MAL-2026-3556 Malicious code in @uipath/orchestrator-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d967b0f36daf789de288eb36c97c6ab5c9de25bad34a8d4866954e495d7303dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @uipath/orchestrator-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d967b0f36daf789de288eb36c97c6ab5c9de25bad34a8d4866954e495d7303dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2018-11530

Malware in sbrugna...

EUVD-2018-9060

Malware in sbrugna...

CVE-2018-19855

UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features...

Unspecified Vulnerability in UiPath Orchestrator

UiPath Orchestrator is a web application for managing, controlling and monitoring UiPath robots from UiPath USA. A security vulnerability exists in UiPath Orchestrator versions prior to 2018.3.4. An attacker could exploit the vulnerability by submitting a file with malicious code to take full...

CVE-2018-19855

UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features...

CVE-2018-19855

UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features...

Design/Logic Flaw

UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features...

CVE-2018-19855

UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features...

CVE-2018-17305

UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users even administrators leading to privilege escalation and remote code execution...

Remote code execution

UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users even administrators leading to privilege escalation and remote code execution...

CVE-2018-17305

UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users even administrators leading to privilege escalation and remote code execution...

CVE-2018-17305

UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users even administrators leading to privilege escalation and remote code execution...

CVE-2018-17305

The connected sources confirm CVE-2018-17305 affects UiPath Orchestrator up to version 2018.2.4, where any authenticated user can_change the information of arbitrary users (including administrators), enabling privilege escalation and remote code execution. The exact root cause detail is not elabo...