8 matches found
Malicious code in @leviosa86com/leviosa86-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96264a8719e17bd8ec21d47213fe31dec87445e01ff312a1e46af5819e028979 Package @leviosa86com/[email protected] ships src/poc/index.js which shells out via childprocess.exec to collect host identifiers hostname, pwd,...
MAL-2026-10625 Malicious code in @leviosa86com/leviosa86-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96264a8719e17bd8ec21d47213fe31dec87445e01ff312a1e46af5819e028979 Package @leviosa86com/[email protected] ships src/poc/index.js which shells out via childprocess.exec to collect host identifiers hostname, pwd,...
Malicious code in tempo-modules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ad4276e2eafbe6d7040f94ac546ec20e7ac211e1e5906964c25f581a519d183 [email protected] is a dependency-confusion attack package. The package.json preinstall hook executes poc.js, which on every npm install harvests...
CVE-2023-36474
Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e app. Interactsh server used to create cname entries for app pointing to...
Arbitrary File Read/Write
github.com/projectdiscovery/interactsh is vulnerable to Arbitrary File Read/Write. The vulnerability is due to improper smb server restrictions which allows an attacker to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login...
Subdomain Takeover in Interactsh server
A domain configured with interactsh server was vulnerable to subdomain takeover for specfic subdomain, i.e app, Interactsh server before 1.0.0 used to create cname entries for app pointing to projectdiscovery.github.io as default which intended to used for hosting interactsh web client using GitH...
GHSA-M36X-MGFH-8G78 Subdomain Takeover in Interactsh server
A domain configured with interactsh server was vulnerable to subdomain takeover for specfic subdomain, i.e app, Interactsh server before 1.0.0 used to create cname entries for app pointing to projectdiscovery.github.io as default which intended to used for hosting interactsh web client using GitH...
PT-2022-28160 · Projectdiscovery · Interactsh Server
Name of the Vulnerable Software and Affected Versions: Interactsh server versions prior to 1.0.0 Description: Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a...