CVE-2021-23397

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. Maintainer suggests using @generates/merger instead...

CVE-2021-23397

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. Maintainer suggests using @generates/merger instead...

Information disclosure

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. Maintainer suggests using @generates/merger instead...

CVE-2021-23397 Prototype Pollution

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. Maintainer suggests using @generates/merger instead...

CVE-2021-23397

CVE-2021-23397 affects all versions of @ianwalter/merge and enables Prototype Pollution via the main merge function. Root cause: unsafe recursive merge can copy a proto property from a polluted source, enabling prototype contamination and potential remote code execution or DoS, as described in co...

CVE-2021-23397

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main merge function. Maintainer suggests using @generates/merger instead...

PT-2022-9397 · Npm · @Ianwalter/Merge +1

Name of the Vulnerable Software and Affected Versions: @ianwalter/merge versions all Description: The issue concerns Prototype Pollution via the main merge function. The maintainer suggests using @generates/merger instead, as @ianwalter/merge is deprecated. Recommendations: For all versions,...

What the Norton-Avast Merger Means for Cybersecurity

Recently two consumer cybersecurity vendors merged their respective businesses, what will the impact be on customers, and the cybersecurity industry?...

Prototype Pollution

Overview @ianwalter/merge is a Recursively merge JavaScript Objects Affected versions of this package are vulnerable to Prototype Pollution via the main merge function. Maintainer suggests using @generates/merger instead. PoC const merge = require'@ianwalter/merge'; let obj = ; console.log"Before...

Prototype Pollution in generates/generates

Description @generates/merger is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var merger = require"@generates/merger" const paylo...

First-Ever Russian BEC Gang, Cosmic Lynx, Uncovered

Researchers say they have discovered the first-ever reported Russian business email compromise BEC cybercriminal ring, showing that sophisticated attackers beyond the usual Nigerian scammers are setting their sights on the email-based attack vector. The BEC gang is called Cosmic Lynx, and has bee...

The Next Chapter in Our Story: VMware + Carbon Black

I am excited to share with you a significant milestone in Carbon Black’s history. Earlier today, Carbon Black entered into a merger with VMware, who as of moments ago announced its intention to acquire Carbon Black. You can also read the press release with more details here, but first I’d like to...

Marriott Hit With $123M Fine For Massive 2018 Data Breach

The U.K.’s privacy watchdog is hitting Marriott International with a $123 million £99 million penalty stemming from its 2018 data breach of more than 383 million guest records. The Tuesday fine is issued by the Information Commissioner’s Office ICO and comes only a day after the organization...

DyMerge - Dynamic Dictionary Merger

A simple, yet powerful tool - written purely in python - which takes given wordlists and merges them into one dynamic dictionary that can then be used as ammunition for a successful dictionary based or bruteforce attack. Compatible with Python 2.6+. Author: Nikolaos Kamarinakis nikolaskama.me...

Mp3 Cutter & Merger - Dangerous filesystem permissions, Dynamic Code Loading, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application Mp3 Cutter & Merger published at the 'play' market has multiple vulnerabilities...

Aviv Raff on the Evolution of Exploit Kits

In this video, via Kaspersky’s Lab Matters, Ryan Naraine and Seculert’s Aviv Raff discuss the evolution of exploit kits and the recent merger of Spyeye and Zeus...

Mandriva Update for apache MDVSA-2011:057 (apache)

Check for the Version of apache OpenVAS Vulnerability Test Mandriva Update for apache MDVSA-2011:057 apache Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Mandriva Linux Security Advisory : apache (MDVSA-2011:057)

The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module apache-mpm-itk for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by...

CVE-2011-1176

The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileg...

Design/Logic Flaw

The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileg...