Malicious code in matomo-screenshot-testing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis fc044c397b025c460ce571308d09c4bbbba7869abcc04f319cf219796f7a0666 The OpenSSF Package Analysis project identified 'matomo-screenshot-testing' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

MAL-2023-1507 Malicious code in matomo-screenshot-testing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis fc044c397b025c460ce571308d09c4bbbba7869abcc04f319cf219796f7a0666 The OpenSSF Package Analysis project identified 'matomo-screenshot-testing' @ 1.0.0 npm as malicious. It is considered malicious because: - The...

Metasploit Weekly Wrap-Up

Meterpreter Testing This week’s release adds new payload tests to our automated test suite. This is intended to help the team and community members identify issues and behavior discrepancies before changes are made. Payloads run on a variety of different platforms including Windows, Linux, and OS...

JVN#46993816: EC-CUBE 2 series vulnerable to cross-site scripting

EC-CUBE 2 series provided by EC-CUBE CO.,LTD. contains a cross-site scripting vulnerability CWE-79 in "mail/template" and "products/product" of Management page. Impact An arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using the...

编号撤回

Damn Vulnerable Web Application DVWA is a very vulnerable PHP/MySQL web application by Robin Wood Personal Developer. Help security professionals test their skills and tools in a legal environment, help web developers better understand web application security processes, and help students and...

Microsoft Security Update Validation Report August 2023

Microsoft’s August 2023 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues August still be found upon implementation. Follow best practices for testing and installing...

The vulnerability in the set of tools for web development in Google Chrome’s DevTools allows a hacker to bypass content security policies.

The vulnerability of the DevTools set of tools for web development in Google Chrome exists due to insufficient testing of input data. Exploiting this vulnerability can allow a malicious actor to circumvent content security policies through a specially crafted HTML page...

The vulnerability of the Microsoft Visual Studio software and the Microsoft.NET platform lies in insufficient validation of input data, which allows attackers to disclose sensitive information that should be protected.

The vulnerability of the Microsoft Visual Studio software and the Microsoft.NET platform is related to insufficient testing of input data. Exploiting this vulnerability can allow attackers to disclose sensitive information that should be protected...

Chaos - Origin IP Scanning Utility Developed With ChatGPT

chaos is an 'origin' IP scanner developed by RST in collaboration with ChatGPT. It is a niche utility with an intended audience of mostly penetration testers and bug hunters. An origin-IP is a term-of-art expression describing the final public IP destination for websites that are publicly served...

Drinking Our Own Champagne: Enhancing API Security with FAST

Welcome to another inside story straight from the Wallarm labs. Today we’re taking you behind the scenes of our self-testing journey, showcasing how we "drink our own champagne" by implementing our Framework for Application Security Testing FAST to strengthen the security of our APIs. The intent ...

Continuous Security Validation with Penetration Testing as a Service (PTaaS)

Validate security continuously across your full stack with Pen Testing as a Service. In today's modern security operations center SOC, it's a battle between the defenders and the cybercriminals. Both are using tools and expertise – however, the cybercriminals have the element of surprise on their...

Vulnerability disclosure in aviation

We joined Boeing and United Airlines on a panel recently at the RSA Conference to talk about vulnerability disclosure in the aviation world. The engagement we are now seeing between researchers and industry is a powerful force for positive change. Hopefully this will start to reduce the number of...

test-submitting edit 24

Lines of code L1 Vulnerability details Testing to see if I can edit a finding I don't own Assessed type Access Control --- The text was updated successfully, but these errors were encountered: All reactions...

Design/Logic Flaw

MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue...

CVE-2023-38494

CVE-2023-38494 affects MeterSphere Cloud interfaces; root cause is interfaces lacking configuration permissions, enabling sensitive data disclosure. Public details indicate versions prior to 2.10.4 LTS are affected; 2.10.4 LTS contains the patch. Remediation: upgrade to 2.10.4 LTS (or apply vendo...

CLSA-2023-1691083401 Fix CVE(s): CVE-2022-3697

SECURITY UPDATE: improper handling of towercallback parameter in amazon.aws collection - debian/patches/CVE-2022-3697.patch: ec2instance - validate options on towercallback - CVE-2022-3697 Enable unit testing...

A Penetration Testing Buyer's Guide for IT Security Teams

The frequency and complexity of cyber threats are constantly evolving. At the same time, organizations are now collecting sensitive data that, if compromised, could result in severe financial and reputational damage. According to Cybersecurity Ventures, the cost of cybercrime is predicted to hit ...

MTE As Implemented, Part 1: Implementation Testing

By Mark Brand, Project Zero Background In 2018, in the v8.5a version of the ARM architecture, ARM proposed a hardware implementation of tagged memory, referred to as MTE Memory Tagging Extensions. Through mid-2022 and early 2023, Project Zero had access to pre-production hardware implementing thi...

CVE-2023-31425 - Privilege escalation via the fosexec command

A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is...

Due to revert found during testing it would be wise to implement a rollback and re-whitelist should it be needed

Lines of code Vulnerability details Impact During testing with the Mainnet fork for the migration testing. We needed to make a distinction between V1 Profiles and V2 profiles within the test code, but this is not so in the standard V2 code, and may cause unforeseen issues after the upgrade. The V...