Malicious Package

luna-mock is a malicious package. The package uploads system information to a remote server, downloads a file and executes it...

Malicious Package

Overview All versions of midway-xtpl contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on...

CVE-2018-19860

Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command...

runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (2)

CVE-2019-5736 This is exploit code for CVE-2019-5736 and it works for both runc and LXC. The simplest way to use it is to copy the exploit code into an existing container, and run make.sh. However, you could just as easily create a bad image and run that. console % docker run --rm --name pwnme -d...

Microsoft Windows gdiplus DoExtTextOut Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Cross site scripting

phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in...

CVE-2019-1000006

RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in sockdns, an implementation of the DNS protocol utilizing the RIOT sock API that can result in Remote code executing. This attack appears to be exploitable via network connectivit...

CVE-2019-1000010

phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in...

CVE-2019-3817

A use-after-free flaw has been discovered in libcomps in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code...

PT-2019-18094 · Es · Es File Explorer File Manager

Name of the Vulnerable Software and Affected Versions: ES File Explorer File Manager versions through 4.1.9.7.4 Description: The issue allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after t...

Malicious Package

commander-js is a malicious package designed to take advantage of users making a mistake when typing the name of a module to install. All versions of this package is considered malicious and must not be used. The package downloads a malicious file and executes the contents after installation...

Adobe Acrobat Pro DC XSLT Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Design/Logic Flaw

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017...

Arbitrary File Inclusion

kibana is vulnerable to arbitrary file inclusion attacks. The vulnerability exists through the Kibana Console API where a request can be sent to include external JS files which could possibly result in executing arbitrary commands...

Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale that could allow a local, unprivileged user to cause a kernel panic (CVE-2018-1782)

Summary IBM Spectrum Scale could allow a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. Vulnerability Details CVEID: CVE-2018-1782 DESCRIPTION:...

Mozilla Firefox ESR < 52.5 Multiple Vulnerabilities

Binary data 700332.prm...

CVE-2018-15150

SQL injection vulnerability in interface/deidentificationforms/deidentificationscreen2.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'temporaryfilesdir' variable in interface/super/editglobals.php...

Intel® Converged Security Management Engine (Intel® CSME) 11.x issue

Summary: In an effort to continuously improve the robustness of the Intel® Converged Security Management Engine Intel® CSME, Intel has performed a security review of its Intel® CSME with the objective of continuously enhancing firmware resilience. Description: In an effort to continuously improve...

Git 2.13.x, 2.14.x, 2.15.x, 2.16.x, 2.17.x Multiple Vulnerabilities - Windows

Git is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.113205...

F5 Networks BIG-IP : PHP vulnerability (K75543432)

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zendinidoop function in Zend/zendiniparser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input...