20 matches found
EUVD-2024-35254
Malicious code in bioql PyPI...
CVE-2024-35237
MIT IdentiBot is an open-source Discord bot written in Node.js that verifies individuals' affiliations with MIT, grants them roles in a Discord server, and stores information about them in a database backend. A vulnerability that exists prior to commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e...
CVE-2024-21663 Remote code execution on ReconServer due to improper input sanitization on the prips command
Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability h...
Trellix HAX 2023 Capture the Flag Results!
Trellix HAX 2023 Capture the Flag Results! By Mark Bereza · March 17, 2023 This story was also written by Jesse Chick. All good things must come to an end, and our annual CTF is unfortunately no exception. When this competition began, we asked each of you to try your hand at 12 new challenges –...
Trellix HAX 2023 Capture the Flag Results!
Trellix HAX 2023 Capture the Flag Results! By Mark Bereza · March 17, 2023 This story was also written by Jesse Chick. All good things must come to an end, and our annual CTF is unfortunately no exception. When this competition began, we asked each of you to try your hand at 12 new challenges –...
Trellix HAX 2023 CTF Competition
Trellix HAX 2023 CTF Competition Now Open for Registration! By Mark Bereza · February 17, 2023 This story was also written by John Dunlap. Introduction Trellix’s Advanced Research Center is happy to announce the launch of Trellix HAX 2023, our third annual capture the flag CTF competition! With 1...
Raspberry Robin Worm Evolves to Attack Financial and Insurance Sectors in Europe
Financial and insurance sectors in Europe have been targeted by the Raspberry Robin worm, as the malware continues to evolve its post-exploitation capabilities while remaining under the radar. "What is unique about the malware is that it is heavily obfuscated and highly complex to statically...
LofyGang Distributed ~200 Malicious NPM Packages to Steal Credit Card Data
Multiple campaigns that distributed trojanized and typosquatted packages on the NPM open source repository have been identified as the work of a single threat actor dubbed LofyGang. Checkmarx said it discovered 199 rogue packages totaling thousands of installations, with the group operating for...
Kali Linux 2022.3 - Penetration Testing and Ethical Hacking Linux Distribution
Time for another Kali Linux release! – Kali Linux 2022.3. This release has various impressive updates. The highlights for Kali’s 2022.3’s release: Discord Server - Kali’s new community real-time chat option has launched! Test Lab Environment - Quickly create a test bed to learn, practice, and...
Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers
A new Golang-based peer-to-peer P2P botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022. Dubbed Panchan by Akamai Security Research, the malware "utilizes its built-in concurrency features to maximize spreadability and execute malware...
GHSA-7P79-6X2V-5H88 Server crash if running Python 3.10 w/ Sanic 20.12
!!! ONLY APPLIES TO VERSIONS PRIOR TO Sanic v20.12 WHEN USING Python 3.10 !!! Sanic v20.12 officially supports Python versions 3.6, 3.7, 3.8, and 3.9. However, if you accidentally run it with version 3.10 which is not supported by Sanic 20.12, your server is prone to crashing on an incoming web...
Design/Logic Flaw
x26-Cogs is a repository of cogs made by Twentysix for the Red Discord bot. Among these cogs is the Defender cog, a tool for Discord server moderation. A vulnerability in the Defender cog prior to version 1.10.0 allows users with admin privileges to issue commands as other users who share the sam...
Keksec Cybergang Debuts Simps Botnet for Gaming DDoS
A recently developed botnet named “Simps” has emerged from the cyber-underground to carry out distributed denial-of-service DDoS attacks on gaming targets and others, using internet of things IoT nodes. It’s part of the toolset used by the Keksec cybercrime group, researchers said. According to t...
iSH - Linux Shell For iOS
A project to get a Linux shell running on iOS, using usermode x86 emulation and syscall translation. For the current status of the project, check the issues tab, and the commit logs. App Store page TestFlight beta Discord server Wiki with help and tutorials README in Chinese may be out of date, i...
Unauthorized privilege escalation in Mod module
Impact An unauthorized privilege escalation exploit has been discovered in the Mod module: this exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific condition that is beyond that user's control. By abusing this...
GHSA-MP9M-G7QJ-6VQR Unauthorized privilege escalation in Mod module
Impact An unauthorized privilege escalation exploit has been discovered in the Mod module: this exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific condition that is beyond that user's control. By abusing this...
GHSA-7257-96VG-QF6X Remote Code Execution in Red Discord Bot
Impact A RCE exploit has been discovered in the Streams module: this exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's going live message. By abusing this exploit, it's possible to perform destructive actions and/or access...
Remote Code Execution in Red Discord Bot
Impact A RCE exploit has been discovered in the Streams module: this exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's going live message. By abusing this exploit, it's possible to perform destructive actions and/or access...
GHSA-55J9-849X-26H4 Remote Code Execution in Red Discord Bot
Impact A RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive...
Remote Code Execution in Red Discord Bot
Impact A RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive...