4422 matches found
What’s New for Developers: February 2022
A lot has happened since we published our January recap blog. Akamai launched a new documentation site on readme.io, we started a new season of Terraform Tapas, and we saw many amazing contributions from our Developer Champions...
QA Report
LOW : 1. Title : permitAndMulticall can be frontrun, that will lead to the user must reasign the TX Impact : In the permitAndMulticall it takes from as a user input, since all tx in the blockchain is public, a malicious user might frontrun the permitAndMulticall and providing 0 data, which will...
Chain-Reactor - An Open Source Framework For Composing Executables That Simulate Adversary Behaviors And Techniques On Linux Endpoints
Chain Reactor is an open-source tool for testing detection and response coverage on Linux machines. The tool generates executables that simulate sequences of actions like process creation and network connection. Chain Reactor assumes no prior engineering experience; the tool consumes JSON, so...
rubygem-rdoc: Command injection vulnerability in RDoc
An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc...
rubygem-rdoc: Command injection vulnerability in RDoc
An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc...
WordPress Perfect Survey 1.5.1 SQL Injection
Exploit Title: WordPress Plugin Perfect Survey - 1.5.1 - SQLi Unauthenticated Date 18.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.getperfectsurvey.com/ Software Link:...
WordPress Perfect Survey Plugin - 1.5.1 - SQL injection (Unauthenticated) Exploit
Exploit Title: WordPress Plugin Perfect Survey - 1.5.1 - SQLi Unauthenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.getperfectsurvey.com/ Software Link: https://web.archive.org/web/20210817031040/https://downloads.wordpress.org/plugin/perfect-survey.1.5.1.zip Version:...
WordPress Plugin Perfect Survey - 1.5.1 - SQLi (Unauthenticated)
Exploit Title: WordPress Plugin Perfect Survey - 1.5.1 - SQLi Unauthenticated Date 18.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.getperfectsurvey.com/ Software Link:...
CVE-2017-3169
creationtimestamp| type| source ---|---|--- 2022-02-18 16:23:37+00:00| seen| https://t.me/cyberdenteam/354 2022-05-26 12:11:54+00:00| seen| MISP/3f589c9c-5ae5-4393-be12-fb2ebb8ebd1e...
rubygem-rdoc: Command injection vulnerability in RDoc
An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc...
Cloudsploit - Cloud Security Posture Management (CSPM)
Quick Start Generic $ git clone https://github.com/aquasecurity/cloudsploit.git $ cd cloudsploit $ npm install $ ./index.js -h Docker $ git clone https://github.com/aquasecurity/cloudsploit.git $ cd cloudsploit $ docker build . -t cloudsploit:0.0.1 $ docker run cloudsploit:0.0.1 -h $ docker run -...
CVE-2022-24975
The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option...
CVE-2022-24975
Technical details about CVE-2022-24975 are not publicly provided in the supplied documents. No vendor/product/version specifics or fixes are described here. Monitor for updates from official advisories.
Insecure template handling in Express-handlebars
Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential...
Welcome to Akamai TechDocs
We're pleased to announce the launch of Akamai’s brand-new documentation site: techdocs.akamai.com. Powered by ReadMe, our new site offers intuitive and interactive content designed to help you get the most out of your Akamai products...
Security Bulletin: Vulnerabilities in Apache Log4j affect IBM Spectrum Control (CVE-2021-45105, CVE-2021-45046)
Summary There are two vulnerabilities in Apache Log4j: denial of service CVE-2021-45105 and remote code execution CVE-2021-45046. These vulnerabilities may affect IBM Spectrum Control due to its use of Log4j for logging, tracing, alerting, and the local help documentation. The fix includes Apache...
CVE-2021-46360
creationtimestamp| type| source ---|---|--- 2022-02-09 16:12:48+00:00| seen| https://t.me/cibsecurity/37053 2023-03-25 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/51060 2024-01-08 12:52:34+00:00| seen| https://t.me/arpsyndicate/2640...
[SECURITY] Fedora 34 Update: kernel-tools-5.16.5-100.fc34
This package contains the tools/ directory from the kernel source and the supporting documentation...
[SECURITY] Fedora 35 Update: kernel-tools-5.16.5-200.fc35
This package contains the tools/ directory from the kernel source and the supporting documentation...
Fedora: Security Advisory for kernel-tools (FEDORA-2022-57fd391bf8)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...