Freewill Solutions IFIS new trading web application vulnerable to unauthenticated remote code execution

Overview Freewill Solutions IFIS new trading web application version 20.01.01.04 is vulnerable to unauthenticated remote code execution. Successful exploitation of this vulnerability allows an attacker to run arbitrary shell commands on the affected host. Description Freewill Solutions IFIS new...

Malicious code in dojo-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 58ff9bd8fdb50f834a7cc8a72c7d1a31edae453146ddf2e9358fbde9e4ce3c36 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Citrix Resolves Vulnerabilities in Virtual Apps and Workspace Apps

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Citrix Systems has addressed vulnerabilities in its Virtual Apps and Desktops, as well as Workspace Apps products, that could potentially enable attackers with local access to the target to elevat...

Malicious code in startrek-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 677916f3c3652c9c9adf72499bd52d0411e53c57df7ff1a301df7dfb9d64474d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in seller-listing-service (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8688aaa3e38ab3bfd132b1575c132517353f1b3406028da23c121d5dd37d0ab0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in guljshint (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2631200c464ded493243d1cae6422ded696465305c19a3bb1ef0406cc5299b96 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ronbhdcvpqkxwgei (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0c89cc5b81049d91444be4acb8581342dbbb6ba937491e593eb64e998c1a813b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in blockly-samples (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2113195c9b0e983c65e83e792b256354bbbebb00c39ce09f5e073cfdaa950365 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in gemini-exports (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fe62a9c88ec9dc9e1a54b40fcf3cb72e0f866e8c98d5a2a45bd6b8482a79f313 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in mycryptoapi-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 684a9e26618fb24cf63739213a943493619ea3ef490517601038f096fb7204f1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in amberdata-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00f87e296c2ebe96b609c852f357a35da6163c3fdfec66fab791b42c316ceb43 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ai-document-translator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b38ac855d648c1b9c916704286b6a4147abf283a90107f35aaf10600caed3625 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in azure-arm-oep-samples-js-beta (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4e23ca07491bdf9fa618fef6a680baf08972902d40f0f70745841522db054055 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @epc-infra/region-only-policy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 03aeca5ad9dc6bebb0249d07c948fc2913ba7b25fdc41cea4a5c78c8bf672958 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2021-33026

The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage e.g., filesystem, Memcached, Redis, etc., they can construct a crafted payload, poison the...

Remote code execution

DISPUTED The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage e.g., filesystem, Memcached, Redis, etc., they can construct a crafted payload,...

CVE-2021-33026

The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage e.g., filesystem, Memcached, Redis, etc., they can construct a crafted payload, poison the...

GHSA-J3QQ-QVC8-C6G7 Malicious Package in foever

All versions of foever are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This packag...

Malicious Package in soket.js

All versions of soket.js are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This...

GHSA-X6GQ-467R-HWCC Malicious Package in soket.js

All versions of soket.js are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation This...