This Week in Spring - April 18th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! This week, I just returned from Western Europe for Devoxx FR Paris and Kotlin Conf Amsterdam. I went home, saw my family, did some laundry, and then turned right back around to head to Chicago, Illinois, for a special joint...

Researchers Warn of New Phishing-as-a-Service Being Used by Cyber Criminals

Cyber criminals are using a previously undocumented phishing-as-a-service PhaaS toolkit called Caffeine to effectively scale up their attacks and distribute nefarious payloads. "This platform has an intuitive interface and comes at a relatively low cost while providing a multitude of features and...

caffeine-ng (>=3.3.1 <=3.3.6), openhub (>=0.0.10 <=0.0.204) +2 more potentially affected by CVE-2019-12761 via pyxdg (=0.25.0)

pyxdg PYPI version =0.25.0 is affected by a known vulnerability. The following packages have a transitive dependency on pyxdg and may be impacted: - caffeine-ng =3.3.1, =0.0.10, =0.0.2, =0.0.352 - rawdisk =0.2.1 Source cves: CVE-2019-12761 Source advisory: OSV:GHSA-R6V3-HPXJ-R8RV...

caffeine-ng (>=3.3.1 <=3.3.6), openhub (>=0.0.10 <=0.0.204) +2 more potentially affected by CVE-2019-12761 via pyxdg (=0.25.0)

pyxdg PYPI version =0.25.0 is affected by a known vulnerability. The following packages have a transitive dependency on pyxdg and may be impacted: - caffeine-ng =3.3.1, =0.0.10, =0.0.2, =0.0.352 - rawdisk =0.2.1 Source cves: CVE-2019-12761 Source advisory: OSV:PYSEC-2019-199...

Unsafe Dependency Resolution

Amendment This was deemed not a vulnerability. Overview com.github.ben-manes.caffeine:caffeine is a caching library for Java 8. Affected versions of this package are vulnerable to Unsafe Dependency Resolution due to resolving dependencies over an insecure channel http. If the build occurred over ...

caffeine-ng (>=3.3.1 <=3.3.6), openhub (>=0.0.10 <=0.0.204) +2 more potentially affected by CVE-2019-12761 via pyxdg (=0.25.0)

pyxdg PYPI version =0.25.0 is affected by a known vulnerability. The following packages have a transitive dependency on pyxdg and may be impacted: - caffeine-ng =3.3.1, =0.0.10, =0.0.2, =0.0.352 - rawdisk =0.2.1 Source cves: CVE-2019-12761 Source advisory: SNYK:PYTHON-PYXDG-174562...

Linux Kernel Stack Infoleaks Vulnerability

No description provided by source. //Enjoy... // //-Dan / You've done it. After hours of gdb and caffeine, you've finally got a shell on your target's server. Maybe next time they will think twice about running MyFirstCompSciProjectFTPD on a production machine. As you take another sip of Mountain...

caffeine-ng (>=3.3.1 <=3.3.6), openhub (>=0.0.10 <=0.0.204) +2 more potentially affected by CVE-2014-1624 via pyxdg (=0.25.0)

pyxdg PYPI version =0.25.0 is affected by a known vulnerability. The following packages have a transitive dependency on pyxdg and may be impacted: - caffeine-ng =3.3.1, =0.0.10, =0.0.2, =0.0.352 - rawdisk =0.2.1 Source cves: CVE-2014-1624 Source advisory: OSV:PYSEC-2014-95...

apache mod rewrite exploit (win32)

No description provided by source. / apache mod rewrite exploit win32 By: fabio/b0x oc-192, old CoTS member Vuln details: http://www.securityfocus.com/archive/1/archive/1/443870/100/0/threaded Code: bind shell on port 4445, tested on apache 2.0.58 with modrewrite windows 2003...