21 matches found
EUVD-2019-9240
Malware in sbrugna...
EUVD-2020-0086
Malware in sbrugna...
EUVD-2019-15062
Malware in sbrugna...
EUVD-2023-34253
Malicious code in bioql PyPI...
CVE-2019-5487
An improper access control vulnerability exists in Gitlab EE...
CVE-2024-47166
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...
MSI Data Breach: Private Code Signing Keys Leaked on the Dark Web
The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company's private code signing keys on their dark website. "Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem," Alex Matrosov, founder and CEO of firmware security...
A week in security (January 9—15)
Last week on Malwarebytes Labs: Slack private code on GitHub stolen Crypto-inspired Magecart skimmer surfaces via digital crime haven Security vulnerabilities in major car brands revealed Microsoft ends extended support for Windows 7 and Windows Server 2008 today Pokemon NFT card game malware...
Slack private code on GitHub stolen
Online collaboration platform Slack reported on New Year's Eve it had suffered a "security incident" where some of its code stored on GitHub was stolen. According to the post from the company's security team, Slack's private code repositories were accessed using swiped employee tokens. No custome...
Malicious code in test-private-code-100-asdfghjsagdfjsagfsa (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 622131ff3fa8f9122fb8e3a97bfe1206bc79a5f0e0d1ddb956c2e2b767d4ca82 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Access Restriction Bypass
Overview Affected versions of this package are vulnerable to Access Restriction Bypass. Strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A successful attack would require an authenticate...
CVE-2019-19629
Removed by vendor...
CVE-2019-5487
An improper access control vulnerability exists in Gitlab EE v12.3.3, v12.2.7, & v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits...
CVE-2019-5487
An improper access control vulnerability exists in Gitlab EE v12.3.3, v12.2.7, & v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits...
Improper access control
An improper access control vulnerability exists in Gitlab EE v12.3.3, v12.2.7, & v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits...
CVE-2019-5487
Removed by vendor...
CVE-2019-5487
An improper access control vulnerability exists in Gitlab EE v12.3.3, v12.2.7, & v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits...
FreeBSD : Gitlab -- Multiple Vulnerabilities (21944144-1b90-11ea-a2d4-001b217b3468)
Gitlab reports : Path traversal with potential remote code execution Disclosure of private code via Elasticsearch integration Update Git dependency C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Path traversal with potential remote code execution Disclosure of private code via Elasticsearch integration Update Git dependency...
dlink.txt
!/bin/bash Coded Bt Ph3mt Of K-Security Team This Code is private, pls do not redistribute Release Date 25/11/2007 Code function dow echo 'POST /cgi-bin/firmwarecfg HTTP/1.1' richiesta echo 'Host: $IP' richiesta echo 'User-Agent: veryprivateacsor' richiesta echo 'Accept:...