4777 matches found
airbrake module information disclosure vulnerability
The airbrake module is an exception report notification program for use in Node.js. A security vulnerability exists in airbrake module version 0.3.8 and earlier, which stems from the program defaulting to sending environment variables with sensitive values over the HTTP protocol. An attacker can...
CVE-2016-10530
The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending...
Hardcoded credentials
The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending...
CVE-2016-10530
The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending...
CVE-2016-10530
The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending...
mysqljs Information Disclosure Vulnerability
mysqljs is a malware that steals environment variables and sends them to an attacker. A security vulnerability exists in mysqljs. The vulnerability can be exploited by an attacker to steal environment variables and send them to an address under the attacker's control...
tkinter Information Disclosure Vulnerability
tkinter is a malware that steals environment variables and sends them to attackers. A security vulnerability exists in tkinter. An attacker can exploit the vulnerability to steal environment variables and send them to an address under the attacker's control...
node-tkinter information disclosure vulnerability
node-tkinter is a malware that steals environment variables and sends them to attackers. A security vulnerability exists in node-tkinter. An attacker can use this vulnerability to steal environment variables and send them to an address under the attacker's control...
Malicious Typo-Squatting
The node-tkinter packages is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake them for the real one but have malicious actions under the hood such as stealing environment variables...
Malicious Typo-Squatting
The tkinter packages is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake them for the real one but have malicious actions under the hood such as stealing environment variables...
Malicious Typo-Squatting
The mysqljs packages is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake them for the real one but have malicious actions under the hood such as stealing environment variables...
CVE-2017-16047
mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16061
tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16062
node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
Code injection
node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
Code injection
tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
Code injection
mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16062
node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16047
mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16062
CVE-2017-16062 relates to the npm package node-tkinter, which is described as malware that steals environment variables and sends them to attacker-controlled locations. The package has been unpublished from the npm registry. Practical impact stated across sources is the exposure of environment va...