1529 matches found
phpmyfaq -- multiple vulnerabilities
phpmyfaq developers report: Multiple XSS vulnerabilities...
Hackers Using Golang Variant of Cobalt Strike to Target Apple macOS Systems
A Golang implementation of Cobalt Strike called Geacon is likely to garner the attention of threat actors looking to target Apple macOS systems. That's according to findings from SentinelOne, which observed an increase in the number of Geacon payloads appearing on VirusTotal in recent months...
MAL-2023-8591 Malicious code in pywool (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 1ba602a97accda8e614fcf38d1af1cb7f1878bf2bd450b21f1be16a4c260123a Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...
MAL-2023-451 Malicious code in flying_pusher (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9091b084b192777c6cbacc1b67d67b879e2cdceda2b68082e975394f648cac68 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...
MAL-2023-167 Malicious code in cfa-styleguide (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 5562a6cb1d5f239216be52c28e8d316e8ffe0f490d11978863202a6fcfcbe8bc Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...
MAL-2023-575 Malicious code in maddy_test (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx edb288f616afccdf20ab32d24f5f0616b0b2b91bcdb3d8f0d8bd60e1adbe6b0a Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...
MAL-2023-8041 Malicious code in zmsqlite3 (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0c536bdeaf8a35a5a0507e07124cd43448dffc1c837cd5b585df38848bdd5bed Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
UBUNTU-CVE-2023-32216
Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...
bumsys 安全漏洞
bumsys is an open source project called Business Management System by unilogies individual developers. A security vulnerability exists in versions of bumsys prior to 2.1.1, which stems from an api processing endpoint that is allowed to contain local files that can be used to cause remote code...
bumsys 安全漏洞
bumsys is an open source project called Business Management System by unilogies individual developers. A security vulnerability exists in versions of bumsys prior to 2.2.0, which originates from an externally controlled file name or path...
Important: libwebp security update
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format RIFF. Webmasters, web...
forum-java 跨站脚本漏洞
forum-java is a Chinese Qbian individual developers with Java spring boot implementation of a modern community forum / Q&A / BBS / social network / blog system platform. A security vulnerability exists in Qbian61 forum-java, which stems from a cross-site scripting XSS vulnerability that allows an...
MAL-2023-8030 Malicious code in mpc-ap-styles (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3560796a4ad8974d74c898770846effa03442b79adace2bbc4679dc402afe911 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
What’s New for Developers: April 2023
...
Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages
Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The sophisticated typosquatting campaign, which was uncovered by JFrog late last month,...
CVE-2023-29192
SilverwareGames.io versions before 1.2.19 allow users with access to the game upload panel to edit download links for games uploaded by other developers. This has been fixed in version 1.2.19...
SilverwareGames.io 安全漏洞
Silverware Games SilverwareGames.io is an online game site from Silverware Games, Inc. A security vulnerability exists in SilverwareGames.io prior to version 1.2.19, which originated from a vulnerability that allows users to access the game upload panel and edit the download links of games upload...
Matrix clients -- Prototype pollution in matrix-js-sdk
Matrix developers report: Today we are issuing security releases of matrix-js-sdk and matrix-react-sdk to patch a pair of High severity vulnerabilities CVE-2023-28427 / GHSA-mwq8-fjpf-c2gr for matrix-js-sdk and CVE-2023-28103 / GHSA-6g43-88cp-w5gv for matrix-react-sdk. The issues involve prototyp...
What’s New for Developers: March 2023
...
Updated firefox packages fix security vulnerability
Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash CVE-2023-25751. When accessing throttled streams, the count of available bytes needed to be checked in the calling...