Malicious code in webpack-dev-server.legacy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 85cd0dbb01e0045658eb423c4580a09f07f36ce5af1689227f99e72348cda4a6 The OpenSSF Package Analysis project identified 'webpack-dev-server.legacy' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

MAL-2023-1343 Malicious code in webpack-dev-server.legacy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 85cd0dbb01e0045658eb423c4580a09f07f36ce5af1689227f99e72348cda4a6 The OpenSSF Package Analysis project identified 'webpack-dev-server.legacy' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

dev-rana.webloftnordland.no Cross Site Scripting vulnerability OBB-3279260

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware

Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks that are designed to deliver Cl0p and LockBit ransomware families. The tech giant's threat intelligence team is attributing a subset of the intrusions to a financially motivated actor it tracks under the...

EulerOS Virtualization 2.9.1 : multipath-tools (EulerOS-SA-2023-1643)

According to the versions of the multipath-tools packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction...

kernel: memory corruption in usbmon driver

An out-of-bounds memory write flaw in the Linux kernel’s USB Monitor component was found in how a user with access to the /dev/usbmon can trigger it by an incorrect write to the memory of the usbmon. This flaw allows a local user to crash or potentially escalate their privileges on the system...

(Almost) Arbitary File Read on Development Server

Description I previously disclosed an arbitrary file read due to Vite misconfiguration. This is a similar vulnerability with less impact. Proof of Concept Start any nuxt app in dev. Browse to: + http://localhost:3000/\nuxtvitenode\/module/C:/Windows/System32/calc.exe +...

Actors, Threats and Vulnerabilities 10 April to 16 April 2023

For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, they identified a total of nine attacks that were executed...

WordPress Forminator Plugin <= 1.22.1 is vulnerable to Broken Access Control

Software Forminator Type Plugin Vulnerable versions = 1.22.1 Fixed in 1.23.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Medium CVSS severity Medium 5.4 Developer WPMU DEV PSID 38229dd9fbd0 Credits Unknown Required privilege Subscriber...

WordPress Hummingbird Plugin < 3.4.2 is vulnerable to Path Traversal

Software Hummingbird Type Plugin Vulnerable versions 3.4.2 Fixed in 3.4.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Path Traversal CVE CVE-2023-1478 Patch priority High CVSS severity High 8.6 Developer WPMU DEV PSID 237afa7a6db1 Credits Karol Mazurek AFINE Required privilege...

Snapchat: internal dev tokens disclosure

Sensitive internal development information was inadvertently disclosed in the commits history of the open-source project Keydb, which was made public by Snapchat. This included a Personal Access Token PAT used for GitHub authentication, which could have been exploited by malicious actors...

Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise

The Iranian nation-state group known as MuddyWater has been observed carrying out destructive attacks on hybrid environments under the guise of a ransomware operation. That's according to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor targeting both...

Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise

The Iranian nation-state group known as MuddyWater has been observed carrying out destructive attacks on hybrid environments under the guise of a ransomware operation. That's according to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor targeting both...

MERCURY and DEV-1084: Destructive attack on hybrid environment

April 2023 update – Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. MERCURY is now tracked as Mango Sandstorm and DEV-1084 is now tracked as Storm-1084. To learn more about the new taxonomy represents the origin, unique traits,...

Multiple XSS in Create/Update Funtion Version 1.4.3 and 1.5.0-dev.2

Description Stored XSS on create/update service, categories, settings. I was test on 1.4.3 demo site and 1.5.0-dev2 Proof of Concept Install\ I install from develope branch. When finish install footer display version v1.5.0-dev.2\ The time I run and commit below on image is the latest\ \ webUI\ ...

Stack overflow

A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdmacm device node. While this access is unlikely to leak sensitive user information, it can be...

bsv-wasm (>=0.0.0 <=1.2.0-beta.3), cargo-screeps (>=0.3.3 <=0.4.0) +11 more potentially affected by unknown CVE via openssl (>=0.10.22 <=0.10.40)

openssl CARGO version =0.10.22, =0.0.0, =0.3.3, =0.6.25, =0.1.24, =0.1.22, =0.1.24, =0.1.0, =0.10.4, =0.10.3, =0.21.0 - roaring-landmask =0.4.0 - twetch-sdk =0.0.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0024...

bsv-wasm (>=0.0.0 <=1.2.0-beta.3), cargo-screeps (>=0.3.3 <=0.4.0) +11 more potentially affected by unknown CVE via openssl (>=0.10.22 <=0.10.40)

openssl CARGO version =0.10.22, =0.0.0, =0.3.3, =0.6.25, =0.1.24, =0.1.22, =0.1.24, =0.1.0, =0.10.4, =0.10.3, =0.21.0 - roaring-landmask =0.4.0 - twetch-sdk =0.0.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0023...

@web-desktop-environment/development-edition-server (>=0.0.4 <=1.0.2), @web-desktop-environment/pack-dev (>=1.0.1 <=1.0.2) potentially affected by CVE-2023-26114 via code-server (>=3.12.0 <=3.9.3)

code-server NPM version =3.12.0, =0.0.4, =1.0.1, =1.0.2 Source cves: CVE-2023-26114 Source advisory: OSV:GHSA-FRJG-G767-7363...

dev-smt.netstream.ch Cross Site Scripting vulnerability OBB-3229774

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...