40 matches found
EUVD-2017-4395
Malware in sbrugna...
EUVD-2022-0211
Malicious code in bioql PyPI...
EUVD-2022-0099
Malicious code in bioql PyPI...
CVE-2022-40424
The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-networking package. The affected version of d8s-urls is 0.1.0...
Malicious npm Packages Found Using Image Files to Hide Backdoor Code
Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server. The packages in question – img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy – have been...
CVE-2022-44049
The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is 0.1.0...
CVE-2022-43306
The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0...
CVE-2022-43305
The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0...
PYSEC-2022-43026
The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0...
CVE-2022-42041
The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0...
CVE-2022-41380
The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0...
PT-2022-37340 · Pypi · Democritus-Csv +1
Name of the Vulnerable Software and Affected Versions: d8s-ip-addresses version 0.1.0 Description: The d8s-ip-addresses package for Python contains a potential code-execution backdoor. This backdoor is attributed to the democritus-csv package, which was inserted by a third party. Recommendations:...
PYSEC-2022-43092
The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...
PT-2022-37366 · Pypi · Democritus-Hypothesis +1
Name of the Vulnerable Software and Affected Versions: d8s-uuids version 0.1.0 Description: The d8s-uuids package for Python, distributed on PyPI, contains a potential code-execution backdoor. This backdoor is attributed to the democritus-hypothesis package, which was inserted by a third party...
Democritus Project 代码问题漏洞
Democritus Project is a collection of simple, effective, modular, fully tested and well-documented features from Democritus, Inc. A security vulnerability exists in Democritus Project d8s-strings version 0.1.0 that originates from a potential code execution backdoor inserted by a third party...
CVE-2022-38792
The exotel aka exotel-py package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party...
CVE-2022-34981
The PyCrowdTangle package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party...
Code injection
The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party...
CVE-2022-33000
The ML-Scanner package in PyPI v0.1.0 to v0.1.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...
CVE-2022-34053
The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...