Arbitrary Command Injection

Overview kill-process-by-name is a Kills all processes by a certain program Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the...

@duetds/angular (>=5.0.2 <=5.0.3), @duetds/components (>=5.0.2 <=5.0.3) +2 more potentially affected by CVE-2021-23356 via kill-process-by-name (=1.0.5)

kill-process-by-name NPM version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on kill-process-by-name and may be impacted: - @duetds/angular =5.0.2, =5.0.2, =1.7.20, =5.0.2, =5.0.3 Source cves: CVE-2021-23356 Source advisory:...

Arbitrary Command Injection

Overview kill-by-port is a kills process by port Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the...

Arbitrary Command Injection

Overview ps-kill is a Kill processes with ease Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exe...

Florida Water Plant Hack: Leaked Credentials Found in Breach Database

Researchers say they found several stolen and leaked credentials for a Florida water-treatment plant, which was hacked last week. Researchers at CyberNews said they found 11 credential pairs linked to the Oldsmar water plant, in a 2017 compilation of stolen breach credentials. Meanwhile, they als...

Credential Stuffing and Account Takeovers -- The Business View

Account takeovers ATOs, in which criminals impersonate legitimate account owners in order to take control of an account, cause tremendous pain for businesses in all industries. This pain may be monetary, such as losses from stolen accounts, but may also include a number of related problems, like...

CVE-2020-28426

Summary: CVE-2020-28426 affects the npm package kill-process-on-port. All versions are vulnerable to Command Injection through the a.getProcessPortId function. Concrete details across sources include exploit scenario via getProcessPortId and the fact that input can be unsafely processed, enabling...

CVE-2020-28426 Command Injection

All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId...

kill-process-on-port Command Injection Vulnerability

Radarsu kill-process-on-port is an Npm codebase that can be used to support aborting application processes by Radarsu individual developers. kill-process-on-port suffers from a command injection vulnerability that stems from packets being vulnerable to injection via the a.getProcessPortId command...

Stopping Active Attacks with Penalty Box

A web application firewall WAF is most often used by organizations for external security controls to detect and block individual attack attempts against target web application assets. Open Web Application Security Project OWASP risk rating methodology Unfortunately, today's sophisticated web...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via a.getProcessPortId. PoC var a = require"kill-process-occupying-port"; a.getProcessPortId"& touch JHU "; Remediation There is no fixed version for kill-process-on-port. Credit: JHU System Security Lab...

Three Kingdoms Online (Windows Client) suffers from dll hijacking vulnerability

Three Kingdoms Online is a card game. Three Kingdoms Kill Online Windows client suffers from a dll hijacking vulnerability, which can be exploited by attackers to load a malicious dll and execute malicious code...

openSUSE Security Update : podman (openSUSE-2020-2039)

This update for podman fixes the following issues : Security issue fixed : - This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API bsc1176804. Non-security issues fixed : - add dependency to timezone package or podman...

Manuka - A Modular OSINT Honeypot For Blue Teamers

Manuka is an Open-source intelligence OSINT honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue Teamers. It creates a simulated environment consisting of staged OSINT sources, such as social media profiles and leaked credentials, and trac...

CVE-2020-15590

A vulnerability in the Private Internet Access PIA VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. Since 1.5, PIA has supported a “split tunnel” OpenVPN bypass option. Th...

CVE-2020-15590

A vulnerability in the Private Internet Access PIA VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. Since 1.5, PIA has supported a “split tunnel” OpenVPN bypass option. Th...

Design/Logic Flaw

A vulnerability in the Private Internet Access PIA VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. Since 1.5, PIA has supported a “split tunnel” OpenVPN bypass option. Th...

CVE-2020-15590

A vulnerability in the Private Internet Access PIA VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. Since 1.5, PIA has supported a “split tunnel” OpenVPN bypass option. Th...

CVE-2020-15590

CVE-2020-15590 affects the Private Internet Access (PIA) VPN Client for Linux (1.5–2.3+). The underlying issue is that when the VPN kill switch blocks all inbound/outbound traffic, privileged processes can still send/receive traffic if net.ipv4.ip_forward is enabled, enabling leakage of the host ...

@angular-devkit/build-angular (>=0.8.8 <=0.900.0-rc.8), @apployees-nx/node (>=0.0.1 <=0.0.21) +188 more potentially affected by CVE-2019-15599 via tree-kill (>=0.0.6 <=1.2.1)

tree-kill NPM version =0.0.6, =0.8.8, =0.0.1, =0.0.1-alpha.1, =1.2.2, =6.0.0, =0.0.1, =0.0.1, =2.0.0-beta.22, =2.0.0-beta.1, =1.0.0, =0.0.1, =0.2.0, =7.0.2 and more Source cves: CVE-2019-15599 Source advisory: OSV:GHSA-884P-74JH-XRG2...