MAL-2026-4606 Malicious code in martinez-polygon-clipping-tony (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dabf04b2f99e28eb10740bd7459bf64513fac98a064b60071b1e7aabf8674dd0 Package name impersonates the legitimate martinez-polygon-clipping library: README, badges, and API surface are copied verbatim, while repository...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not properly determining the user-space replication environment, which could lead to incorrect handling...

CVE-2024-52301

Laravel is a web application framework. When the registerargcargv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28,...

CVE-2024-52301 Laravel allows environment manipulation via query string

Laravel is a web application framework. When the registerargcargv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28,...

CVE-2024-52301

CVE-2024-52301 affects the Laravel framework. When the PHP directive register_argc_argv is on, a crafted query string can alter the request-handling environment on non-cli SAPIs. This article notes the fix: Laravel now ignores argv values for environment detection on non-cli SAPIs, and the vulner...

Identity Threat Detection and Response Solution Guide

The Emergence of Identity Threat Detection and Response Identity Threat Detection and Response ITDR has emerged as a critical component to effectively detect and respond to identity-based attacks. Threat actors have shown their ability to compromise the identity infrastructure and move laterally...

FIN7 Hackers Using Windows 11 Themed Documents to Drop Javascript Backdoor

A recent wave of spear-phishing campaigns leveraged weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript implant, against a point-of-sale PoS service provider located in the U.S. The attacks, which are believed to have taken...

Increased Use of WMI for Environment Detection and Evasion

Introduction Throughout the past few months, FireEye Labs has observed an increased use of Windows Management Instrumentation WMI queries for environment detection and evasion of dynamic analysis and virtualization engines. WMI provides high-level interaction with Windows objects using C/C++,...

Increased Use of WMI for Environment Detection and Evasion

Introduction Throughout the past few months, FireEye Labs has observed an increased use of Windows Management Instrumentation WMI queries for environment detection and evasion of dynamic analysis and virtualization engines. WMI provides high-level interaction with Windows objects using C/C++,...

Linux Gather Virtual Environment Detection

This module attempts to determine whether the system is running inside of a virtual environment and if so, which one. This module supports detection of Hyper-V, VMWare, VirtualBox, Xen, Bhyve and QEMU/KVM. This module requires Metasploit: https://metasploit.com/download Current source:...

Innovation factory security po information disclosure vulnerability A and solution-vulnerability warning-the black bar safety net

Brief description: CDN most afraid of leaking the user's original server address, once leaked, the so-called security services is non-existent. Safe treasure the presence of multiple information disclosure vulnerabilities, the first report of the series! Detailed description: Information disclosu...

Design/Logic Flaw

Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors...

CVE-2010-4802

Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors...