Wallarm Webinar: NIST CSF 2.0, API Security, and CISO Imperatives

Last week, our good friend Raj Umadas, Director of Security at ActBlue, teamed up with our very own Tim Erlin, Head of Product, to talk about the newly proposed NIST Cybersecurity Framework CSF. It was a fantastic discussion covering the intent behind this update, the major changes from v1.1 to...

DRUPAL-CONTRIB-2023-041

This module makes PatternLab's custom Twig functions available to Drupal theming. The module's included examples don't sufficiently filter data. This vulnerability is mitigated by the fact that the included examples must have been copied to a site's theme...

cn.leancloud:filter-service-core (>=1.9 <=1.13), cn.leancloud:filter-service-metrics (>=1.9 <=1.13) +348 more potentially affected by CVE-2023-38493 via com.linecorp.armeria:armeria (>=0.50.0 <=1.24.2)

com.linecorp.armeria:armeria MAVEN version =0.50.0, =1.9, =1.9, =0.3.1, =0.3.1, =0.3.1, =0.2.0, =0.13.0, =0.19.0, =0.0.1, =0.0.1, =0.0.2, =0.0.1, =0.0.1, =0.0.2, =0.0.1, =0.0.3 and more Source cves: CVE-2023-38493 Source advisory: OSV:GHSA-WVP2-9PPW-337J...

net.sansa-stack:sansa-examples-spark_2.12 (>=0.8.0-RC3 <=0.8.7), net.sansa-stack:sansa-inference-spark_2.12 (>=0.8.0-RC3 <=0.8.7) +4 more potentially affected by CVE-2023-22665 +1 more via org.apache.jena:jena (>=4.4.0 <=4.8.0)

org.apache.jena:jena MAVEN version =4.4.0, =0.8.0-RC3, =0.8.0-RC3, =0.8.0-RC3, =0.8.0-RC3, =0.8.0-RC3, =0.8.0-RC3, =0.8.7 Source cves: CVE-2023-22665, CVE-2023-32200 Source advisory: OSV:GHSA-J927-W6G7-7C7W...

Microsoft Windows PowerShell Remote Command Execution Exploit

This python script mints a .ps1 file with an exploitable semicolon condition that allows for command execution from Microsoft Windows PowerShell. This is an updated exploit to work with Python3. from base64 import b64encode import argparse,sys,os PSTrojanFile.py By hyp3rlinx c 2023 ApparitionSec...

openSUSE 15 Security Update : qt6-svg (openSUSE-SU-2023:0111-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2023:0111-1 advisory. - In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont munitsPerEm initialization is mishandled...

com.adendamedia:cornucopia_2.11 (>=0.5.0 <=0.6.2), com.deciphernow:franz_2.11 (=1.0.0) +17 more potentially affected by CVE-2023-29471 via com.typesafe.akka:akka-stream-kafka_2.11 (>=0.11-M2 <=0.22)

com.typesafe.akka:akka-stream-kafka2.11 MAVEN version =0.11-M2, =0.5.0, =2.0.5, =0.1.3, =1.0.0, =1.2.0, =1.2.0, =1.2.0, =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.4.9, =1.4.15 - de.nierbeck.floating.data:akka-ingest2.11 =0.1.1 - de.nierbeck.floating.data:akka-server2.11 =0.1.1 and more Source cves:...

Debian dla-3355 : libxapian-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3355 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3355-1 [email protected] https://www.debian.org/lts/security/...

Cross site scripting

A vulnerability was found in qt-users-jp silk 0.0.1. It has been declared as problematic. This vulnerability affects unknown code of the file contents/root/examples/header.qml. The manipulation of the argument model.key/model.value leads to cross site scripting. The attack can be initiated...

SUSE CVE-2007-3383

Cross-site scripting XSS vulnerability in SendMailServlet in the examples web application examples/jsp/mail/sendmail.jsp in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, relat...

Exploit for Cleartext Storage of Sensitive Information in Keepass

PoCCVE-2023-24055 How to run ? Edit the $User var in th...

A Guide to Phishing Attacks

This is a good list of modern phishing techniques...

Exploit for Cleartext Storage of Sensitive Information in Keepass

CVE-2023-24055 POC and Scanner for CVE-2023-24055 Use at your...

Exploring the Vulnerabilities of Seaport: A Technical Analysis of a Fake Signature Attack on Non-Fungible Tokens

Lines of code Vulnerability details Impact This finding aims to provide a comprehensive analysis of the sc4m trend, which emerged in August 2022, and has since been a prevalent issue in the WEB3 space. Despite efforts to combat this phenomenon, bad actors continue to engage in illicit activities,...

PT-2023-10198 · Foxoverflow · Mysimplifiedsql

Name of the Vulnerable Software and Affected Versions: foxoverflow MySimplifiedSQL affected versions not specified Description: A problematic issue has been found in foxoverflow MySimplifiedSQL, affecting the processing of the file MySimplifiedSQL Examples.php. The manipulation of the...

CVE-2022-48197

Reflected cross-site scripting XSS exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2022-48197

Reflected cross-site scripting XSS exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2022-48197

Reflected cross-site scripting XSS exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

UBUNTU-CVE-2022-48197

Reflected cross-site scripting XSS exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

PT-2023-15613 · Yui2 · Yui2

Name of the Vulnerable Software and Affected Versions: YUI2 affected versions not specified Description: Reflected cross-site scripting XSS exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component, and the YUI Javascript library overall are not affected...