1956 matches found
GHSA-9CQ4-MHMR-84GM Malicious Package in jasmin
Version 0.0.3 of jasmin contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.3 of this module is found installed you will want...
Malicious Package in jasmin
Version 0.0.3 of jasmin contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.3 of this module is found installed you will want...
Malicious Package in css_transform_step
Version 1.0.6 of csstransformstep contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.6 of this module is found installed you...
GHSA-4RX9-58M7-GR8W Malicious Package in css_transform_step
Version 1.0.6 of csstransformstep contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.6 of this module is found installed you...
GHSA-X9GM-QXHH-RF75 Malicious Package in cordova-plugin-china-picker
Version 1.0.910 of cordova-plugin-china-picker contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.910 of this module is foun...
Malicious Package in coffee-project
Version 1.7.5 of coffee-project contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.7.5 of this module is found installed you...
Malicious Package in awesome_react_utility
Version 1.0.2 of awesomereactutility contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.2 of this module is found installed...
GHSA-QMXF-FXQ7-W59F Malicious Package in angular-material-sidenav-rnd
Version 0.1.1 of angular-material-sidenav-rnd contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.1.1 of this module is found...
CVE-2020-13470
Gigadevice GD32F103 and GD32F130 devices allow physical attackers to extract data via the probing of easily accessible bonding wires and de-obfuscation of the observed data...
Design/Logic Flaw
Gigadevice GD32F103 and GD32F130 devices allow physical attackers to extract data via the probing of easily accessible bonding wires and de-obfuscation of the observed data...
CVE-2020-13470
CVE-2020-13470 affects Gigadevice GD32F103 and GD32F130 microcontrollers. The root cause is physical access enabling probing of bonding wires to de-obfuscate and extract data, with potential high integrity impact and no public remediation details in the provided documents. Monitor for vendor advi...
CVE-2020-13470
Gigadevice GD32F103 and GD32F130 devices allow physical attackers to extract data via the probing of easily accessible bonding wires and de-obfuscation of the observed data...
Medium: lynis
Issue Overview: In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be...
CVE-2020-15486
An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because the Bluetooth LE support is implemented without a requirement for pairing or security, any attacker can access the GATT server of the device and can sniff the data being broadcasted while a measurement is being done. Also, saved...
Design/Logic Flaw
An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because the Bluetooth LE support is implemented without a requirement for pairing or security, any attacker can access the GATT server of the device and can sniff the data being broadcasted while a measurement is being done. Also, saved...
Evine - Interactive CLI Web Crawler
Evine is a simple, fast, and interactive web crawler and web scraper written in Golang. Evine is useful for a wide range of purposes such as metadata and data extraction, data mining, reconnaissance and testing. Follow the project on Twitter. Install From Binary Pre-build binary releases are also...
Mail.ru: tmgame.mail.ru - Blind sql injection
https://tmgame.mail.ru/action.php?xml=1&acode=comein&buildtype=all&bldID=selectfromselectsleep20a&bldlocID=8 bldID уязвимый get-параметор. Impact Получение данных из бд...
FreeXL: Multiple vulnerabilities
Background FreeXL is an open source library to extract valid data from within an Excel .xls spreadsheet. Description Multiple vulnerabilities have been discovered in FreeXL. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
SQL Injection Vulnerability in Extreme CMS of Langfang Extreme Network Technology Co. Ltd (CNVD-2020-48967)
Extreme CMS is an open source and free PHPCMS web content management system. Ltd. Extreme CMS suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...
CVE-2020-15008
A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user...