CVE-2023-4978

Cross-site Scripting XSS - DOM in GitHub repository librenms/librenms prior to 23.9.0...

EUVD-2021-7743

Malicious code in bioql PyPI...

CVE-2022-4978 Steppschuh Remote Control Server 3.1.1.12 Unauthenticated RCE

Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custom UDP-based control protocol that accepts remote keyboard input events without verification. An...

CVE-2022-4978

CVE-2022-4978 affects Remote Control Server 3.1.1.12 by Steppschuh. An unauthenticated RCE is possible via a UDP-based control protocol that accepts remote keystroke events without verification, allowing an attacker on the same network to launch a system shell and execute arbitrary commands, resu...

CVE-2025-4978

creationtimestamp| type| source ---|---|--- 2025-05-20 13:40:28+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16974 2025-05-20 13:55:48+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114540501273804153 2025-05-20 14:43:06+00:00| seen|...

CVE-2025-4978

A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.151.00.15NA. This affects an unknown part of the file /BRStop.html of the component Basic Authentication. The manipulation leads to improper authentication. It is possible to initiate the attack remotely...

CVE-2025-4978 Netgear DGND3700 Basic Authentication BRS_top.html improper authentication

A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.151.00.15NA. This affects an unknown part of the file /BRStop.html of the component Basic Authentication. The manipulation leads to improper authentication. It is possible to initiate the attack remotely...

Adobe Reader < 2015.006.30418 / 2017.011.30080 / 2018.011.20040 Multiple Vulnerabilities (APSB18-09) (macOS)

The version of Adobe Reader installed on the remote macOS host is a version prior to 2015.006.30418, 2017.011.30080, or 2018.011.20040. It is, therefore, affected by multiple vulnerabilities. - Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and...

Justice AV Solutions JVS Viewer Embedded Malicious Code (CVE-2024-4978)

The version of Justice AV Solutions JVS Viewer installed on the remote host is 8.3.7. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-4978 advisory. - Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpect...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-4978 Justice AV Solutions JAVS Viewer Installer Embedded Malicious Code Vulnerability These types of vulnerabilities are frequent attack vectors for malicious...

CVE-2024-4978

creationtimestamp| type| source ---|---|--- 2024-05-23 19:33:17+00:00| seen| https://t.me/HackingInsights/867 2024-05-24 12:21:47+00:00| seen| Telegram/35Z3j61Eiun51LjyBaXAW69rvddYyTcdJWUO-G1bZQXEY34 2024-05-24 13:34:06+00:00| seen| https://t.me/KomunitiSiber/1997 2024-05-24 14:30:05+00:00| seen|...

CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack

The following Rapid7 team members contributed to this blog: Ipek Solak, Thomas Elkins, Evan McCann, Matthew Smith, Jake McMahon, Tyler McGraw, Ryan Emmons, Stephen Fewer, and John Fenninger Overview Justice AV Solutions JAVS is a U.S.-based company specializing in digital audio-visual recording...

CVE-2024-4978

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands...

CVE-2024-4978

CVE-2024-4978 affects Justice AV Solutions (JAVS) Viewer v8.3.7 installed via the 8.3.7.250-1 bundle. The advisory documents a malicious binary (fffmpeg.exe) embedded in the installer and signed with an unexpected Vanguard Tech Limited Authenticode certificate. When executed, the binary can estab...

CVE-2024-4978 Malicious Code in Justice AV Solutions (JAVS) Viewer

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands...

CVE-2024-4978

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands. Recent assessments: Assessed Attacker...

VulnCheck KEV: CVE-2024-4978

Justice AV Solutions JAVS Viewer installer contains a malicious version of ffmpeg.exe, named fffmpeg.exe SHA256: 421a4ad2615941b177b6ec4ab5e239c14e62af2ab07c6df1741e2a62223223c4. When run, this creates a backdoor connection to a malicious C2 server...

SUSE: Security Advisory (SUSE-SU-2023:4978-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-4978 Cross-site Scripting (XSS) - DOM in librenms/librenms

Cross-site Scripting XSS - DOM in GitHub repository librenms/librenms prior to 23.9.0...

CVE-2023-4978 Cross-site Scripting (XSS) - DOM in librenms/librenms

Cross-site Scripting XSS - DOM in GitHub repository librenms/librenms prior to 23.9.0...