1340 matches found
Malicious Package
A malicious version of eslint-scope has been published onto the npm registry. This malicious version attempts to steal the user's npm authentication token from .npmrc through a postinstall script specified in package.json. Successful attempts would result in compromised authentication tokens...
Solaris 10 (x86) : 119784-31
Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Bind/Postinstall script for Bind package. The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component o...
Solaris 10 (sparc) : 119783-32
Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Bind/Postinstall script for Bind package. The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component o...
Solaris 10 (sparc) : 119783-31
Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Bind/Postinstall script for Bind package. The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component o...
Joomla! 1.5.0 < 3.8.4 Multiple Vulnerabilities
According to its self-reported version number, the Joomla! installation running on the remote web server is 1.5.0 or later but prior to 3.8.4. It is, therefore, affected by multiple XSS and SQLi vulnerabilities : - The XSS vulnerability in module chromes as noted in the 20180101 announcement...
Joomla! SQL Injection Vulnerability (CNVD-2018-04206)
Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. A SQL injection vulnerability exists in the Hathor postinstall message in Joomla! that stems from a lack of variable type conversion in the program....
CVE-2018-6376
CVE-2018-6376 ( Joomla! ) describes a SQL injection vulnerability in the Hathor postinstall message due to the lack of type casting of a variable within a SQL statement in Joomla! versions prior to 3.8.4. Affected is Joomla! up to 3.8.3. Root cause: improper handling of input in SQL context leadi...
Cohu 3960HD 'webupgrade' function file upload vulnerability
The Cohu 3960HD is an IP zoom camera from Cohu USA that is typically used as a traffic camera. A file upload vulnerability exists in the 'webupgrade' function in the Cohu 3960HD, which stems from the program failing to validate a file or process uploaded by the firmware. An attacker can exploit t...
[20180104] - Core - SQLi vulnerability in Hathor postinstall message
The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message...
Malicious Module
pandora-doomsday and test-module-a are modules which can infect other modules. During installation, the module runs a postinstall script that adds the package's author mr-robot as an owner to every other package owned by the user that ran the npm install method...
UBUNTU-CVE-2016-9774
The postinst script in the tomcat6 package before 6.0.45+dfsg-1deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu...
CVE-2016-4983
A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files...
RHEL 6 : qemu-kvm-rhev (RHSA-2012:1233)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:1233 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the...
CVE-2013-0415
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind package...
Design/Logic Flaw
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind package...
CVE-2013-0415
CVE-2013-0415 is linked to Solaris 10 in the Bind/Postinstall script for the Bind package. Connected sources indicate a local, privilege-escalation vulnerability affecting Solaris 10 (both SPARC and x86) with the potential for arbitrary code execution after user/OS authentication and additional c...
file clobbering vulnerability in Solaris update manager & local root with SUNWbindr install.
Hi list, Two small problems I noticed with Oracle Solaris Update Manager and the latest patch cluster on Solaris 10 x86. += Local Root If the system administrator is updating the system using update manager or smpatch multi user mode a race condition exists with the postinstall script for SUNWbin...
brltty security and bug fix update
3.7.2-4 - use rpm macros more consistently - add manual page for brltty.conf - add more documentation - install the default brltty-pm.conf to docdir only - Resolves: 530554 - silence the postinstall scriptlet - Resolves: 529163 3.7.2-3 - escape rpm macros in the rpm change log - remove bogus rpat...
PT-2008-6168 · Twiki · Twiki
Name of the Vulnerable Software and Affected Versions: twiki version 4.1.2 Description: The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. The vendor disputes this issue, stating it is invalid. Recommendations: For twiki version 4.1.2,...
Solaris 10 (x86) : 119784-40 (deprecated)
Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Bind/Postinstall script for Bind package. The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component o...