MAL-2024-12312 Malicious code in newpackagetest2024 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1e2e6f858089751c96fa15bde74d24a4dc6a68758e3ee4870a9c0d1f7c66d378 Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...

MAL-2024-12230 Malicious code in catme (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7b5df44af9cbed7b8a7112f36f9c99b466e9143b36d62fd43e4caf480df811d0 Importing the module starts executing a remote script, as well as leaves a persitance in the .bashrc --- Category: MALICIOUS - The campaign has clearly malicio...

MAL-2024-12259 Malicious code in driftme (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4db40025175947d42bcca75bc2f04d0dab05379e9e84108c40de1cda6a854604 Importing the module starts executing a remote script, as well as leaves a persitance in the .bashrc --- Category: MALICIOUS - The campaign has clearly malicio...

Malicious code in catme (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7b5df44af9cbed7b8a7112f36f9c99b466e9143b36d62fd43e4caf480df811d0 Importing the module starts executing a remote script, as well as leaves a persitance in the .bashrc --- Category: MALICIOUS - The campaign has clearly malicio...

Malicious code in driftme (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4db40025175947d42bcca75bc2f04d0dab05379e9e84108c40de1cda6a854604 Importing the module starts executing a remote script, as well as leaves a persitance in the .bashrc --- Category: MALICIOUS - The campaign has clearly malicio...

MAL-2024-12231 Malicious code in ccsinstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3e18cda71c2919c802b866f37fc87002396540fd6d3ea3f22b7703111c247518 Installing package downloads and install an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

Malicious code in ccsinstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3e18cda71c2919c802b866f37fc87002396540fd6d3ea3f22b7703111c247518 Installing package downloads and install an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

MAL-2024-12254 Malicious code in dgsinstaller (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f90b0387462eccb87e3b6d3b542cfdcfe3083873083f00a7ac5120c64b800f98 Installing package downloads and install an infostealer --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

CVE-2024-11182

An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...

Kashipara E-learning Management System 跨站脚本漏洞

Kashipara E-learning Management System is a learning management system from Kashipara Inc. A cross-site scripting vulnerability exists in Kashipara E-learning Management System version 1.0, which is rooted in a stored cross-site scripting attack that allows remote attackers to execute arbitrary...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara Inc. A security vulnerability exists in Kashipara E-learning Management System version 1.0 that stems from vulnerability to a stored cross-site scripting attack, which allows remote attackers to execute arbitrar...

Malicious code in ansishade (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c34f34cc1bdc60a4851d462f058187107a8c200d06ce08295d773f351fa1749a Importing the module starts the banner function, which downloads and runs an obfuscated remote script. The package seems to be a clone a one of existing simila...

CHANGING IDExpert 跨站脚本漏洞

CHANGING IDExpert is an authentication system based on zero trust and integrating various mechanisms such as FIDO, biometrics, MFA, etc. from China-based CHANGING. A cross-site scripting vulnerability exists in CHANGING IDExpert versions 2.5 through 2.8, which originates from incorrectly validati...

Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console

The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173 does not sufficiently...

PT-2024-7341 · Cisco · Cisco Ata 190 Series Analog Telephone Adapter

Name of the Vulnerable Software and Affected Versions: Cisco ATA 190 Series Analog Telephone Adapter firmware affected versions not specified Description: The vulnerability is related to insufficient validation of user input in the web-based management interface, allowing an unauthenticated, remo...

LemonLDAP::NG 安全漏洞

LemonLDAP::NG is the LemonLDAP::NG open source suite of Web single sign-on and access management software. A security vulnerability exists in LemonLDAP::NG prior to version 2.19.3, which stems from a remote attacker being able to inject arbitrary Web script or HTML into the login page via a...

CVE-2024-41514

A reflected cross-site scripting XSS vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter...

CADClick 安全漏洞

CADClick is a software solution from CADClick, Inc. that creates interactive catalogs of 2D/3D CAD data for individual customer CAD catalogs. A security vulnerability exists in CADClick v1.11.0 and earlier versions that stems from the presence of a Reflective Cross-Site Scripting XSS vulnerabilit...

CADClick 安全漏洞

CADClick is a software solution from CADClick, Inc. that creates interactive catalogs of 2D/3D CAD data for individual customer CAD catalogs. A security vulnerability exists in CADClick v1.11.0 and earlier versions that stems from the presence of a Reflective Cross-Site Scripting XSS vulnerabilit...

Veritas Data Insight 安全漏洞

Veritas Data Insight is a Veritas solution that classifies, contextualizes, and controls unstructured data. A security vulnerability exists in Veritas Data Insight versions prior to 7.1, which stems from vulnerability to cross-site scripting attacks that allow remote attackers to inject arbitrary...