110 matches found
CVE-2026-27727 mchange-commons-java: Remote Code Execution via JNDI Reference Resolution
mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an...
CVE-2026-27727
CVE-2026-27727 is confirmed in multiple IBM advisories as affecting the mchange-commons-java library used by IBM Maximo Monitor Component and related IBM products. The vulnerability stems from JNDI dereferencing code in mchange-commons-java, which can allow an attacker to cause download and execu...
Malicious code in gridifies (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5b003711060bdfd51eddae8b2ec6fc00313aee8bb480e9017b5ad5d03dbf567c Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
MAL-2026-774 Malicious code in adminbypasser (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 867991d0e6c74f15c2f231c002867172a4e03044a328676cf9b2ec07a7e48f68 Package silently downloads remote code and adds its execution to the autostart. During analysis, the remote domain no longer existed. --- Category: MALICIOUS -...
Malicious code in spellcheckerpy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 79cc4c6495567fe7659e9e4bb5964727bf95cfc9f78d32209937d73457bd476b Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...
Exploit for Download of Code Without Integrity Check in Dlink Dnr-322L_Firmware
pocs | Title | CVE | Author | |---|---|---| | D-Link DNR-322...
CVE-2017-20203
NetSarang products including Xmanager Enterprise 5.0 (Build 1232), Xmanager 5.0 (Build 1045), Xshell 5.0 (Build 1322), Xftp 5.0 (Build 1218), and Xlpd 5.0 (Build 1220) are affected by a supply‑chain backdoor delivered via a malicious nssock2.dll. The DLL implements a multi‑stage, DNS‑based backdo...
EUVD-2020-28805
Malware in sbrugna...
EUVD-2008-1885
Malware in sbrugna...
EUVD-2007-5633
Malware in sbrugna...
EUVD-2020-28806
Malware in sbrugna...
EUVD-2019-5712
Malware in sbrugna...
CVE-2025-11182
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Download of Code Without Integrity Check vulnerability in GTONE ChangeFlow allows Path Traversal.This issue affects ChangeFlow: All versions to v9.0.1.1...
EUVD-2023-41140
Malicious code in bioql PyPI...
EUVD-2023-57885
Malicious code in bioql PyPI...
EUVD-2023-50387
Malicious code in bioql PyPI...
CVE-2025-11182
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Download of Code Without Integrity Check vulnerability in GTONE ChangeFlow allows Path Traversal.This issue affects ChangeFlow: All versions to v9.0.1.1...
CVE-2025-11182 File Download in GTONE ChangeFlow
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Download of Code Without Integrity Check vulnerability in GTONE ChangeFlow allows Path Traversal.This issue affects ChangeFlow: All versions to v9.0.1.1...
PT-2025-40314
Name of the Vulnerable Software and Affected Versions GTONE ChangeFlow versions through 9.0.1.1 Description The software contains a flaw related to improper limitation of a pathname to a restricted directory, also known as 'Path Traversal', and allows for the download of code without integrity...
Malicious code in cti-ctf-challenges (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1cefe6c8a9ac6ede7c6ba497cf17011bf431812980749bb0068995ebba4039d9 If the method from the module is called, it attempts to download a malicious code identified as msf payload and save it locally. In the analysed version, the...