Injected Malicious Code

XZ is vulnerable to Injected Malicious Code. Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which...

K000139141: liblzma vulnerability CVE-2024-3094

Security Advisory Description Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used t...

CVE-2024-3094

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in...

CVE-2024-3094

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in...

CVE-2024-29900

Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of 1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This...

CVE-2024-3094

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in...

Workout Journal App 1.0 - Stored XSS Vulnerability

Exploit Title: Workout Journal App 1.0 - Stored XSS Exploit Author: MURAT CAGRI ALIS Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17088/workout-journal-app-using-php-and-mysql-source-code.html Version: 1.0 Tested on: Windows / MacOS / Linux CVE...

[SECURITY] Fedora 38 Update: python-pygments-2.14.0-2.fc38

Pygments is a generic syntax highlighter suitable for use in code hosting, forums, wikis or other applications that need to prettify source code. Highlights are: a wide range of over 500 languages and other text formats is supported special attention is paid to details that increase highlighting...

CVE-2024-23722

In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly...

Insurance Management System PHP and MySQL 1.0 - Multiple Stored XSS

Exploit Title:Insurance Management System PHP and MySQL 1.0 - Multiple Stored XSS Date: 2024-02-08 Exploit Author: Hakkı TOKLU Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16995/insurance-management-system-php-mysql.html Version: 1.0 Tested on:...

Slackware Linux 15.0 / current emacs Vulnerability (SSA:2024-084-01)

The version of emacs installed on the remote host is prior to 29.3. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-084-01 advisory. - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because...

CVE-2023-46840

Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guests is compiled out of Xen...

CVE-2023-46840

Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guests is compiled out of Xen...

CVE-2023-46840 VT-d: Failure to quarantine devices in !HVM builds

Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guests is compiled out of Xen...

CVE-2023-46840

CVE-2023-46840 concerns Xen where an incorrect placement of a preprocessor directive in Xen source leads to logic that does not operate as intended when HVM guest support is compiled out. The vulnerability is described across multiple connected advisories (e.g., Nessus/OPENVAS entries and OSV/nvd...

Chirp Access Trust Management Issues Vulnerability

Chirp Systems Chirp Access is a feature or service from Chirp Systems that helps users access and manage their Chirp accounts. Chirp Access suffers from a trust management issue vulnerability that stems from storing credentials in its source code, which could expose sensitive information to an...

Hackers Claim Accessing 740GB of Data from Viber Messaging App

By Waqas Hackers claim to have breached Viber, stealing 740GB of data, including source code, and are now demanding ransom of 8 Bitcoin. This is a post from HackRead.com Read the original post: Hackers Claim Accessing 740GB of Data from Viber Messaging App...

CVE-2023-43292

Cross Site Scripting vulnerability in My Food Recipe Using PHP with Source Code v.1.0 allows a local attacker to execute arbitrary code via a crafted payload to the Recipe Name, Procedure, and ingredients parameters...

CVE-2023-43292

Cross Site Scripting vulnerability in My Food Recipe Using PHP with Source Code v.1.0 allows a local attacker to execute arbitrary code via a crafted payload to the Recipe Name, Procedure, and ingredients parameters...

CVE-2023-43292

Cross Site Scripting vulnerability in My Food Recipe Using PHP with Source Code v.1.0 allows a local attacker to execute arbitrary code via a crafted payload to the Recipe Name, Procedure, and ingredients parameters...