Malicious code in oxapi-documentations-build-script (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73a4b93506ed9613d0dc79b64c9183d2d4eb31b8e8844fa464f8483bd30dbd76 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5164 Malicious code in oxapi-documentations-build-script (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73a4b93506ed9613d0dc79b64c9183d2d4eb31b8e8844fa464f8483bd30dbd76 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

buffer_overflow

This is a repository for a buffer overflow assignment, specifically targeting six vulnerable programs. The repository contains the source code for the vulnerable programs, as well as a Makefile and a Python script for building and testing the exploits. The vulnerable programs are written in C and...

Cryptominers Slither into Python Projects in Supply-Chain Campaign

A group of cryptominers was found to have infiltrated the Python Package Index PyPI, which is a repository of software code created in the Python programming language. Similar to other repositories like GitHub, npm and RubyGems, PyPI is part of the software supply chain. It offers a place where...

Unauthorised Modification

pgpverify-maven-plugin allows unauthorized modification. An attacker is able to push base repository or access secrets by checking out and running build script from a fork the untrusted code is running in an environment...

browser_pwn

This repository is an offensive tool for browser exploitation. It contains a proof-of-concept PoC exploit for a vulnerability in the V8 JavaScript engine, which is used by Google Chrome and other browsers. The exploit targets a vulnerability in the V8 engine that allows for type confusion attacks...

IBM Cúram Social Program Management Cross-Site Scripting Vulnerability (CNVD-2020-59038)

IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A cross-site scripting vulnerability exists in IBM Cúram Social Program Management that stems from an OOTB build script...

UBUNTU-CVE-2020-11986

To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis o...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an offensive tool for creating vulnerable environments based on Docker-Compose. The primary CVE ID is not explicitly stated, but the tool is designed to create vulnerable environments for various vulnerabilities, including CVE-2016-9086, CVE-2017-1000353, CVE-2018-1000006, and others. The...

Whonix v15 - Anonymous Operating System

Whonix is an operating system focused on anonymity, privacy and security. It’s based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user’s real IP. Whonix consists of two parts: One...

Code injection

Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. It has been included in release branches since 1.3.x, up to and including master. This server will accept connections from external hosts by default. A...

Mail.ru: Найден build.sh в webagent.mail.ru

Source code of build script for web application was available for download. It could leak some non-sensitive information on internal build processes and configurations...

SuSE 10 Security Update : build (ZYPP Patch Number 7372)

The build script uses cpio to extract untrusted rpm packages for bootstrapping virtual machines. cpio is not safe to use for this task, therefore the build script now uses bsdtar instead. CVE-2010-4226 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C...

CVE-2009-2697

The Red Hat build script for the GNOME Display Manager GDM before 2.16.0-56 on Red Hat Enterprise Linux RHEL 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079...

Design/Logic Flaw

A certain Red Hat build script for nfs-utils before 1.0.9-35z.el52 on Red Hat Enterprise Linux RHEL 5 omits TCP wrappers support, which might allow remote attackers to bypass intended access restrictions...

openoffice.org: insecure relative RPATH in OOo 1.1.x packages

Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org OOo 1.1.x on Red Hat Enterprise Linux RHEL 3 and 4 allows local users to gain privileges via a malicious library in the current working directory, related to incorrect quoting of the ORIGIN symbol for use in...