Ingnovarq 跨站脚本漏洞

Ingnovarq is a repository containing the source code of Ingnovarq by the individual developer Andrés David Montoya Aguirre. A cross-site scripting vulnerability exists in Ingnovarq, which stems from misuse of the parameter imagetitle leading to cross-site scripting...

CVE-2022-45895

Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie findable in HTML source code for Default.aspx in some situations and the WhoAmI endpoint e.g., path disclosure...

CVE-2022-45895

Planet eStream exposes sensitive information in versions prior to 6.72.10.07 due to issues involving the ON cookie (findable in Default.aspx HTML source) and the WhoAmI endpoint (path disclosure). The CVE-2022-45895 entry consolidates this information as a user-notification-style vulnerability wi...

Venganzas del Pasado 跨站脚本漏洞

Venganzas del Pasado is the source code for a website by Juan Schwindt, an individual developer. Venganzas del Pasado suffers from a cross-site scripting vulnerability that stems from thetitle parameter of several of its unknown functions that allows an attacker to implement cross-site scripting...

File Deletion Detected

Description Vulnerability allows deleting files in the server, affect the logic of the source code or disrupt the program to make the original way of operation Proof of Concept B1. Login and access to admin.php?p=uploader&action=mediamanager B2. Delete 1 uploaded file B3. Change parameter...

LastPass Admits to Severe Data Breach, Encrypted Password Vaults Stolen

The August 2022 security breach of LastPass may have been more severe than previously disclosed by the company. The popular password management service on Thursday revealed that malicious actors obtained a trove of personal information belonging to its customers that include their encrypted...

Hackers Breach Okta's GitHub Repositories, Steal Source Code

Okta, a company that provides identity and access management services, disclosed on Wednesday that some of its source code repositories were accessed in an unauthorized manner earlier this month. "There is no impact to any customers, including any HIPAA, FedRAMP, or DoD customers," the company sa...

GitHub Attack Allowed Attackers to Steal Okta’s Source Code

By Deeba Ahmed Okta has, however, confirmed that attackers couldnt access its customer data or services. Authentication giant Okta has suffered… This is a post from HackRead.com Read the original post: GitHub Attack Allowed Attackers to Steal Oktas Source Code...

“GodFather” Hits Banks, Crypto Wallets Apps as Android Trojan Emerges

By Deeba Ahmed Researchers believe that GodFather could be a successor of another banking trojan called Anubis, which had its source code leaked in January 2019 on an underground hacking forum. This is a post from HackRead.com Read the original post: “GodFather” Hits Banks, Crypto Wallets Apps as...

MAL-2023-624 Malicious code in niroborg-npm-com-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4a5348649edc33adcbfe7031bc6beb53accae42a84eb62d033f427164f9cc4ea Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

Malicious code in niroborg-com-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4460d2a87799e8994ee5e9255a29e3967eba081cba21c855381d14f9b608f72d Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in niroborg-npm-com-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4a5348649edc33adcbfe7031bc6beb53accae42a84eb62d033f427164f9cc4ea Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

MAL-2022-7432 Malicious code in niroborg-com-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4460d2a87799e8994ee5e9255a29e3967eba081cba21c855381d14f9b608f72d Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

HTTPLoot - An Automated Tool Which Can Simultaneously Crawl, Fill Forms, Trigger Error/Debug Pages And "Loot" Secrets Out Of The Client-Facing Code Of Sites

An automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and "loot" secrets out of the client-facing code of sites. Usage To use the tool, you can grab any one of the pre-built binaries from the Releases section of the repository. If you want to build the source cod...

MGASA-2022-0457 Updated emacs packages fix security vulnerability

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggested in the ctags...

Updated emacs packages fix security vulnerability

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggested in the ctags...

Codecepticon - .NET Application That Allows You To Obfuscate C#, VBA/VB6 (Macros), And PowerShell Source Code

Codecepticon is a .NET application that allows you to obfuscate C, VBA/VB6 macros, and PowerShell source code, and is developed for offensive security engagements such as Red/Purple Teams. What separates Codecepticon from other obfuscators is that it targets the source code rather than the compil...

Judging Management System 1.0 Shell Upload Exploit

Exploit Title: Judging Management System v1.0 - Remote Code Execution RCE Date: 12/11/2022 Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.ht...

Judging Management System 1.0 Shell Upload

Exploit Title: Judging Management System v1.0 - Remote Code Execution RCE Date: 12/11/2022 Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.ht...

How to train your Ghidra

Getting started with Ghidra For about two decades, being a reverse engineer meant that you had to master the ultimate disassembly tool, IDA Pro. Over the years, many other tools were created to complement or directly replace it, but only a few succeeded. Then came the era of decompilation, adding...