PT-2024-37827 · Delphix · Delphix Data Control Tower

Name of the Vulnerable Software and Affected Versions: Delphix Data Control Tower DCT versions prior to 19.0.0 Description: A flaw in Delphix Data Control Tower results in broken authentication through the enable-scale-testing functionality of the application. Recommendations: For versions prior ...

Malicious code in route-search (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2c63ae8357166fc3afca468347faccce408b6ad59df7d33f958dc0b4f593b598 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in this-is-poc-fortesting-dontinstall-12345 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6731f0b45ddfd51d7b4ede3181c38007a58a01e569b13d867b987cd9487ee472 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2024-12357 Malicious code in szn-url (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8dbd5099f883c22c11b6c3e27f199e23751f72efa73b3aac476a63ab17dda5dd Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in google-cloud-datacatalog-lineage-producer-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 73ea760146181d2911e0823c121502506892b2e63d3fc20d6281fb2c86e03de8 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in ceiec (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d5cf3c4a49bc4c150ae7b4c95975b54be29f9c7b2ec4951a9c1d9e846f15e85d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2024-12317 Malicious code in oe-extract-idss (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2371553e5caae552a4c2fabb7f8d616fde924ba3f292bbc4073715251602efa8 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in lacucaracha (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d1051a6089333b59d0a35994cfda71ccb3984a5809cd82168072b041fda74082 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2024-12311 Malicious code in netsec-monitor (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d53ca1631ad5169910977a710485caa2e85f057cba20a5d29bdcaeccda0cf4f9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2024-12284 Malicious code in hello-world-installer-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 aef5897e3e41898c7d14d6acf00254f63adbd159b1a9cc9adba26603edee668c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6 Types of Applications Security Testing You Must Know About

Application security testing is a critical component of modern software development, ensuring that applications are robust and resilient against malicious attacks. As cyber threats continue to evolve in complexity and frequency, the need to integrate comprehensive security measures throughout the...

Vulnerability of the .NET software platform and Microsoft Visual Studio, a development environment for software applications. This vulnerability arises due to insufficient testing of input data, allowing attackers to trigger system failures.

The vulnerability of the .NET software platform and the Microsoft Visual Studio development environment exists due to insufficient testing of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

SUSE-SU-2024:2574-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.15.1: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass bsc1227560 - CVE-2024-22020: Fixed a bypass of network import restriction via data URL bsc1227554 - CVE-2024-22018: Fixed fs.lstat bypasses permission model bsc1227562 -...

MAL-2024-12285 Malicious code in hexteamibm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7e39a6455fe7cac6fa055a3c30ea55393ca098996f1497564f4aefb6f907805a --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, researc...

The vulnerability of the Outside In Core component within Oracle’s software development kit (SDK) allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Outside In Core component in Oracle’s software development toolset SDK exists due to insufficient testing of input data. Exploiting this vulnerability could allow attackers to compromise the confidentiality, integrity, and accessibility of protected information...

The vulnerability of the Outside In Core component within Oracle’s software development kit (SDK) allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Outside In Core component in Oracle’s software development kit SDK exists due to insufficient testing of input data. Exploiting this vulnerability could allow attackers to compromise the confidentiality, integrity, and accessibility of protected information...

The vulnerability of the Outside In Core component within Oracle’s software development kit (SDK) allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Outside In Core component in Oracle’s software development toolset SDK exists due to insufficient testing of input data. Exploiting this vulnerability could allow attackers to compromise the confidentiality, integrity, and accessibility of protected information...

CVE-2024-41111 BishopFox Sliver Authenticated Remote Code Execution

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 prerelease is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user...

IoT-vulnerable

It is an IoT device vulnerability testing framework. The target...

Oracle Enterprise Manager Cloud Control (Jul 2024 CPU)

The 13.5.0.0 versions of Enterprise Manager Base Platform installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory. - Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Install Apach...