EUVD-2025-179327

Malicious code in dependencies-galaxy-install-module npm...

MAL-2025-23249 Malicious code in install-module (npm)

The package install-module was found to contain malicious code...

kik (>=0.0.0 <=1.3.0), kik-starter (=2.2.0) potentially affected by unknown CVE via install-module (>=0.2.0 <=1.1.0)

install-module NPM version =0.2.0, =0.0.0, =1.3.0 - kik-starter =2.2.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-23249...

PT-2023-20508 · Unknown · Keep-Module-Latest

Name of the Vulnerable Software and Affected Versions: keep-module-latest versions all Description: The issue arises due to missing input sanitization or other checks and sandboxes being employed to the installModule function, leading to Command Injection. To potentially exploit this, an attacker...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the...

HiddenWall - Linux Kernel Module Generator For Custom Rules With Netfilter (Block Ports, Hidden Mode, Rootkit Functions, Etc)

HiddenWall is a Linux kernel module generator for custom rules with netfilter. block ports, Hidden mode, rootkit functions etc. The motivation: on bad situation, attacker can put your iptables/ufw to fall... but if you have HiddenWall, the attacker will not find the hidden kernel module that bloc...

CVE-2019-9061

An issue was discovered in CMS Made Simple 2.2.8. In the module ModuleManager in the file action.installmodule.php, it is possible to reach an unserialize call with untrusted input and achieve authenticated object injection by using the "install module" feature...

PT-2019-19344 · Cms Made Simple · Cms Made Simple

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.8 Description: An issue was discovered in the ModuleManager module, specifically in the action.installmodule.php file, where it is possible to reach an unserialize call with untrusted input. This can lead to...

Pluck Arbitrary Code Execution Vulnerability

Pluck is a content management system CMS developed using the PHP language. A security vulnerability exists in Pluck version 4.7.9-dev1. The vulnerability can be exploited to execute arbitrary code by uploading a ZIP archive file with the action=installmodule URL...

Design/Logic Flaw

views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the dbname...

CVE-2014-2268

views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the dbname...

CVE-2014-2268

CVE-2014-2268 affects vtiger CRM 6.0 Install module prior to Security Patch 2, where access restrictions are insufficient and a crafted request (including X-Requested-With) can re-install the app and execute arbitrary PHP via the db_name parameter. Public indicators of exploitation exist (e.g., M...

CVE-2014-2268

views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the dbname...

Jaws 0.8.8 - Multiple Local File Inclusions

Jaws 0.8.8 Local File Inclusion POST /upgrade/index.php language=../../../../../../../../../../../../etc/passwd%00 POST /install/index.php language=../../../../../../../../../../../../etc/passwd%00 Also vulnerable: Introductioncomplete uselog Author notified: Jan 24 milw0rm.com 2009-02-04...

Jaws 0.8.8 Local File Inclusion

Jaws 0.8.8 Local File Inclusion POST /upgrade/index.php language=../../../../../../../../../../../../etc/passwd%00 POST /install/index.php language=../../../../../../../../../../../../etc/passwd%00 Also vulnerable: Introductioncomplete uselog Author notified: Jan 24...