CVE-2022-4130

A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server...

EulerOS 2.0 SP9 : git (EulerOS-SA-2021-2525)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This...

Malicious Package

sparkies is a malicious package. When the package is installed or required, the package attempts to send hostname information to the attacker's server, affecting confidentiality of the victim's server which can potentially bridges to other attack vectors like remote code execution...

Malicious Package

serilize is a malicious package. When the package is installed or required, the package attempts to send hostname information to the attacker's server, affecting confidentiality of the victim's server which can potentially bridges to other attack vectors like remote code execution...

Malicious Package

mogobd is a malicious package. When the package is installed or required, the package attempts to send hostname information to the attacker's server, affecting confidentiality of the victim's server which can potentially bridges to other attack vectors like remote code execution...

Malicious Package

node-ftp is a malicious package. When the package is installed or required, the package attempts to send hostname information to the attacker's server, affecting confidentiality of the victim's server which can potentially bridges to other attack vectors like remote code execution...

Malicious Package

mysql-koa is a malicious package. When the package is installed or required, the package attempts to send hostname information to the attacker's server, affecting confidentiality of the victim's server which can potentially bridges to other attack vectors like remote code execution...

Malicious Package

axios-http is a malicious package. When the package is installed or required, the package attempts to send hostname information to the attacker's server, affecting confidentiality of the victim's server which can potentially bridges to other attack vectors like remote code execution...

Malicious Package

body-parse-xml is a malicious package. When the package is installed or required, the package attempts to send hostname information to the attacker's server, affecting confidentiality of the victim's server which can potentially bridges to other attack vectors like remote code execution...

CVE-2017-0902

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls...

Analysis WordPress a js Backdoor-vulnerability warning-the black bar safety net

We were recently in a lot of WordPress sites to find a for a collection the administrator login credentials for the backdoor, the injured site is to insert a concealment code, when an administrator logs on, the code is triggered, the Administrator's login credentials are encrypted by the GET...