10684 matches found
Malicious Package
Overview ally-antivirus is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
CVE-2022-26522
CVE-2022-26522 affects Avast/AVG Anti-Rootkit driver aswArPot.sys. The socket connection handler vulnerability enables local privilege escalation to kernel mode, with potential memory corruption/OS crash via double-fetch at aswArPot+0xc4a3. Avast’s mitigations include a fix released in version 22...
Malicious code in ally-antivirus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e5527c47f32b162abebfbbb8a15c8871ef050e5e0b07f8096b573cab2e6dfec The package ally-antivirus was found to contain malicious code. Source: ghsa-malware 094da0aa0245426ad224e9b2a072377a3c07bfc191bc3fab1d2060cdeaf79387...
MAL-2026-3295 Malicious code in ally-antivirus (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e5527c47f32b162abebfbbb8a15c8871ef050e5e0b07f8096b573cab2e6dfec The package ally-antivirus was found to contain malicious code. Source: ghsa-malware 094da0aa0245426ad224e9b2a072377a3c07bfc191bc3fab1d2060cdeaf79387...
AVAST Antivirus 25.11 - Unquoted Service Path
Exploit Title: AVAST Antivirus 25.11 - Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Date: 2025-12-17 Vendor Homepage:https://www.avast.com/ Software Link : https://www.avast.com/es-mx/download-thank-you.php?product=SLN&locale=es-mx Tested Version:...
CVE-2026-35463
pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMINONLYOPTIONS protection mechanism restricts security-critical configuration values reconnect scripts, SSL certs, proxy credentials to admin-only access. However, this protection is only...
CVE-2026-35463
pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMINONLYOPTIONS protection mechanism restricts security-critical configuration values reconnect scripts, SSL certs, proxy credentials to admin-only access. However, this protection is only...
CVE-2026-35463 pyLoad has Improper Neutralization of Special Elements used in an OS Command
pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMINONLYOPTIONS protection mechanism restricts security-critical configuration values reconnect scripts, SSL certs, proxy credentials to admin-only access. However, this protection is only...
CVE-2026-35463
Pyload/pyload-ng (CVE-2026-35463) exposes a remote code execution path when the AntiVirus plugin’s executable path (avfile) and arguments are user-configurable. The ADMIN_ONLY_OPTIONS protection applies to core config but not to plugin config, allowing a non-admin user with SETTINGS permission to...
CVE-2026-35463 pyLoad has Improper Neutralization of Special Elements used in an OS Command
pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMINONLYOPTIONS protection mechanism restricts security-critical configuration values reconnect scripts, SSL certs, proxy credentials to admin-only access. However, this protection is only...
pyLoad 操作系统命令注入漏洞
pyLoad is an open-source download manager written in Python. Versions of pyLoad 0.5.0b3.dev96 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from the ADMINONLYOPTIONS protection mechanism, which was only applied to core configuratio...
EUVD-2016-10865
Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted service path and trigger service restart or...
CVE-2016-20061 sheed AntiVirus 2.3 Unquoted Service Path Privilege Escalation
sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can insert a malicious executable in the unquoted path and trigger service restart or system reboot to...
CVE-2016-20058 Netgate AMITI Antivirus build 23.0.305 Unquoted Service Path Privilege Escalation
Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted service path and trigger service restart or...
CVE-2016-20058
Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted service path and trigger service restart or...
CVE-2016-20058 Netgate AMITI Antivirus build 23.0.305 Unquoted Service Path Privilege Escalation
Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted service path and trigger service restart or...
CVE-2016-20058
CVE-2016-20058 affects Netgate AMITI Antivirus build 23.0.305, where an unquoted service path in the AmitiAvSrv and AmitiAntivirusHealth services allows a local attacker to escalate privileges. By placing a malicious executable in the unquoted path, triggering a service restart or system reboot e...
pyLoad: Improper Neutralization of Special Elements used in an OS Command
Summary The ADMINONLYOPTIONS protection mechanism restricts security-critical configuration values reconnect scripts, SSL certs, proxy credentials to admin-only access. However, this protection is only applied to core config options, not to plugin config options. The AntiVirus plugin stores an...
Command Injection
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Command Injection through improper handling of plugin configuration options, specifically the avfile parameter in the AntiVirus plugin, which is passed...
PT-2026-30340
Name of the Vulnerable Software and Affected Versions pyLoad affected versions not specified Description The ADMIN ONLY OPTIONS protection mechanism, intended to restrict access to sensitive configuration values, is not applied to plugin configuration options. Specifically, the AntiVirus plugin...