Lucene search
K

84 matches found

OSV
OSV
added 2023/01/13 5:0 a.m.20 views

CVE-2022-21191

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function...

7.4CVSS9.8AI score0.01477EPSS
Exploits0References6
Cvelist
Cvelist
added 2022/12/21 11:14 p.m.34 views

CVE-2022-25895 Directory Traversal

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

7.5CVSS7.7AI score0.01343EPSS
Exploits1References3
CVE
CVE
added 2022/12/21 11:14 p.m.74 views

CVE-2022-25895

CVE-2022-25895 affects lite-dev-server. All versions are vulnerable to Directory Traversal due to missing input sanitization and sandboxing of the req.url input passed to the server code. The root cause is that the server reads and uses user-supplied URLs without proper normalization, enabling ac...

7.5CVSS7.5AI score0.01343EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/12/21 6:30 a.m.24 views

lite-dev-server vulnerable to Directory Traversal

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

7.5CVSS4.4AI score0.01343EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2022/12/21 5:15 a.m.28 views

CVE-2022-25895

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

7.5CVSS0.01343EPSS
Exploits1References3
Prion
Prion
added 2022/12/21 5:15 a.m.15 views

Directory traversal

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

5CVSS7.5AI score0.01343EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/12/21 1:21 a.m.21 views

CVE-2022-25931 Directory Traversal

All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

7.5CVSS7.7AI score0.01324EPSS
Exploits1References3
OSV
OSV
added 2022/12/20 6:30 a.m.12 views

GHSA-WCWM-C3MR-PXCR easy-static-server vulnerable to Directory Traversal

All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

7.5CVSS7.5AI score0.01324EPSS
Exploits1References5
Prion
Prion
added 2022/12/20 5:15 a.m.15 views

Directory traversal

All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

5CVSS7.5AI score0.01324EPSS
Exploits1References3
Kitploit
Kitploit
added 2022/12/04 11:30 a.m.21 views

Neton - Tool For Getting Information From Internet Connected Sandboxes

Neton is a tool for getting information from Internet connected sandboxes. It is composed by an agent and a web interface that displays the collected information. The Neton agent gets information from the systems on which it runs and exfiltrates it via HTTPS to the web server. Some of the...

7AI score
Exploits0References14
OSV
OSV
added 2022/05/31 12:51 p.m.6 views

SUSE-SU-2022:1895-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes bsc1199475...

8.8CVSS8.7AI score0.12403EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2022/01/28 9:0 a.m.21 views

North Korean Hackers Return with Stealthier Variant of KONNI RAT Malware

A cyberespionage group with ties to North Korea has resurfaced with a stealthier variant of its remote access trojan called Konni to attack political institutions located in Russia and South Korea. "The authors are constantly making code improvements," Malwarebytes researcher Roberto Santos said...

1.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/12/07 4:48 a.m.17 views

Latest Firefox 95 Includes RLBox Sandboxing to Protect Browser from Malicious Code

Mozilla is beginning to roll out Firefox 95 with a new sandboxing technology called RLBox that prevents untrusted code and other security vulnerabilities from causing "accidental defects as well as supply-chain attacks." Dubbed "RLBox" and implemented in collaboration with researchers at the...

1.3AI score
Exploits0
NVD
NVD
added 2021/11/02 10:15 p.m.23 views

CVE-2017-5123

Insufficient data validation in waitid allowed an user to escape sandboxes on Linux...

8.8CVSS0.03714EPSS
Exploits10References3
Prion
Prion
added 2021/11/02 10:15 p.m.21 views

Input validation

Insufficient data validation in waitid allowed an user to escape sandboxes on Linux...

4.6CVSS8.5AI score0.03714EPSS
Exploits10References3Affected Software1
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/09/21 3:0 p.m.23 views

Catching the big fish: Analyzing a large-scale phishing-as-a-service operation

In researching phishing attacks, we came across a campaign that used a rather high volume of newly created and unique subdomains—over 300,000 in a single run. This investigation led us down a rabbit hole as we unearthed one of the operations that enabled the campaign: a large-scale...

7.4AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/06/22 4:0 p.m.56 views

Strategies, tools, and frameworks for building an effective threat intelligence team

How to think about building a threat intelligence program The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia...

Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/06/22 4:0 p.m.14 views

Strategies, tools, and frameworks for building an effective threat intelligence team

How to think about building a threat intelligence program The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia...

Exploits0
HackRead
HackRead
added 2020/10/31 7:37 p.m.28 views

Google reveals details on active vulnerability affecting Windows 10, 7

By Waqas Google Project Zero has disclosed a Windows 0day vulnerability that lets attackers to escape Chrome sandboxes and run malware on Windows. This is a post from HackRead.com Read the original post: Google reveals details on active vulnerability affecting Windows 10, 7...

5.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/09/24 5:0 p.m.34 views

Sandbox in security: what is it, and how it relates to malware

To better understand modern malware detection methods, it’s a good idea to look at sandboxes. In cybersecurity, the use of sandboxes has gained a lot of traction over the last decade or so. With the plethora of new malware coming our way every day, security researchers needed something to test ne...

0.3AI score
Exploits0
Rows per page
Query Builder