42 matches found
Malicious code in triage-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ef2bb10931626a345e1277463f9c2ec6ca36108c2d6131c9210707ea5692a64 package.json declares preinstall: node index.js, so the payload runs automatically on npm install with no user action. index.js requires os, fs, and...
Malicious code in event-metrics-q3x7 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b805c0ac88b45f49b1698fb9ea33e00767380544221d574a0da0e0f526d07f8 On install, package.json runs a postinstall hook node run.js that triggers beacon scripts beacon20.js, beaconlinux.js shipped in the tarball. The...
Malicious code in @giftyhq/widget-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ad3f12a6a12fbfa60e4a72747df6974f89906200568926b99a8c93c489b5e62 package.json declares "preinstall": "node index.js", which fires automatically on npm install. index.js collects host fingerprinting data —...
MAL-2026-5736 Malicious code in node-stack-frames (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5fd4f6c5f3278484d99f6ffffc001cf920dcb0fa4fdfabff957a61c3cfbfc158 package.json declares a preinstall script that runs an inline Node program on npm install. The script requires os and http, collects os.hostname,...
MAL-2026-5729 Malicious code in houzidawang806 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2dbf603db6d0a3434c6c417dd460f26d08b9e230c03926f05987bb3841d3c72b Package self-describes as 'A simple date formatting utility' but ships two distinct attacker primitives. 1 postinstall.js enumerates /.ssh/ for .pub...
MAL-2026-4551 Malicious code in encrata-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e98813f52fa8e9fc3c04bffd023445dbfed4a9b405d1e3f85511673f5e86dce7 package.json declares "postinstall": "node install.js", which runs at install time. install.js requires both childprocess and https, branches on...
EUVD-2026-15021
Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour...
Real-time File Access Monitoring (FAM) with Qualys FIM
What is File Access Monitoring FAM? FAM is a security practice that involves tracking and logging access to sensitive files. FAM should be included with any File Integrity Monitoring FIM solution to trigger alerts when critical host files not intended for regular use are accessed. Importance of F...
aiohttp Detection (HTTP)
HTTP based detection of aiohttp. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.112839";...
IceWarp Mail Server Detection (SMTP)
SMTP based detection of IceWarp Mail Server. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
TheServer Detection
Checks whether TheServer is present on the target system and if so, tries to figure out the installed version. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU...
Microsoft Office 2016 Security Feature Bypass Vulnerability (KB4462146)
This host is missing an important security update according to Microsoft KB4462146 Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...
Microsoft Office: Mime Sniffing Safety Feature
This test checks the setting for policy OpenVAS Vulnerability Test $Id: officemimesniffingsafety.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Mime Sniffing Safety Feature Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is...
Crestron Device Detection (CTP)
Crestron Terminal Protocol CTP based detection of Crestron devices. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SAP HANA Information Disclosure Vulnerability (CNVD-2018-03088)
SAP HANA is a high-performance real-time data analytics platform from SAP. The platform provides data query functions, users can directly query and analyze a large amount of real-time business data. An information disclosure vulnerability exists in SAP HANA. A remote attacker can exploit this...
Microsoft PowerPoint 2007 Service Pack 3 Remote Code Execution Vulnerability (KB3213642)
This host is missing an important security update according to Microsoft KB3213642. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...
Microsoft Office Web Apps Multiple Vulnerabilities (3199168)
This host is missing an important security update according to Microsoft Bulletin MS16-133 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...
Juniper Networks Junos OS Multiple Privilege Escalation Vulnerabilities
Junos OS is prone to multiple privilege escalation vulnerabilities in JunOS CLI. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Faraday v1.0.21 - Collaborative Penetration Test and Vulnerability Management Platform
Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time...
Tenable Network Security Tenable Nessus Host Details Component Cross-Site Scripting Vulnerability
Tenable Network Security Tenable Nessus is an open source vulnerability scanner from Tenable Network Security, USA. A cross-site scripting vulnerability in the Host Details component of Tenable Network Security Tenable Nessus 5.x and earlier and 6.5.4 and earlier can be exploited by remote...