Lucene search
K

155 matches found

Schneier on Security
Schneier on Security
added 2023/08/04 9:7 p.m.21 views

Friday Squid Blogging: 2023 Squid Oil Global Market Report

I had no idea that squid contain sufficient oil to be worth extracting. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.9AI score
Exploits0
0day.today
0day.today
added 2023/07/28 12:0 a.m.235 views

Keeper Security desktop 16.10.2 & Browser Extension 16.5.4 - Password Dumping Exploit

Exploit Title: Keeper Security desktop 16.10.2 & Browser Extension 16.5.4 - Password Dumping Google Dork: NA Date: 22-07-2023 Exploit Author: H4rk3nz0 Vendor Homepage: https://www.keepersecurity.com/enGB/ Software Link: https://www.keepersecurity.com/enGB/get-keeper.html Version: Desktop App...

5.5CVSS5.6AI score0.00734EPSS
Exploits3
Kitploit
Kitploit
added 2023/06/22 12:30 p.m.28 views

EndExt - Go Tool For Extracting All The Possible Endpoints From The JS Files

EndExt is a .go tool for extracting all the possible endpoints from the JS files Idea When you crawll all the JS files from waybackruls for example, or even collecting the JS files urls from your target website's home source page .. If the website was using API system and you wanna look for all t...

7.2AI score
Exploits0References1
The Hacker News
The Hacker News
added 2023/04/05 12:36 p.m.33 views

Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks

An unknown threat actor used a malicious self-extracting archive SFX file in an attempt to establish persistent backdoor access to a victim's environment, new findings from CrowdStrike show. SFX files are capable of extracting the data contained within them without the need for dedicated software...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/05 12:36 p.m.3 views

Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks

An unknown threat actor used a malicious self-extracting archive SFX file in an attempt to establish persistent backdoor access to a victim's environment, new findings from CrowdStrike show. SFX files are capable of extracting the data contained within them without the need for dedicated software...

7.3AI score
Exploits0
OSV
OSV
added 2023/03/30 8:16 p.m.73 views

GHSA-7X45-PHMR-9WQP Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location

Summary An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip variant. Details Unpacking files using the...

8.5CVSS8.7AI score0.00883EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.3 views

SUSE CVE-2022-30973

We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only...

5.9CVSS7.2AI score0.01858EPSS
Exploits0References6
Veracode
Veracode
added 2022/12/20 3:39 a.m.15 views

Arbitrary File Write

GuardDog is vulnerable to arbitrary file write. The vulnerability exists due to the unsafe extracting using the shutil.unpackarchive functionality in the downloadcompressed function of packagescanner.py, allowing an attacker to write arbitrary files outside the destination directory through a...

6.5CVSS6.3AI score0.00704EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/06 9:30 p.m.37 views

py7zr directory traversal vulnerability

A directory traversal vulnerability in the SevenZipFile.extractall function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file...

9.1CVSS8.6AI score0.02242EPSS
Exploits3References7Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2022/10/25 5:40 p.m.34 views

Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 2

Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. Last week, we covered the basics of the exercise and achieving access to flash memory. In this post, we'll cover how to extract partition data. Extracting partition data The next step in our hands-on IoT hacking...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2022/10/21 4:47 p.m.47 views

Emotet Botnet Distributing Self-Unlocking Password-Protected RAR Files to Drop Malware

The notorious Emotet botnet has been linked to a new wave of malspam campaigns that take advantage of password-protected archive files to drop CoinMiner and Quasar RAT on compromised systems. In an attack chain detected by Trustwave SpiderLabs researchers, an invoice-themed ZIP file lure was foun...

0.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/09/16 5:12 p.m.29 views

Cargo extracting malicious crates can corrupt arbitrary files

The Rust Security Response WG was notified that Cargo did not prevent extracting some malformed packages downloaded from alternate registries. An attacker able to upload packages to an alternate registry could corrupt arbitary files when Cargo downloaded the package. The severity of this...

8.1CVSS8.5AI score0.01004EPSS
Exploits0References7Affected Software1
OpenVAS
OpenVAS
added 2022/06/29 12:0 a.m.31 views

Apache Tika < 1.28.4, 2.4.x < 2.4.1 DoS Vulnerability

Apache Tika is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tika";...

3.3CVSS5AI score0.01905EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/06/27 10:15 p.m.4 views

CVE-2022-33879

The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1...

5.5CVSS5.8AI score0.02524EPSS
Exploits0References4
OSV
OSV
added 2022/05/31 2:15 p.m.2 views

UBUNTU-CVE-2022-30973

We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only...

5.5CVSS7.3AI score0.01858EPSS
Exploits0References4
OSV
OSV
added 2022/05/17 12:0 a.m.4 views

GHSA-RPJM-422R-95MH Regular expression denial of service in apache tika

In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standa...

5.5CVSS6.4AI score0.02524EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2022/05/16 5:15 p.m.3 views

CVE-2022-30126

In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standa...

5.5CVSS6.3AI score0.02524EPSS
Exploits0References7
OSV
OSV
added 2022/05/16 5:15 p.m.3 views

UBUNTU-CVE-2022-30126

In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standa...

5.5CVSS6.8AI score0.02524EPSS
Exploits0References4
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.276 views

WebTareas 2.4 - Blind SQLi (Authenticated)

Exploit Title: WebTareas 2.4 - Blind SQLi Authenticated Date: 04/20/2022 Exploit Author: Behrad Taher Vendor Homepage: https://sourceforge.net/projects/webtareas/ Version: 2.4p3 CVE : CVE-2021-43481 The script takes 3 arguments: IP, user ID, session ID Example usage: python3 webtareassqli.py...

9.8CVSS9.8AI score0.05611EPSS
Exploits5
CNVD
CNVD
added 2021/10/20 12:0 a.m.26 views

Oracle Outside In Technology Denial of Service Vulnerability (CNVD-2021-81796)

Oracle Outside In Technology is a software development kit SDK that provides developers with a comprehensive solution for extracting, normalizing, cleaning, converting, and viewing content in more than 600 unstructured file formats. A denial of service vulnerability in the Outside In Filters...

7.5CVSS7.2AI score0.01231EPSS
Exploits0References1
Rows per page
Query Builder