SVG Loader Cross-Site Scripting Vulnerability

SVG Loader is a simple JS library that uses XHR to fetch SVG and injects SVG code into the location of the tag. A cross-site scripting vulnerability exists in SVG Loader version 1.6.8 and prior versions, which stems from insufficient input cleanup logic and can be easily bypassed...

NixImports - A .NET Malware Loader, Using API-Hashing To Evade Static Analysis

A .NET malware loader, using API-Hashing and dynamic invoking to evade static analysis How does it work? NixImports uses my managed API-Hashing implementation HInvoke, to dynamically resolve most of it's called functions at runtime. To resolve the functions HInvoke requires two hashes the typeHas...

Integer Overflow

libcaca.so is vulnerable to Integer Overflow. The vulnerability exists because the function cacadither in dither.c does not allocate a proper size of memory for the w and h parameters in the BMP loader, causing an integer overflow for 24bpp data...

GHSA-5R27-RW8R-7967 import-in-the-middle has unsanitized user controlled input in module generation

Impact The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. It allows for remote code execution in cases where an application passes user-supplied input directly to an import...

Input validation

import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for...

CVE-2023-38704 import-in-the-middle allows unsanitized user controlled input in module generation

import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for...

CVE-2023-38704 import-in-the-middle allows unsanitized user controlled input in module generation

import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for...

CVE-2023-38704 import-in-the-middle allows unsanitized user controlled input in module generation

import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for...

Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems

Threat actors are using an open-source rootkit called Reptile to target Linux systems in South Korea. "Unlike other rootkit malware that typically only provide concealment capabilities, Reptile goes a step further by offering a reverse shell, allowing threat actors to easily take control of...

What’s happening in the world of crimeware: Emotet, DarkGate and LokiBot

Introduction The malware landscape keeps evolving. New families are born, while others disappear. Some families are short-lived, while others remain active for quite a long time. In order to follow this evolution, we rely both on samples that we detect and our monitoring efforts, which cover...

PT-2023-26537 · Unknown +2 · Helix Core +3

Name of the Vulnerable Software and Affected Versions: helix-core versions prior to 1.3.0 helix-rest versions prior to 1.3.0 Description: An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize...

AZL-40910 CVE-2022-28737 affecting package shim-unsigned-aarch64 for versions less than 15.8-3

There's a possible overflow in handleimage when shim tries to load and execute crafted EFI executables; The handleimage function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code...

UBUNTU-CVE-2022-28736

There's a use-after-free vulnerability in grubcmdchainloader function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If a...

WordPress WP FOFT Loader Plugin < 2.1.29 is vulnerable to Cross Site Scripting (XSS)

Software WP FOFT Loader Type Plugin Vulnerable versions 2.1.29 Fixed in 2.1.29 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ef74a92e3a5f Credits Rafie Muhammad Patchstack Require...

CustomerLoader Disseminating Diverse Malware Payloads

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A covert .NET loader, known as CustomerLoader, was specifically designed to facilitate the retrieval, deciphering, and activation of subsequent payloads. Throughout the early days of June 2023, various...

Chinese Hackers Deploy Microsoft-Signed Rootkit to Target Gaming Sector

Cybersecurity researchers have unearthed a novel rootkit signed by Microsoft that's engineered to communicate with an actor-controlled attack infrastructure. Trend Micro has attributed the activity cluster to the same actor that was previously identified as behind the FiveSys rootkit, which came ...

Hunting for A New Stealthy Universal Rootkit Loader

In this entry, we discuss the findings of our investigation into a piece of a signed rootkit, whose main binary functions as a universal loader that enables attackers to directly load a second-stage unsigned kernel module...

The vulnerability of the software file loading function in OMICARD EDM ITPison allows a perpetrator to load any files they desire.

The vulnerability of the software file loading function in OMICARD EDM ITPison involves unlimited loading of dangerous types of files. Exploiting this vulnerability allows a remote attacker to load any files they desire...

Malicious code in bernie-plugin-ads-loader-script (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 83e103eb1b7d3a9fd0472fb99351cf0a76fe9da9bbfc65b0eb31f78cd762ce53 The OpenSSF Package Analysis project identified 'bernie-plugin-ads-loader-script' @ 1.0.0 npm as malicious. It is considered malicious because: ...

MAL-2023-1122 Malicious code in bernie-plugin-ads-loader-script (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 83e103eb1b7d3a9fd0472fb99351cf0a76fe9da9bbfc65b0eb31f78cd762ce53 The OpenSSF Package Analysis project identified 'bernie-plugin-ads-loader-script' @ 1.0.0 npm as malicious. It is considered malicious because: ...