Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2022-26134-poc CVE-2022-26134 is a Remote Code Exec...

XZ backdoor story – Initial analysis

On March 29, 2024, a single message on the Openwall OSS-security mailing list marked an important discovery for the information security, open source and Linux communities: the discovery of a malicious backdoor in XZ. XZ is a compression utility integrated into many popular distributions of Linux...

Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices

Cisco has warned of a new zero-day flaw in IOS XE that has been actively exploited by an unknown threat actor to deploy a malicious Lua-based implant on susceptible devices. Tracked as CVE-2023-20273 CVSS score: 7.2, the issue relates to a privilege escalation flaw in the web UI feature and is sa...

Arbitrary Code Execution

bin-collect is vulnerable to arbitrary code execution. The vulnerability exists due to incomplete deletion of some packages getting installed from pypi.doubanio.com creating a malicious back door which allows an attacker to inject and execute arbitrary codes...

Remote Code Execution

mlscanner is vulnerable to remote code execution. The vulnerability exists in the request package because it contains a malicious backdoor which allows an attacker to inject and execute harmful code and access sensitive user information...

Remote Code Execution (RCE)

texercise is vulnerable to remote code execution. When the package is installed, it opens a malicious backdoor in the package allowing an attacker to inject and execute arbitrary codes and gain access to sensitive user information and digital currency keys as well as escalate privileges...

Remote Code Execution (RCE)

keep is vulnerable to remote code execution. The vulnerability exists due to the library has a malicious backdoor which allows an attacker to inject maliciously crafted script into the system...

Arbitrary Code Execution

apirespy is vulnerable to arbitrary code execution. The vulnerability is possible because the library has a malicious backdoor in the request package which allows an attacker to inject and execute arbitrary commands...

keep 安全漏洞

keep is a Meta CLI toolkit from the Python Foundation. A security vulnerability exists in keep version 1.2, which stems from the installation of request packages when installing the keep package, and is exploited by an attacker to leave a malicious backdoor on a victimized machine...

Backdoor Added — But Found — in PHP

Unknown hackers attempted to add a backdoor to the PHP source code. It was two malicious commits, with the subject "fix typo" and the names of known PHP developers and maintainers. They were discovered and removed before being pushed out to any users. But since 79% of the Internets websites use...

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

active-support ruby gem could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...

CVE-2018-3779

active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...

CVE-2018-3779

active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...

CVE-2018-3779

active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...

CVE-2018-3779

active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system...

Backdoored PhpMyAdmin distributed at SourceForge site

A security issue has been reported in phpMyAdmin, which can be exploited by malicious people to compromise a vulnerable system. The security issue is caused due to the distribution of a compromised phpMyAdmin source code package containing a backdoor, which can be exploited to e.g. execute...

WordPress Core 2.1.1 - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/22797/info An attacker compromised the source code for Wordpress 2.1.1 and altered it to include a malicious backdoor. This backdoor introduces a code-execution vulnerability that will let remote users inject PHP code or execute operating system commands...