Lucene search
+L

112 matches found

Node.js
Node.js
added 2019/06/03 3:12 p.m.16 views

Malicious Package

Overview Version 1.0.1 of jquerz contains malicious code as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server, executes it and opens a...

7.1AI score
Exploits0Affected Software1
Wired Threat Level
Wired Threat Level
added 2019/05/08 2:39 p.m.47 views

Artificial Intelligence May Not 'Hallucinate' After All

What makes an algorithm mistake a helicopter for a gun? Researchers think the answer has to do more with man than machine...

3.4AI score
Exploits0
Hacker One
Hacker One
added 2018/11/30 5:5 a.m.33 views

HackerOne: Inline banner on Report page discloses whether organization runs a private program

Summary: Hi team , @jobert Description: Your engineers have created inscription - You are participating in a private program for ████████. Please do not publicly discuss the program until the program goes public. When a hacker creates a report in an external program with a private page, we will s...

0.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2018/09/20 11:45 a.m.32 views

Security Vulnerability in ESS ExpressVote Touchscreen Voting Computer

Of course the ESS ExpressVote voting computer will have lots of security vulnerabilities. It's a computer, and computers have lots of vulnerabilities. This particular vulnerability is particularly interesting because it's the result of a security mistake in the design process. Someone didn't thin...

7.3AI score
Exploits0
Veracode
Veracode
added 2018/06/07 7:3 a.m.19 views

Malicious Typo-Squatting

shadowsock is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake it for the real one but have malicious actions under the hood such as stealing environment variables...

7.5CVSS7.4AI score0.01123EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2018/06/07 6:38 a.m.14 views

Malicious Typo-Squatting

crossenv is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake it for the real one but have malicious actions under the hood such as stealing environment variables...

7.5CVSS7.4AI score0.01177EPSS
Exploits0References1Affected Software1
HackRead
HackRead
added 2018/04/20 8:26 p.m.86 views

Germany’s Deutsche Bank transfers €28 billion to an account by mistake

By Carolina A couple of years ago, a massive bank heist was This is a post from HackRead.com Read the original post: Germany's Deutsche Bank transfers €28 billion to an account by mistake...

2.2AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2017/12/07 1:23 p.m.14 views

await vs return vs return await

When writing async functions, there are differences between await vs return vs return await, and picking the right one is important. Let's start with this async function: async function waitAndMaybeReject // Wait one second await new Promiser = setTimeoutr, 1000; // Toss a coin const isHeads =...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2017/04/02 1:36 a.m.23 views

CVE-2017-2414

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "DataAccess" component. It allows remote attackers to access Exchange traffic in opportunistic circumstances by leveraging a mistake in typing an e-mail address...

5.2AI score0.01931EPSS
Exploits0References3
Gentoo Linux
Gentoo Linux
added 2017/03/28 12:0 a.m.46 views

cURL: Certificate validation error

Background cURL is a tool and libcurl is a library for transferring data with URL syntax. Description cURL and applications linked against libcurl support “OCSP stapling”, also known as the TLS Certificate Status Request extension using the CURLOPTSSLVERIFYSTATUS option. When telling cURL to use...

6.5CVSS5.7AI score0.01391EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/03/28 12:0 a.m.39 views

GLSA-201703-04 : cURL: Certificate validation error

The remote host is affected by the vulnerability described in GLSA-201703-04 cURL: Certificate validation error cURL and applications linked against libcurl support OCSP stapling, also known as the TLS Certificate Status Request extension using the CURLOPTSSLVERIFYSTATUS option. When telling cURL...

6.5CVSS6.3AI score0.01391EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/02/23 12:0 a.m.48 views

FreeBSD : cURL -- ocsp status validation error (311e4b1c-f8ee-11e6-9940-b499baebfeaf)

The cURL project reports : SSLVERIFYSTATUS ignored curl and libcurl support 'OCSP stapling', also known as the TLS Certificate Status Request extension using the CURLOPTSSLVERIFYSTATUS option. When telling curl to use this feature, it uses that TLS extension to ask for a fresh proof of the server...

6.5CVSS6.3AI score0.01391EPSS
Exploits0References3
OSV
OSV
added 2017/02/22 8:0 a.m.6 views

CURL-CVE-2017-2629 SSL_VERIFYSTATUS ignored

curl and libcurl support "OCSP stapling", also known as the TLS Certificate Status Request extension using the CURLOPTSSLVERIFYSTATUS option. When telling curl to use this feature, it uses that TLS extension to ask for a fresh proof of the server's certificate's validity. If the server does not...

6.5CVSS6.5AI score0.01391EPSS
Exploits0
Hacker One
Hacker One
added 2017/01/09 12:40 p.m.16 views

Nextcloud: bug reporting template encourages users to paste config file with passwords

The dangerous bug reporting template ============================= The github bug reporting template for nextcloud's server and some apps contains this: The content of config/config.php: If you have access to your command line run e.g.: sudo -u www-data php occ config:list system from within your...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/08/12 12:0 a.m.20 views

FreeBSD : FreeBSD -- Resource exhaustion in TCP reassembly (0cb9d5bb-600a-11e6-a6c3-14dae9d210b8)

There is a mistake with the introduction of VNET, which converted the global limit on the number of segments that could belong to reassembly queues into a per-VNET limit. Because mbufs are allocated from a global pool, in the presence of a sufficient number of VNETs, the total number of mbufs...

7.5CVSS7.2AI score0.03324EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2016/03/02 12:30 a.m.13 views

FBI Admits — It was a 'Mistake' to Reset Terrorist's iCloud Password

Yes, FBI Director James Comey admitted that the investigators made a "mistake" with the San Bernardino investigation during a congressional hearing held by the House Judiciary Committee. Apple is facing a court order to help the FBI unlock an iPhone belonged to San Bernardino Shooter by developin...

6.4AI score
Exploits0
The Hacker News
The Hacker News
added 2015/10/09 8:14 p.m.9 views

Google rewarded the Guy who Accidentally bought Google.com, But he Donated it to Charity

Sanmay Ved – the man who actually managed to buy Google.com got a huge reward from Google, but he donated all money to charity. Last week, an ex-Google employee and now-Amazon employee managed to buy the world's most-visited domain Google.com via Google's own Domains service for only $12. However...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2014/09/11 11:3 a.m.14 views

Key Flaw Enables Recovery of Files Encrypted by TorrentLocker

Crypto ransomware, a relatively unknown phenomenon a couple of years ago, has exploded into one of the nastier malware problems for Internet users. Variants such as CryptoLocker and CryptoWall have been siphoning money from victims for some time, and now researchers have dissected a newer variant...

0.4AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2014/04/09 5:41 p.m.5 views

samba: pam_winbind fails open when non-existent group specified to require_membership_of

The winbindnamelisttosidstringlist function in nsswitch/pamwinbind.c in Samba through 4.1.2 handles invalid requiremembershipof group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by...

3.6CVSS7.2AI score0.0379EPSS
Exploits1References4
Cvelist
Cvelist
added 2013/12/03 7:0 p.m.30 views

CVE-2012-6150

The winbindnamelisttosidstringlist function in nsswitch/pamwinbind.c in Samba through 4.1.2 handles invalid requiremembershipof group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by...

7.3AI score0.0379EPSS
Exploits1References17
Rows per page
Query Builder