Malicious Package

Overview react-native-httpapi is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-45764 Malicious code in react-native-httpapi (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 872a61b5247749d233711d5fe71d6da937fd301c6cfe4317b41b6f69f4566000 Any computer that has this package installed or running should be considered...

GHSA-82VX-MM6R-GG8W Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions

Impacted Resources bref/src/Event/Http/Psr7Bridge.php:130-168 Description When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each...

CVE-2019-15312

Affected software: Zolo Halo devices running Linkplay firmware. Vulnerability: DNS rebinding combined with multiple /httpapi.asp endpoint command-execution issues could allow remote compromise from the Internet. Root cause: DNS rebinding exposure enabling exploitation of endpoint commands. Impact...

SonicDICOM PACS 2.3.2 CSRF Add Admin Exploit

Summary SonicDICOM is PACS software that combines the capabilities of DICOM Server with web browser based DICOM Viewer. Description The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be...

Emby MediaServer 3.2.5 - SQL Injection Vulnerability

Exploit for multiple platform in category web applications Emby MediaServer 3.2.5 Boolean-based Blind SQL Injection Vulnerability Vendor: Emby LLC Product web page: https://www.emby.media Affected version: 3.2.5 3.1.5 3.1.2 3.1.1 3.1.0 3.0.0 Summary: Emby formerly Media Browser is a media server...

Emby MediaServer 3.2.5 Boolean-based Blind SQL Injection

Emby MediaServer 3.2.5 Boolean-based Blind SQL Injection Vulnerability Vendor: Emby LLC Product web page: https://www.emby.media Affected version: 3.2.5 3.1.5 3.1.2 3.1.1 3.1.0 3.0.0 Summary: Emby formerly Media Browser is a media server designed to organize, play, and stream audio and video to a...

Emby MediaServer 3.2.5 - SQL Injection

Emby MediaServer 3.2.5 - SQL Injection Emby MediaServer 3.2.5 Boolean-based Blind SQL Injection Vulnerability Vendor: Emby LLC Product web page: https://www.emby.media Affected version: 3.2.5 3.1.5 3.1.2 3.1.1 3.1.0 3.0.0 Summary: Emby formerly Media Browser is a media server designed to organize...

Emby MediaServer 3.2.5 - SQL Injection

Emby MediaServer 3.2.5 Boolean-based Blind SQL Injection Vulnerability Vendor: Emby LLC Product web page: https://www.emby.media Affected version: 3.2.5 3.1.5 3.1.2 3.1.1 3.1.0 3.0.0 Summary: Emby formerly Media Browser is a media server designed to organize, play, and stream audio and video to a...

SonicDICOM PACS 2.3.2 Stored Cross Site Scripting

SonicDICOM PACS 2.3.2 Multiple Stored Cross-Site Scripting Vulnerabilities Vendor: JIUN Corporation Product web page: https://www.sonicdicom.com Affected version: 2.3.2 and 2.3.1 Summary: SonicDICOM is PACS software that combines the capabilities of DICOM Server with web browser based DICOM Viewe...

SonicDICOM PACS 2.3.2 - Cross-Site Scripting

SonicDICOM PACS 2.3.2 Multiple Stored Cross-Site Scripting Vulnerabilities Vendor: JIUN Corporation Product web page: https://www.sonicdicom.com Affected version: 2.3.2 and 2.3.1 Summary: SonicDICOM is PACS software that combines the capabilities of DICOM Server with web browser based DICOM Viewe...

SonicDICOM PACS 2.3.2 Remote Vertical Privilege Escalation Exploit

Summary SonicDICOM is PACS software that combines the capabilities of DICOM Server with web browser based DICOM Viewer. Description The application suffers from a privilege escalation vulnerability. Normal user can elevate his/her privileges by sending a HTTP PATCH request seting the parameter...

WinRM Authentication Method Detection

This module sends a request to an HTTP/HTTPS service to see if it is a WinRM service. If it is a WinRM service, it also gathers the Authentication Methods supported. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework cla...