Reaper - Proof Of Concept On BYOVD Attack

Reaper is a proof-of-concept designed to exploit BYOVD Bring Your Own Vulnerable Driver driver vulnerability. This malicious technique involves inserting a legitimate, vulnerable driver into a target system, which allows attackers to exploit the driver to perform malicious actions. Reaper was...

CVE-2021-47546

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix memory leak in fib6rulesuppress The kernel leaks memory when a fib rule is present in IPv6 nftables firewall rules and a suppressprefix rule is present in the IPv6 routing rules used by certain tools such as wg-quick. I...

House Rental Management System SQL注入漏洞

House Rental Management System is a house rental management system by Carlo Montero Personal Developer. SourceCodester Best House Rental Management System 1.0 and prior versions have a SQL injection vulnerability that originates in the parameter id of the file manage payment.php that can lead to...

CVE-2021-47546 ipv6: fix memory leak in fib6_rule_suppress

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix memory leak in fib6rulesuppress The kernel leaks memory when a fib rule is present in IPv6 nftables firewall rules and a suppressprefix rule is present in the IPv6 routing rules used by certain tools such as wg-quick. I...

Frida-JIT-unPacker: An Imperva Contribution to the Security Research Community, Presented at Black Hat Asia 2024

In the ever-evolving landscape of cybersecurity threats, the battle against malicious bots is a critical concern for web applications. These bots, in addition to their ability to circumvent application security measures, are usually protected with advanced source code protection to prevent the...

Hackers Sell Fake Pegasus Spyware on Clearnet and Dark Web

By Waqas Be cautious! Hackers are selling fake Pegasus spyware source code, alerts CloudSEK. Learn how to protect yourself from… This is a post from HackRead.com Read the original post: Hackers Sell Fake Pegasus Spyware on Clearnet and Dark Web...

CVE-2024-31844

An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error. Inside a...

CVE-2024-31840

An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current...

CVE-2024-31840

The CVE-2024-31840 entry concerns Italtel Embrace 1.6.4. The vulnerability is that the web application inserts cleartext email account passwords into the HTML source. An authenticated user can access the edit function for the email server configuration, and the edit form is pre-filled with the cu...

CVE-2021-47326

This CVE entry is rejected/not used as stated in the Initial Description.

Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns

Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware. "These campaigns typically involve a recognizable infection chain involving oversized...

CVE-2024-36050

Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...

CVE-2024-36050

Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...

CVE-2024-36050

Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...

UBUNTU-CVE-2024-36050

Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...

CVE-2024-36050

CVE-2024-36050 affects Nix up to version 2.22.1, where mishandling of hash caches enables an attacker to substitute attacker-controlled source code by luring a maintainer into accepting a malicious pull request. The available data specify a MEDIUM severity (CVSS 3.1 base score 4.3) with no disclo...

CVE-2024-36050

Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...

CVE-2024-36050

Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...

PT-2024-26864 · Nix +1 · Nix +1

Name of the Vulnerable Software and Affected Versions: Nix versions prior to 2.22.1 Description: The issue makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request. This is due to the mishandli...

CVE-2024-3403

imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs' feature or query the AI...