MAL-2023-8009 Malicious code in ajaxmanager-custom (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx cbfc18e18de3ecf81548e9fff07c310df0c09ae04271fbe4e2f3e6872af6c549 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

CVE-2023-29199

There exists a vulnerability in source code transformer exception sanitization logic of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor c...

Remote code execution

There exists a vulnerability in source code transformer exception sanitization logic of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor c...

CVE-2023-29199

The CVE-2023-29199 issue affects the vm2 Node.js module, specifically its source code transformer’s exception sanitization. Versions up to 3.9.15 are vulnerable to a sandbox bypass in handleException(), enabling leakage of unsanitized host exceptions and potential remote code execution in the hos...

CVE-2023-29199 vm2 Sandbox escape vulnerability

There exists a vulnerability in source code transformer exception sanitization logic of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor c...

CVE-2023-29199 vm2 Sandbox escape vulnerability

There exists a vulnerability in source code transformer exception sanitization logic of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor c...

Overview of Google Play threats sold on the dark web

In 2022, Kaspersky security solutions detected 1,661,743 malware or unwanted software installers, targeting mobile users. Although the most common way of distributing such installers is through third-party websites and dubious app stores, their authors every now and then manage to upload them to...

Online Computer And Laptop Store 1.0 Shell Upload

!/usr/bin/env python3 Exploit Title: Online Computer and Laptop Store 1.0 - Remote Code Execution RCE Date: 09/04/2023 Exploit Author: Matisse Beckandt Backendt Vendor Homepage:...

Online Appointment System V1.0 - Cross-Site Scripting (XSS)

Exploit Title: Online Appointment System V1.0 - Cross-Site Scripting XSS Date: 25/02/2023 Exploit Author: Sanjay Singh Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14502/online-appointment-system-php-full-source-code-2020.html Tested on: Window...

CVE-2023-27180

GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /admin/backup.php...

CVE-2023-27180

GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /admin/backup.php...

Code injection

GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /admin/backup.php...

Are Source Code Leaks the New Threat Software vendors Should Care About?

Less than a month ago, Twitter indirectly acknowledged that some of its source code had been leaked on the code-sharing platform GitHub by sending a copyright infringement notice to take down the incriminated repository. The latter is now inaccessible, but according to the media, it was accessibl...

Are Source Code Leaks the New Threat Software vendors Should Care About?

Less than a month ago, Twitter indirectly acknowledged that some of its source code had been leaked on the code-sharing platform GitHub by sending a copyright infringement notice to take down the incriminated repository. The latter is now inaccessible, but according to the media, it was accessibl...

CVE-2023-27180

GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /admin/backup.php...

CVE-2023-27180

GDidees CMS v3.9.1 is described in multiple sources as having a source code disclosure vulnerability through the backup feature exposed at /_admin/backup.php . The CVE report notes high impact with confidentiality loss (C:H) and no indicated integrity/availability impact, with an overall CVSSv3.1...

PT-2023-20993 · Unknown · Gdidees Cms

Name of the Vulnerable Software and Affected Versions: GDidees CMS version 3.9.1 Description: A source code disclosure issue was found in the backup feature of GDidees CMS, accessible via the "/ admin/backup.php" endpoint. This allows for potential access to sensitive information. Recommendations...

CVE-2023-27180

GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /admin/backup.php...

CVE-2023-24537

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...

CVE-2023-24537

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...