173 matches found
FTP Fetch, Linux x64 Pingback, Reverse TCP Inline
Fetch and execute an x64 payload from an FTP server. Connect back to attacker and report UUID Linux x64 Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule include...
FTP Fetch, Linux x64 Command Shell, Bind TCP Inline (IPv6)
Fetch and execute an x64 payload from an FTP server. Listen for an IPv6 connection and spawn a command shell Module Options...
Microsoft Security Advisory CVE-2026-45591 – ASP.NET Core Denial of Service Vulnerability
Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core SignalR and Blazor Server. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service...
Malicious code in @emcd-vue/auth (npm)
Part of a coordinated multi-package supply-chain attack impersonating EMCD emcd.io, a legitimate Russian cryptocurrency exchange and mining pool. The attacker registered the @emcd-vue npm scope to pose as an internal Vue.js front-end tooling package from "EMCD Platform Engineering." The package...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions. An attacker can gain elevated privileges by exploiting these permissions locally. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-x64 to version 10.0.4 or higher. References - Vulnerability Advisor...
Malicious code in @postman/pm-bin-linux-x64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94045a09bfa0905195be4f028d9e42bcf608154a645b14b2028754dc6e787b80 The package @postman/pm-bin-linux-x64 was found to contain malicious code. Source: google-open-source-security...
EUVD-2025-198922
Malicious code in @postman/pm-bin-linux-x64 npm...
postman-cli (>=1.16.0-canary.1 <=1.24.2) potentially affected by unknown CVE via @postman/pm-bin-linux-x64 (>=1.16.0-canary.1 <=1.24.2)
@postman/pm-bin-linux-x64 NPM version =1.16.0-canary.1, =1.16.0-canary.1, =1.24.2 Source cves: unknown CVE Source advisory: SNYK:JS-POSTMANPMBINLINUXX64-14103292...
Malicious code in athira-linux-x64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2e427393183e173f65795c42251b41cf0af7ad267e64f05e6651dc4e0766b150 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4470 Malicious code in athira-linux-x64 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2e427393183e173f65795c42251b41cf0af7ad267e64f05e6651dc4e0766b150 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Buffer Over-read
Overview Affected versions of this package are vulnerable to Buffer Over-read through the loading of a specially crafted file. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-x64 to version 8.0.12, 9.0.1 or higher. References - GitHub Issue - GitHub Issue - Security Advisory...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow. An attacker can execute arbitrary code by sending malicious requests designed to exploit the vulnerability. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-x64 to version 9.0.1 or higher. References -...
Malicious code in sharp-linux-x64 (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9842 Malicious code in sharp-linux-x64 (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in sharp-libvips-linux-x64 (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9841 Malicious code in sharp-libvips-linux-x64 (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in nx-linux-x64-gnu (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9738 Malicious code in nx-linux-x64-gnu (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in cli-linux-x64 (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-25707
There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser Self XSS. A...