Lucene search
K

170 matches found

NVD
NVD
added 2019/09/13 1:15 p.m.21 views

CVE-2016-10946

The wp-d3 plugin before 2.4.1 for WordPress has CSRF...

8.8CVSS8.8AI score0.00781EPSS
Exploits1References2
Prion
Prion
added 2019/09/13 1:15 p.m.14 views

Cross site request forgery (csrf)

The wp-d3 plugin before 2.4.1 for WordPress has CSRF...

6.8CVSS7.2AI score0.00781EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/09/13 12:1 p.m.24 views

CVE-2016-10946

The wp-d3 plugin before 2.4.1 for WordPress has CSRF...

8.8AI score0.00781EPSS
Exploits1References2
CVE
CVE
added 2019/09/13 12:1 p.m.162 views

CVE-2016-10946

CVE-2016-10946 corresponds to a CSRF vulnerability in the wp-d3 WordPress plugin prior to version 2.4.1. The affected component is the wp-d3 plugin for WordPress; the root cause is a CSRF flaw in its handling of requests. Public descriptions across multiple connected sources consistently report t...

8.8CVSS8.7AI score0.00781EPSS
Exploits1References2Affected Software1
n0where
n0where
added 2018/08/22 3:9 p.m.20 views

Subdomain Enumeration Tool: Amass

Amass is the subdomain enumeration tool with the greatest number of disparate data sources that performs analysis of the resolved names in order to deliver the largest number of quality results. Amass performs scraping of data sources, recursive brute forcing, crawling of web archives, permuting...

6.9AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2018/07/23 9:0 p.m.5 views

maltodextrin (=1.0.0), sk-stand (=0.2.12) +2 more potentially affected by CVE-2017-16044 via d3.js (=0.0.2-security)

d3.js NPM version =0.0.2-security is affected by a known vulnerability. The following packages have a transitive dependency on d3.js and may be impacted: - maltodextrin =1.0.0 - sk-stand =0.2.12 - smart-cloud-platform =1.0.0, =0.0.25, =0.0.27 Source cves: CVE-2017-16044 Source advisory:...

7.5CVSS7.1AI score0.01475EPSS
Exploits0
OSV
OSV
added 2018/07/23 9:0 p.m.22 views

GHSA-QMJG-G86H-6RC9 d3.js is malware

The d3.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concern i...

7.5CVSS7.6AI score0.01475EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2018/06/12 12:0 a.m.74 views

Malicious JavaScript Package Detection

Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

10CVSS7.4AI score0.02342EPSS
Exploits4References108
Veracode
Veracode
added 2018/06/05 8:2 a.m.24 views

Malicious Typo-Squatting

D3.js was a malicious module as it is developed to hijack environment variables and send it to attacker’s controlled location...

7.5CVSS7.3AI score0.01475EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/06/04 7:29 p.m.29 views

CVE-2017-16044

d3.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

7.5CVSS7.5AI score0.01475EPSS
Exploits0References1
Prion
Prion
added 2018/06/04 7:29 p.m.18 views

Code injection

d3.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

5CVSS7.4AI score0.01475EPSS
Exploits0References1
CVE
CVE
added 2018/06/04 7:0 p.m.86 views

CVE-2017-16044

CVE-2017-16044 corresponds to the npm package d3.js , reported as a malware module that hijacks environment variables and exfiltrates them to attacker-controlled endpoints. The community advisories (GHSA, npm advisory) state that all versions have been unpublished from the npm registry. The root ...

7.5CVSS7.4AI score0.01475EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/04 7:0 p.m.35 views

CVE-2017-16044

d3.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

7.5AI score0.01475EPSS
Exploits0References1
CVE
CVE
added 2018/05/31 3:0 p.m.84 views

CVE-2018-11220

CVE-2018-11220 affects Bitmain Antminer D3, L3+, and S9 devices. The vulnerability enables remote command execution through the device’s system restore/recovery functionality, allowing an attacker with or without authentication (depending on context) to trigger arbitrary commands on the device. C...

9CVSS8.9AI score0.16409EPSS
Exploits6References1Affected Software1
Node.js
Node.js
added 2017/08/08 9:46 p.m.37 views

Hijacked Environment Variables

Overview The d3.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

5CVSS4.7AI score0.01475EPSS
Exploits0Affected Software1
rapid7community
rapid7community
added 2017/05/31 9:5 p.m.70 views

How to Combine D3 with AngularJS

The Benefits and Challenges of D3 Angular Combination Today we'll be focusing on how to combine D3 with the AngularJS framework. As we all know, Angular and D3 frameworks are very popular, and once they work together they can be very powerful and helpful when creating dashboards. But, they can al...

6.7AI score
Exploits0
hackapp
hackapp
added 2017/04/13 9:29 a.m.17 views

D3 GO - Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application D3 GO published at the 'play' market has multiple vulnerabilities...

0.6AI score
Exploits0References1Affected Software1
0day.today
0day.today
added 2017/04/13 12:0 a.m.40 views

SedSystems D3 Decimator - Multiple Vulnerabilities

Exploit for multiple platform in category web applications SedSystems D3 Decimator Multiple Vulnerabilities ================================================ Identification of the vulnerable device can be performed by scanning for TCP port 9784 which offers a default remote API. When connected to...

7.4AI score
Exploits0
n0where
n0where
added 2017/03/31 5:0 a.m.31 views

OSINT Gathering Tool: Inquisitor

OSINT Gathering Tool Inquisitor is a simple for gathering information on companies and organizations through the use of Open Source Intelligence OSINT sources. The key features of Inquisitor include: 1. The ability to cascade the ownership label of an asset e.g. if a Registrant Name is known to...

0.5AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2016/11/21 12:0 a.m.14 views

Wp-D3 <= 2.4 - Cross-Site Request Forgery (CSRF)

The Wp-D3 WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability...

6.8CVSS8.5AI score0.00781EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder