5 matches found
CVE-2026-41879
R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this password cannot be changed except by modifying the configuration file. This issue was fixed in version v3.17-2000...
Malicious code in imodiov-koifi-cuidcg (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d687eed4ffb353a798f717155ce5df7a920ae1166cae2af20ef04caf998d8ff This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nuilava-drae-naha (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17e50aa127f0c0d68b5c67885366f53a703c73bb10d324892500b7d34b53fa96 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2021-43741
CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution...
CVE-2013-2030
keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...