5078 matches found
Code injection
The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...
PYSEC-2022-43077
The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...
Code injection
The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...
PYSEC-2022-43095
The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...
PYSEC-2022-43030
The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...
PYSEC-2022-43021
The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...
PYSEC-2022-43035
The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...
PT-2022-37340 · Pypi · Democritus-Csv +1
Name of the Vulnerable Software and Affected Versions: d8s-ip-addresses version 0.1.0 Description: The d8s-ip-addresses package for Python contains a potential code-execution backdoor. This backdoor is attributed to the democritus-csv package, which was inserted by a third party. Recommendations:...
Democritus Project代码问题漏洞
Democritus Project is a collection of simple, effective, modular, well-tested and well-documented features from Democritus. A backdoor vulnerability exists in Democritus Project d8s-asns version 0.1.0, which stems from the presence of a potential code execution package democritus-csv inserted by ...
CVE-2022-42037
The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...
CVE-2022-42036
CVE-2022-42036 affects the Python package d8s-urls (distributed on PyPI); the 0.1.0 release allegedly contained a third-party injected backdoor named democritus-csv that enables code execution. Multiple connected records (Red Hat, OSV, NVD, PRION, ENISA/EUVD adapters, OSV, PySEC advisories) confi...
Democritus Project 代码问题漏洞
Democritus Project is a collection of simple, effective, modular, well-tested and well-documented features from Democritus. A backdoor vulnerability exists in Democritus Project d8s-ip version 0.1.0, which stems from the presence of a potential code execution package, democritus-csv, inserted by ...
CVE-2022-42038
The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...
CVE-2022-42037
The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...
PT-2022-26214 · Pypi · Democritus-Csv +1
Name of the Vulnerable Software and Affected Versions: d8s-ip-addresses version 0.1.0 Description: The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. Recommendations:...
PT-2022-26212 · Pypi · D8S-Urls +1
Name of the Vulnerable Software and Affected Versions: d8s-urls version 0.1.0 Description: The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. Recommendations: For version 0.1....
PT-2022-37358 · Pypi · Democritus-Csv +1
Name of the Vulnerable Software and Affected Versions: d8s-ip-addresses version 0.1.0 Description: The d8s-ip-addresses package for Python contains a potential code-execution backdoor. This backdoor is attributed to the democritus-csv package, which was inserted by a third party. Recommendations:...
CVE-2022-42038
The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0...
PT-2022-26213 · Pypi · Democritus-Csv +1
Name of the Vulnerable Software and Affected Versions: d8s-asns version 0.1.0 Description: The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. Recommendations: For version 0.1....
Post to CSV by BestWebSoft <= 1.4.0 - Author+ CSV Injection
The plugin does not properly escape fields when exporting data as CSV, leading to a CSV injection PoC - create a post using =5+5 as the title - export the data as CSV /wp-admin/admin.php?page=post-to-csv.php - open the CSV with a spreadsheet application Excel, Libre Office - the CSV formula...