Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user named mikilanjillo, is...

EUVD-2022-34392

Malicious code in bioql PyPI...

CVE-2023-5536

A feature in LXD LP1829071, affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password...

PT-2023-32161 · Canonical · Lxd +1

Name of the Vulnerable Software and Affected Versions: LXD affected versions not specified Ubuntu Server affected versions not specified Description: A feature in LXD affects the default configuration of Ubuntu Server, allowing privileged users in the lxd group to escalate their privilege to root...

CVE-2018-13341

Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execut...

Mac OS X Sudo Password Bypass

This module gains a session with root permissions on versions of OS X with sudo binary vulnerable to CVE-2013-1775. Tested working on Mac OS 10.7-10.8.4, and possibly lower versions. If your session belongs to a user with Administrative Privileges the user is in the sudoers file and is in the...

Mac OS X Sudo Password Bypass

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'shellwords' class Metasploit3 'Mac OS X Sudo Password Bypass',...

sudo protection bypass

It's possible to bypass password request by manipulating timestamps. Session id hijacking is possible under some conditions...

CVE-2008-2516

pamsmauthenticate in pampgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pamgetpass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at ...

CVE-2008-2516

pamsmauthenticate in pampgsql.c in libpam-pgsql 0.6.3 does not properly consider operator precedence when evaluating the success of a pamgetpass function call, which allows local users to gain privileges via a SIGINT signal when this function is executing, as demonstrated by a CTRL-C sequence at ...