API - API Security Blog

GuLoader Malware Utilizing New Techniques to Evade Security Software

[![GuLoader Malware](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)]() Cybersecurity researchers have exposed a wide variety of tec ...

December 26, 2022

Havoc – Modern and malleable post-exploitation command and control framework

[![](https://blogger.googleusercontent.com/img/a/AVvXsEgmN9Sr4S1OW5dtSoe8SlW8gaiTTYaIaOdySiRmBKTA1G4yoFZl7hv9IZo1mAIkwzabEfKpkoUaA3OaFYavgLaFKjf_krLv0HATwlUAYMmQPSyBmzEoF_1crJMqh4jfF7W-yxtoh1iuXoVnH4F ...

December 26, 2022

CVE-2021-44854

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis.Read More ...

December 26, 2022

CVE-2021-45467

In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /us ...

December 26, 2022

CVE-2021-45466

In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folde ...

December 26, 2022

OFRAK – Unpack, Modify, And Repack Binaries

[![](https://blogger.googleusercontent.com/img/a/AVvXsEjiBNkPBTHSL_td65ql_0b_cMdzWCtwMgQuwMSqgIf9TsRGW7jhUM1_ucJdf_0btYC-EK54ZJGB14Q7sm8U_7Dje8CoEVr7FAul3RbizvoQWD5l1ZpyLa5I_1YxpXvcP90CIZ6wmxzm3c29FQ3 ...

December 25, 2022

CVE-2022-44012

An issue was discovered in /DS/LM_API/api/SelectionService/InsertQueryWithActiveRelationsReturnId in Simmeth Lieferantenmanager before 5.6. An attacker can execute JavaScript code in the browser of th ...

December 24, 2022

CVE-2022-44013

An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can make various API calls without authentication because the password in a Credential Object is not checked.Read More ...

December 24, 2022