167 matches found
Malicious code in microsoft-intern (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c76fef60970c2425861b091261e48ec2af3bdc12e417f67947c92aad28107c73 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4587 Malicious code in microsoft-intern (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c76fef60970c2425861b091261e48ec2af3bdc12e417f67947c92aad28107c73 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @fbsystem/figma-intern-shell (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89d273e9459a52f8724d5b65339a1a5e171ff28e3f44bba89b71c6ffdd0c5142 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in figma-intern-shell (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 30dc54296ac108766caff8eb4c2dbe81d1423412a122036236997a553b5e949d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3029 Malicious code in figma-intern-shell (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 30dc54296ac108766caff8eb4c2dbe81d1423412a122036236997a553b5e949d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
An Alleged Russian Spy Was Busted Trying to Intern at The Hague
Plus: Firefox adds new privacy protections, a big Intel and AMD chip flaw, and more of the week’s top security news...
CVE-2021-28037
An issue was discovered in the internment crate before 0.4.2 for Rust. There is a data race that can cause memory corruption because of the unconditional implementation of Sync for Intern...
Intern<T>: Data race allowed on T
Affected versions of this crate unconditionally implements Sync for Intern. This allows users to create data race on T: !Sync, which may lead to undefined behavior for example, memory corruption. The flaw was corrected in commit 2928a87 by adding the trait bound T: Sync in the Sync impl of Intern...
RUSTSEC-2021-0036 Intern<T>: Data race allowed on T
Affected versions of this crate unconditionally implements Sync for Intern. This allows users to create data race on T: !Sync, which may lead to undefined behavior for example, memory corruption. The flaw was corrected in commit 2928a87 by adding the trait bound T: Sync in the Sync impl of Intern...
SolarWinds Blames Intern for 'solarwinds123' Password Lapse
As cybersecurity researchers continue to piece together the sprawling SolarWinds supply chain attack, top executives of the Texas-based software services firm blamed an intern for a critical password lapse that went unnoticed for several years. The said password "solarwinds123" was originally...
SolarWinds Blames Intern for 'solarwinds123' Password Lapse
As cybersecurity researchers continue to piece together the sprawling SolarWinds supply chain attack, top executives of the Texas-based software services firm blamed an intern for a critical password lapse that went unnoticed for several years. The said password "solarwinds123" was originally...
Rust Competition Condition Problem Vulnerability
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. crate through 2020-05-28 for Rust A security vulnerability exists that stems from ArcIntern::drop having a race condition that results in free after use...
@dojo/cli-test-intern (>=0.1.0 <=2.0.0-beta3.1), elstr-jslib (>=3.0.18 <=3.0.47) +25 more potentially affected by CVE-2019-10744 via lodash-amd (>=2.4.1 <=4.16.4)
lodash-amd NPM version =2.4.1, =0.1.0, =3.0.18, =0.4.0, =4.1.1, =0.1.11, =3.4.0, =0.0.1, =0.7.1, =0.1.1, =0.2.5, =0.0.3, =0.1.10, =0.1.6, =0.1.1, =0.1.4 and more Source cves: CVE-2019-10744 Source advisory: OSV:GHSA-JF85-CPCP-J695...
FTPShell Server 6.83 - Virtual Path Mapping Local Buffer
FTPShell Server 6.83 - Virtual Path Mapping Local Buffer !/usr/bin/python Exploit Title: FTP Shell Server 6.83 'Virtual Path Mapping' Buffer Overflow Date: 09-04-2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: http://www.ftpshell.com/index.htm Version: 6.83 Software Link :...
CVE-2018-15861
Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash NULL pointer dereference the xkbcommon parser by supplying a crafted keymap file that triggers an xkbinternatom failure...
webworksmd.com XSS vulnerability
Open Bug Bounty ID: OBB-592296 Description| Value ---|--- Affected Website:| webworksmd.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Facebook Fired An Intern After He Exposes How to Track Users' Location
Previously, we posted about a privacy issue in Facebook messenger; Aran Khanna, a Harvard University student, discovered ‘A Marauder’s Map’ that could sense and give the geolocations of your friends on the messenger. Khanna had received an opportunity to work as an intern for Facebook… …But desti...
Info-ZIP UnZip Out-of-Bounds Write Denial of Service Vulnerability
Info-ZIP UnZip is a decompression software. An out-of-bounds write vulnerability in Info-ZIP UnZip "unix/unix.c:charsettointern" allows an attacker to construct a malicious file and trick the user into parsing it, which can crash the application...
Netcraft Toolbar 1.8.1 - Remote Code Execution Exploit
No description provided by source. !-- Title: Netcraft Toolbar 1.8.1 Remote Code Execution Exploit Date: Nov 23, 2010 Author: Rew Email: rew splat leethax.info Link: http://toolbar.netcraft.com/install/Netcraft%20Toolbar.msi Version: 1.8.1 Tested on: WinXP - IE 6 CVE: NA 0day This object is NOT...
Twitter Vine app hacked by 16 year old Web developer
Recently Twitter has rolled out Vine app for Android, A new way to share video on twitter. The free app, which enables people to record and share clips of up to six seconds with other Vine users as well as on Twitter and Facebook. But on the very next day, Twitter's video-sharing application Vine...