170 matches found
CVE-2016-10946
The wp-d3 plugin before 2.4.1 for WordPress has CSRF...
Cross site request forgery (csrf)
The wp-d3 plugin before 2.4.1 for WordPress has CSRF...
CVE-2016-10946
The wp-d3 plugin before 2.4.1 for WordPress has CSRF...
CVE-2016-10946
CVE-2016-10946 corresponds to a CSRF vulnerability in the wp-d3 WordPress plugin prior to version 2.4.1. The affected component is the wp-d3 plugin for WordPress; the root cause is a CSRF flaw in its handling of requests. Public descriptions across multiple connected sources consistently report t...
Subdomain Enumeration Tool: Amass
Amass is the subdomain enumeration tool with the greatest number of disparate data sources that performs analysis of the resolved names in order to deliver the largest number of quality results. Amass performs scraping of data sources, recursive brute forcing, crawling of web archives, permuting...
maltodextrin (=1.0.0), sk-stand (=0.2.12) +2 more potentially affected by CVE-2017-16044 via d3.js (=0.0.2-security)
d3.js NPM version =0.0.2-security is affected by a known vulnerability. The following packages have a transitive dependency on d3.js and may be impacted: - maltodextrin =1.0.0 - sk-stand =0.2.12 - smart-cloud-platform =1.0.0, =0.0.25, =0.0.27 Source cves: CVE-2017-16044 Source advisory:...
GHSA-QMJG-G86H-6RC9 d3.js is malware
The d3.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concern i...
Malicious JavaScript Package Detection
Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...
Malicious Typo-Squatting
D3.js was a malicious module as it is developed to hijack environment variables and send it to attacker’s controlled location...
CVE-2017-16044
d3.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
Code injection
d3.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16044
CVE-2017-16044 corresponds to the npm package d3.js , reported as a malware module that hijacks environment variables and exfiltrates them to attacker-controlled endpoints. The community advisories (GHSA, npm advisory) state that all versions have been unpublished from the npm registry. The root ...
CVE-2017-16044
d3.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2018-11220
CVE-2018-11220 affects Bitmain Antminer D3, L3+, and S9 devices. The vulnerability enables remote command execution through the device’s system restore/recovery functionality, allowing an attacker with or without authentication (depending on context) to trigger arbitrary commands on the device. C...
Hijacked Environment Variables
Overview The d3.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...
How to Combine D3 with AngularJS
The Benefits and Challenges of D3 Angular Combination Today we'll be focusing on how to combine D3 with the AngularJS framework. As we all know, Angular and D3 frameworks are very popular, and once they work together they can be very powerful and helpful when creating dashboards. But, they can al...
D3 GO - Customized SSL, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application D3 GO published at the 'play' market has multiple vulnerabilities...
SedSystems D3 Decimator - Multiple Vulnerabilities
Exploit for multiple platform in category web applications SedSystems D3 Decimator Multiple Vulnerabilities ================================================ Identification of the vulnerable device can be performed by scanning for TCP port 9784 which offers a default remote API. When connected to...
OSINT Gathering Tool: Inquisitor
OSINT Gathering Tool Inquisitor is a simple for gathering information on companies and organizations through the use of Open Source Intelligence OSINT sources. The key features of Inquisitor include: 1. The ability to cascade the ownership label of an asset e.g. if a Registrant Name is known to...
Wp-D3 <= 2.4 - Cross-Site Request Forgery (CSRF)
The Wp-D3 WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability...