MAL-2024-2612 Malicious code in line-configs (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in @b2bgeo/configs (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2016 Malicious code in @b2bgeo/configs (npm)

--- -= Per source details. Do not edit below this line.=-...

Exploit for Improper Input Validation in Paloaltonetworks Pan-Os

CVE-2024-3400 PoC for educational purposes only. only use on...

CVE-2024-26668 netfilter: nft_limit: reject configurations that cause integer overflow

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftlimit: reject configurations that cause integer overflow Reject bogus configs where internal token counter wraps around. This only occurs with very very large requests, such as 17gbyte/s. Its better to reject this...

CVE-2023-4628

The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflowsavehook function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to update the 'ladiflowhookconfigs' option via a forged request...

CVE-2023-4628

The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflowsavehook function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to update the 'ladiflowhookconfigs' option via a forged request...

PT-2024-13343 · WordPress · Ladiapp

Name of the Vulnerable Software and Affected Versions: LadiApp plugin for WordPress versions up to, and including, 4.3 Description: The issue is related to a missing capability check on the ladiflow save hook function, allowing authenticated attackers with subscriber-level access and above to...

BIT-NATS-2020-28466 Denial of Service (DoS)

This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightene...

PT-2024-21476

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.9-arch1-1 Description The Linux kernel has a vulnerability in the drm/amd/display module, specifically in the function drm dp atomic find time slots. This vulnerability is caused by a NULL pointer dereference...

Malicious code in page-configs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 247b2508deee06d4f944582ff28b3bcbf5ea9305e36a9029b562169a7cd266d8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-28 Malicious code in page-configs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 247b2508deee06d4f944582ff28b3bcbf5ea9305e36a9029b562169a7cd266d8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Actions expression injection in `filter-test-configs` (`GHSL-2023-181`)

The pytorch/pytorch filter-test-configs workflow is vulnerable to an expression injection in Actions, allowing an attacker to potentially leak secrets and alter the repository using the workflow. Details The filter-test-configs workflow is using the raw github.event.workflowrun.headbranch value...

New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs

A new malware campaign has been observed making use of malicious OpenBullet configuration files to target inexperienced cyber criminals with the goal of delivering a remote access trojan RAT capable of stealing sensitive information. Bot mitigation company Kasada said the activity is designed to...

Directory listing in multiple endpoints

Description Teampass has directory listing by default for various endpoints that eventually discloses application-specific and user data and files. Proof of Concept Visit the following endpoint without logging in to the application. Sensitive - https://127.0.0.1/includes configs -...

UBUNTU-CVE-2023-22348

Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions 2.1.0p28 and 2.2.0b8 allows remote authenticated users to read arbitrary hostconfigs...

PT-2023-18447 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.1.0p28 Checkmk versions prior to 2.2.0b8 Description: The issue concerns improper authorization in the RestAPI of Checkmk, allowing remote authenticated users to read arbitrary host configs. Recommendations: For...

CVE-2023-1138

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain an improper access control vulnerability, which could allow an attacker to retrieve Gateway configuration files to obtain plaintext credentials...

OS Command Injection

github.com/gogs/gogs is vulnerable to OS Command Injection. The vulnerability exists because the isRepositoryGitPath function of repoeditor.go does not properly check the git path on case-insensitive file systems, which allows an attacker to upload malicious file configs into the system...

Malicious Package

Overview @b2bgeo/configs is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...