Lucene search
K

72 matches found

Talos Blog
Talos Blog
added 2022/10/04 12:51 p.m.15 views

Developer account body snatchers pose risks to the software supply chain

Over the past several years, high-profile software supply chain attacks have increased in frequency. These attacks can be difficult to detect and source code repositories became a key focus of this research. Developer account takeovers present a substantial risk to the software supply chain becau...

Exploits0
NVD
NVD
added 2022/07/14 6:15 p.m.24 views

CVE-2022-22460

IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. IBM X-Force ID: 225013...

7.5CVSS0.00623EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/07/14 5:40 p.m.23 views

CVE-2022-22460

IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. IBM X-Force ID: 225013...

3CVSS7.2AI score0.00623EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/07/14 12:0 a.m.4 views

IBM Security Verify Identity Manager 安全漏洞

IBM Security Verify Identity Manager is a security verification identity manager from IBM USA. A security vulnerability exists in IBM Security Verify Identity Manager version 10.0 that originates from the inclusion of sensitive information in the source code repository...

7.5CVSS5.6AI score0.00623EPSS
Exploits0References3
Code423n4
Code423n4
added 2022/05/08 12:0 a.m.14 views

PermissionlessBasicPoolFactory\addPool() doesn’t check whether pool.excessBeneficiary is address(0)

Lines of code Vulnerability details Impact In PermissionlessBasicPoolFactory\addPool, it doesn’t check whether pool.excessBeneficiary is address0. Therefore, when doing withdrawExcessRewards. IERC20pool.rewardTokensi.transferpool.excessBeneficiary, rewards always revert. Proof of Concept...

6.8AI score
Exploits0
Kitploit
Kitploit
added 2022/04/27 12:30 p.m.72 views

O365-Doppelganger - A Quick Handy Script To Harvest Credentials Off Of A User During A Red Team And Get Execution Of A File From The User

O365-Doppelganger is NOT a replacement for hardcore phishing activities. There are several other tools which perform OAuth and OTA capture which is not the aim of O365-Doppelganger. O365-Doppelganger is a quick handy script to harvest credentials of a user during Red Teams. This repository is a...

7.5AI score
Exploits0References3
ThreatPost
ThreatPost
added 2021/12/27 6:57 p.m.111 views

The 5 Most-Wanted Threatpost Stories of 2021

As 2021 draws to a close, and the COVID-19 pandemic drags on, it’s time to take stock of what resonated with our 1 million+ monthly visitors this year, with an eye to summing up some hot trends gleaned from looking at the most-read stories on the Threatpost site. While 2020 was all about...

10CVSS10AI score0.99999EPSS
Exploits349References40
Fedora
Fedora
added 2021/10/29 11:22 p.m.17 views

[SECURITY] Fedora 35 Update: libopenmpt-0.5.12-1.fc35

libopenmpt is a cross-platform C++ and C library to decode tracked music files modules into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project Open ModPlug Tracker. In order to avoid code base fragmentation, libopenmpt is developed in the same source code...

2AI score
Exploits0
Fedora
Fedora
added 2021/10/16 8:46 p.m.28 views

[SECURITY] Fedora 33 Update: libopenmpt-0.4.24-1.fc33

libopenmpt is a cross-platform C++ and C library to decode tracked music files modules into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project Open ModPlug Tracker. In order to avoid code base fragmentation, libopenmpt is developed in the same source code...

2AI score
Exploits0
Fedora
Fedora
added 2021/09/24 8:36 p.m.17 views

[SECURITY] Fedora 35 Update: libopenmpt-0.5.11-1.fc35

libopenmpt is a cross-platform C++ and C library to decode tracked music files modules into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project Open ModPlug Tracker. In order to avoid code base fragmentation, libopenmpt is developed in the same source code...

2AI score
Exploits0
Fedora
Fedora
added 2021/05/06 1:3 a.m.13 views

[SECURITY] Fedora 34 Update: libopenmpt-0.5.8-1.fc34

libopenmpt is a cross-platform C++ and C library to decode tracked music files modules into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project Open ModPlug Tracker. In order to avoid code base fragmentation, libopenmpt is developed in the same source code...

2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/04/29 12:49 p.m.208 views

5 Ways Your Software Supply Chain is Out to Get You, Part 4: Dependency Confusion

Previously, we discussed how three kinds of supply chain attack methods, Vendor Compromise, Exploit Third Party Applications, and Exploit Open Source Libraries are threatening software supply chains, passing risk downstream to the organizations and users that trust and depend on them. In this...

0.4AI score
Exploits0
Fedora
Fedora
added 2021/04/10 11:6 p.m.47 views

[SECURITY] Fedora 33 Update: libopenmpt-0.4.19-1.fc33

libopenmpt is a cross-platform C++ and C library to decode tracked music files modules into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project Open ModPlug Tracker. In order to avoid code base fragmentation, libopenmpt is developed in the same source code...

2AI score
Exploits0
Fedora
Fedora
added 2021/04/06 12:17 a.m.19 views

[SECURITY] Fedora 34 Update: libopenmpt-0.5.7-1.fc34

libopenmpt is a cross-platform C++ and C library to decode tracked music files modules into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project Open ModPlug Tracker. In order to avoid code base fragmentation, libopenmpt is developed in the same source code...

2AI score
Exploits0
Kitploit
Kitploit
added 2021/02/15 11:30 a.m.64 views

OSV - Open Source Vulnerability DB And Triage Service

OSV is a vulnerability database and triage infrastructure for open source projects aimed at helping both open source maintainers and consumers of open source. For open source maintainers, OSV's automation helps reduce the burden of triage. Each vulnerability undergoes automated bisection and impa...

7.3AI score
Exploits0References4
ThreatPost
ThreatPost
added 2021/01/22 6:35 p.m.59 views

Discord-Stealing Malware Invades npm Packages

Three malicious software packages have been published to npm, a code repository for JavaScript developers to share and reuse code blocks. The packages represent a supply-chain threat given that they may be used as building blocks in various web applications; any applications corrupted by the code...

0.00836EPSS
Exploits0References11
Akamai Blog
Akamai Blog
added 2020/06/19 7:15 p.m.23 views

DNS as Code

Infrastructure as Code IaC and Continuous Delivery methods have become increasingly popular amongst development and operations teams as a means of maintaining high-performing websites. Code repositories, build servers, and configuration management systems are now industry standards, as these tool...

0.3AI score
Exploits0
OpenVAS
OpenVAS
added 2020/05/20 12:0 a.m.33 views

Cherokee Web Server <= 1.2.104 Multiple Vulnerabilities

Cherokee Web Server is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

7.9AI score
Exploits0References2
Hacker One
Hacker One
added 2019/12/31 7:33 a.m.43 views

Rocket.Chat: API Keys Hardcoded in Github repository

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to verify and then potentially issue a bounty, so be sure to take your time filling out the report! Summary: API Keys is ha...

7AI score
Exploits0
Gitee
Gitee
added 2019/10/16 9:23 a.m.5 views

commix

This is an automated tool called Commix, written by Anastasios Stasinopoulos, that can be used to test web-based applications for command injection vulnerabilities. The tool is designed to be used by web developers, penetration testers, or security researchers. It is available on GitHub and can b...

7.7AI score
Exploits0
Rows per page
Query Builder