Lucene search
K

1340 matches found

Veracode
Veracode
added 2018/07/13 12:13 a.m.10 views

Malicious Package

A malicious version of eslint-scope has been published onto the npm registry. This malicious version attempts to steal the user's npm authentication token from .npmrc through a postinstall script specified in package.json. Successful attempts would result in compromised authentication tokens...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/03/12 12:0 a.m.30 views

Solaris 10 (x86) : 119784-31

Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Bind/Postinstall script for Bind package. The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component o...

6CVSS6.3AI score0.1309EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2018/03/12 12:0 a.m.32 views

Solaris 10 (sparc) : 119783-32

Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Bind/Postinstall script for Bind package. The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component o...

6CVSS6.3AI score0.1309EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2018/03/12 12:0 a.m.28 views

Solaris 10 (sparc) : 119783-31

Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Bind/Postinstall script for Bind package. The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component o...

6CVSS6.3AI score0.1309EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2018/02/06 12:0 a.m.38 views

Joomla! 1.5.0 < 3.8.4 Multiple Vulnerabilities

According to its self-reported version number, the Joomla! installation running on the remote web server is 1.5.0 or later but prior to 3.8.4. It is, therefore, affected by multiple XSS and SQLi vulnerabilities : - The XSS vulnerability in module chromes as noted in the 20180101 announcement...

9.8CVSS7.4AI score0.58147EPSS
Exploits1References8
CNVD
CNVD
added 2018/01/31 12:0 a.m.2 views

Joomla! SQL Injection Vulnerability (CNVD-2018-04206)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. A SQL injection vulnerability exists in the Hathor postinstall message in Joomla! that stems from a lack of variable type conversion in the program....

9.8CVSS8.3AI score0.04785EPSS
Exploits1References1
CVE
CVE
added 2018/01/30 5:0 p.m.87 views

CVE-2018-6376

CVE-2018-6376 ( Joomla! ) describes a SQL injection vulnerability in the Hathor postinstall message due to the lack of type casting of a variable within a SQL statement in Joomla! versions prior to 3.8.4. Affected is Joomla! up to 3.8.3. Root cause: improper handling of input in SQL context leadi...

9.8CVSS9.6AI score0.04785EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2017/11/22 12:0 a.m.2 views

Cohu 3960HD 'webupgrade' function file upload vulnerability

The Cohu 3960HD is an IP zoom camera from Cohu USA that is typically used as a traffic camera. A file upload vulnerability exists in the 'webupgrade' function in the Cohu 3960HD, which stems from the program failing to validate a file or process uploaded by the firmware. An attacker can exploit t...

10CVSS7.3AI score0.01483EPSS
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/11/17 12:0 a.m.78 views

[20180104] - Core - SQLi vulnerability in Hathor postinstall message

The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message...

9.8CVSS9.7AI score0.04785EPSS
Exploits1Affected Software1
Veracode
Veracode
added 2017/11/01 6:53 a.m.13 views

Malicious Module

pandora-doomsday and test-module-a are modules which can infect other modules. During installation, the module runs a postinstall script that adds the package's author mr-robot as an owner to every other package owned by the user that ran the npm install method...

9.8CVSS9.1AI score0.01455EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2016/12/02 12:0 a.m.2 views

UBUNTU-CVE-2016-9774

The postinst script in the tomcat6 package before 6.0.45+dfsg-1deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu...

7.8CVSS7.1AI score0.00747EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2016/06/15 12:18 a.m.34 views

CVE-2016-4983

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files...

3.3CVSS3.2AI score0.00395EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2014/11/08 12:0 a.m.21 views

RHEL 6 : qemu-kvm-rhev (RHSA-2012:1233)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:1233 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the...

7.2CVSS7.5AI score0.00528EPSS
Exploits0References4
NVD
NVD
added 2013/01/17 1:55 a.m.27 views

CVE-2013-0415

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind package...

6CVSS5.3AI score0.00304EPSS
Exploits0References4
Prion
Prion
added 2013/01/17 1:55 a.m.22 views

Design/Logic Flaw

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind package...

6CVSS5.9AI score0.00304EPSS
Exploits0References4Affected Software2
CVE
CVE
added 2013/01/17 1:30 a.m.76 views

CVE-2013-0415

CVE-2013-0415 is linked to Solaris 10 in the Bind/Postinstall script for the Bind package. Connected sources indicate a local, privilege-escalation vulnerability affecting Solaris 10 (both SPARC and x86) with the potential for arbitrary code execution after user/OS authentication and additional c...

6CVSS5.3AI score0.00304EPSS
Exploits0References4Affected Software1
securityvulns
securityvulns
added 2012/07/30 12:0 a.m.32 views

file clobbering vulnerability in Solaris update manager &amp; local root with SUNWbindr install.

Hi list, Two small problems I noticed with Oracle Solaris Update Manager and the latest patch cluster on Solaris 10 x86. += Local Root If the system administrator is updating the system using update manager or smpatch multi user mode a race condition exists with the postinstall script for SUNWbin...

0.1AI score
Exploits0
Oracle linux
Oracle linux
added 2010/04/05 12:0 a.m.31 views

brltty security and bug fix update

3.7.2-4 - use rpm macros more consistently - add manual page for brltty.conf - add more documentation - install the default brltty-pm.conf to docdir only - Resolves: 530554 - silence the postinstall scriptlet - Resolves: 529163 3.7.2-3 - escape rpm macros in the rpm change log - remove bogus rpat...

6.9CVSS0.3AI score0.00539EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2008/11/07 12:0 a.m.4 views

PT-2008-6168 · Twiki · Twiki

Name of the Vulnerable Software and Affected Versions: twiki version 4.1.2 Description: The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. The vendor disputes this issue, stating it is invalid. Recommendations: For twiki version 4.1.2,...

6.9CVSS6.3AI score0.00286EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2007/06/18 12:0 a.m.36 views

Solaris 10 (x86) : 119784-40 (deprecated)

Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Bind/Postinstall script for Bind package. The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component o...

6CVSS6.6AI score0.31671EPSS
Exploits2References5
Rows per page
Query Builder