Malicious code in dev-gui-client (npm)

The package dev-gui-client was found to contain malicious code...

MAL-2025-18343 Malicious code in dev-gui-client (npm)

The package dev-gui-client was found to contain malicious code...

Metasploit Wrap-Up

Keep your eyes peeled for another Metasploit CTF We hosted our third Annualish Metasploit CTF back in January of this year. All 1,000 slots were booked within days of announcing the competition. Because of the resounding success, we'll be hosting the fourth Annualish Metasploit CTF by year’s end...

v2rayL Command Execution Vulnerability

v2rayL is a Linux GUI client software for v2ray agents. A security vulnerability exists in v2rayL version 2.1.3, which originates from the fact that /etc/v2rayL/config.json, owned by a low-privileged user, contains commands that can be run with root privileges. A local attacker can exploit this...

CVE-2017-17525

guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

CVE-2013-7382

VICIDIAL dialer aka Asterisk GUI client 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the 1 VDAD and 2 VDCL users, which makes it easier for remote attackers to obtain access...

Code injection

VICIDIAL dialer aka Asterisk GUI client 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to managersend.php...

CVE-2013-4468

CVE-2013-4468 concerns VICIDIAL dialer (Asterisk GUI client) where remote authenticated users can execute arbitrary commands via shell metacharacters in the extension parameter of an OriginateVDRelogin action to manager_send.php. Affected versions include 2.7RC1, 2.7, and 2.8-403a and earlier. Th...

Sql injection

Multiple SQL injection vulnerabilities in the agent interface agc/ in VICIDIAL dialer aka Asterisk GUI client 2.8-403a, 2.7, 2.7RC1, and earlier allow 1 remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPTmultirecordingAJAX.php, 2 remote authenticated users to...

CVE-2013-4467

Multiple SQL injection vulnerabilities in the agent interface agc/ in VICIDIAL dialer aka Asterisk GUI client 2.8-403a, 2.7, 2.7RC1, and earlier allow 1 remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPTmultirecordingAJAX.php, 2 remote authenticated users to...

Juniper NSM GUI Server Detection

The remote host is running the Juniper NSM GUI Server. The NSM GUI accepts connections from users using the NSM GUI Client, which allows for administration of the NSM servers. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid69870; scriptversion"1.9";...

Juniper NSM Web Proxy Detection

The remote host is running the Juniper NSM Web Proxy, which is used for hosting NSM GUI client software and web-based APIs. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid69875; scriptversion"1.4"; scriptcvsdate"Date: 2019/11/22"; scriptnameenglish:"Juniper NSM Web...

Sql injection

Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute arbitrary SQL commands via 1 the GUI client, as demonstrated by input to the Browse Users text box in the Users tab; or 2 the command-line client, as demonstrated by a certain trcli -r command...