CVE-2022-32996

The django-navbar-client package of v0.9.50 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

CVE-2017-20083

A vulnerability, which was classified as critical, was found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. Affected is an unknown function of the component SSH Server. The manipulation leads to backdoor. An attack has to be approached locally. The exploit has been disclosed to the public and...

PT-2022-3361 · Weblizar · School Management Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: School Management WordPress plugin versions prior to 9.9.7 Description: The issue is related to an obfuscated backdoor injected in the license checking code of the School Management WordPress plugin, which registers a REST API handler. This...

Hikvision IP Camera - Backdoor Vulnerability

Exploit Title: Hikvision IP Camera - Backdoor Exploit Author: Sobhan Mahmoodi Reference: https://ipvm.com/reports/hik-exploit GitHub: https://github.com/bp2008/HikPasswordHelper/ Hikvision included a magic string that allowed instant access to any camera, regardless of what the admin password was...

WordPress plugin AccessPress 安全漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin AccessPress Themes has a security vulnerability that stems from the existence of a backdoor in the vendor...

Backdoor.Win32.Hupigon.fjcd Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/284f36e35db6a0aa9a493f39d834367e.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.fjcd Vulnerability: Unauthenticated Open Proxy Description: The malware liste...

Mofi Network MOFI4500-4GXeLTE Backdoor Vulnerability

The Mofi Network MOFI4500-4GXeLTE is a wireless router from Mofi Network. A security vulnerability exists in the Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The vulnerability stems from the fact that the Dropbear SSH daemon has been modified to accept an alternate hardcoded path to a public...

Mofi Network MOFI4500-4GXeLTE Remote Reboot Backdoor Vulnerability

The Mofi Network MOFI4500-4GXeLTE is a wireless router from Mofi Network. A remote reboot backdoor vulnerability exists in the Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices, which can be exploited by an attacker to reboot the device by accessing /cgi-bin/poof.cgi with a private key...

GHSA-VM7J-4RJ6-MW2P Malicious Package in ember_cli_babe

Version 6.16.0 of emberclibabe contains malicious code as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server, executes it and opens a...

Backdoor Vulnerability in FameView Configuration Monitoring System of Beijing Jiezhong Company

FameView configuration software is a high-performance configuration and monitoring software independently developed by Beijing Jiezhong Company based on the Windows operating system with many years of experience in engineering applications and services, providing economical and perfect automation...

Barco ClickShare Button R9861500D01 Input Validation Error Vulnerability

The Barco ClickShare Button R9861500D01 is a wireless control device for presentation systems from Barco Belgium. A security vulnerability exists in Barco ClickShare Button R9861500D01 prior to version 1.9.0, which originates from the program failing to perform an integrity check on variable...

The Phishing Industry

As I mentioned in my previous blog post, phishing attacks are now being created and executed on an industrial scale. Malicious actors are increasingly using highly sophisticated off-the-shelf phishing kits that allow them to deliver very targeted, short-lived attacks. These campaigns direct victi...

Backdoor vulnerability in Apple's CMS

Apple CMS is a movie website building system that can be quickly installed and deployed in a PHP+MYSQL environment. Apple CMS has a backdoor vulnerability that can be exploited by attackers to gain administrator privileges...

Backdoor Vulnerability in Central CMS 3.0

Azeus CMS is a cms system made by Azeus Studio, this CMS is written in UTF-8 coding. A backdoor vulnerability exists in Azeus CMS 3.0, which can be exploited by attackers to gain server privileges...

NAPro has a backdoor vulnerability

NAPro is a PLC programming software developed by Nanda Aotuo Technology Jiangsu Co. NAPro has a backdoor vulnerability that can be exploited by an attacker to log into a PLC and perform illegal operations...

PT-2019-2989 · Webmin · Webmin

Name of the Vulnerable Software and Affected Versions: Webmin versions 1.882 through 1.921 Webmin versions 1.890 through 1.920 Webmin versions prior to 1.930 Description: A backdoor was discovered in Webmin, a web-based system administration interface for UNIX-like operating systems. The backdoor...

CVE-2018-18473

A hidden backdoor on PATLITE NH-FB Series devices with firmware version 1.45 or earlier, NH-FV Series devices with firmware version 1.10 or earlier, and NBM Series devices with firmware version 1.09 or earlier allow attackers to enable an SSH daemon via the "kankichi" or "kamiyo4" password to the...

CVE-2018-1150

NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists...

Backdoor Vulnerability in NUUO NVRMini2

NUUO is one of the surveillance solution providers and NUUO NVRMini 2 is the NVR solution with NAS functionality. A backdoor vulnerability exists in NUUO NVRMini 2. When a specific file /tmp/moses/ exists in the file system of the target device, the backdoor will be opened, and any unauthorized...

CVE-2018-1000203

Soar Labs Soar Coin version up to and including git commit 4a2aa71ee21014e2880a3f7aad11091ed6ad434f latest release as of Sept 2017 contains an intentional backdoor vulnerability in the function zerofeetransaction that can result in theft of Soar Coins by the "onlycentralAccount" Soar Labs after...