9169 matches found
The vulnerability of the CORS mechanism implementation in Python PyPi storage solutions allows attackers to disclose protected information.
The vulnerability of the CORS mechanism implemented in Python PyPi software repositories is related to lack of access control. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information...
The vulnerability of the try_match function in the Python PyPi software repository allows a attacker to compromise the confidentiality of the protected information.
The vulnerability of the trymatch function in Python PyPi software products is related to incorrect handling of registries. Exploiting this vulnerability allows an attacker to influence the confidentiality of protected information by circumventing CORS policies and altering the URL path registry...
The vulnerability of the CORS mechanism implementation in Python PyPi storage solutions allows attackers to disclose protected information.
The vulnerability of the CORS mechanism implemented in Python PyPi software repositories is related to improper resolution of path equivalence. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...
Malicious code in sunrequests (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 314b140727c2d65586134b9e2722bdbba66be25e0f391d1b886cc08824783c63 Running the module starts an infostealer attempting to exfiltrate credentials from webbrowsers --- Category: MALICIOUS - The campaign has clearly malicious...
MAL-2024-11539 Malicious code in botnetv2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c81380140d3b7a9d5dddf19a386bb1fc8b9b55044fefc32997fc3d2af9969fcb When running the module, basic information about the user and its location are collected and sent to the author. This is hidden from the user as the package...
Malicious code in evil-select-pkg (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 db8225867ca74c2a2192382dc4abcc5119fb1ac07049412245e3a686524138f8 Package description attempts to pentest/exploit the PyPI web interface. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but als...
MAL-2024-12266 Malicious code in evil-select-pkg (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 db8225867ca74c2a2192382dc4abcc5119fb1ac07049412245e3a686524138f8 Package description attempts to pentest/exploit the PyPI web interface. --- Category: PROBABLYPENTEST - Packages looking like typical pentest packages, but als...
Malicious code in seabonr (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 338d487f231b38056400dad7ac2135955e45c2d6c75003e23e3e08df1c69c63c During installation, a cryptominer is secretly installed and started. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
Malicious code in kersa (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d622fba4f0f9e74871fb87964bdc3818e244e0f9669a814ae71b923ff699e9be During installation, a cryptominer is secretly installed and started. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
Malicious code in torhc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 385cb451ed567a10096fce231790d6a9bce59bb47c8d7bdfff5a8f4aaa0854ed During installation, a cryptominer is secretly installed and started. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
Malicious code in setuptolos (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 89f6c10eb8edc13e9f46c33bba334822fbb3693527f3fc89714bd86adc3be1af During installation, a cryptominer is secretly installed and started. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
MAL-2024-11538 Malicious code in bo3to (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 131072b5bfcd4ce6218aaec66423046b83d0e49904d5992b26192daa201421bd During installation, a cryptominer is secretly installed and started. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
MAL-2024-11621 Malicious code in kersa (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d622fba4f0f9e74871fb87964bdc3818e244e0f9669a814ae71b923ff699e9be During installation, a cryptominer is secretly installed and started. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...
Malicious code in pdf2doc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ae55659200290f97e3d07c41d49af574eb14ad3dc5913535e8d100cf2c48dd58 During installation, the code attempts to exfiltrate basic data username, host name and send to the attacker. The package looks to be a clone of an existing on...
Malicious code in package-lib8127 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2e0e446a5a40a8c6a1ea1041fa0fc875ef0dab2a8ad10cc74e459221906e6851 Package contains CStealer, a known infostealer, starting on importing the module. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2024-11704 Malicious code in sendtowev (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 bee6e22271136b92077edad317e9a1e3eaa120bba73814159142d522cba12ced Package contains CStealer, a known infostealer, starting on importing the module. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
MAL-2024-11653 Malicious code in package-lib8127 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2e0e446a5a40a8c6a1ea1041fa0fc875ef0dab2a8ad10cc74e459221906e6851 Package contains CStealer, a known infostealer, starting on importing the module. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...
Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution
A now-patched critical security flaw impacting Google Cloud Platform GCP Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack technique called dependency confusion. The vulnerability has been codenamed CloudImposer by Tenable...
Malicious code in request-wizard (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ff748393cb55e78c43fea879bbd55034152148246aa8d45359cfa8517845e17c Importing the module starts an Infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2024-09-hyperreq...
Malicious code in hyperreq (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a4662a05cce5bc61521e977b78c1abdb16ecaed027888309aa86ebf22166222b Importing the module starts an Infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2024-09-hyperreq...