84 matches found
CVE-2022-21191
Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function...
CVE-2022-25895 Directory Traversal
All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...
CVE-2022-25895
CVE-2022-25895 affects lite-dev-server. All versions are vulnerable to Directory Traversal due to missing input sanitization and sandboxing of the req.url input passed to the server code. The root cause is that the server reads and uses user-supplied URLs without proper normalization, enabling ac...
lite-dev-server vulnerable to Directory Traversal
All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...
CVE-2022-25895
All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...
Directory traversal
All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...
CVE-2022-25931 Directory Traversal
All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...
GHSA-WCWM-C3MR-PXCR easy-static-server vulnerable to Directory Traversal
All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...
Directory traversal
All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...
Neton - Tool For Getting Information From Internet Connected Sandboxes
Neton is a tool for getting information from Internet connected sandboxes. It is composed by an agent and a web interface that displays the collected information. The Neton agent gets information from the systems on which it runs and exfiltrates it via HTTPS to the web server. Some of the...
SUSE-SU-2022:1895-1 Security update for postgresql13
This update for postgresql13 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes bsc1199475...
North Korean Hackers Return with Stealthier Variant of KONNI RAT Malware
A cyberespionage group with ties to North Korea has resurfaced with a stealthier variant of its remote access trojan called Konni to attack political institutions located in Russia and South Korea. "The authors are constantly making code improvements," Malwarebytes researcher Roberto Santos said...
Latest Firefox 95 Includes RLBox Sandboxing to Protect Browser from Malicious Code
Mozilla is beginning to roll out Firefox 95 with a new sandboxing technology called RLBox that prevents untrusted code and other security vulnerabilities from causing "accidental defects as well as supply-chain attacks." Dubbed "RLBox" and implemented in collaboration with researchers at the...
CVE-2017-5123
Insufficient data validation in waitid allowed an user to escape sandboxes on Linux...
Input validation
Insufficient data validation in waitid allowed an user to escape sandboxes on Linux...
Catching the big fish: Analyzing a large-scale phishing-as-a-service operation
In researching phishing attacks, we came across a campaign that used a rather high volume of newly created and unique subdomains—over 300,000 in a single run. This investigation led us down a rabbit hole as we unearthed one of the operations that enabled the campaign: a large-scale...
Strategies, tools, and frameworks for building an effective threat intelligence team
How to think about building a threat intelligence program The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia...
Strategies, tools, and frameworks for building an effective threat intelligence team
How to think about building a threat intelligence program The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia...
Google reveals details on active vulnerability affecting Windows 10, 7
By Waqas Google Project Zero has disclosed a Windows 0day vulnerability that lets attackers to escape Chrome sandboxes and run malware on Windows. This is a post from HackRead.com Read the original post: Google reveals details on active vulnerability affecting Windows 10, 7...
Sandbox in security: what is it, and how it relates to malware
To better understand modern malware detection methods, it’s a good idea to look at sandboxes. In cybersecurity, the use of sandboxes has gained a lot of traction over the last decade or so. With the plethora of new malware coming our way every day, security researchers needed something to test ne...