37 matches found
MAL-2022-657 Malicious code in @tinkoff-react-bui/input-amount-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1b086c983cecdbf1e8f97a2d60a171c07c328710ce3aad027dd2f891d2a01a3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-661 Malicious code in @tinkoff-react-bui/svg-icon (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cf558b9a116b62aab931fcf875349acb6eb5f4171abaeac53c3fcdc8069f83b4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-660 Malicious code in @tinkoff-react-bui/modal (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 783802d9c19b708d0e12629ff6845be4364fa49987d67dacecdb6bc733d322b3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @tinkoff-react-bui/input-amount (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 994a0a8ffc92c84a5dead72060244e1408f9bdd16a86a402bdcd3e044bf7c29e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-656 Malicious code in @tinkoff-react-bui/input-amount (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 994a0a8ffc92c84a5dead72060244e1408f9bdd16a86a402bdcd3e044bf7c29e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-659 Malicious code in @tinkoff-react-bui/input-password (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a32c841225c2d1d24bb429b7cc5315b5420fd5ab2debcb91136b4bfe052eac06 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @tinkoff-react-bui/input-description (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c5070a3552a3008edfafbc0b9e23cc7f301e2d10d548491f11466d7ab8a686c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-658 Malicious code in @tinkoff-react-bui/input-description (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c5070a3552a3008edfafbc0b9e23cc7f301e2d10d548491f11466d7ab8a686c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-662 Malicious code in @tinkoff-react-bui/utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 24f7ab4d7d2586559c337934afd7370495bfad3915fbdc7ce528c06666a8101b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
bui select component cross-site scripting vulnerability
bui is a front-end framework based on JQuery. select component is one of the search component. A cross-site scripting vulnerability exists in the select component in bui 2018-03-13 and prior versions, which stems from a program performing an escape operation on escaped text. A remote attacker can...
CVE-2018-8108
The select component in bui through 2018-03-13 has XSS because it performs an escape operation on already-escaped text, as demonstrated by workGroupList text...
CVE-2018-8108
CVE-2018-8108 affects the bui library’s select component. The issue is an XSS vulnerability caused by escaping text that has already been escaped, demonstrated by workGroupList text. Affected: bui’s select component (front-end), with roots in the escape operation being applied redundantly. Impact...
Ubuntu Update for libxml2 vulnerability USN-1016-1
Ubuntu Update for Linux kernel vulnerabilities USN-1016-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10161.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for libxml2 vulnerability USN-1016-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : libxml2 vulnerability (USN-1016-1)
Bui Quang Minh discovered that libxml2 did not properly process XPath namespaces and attributes. If an application using libxml2 opened a specially crafted XML file, an attacker could cause a denial of service or possibly execute code as the user invoking the program. Note that Tenable Network...
GOM Player 2.1.16.6134 - Subtitle Local Buffer Overflow (PoC)
GOM Player 2.1.16.6134 - Subtitle Local Buffer Overflow PoC !/usr/local/bin/perl Title : GOM Player Subtitle Buffer Overflow Vulnerabiltity Discovery by : Bui Quang Minh Tested : GOM Player 2.1.16.6134 Reference : Bkis http://security.bkis.vn/?p=501 PoC : Windows XP Silently Crash and Windows...
GOM Player 2.1.16.6134 - Subtitle Local Buffer Overflow (PoC)
!/usr/local/bin/perl Title : GOM Player Subtitle Buffer Overflow Vulnerabiltity Discovery by : Bui Quang Minh Tested : GOM Player 2.1.16.6134 Reference : Bkis http://security.bkis.vn/?p=501 PoC : Windows XP Silently Crash and Windows Vista, Windows 7. my $buffer = "A" x 10240 x 4; my $filename =...
IncrediMail 5.86 - Cross-Site Scripting Script Execution
IncrediMail 5.86 - Cross-Site Scripting Script Execution !/usr/bin/perl -w IncrediMail Xe latest version XSS Vulnerability Discovered by : Bui Quang Minh Description : The most of popular Mail Client now exclude Script Code for mail content. It aims to avoid the type of XSS exploitation For e.g:...