Source Code for CARBANAK Banking Malware Found On VirusTotal

Security researchers have discovered the full source code of theCarbanak malware—yes, this time it's for real. Carbanak—sometimes referred as FIN7, Anunak or Cobalt—is one of the most full-featured, dangerous malware that belongs to an APT-style cybercriminal group involved in several attacks...

CARBANAK Week Part One: A Rare Occurrence

It is very unusual for FLARE to analyze a prolifically-used, privately-developed backdoor only to later have the source code and operator tools fall into our laps. Yet this is the extraordinary circumstance that sets the stage for CARBANAK Week, a four-part blog series that commences with this...

Iranian Cyberespionage Tools Leaked Online

The source code of a set of Iranian cyberespionage tools was leaked online...

[SECURITY] Fedora 30 Update: libdparse-0.9.9-7.fc30

Library for lexing and parsing D source code...

CVE-2018-13378

An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code...

TomTom: Exposed Git Repo at http://betaforum.tomtom.com/.git/{subfolders}

Dear Security team, I found a git repository on http://betaforum.tomtom.com/.git. This endpoint allows an attacker to retrieve much of the source code and git history for this service which could potentially reveal sensitive information, it all depends what is stored there. Example: 1...

CVE-2018-13378

An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code...

CVE-2018-13378

An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code...

[SECURITY] Fedora 29 Update: checkstyle-8.0-4.1.fc29

A tool for checking Java source code for adherence to a set of rules...

Fedora Update for checkstyle FEDORA-2019-a3f67e2364

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 28 Update: checkstyle-8.0-4.1.fc28

A tool for checking Java source code for adherence to a set of rules...

Magento 2 SQL Injection

SQL Injection vulnerability in Magento 2 Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

NSA Releases GHIDRA Source Code — Free Reverse Engineering Tool

Update 4/4/2019 — Great news. NSA today finally released the complete source code for GHIDRA version 9.0.2 which is now available on its Github repository. GHIDRA is agency's home-grown classified software reverse engineering tool that agency experts have been using internally for over a decade t...

NSA Releases GHIDRA Source Code — Free Reverse Engineering Tool

Update 4/4/2019 — Great news. NSA today finally released the complete source code for GHIDRA version 9.0.2 which is now available on its Github repository. GHIDRA is agency's home-grown classified software reverse engineering tool that agency experts have been using internally for over a decade t...

Mail.ru: Source code disclosure

PHP configuration file was available for download on few terrhq.ru subdomains...

FortiSIEM LDAP server password reflected in admin portal

An information exposure vulnerability in the admin portal of FortiSIEM may allow an authenticated admin to retrieve the LDAP server password via the HTML source code. This could potentially aggravate attacks targeting the authenticated admin session, should they exist XSS, social engineering, pro...

CVE-2017-18365

The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a...

Deserialization of untrusted data

The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a...

i-doit 1.12 - qr.php Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: i-doit 1.12 Cross Site Scripting on qr.php file Software Link: https://www.i-doit.org/ Version: 1.12 Exploit Author: BlackFog Team Contact: email protected Website: https://securelayer7.net Category: webapps Tested on: Firefox i...

Fat Free CRM 0.19.0 - HTML Injection

Exploit Title: Fat Free CRM v0.19.0 - HTML Injection Date: 2019-03-20 Exploit Author: Ismail Tasdelen Vendor Homepage: http://www.fatfreecrm.com/ Source Code : https://github.com/fatfreecrm Software : Fat Free CRM Product Version: v0.19.0 Vulnerability Type : Code Injection Vulnerability : HTML...