Malicious code in @zalastax/nolb-_enm (npm)

The package @zalastax/nolb-enm was found to contain malicious code...

MAL-2025-9976 Malicious code in @zalastax/nolb-_enm (npm)

The package @zalastax/nolb-enm was found to contain malicious code...

enm-partners.com Cross Site Scripting vulnerability OBB-3691229

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Design/Logic Flaw

Ericsson Network Manager ENM, versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager NCM where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker...

CVE-2022-46407

CVE-2022-46407 concerns Ericsson Network Manager (ENM) versions prior to 22.2. A vulnerability in the REST endpoint "editprofile" allows an Open Redirect HTTP Header Injection that can redirect submitted requests to domains outside the ENM deployment. The attacker would require admin/elevated pri...

CVE-2022-46408

Ericsson Network Manager (ENM) versions prior to 22.1 are affected by CVE-2022-46408 in the Network Connectivity Manager (NCM) component. The vulnerability arises from improper neutralization of formula elements in CSV files, potentially enabling remote code execution or data leakage through mali...

Authorization

In Ericsson Network Manager ENM releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. All AMOS users are considered to be highly privileged users in ENM system and all must be previously defined and authorized by the Security...

CVE-2021-32570

CVE-2021-32570 affects Ericsson Network Manager (ENM) versions before 21.2. The issue allows users within the same AMOS authorization group (considered highly privileged) to access data from certain log files under a common path and read information stored in those logs, enabling privilege escala...

MAL-2022-2747 Malicious code in enm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ae45134ec6dca8aad5936aab9af56c4a6065d7ab24497283ef5f931e927763f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2021-28488

Ericsson Network Manager ENM before 21.2 has incorrect access-control behavior that only affects the level of access available to persons who were already granted a highly privileged role. Users in the same AMOS authorization group can retrieve managed-network data that was not set to be accessib...

CVE-2021-28488

Ericsson Network Manager (ENM) prior to version 21.2 contains an access-control issue where users within the same AMOS authorization group can access managed-network data that was not intended for the entire group. The root cause, as stated in multiple sources, is incorrect access-control behavio...

CVE-2021-28488

Ericsson Network Manager ENM before 21.2 has incorrect access-control behavior that only affects the level of access available to persons who were already granted a highly privileged role. Users in the same AMOS authorization group can retrieve managed-network data that was not set to be accessib...

CVE-2006-5662

CVE-2006-5662 describes an SQL injection in easy notesManager (eNM) 0.0.1. The vulnerability allows remote attackers to execute arbitrary SQL via the username parameter in login.php and via a search on the search page. The available records do not specify affected versions beyond 0.0.1, nor provi...

eNM-0.0.1.txt

easy notes manager eNM version 0.0.1, available at http://217.172.179.216/evandor/html/index.php?id=103 is affected by multiple sql injection vulnerability due to a missing check of the user supplied input. An attacker can bypass the authentication procedure and get a full dump of the database...