KONGA elevation of privilege vulnerability

KONGA is a full-featured open source, multi-user GUI from Dutch individual developer Panagis Tselentis. version 0.14.9 of KONGA contains an elevation of privilege vulnerability that could be exploited by attackers to gain full administrative access...

QingScan 跨站脚本漏洞

QingScan is a batch vulnerability mining tool by a Chinese daxia individual developer. It is used to glue various good scanners. There is a security vulnerability in QingScan 1.3.0, there is no information about the vulnerability at the moment, please feel free to pay attention to CNNVD or vendor...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android, which stems from a lack of privilege checks in Traceur that could bypass developer setup requirements to capture system traces. An attacker could exploi...

Design/Logic Flaw

A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user typically a developer manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2...

An update on Java 17+ adoption

As a follow-up to my blog post from last years SpringOne, it is time for an update on our Java 17+ baseline efforts! We established the new baseline on our main branches, with a few milestones out already. The feedback has been very positive, not only in terms of framework improvements but also i...

Security Bulletin: NVIDIA CUDA Toolkit - March 2022

NVIDIA has released a software update for NVIDIA® CUDA® Toolkit software. This update addresses security issues that may lead to code execution, denial of service, or information disclosure. To protect your system, download and install this software update from the CUDA Toolkit Downloads page. Go...

Ostorlab - A Security Scanning Platform That Enables Running Complex Security Scanning Tasks Involving Multiple Tools In An Easy, Scalable And Distributed Way

The Sales Pitch If this is the first time you are visiting the Ostorlab Github page, here is the sales pitch. Security testing requires often chaining tools together, taking the output from one, mangling it, filtering it and then pushing it to another tool. Several tools have tried to make the...

Marky 注入漏洞

Marky is a Markdown editor by Alessandro Arnodo, a Swiss individual developer. Marky suffers from an injection vulnerability that allows an attacker to execute arbitrary code by injecting a carefully crafted attack payload...

KLA12529 Type confusion vulnerability in Microsoft Developer Tools

Type confusion vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to cause denial of service. Original advisories CVE-2022-1096 Exploitation Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details. Relate...

A Bootiful Podcast: Event streaming guru Jan Svoboda on Apache Kafka Design Patterns

Hi, Spring fans! In this installment Josh Long @starbuxman talks to event streaming guru at Confluent, the company behind Apache Kafka, Jan Svoboda about Apache Kafka design patterns. Kafka summit in London Europe end of April 2022 Kafka Summit London 2022 | April 25-26 | London, UK the Confluent...

A new rootkit comes to an ATM near you

Its not unusual to hear about malware created to affect automated teller machines ATMs. Malware can be planted at the ATMs PC or its network, or attackers could launch a Man-in-the-Middle MiTM attack. Recently, a new rootkit, which the Mandiant Advanced Practices team have named CAKETAP, was foun...

'CryptoRom' Crypto Scam Abusing iPhone Features to Target Mobile Users

Social engineering attacks leveraging a combination of romantic lures and cryptocurrency fraud have been deceiving unsuspecting victims into installing fake apps by taking advantage of legitimate iOS features like TestFlight and Web Clips. Cybersecurity company Sophos, which has named the organiz...

CVE-2022-24072

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool...

F*EX 代码注入漏洞

FEX is a Perl-based HTTP file exchange service from the individual developer sahwar in Bulgaria. A security vulnerability exists in FEX that allows eval injection for unauthenticated remote code execution...

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 7 and IBM® Runtime Environment Java™ Version 7 used by Rational Business Developer. Rational Business Developer has provided a fix for the applicable CVE. This issue was disclosed as part of the IBM Java SDK and Runtim...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and 8 and IBM® Runtime Environment Java™ Version 7 and 8 used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of t...

Codecat v0.56 - An Open-Source Tool To Help You Find/Track User Input Sinks And Security Bugs Using Static Code Analysis

CodeCat is an open-source tool to help you find/track user input sinks and security bugs using static code analysis. These points follow regex rules. Current rules for C,C++,GO,Python,javascript,Swift,PHP,Ruby,ASP,Kotlin,Dart and Java.you can create your rules video How too install, step by step:...

KLA12474 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Visual Studio Code can be...

Vulnerabilities fixed in Microsoft Developer Tools

Vulnerabilities have been fixed in Microsoft Developer Tools products. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Spoofing In order to exploit these vulnerabilities, a...

Simple Real Estate Portal System SQL Injection Vulnerability

Simple Real Estate Portal System is a real estate portal system from Carlo Montero's personal developer.Simple Real Estate Portal System is vulnerable to SQL injection and no detailed vulnerability details are available at this time...