CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

88 matches found

Positive Technologies•added 2023/05/10 12:0 a.m.•4 views

PT-2023-23592 · Wings · Wings

Name of the Vulnerable Software and Affected Versions: Wings versions prior to 1.7.5 Wings versions 1.11.0 through 1.11.5 Description: The issue affects Wings, allowing attackers to gain access to the host system if they can modify a server's install script or if the install script executes code...

9CVSS7.9AI score0.00745EPSS

Exploits0References9

SUSE CVE•added 2023/02/15 4:7 a.m.•1 views

SUSE CVE-2019-16776

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended nodemodules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or ga...

7.7CVSS7.9AI score0.01227EPSS

Exploits0References9

SUSE CVE•added 2023/02/15 4:3 a.m.•1 views

SUSE CVE-2020-5974

NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of privileges...

7.8CVSS7.8AI score0.00032EPSS

Exploits0References3

ATTACKERKB•added 2022/05/04 2:0 p.m.•1 views

CVE-2022-28859

On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions prior to 14.1.4.6, when installing Net HSM, the scripts nethsm-safenet-install.sh and nethsm-thales-install.sh expose the Net HSM partition password. Note: Software versions which have reached End of Technical Support EoTS are not...

6.5CVSS6.6AI score0.0027EPSS

Exploits0References2Affected Software1

RedHat Linux•added 2021/01/18 10:3 a.m.•3 views

postgresql: Uncontrolled search path element in CREATE EXTENSION

A flaw was found in PostgreSQL, where some PostgreSQL extensions did not use the searchpath safely in their installation script. This flaw allows an attacker with sufficient privileges to trick an administrator into executing a specially crafted script during the extension's installation or updat...

7.3CVSS7.1AI score0.0003EPSS

Exploits0References4

Github Security Blog•added 2020/09/04 5:30 p.m.•15 views

Malicious Package in 1337qq-js

All versions of 1337qq-js contain malicious code. The package exfiltrates sensitive information through install scripts. It targets UNIX systems. The information exfiltrated includes: - Environment variables - Running processes - /etc/hosts - uname -a - npmrc file Recommendation Remove the packag...

3.6AI score

Exploits0References2Affected Software1

OSV•added 2020/09/03 9:4 p.m.•8 views

GHSA-WXRM-2H86-V95F Malicious Package in pizza-pasta

Version 1.0.3 of pizza-pasta contains malicious code as a install scripts. The package created folders in the system's Desktop and downloaded an image from imgur.com. The package also printed the users SSH keys to the console. Recommendation Remove the package from your environment. There are no...

9.8CVSS7.2AI score

Exploits0References1

Github Security Blog•added 2020/09/03 9:4 p.m.•30 views

Malicious Package in pizza-pasta

4.5AI score

Exploits0References2Affected Software1

Check Point Advisories•added 2020/07/02 12:0 a.m.•0 views

SYLKin Malware Infection Attempt

SYLKin is a remote access Trojan malware. Successful infection will allow an attacker to create malicious install scripts on the affected system...

4.6AI score

Exploits0

RedHat Linux•added 2020/06/19 3:46 a.m.•3 views

npm: Symlink reference outside of node_modules folder through the bin field upon installation

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

7.7CVSS7.5AI score0.0115EPSS

Exploits0References4

RedHat Linux•added 2020/06/19 3:46 a.m.•3 views

npm: Global node_modules Binary Overwrite

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of...

7.7CVSS7.1AI score0.00592EPSS

Exploits0References4

0day.today•added 2020/03/12 12:0 a.m.•129 views

rConfig 3.9 - (searchColumn) SQL Injection Exploit

Exploit for php platform in category web applications Exploit Title: rConfig 3.9 - 'searchColumn' SQL Injection Exploit Author: vikingfr CVE-2020-10220 Exploit link : https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfigCVE-2020-10220.py Vendor Homepage: https://rconfig.com/ see also :...

7.5CVSS9.3AI score0.94261EPSS

Exploits14