Remote Code Execution

org.apache.streampark, streampark is vulnerable to Remote Code Execution. The vulnerability is caused due to a missing check on the compilation parameters of maven used in a project module that is used to integrate Maven's compilation capability. This can lead to an attacker inserting remote...

Unitronics Vision PLC and HMI Insecure Default Password Vulnerability

Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands...

Yamcs Security Vulnerabilities

Yamcs is an open source software framework from Yamcs Open Source. It is used to command and control spacecraft, satellites, payloads, ground stations and ground equipment. A security vulnerability exists in Space Applications Services Yamcs version 5.8.6, which originated from a vulnerability th...

Deserialization of untrusted data

Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely...

Improper Privilege Management

Overview bolt is a library enabling the execution of commands remotely over SSH and WinRM Affected versions of this package are vulnerable to Improper Privilege Management. An attacker can escalate their privileges by exploiting this vulnerability. Remediation Upgrade bolt to version 3.27.4 or...

Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability

Progress WSFTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system...

BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cybercrime Underground

Cybersecurity experts have discovered yet another malware-as-a-service MaaS threat called BunnyLoader that's being advertised for sale on the cybercrime underground. "BunnyLoader provides various functionalities such as downloading and executing a second-stage payload, stealing browser credential...

VulnCheck KEV: CVE-2023-40044

Progress WSFTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system...

Critical Vulnerabilities in WS_FTP Server

On September 27, 2023, Progress Software published a security advisory on multiple vulnerabilities affecting WSFTP Server, a secure file transfer solution. There are a number of vulnerabilities in the advisory, two of which are critical CVE-2023-40044 and CVE-2023-42657. Our research team has...

Malicious code in ubermenu (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb6c884144ed475f1632aef6c970f42e0c168ca0eba55fdc931a6d7e5da6d69b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Deserialization of untrusted data

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system...

CVE-2023-40044 WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system...

CVE-2023-40044

In WSFTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WSFTP Server operating system. Recent assessments: sfewer-r7 at October 02, 2023 8:11am UT...

CVE-2023-35893

IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 258824...

Rockwell Automation Armor PowerFlex Security Breach

Rockwell Automation Armor PowerFlex is a line of inverters from Rockwell Automation, Inc. A security vulnerability exists in the Rockwell Automation Armor PowerFlex that stems from a vulnerability that allows an attacker to send network commands to cause the product to generate a large amount of...

Locke-Bot SQL注入漏洞

Locke-Bot is a custom discord bot developed for LOCKE by HKing2802 Personal Developer. A security vulnerability exists in Locke-Bot version 2.0.2, which stems from an SQL injection vulnerability that allows remote attackers to run arbitrary SQL commands via a crafted string...

PT-2023-22560 · Prestashop · Prestashop Boxtal

Name of the Vulnerable Software and Affected Versions: PrestaShop Boxtal envoimoinscher module versions after 3.1.10 Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the key GET parameter. This affects the Boxtal module for PrestaShop...

Researchers Discover New Sophisticated Toolkit Targeting Apple macOS Systems

Cybersecurity researchers have uncovered a set of malicious artifacts that they say is part of a sophisticated toolkit targeting Apple macOS systems. "As of now, these samples are still largely undetected and very little information is available about any of them," Bitdefender researchers Andrei...

Malicious code in fc-amount (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware deda6264abf52468856de6a91a887594ca7b427f7093f2486999d3323f096408 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-27988

The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21AAZF.13C0 could allow an authenticated attacker with administrator privileges to execute some operating system OS commands on an affected device remotely...