GHSA-P2F7-9CV7-JJF6 Goomph before 3.37.2 allows malicious zip file to write contents to arbitrary locations

This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve...

CVE-2022-26049

This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve...

CVE-2022-35213

Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site scripting XSS vulnerability via the function baseurl at /blog/blogpublish.php...

CVE-2022-35213

Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site scripting XSS vulnerability via the function baseurl at /blog/blogpublish.php...

Cross site scripting

Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site scripting XSS vulnerability via the function baseurl at /blog/blogpublish.php...

CVE-2022-35213

Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site scripting XSS vulnerability via the function baseurl at /blog/blogpublish.php...

CVE-2022-35213

CVE-2022-35213 relates to Ecommerce-CodeIgniter-Bootstrap before commit 56465f, where a cross-site scripting (XSS) flaw exists in the base_url() usage at /blog/blogpublish.php. Affected versions before the commit are vulnerable; impact is an XSS risk with potential user interaction. Remediation: ...

Ecommerce-CodeIgniter-Bootstrap 跨站脚本漏洞

Ecommerce-CodeIgniter-Bootstrap is a responsive, multi-vendor, multi-language online store platform shopping cart solution. A security vulnerability exists in versions of Ecommerce-CodeIgniter-Bootstrap prior to 56465f, which stems from the function baseurl in blog/blogpublish.php was found to...

Malicious Package

Overview sp-bootstrap is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Security fix for the ALT Linux 10 package dotnet-bootstrap-7.0 version 6.0.7-alt1

Aug. 5, 2022 Vitaly Lipatov 6.0.7-alt1 - The .NET 6.0.7 and .NET SDK 6.0.107 releases - CVE-2022-30184: .NET Information Disclosure Vulnerability - CVE-2022-29117: .NET Denial of Service Vulnerability - CVE-2022-29145: .NET Denial of Service Vulnerability - CVE-2022-23267: .NET Denial of Service...

Security fix for the ALT Linux 10 package dotnet-bootstrap-6.0 version 6.0.7-alt1

Aug. 5, 2022 Vitaly Lipatov 6.0.7-alt1 - The .NET 6.0.7 and .NET SDK 6.0.107 releases - CVE-2022-30184: .NET Information Disclosure Vulnerability - CVE-2022-29117: .NET Denial of Service Vulnerability - CVE-2022-29145: .NET Denial of Service Vulnerability - CVE-2022-23267: .NET Denial of Service...

Jfinal CMS SQL Injection Vulnerability (CNVD-2022-58382)

Jfinal CMS is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , template engine with beetl, database with mysql, front-end bootstrap framework. Jfinal CMS version v5.1.0 has a SQL injection vulnerability that originates from...

Jfinal CMS Cross-Site Scripting Vulnerability (CNVD-2022-58383)

Jfinal CMS is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , template engine with beetl, database with mysql, front-end bootstrap framework. Jfinal CMS v5.1.0 version of the cross-site scripting vulnerability , the...

org.apache.nifi:nifi-bootstrap (>=1.14.0 <=1.15.3), org.apache.nifi:nifi-single-user-iaa-providers (>=1.14.0 <=1.15.3) +2 more potentially affected by CVE-2022-26850 via org.apache.nifi:nifi-single-user-utils (>=1.14.0 <=1.15.3)

org.apache.nifi:nifi-single-user-utils MAVEN version =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.14.0, =1.15.3 Source cves: CVE-2022-26850 Source advisory: OSV:GHSA-RVP4-R3G6-8HXQ...

Malicious code in samples-bootstrap-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 03a7a684dc17823d5e5581fe85fe43261a947901f2f2afb4820f5815198cb572 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5922 Malicious code in samples-bootstrap-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 03a7a684dc17823d5e5581fe85fe43261a947901f2f2afb4820f5815198cb572 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-fe-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb0b941f4da2748bca11ee138e4c299dd3179986c423c19f5f1fcee43afa5941 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5646 Malicious code in react-fe-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb0b941f4da2748bca11ee138e4c299dd3179986c423c19f5f1fcee43afa5941 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in mitui-util-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1be459d25dc3b29431a21681be062b337787de0a155f43ce2176a6a141dc5c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in epamgithubio-bootstrap (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware abc0617f8ce0d97376b645045f960a43fe036d1623375b75ba68096ebe06b200 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...