EUVD-2009-1175

Malware in sbrugna...

EUVD-2010-3974

Malware in sbrugna...

Banshee Stealer Hits macOS Users via Fake GitHub Repositories

SUMMARY Cybersecurity researchers at Check Point detected a new version of Banshee Stealer in late September 2024, distributed…...

New Banshee Stealer Variant Bypasses Antivirus with Apple's XProtect-Inspired Encryption

Cybersecurity researchers have uncovered a new, stealthier version of a macOS-focused information-stealing malware called Banshee Stealer. "Once thought dormant after its source code leak in late 2024, this new iteration introduces advanced string encryption inspired by Apple's XProtect," Check...

What is known about the Spoofing – Windows MSHTML Platform (CVE-2024-43573) vulnerability from the October Microsoft Patch Tuesday?

What is known about the Spoofing - Windows MSHTML Platform CVE-2024-43573 vulnerability from the October Microsoft Patch Tuesday? In fact, just that it is being exploited in the wild. There are no write-ups or public exploits yet. The Acknowledgements section in the Microsoft bulletin is empty. I...

PT-2024-6158

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Description The issue is related to a Windows MSHTML platform spoofing vulnerability, which allows attackers to execute arbitrary code remotely. This vulnerability has been exploited by the...

New Banshee Stealer Targets 100+ Browser Extensions on Apple macOS Systems

Cybersecurity researchers have uncovered new stealer malware that's designed to specifically target Apple macOS systems. Dubbed Banshee Stealer, it's offered for sale in the cybercrime underground for a steep price of $3,000 a month and works across both x8664 and ARM64 architectures. "Banshee...

Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida Stealer

An advanced persistent threat APT group called Void Banshee has been observed exploiting a recently disclosed security flaw in the Microsoft MHTML browser engine as a zero-day to deliver an information stealer called Atlantida. Cybersecurity firm Trend Micro, which observed the activity in mid-Ma...

CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks

Our threat hunters discovered CVE-2024-38112, which was used as a zero-day by APT group Void Banshee, to access and execute files through the disabled Internet Explorer using MSHTML. We promptly identified and reported this zero-day vulnerability to Microsoft, and it has been patched...

SUSE CVE-2005-4791

Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LDLIBRARYPATH, which might allow local users to execute arbitrary code via 1 liferea or 2 banshee...

SUSE CVE-2009-1175

Cross-site scripting XSS vulnerability in apps/web/vsdiag.cgi in the DAAP extension in Banshee 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the server parameter, which is not properly handled in an error message...

SUSE CVE-2010-3998

The 1 banshee-1 and 2 muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: Banshee might also be affected using GSTPLUGINPATH...

North Korean Hackers Found Behind a Range of Credential Theft Campaigns

A threat actor with ties to North Korea has been linked to a prolific wave of credential theft campaigns targeting research, education, government, media and other organizations, with two of the attacks also attempting to distribute malware that could be used for intelligence gathering. Enterpris...

CVE-2009-1175

Cross-site scripting XSS vulnerability in apps/web/vsdiag.cgi in the DAAP extension in Banshee 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the server parameter, which is not properly handled in an error message...

Bansee 2.6.2 Buffer Overflow

''' Title: ==== Banshee 2.6.2 Local Buffer Overflow Vulnerability Credit: ====== Name: Ilca Lucian Contact: [email protected] [email protected] CVE: ===== Unknown for moment Product: ======= Play your music and videos. Keep up with your podcasts and Internet radio. Discover new music and...

Banshee 2.6.2 - .mp3 Crash (PoC)

Banshee 2.6.2 - .mp3 Crash PoC ''' Title: ==== Banshee 2.6.2 Local Buffer Overflow Vulnerability Credit: ====== Name: Ilca Lucian Contact: [email protected] [email protected] CVE: ===== Unknown for moment Product: ======= Play your music and videos. Keep up with your podcasts and Internet...

Banshee 2.6.2 - '.mp3' Crash (PoC)

Exploit for linux platform in category dos / poc ''' Title: ==== Banshee 2.6.2 Local Buffer Overflow Vulnerability Credit: ====== Name: Ilca Lucian Contact: email protected email protected CVE: ===== Unknown for moment Product: ======= Play your music and videos. Keep up with your podcasts and...

Banshee 2.6.2 - '.mp3' Crash (PoC)

''' Title: ==== Banshee 2.6.2 Local Buffer Overflow Vulnerability Credit: ====== Name: Ilca Lucian Contact: [email protected] [email protected] CVE: ===== Unknown for moment Product: ======= Play your music and videos. Keep up with your podcasts and Internet radio. Discover new music and...

Gentoo Security Advisory GLSA 201402-05

Gentoo Linux Local Security Checks GLSA 201402-05 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Banshee 1.4.2 DAAP Extension 'apps/web/vs_diag.cgi' Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34507/info Banshee DAAP Extension is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...