Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Microsoft Windows BitLocker 安全漏洞

Microsoft Windows BitLocker is a Microsoft Corporation USA BitLocker Ensure secure backup of recovery keys before activating protection. A security vulnerability exists in Microsoft Windows BitLocker that originates from an attacker's ability to bypass certain features by exploiting the...

EUVD-2017-6969

Malware in sbrugna...

forgejo -- multiple vulnerabilities

Problem Description: Replace v-html with v-text in search inputbox Upgrade webpack to v5.94.0 as a precaution to mitigate CVE-2024-43788, although we were not yet able to confirm that this can be exploited in Forgejo...

dectalk-tts Uses Unencrypted HTTP Request

Impact In [email protected], network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victim of a man-in-the-middle MITM attack. Theft Because dectalk-tts is ...

ROS-2-1221

2.1221 Vulnerability in VLC CVE-2019-19721, CVE-2020-6071, CVE-2020-6072, CVE-2020-6073, CVE-2020-6077, CVE-2020-6078, CVE-2020-6079 1. Vulnerability Description: The vulnerability allows a remote user to: - create a customized image file that can cause an out-of-bounds read, - send a specially...

Information disclosure

For migration as well as to work around kernels unaware of L1TF see XSA-273, PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests this means running on th...

CVE-2023-40581

yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the --exec flag. This flag allows output template expansion in its argument, so that metadata values may be used in...

PT-2023-30110 · Unknown · Saphira Connect

Name of the Vulnerable Software and Affected Versions: Saphira Connect versions prior to 9 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...

MAL-2023-55 Malicious code in @sbb2b/ngx.sportsbook (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7ccf1238d371f61b48d44f2b32d79ce73e0d25a42508d9e535ce93580010016d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Default coin spend limit was set wrong for ETH

Lines of code Vulnerability details Impact It is stated in the README that some spend limit are configured for the swaps. This is a security precaution to avoid spending too much tokens for the default 4 CANTO tokens in order to onboard the users if their balance is less than 4 tokens. As a...

MAL-2022-2804 Malicious code in eslint-config-products (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b7412401c48258fcb2fc7caa6d255609baf3ad31fb741b96fdb859909a615dc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Yield can be lost due to not specifying limit when transferring auraBAL to BAL/ETH BPT

Lines of code Vulnerability details Impact In harvest, when swapping auraBAL to BAL/ETH BPT the limit variable which specifies the minimum amount of tokens that are to be received when singleSwap.kind=GIVENIN is set to 0. This means that when the swap is made, the transaction can be frontrun and...

CVE-2022-28787

Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic...

Malicious Package in hpmm

All versions of hpmm contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer...

Twitter: Epic Account Hack Caused by Mobile Spearphishing Scam

A mobile spearphishing attack targeting “a small number of employees” is what led to the unprecedented, major attack earlier in the month on high-profile Twitter accounts to push out a Bitcoin scam. The company posted an update late Thursday on the situation, which has been unfolding since July 1...

Microsoft Internet Explorer CVE-2015-1692 Clipboard Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Internet Explorer 7, 8, 9, 10, and 11 are vulnerable. Technologies Affected Avaya CallPilot 4.0 Avaya...

XDcms订餐网站系统单店版注入(demo测试)

简要描述： rt 详细说明： 黑盒demo测试 首先注册一个用户，然后修改用户资料 http://dd.xdcms.cn/index.php?m=member&f=edit 修改完成之后，下单点餐。 然后报错了。二次注入 由于demo有安全狗，就没用深入测试了。 漏洞证明：...

"Warning Zombies Ahead!" - Road sign board Hacked

Drivers may have gotten a chuckle out of an electronic message board in Maine warning of zombies, but city officials were not amused. A Portland, Maine road sign is changed to a zombie warning on Wednesday, Oct. 10, 2012. It originally read "Night work 8 pm-6 am. Expect delays." An electronic...

WordPress 3.3.1 Cross Site Request Forgery

+---------------------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Wordpress 3.3.1 Multiple CSRF Vulnerabilities Date : 19-03-2012 Author : Ivano Binetti http://www.ivanobinetti.com Software link :...