The Anatomy of a Scalping Bot: NSB Goes Undercover & How it Avoids Detection

In the first blog post, we introduced you to the Nike Shoe Bot NSB, one of the most dangerous scalping bots around. We outlined its purpose, its behavior, and described how we recovered its source code. In this blog post, we will take a closer look at the bots source code, and determine what...

CVE-2023-21404

AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.20 (SUSE-SU-2023:2105-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2105-1 advisory. - HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small...

Online Pizza Ordering System v1.0 - Unauthenticated File Upload

Exploit Title: Online Pizza Ordering System 1.0 - Unauthenticated File Upload Date: 03/05/2023 Exploit Author: URGAN Vendor Homepage: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html Software Link:...

codehaus-plexus: Directory Traversal

A flaw was found in codeplex-codehaus. A directory traversal attack also known as path traversal aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash ../" sequences and their variations or by using absolute file paths, it may be possib...

Stored xss in module FAQ News

Description When admins create a FAQ News they can pass xss to the "text of the record" section Proof of Concept 1.Login to admin account 2.In the CONTENT section, click on FAQ News 3.Add any type of source code and notice select Faq status as published 4.Turn on intercept with burp and click sav...

Amazon Linux AMI : tomcat7 (ALAS-2023-1738)

The version of tomcat7 installed on the remote host is prior to 7.0.109-1.42. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1738 advisory. 2023-05-11: CVE-2017-12616 was added to this advisory. When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0....

CVE-2023-1178

An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a...

CVE-2023-1178

An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a...

CVE-2023-1178

CVE-2023-1178 affects GitLab CE/EE across multiple release lines: all 8.6–15.9.5, 15.10.0–15.10.4, and 15.11.0. The root cause is file integrity being compromised when pulling source or installation packages from a tag or release that references another commit. The impact is potential integrity c...

CVE-2023-1178

An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a...

CVE-2023-1178

Removed by vendor...

Medium: golang

Issue Overview: Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. CVE-2023-24537 Affected Packages: golang Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository...

GitLab 8.6 < 15.9.6 / 15.10 < 15.10.5 / 15.11 < 15.11.1 (CVE-2023-1178)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File...

Huawei EulerOS: Security Advisory for emacs (EulerOS-SA-2023-1669)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious code in mpc-ap-styles (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3560796a4ad8974d74c898770846effa03442b79adace2bbc4679dc402afe911 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

MAL-2023-8030 Malicious code in mpc-ap-styles (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3560796a4ad8974d74c898770846effa03442b79adace2bbc4679dc402afe911 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Apache Shardingsphere_Elasticjob-Ui

CVE-2022-22733 CVE-2022-22733 is a vulnerabilit that affects...

SUSE CVE-2005-3747

Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash "%5C" characters. NOTE: this might be the same issue as CVE-2006-2758...

Malicious code in ajaxmanager-custom (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx cbfc18e18de3ecf81548e9fff07c310df0c09ae04271fbe4e2f3e6872af6c549 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...