MAL-2022-5577 Malicious code in rainbow-bridge-testing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c77a9d522ecbb7447f430c4592aa064aa157816d39b65c4da941b07d2b2da05 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in rainbow-bridge-testing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c77a9d522ecbb7447f430c4592aa064aa157816d39b65c4da941b07d2b2da05 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Microsoft Security Update Validation May 2022

Microsoft’s May 2022 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English-only environments and issues may still be found upon implementation. Follow best practices for testing and installing software...

com.adobe.aem.addon.guides:aem-guides-it-tests (>=0.0.1 <=0.0.2), com.adobe.aem.guides:aem-cif-guides-venia.it.tests (>=2012.12.01 <=2024.10.07) +44 more potentially affected by CVE-2017-15717 via org.apache.sling:org.apache.sling.xss (>=1.0.4 <=2.0.12)

org.apache.sling:org.apache.sling.xss MAVEN version =1.0.4, =0.0.1, =2012.12.01, =0.0.4, =0.1.0, =0.2.6, =2.17.0, =2.18.0, =2.17.10, =0.1.0, =0.1.0, =1.0.0, =0.2.1, =0.9.2 and more Source cves: CVE-2017-15717 Source advisory: OSV:GHSA-7MFW-43C4-45MQ...

com.bugvm:bugvm-compiler (>=1.0.0 <=1.1.5), com.carrotsearch.randomizedtesting:ant-junit4 (>=0.0.3 <=0.0.4) +58 more potentially affected by CVE-2017-1000190 via org.simpleframework:simple-xml (>=2.1.3 <=2.7)

org.simpleframework:simple-xml MAVEN version =2.1.3, =1.0.0, =0.0.3, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1.0.22, =2.3.1-ios11, =1.0.2, =1.0.1, =1.1.0.1 and more Source cves: CVE-2017-1000190 Source advisory: OSV:GHSA-F5QF-VH69-9Q4R...

Adding Guardrails To A Cloud Account After The Fact

This article outlines a priority checklist of which guardrails need to be applied to an existing cloud account. Answering questions like, can these guardrails be implemented without breaking anything? What level of testing is required?...

The vulnerability of the Core component of the Oracle VM VirtualBox virtualization software for Windows operating systems allows a hacker to gain full control over the application.

The vulnerability of the Core component of the Oracle VM VirtualBox virtualization software for Windows operating systems is related to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to gain full control over the application...

Fedora: Security Advisory for golang-github-pact-foundation (FEDORA-2022-08ae2dd481)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-github-gohugoio-testmodbuilder (FEDORA-2022-08ae2dd481)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-pact-foundation-1.5.1-5.fc36

Pact Go enables consumer driven contract testing, providing a mock service and DSL for the consumer project, and interaction playback and verification for t he service provider project...

[SECURITY] Fedora 36 Update: golang-github-gohugoio-testmodbuilder-0-0.9.20201030git72e1e0c.fc36

Some helper scripts used for Hugo testing...

Malicious-Pdf - Generate A Bunch Of Malicious Pdf Files With Phone-Home Functionality

Generate ten different malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh Used for penetration testing and/or red-teaming etc. I created this tool because i needed a third party tool to generate a bunch of PDF files with various links. Usage pytho...

The vulnerability in the set of tools for web development, DevTools, in Microsoft Edge and Google Chrome browsers allows a hacker to expose protected information.

The vulnerability of the DevTools suite for web development in Microsoft Edge and Google Chrome exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to disclose sensitive information...

REvil Ransom Code Execution

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/7d7ee58c2696794b3be958b165eb61a9.txt Contact: [email protected] Media: twitter.com/malvuln Threat: REvil Ransom Vulnerability: Code Execution Description: REvil looks for and executes DLLs in its...

Moonwalk - Cover Your Tracks During Linux Exploitation By Leaving Zero Traces On System Logs And Filesystem Timestamps

Cover your tracks during LinuxExploitation / Penetration Testing by leaving zero traces on system logs and filesystem timestamps. Introduction moonwalk is a 400 KB single-binary executable that can clear your traces while penetration testing a Unix machine. It saves the state of system logs...

Metasploit Wrap-Up

Redis Sandbox Escape Our very own Jake Baines wrote a module that performs a sandbox escape on Redis versions between 5.0.0 and 6.1.0 and achieves remote code execution as the redis user. Redis installations can be password protected, so this module supports exploiting the vulnerability with and...

Exploit for SQL Injection in Redplanetcomputers Laundry_Management_System

Red-Planet-Laundry-Management-System-1.0-is-vulnerable-to-SQL...

Fedora: Security Advisory for golang-github-pact-foundation (FEDORA-2022-5cbd6de569)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-github-gohugoio-testmodbuilder (FEDORA-2022-5cbd6de569)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-github-gohugoio-testmodbuilder (FEDORA-2022-3a63897745)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...