Security Bulletin: Multiple vulnerabilities in Apache Camel core affect IBM Application Performance Management products

Summary Apache Camel core is used by IBM Application Performance Management. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2014-0002 DESCRIPTION: Apache Camel could allow a remote attacker to obtain sensitive information, caused by an error in t...

MAL-2023-8226 Malicious code in company_package_my (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3f3e6351419385dd63eeaa9bdd36d22be97aa05d213effc8f93ef580e76e7226 The OpenSSF Package Analysis project identified 'companypackagemy' @ 1.0.3 npm as malicious. It is considered malicious because: - The package...

MAL-2023-7988 Malicious code in metronome-synth-info-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e99092c601ede7db26a42e21544d65cff430ba4d36d1a76232973801b8d3fec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in platon-contract (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 22347eb604c2a9b522547d6197c65f032cdeb71d4a38c8777a866fb3271869da The OpenSSF Package Analysis project identified 'platon-contract' @ 50.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in devops-challenge (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ae82cf2333c3027eb9266e05dfa4697724ae1623e3b662c2b129d5f716f55aa4 The OpenSSF Package Analysis project identified 'devops-challenge' @ 99.99.990 npm as malicious. It is considered malicious because: - The packa...

MAL-2023-1500 Malicious code in wpi-rules-valid-events (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1f8f8319f361dae60da61058ccd4776881160f6a820fbad5fe51373e6084e45b The OpenSSF Package Analysis project identified 'wpi-rules-valid-events' @ 6.6.6 npm as malicious. It is considered malicious because: - The...

Malicious code in jscrambler-dashboard-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7a31aff9b73f313c920ebbb6370e3afc3139565f139114ab47ef7859e989f418 The OpenSSF Package Analysis project identified 'jscrambler-dashboard-components' @ 9.9.9 npm as malicious. It is considered malicious because: ...

Security Bulletin: Vulnerabilities in Golang, Python, postgresql, cURL libcurl might affect IBM Spectrum Copy Data Management

Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in Golang Go, Python, PostgreSQL and cURL libcurl. Vulnerabilities include executing in the victim's Web browser within the security context of the hosting site, executing arbitrary code as the bootstrap superuser on the...

MAL-2023-1198 Malicious code in hellodependency5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis caa3595977335e1bacb314c6a0a7866651c4eea9f9eb5d3b4d6a4f7d3458a988 The OpenSSF Package Analysis project identified 'hellodependency5' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Cross site scripting

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScrip...

MAL-2023-1135 Malicious code in chegg-contentful (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0f294558304bba4da1c74169d026ebb78d4c1509bc734739942abe3860bc7390 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ossf-package-analysis...

Malicious code in chain00xtest3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d395f073dbbc2c8412d5341657a944edf74e11f1234dc1a97587fc4c3e6028c5 The OpenSSF Package Analysis project identified 'chain00xtest3' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in dragonsense-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b16039afbf251f78d8c6adf4bb07342e8c112167bef9e0749651dacbdaf12c26 The OpenSSF Package Analysis project identified 'dragonsense-config' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

inDrive: #1 XSS on watchdocs.indriverapp.com

The security vulnerability found on watchdocs.indriverapp.com allowed for cross-site scripting XSS attacks. The vulnerability was triggered by crafting a specific URL that executed arbitrary JavaScript code when accessed by users...

MAL-2023-851 Malicious code in test-op-solhint (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3f8f315fe20128ae26be541522255c4eeab47ec166f70e54ca5a2c6cb533ae67 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pmcrypto-v7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a3a1eb09bba631f290225217047eab8997cef64f4c0e321d47728fc9ee46f6aa The OpenSSF Package Analysis project identified 'pmcrypto-v7' @ 8.999.0 npm as malicious. It is considered malicious because: - The package...

CVE-2022-47876

The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts...

EulerOS 2.0 SP8 : mod_security (EulerOS-SA-2023-1601)

According to the versions of the modsecurity package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application...

Multiple Stored XSS via mail parameter

Description In PhpMyFaq, while submitting a question, the mail parameter is accepting unsanitized user input which leads to Stored XSS vulnerability, executing on Admin Panel /admin/?action=question. Proof of Concept 1. Go to https://roy.demo.phpmyfaq.de/index.php?action=ask&categoryid=0 1. Fill ...

Design/Logic Flaw

An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted .htaccess file...