Malicious code in evolve-runtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f91172e8ea3922e0774dbdd5e55592c05035e0ea441f8064c3e163dd81dcd85e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-22194

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packetIO daemon of Juniper Networks Junos OS Evolved on PTX10003, PTX10004, and PTX10008 allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. Continued receipt of these crafted packets will...

Exploring a New Class of Kernel Exploit Primitive

The security landscape is dynamic, changing often and as a result, attack surfaces evolve. MSRC receives a wide variety of cases spanning different products, bug types and exploit primitives. One particularly interesting primitive we see is an arbitrary kernel pointer read. These often happen whe...

Protecting Against Recent Ransomware Attacks

Modern ransomware attacks targeting large enterprises continue to evolve from double to triple or even quadruple extortion tactics. Discover how to stay one step ahead with our case study of the ransomware family, Nefilim...

The vulnerability of the CommandLineService component of the Foglight Evolve platform, which stems from the use of hard-coded user credentials “__service__ user”, allows attackers to execute arbitrary code.

The vulnerability of the CommandLineService component of the Foglight Evolve platform is related to the use of hard-coded user credentials “service user”. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2020-8868

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the service user account. The product contains a hard-coded password for thi...

CVE-2020-8868

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the service user account. The product contains a hard-coded password for thi...

Hardcoded credentials

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the service user account. The product contains a hard-coded password for thi...

CVE-2020-8868

CVE-2020-8868 affects Quest Foglight Evolve 9.0.0. The root cause is a hard-coded password for the service user account, enabling unauthenticated remote code execution with SYSTEM privileges. Multiple sources (NVD/Red Hat/NVD mirror, ZDI, PRION) confirm remote code execution without authenticatio...

CVE-2020-8868

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the service user account. The product contains a hard-coded password for thi...

Quest Foglight Evolve CommandLineService Use of Hard-coded Credentials Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve. Authentication is not required to exploit this vulnerability. The specific flaw exists within the service user account. The product contains a hard-coded password for this...

Evolve Merchant Viewcart.ASP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21070/info Evolve Merchant is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...

Evolve Shopping Cart products.ASP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21323/info Evolve Shopping Cart is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attack...

[SECURITY] Fedora 17 Update: tremulous-1.2.0-0.4.beta1.fc17

Tremulous is a free, open source game that blends a team based FPS with ele ments of an RTS. Players can choose from 2 unique races, aliens and humans. Players on both teams are able to build working structures in-game like an RTS. These structures provide many functions, the most important being...

WordPress Multiple Themes 's' Parameter XSS Vulnerabilities (Oct 2011) - Active Check

At least one theme of WordPress is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

WordPress EvoLve Theme 1.2.5 - Cross-Site Scripting

's' Parameter WordPress EvoLve theme's "s" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...

WordPress Theme EvoLve 1.2.5 - s Cross-Site Scripting

WordPress Theme EvoLve 1.2.5 - s Cross-Site Scripting source: https://www.securityfocus.com/bid/49872/info The EvoLve theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...

WordPress Theme EvoLve 1.2.5 - 's' Cross-Site Scripting

source: https://www.securityfocus.com/bid/49872/info The EvoLve theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting us...

CVE-2011-3852

Cross-site scripting XSS vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter...