CVE-2022-22460

IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. IBM X-Force ID: 225013...

CVE-2022-22460

IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. IBM X-Force ID: 225013...

CVE-2022-22460

IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. IBM X-Force ID: 225013...

IBM Security Verify Identity Manager 安全漏洞

IBM Security Verify Identity Manager is a security verification identity manager from IBM USA. A security vulnerability exists in IBM Security Verify Identity Manager version 10.0 that originates from the inclusion of sensitive information in the source code repository...

CVE-2022-22460

IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. IBM X-Force ID: 225013...

WordPress Project Source Code Download plugin <= 1.0.0 - Unauthenticated Backup Download vulnerability

Unauthenticated Backup Download vulnerability discovered by Daniel Ruf in WordPress Project Source Code Download plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of May 4, 2022 and is not available for download. Reason: Security Issue...

How the FBI quietly added itself to criminals’ instant message conversations

Motherboard has disclosed some information about Operation Trojan Shield, in which the FBI intercepted messages from thousands of encrypted phones around the world. These messages are now used in courts across the world as corroborating evidence. Operation Trojan Shield The US Federal Bureau of...

Cspparse - A Tool To Evaluate Content Security Policies

cspparse is a tool to evaluate Content Security Policies. It uses Google's API to retrieve the CSP Headers and returns them in ReconJSON format. Not only does it check for headers with Google's API, it also parses the target site's HTML to look for any CSP rules that are specified in the tag...

U.S. Dept Of Defense: .git folder exposed [HtUS]

Heyy there, I have found a exposed .git folder on https://█████ https://████████/.git/config core repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true remote "origin" url = https://████ fetch = +refs/heads/:refs/remotes/origin/ Using gitdumper...

U.S. Dept Of Defense: insecure gitlab repositories at ████████ [HtUS]

If you click the link https://███, you're redirected to https://██████/users/signin, where credentials have to be inserted. The repositories are private and shouldn't be accessable for unauthenticated users! POC If you click the following links https://████/api/v4/projects, information about...

[SECURITY] Fedora 36 Update: golang-x-lint-0-16.20210123git83fdc39.fc36

Golint is a linter for Go source code...

WP All Import < 3.6.8 - Admin+ Arbitrary File Upload

The plugin accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE As an admin upload a php file containing the palyload zipped along with a valid XML...

Integer Overflow in function lsr_translate_coords

Description Integer Overflow in function lsrtranslatecoords at laser/lsrdec.c:853 gpac version git log commit ea3af7c8242d1a82657dc3a518df5a5b1b5e27ed HEAD - master, origin/master, origin/HEAD Author: Romain Bouqueau Date: Tue Jun 28 19:25:58 2022 +0200 POC ./MP4Box -bt ./pocintof1s.dat...

State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacks

A China-based advanced persistent threat APT group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns. The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves t...

Malicious code in material-ui-plugin-theme-provider-cache (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6279e90d49af7dd292e465c05215854f32d03268608c9c61edfea5ce62ee9b64 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

MAL-2022-4493 Malicious code in material-ui-plugin-theme-provider-cache (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6279e90d49af7dd292e465c05215854f32d03268608c9c61edfea5ce62ee9b64 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

CNote balance can be affected by griefing attack

Lines of code Vulnerability details Functions borrowFresh, repayBorrowFresh, mintFresh, redeemFresh require CNote balance to be strictly zero, reverting unconditionally otherwise. However, as CNote is ERC20 with usual transfer functionality, anyone can send a cNote tokens to the contract itself,...

Malicious code in omm-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9b77b7e73dde625c8bf9d9f21a73f6fd520dbb22c846db32bf17cfdd324c3da9 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

MAL-2022-5066 Malicious code in omm-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9b77b7e73dde625c8bf9d9f21a73f6fd520dbb22c846db32bf17cfdd324c3da9 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

CVE-2022-2125

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2...