sourced by CTFd. A security vulnerability exists in CTFd version 3.7.4 and earlier, which stems from the interchangeable use of account activation and password reset tokens, allowing a man-in-the-middle attacker to reuse such tokens to change a user's...
Dell ECS Certification Bypass Vulnerability
Dell ECS is an enterprise-grade cloud storage solution that provides high-performance, scalable object storage services. An authentication bypass vulnerability exists in Dell ECS versions prior to 3.8.1.3 that stems from a capture replay attack. An attacker could exploit the vulnerability to...
AZL-54862 CVE-2024-56667 affecting package kernel for versions less than 6.6.76.1-1
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix NULL pointer dereference in captureengine When the intelcontext structure contains NULL, it raises a NULL pointer dereference error in drminfo. cherry picked from commit 754302a5bc1bd8fd3b7d85c168b0a1af6d4bba4d...
DEBIAN-CVE-2024-56667
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix NULL pointer dereference in captureengine When the intelcontext structure contains NULL, it raises a NULL pointer dereference error in drminfo. cherry picked from commit 754302a5bc1bd8fd3b7d85c168b0a1af6d4bba4d...
UBUNTU-CVE-2024-56667
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix NULL pointer dereference in captureengine When the intelcontext structure contains NULL, it raises a NULL pointer dereference error in drminfo. cherry picked from commit 754302a5bc1bd8fd3b7d85c168b0a1af6d4bba4d...
CVE-2024-56667 drm/i915: Fix NULL pointer dereference in capture_engine
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix NULL pointer dereference in captureengine When the intelcontext structure contains NULL, it raises a NULL pointer dereference error in drminfo. cherry picked from commit 754302a5bc1bd8fd3b7d85c168b0a1af6d4bba4d...
CVE-2024-56667
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix NULL pointer dereference in captureengine When the intelcontext structure contains NULL, it raises a NULL pointer dereference error in drminfo. cherry picked from commit 754302a5bc1bd8fd3b7d85c168b0a1af6d4bba4d...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a null pointer dereference issue in the captureengine in the drm/i915 subsystem...
CVE-2024-52534
Dell ECS, versions prior to ECS 3.8.1.3, contains an Authentication Bypass by Capture-replay vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Session theft...
CVE-2024-52534
Dell ECS prior to version 3.8.1.3 contains an Authentication Bypass by Capture-replay vulnerability that could allow a low-privilege attacker with remote access to perform session theft. Affected component: Dell ECS software (enterprise object storage). Root cause: capture-replay-based bypass ena...
PT-2024-35362 · Dell · Dell Ecs
Name of the Vulnerable Software and Affected Versions: Dell ECS versions prior to 3.8.1.3 Description: The issue is an Authentication Bypass by Capture-replay vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Session theft...
Dell ECS 安全漏洞
Dell ECS is an enterprise-grade cloud storage solution that provides high-performance, scalable object storage services. An authentication bypass vulnerability exists in Dell ECS versions prior to 3.8.1.3 that stems from a capture replay attack. An attacker could exploit the vulnerability to...
Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data
Fortinet discovers two malicious Python packages, Zebo-0.1.0 and Cometlogger-0.1, designed to steal data, capture keystrokes, and gain system control. Learn about their malicious behavior and how to protect yourself...
Malicious Package
Overview zebo is a malicious package. This package steals information from the victim by logging keystrokes and taking screen captures, which are exfiltrated to a server under the attacker's control. Remediation Avoid using all malicious instances of the zebo package. References - Fortinet Report...
ROS-20241211-12
A vulnerability in the RADIUS authentication protocol implementation is related to bypassing the authentication procedure through capture-replay of intercepted messages. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access by forging an authentication...