Red Hat on Friday released an “urgent security alert” warning that two versions of a popular data compression library called XZ Utils (previously LZMA Utils) have been backdoored with malicious code designed to allow unauthorized remote access. The software supply chain compromise, tracked as CVE-2024-3094, has a CVSS score of 10.0, indicating maximum severity. It […]
Image Source: JFrog Security Research Patches have been released for two security flaws impacting the Curl data transfer library, the most severe of which could potentially result in code execution. The list of vulnerabilities is as follows – CVE-2023-38545 (CVSS score: 7.5) – SOCKS5 heap-based buffer overflow vulnerability CVE-2023-38546 (CVSS score: 5.0) – Cookie injection […]
A new security flaw has been disclosed in the libcue library impacting GNOME Linux systems that could be exploited to achieve remote code execution (RCE) on affected hosts. Tracked as CVE-2023-43641 (CVSS score: 8.8), the issue is described as a case of memory corruption in libcue, a library designed for parsing cue sheet files. It […]
The maintainers of the Curl library have released an advisory warning of two security vulnerabilities that are expected to be addressed as part of an forthcoming update set for release on October 11, 2023. This includes a high-severity and a low-severity flaw tracked under the identifiers CVE-2023-38545 and CVE-2023-38546, respectively. Additional details about the issues […]
A set of memory corruption flaws have been discovered in the ncurses (short for new curses) programming library that could be exploited by threat actors to run malicious code on vulnerable Linux and macOS systems. “Using environment variable poisoning, attackers could chain these vulnerabilities to elevate privileges and run code in the targeted program’s context […]
The maintainers of the vm2 JavaScript sandbox module have shipped a patch to address a critical flaw that could be abused to break out of security boundaries and execute arbitrary shellcode. The flaw, which affects all versions, including and prior to 3.9.14, was reported by researchers from South Korea-based KAIST WSP Lab on April 6, […]
A high-severity security flaw has been disclosed in the open source jsonwebtoken (JWT) library that, if successfully exploited, could lead to remote code execution on a target server. “By exploiting this vulnerability, attackers could achieve remote code execution (RCE) on a server verifying a maliciously crafted JSON web token (JWT) request,” Palo Alto Networks Unit […]
The primary domain names under Z-ownership Library’s were lost. An updated seizure banner supports the hypothesis that the U.S. Department of Justice and the FBI are behind the action, which is corroborated by all evidence. New information reveals that more than a hundred domains, including the “GLOBAL Electronic library,” were impacted by the move, even […]
A high-severity vulnerability has been disclosed in the SQLite database library, which was introduced as part of a code change dating all the way back to October 2000 and could enable attackers to crash or control programs. Tracked as CVE-2022-35737 (CVSS score: 7.5), the 22-year-old issue affects SQLite versions 1.0.12 through 3.39.1, and has been […]
Researchers from Oxeye identified a critical vm2 vulnerability (CVE-2022-36067) that has the highest CVSS score of 10.0. R&D executives, Application security engineers, and security experts must make sure they rapidly repair the vm2 sandbox if they utilize it in their apps due to the new flaw known as SandBreak. The most widely used Javascript sandbox […]
Cybersecurity researchers have detailed a recently patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution. Tracked as CVE-2022-25845 (CVSS score: 8.1), the issue relates to a case of deserialization of untrusted data in a supported feature called “AutoType.” It was patched by the project maintainers […]
Researchers report that ctx Python, one of the most popular packages of the Python programming language, would have been compromised by threat actors for the injection of a backdoor impossible to detect for users. As reported just a few hours ago, the package received an update version identified as v0.2.6, which attracted attention because ctx […]
A security report indicates that the developer of the node-ipc JavaScript library, used by the vue.js framework, intentionally introduced a critical vulnerability that could prove disastrous for some users. Brandon Nozaki Miller, also known as RIAEvangelist, created node-ipc, describing it as a cross-process communication module for Node, supporting UNIX, TCP, TLS, and UDP sockets. Apparently, […]
OpenSSL announced the release of an update to address a severe vulnerability in the library whose exploitation would lead to an infinite loop function and an eventual denial of service (DoS) condition. Although DoS attacks are not the most dangerous hacking variant, they can cause significant business disruption, long-term financial repercussions, and a severe loss […]
The warning comes days after three rogue packages, okhsa, klow, and klown discovered by DevSecOps firm Sonatype, were removed from the NPM repository. On Friday, the US Cybersecurity and Infrastructure Security Agency (CISA) released a warning to disclose an incident related to the GitHub Advisory Database. According to CISA, a crypto-mining malware was hidden in a popular […]
Those responsible for the Pac-Resolver NPM code library announced the correction of a critical remote code execution vulnerability. According to the report, the flaw was addressed with the addition of a set of updates that prevents malicious manipulation attempts. Apparently, any application using the vulnerable code for handling proxies on the Internet could be forced […]
dlinject.py Inject a shared library (i.e. arbitrary code) into a live Linux process, without ptrace. Inspired by Cexigua and linux-inject, among other things. How it Works Send the stop signal to the target process. (optional) Locate… The post dlinject: Inject a shared library into a live linux process without ptrace appeared first on Penetration Testing.
PyRDP is a Python 3 Remote Desktop Protocol (RDP) Man-in-the-Middle (MITM) and library. It features a few tools: RDP Man-in-the-Middle Logs credentials used when connecting Steals data copied to the clipboard Saves a copy of the files transferred over the network Saves replays of connections so you can look at them later Run console […]
Most of the developers are familiar with the popular Javascript style guide library called Standard — which also serves as a linter and automatic code fixer. However, in a move which is now being questioned by many developers, Standard has begun to show ads when installed through NPM. In a GitHub post published last week […]
Ruby users who updated with strong_password gem version 0.0.7 are urged to roll back to the previous versions after a developer discovered the malicious code in the gem. The developer named Tute Costa who noticed the inclusion of backdoor while performing regular security audits. He spotted the changes with strong_password on gem hosting service, but […]
Trying to come up with new ways of data storage methods that last long enough, researchers at Harvard University seem to have devised a way that could fit library-sized data into a teaspoon of protein. It is suggested that the researchers have come up with a way of storing data in molecules, specifically oligopeptides. Oligopeptides […]