30 matches found
EUVD-2019-0295
Malware in sbrugna...
EUVD-2019-0260
Malware in sbrugna...
EUVD-2025-29568
Malicious code in bioql PyPI...
CVE-2025-48709
An issue was discovered in BMC Control-M 9.0.21.300. When Control-M Server has a database connection, it runs DBUStatus.exe frequently, which then calls dbuconnectiondetails.vbs with the username, password, database hostname, and port written in cleartext, which can be seen in event and process...
CVE-2025-48709
BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. An authenticated attacker with shell access could observe these credentials and use them to log in to the database server. For example, when Control-M/Server on Windows has a database connection on,...
CVE-2025-48709 BMC Control-M/Server cleartext database credentials in process lists and logs
BMC Control-M/Server 9.0.21.300 displays cleartext database credentials in process lists and logs. An authenticated attacker with shell access could observe these credentials and use them to log in to the database server. For example, when Control-M/Server on Windows has a database connection on,...
Node.js third-party modules: [m-server] XSS reflected because path does not escapeHtml
I would like to report XSS in m-server It allows attacker can perform XSS in client side Module module name: m-server version: 1.4.2 npm page: https://www.npmjs.com/package/m-server Module Description M-Server is a mini http static server that without any dependencies; Module Stats 1 weekly...
BMC Control-M/Agent Arbitrary File Download Vulnerability
Control-M is one of BMC's most important automation control products, and is the world's leading integrated business scheduling solution for cross-platform and cross-application job scheduling. A security vulnerability exists in BMC Control-M/Agent and Control-M/Server communication when using th...
Path Traversal in m-server
Versions of m-server before 1.4.2 are vulnerable to path traversal allowing a remote attacker to display content of arbitrary files from the server. Recommendation Update to version 1.4.2 or later...
GHSA-VC6R-4X6G-MMQC Path Traversal in m-server
Versions of m-server before 1.4.2 are vulnerable to path traversal allowing a remote attacker to display content of arbitrary files from the server. Recommendation Update to version 1.4.2 or later...
GHSA-899G-6Q6W-7V94 m-server Vulnerable to Directory Traversal
Path Traversal vulnerability in module m-server 1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request...
GHSA-GMXV-XF2Q-6J8M Cross-Site Scripting in m-server
Versions of m-server before 1.4.2 are vulnerable to stored cross-site scripting. This vulnerability is exploitable if an attacker is able to control the name of a file that m-server is serving. Recommendation Update to version 1.4.2 or later...
Cross-Site Scripting in m-server
Versions of m-server before 1.4.2 are vulnerable to stored cross-site scripting. This vulnerability is exploitable if an attacker is able to control the name of a file that m-server is serving. Recommendation Update to version 1.4.2 or later...
M-Server Path Traversal Vulnerability
m-server is a small http static server . M-Server suffers from a path traversal vulnerability that arises from a failure of a network system or product to properly filter special elements in the path of a resource or file. An attacker could use this vulnerability to access locations outside of a...
M-Server Cross-Site Scripting Vulnerability
M-Server is a small http static server . M-Server suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...
Cross site scripting
A XSS vulnerability was found in module m-server 1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names...
Path traversal
Path Traversal vulnerability in module m-server 1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request...
CVE-2018-16484
A XSS vulnerability was found in module m-server 1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names...
CVE-2018-16485
Path Traversal vulnerability in module m-server 1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request...
CVE-2018-16485
Path Traversal vulnerability in module m-server 1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request...