37 matches found
Malicious code in chance-wallet-store (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d85a9403800e2e220d731d72ebdea79ce768447496cd8fc4950a4b9a3cfb016 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in chance-soluble-pot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e72fe04093a4e8d8a198297d7eaccaf8d3c943350fa66080bc6a0de0e0d0b3f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-82542
Malicious code in chance-wallet-store npm...
EUVD-2025-82543
Malicious code in chance-soluble-pot npm...
WordPress Tailored Tools plugin <= 1.8.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by CTRL - Chance Patchstack Alliance in WordPress Plugin Tailored Tools versions = 1.8.4...
CVE-2024-45272 MB connect line/Helmholz: Generation of weak passwords vulnerability
An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost...
CVE-2024-29209
The CVE-2024-29209/29210 family concerns Phish Alert Button (PAB) for Outlook and related KnowBe4 clients. Technical details across connected records show: attack via update mechanism (CVE-2024-29209) where the client fails to validate the update server’s TLS/SSL and ignores digital signatures, e...
CVE-2024-29210
CVE-2024-29210 describes a local privilege escalation in Phish Alert Button for Outlook (PAB) caused by insecure permissions on the configuration file (update server URL). An unprivileged local user can modify the configuration to point updates to a malicious server, enabling LPE in conjunction w...
CVE-2024-27009 s390/cio: fix race condition during online processing
In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix race condition during online processing A race condition exists in ccwdevicesetonline that can cause the online process to fail, leaving the affected device in an inconsistent state. As a result, subsequent attempts...
Vault.sponsor may take away the prize chance from the receiver.
Lines of code Vulnerability details Impact TwabController.delegateBalance is related to the probability to get the prize, and Vault.sponsor can make the others' delegateBalance to 0. A malicious user can send a small amount of assets to every depositor and be the only prize taker. Proof of Concep...
OpenAI Launches ChatGPT Bug Bounty Program – Earn $200 to $20k
By Waqas Do you have the skills to take part in OpenAI's ChatGPT Bug Bounty Program? If so, here is your chance to earn big bucks. This is a post from HackRead.com Read the original post: OpenAI Launches ChatGPT Bug Bounty Program - Earn $200 to $20k...
PT-2023-1365 · Tenable · Tenable.Sc +2
Name of the Vulnerable Software and Affected Versions: Tenable Nessus, tenable.io, tenable.sc affected versions not specified Description: A potential privilege escalation issue was identified internally, which could allow a malicious actor with sufficient permissions to modify environment...
PT-2022-22442 · Laravel · Laravel
Name of the Vulnerable Software and Affected Versions: Laravel version 5.1 Description: The issue is related to a remote code execution vulnerability in the ChanceGenerator component via the call function. This allows for potential exploitation. Recommendations: For Laravel version 5.1, at the...
chance-song.net Cross Site Scripting vulnerability OBB-2407754
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Turla APT Plants Novel Backdoor In Wake of Afghan Unrest
The Turla advanced persistent threat APT group is back with a new backdoor used to infect systems in Afghanistan, Germany and the U.S., researchers have reported. On Tuesday, Cisco Talos researchers said that they’ve spotted infections they attributed to the Turla group aka Snake, Venomous Bear,...
Exploit for CVE-2020-1472
ZeroLogon testing script A Python script that uses the Impack...
Exploit for CVE-2020-1472
ZeroLogon testing script A Python script that uses the Impack...
FreeCommander XE 2020 Pathname Buffer Overflow Exploit
!/usr/bin/python Exploit Title: FreeCommander XE 2020 - Pathname Buffer Overflow SEH Version: Build 810a 32-bit Software Link: https://freecommander.com/downloads/FreeCommanderXE-32-publicsetup.zip Exploit Author: Hodorsec email protected / email protected Vendor Homepage:...
michigan.secondchancebonuszone.com XSS vulnerability
Vulnerable URL: https://michigan.secondchancebonuszone.com/goldenticket/feedback.php/%22onmouseover%3d'prompt/OPENBUGBOUNTY/'bad%3d%22 Details: Description| Value ---|--- Patched:| Yes, at 17.10.2017 Latest check for patch:| 17.10.2017 14:03 GMT Vulnerability type:| XSS Vulnerability status:|...
Sure Thing Disc Labeler 6.2.138.0 - Buffer Overflow (PoC) Exploit
Exploit for windows platform in category dos / poc Exploit Title: Sure Thing Disc Labeler - Stack Buffer Overflow PoC Date: 5-19-17 Exploit Author: Chance Johnson email protected Vendor Homepage: http://www.surething.com/ Software Link: http://www.surething.com/disclabeler Version: 6.2.138.0 Test...