Astra Linux - уязвимость в linux, linux-5.10

An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the ODIRECTORY flag, and tries to open a regular file, nfsatomicopen performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in...

CRLF Injection

Overview basic-ftp is a FTP client for Node.js, supports FTPS over TLS, IPv6, Async/Await, and Typescript. Affected versions of this package are vulnerable to CRLF Injection via the login and openDir methods. An attacker can execute arbitrary FTP commands by injecting control characters into...

CVE-2018-4470

A privacy issue in the handling of Open Directory records was addressed with improved indexing. This issue affected versions prior to macOS High Sierra 10.13.6...

EUVD-2010-0552

Malware in sbrugna...

EUVD-2005-3698

Malware in sbrugna...

EUVD-2010-1405

Malware in sbrugna...

EUVD-2011-3190

Malware in sbrugna...

EUVD-2014-5866

Malware in sbrugna...

EUVD-2018-16003

Malware in sbrugna...

EUVD-2007-5704

Malware in sbrugna...

EUVD-2018-6669

Malware in sbrugna...

EUVD-2015-1290

Malware in sbrugna...

EUVD-2018-16256

Malware in sbrugna...

EUVD-2011-3398

Malware in sbrugna...

ksmbd: discard write access to the directory open

...

ERMAC V3.0 Banking Trojan Source Code Leak Exposes Full Malware Infrastructure

Cybersecurity researchers have detailed the inner workings of an Android banking trojan called ERMAC 3.0, uncovering serious shortcomings in the operators' infrastructure. "The newly uncovered version 3.0 reveals a significant evolution of the malware, expanding its form injection and data theft...

Security update for perl

This update for perl fixes the following issues: CVE-2025-40909: do not change the current directory when cloning an open directory handle bsc1244079 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternative...

A tale of enumeration, and why pen testing can’t be automated

TL;DR In an engagement we found an open directory on the internet belonging to our client By enumerating it we found a zip archive with a configuration file holding usernames and passwords That file gave us access to the client’s ArcGIS instance This contained a treasure trove of information abou...

New Banshee Stealer Targets 100+ Browser Extensions on Apple macOS Systems

Cybersecurity researchers have uncovered new stealer malware that's designed to specifically target Apple macOS systems. Dubbed Banshee Stealer, it's offered for sale in the cybercrime underground for a steep price of $3,000 a month and works across both x8664 and ARM64 architectures. "Banshee...

DEBIAN-CVE-2024-41030

In the Linux kernel, the following vulnerability has been resolved: ksmbd: discard write access to the directory open mayopen does not allow a directory to be opened with the write access. However, some writing flags set by client result in adding write access on server, making ksmbd incompatible...