Malicious code in python-files-mod (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3f9a5cad398dbfcea1ea0ed1a7b20c678a67941581a4562aa92703ac86ee421a Disguised as file system manipulation library, the package hides an obfuscated code to communicate with a Telegram channel. Though the usage is not known at th...

EUVD-2019-4742

Malware in sbrugna...

EUVD-2021-19564

Malware in sbrugna...

EUVD-2024-44112

Malicious code in bioql PyPI...

Cisco UCS Manager Software 操作系统命令注入漏洞

Cisco UCS Manager Software is a device management software from Cisco. Cisco UCS Manager Software suffers from an operating system command injection vulnerability that stems from insufficient validation of command parameter inputs, which could lead to file system manipulation...

CVE-2023-26526

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1...

CVE-2024-54291

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in labs64 PluginPass pluginpass-pro-plugintheme-licensing allows Manipulating Web Input to File System Calls.This issue affects PluginPass: from n/a through = 0.9.10...

CVE-2024-54291

CVE-2024-54291 describes a path traversal in the WordPress PluginPass plugin (NotFound) affecting versions up to 0.9.10, enabling manipulation of web input to file system calls and enabling arbitrary file download/delete. The vulnerability is documented across multiple sources (including NVD/Red ...

CVE-2024-4498

A Path Traversal and Remote File Inclusion RFI vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the /applysettings function, allowing an attacker to manipulate the discussiondbname...

EAGERBEE, with updated and novel components, targets the Middle East

Introduction In our recent investigation into the EAGERBEE backdoor, we found that it was being deployed at ISPs and governmental entities in the Middle East. Our analysis uncovered new components used in these attacks, including a novel service injector designed to inject the backdoor into a...

Amazon Linux 2 : flatpak (ALAS-2024-2712)

The version of flatpak installed on the remote host is prior to 1.0.9-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2712 advisory. A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This fl...

CVE-2024-7774

A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The vulnerability is exploited through the...

CVE-2024-7774 Path Traversal in langchain-ai/langchainjs

A path traversal vulnerability exists in the getFullPath method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. The vulnerability is exploited through the...

[SECURITY] Fedora 41 Update: buildah-1.37.5-1.fc41

The buildah package provides a command line tool which can be used to create a working container from scratch or create a working container from an image as a starting point mount/umount a working container's root file system for manipulation save container's root file system layer to create a ne...

CVE-2024-0949

CVE-2024-0949 affects Talya Informatics’ Elektraweb prior to 17.0.68. The issue is described as Missing Authentication and Use of Hard-coded Credentials that enables Authentication Bypass due to improper access control, potentially exposing files/directories externally and impacting confidentiali...

CVE-2024-4498

A Path Traversal and Remote File Inclusion RFI vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the /applysettings function, allowing an attacker to manipulate the discussiondbname...

PT-2024-5655

Name of the Vulnerable Software and Affected Versions PAN-OS affected versions not specified Description The issue is related to improper input validation in the PAN-OS software, which allows an attacker to manipulate the physical file system and elevate privileges. This can be exploited by an...

[SECURITY] Fedora 39 Update: buildah-1.35.4-1.fc39

The buildah package provides a command line tool which can be used to create a working container from scratch or create a working container from an image as a starting point mount/umount a working container's root file system for manipulation save container's root file system layer to create a ne...

CVE-2023-32981

An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content...

CVE-2022-42029

Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory...