EUVD-2021-30849

Malicious code in bioql PyPI...

RUSTSEC-2024-0353 Refs and paths with reserved Windows device names access the devices

Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...

HrServ – Previously unknown web shell used in APT attack

Introduction In the course of our routine investigation, we discovered a DLL file, identified as hrserv.dll, which is a previously unknown web shell exhibiting sophisticated features such as custom encoding methods for client communication and in-memory execution. Our analysis of the sample led t...

Breaking the Chain of Data Access: The Importance of Separating Human and Application Users

Data, the lifeblood of any organization, relies on the database as its beating heart. As a result, businesses invest heavily in designing and monitoring all access to it. In traditional literature, there are two types of users: administrative users, who manage the entire lifecycle of a database...

CVE-2022-2941

The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the "Naming Conventions" section do not properly sanitize user input, nor escape it on output. This makes it possible...

CVE-2022-2941

The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the "Naming Conventions" section do not properly sanitize user input, nor escape it on output. This makes it possible...

PT-2022-19583 · WordPress · Wp-Useronline

Name of the Vulnerable Software and Affected Versions: WP-UserOnline plugin for WordPress versions up to, and including 2.88.0 Description: The issue is due to the lack of proper sanitization and escaping of user input in the "Naming Conventions" section, allowing authenticated attackers with...

Remote Code Execution

fapolicyd is vulnerable to remote code execution. The build script misdetects the run time linker due to the improper naming conventions which causes the ldso pattern matcher to not work correctly, resulting in remote code execution vulnerability...

CVE-2021-43988

The affected product is vulnerable to a network-based attack by threat actors utilizing crafted naming conventions of files to gain unauthorized access rights...

Design/Logic Flaw

The affected product is vulnerable to a network-based attack by threat actors utilizing crafted naming conventions of files to gain unauthorized access rights...

CVE-2021-43988 ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform

The affected product is vulnerable to a network-based attack by threat actors utilizing crafted naming conventions of files to gain unauthorized access rights...

PT-2022-11967 · Fanuc · Roboguide

Name of the Vulnerable Software and Affected Versions: Product affected versions not specified Description: The issue allows threat actors to gain unauthorized access rights through a network-based attack by utilizing crafted naming conventions of files. Recommendations: At the moment, there is n...

The APT Name Game: How Grim Threat Actors Get Goofy Monikers

What’s in a name? When it comes to advanced persistent threat groups, it is often quite a bit. While their monikers’ may seem whimsical – Fancy Bear, Nomadic Octopus, Ocean Lotus and Darkhotel – the reality is these are not arbitrary names. In fact, many are similar to schoolyard nicknames or a...

Slither - Static Analyzer For Solidity

Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code...

Service Bulletin 130: Updated File Naming Conventions for FTP

Abstract Direct this service bulletin to the persons at customer locations who are responsible for opening Problem Management Reports PMRs for the TPF products. This bulletin expands on information distributed in Service Bulletin 84: File Naming Conventions for FTP and Service Bulletin 112: New F...

Citrix App layering: Recipe for USB Drivers With VMWARE Horizon View 5.X

Overview The purpose is to explain a process for getting USB Hardware related device drivers working in a Unidesk Layer in conjunction with software application that may require peripheral device support. Tested Devices This document utilize these kinds of devices in our testing: Dell USB Laser...

Citrix App Layering: Recipe IBM SPSS 21

Licensing Considerations The following information should be discussed with your IBM licensing contacts: Concurrent user network licensing for IBM SPSS packages. Usage of SPSS in a virtualized environment requires a licensing “addendum” and further cost. A physical server with current Java versio...

Yes, My Name is ||

Different cultures and nationalities have different naming conventions; I came from a one that led me to face the universe with a personal name "Or". I fact, my name has different meanings in different languages. In English the meaning of "Or" is function word that indicate alternatives and in...

PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability

PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability Description: BEA Plumtree portal is vulnerable to a internal hostname disclosure vulnerability. The internal hostname of the server hosting BEA Plumtree portal is always included at the bottom of every requested HTML page...